Dual-Root Partitioning Scheme Documentation for SRX Series Services Gateways

Dual-Root Partitioning Scheme

JUNOS Release 10.1 supports dual-root partitions on SRX100, SRX210, SRX240, and SRX650 devices. Dual-root partition allow the SRX Series devices to remain functional if there is file system corruption and facilitate easy recovery of the corrupted file system.

SRX Series devices running JUNOS Release 9.6 or earlier support a single-root partitioning scheme where there is only one root partition. Because both the primary and backup JUNOS Software images are located on the same root partition, the system fails to boot if there is corruption in the root file system. The dual-root partitioning scheme guards against this scenario by keeping the primary and backup JUNOS Software images in two independently bootable root partitions. If the primary root partition becomes corrupted, the system will be able to boot from the backup JUNOS Software image located in the other root partition and remain fully functional.

SRX Series devices that ship with JUNOS Release 10.1 are formatted with dual-root partitions from the factory. SRX Series devices that are running JUNOS Release 9.6 or earlier can be formatted with dual-root partitions when upgrading to JUNOS Release 10.1.

Note: The dual-root partitioning scheme allows the SRX Series devices to remain functional if there is file system corruption and facilitates easy recovery of the corrupted file system. Although you can install JUNOS Release 10.1 on SRX100, SRX210, SRX240, and SRX650 devices with the single-root partitioning scheme, we strongly recommend the use of the dual-root partitioning scheme.

Selection of Boot Media and Boot Partition

When the SRX Series device powers on, it tries to boot the JUNOS Software from the default storage media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage media.

SRX100, SRX210, SRX240 devices boot from the following storage media (in order of priority):

Internal NAND flash (default; always present)
USB storage device (alternate)

SRX650 devices boot from the following storage media (in order of priority):

Internal CompactFlash card (default; always present)
External CompactFlash card (alternate)
USB storage device (alternate)

With the dual-root partitioning scheme, the SRX Series device first tries to boot the JUNOS Software from the primary root partition and then from the backup root partition on the default storage media. If both primary and backup root partitions of a media fail to boot, then the SRX Series device tries to boot from the next available type of storage media. The SRX Series device remains fully functional even if it boots the JUNOS Software from the backup root partition of storage media.

Important Differences Between Single-Root and Dual-Root Partitioning Schemes

Note the following important differences in how SRX Series devices use the two types of partitioning systems.

With the single-root partitioning scheme, there is one root partition that contains both the primary and backup JUNOS Software images. With the dual-root partitioning scheme, the primary and backup copies of JUNOS Software are in different partitions. The partition containing the backup copy is mounted only when required.
With the dual-root partitioning scheme, when the request system software add command is performed for a JUNOS Software package, the contents of the other root partition are erased. The contents of the other root partition will not be valid unless the installation is completed successfully.
With the dual-root partitioning scheme, after a new JUNOS Software image is installed, add-on packages like jais or jfirmware should be reinstalled as required.
With the dual-root partitioning scheme, the request system software rollback CLI command does not delete the current JUNOS Software image. It is possible to switch back to the image by issuing the rollback command again.
With the dual-root partitioning scheme, the request system software delete-backup CLI command does not take any action. The JUNOS Software image in the other root partition will not be deleted.

Upgrade Methods

SRX Series devices that ship from the factory with JUNOS Release 10.10 are formatted with the dual-root partitioning scheme.

Existing SRX Series devices that are running JUNOS Release 9.6 or earlier use the single-root partitioning scheme. While upgrading these routers to JUNOS Release 10.1, you can choose to format the storage media with dual-root partitions (strongly recommended) or retain the existing single-root partitioning.

Certain JUNOS Software upgrade methods format the internal media before installation, whereas other methods do not. To install JUNOS Release 10.1 with the dual-root partitioning scheme, you must use an upgrade method that formats the internal media before installation.

The following upgrade methods format the internal media before installation:

Installation from the boot loader using a TFTP server
Installation from the boot loader using a USB storage device
Installation from the CLI using the special partition option (available in JUNOS Release 10.1)

The following upgrade methods retain the existing partitioning scheme:

Installation using the CLI
Installation using J-Web

Warning: Upgrade methods that format the internal media before installation wipe out the existing contents of the media. Only the current configuration will be preserved. Any important data should be backed up before starting the process.

Note: Once the media has been formatted with the dual-root partitioning scheme, you can use conventional CLI or J-Web installation methods, which retain the existing partitioning and contents of the media, for subsequent upgrades.

