15 Mar

Testing SSO on ASR1k

IOS XE on ASR1000 provides two forms of redundancy. First one is well-known hardware redundancy available in ASR1006 where two RP’s and ESP’s can be installed. On other platforms software redundancy and ISSU can be configured. Because IOS XE is in fact just one of a Linux processes running on the platform while system is booting up no one but two instances of iosd are executed in background, but only one is active. Both processes are running on same Route Processor. Standby IOS process can be switched to in the event of an IOS failure, and can also be used to upgrade sub-package software in some scenarios as the standby IOS process in an ISSU upgrade.

Activation of redundancy is easy, but requires HA licence

redundancy
 mode sso

System have to be then reloaded. You can check status of redundancy same way as on any other IOS platform

ASR1k#sh redundancy 
Redundant System Information :
------------------------------
       Available system uptime = 2 days, 23 hours, 29 minutes
Switchovers system experienced = 0
              Standby failures = 0
        Last switchover reason = none

                 Hardware Mode = Duplex
    Configured Redundancy Mode = sso
     Operating Redundancy Mode = sso
              Maintenance Mode = Disabled
                Communications = Up

Current Processor Information :
-------------------------------
               Active Location = slot 6
        Current Software state = ACTIVE
       Uptime in current state = 2 days, 23 hours, 29 minutes
                 Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 25-Feb-10 02:13 by mcpre
                          BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1;
                   CONFIG_FILE = 
        Configuration register = 0x2102

Peer Processor Information :
----------------------------
              Standby Location = slot 7
        Current Software state = STANDBY HOT 
       Uptime in current state = 2 days, 23 hours, 28 minutes
                 Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 25-Feb-10 02:13 by mcpre
                          BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1;
                   CONFIG_FILE = 
        Configuration register = 0x2102

So we have two IOS processes running and synchronizing. How to test if redundancy works and what impact would it have on our network? Because ASR runs Linux and IOS is just a one of processes easiest way is to kill active one and see what will happen.

First we have to activate access to Linux shell in configuration. This will activate few hidden commands. This is easy, but be careful and better not try it on production router.

service internal
platform shell

Now requesting access to shell

ASR1k#request platform software system shell 
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y

2010/03/15 07:51:40 : Shell access was granted to user admin; Trace file: , /harddisk/tracelogs/system_shell_R0.admin.log.20100315075140
********************************************************************** 
Activity within this shell can jeopardize the functioning 
of the system.
Use this functionality only under supervision of Cisco Support.

Session will be logged to:
  harddisk:tracelogs/system_shell_R0.admin.log.20100315075140
********************************************************************** 
[ASR1k_RP_0:/]$ 

Everything we are doing is logged. Once we are in it’s nothing else than playing with UNIX shell. First we have to find IOS XE processes

[ASR1k_RP_0:/]$ ps x | grep iosd
25708 ?        S      0:00 /usr/bin/rotee -f /tmp/rp/trace/ppc_linux_iosd_image_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_25472_fifo
27928 ?        SL     4:48 /tmp/sw/mount/asr1000rp2-rpios-adventerprisek9.02.06.00.122-33.XNF.pkg/usr/binos/bin/ppc_linux_iosd-image -n 32768 -m 1800 -c /config
 1089 ?        S      0:00 /usr/bin/rotee -f /tmp/rp/trace/ppc_linux_iosd_image_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_1_1011_fifo
 1417 ?        SL     1:19 /tmp/sw/mount/asr1000rp2-rpios-adventerprisek9.02.06.00.122-33.XNF.pkg/usr/binos/bin/ppc_linux_iosd-image -n 32768 -m 1800 -c /config
 6922 ttyp3    S+     0:00 grep iosd

One we got them we kill one with lower pid/longer lifetime

[ASR1k_RP_0:/]$ kill -9 27928

If we kill active process we get disconnected. I had ping running in background that were pinging Mgmt interface IP address. As you can see that few pings were lost during this operation but router recovered and let me access again.

64 bytes from 10.133.32.60: icmp_seq=195 ttl=254 time=0.649 ms
64 bytes from 10.133.32.60: icmp_seq=196 ttl=254 time=0.794 ms
Request timeout for icmp_seq 197
Request timeout for icmp_seq 198
Request timeout for icmp_seq 199
Request timeout for icmp_seq 200
Request timeout for icmp_seq 201
Request timeout for icmp_seq 202
Request timeout for icmp_seq 203
Request timeout for icmp_seq 204
Request timeout for icmp_seq 205
Request timeout for icmp_seq 206
Request timeout for icmp_seq 207
Request timeout for icmp_seq 208
Request timeout for icmp_seq 209
Request timeout for icmp_seq 210
64 bytes from 10.133.32.60: icmp_seq=211 ttl=254 time=0.660 ms
64 bytes from 10.133.32.60: icmp_seq=212 ttl=254 time=0.621 ms

Now you can see that one of the processes is not running, because we killed it

ASR1k#sh redundancy 
Redundant System Information :
------------------------------
       Available system uptime = 2 days, 23 hours, 31 minutes
Switchovers system experienced = 1
              Standby failures = 0
        Last switchover reason = active unit removed

                 Hardware Mode = Simplex
    Configured Redundancy Mode = sso
     Operating Redundancy Mode = Non-redundant
              Maintenance Mode = Disabled
                Communications = Down      Reason: Simplex mode

Current Processor Information :
-------------------------------
               Active Location = slot 7
        Current Software state = ACTIVE
       Uptime in current state = 0 minutes
                 Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 25-Feb-10 02:13 by mcpre
                          BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1;
                   CONFIG_FILE = 
        Configuration register = 0x2102

Peer (slot: 6) information is not available because it is in 'DISABLED' state

System will restart standby process within few seconds. Booting and synchronization takes few minutes but after that we have redundant system again.

Leave a Reply

%d bloggers like this: