SRX

last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How to fix filesystem errors on /cf/var?

    Posted 09-04-2014 15:57

    Hi ,

     

    Could you please help me? 

     

    I found some file system errors on /cf/var and can't unmount it to fix them as it is constantly in use.

    Is there a way to fix them?

     

    root@j% fsck -y -f /dev/bo0s3f
    ** /dev/bo0s3f (NO WRITE)
    ** Last Mounted on /cf/var
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    UNREF FILE I=11168 OWNER=root MODE=100644
    SIZE=0 MTIME=Sep 3 17:35 2014 
    CLEAR? no

    UNREF FILE I=11192 OWNER=root MODE=100644
    SIZE=0 MTIME=Aug 10 19:00 2014 
    CLEAR? no

    UNREF FILE I=11193 OWNER=root MODE=100644
    SIZE=126976 MTIME=Sep 3 19:42 2014 
    CLEAR? no

    UNREF FILE I=11194 OWNER=root MODE=100640
    SIZE=2848 MTIME=Sep 3 17:35 2014 
    CLEAR? no

    ** Phase 5 - Check Cyl groups
    494 files, 82677 used, 92641 free (761 frags, 11485 blocks, 0.4% fragmentation)

     

     

    It all started when I tried to create a 99999 records preffix list and it actually commited it.

    So now I have it. But it stopped commiting anything else.

     

    j# commit 
    error: could not open configuration database (juniper.data+)

     

    So I can't even delete this large preffix list.

     

    Checked free space - plenty:

     

    leo@j> show system storage 
    Filesystem Size Used Avail Capacity Mounted on
    /dev/da0s1a 292M 154M 115M 57% /
    devfs 1.0K 1.0K 0B 100% /dev
    /dev/md0 20M 6.4M 12M 36% /junos
    /cf/packages 292M 154M 115M 57% /junos/cf/packages
    devfs 1.0K 1.0K 0B 100% /junos/cf/dev
    /dev/md1 406M 406M 0B 100% /junos
    /cf 20M 6.4M 12M 36% /junos/cf
    devfs 1.0K 1.0K 0B 100% /junos/dev/
    /cf/packages 292M 154M 115M 57% /junos/cf/packages1
    procfs 4.0K 4.0K 0B 100% /proc
    /dev/bo0s3e 24M 590K 22M 3% /config
    /dev/bo0s3f 342M 161M 154M 51% /cf/var
    /dev/md2 168M 143M 11M 93% /mfs
    /cf/var/jail 342M 161M 154M 51% /jail/var
    /cf/var/log 342M 161M 154M 51% /jail/var/log
    devfs 1.0K 1.0K 0B 100% /jail/dev
    /dev/md3 31M 4.0K 29M 0% /mfs/var/run/utm
    /dev/md4 1.8M 4.0K 1.7M 0% /jail/mfs

    leo@j>

     

    Tried also this: 

     

    root@j% nand-mediack -C
    Media check on da0

     

    Could you please tell me how to fix it?

    Is there a way of fixing it from cli? Or I have to restart router and somehow enter a single user mode? Or even use some kind of live-usb-flash drive? If so where could I get it?

     

    I use:

    leo@j> show version 
    Hostname: j
    Model: srx210he
    JUNOS Software Release [12.1X46-D20.5]

    leo@j>

     

    Also does anyone know what configuration database limit is? If I could I would be willing to create a half a million records preffix list and use it for filtering traffic to stop any traffic from compromised (spam, botnets, advertising tracking) networks.

     

    If the limitation does not allow to use so many records is there a workaround? Like for example on cisco 867 there was not enough space to save large config, but you could enable archived/compressed mode and It could fit larger config.

     

    Thanks,

    Leo



  • 2.  RE: How to fix filesystem errors on /cf/var?

    Posted 09-05-2014 02:18

    This may help

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB22960

     

    Connect via console! <<CONSOLE!!!>>>

     

    1. from the configuration mode

    #show configuration | no-more | save my-config

     

    02. #run start shell

    su root

    <enter root password>

     

    3. cd /config

     

    4. rm -f juniper.conf+

     

    5. exit shell

     

    6. enter configuration mode and enter "load override my-config"

     

    7. Before you commit, find you may want to delete some of those entries

     



  • 3.  RE: How to fix filesystem errors on /cf/var?
    Best Answer

    Posted 09-05-2014 05:11
    Hi Lyndidon, Thanks for reply. ls -la /config did not reveal juniper.conf+. But I did rm -f juniper.conf+ anyway thinking that it might be some special hidden file. Then cut out prefix block related lines of saved config and overrode current config with it - didn't help. Still couldn't commit changes. Restarted my SRX and did fsck. It found no errors. But commit still wouldn't work. So I decided to play the dirty way: started root shell then: cd /config; mv juniper.conf.1.gz juniper.conf.gz; md5 juniper.conf.gz and renewed md5 sum in juniper.conf.md5 file. Then restarted and voila - it works as a charm. Now all what's left to do is to figure out what is the safe amount of network addresses for prefix lists without stuffing up the configuration database. UPD: Sorry for no formatting, don't know why it shows it without any spaces between lines. All looks fine in edit window 😞