Testing SSO on ASR1k
IOS XE on ASR1000 provides two forms of redundancy. First one is well-known hardware redundancy available in ASR1006 where two RP’s and ESP’s can be installed. On other platforms software redundancy and ISSU can be configured. Because IOS XE is in fact just one of a Linux processes running on the platform while system is booting up no one but two instances of iosd are executed in background, but only one is active. Both processes are running on same Route Processor. Standby IOS process can be switched to in the event of an IOS failure, and can also be used to upgrade sub-package software in some scenarios as the standby IOS process in an ISSU upgrade.
Activation of redundancy is easy, but requires HA licence
redundancy mode sso
System have to be then reloaded. You can check status of redundancy same way as on any other IOS platform
ASR1k#sh redundancy Redundant System Information : ------------------------------ Available system uptime = 2 days, 23 hours, 29 minutes Switchovers system experienced = 0 Standby failures = 0 Last switchover reason = none Hardware Mode = Duplex Configured Redundancy Mode = sso Operating Redundancy Mode = sso Maintenance Mode = Disabled Communications = Up Current Processor Information : ------------------------------- Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 2 days, 23 hours, 29 minutes Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 25-Feb-10 02:13 by mcpre BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1; CONFIG_FILE = Configuration register = 0x2102 Peer Processor Information : ---------------------------- Standby Location = slot 7 Current Software state = STANDBY HOT Uptime in current state = 2 days, 23 hours, 28 minutes Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 25-Feb-10 02:13 by mcpre BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1; CONFIG_FILE = Configuration register = 0x2102
So we have two IOS processes running and synchronizing. How to test if redundancy works and what impact would it have on our network? Because ASR runs Linux and IOS is just a one of processes easiest way is to kill active one and see what will happen.
First we have to activate access to Linux shell in configuration. This will activate few hidden commands. This is easy, but be careful and better not try it on production router.
service internal platform shell
Now requesting access to shell
ASR1k#request platform software system shell Activity within this shell can jeopardize the functioning of the system. Are you sure you want to continue? [y/n] y 2010/03/15 07:51:40 : Shell access was granted to user admin; Trace file: , /harddisk/tracelogs/system_shell_R0.admin.log.20100315075140 ********************************************************************** Activity within this shell can jeopardize the functioning of the system. Use this functionality only under supervision of Cisco Support. Session will be logged to: harddisk:tracelogs/system_shell_R0.admin.log.20100315075140 ********************************************************************** [ASR1k_RP_0:/]$
Everything we are doing is logged. Once we are in it’s nothing else than playing with UNIX shell. First we have to find IOS XE processes
[ASR1k_RP_0:/]$ ps x | grep iosd 25708 ? S 0:00 /usr/bin/rotee -f /tmp/rp/trace/ppc_linux_iosd_image_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_0_25472_fifo 27928 ? SL 4:48 /tmp/sw/mount/asr1000rp2-rpios-adventerprisek9.02.06.00.122-33.XNF.pkg/usr/binos/bin/ppc_linux_iosd-image -n 32768 -m 1800 -c /config 1089 ? S 0:00 /usr/bin/rotee -f /tmp/rp/trace/ppc_linux_iosd_image_pmanlog -p /tmp/rp/trace/fifo/pman_sh%rp_0_1_1011_fifo 1417 ? SL 1:19 /tmp/sw/mount/asr1000rp2-rpios-adventerprisek9.02.06.00.122-33.XNF.pkg/usr/binos/bin/ppc_linux_iosd-image -n 32768 -m 1800 -c /config 6922 ttyp3 S+ 0:00 grep iosd
One we got them we kill one with lower pid/longer lifetime
[ASR1k_RP_0:/]$ kill -9 27928
If we kill active process we get disconnected. I had ping running in background that were pinging Mgmt interface IP address. As you can see that few pings were lost during this operation but router recovered and let me access again.
64 bytes from 10.133.32.60: icmp_seq=195 ttl=254 time=0.649 ms 64 bytes from 10.133.32.60: icmp_seq=196 ttl=254 time=0.794 ms Request timeout for icmp_seq 197 Request timeout for icmp_seq 198 Request timeout for icmp_seq 199 Request timeout for icmp_seq 200 Request timeout for icmp_seq 201 Request timeout for icmp_seq 202 Request timeout for icmp_seq 203 Request timeout for icmp_seq 204 Request timeout for icmp_seq 205 Request timeout for icmp_seq 206 Request timeout for icmp_seq 207 Request timeout for icmp_seq 208 Request timeout for icmp_seq 209 Request timeout for icmp_seq 210 64 bytes from 10.133.32.60: icmp_seq=211 ttl=254 time=0.660 ms 64 bytes from 10.133.32.60: icmp_seq=212 ttl=254 time=0.621 ms
Now you can see that one of the processes is not running, because we killed it
ASR1k#sh redundancy Redundant System Information : ------------------------------ Available system uptime = 2 days, 23 hours, 31 minutes Switchovers system experienced = 1 Standby failures = 0 Last switchover reason = active unit removed Hardware Mode = Simplex Configured Redundancy Mode = sso Operating Redundancy Mode = Non-redundant Maintenance Mode = Disabled Communications = Down Reason: Simplex mode Current Processor Information : ------------------------------- Active Location = slot 7 Current Software state = ACTIVE Uptime in current state = 0 minutes Image Version = Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Thu 25-Feb-10 02:13 by mcpre BOOT = bootflash:asr1000rp2-adventerprisek9.02.06.00.122-33.XNF.bin,1; CONFIG_FILE = Configuration register = 0x2102 Peer (slot: 6) information is not available because it is in 'DISABLED' state
System will restart standby process within few seconds. Booting and synchronization takes few minutes but after that we have redundant system again.