Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Autorecovery of Configuration, Licenses, and Disk Information on SRX Series Devices

Autorecovery helps to detect and recover information on disk partitioning, configuration, and licenses in the event of disk becomes corrupted.

Note:

In devices running FreeBSD Release 12 or later, you cannot back up data with the autorecovery feature. Instead, back up data using snapshots. To learn if your device is running FreeBSD Release 12 or later, issue the show version command and look for the fbsd_builder_stable string in the module names. If the string includes the number 12 or later, your device is running FreeBSD Release 12 or later.

Overview

The autorecovery feature is supported on dual-partitioned SRX Series Firewalls. With this feature, information on disk partitioning, configuration, and licenses is recovered automatically in the event it becomes corrupted.

Autorecovery provides the following functions:

  • Detect corruption in disk partitioning during system bootup and attempt to recover partitions automatically

  • Detect corruption in the Junos OS rescue configuration during system bootup and attempt to recover the rescue configuration automatically

  • Detect corruption in Junos OS licenses during system bootup and attempt to recover licenses automatically

How Autorecovery Works

The feature works in the following ways:

  • The feature provides the request system autorecovery state save command, which backs up important data such as disk partitioning information, licenses, and Junos OS rescue configuration.

  • Once the backup copies are saved, they are used to check the integrity of the working copies of the data on every bootup.

  • The working copies are automatically recovered if any corruption is detected.

How to Use Autorecovery

You use autorecovery in the following ways:

  • Prepare the router for deployment with the necessary licenses and configuration.

  • After you finalize the state, execute the request system autorecovery state save command to back up the state.

  • After you save the state, integrity check and recovery actions (if any) occur automatically on every bootup.

  • If subsequent maintenance activities change the state of the router by adding licenses or updating the configuration, you need to execute the request system autorecovery state save command again to update the saved state.

  • Execute the show system autorecovery state command any time to view the status of the saved information and the integrity check status of each saved item.

  • Execute the request system autorecovery state clear command to delete all backed up data and disable autorecovery, if required.

Data That Is Backed Up in an Autorecovery

The following data is backed up during the autorecovery process:

  • Rescue configuration (regenerated from the current configuration)

  • License keys

  • BSD lables (disk-partitioning information)

Data is backed up only when you execute the request system autorecovery state save command. Disk-partitioning information is backed up automatically from factory defaults (for new systems), on installation from the boot loader, and on snapshot creation.

Troubleshooting Alarms

Table 1 lists types of autorecovery alarms, descriptions, and required actions.

Table 1: Autorecovery Alarms

Alarm

Alarm Type

Description

Action Required

Autorecovery information needs to be saved

Minor

This alarm indicates:

  • Unsaved data needs to be saved, or saved data contains problems and another save is required.

  • Ensure that the system has all required licenses and configuration.

  • Execute the request system autorecovery state save command.

Autorecovery has recovered corrupted information

Minor

This alarm indicates:

  • Boot time integrity check failed for certain items; however, the items have been recovered successfully.

  • No action is required.

  • Alarm is cleared on next bootup.

Autorecovery was unable to recover data completely

Major

This alarm indicates:

  • Boot time integrity check failed for certain items, which could not be recovered successfully.

  • The system might be experiencing a fatal malfunction.

Considerations

  • Devices must have dual-root partitioning for autorecovery to work.

  • The request system configuration rescue save command regenerates the rescue configuration from the current Junos OS configuration and then saves it. Therefore, executing the save command overwrites any existing rescue configuration.

  • In general, the saved contents of the rescue configuration are not updated automatically. If you add licenses, you must execute the request system autorecovery state save command again.

Note:

The rescue configuration is backed up. If /config is corrupted, the system boots from the rescue configuration.

Related Documentation