Detecting Corrupt File Configurations

You can detect corruption of running configuration files and CNF files on both the primary and the standby SRP when the corruption is due to a fatal duplicate key error. CNF files must be present on the active file system to monitor them; you cannot monitor CNF files that reside alone on the standby SRP.

You can use the service check-configcommand to control the mode of detection for corruption detection of the running configuration. Auto mode provides a background monitoring task that periodically checks the validity of running configurations. The service config-monitor-periodictycommand enables you to set the time for background monitoring of the active and standby SRP. By default, background monitoring is not running. Manual mode is the default detection mode. For corruption detection of the CNF files, you must use manual mode.

A critical message to take further corrective action is logged in all the cases of corruption detection to ensure that an SRP reset does not occur and that the system recovers with the last known good configuration.

When duplicate key corruption is detected in either the active or standby SRP:

• File synchronization between the active and standby SRP occurs when HA is enabled. Configuration files are not synchronized to the standby SRP. You can restart file synchronization of configuration files only when you reinitialize the flash file system on the corrupted SRP.
• If HA is disabled, you cannot enable HA until you reinitialize the flash file system on the corrupted system. HA is disabled because of the redundancy corruption criteria. HA cannot be reenabled until the flash file system is reinitialized on the corrupted system.
• You cannot initialize unified ISSU until you reinitialize the flash file system on the corrupted system. If the corruption is detected after unified ISSU is initialized, HA is disabled, which then sets a redundancy criteria for corruption that prevents unified ISSU from starting.
• If monitoring is configured to run in auto mode when unified ISSU starts, monitoring reverts back to manual mode to prevent monitoring during a unified ISSU upgrade. After a successful unified ISSU upgrade, monitoring switches back to the originally configured mode on both SRPs.

File synchronization and monitoring the file system are separate operations. Depending on the wake up time of the monitoring task, there is a period of time when corruption can occur and the file systems are synchronized. We recommend that you run the manual command to check the file system before you enable HA or perform any unified ISSU-related operations

service check-config

• Use to detect corruption of running configuration files and CNF files on the primary SRP and the standby SRP when it is due to a fatal duplicate key error. You cannot monitor CNF files on the standby SRP.
• Auto mode checks the running configuration at regular intervals; auto mode cannot be used for CNF files.
• Use the default version to restore the default setting, manual detection.
• Example

  host1(config)#service config-check auto

• Use the no version to restore the default action, manual detection.
• See service check-config.

service config-monitor-periodicity

• Use to set the time for background monitoring of the active and standby SRP. By default, background monitoring is not running. For corruption detection of the CNF files, you must use manual mode.
• Auto mode checks the running configuration at regular intervals; auto mode cannot be used for CNF files.
• Use the default version to restore the default setting, manual detection.
• Example

  host1(config)#service config-monitor-periodicity 2000

• There is nono version.
• See service config-monitor-periodicity.

show service config-monitor-periodicity

• Use to display the time of the monitoring task for detecting corruption of a running configuration on both the primary SRP and the standby SRP.
• Example

  host1#show service config-monitor-periodicity
  config-monitor-periodicity = 2000
  

• See show service config-monitor-periodicity.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.