Configuring Secure Domain Routers on Cisco IOS XR Software
Information About Configuring Secure Domain Routers
SMC-129
Cisco IOS XR System Management Configuration Guide
Information About Configuring Secure Domain Routers
Review the following topics before configuring secure domain routers:
• What Is a Secure Domain Router?, page SMC-129
• Owner SDR and Administration Configuration Mode, page SMC-129
• Non-Owner SDRs, page SMC-130
• SDR Access Privileges, page SMC-130
–
Root-System Users, page SMC-130
–
root-lr Users, page SMC-131
–
Other SDR Users, page SMC-131
• Designated Secure Domain Router System Controller (DSDRSC), page SMC-132
–
DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132
–
DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133
• High Availability Implications, page SMC-136
• Cisco IOS XR Software Package Management, page SMC-137
• DSC Migration on Cisco CRS-1 Multishelf Systems, page SMC-138
• Caveats, page SMC-139
What Is a Secure Domain Router?
Cisco routers running Cisco IOS XR software can be partitioned into multiple, independent routers
known as secure domain routers (SDRs). SDRs are a means of dividing a single physical system into
multiple logically separated routers. SDRs perform routing functions the same as a physical router, but
they share resources with the rest of the system. For example, the software, configurations, protocols,
and routing tables assigned to an SDR belong to that SDR only, but other functions, such as
chassis-control and switch fabric, are shared with the rest of the system.
Owner SDR and Administration Configuration Mode
The owner SDR is created at system startup and cannot be removed. This owner SDR performs
system-wide functions, including the creation of additional non-owner SDRs. You cannot create the
owner SDR because it always exists, nor can you completely remove the owner SDR, because it is
necessary to manage the router. By default, all nodes in the system belong to the owner SDR.
The owner SDR also provides access to the Administration EXEC and Administration configuration
modes. Only users with root-system privileges can access the Administration modes by logging in to the
primary Route Processor for the owner SDR (called the Designated Shelf Controller, or DSC).
Administration modes are used for the following purposes:
• Create and remove additional non-owner SDRs
• Assign nodes to the non-owner SDRs
• View the configured SDRs in the system.
• View and manage system-wide resources and logs.