Upgrading to JUNOS Release 10.1 Without Transitioning to Dual-Root Partitioning

If dual-root partitioning is not desired, use the conventional CLI and J-Web installation methods, as described in the JUNOS Software Administration Guide for Security Devices.

Upgrading to JUNOS Release 10.1 with Dual-Root Partitioning

To format the media with dual-root partitioning while upgrading to JUNOS Release 10.1, use one of the following installation methods:

Installation from the boot loader using a TFTP server. This method is preferable if console access to the system is available and a TFTP server is available in the network.
Installation from the boot loader using a USB storage device. This method is preferable if console access to the system is available and the system can be physically accessed to plug in a USB storage device.
Installation from CLI using the special partition option. This method is recommended only when console access is not available. This installation can be performed remotely.

Note: After upgrading to JUNOS Release 10.1, the U-boot and boot loader must be upgraded for the dual-root partitioning scheme to work properly.

Each of the aforementioned methods of installing JUNOS 10.1 with dual-root partitioning is described in detail in the following sections:

Installing from the Boot Loader Using a TFTP Server

See the JUNOS Software Administration Guide for Security Devices for detailed information on installing JUNOS Software using a TFTP server.

To install JUNOS Release 10.1 from the boot loader using a TFTP server:

Upload the JUNOS Software image to a TFTP server.
Stop the device at the loader prompt and set the following variables:
- ipaddr
  loader> set ipaddr=<IP-address-of-the-device>
- netmask
  loader> set netmask=<netmask>
- gatewayip
  loader> set gatewayip=<gateway-IP-address>
- serverip
  loader> set severip=<TFTP-server-IP-address>
Install the image using the following command at the loader prompt:
loader> install tftp://<server-ip>/<image-path-on-server>
For example:
loader> install tftp://10.77.25.12/junos-srxsme-10.1R1-domestic.tgz
This will format the internal media and install the new JUNOS Software image on the media with dual-root partitioning.
Once the system boots up with JUNOS Release 10.1, upgrade the U-boot and boot loader immediately. See Upgrading the Boot Loader.

Installing from the Boot Loader Using a USB Storage Device

To install JUNOS Release 10.1 from the boot loader using a USB storage device:

Format a USB storage device in MS-DOS format.
Copy the JUNOS Software image onto the USB storage device.
Plug the USB storage device into the SRX Series device.
Stop the device at the loader prompt and issue the following command:
loader> install file:///<image-path-on-usb>
For example:
loader> install file:///junos-srxsme-10.1R1-domestic.tgz
This will format the internal media and install the new JUNOS Software image on the media with dual-root partitioning.
Once the system boots up with JUNOS Release 10.1, upgrade the U-boot and boot loader immediately. See Upgrading the Boot Loader.

Installing from the CLI Using the partition Option

To install JUNOS Release 10.1 with the partition option:

Upgrade the device to JUNOS Release 10.1 or later using the CLI or J-Web. This will install the new image with the older single-root partitioning scheme.
After the device reboots with JUNOS Release 10.1, upgrade the boot loader to version 1.5. See Upgrading the Boot Loader.
Reinstall the 10.1 image from JUNOS CLI using the request system software add command with the partition option. This will copy the image to the device, then reboot the device for installation. The device will boot up with the 10.1 image installed with the dual-root partitioning scheme.

Note: This process might take 15–20 minutes. The system will not be accessible over the network during this time.

Upgrading the Boot Loader

To upgrade the boot loader to version 1.5:

Upgrade to JUNOS Release 10.1 (with or without dual-root support enabled).
The JUNOS 10.1 image contains the latest boot loader binaries in the following path: /boot/uboot, /boot/loader.
Enter the shell prompt.
Run the following command from the shell prompt:
bootupgrade –u /boot/uboot –l /boot/loader

Installing JUNOS Release 9.6 or Earlier Release on Systems with Dual-Root Partitioning

JUNOS Release 9.6 and earlier is not compatible with the dual-root partitioning scheme. These releases can only be installed if the media is reformatted with single-root partitioning. Any attempt to install JUNOS Release 9.6 or earlier on a device with dual-root partitioning without reformatting the media will fail with an error. You must install the JUNOS Release 9.6 or earlier image from the boot loader using a TFTP server or USB storage device.

Note: You cannot install a JUNOS Release 9.6 or earlier package on a system with dual-root partitioning using the JUNOS CLI or J-Web. An error will be returned if this is attempted.

Note: You do not need to reinstall the earlier version of the boot loader.

