Hardware-Isolated Virtual Router (HVR)
Dedicates both control plane and data plane resources on a per-module boundary to individual virtual entities.
HVR implementation multiplies the available resources (add modules, processors, etc.).
Software-Isolated Virtual Router (SVR)
Share hardware ressources in the data plane.
Multiple guest operating systems to overlay on a host operating system – detrimental impact on scale because it introduces significant contention of resources.
Approach to overprovision ressources on all SVRs – wastes ressources decreasing overall scale.
Integrate virtualization into kernel. Same contention of resources. Complexity and instability in the kernel.
Virtualization in the individual applications. Better scale. Complicates design, testing and management.
SVR implementation divides the available resources.
Chassis resources (power supplies, blowers, fabric) are shared for both HVR and SVR.
Secure Domain Routers
Distributed Route Processors (DRPs; hardware modules
) = full isolation between instances.
SDR defined on per-slot boundary with entire RP and Modular Service Card dedicated to an SDR.
The only parts of the chassis that are shared are the fabric, the fans, and the power supplies.
-system-wide functions including creation of non-owner SDRs. Admin config mode access.
In each SDR, administration and control capabilities are provided by the designated secure domain router system controller (DSDRSC)
. Each SDR must include a DSDRSC to operate, and you must assign an RP or DRP to act as the DSDRSC.
The DSDRSC of the owner SDR is also the DSC of the entire system.
CPU and memory of an SDR are not shared with other SDRs