Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure Root Partitions on SRX Series Devices

Learn how to configure root partitions on SRX Series Firewalls, including the benefits of dual-root partitioning for improved reliability and recovery. This topic covers the boot process, automatic recovery with the auto-snapshot feature, and steps to reinstall single-root partitioning for older Junos OS versions.

Dual-Root Partition on SRX Series Firewalls

Dual-root partitioning ensures that an SRX Series Firewall remains functional even when the file system gets corrupted and facilitates easy recovery of the file system.

In single-root partitioning as both the primary and backup Junos OS images are in the same root partition, the system fails to boot if the root file system gets corrupted. Dual-root partitioning prevents this situation by keeping the primary and backup Junos OS images in two independently bootable root partitions. If the primary root partition becomes corrupted, the system can still boot from the backup Junos OS image located in the other root partition and remain fully functional.

Boot Media and Boot Partition on SRX Series Firewalls

When the SRX Series Firewall powers on, it tries to boot the Junos OS from the default storage media. If the device fails to boot from the default storage media, the device tries to boot from the alternate storage media.

Use Feature Explorer to confirm platform and release support for specific features.

Review the Platform-Specific Storage Media Behavior section for notes related to your platform.

With dual-root partitioning, the SRX Series Firewall first tries to boot Junos OS from the primary root partition and then from the backup root partition on the default storage media.

If Junos OS fails to boot from both the primary and backup root partitions of a media, the firewall tries to boot the software from the next available storage media. The firewall remains fully functional even if it boots Junos OS from the backup root partition of the storage media.

Key Functionality of the Dual-Root Partition

Dual-root partitioning has the following important features:

  • The primary and backup copies of Junos OS images reside in separate partitions. The partition containing the backup copy is mounted only when required. With the single-root partitioning scheme, there is one root partition in the default that contains both the primary and backup Junos OS images.

  • The request system software add command for a Junos OS package erases the contents of the other root partition. The contents of the other root partition will not be valid unless software installation is completed successfully.

  • You can reinstall add-on packages, such as jais or jfirmware, as required after a new Junos OS image is installed.

  • The request system software rollback command does not delete the current Junos OS image.You revert to the image by issuing the rollback command.

  • The request system software delete-backup and request system software validate commands do not result in any action.

Automatic Recovery of the Primary Junos OS Image with Dual-Root Partitioning

The automatic snapshot feature repairs the corrupted primary root partition when the device reboots from the alternate root. This repair is accomplished by taking a snapshot of the alternate root onto the primary root automatically rather than manually from the CLI.

When this feature is enabled, the device performs the following actions to reboot from the alternate root (because of a corrupted primary root or power cycle during restart):

  1. Displays a prominent message indicating a failure to boot from the primary root.

  2. A system boot from backup root alarm is set. This action is useful for devices that do not have console access.

  3. A snapshot of the alternate root onto the primary root is made.

  4. Once the snapshot is complete, the system boot from backup root alarm is cleared.

During the next reboot, the system determines the good image on the primary root and boots normally. Perform the snapshot once all the processes start. This is done to avoid any increase in the reboot time.

By default the automatic snapshot feature is disabled. If you do not maintain the same Junos OS release in both the partitions, ensure that the automatic snapshot feature remains disabled. For instance, the alternate partition might have an earlier Junos OS release. If the device reboots from the alternate root partition, the automatic snapshot feature replaces the later Junos OS release with the earlier release. When automatic snapshot is disabled and the system reboots from the alternate root partition, you receive an alarm indicating that the system has rebooted from its alternate partition.

Given you maintain the same Junos OS release on both the root partitions, enable this feature with the set system auto-snapshot command. After this feature ensures recovery of the primary root partition, the device successfully boots from the primary root partition on the next reboot.

Execute the delete system auto-snapshot command to delete all backed-up data and disable automatic snapshot, if required.

Use the show system auto-snapshot command to check the status of automatic snapshot.

When automatic snapshot is in progress, you cannot run a manual snapshot command concurrently. If you attempt this action, the following error message appears:

If you log into the device when the automatic snapshot feature is in progress, the following banner appears: The device has booted from the alternate partition, auto-snapshot is in progress.