Reinstalling the Single-Root Partition Release Over TFTP

To reinstall JUNOS Software from the boot loader using a TFTP server:

Upload the JUNOS Software image to a TFTP server.
Stop the device at the loader prompt and set the following variables:
- ipaddr
  loader> set ipaddr=<IP-address-of-the-device>
- netmask
  loader> set netmask=<netmask>
- gatewayip
  loader> set gatewayip=<gateway-IP-address>
- serverip
  loader> set severip=<TFTP-server-IP-address>
Install the image using the following command at the loader prompt:
user@host> install tftp://<server-ip>/<image-path-on-server>
For example:
loader> install tftp://10.77.25.12/junos-srxsme-9.6R1-domestic.tgz
This will format the internal media and install the JUNOS Software image on the media with single-root partitioning.

Reinstalling the Single-Root Partition Release Using USB

To reinstall JUNOS Software from the boot loader using a USB storage device:

Format a USB storage device in MS-DOS format.
Copy the JUNOS Software image onto the USB storage device.
Plug the USB storage device into the SRX Series device.
Stop the device at the loader prompt and issue the following command:
user@host> install file://<image-path-on-usb>
For example:
loader> install file:///junos-srxsme-9.6R1-domestic.tgz
This will format the internal media and install the JUNOS Software image on the media with single-root partitioning.

Recovery of the Primary JUNOS Software Image with Dual-Root Partitioning Scheme

If the SRX Series Services Gateway is unable to boot from the primary JUNOS Software image, and boots up from the backup JUNOS Software image in the backup root partition, a message is displayed on the console at the time of login indicating that the device has booted from the backup JUNOS Software image:


    login: user

    Password:

    ***********************************************************************

    **                                                                   **

    **  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **

    **                                                                   **

    **  It is possible that the active copy of JUNOS failed to boot up   **

    **  properly, and so this device has booted from the backup copy.    **

    **                                                                   **

    **  Please re-install JUNOS to recover the active copy in case       **

    **  it has been corrupted.                                           **

    **                                                                   **

    ***********************************************************************

Because the system is left with only one functional root partition, you should immediately restore the primary JUNOS Software image. This can be done by installing a new image using the CLI or J-Web. The newly installed image will become the primary image, and the device will boot from it on the next reboot.

CLI Changes

This section describes CLI changes when the SRX Series device runs JUNOS Release 10.1 with the dual-root partitioning scheme.

Changes to the Snapshot CLI

On an SRX Series device, you can configure the primary or secondary boot device with a “snapshot” of the current configuration, default factory configuration, or rescue configuration. The snapshot feature is modified to support dual-root partitioning. The options as-primary, swap-size, config-size, root-size, var-size, and data-size are not supported on SRX Series devices.

With the dual-root partitioning scheme, performing a snapshot to a USB storage device that is less than 1 GB is not supported.

With the dual-root partitioning scheme, you must use the partition option when performing a snapshot. If the partition option is not specified, the snapshot operation fails with a message that the media needs to be partitioned for snapshot.

The output for the show system snapshot CLI command is changed in devices with dual-root partitions to show the snapshot information for both root partitions:

user@host> show system snapshot media
 usb

Information for snapshot on       usb (/dev/da1s1a) (primary)

            Creation date: Jul 24 16:16:01 2009

            JUNOS version on snapshot:

            junos  : 10.1I20090723_1017-domestic

            Information for snapshot on       usb (/dev/da1s2a) (backup)

            Creation date: Jul 24 16:17:13 2009

            JUNOS version on snapshot:

            junos  : 10.1I20090724_0719-domestic

Note: You can use the show system snapshot media internal command to determine the partitioning scheme present on the internal media. Information for only one root is displayed for single-root partitioning, whereas information for both roots is displayed for dual-root partitioning.

Note: Any removable media that has been formatted with dual-root partitioning will not be recognized correctly by the show system snapshot CLI command on systems that have single-root partitioning. Intermixing dual-root and single-root formatted media on the same system is strongly discouraged.

partition Option with the request system software add Command

A new partition option is available with the request system software add CLI command. Using this option will cause the media to be formatted and repartitioned before the software is installed.

When the partition option is used, the format and install process is scheduled to run on the next reboot. Therefore, it is recommended that this option be used together with the reboot option.

For example:

user@host>request system software add
 junos-srxsme-10.1R1-domestic.tgz no-copy no-validate partition reboot

Copying package junos-srxsme-10.01R1-domestic.tgz to var/tmp/install

Rebooting ...

The system will reboot and complete the installation.

Warning: Using the partition option with the request system software add CLI command erases the existing contents of the media. Only the current configuration is preserved. Any important data should be backed up before starting the process.