This article shows the way of SRX3400/3600 Chassis Cluster Redundancy Module (CRM) firmware upgrade to address the internal switch interface stuck issue on the CRM.
Before you start the following procedures, please make sure to have a console connection to RE1 port which located in front of Switch Fabric Board (SFB) because currently there is no way to access RE1’s BCM UShell (BMD.0> ) from Routing Engine (RE0).
On the RE0 Console/SSH/Telnet terminal
1. Enable TFTP service
set system services tftp commit
Note that you can ignore “tftp; ## Warning: ‘tftp’ is deprecated” message on the configuration.
2. Make sure the following line is added in the /etc/inetd.conf
root> file show /etc/inetd.conf | match tftp tftp dgram udp wait root /usr/libexec/tftpd tftpd -i 1 /usr/share/pfe/
Note that this line will be removed if you disable tftp service.
Note that if it shows
"tftp dgram udp wait root /usr/libexec/tftpd tftpd -i /usr/share/pfe/"
, you need to manually change
"tftpd -i" to "tftpd -i 1"
via vi editor or following commands.
% cd /var/etc % cp inetd.conf inetd.conf.bak # make a backup copy % sed 's/tftpd -i/tftpd -i 1/' inetd.conf.bak > inetd.conf # substitute "tftpd -i" to "tftpd -i 1" % cat inetd.conf | grep tftp # verify the change tftp dgram udp wait root /usr/libexec/tftpd tftpd -i 1 /usr/share/pfe/ % ps aux | grep inetd # find the process id of inetd root 1153 0.0 0.1 3496 1144 ?? I 8:20PM 0:00.05 /usr/sbin/inetd -N -w OR %% cat /var/run/inetd.pid 1153 % kill -HUP 1153 # apply the configuration change, 1153 is process id of inetd
3. Upload or download new firmware image (ushell.bin) from or to /usr/share/pfe/firmware/ directory via FTP
The new firmware is located in the follow location.
https://download.juniper.net/software/junos/specials/JTAC/firmware/ushell.bin
https://download.juniper.net/software/junos/specials/JTAC/firmware/ushell.bin.md5 (MD5 = 26f8a50cf0a0e9aab3ea1c0b4e7b805e)
% cd /usr/share/pfe/firmware/ % ftp <hostname or IP address> ftp> get ushell.bin ftp> bye % md5 ushell.bin MD5 (ushell.bin) = 26f8a50cf0a0e9aab3ea1c0b4e7b805e
4. Find the IP address of em0.0 interface which can be used for TFTP server IP address on RE0. It should be either 129.16.0.1 or 130.16.0.1 in Chassis Cluster
root> show interfaces terse em0 Interface Admin Link Proto Local Remote em0 up up em0.0 up up inet 130.16.0.1/2 tnp 0x2100004
On the RE1 console terminal
5. From BCM UShell (BMD.,0>), type “exit” to move UBoot prompt (=>)
BMD.0> exit ## Application terminated, rc = 0x0 =>
6. Configure TFTP Server and Client IP address
-------------------------------------------------------------- em0.0 TFTP Server (em0.0) TFTP Client (CRM) -------------------------------------------------------------- 129.16.0.1 set serverip 129.16.0.1 set ipaddr 129.16.0.7 130.16.0.1 set serverip 130.16.0.1 set ipaddr 130.16.0.7 => set serverip 129.16.0.1 => set ipaddr 129.16.0.7 OR => set serverip 130.16.0.1 => set ipaddr 130.16.0.7
Note that the IP address of CRM card (TFTP client) should be in the same subnet of the TFTP server IP address on RE0 (em0.0), then make sure you can reach from TFTP client to TFTP server before moving to next step 7.
=> ping 129.16.0.1 set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device Got error 4 host 129.16.0.1 is alive OR => ping 130.16.0.1 set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device host 130.16.0.1 is alive
If not, you need to reset CRM card by using “reset” (e.g., => reset ) command, then follow step 5 and 6.
=> ping 129.16.0.1 set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device Abort ping failed; host 129.16.0.1 is not alive => reset (snip) Starting BMD Shell ... BMD.0> exit ## Application terminated, rc = 0x0 => set ipaddr 129.16.0.7 => set serverip 129.16.0.1 => ping 129.16.0.1 set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device Got error 4 host 129.16.0.1 is alive
7. Load ushell.bin from RE0’s TFTP service using “run tftp_ushell” command
=> run tftp_ushell set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device TFTP from server 130.16.0.1; our IP address is 130.16.0.7 Filename 'firmware/ushell.bin'. Load address: 0x100000 Loading: ################################################################# ################################################################# ################################################################# done Bytes transferred = 995432 (f3068 hex) =>
Note that if you see below output, check out whether TFPT service is enabled or TFTP client (CRM) can reach to TFTP server (em0.0 interface of RE0) via ping (see step 6 for more details)
=> run tftp_ushell set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device TFTP from server 129.16.0.1; our IP address is 129.16.0.7 Filename 'firmware/ushell.bin'. Load address: 0x100000 Loading: * TFTP error: 'File not found' (1) Starting again <snip> set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0x6e eTSEC3: No link. set maccfg2 to 0x7205 eTSEC1: No link. set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device TFTP from server 129.16.0.1; our IP address is 129.16.0.7 Filename 'firmware/ushell.bin'. Load address: 0x100000 Loading: T T T T T T T T T T T T T T T T T T T T T T T T T T T T
Note that if you see below output (TFTP error: ‘Access violation’), check out the file permission of /usr/share/pfe/firmware/ushell.bin, as least you should have ‘read’ access for other groups. If you do not have right permission, you can either execute “chmod 644 ushell.bin” or “chmod 004 ushell.bin” on the unix shell of RE0 Console/SSH/Telnet terminal.
=> run tftp_ushell set maccfg2 to 0x7205 mii_parse_BCM5482_psr = 0xd06f Speed: 1000, full duplex Using eTSEC2 device TFTP from server 129.240.0.1; our IP address is 129.240.0.7 Filename 'firmware/ushell.bin'. Load address: 0x100000 Loading: * TFTP error: 'Access violation' (2) Starting again
8. Write the firmware to flash using “run prog_ushell” command”
=> run prog_ushell Un-Protect Flash Bank # 1 ................ done Erased 16 sectors Copy to Flash... writing to flash... done =>
9. Restart CRM using “reset” command and verify the firmware version on the CRM boot up messages
=> reset = U-Boot 1.1.6 (Apr 19 2010 - 17:45:11) <snip> ## Starting application at 0x00040004 ... ============================================================ USHELL with MDK2.3.1 build 2012-05-15 <-- LOOK HERE to check the ushell firmware version Plarform: SRX3000 CRM running U-Boot <snip> Type "go 0x00040004" to enter the BMD shell ============================================================ Initializing switching ... CDK_E_NONE Forcing GMII port link up ... CDK_E_NONE ## Application terminated, rc = 0x0 ## Starting application at 0x00040004 ... Starting BMD Shell ... BMD.0>
Note that if you see “MDK1.4 2009-12-21 or older. It is an old firmware, which does not have the fix. The fix is in MDK1.4 2012-04-15 and above version.
10. Disable TFTP service on RE0
delete system services tftp (hidden) commit
Note that you do not need to “kill -HUP <process id of inetd>”. The “tftp dgram udp wait root /usr/libexec/tftpd tftpd -i 1 /usr/share/pfe/” line will be removed and /etc/inetd.conf file will be re-applied once commit is successful.