Information About Configuring Secure Domain Routers - Cisco ASR 9000 Series User Configuration Manual

Information About Configuring Secure Domain Routers

Task ID Requirements
• You must be in a user group associated with a task group that includes the proper task IDs. The command
Maximum SDR Configurations
• Only one owner SDR is supported. Non-owner SDRs are not supported
Information About Configuring Secure Domain Routers
What Is a Secure Domain Router?
Cisco routers running the Cisco IOS XR software can be partitioned into multiple independent routers known
as Secure Domain Routers (SDRs). An user defined SDR is termed as named-SDR.
SDRs are a means of dividing a single physical system into multiple logically separated routers. The SDRs
are spawned as Virtual Machines (VMs). Each SDR performs routing functions similar to a physical router,
but they share resources with the rest of the system. For example, the software image, configurations, protocols,
and routing tables are unique to a particular SDR. Other system functions, including chassis-control and switch
fabric, are shared with the rest of the system.
Note Cisco ASR 9000 Series Routers are single-shelf routers that only support one SDR—the owner SDR.
Owner SDR and Administration Configuration Mode
The owner SDR is created at system startup and cannot be removed. This owner SDR performs system-wide
functions, including the creation of additional non-owner SDRs. You cannot create the owner SDR because
it always exists, nor can you completely remove the owner SDR because it is necessary to manage the router.
By default, all nodes in the system belong to the owner SDR.
The owner SDR also provides access to the administration EXEC and administration configuration modes.
Only users with root-system privileges can access the administration modes by logging in to the primary route
switch processor (RSP) for the owner SDR (called the designated shelf controller, or DSC).
Administration modes are used to view and manage system-wide resources and logs.
Related Topics
SDR Access Privileges, on page 14
SDR Access Privileges
Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated
privileges.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 5.1.x
14
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Secure Domain Routers on the Cisco ASR 9000 Series Router