How the Primary Junos OS Image with Dual-Root Partitioning Recovers Devices

If the SRX Series Firewall fails to boot from the primary Junos OS image and boots up from the backup image, you see the following message on the console interface. The message appears at the time of login, informing you about device bootup using the alternate image.

Because the system is left with only one functional root partition, you must immediately restore the primary Junos OS image using one of the following methods:

  • Install a new image using the CLI or J-Web user interface. The newly installed image becomes the primary image, and the device boots from this image on the next reboot.

  • Use a snapshot of the backup root partition by entering the request system snapshot slice alternate command. After the primary root partition is recovered using this method, the device successfully boots from the primary root partition on the next reboot. After the procedure, the primary root partition contains the same version of Junos OS as the backup root partition. After the automatic snapshot process is complete, the system boot from backup root alarm is cleared.

    You can use the command request system snapshot slice alternate to back up the currently running root file system (primary or secondary) to the other root partition. With this command, you also:

    • Save an image of the primary root partition in the backup root partition when the system boots from the primary root partition.

    • Save an image of the backup root partition in the primary root partition when the system boots from the backup root partition.

    The process of restoring the alternate root by using the CLI command request system snapshot slice alternate takes several minutes to complete. If you terminate the operation before completion, the alternate root might not have all the required contents to function properly.

How Junos OS Release 10.0 or Later Upgrades with Dual-Root Partitioning

To format the media with dual-root partitioning while upgrading to Junos OS Release 10.0 or later, use one of the following installation methods:

  • Installation from the boot loader using a Trivial File Transfer Protocol (TFTP) server. We recommend using this method if console access to the system is available and a TFTP server is available in the network.

  • Installation from the boot loader using a USB storage device. We recommend using this method if console access to the system is available and the system can be physically accessed to plug in a USB storage device.

  • Installation from the CLI using the partition option. We recommend using this method only if console access is not available. You can perform this installation remotely.

Dual-Root and Single-Root Partition

Some Junos OS upgrade methods format the internal media before Junos OS installation. You must use one of these upgrade methods to install Junos OS with dual-root partitioning.

These upgrade methods format the internal media before Junos OS installation:

  • Installation from the boot loader using a TFTP server

  • Installation from the boot loader using a USB storage device

  • Installation from the CLI using the partition option (available in Junos OS Release 10.0 and later)

  • Installation using the J-Web user interface

These upgrade methods retain the existing partitioning scheme:

  • Installation using the CLI without the partition option

  • Installation using the J-Web user interface

Upgrade methods that format the internal media before installation wipe out the existing contents of the media. Only the current configuration is preserved. You must back up any important data.

After the media is formatted with the dual-root partitioning scheme, you can use conventional CLI or J-Web user interface installation methods for subsequent upgrades. These methods retain the existing partitioning and contents of the media.

Reinstall Single-Root Partition on SRX Series Firewalls

To reinstall the single-root partition on SRX Series Firewalls, you need to consider the compatibility between Junos OS releases and partitioning schemes. Junos OS Release 9.6 and earlier supports only single-root partitioning, whereas later releases support dual-root partitioning. If you attempt to install Junos OS Release 9.6 or earlier on a device with dual-root partitioning without reformatting the internal media, the installation will fail.

To reinstall the single-root partition:

  1. Reformat the media using the command:

    user@host>request system software add partition

  2. Reboot the device after the Junos OS installation by using the command:

    user@host>request system reboot

    The previous software release gets installed after you reboot the device. Using the partition option erases the dual-root partitioning scheme, removing access to dual-root partitioning features such as improved rollback and recovery.

Platform-Specific Storage Media Behavior

Use Feature Explorer to confirm platform and release support for specific features.

Use the following table to review platform-specific storage media behaviors for your platform:

Platform

Difference

SRX Series

  • SRX300, SRX320, SRX340 and SRX345 devices support eUSB disk (default) and USB storage device (alternate).

  • SRX380 device supports internal SSD (default) and USB storage device (alternate).

  • SRX300, SRX320, SRX340, SRX345, and SRX380 devices support the automatic snapshot feature.

Related Documentation