Configuring Secure Domain Routers

Secure Domain Routers (SDRs) are a means of dividing a single physical system into multiple logically separated routers.

Table 1. Feature History for Configuring Multiple Secure Domain Routers

Release

Modification

Release 5.0.0

SDR feature was introduced.

Release 6.1.2

Support was added for multi-SDRs on single-chassis system.

Release 6.3.1

Support was added for multi-SDRs on multi-chassis system.

This module contains the following topics:

What Is a Secure Domain Router?

Cisco routers running the Cisco IOS XR software can be partitioned into multiple independent routers known as Secure Domain Routers (SDRs). An user defined SDR is termed as named-SDR.

SDRs are a means of dividing a single physical system into multiple logically separated routers. The SDRs are spawned as Virtual Machines (VMs). Each SDR performs routing functions similar to a physical router, but they share resources with the rest of the system. For example, the software image, configurations, protocols, and routing tables are unique to a particular SDR. Other system functions, including chassis-control and switch fabric, are shared with the rest of the system.

On Cisco NCS 6000 Series routers, multiple SDRs (multi-SDR) can be created. A maximum of three SDRs are supported. A part of system resource like line cards, memory, CPUs are allocated to each SDR. By creating multiple SDRs, the system is converted from Single Owner Single Tenant (SOST) to Single Owner Multiple Tenant (SOMT) unit. Each SDR operates as independent unit. Hence, they are administered and managed individually. Also individual SDRs can be independently upgraded or downgraded as per need.

For more information on SDR attributes, see Multi-SDR Environment.

For more information on SDR software upgrade, see Software Upgrade in Multi-SDR Environment.

Create Multiple Secure Domain Routers

Creation of multiple named-SDRs involves these three stages:

  1. Delete the default-SDR

  2. Create a named-SDR

  3. Assign inventory to the named-SDR


Note

A maximum of three named-SDRs can be created.

Multi-SDR Prerequisites

Before configuring multiple Secure Domain Routers (SDRs), the following conditions must be met:

Software Version Requirements

  • Multi-SDRs are supported only on NCS-6008 single-chassis running Cisco IOS XR, Release 6.1.2 and later.

  • Multi-SDRs are supported only on NCS-6008 multi-chassis running Cisco IOS XR, Release 6.3.1 and later.

Required Cards for each SDR

A set of operational Line Cards (LC) and Route Processor (RP).

Initial Setup

  • Uninstall inactive packages and SMUs from XR VM and System Admin VM.

  • Install System Admin VM mandatory SMU (if any).

  • Verify all the nodes are in operational state by using the show platform command and ensure basic system stability.

  • Take back-up of the contents in the hard disk before converting the system into multi-sdr. The contents will be lost during the hard disk partition among the named-SDRs.

  • Ensure connectivity to all the three console ports on RP faceplate. For more information on console ports, see Console Access to Named-SDRs.

Delete Default-SDR

By default, the system will start up with a single default-SDR, which is an SOST environment. To configure named-SDRs, the default-SDR must be deleted, which enables the system to convert from an SOST to an SOMT environment.

Procedure

Step 1

config

Example:

sysadmin-vm:0_RP0# config

Enters XR Config mode.

Step 2

no sdr default-sdr

Example:

sysadmin-vm:0_RP0(config)# no sdr default-sdr

Removes the default-SDR from the system.

Step 3

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Example: Delete default-SDR

sysadmin-vm:0_RP0# config
Thu Aug  11 00:22:16.580 UTC
Entering configuration mode terminal
sysadmin-vm:0_RP0(config)# no sdr default-sdr
Thu Aug  11 00:22:20.864 UTC
sysadmin-vm:0_RP0(config)# commit
Thu Aug  11 00:22:24.595 UTC
Commit complete.

What to do next

Verify that the default-SDR is deleted. Run the show sdr command. If the default SDR is deleted, no SDR entries will be found. 

sysadmin-vm:0_RP0# show running-config sdr
Sun Dec  13 13:17:20.530 UTC
% No entries found.

sysadmin-vm:0_RP0# show sdr
Sun Dec  13 13:17:22.750 UTC
%  No entries found.

Configure Multiple Secure Domain Routers

In this task you will configure a named-SDR and allocate inventory. The inventory includes RP resources (memory and CPU) and line cards. You can repeat the steps to create maximum of three named-SDRs.


Note

  • The SDR boundary is defined at the line card level. Hence, it is necessary to allocate at least one line card to each SDR. A single line card cannot be shared between multiple SDRs. Fabric cards are shared implicitly among named-SDRs.

  • If you configure an SDR with IPv4 and IPv6 ACL scale configurations and if we reload the same ACL scale configurations without clearing the previous ACL scale configurations, then the limits are breached and the configuration fails to load onto the SDR.


Note

When creating multiple SDRs, the install commit may not work as expected sometimes because of resource constraints.

Before you begin

Before you configure named-SDRs, the default-SDR must be deleted.

Procedure

Step 1

config

Example:

sysadmin-vm:0_RP0# config

Enters system administration configuration mode.

Step 2

sdr sdr-name

Example:

sysadmin-vm:0_RP0(config)#  sdr VRFPE-SDR1

Creates a named-SDR and Enters SDR configuration mode.

In the following steps, you will add resources to the named-SDR.
Step 3

resources card-type RP

Example:

sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  resources card-type RP

Enters RP resources allocation mode.

Step 4

vm-memory unit

Example:

sysadmin-vm:0_RP0(config-card-type-RP)#  vm-memory 11

Allocates RP memory to the named-SDR. Unit of VM memory size is in GB. Recommended memory value for each named-SDR = 11.
Step 5

vm-cpu number-of-CPUs

Example:

sysadmin-vm:0_RP0(config-card-type-RP)#  vm-cpu 4

Allocates RP CPUs to the named-SDR.

Number of CPUs:

  • Default value for each named-SDR = 4

  • Configurable minimum value = 2

  • Configurable maximum value = 6

We recommend that you use the default CPU value. Change the default value only when necessary.

Step 6

location node-id

Example:

sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  location 0/RP0

Allocates first RP to the named-SDR based on the specified RP location.

Step 7

location node-id

Example:

sysadmin-vm:0_RP0(config-location-0/RP0)#  location 0/RP1

Allocates second RP to the named-SDR to be used for redundancy.

Step 8

exit

Example:

sysadmin-vm:0_RP0(config-location-0/RP1)#  exit

Exits the RP configuration mode and returns to named-SDR configuration mode.

Step 9

location node-id

Example:

sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  location 0/0

Allocates line card to the named-SDR based on the specified LC location.

Note 

The same LC cannot be allocated to multiple SDRs.
Step 10

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Example: Named-SDR

Creating a single named-SDR.

sysadmin-vm:0_RP0# config 
sysadmin-vm:0_RP0(config)# sdr VRFPE-SDR1
sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  resources card-type RP vm-memory 11 vm-cpu 4
sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  location 0/RP0
sysadmin-vm:0_RP0(config-location-0/RP0)#  location 0/RP1
sysadmin-vm:0_RP0(config-location-0/RP1)#  exit
sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  location 0/0 
sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)# commit
Creating three named-SDRs.

sysadmin-vm:0_RP0# config
Thu Aug  11 00:22:16.580 UTC
Entering configuration mode terminal
sysadmin-vm:0_RP0(config)# sdr VRFPE-SDR1
sysadmin-vm:0_RP0(config-sdr-VRFPE-SDR1)#  resources card-type RP
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-memory 11
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-cpu    4
sysadmin-vm:0_RP0(config-card-type-RP)# location 0/RP0
sysadmin-vm:0_RP0(config-location-0/RP0)#  location 0/RP1
sysadmin-vm:0_RP0(config-location-0/RP1)# location 0/0

sysadmin-vm:0_RP0(config-location-0/0)# sdr Internet-SDR
sysadmin-vm:0_RP0(config-sdr-Internet-SDR)#  resources card-type RP
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-memory 11
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-cpu    4
sysadmin-vm:0_RP0(config-card-type-RP)# location 0/RP0
sysadmin-vm:0_RP0(config-location-0/RP0)# location 0/RP1
sysadmin-vm:0_RP0(config-location-0/RP1)# location 0/6

sysadmin-vm:0_RP0(config-location-0/6)# sdr P-SDR
sysadmin-vm:0_RP0(config-sdr-P-SDR)#  resources card-type RP
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-memory 11
sysadmin-vm:0_RP0(config-card-type-RP)#   vm-cpu    4
sysadmin-vm:0_RP0(config-card-type-RP)# location 0/RP0
sysadmin-vm:0_RP0(config-location-0/RP0)#  location 0/RP1
sysadmin-vm:0_RP0(config-location-0/RP1)# location 0/1

sysadmin-vm:0_RP0(config-location-0/1)# commit
Thu Aug  11 00:31:20.827 UTC
Commit complete.

sysadmin-vm:0_RP0(config-location-0/1)#
System message at 2016-08-11 00:31:21...
Commit performed by admin via tcp using system.
sysadmin-vm:0_RP0(config-location-0/1)# end
Thu Aug  11 00:31:23.455 UTC

sysadmin-vm:0_RP0# 0/6/ADMIN0:Aug 11 00:32:48.488 : vm_manager[2907]: %INFRA-VM_MANAGE Info: vm_manager started VM Internet-SDR--1
0/0/ADMIN0:Aug 11 00:32:48.810 : vm_manager[2902]: %INFRA-VM_MANAGER-4-INFO : Info: vmtarted VM VRFPE-SDR1--1
0/RP1/ADMIN0:Aug 11 00:33:01.075 : vm_manager[3162]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM Internet-SDR--1
0/RP0/ADMIN0:Aug 11 00:33:12.019 : vm_manager[3183]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM Internet-SDR--1
0/1/ADMIN0:Aug 11 00:33:19.744 : vm_manager[2917]: %INFRA-VM_MANAGER-4-INFO : Info: vmtarted VM P-SDR--1
0/RP1/ADMIN0:Aug 11 00:34:38.562 : vm_manager[3162]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM P-SDR--2
0/RP0/ADMIN0:Aug 11 00:35:00.487 : vm_manager[3183]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM P-SDR--2
0/RP1/ADMIN0:Aug 11 00:36:18.683 : vm_manager[3162]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM VRFPE-SDR1--3
0/RP0/ADMIN0:Aug 11 00:36:54.481 : vm_manager[3183]: %INFRA-VM_MANAGER-4-INFO : Info:  started VM VRFPE-SDR1--3
Running configuration for configuring three named-SDRs: 
sysadmin-vm:0_RP0# show run sdr
Tue Aug  16 18:50:51.835 UTC
sdr Internet-SDR
 resources card-type RP
  vm-memory 11
  vm-cpu    4
 !
 location 0/6
 !
 location 0/RP0
 !
 location 0/RP1
 !
!
sdr P-SDR
 resources card-type RP
  vm-memory 11
  vm-cpu    4
 !
 location 0/1
 !
 location 0/RP0
 !
 location 0/RP1
 !
!
sdr VRFPE-SDR1

 resources card-type RP
  vm-memory 11
  vm-cpu    4
 !
 location 0/0
 !
 location 0/RP0
 !
 location 0/RP1
 !
!

What to do next

After the named-SDR are created, verify the VM state for each SDR.

Execute the show sdr command to check that the Status is "RUNNING" for all VMs in each SDR. 
sysadmin-vm:0_RP0# show sdr

Wed Aug  17 16:01:06.626 UTC

SDR: Internet-SDR
Location     IP Address      Status           Boot Count  Time Started
-----------------------------------------------------------------------------
0/RP0/VM1    192.0.0.4       RUNNING          1           08/11/2016 00:33:12
0/RP1/VM1    192.0.4.4       RUNNING          1           08/11/2016 00:33:01
0/6/VM1      192.0.88.3      RUNNING          1           08/11/2016 00:32:48

SDR: P-SDR
Location     IP Address      Status           Boot Count  Time Started
-----------------------------------------------------------------------------
0/RP0/VM2    192.0.0.6       RUNNING          2           08/11/2016 03:24:43
0/RP1/VM2    192.0.4.6       RUNNING          2           08/11/2016 03:24:32
0/1/VM1      192.0.68.3      RUNNING          2           08/11/2016 03:25:26

SDR: VRFPE-SDR1
Location     IP Address      Status           Boot Count  Time Started
-----------------------------------------------------------------------------
0/RP0/VM3    192.0.0.8       RUNNING          2           08/11/2016 02:32:15
0/RP1/VM3    192.0.4.8       RUNNING          2           08/11/2016 02:32:23
0/0/VM1      192.0.64.3      RUNNING          2           08/11/2016 02:32:40
Execute the show vm command to check that the Status for named-SDRs is "running" at the line card and RP locations. 
sysadmin-vm:0_RP0# show vm

Wed Aug  17 16:01:20.239 UTC

Location: 0/0
Id                Status        IP Address       HB Sent/Recv
-------------------------------------------------------------
sysadmin          running       192.0.64.1       NA/NA
VRFPE-SDR1        running       192.0.64.3       58375/58375

Location: 0/1
Id                Status        IP Address       HB Sent/Recv
-------------------------------------------------------------
sysadmin          running       192.0.68.1       NA/NA
P-SDR             running       192.0.68.3       58360/58360

Location: 0/6
Id                Status        IP Address       HB Sent/Recv
-------------------------------------------------------------
sysadmin          running       192.0.88.1       NA/NA
Internet-SDR      running       192.0.88.3       58401/58401

Location: 0/RP0
Id                Status        IP Address       HB Sent/Recv
-------------------------------------------------------------
sysadmin          running       192.0.0.1        NA/NA
Internet-SDR      running       192.0.0.4        1169260/1169260
P-SDR             running       192.0.0.6        1146966/1146966
VRFPE-SDR1        running       192.0.0.8        1146729/1146729

Location: 0/RP1
Id                Status        IP Address       HB Sent/Recv
-------------------------------------------------------------
sysadmin          running       192.0.4.1        NA/NA
Internet-SDR      running       192.0.4.4        1167934/1167934
P-SDR             running       192.0.4.6        1147031/1147031
VRFPE-SDR1        running       192.0.4.8        1146789/1146789

To view details about a specific SDR, use the show sdr <sdr-name> detail command in System Admin EXEC mode.

Console Access to Named-SDRs

By default, console1 on active RP is used to access the XR VM. With named-SDRs, you can either use console1 or console2 of an active RP to access any of the named-SDR (XR VM). You can connect two named-SDRs (XRs) at any given time. The console 0 is reserved to access the System Admin VM.


Note

The RP on which XR VM gets created first, becomes active RP. It can be either RP0 or RP1.

Figure 1. Faceplate of RP

Item No.

Details

1

Console0: SysAdmin Console

2

Console1: XR console for both default-SDR and named-SDR

3

Console2: XR console for named-SDR only

4

SysAdmin MGMT Ethernet port

5

XR VM MGMT Ethernet port

Setup Console Access for Named-SDR

In this task you will configure the console port to access a named-SDR.


Note

You can connect to all three SDRs by applying console-attach command to both RPs. But, you cannot connect to all SDRs by completing the vty configuration on just one RP.

Procedure

Step 1

config

Example:

sysadmin-vm:0_RP0# config

Enters system administration configuration mode.

Step 2

console attach-sdr location node-id tty-name tty-name sdr-name sdr-name

Example:

sysadmin-vm:0_RP0(config)#  console attach-sdr location 0/RP0 tty-name console1 sdr-name VRFPE-SDR1

Specifies the location, tty name and named-SDR that is accessed through console of active RP.

Variables:

  • node-id specifies the location of active RP.

  • tty-name can either be console1 or console2.

  • sdr-name refers to the named-SDR.

Step 3

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Example: Console Access

The following example shows the console details: 
sysadmin-vm:0_RP0# config
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP0 tty-name console1 sdr-name VRFPE-SDR1
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP1 tty-name console1 sdr-name VRFPE-SDR1
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP0 tty-name console2 sdr-name P-SDR
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP1 tty-name console2 sdr-name P-SDR
sysadmin-vm:0_RP0(config)# commit

What to do next

  1. Verify that each named-SDR is attached with the consoles on the RPs.
    sysadmin-vm:0_RP0# show run console
console attach-sdr location 0/RP0
 tty-name console1
  sdr-name VRFPE-SDR1
!
console attach-sdr location 0/RP1
 tty-name console1
  sdr-name VRFPE-SDR1
!
console attach-sdr location 0/RP0
 tty-name console2
  sdr-name P-SDR
!
console attach-sdr location 0/RP1
 tty-name console2
  sdr-name P-SDR
!

  2. Telnet to each console port and check for a successful connectivity.

Console Access Mapping

This table provides a sample console access mapping matrix for three configured named-SDRs, namely, sdr1, sdr2, and sdr3.

Command

Console0 Access

Console1 Access to XR VM

Console2 Access to XR VM

On system boot-up

Access sysadmin

defaults-SDR

Unused

no sdr default-sdr

(No SDR exists)

Access sysadmin

Unused

Unused

console attach-sdr location 0/RP0 tty-name console1 sdr-name sdr1

Access sysadmin

sdr1

Unused

console attach-sdr location 0/RP0 tty-name console2 sdr-name sdr2

Access sysadmin

sdr1

sdr2

On system reload

Access sysadmin

sdr1

sdr2

console attach-sdr location 0/RP0 tty-name console2 sdr-name sdr3

Access sysadmin

sdr1

sdr3

console attach-sdr location 0/RP0 tty-name console1 sdr-name sdr2

Access sysadmin

sdr2

sdr3

no sdr

(all named-sdr removed)

Access sysadmin

Unused

Unused

console attach-sdr location 0/RP0 tty-name console2 sdr-name sdr1

(assuming only one named-SDR (sdr1) is configured)

Access sysadmin

Unused

sdr1

Multi-SDR Environment

By default, the system boots up in the Single Owner Single Tenant (SOST) mode. This setup is termed as default-SDR. Creating explicit user defined SDRs and assigning inventory to it, causes the system to transit from SOST mode to Single Owner Multiple Tenant (SOMT) mode. This setup is termed as multi-SDR and the user defined SDR is called as named-SDR.

These are the attributes of an multi-SDR setup:

  • The system administrator for the admin plane, manages the system inventory and allocates resources to each named-SDR. The RPs and LCs can be allocated or deallocated to a named-SDR without affecting other SDRs in the system. RP resources like CPU and memory, and LC resources are configurable.

  • Each named-SDR can be administered, managed, and operated independent of other named-SDRs in the system. Named-SDR is also independent of the admin plane.

  • Each named-SDR can be run on a version of Cisco IOS XR software that is independent of the versions running on other named-SDRs and the admin plane.

  • Each named-SDR can be upgraded (non-ISSU) independently of other named-SDRs in the system.

  • AAA administrator needs to provide permissions to access the admin plane through named-SDR.

  • RPs, fabric cards and other system resources are shared across multi-SDRs.

  • Line cards cannot be shared among named-SDRs. But, multiple line cards can be allocated to a named-SDR.

  • Depending on the named-SDR configuration, each SDR will have its own RP pair. RP Fail Over (RPFO) in a named-SDR, does not impact other SDRs as each SDR has its own RP pair.

  • Hard disk is partitioned between the SDRs. Each named-SDR gets ~33GB of the system hard disk.

  • XR management traffic in multi-SDR is tagged, which needs to be un-tagged. For more information, see XR Management Traffic in Multi-SDR Environment.

  • There is no difference between the default-SDR and multi-SDR with respect to the XR features, provisioning of features, or the user interaction.

  • Muti-SDR does not support full system upgrade.

  • Due to smaller hard disk size, OS images cannot be stored in the hard disk of named-SDR.

  • USB is accessible from System Admin VM and XR VM of default-SDR. However, in case of a named-SDR, USB is not accessible from the XR VM and can be accessed only from System Admin VM.

  • Secure copy (SCP) operation for below mentioned cases is not supported from Cisco IOS XR Release 6.3.1 onwards:

    • between named-SDR (XR VM) and SysAdmin (System Admin VM)

    • from one named-SDR to another named-SDR


Note

  • On-the-fly modification of RP resources (CPU or memory) of a named-SDR is not recommended.

  • To convert from SOMT to SOST, the system must be USB booted.

Software Upgrade in Multi-SDR Environment

Each named SDR can be upgraded or downgraded individually. SMUs and packages installed on each SDR is independent of other SDRs. For upgrade/downgraded details, see System Setup and Software Installation Guide for Cisco NCS 6000 Series Routers.


Note

Full system upgrade is not supported in a multi-SDR setup. The full system upgrade means simultaneous upgrade of the System Admin VM and all named-SDRs. Named-SDRs need to be upgraded individually. Also, only one operation of upgrade, downgrade, SMU install, or SMU deactivation can be performed at a time.

An Orchestrated Calvados Upgrade (OCU) cannot be performed on a Multi-SDR from Release 6.1.x to later releases (Release 6.2.x onwards).

System Admin VM can be upgraded or downgraded independent of named SDRs.

USB Accessibility

USB port is accessible only from System Admin VM. It is not accessible from named-SDR; hence, you cannot install image/SMU/Package from USB in multi-SDR mode.


Note

If type 8,9, or 10 is the secret key configured, then before downgrading to 6.6.3 and earlier versions, perform either of the following methods:

  • Type a combination of secret type and encrypted key instead of plain text for the password. Example:
    username root
group root-lr
group cisco-support
secret 10 $6$Mwaqg/jdBPOn4g/.$PrJP2KjsCbL6bZqmYOej5Ay67S/sSWJNlkiYhCTc/B/35E1kJBqffmBtn.ddQEH0O2CU7V.ZEMmqIg7uE8cfz0
    This is because 6.6.3 and earlier versions do not support type 8,9, or 10 key type.

  • Ensure that there are secret type 5 users on the system.

XR Management Traffic in Multi-SDR Environment

Each RP has single physical management port. Hence, management traffic of the named-SDR is tagged with the VLAN-ID that is specified during named-SDR configuration. Tagged management traffic of each named-SDR needs to be segregated by the user using an external switch. As XR VM is unaware of the VLAN tagging or multi-SDR, there is no change in the management port configuration for the XR VM.

Figure 2. Example: XR Management Traffic in Default-SDR Environment

In case of default-SDR, all management traffic is untagged.

Sample Configuration for XR Management Traffic in Multi-SDR Environment 

sdr INET_RI
pairing-mode  inter-rack
resources card-type RP
  vm-memory 11
  vm-cpu    4
!
location 0/1
!
location 0/2
!
location 1/1
!
location 1/2
!
location 0/RP0
!     
location 0/RP1
!
location 1/RP0
!     
location 1/RP1
!
sdr SU_RI
pairing-mode  inter-rack
resources card-type RP
  vm-memory 11
  vm-cpu    4
!
location 0/4
!
location 1/4
!
location 0/5
!
location 1/5
!
location 0/7
!
location 0/RP0
!     
location 0/RP1
!
location 1/RP0
!     
location 1/RP1
!
sdr VPN_RI
pairing-mode  inter-rack
resources card-type RP
  vm-memory 11
  vm-cpu    4
!
location 0/3
!
location 1/3
!
Location 1/7
!
location 0/6
!
location 1/6
!
location 0/RP0
!     
location 0/RP1
!
location 1/RP0
!     
location 1/RP1
!