Knowledge Base Article #APP735
Versions Affected
Last Resort is available for the following ETM® Platform Appliance models and software versions:
- ETM 1012, 1024, 1060, 1090 running ETM System v5.x.
- ETM 2100 and 3200 running ETM System v3.0-5.x.
Synopsis
When an ETM Platform Appliance is installed for the first time or when an Appliance loses connectivity because of a partially implemented or malformed download of a policy, file, or software package, errors may occur that prevent the Appliance from booting into normal operating mode. The “Last Resort” Appliance recovery boot image was developed to recover an Appliance that cannot boot into normal operating mode. This article describes Last Resort and the procedures for its use.
Installing and Implementing Last Resort
Each Card in the Appliance uses a boot image, programmable devices (FPGAs and CPLDs), and a compact flash disk during normal booting. During upgrades, it is possible for the boot image, programmable devices, and compact flash disk to become corrupted. In some cases, the corruption can cause the Appliance to become unresponsive.
The Appliance Cards have 2 pages of boot flash. Page 0 is used during normal operation. When Last Resort is not present, Page 1, or the backup page, contains a second copy of the same kernel image that is in Page 0. If the Service switch is depressed during a reboot or reset, the Card boots off Page 1 into Fail-Safe mode. Fail-Safe mode is a restricted mode of operation that provides some ability to recover from ETM application errors, but Fail-Safe mode requires that a significant portion of the compact flash and firmware be operational.
With Last Resort installed, Page 1 of the boot flash, the backup page, is loaded with a Last Resort boot image. The Last Resort boot image is self-contained and does not require any support files on the compact flash to operate. The Last Resort boot image is designed to either recover a corrupted compact flash or completely rebuild a blank compact flash. The Last Resort boot image can still operate when some of the programmable devices are either completely blank or programmed incorrectly. The Last Resort also allows the rebuilding of the page 0 boot image.
Installing Last Resort
It is recommended that the Last Resort boot image be installed on the Cards in Appliances that support Last Resort prior to the next software upgrade. The ETM System Installer installs the Appliance Card software packages, but does not install the Last Resort files on the Server; you must obtain the Last Resort files from Customer Support.
To install Last Resort
- Obtain the Last Resort files from Customer Support.
- Copy the entire Last Resort directory from the Customer Support CD to the ps/software_repository/ folder in the ETM System installation directory.
- In the Performance Manager, download the Last Resort software package to the Card (s) in the Appliance, just as you would any other software package.
Last Resort Files
The Last Resort files include the Appliance Card software package that is installed on the Appliance, and the Last Resort supporting files that are installed on the ETM Server computer in ps/software_repository/last_resort/.
Last Resort Appliance Package
The Last Resort Appliance Card software package is the “P2” package that is loaded into the backup boot ROM on the Card. The Last Resort Appliance Card software package must be installed on the Card BEFORE there is a need for Last Resort.
- On ETM 1012, 1024, 1060, and 1090 Appliances, use the P2 package for the applicable version of the ETM System. For example, for a 1060 Appliance running the ETM System version 5.0, use ETM_1060_5.0.48_P2.pkg.
- On ETM 2100 and 3200 Appliances running ETM System version 5.0, use the P2 package that has img in the filename. For example, ETM_3000_5.0.48_P2_img.pkg.
- On ETM 2100 and 3200 Appliances running ETM System version 3.0, 4.0, or 4.1, use the P2 package that has bin in the filename. For example, ETM_3000_5.0.48_P2_bin.pkg.
Last Resort Supporting Files
For a Card to connect to the ETM Server in Last Resort mode and request the files to restore itself, the Last Resort supporting files must be installed in ps/software_repository/last_resort on the ETM Server computer. The supporting files include the files that are downloaded to the Card to rebuild the compact flash and firmware.
Using Last Resort
The Last Resort communicates with the ETM Server on a TCP network. When Last Resort is running on the Appliance Card, the script requests the network connection parameters.
- On Appliance Cards running the ETM System versions 3.0 to 5.0, Last Resort script presents the TCP network default values. These values may not be the correct route to the ETM Server; you will type the correct values at the script prompts.
Note: For v3.x and v4.0 Appliances, switching between Last Resort and normal or Failsafe boot requires a change of Console baud rate. The default baud rate for normal and Failsafe connections for v3.x and v4.0 Appliances is 9600; the baud rate for Last Resort is 115200. - On Appliance Cards running the ETM System version 5.0.1, if the Appliance Card has connected to the ETM Server at least once prior to entering Last Resort, the TCP network values presented are those last used to communicate with the ETM Server. Each time the Card’s Span 1 application executes, it updates the Card with the TCP parameters to ensure the current route to the ETM Server is stored and available to Last Resort.
Before running Last Resort, gather the following information:
- Script name (e.g. LastResort-SLC8241-0.0.1-bootstrap)
- Card IP address (e.g., 10.1.2.55)
- Card Gateway IP (e.g., 10.1.2.1)
- Card Netmask (e.g., 255.255.255.0)
- ETM Server IP address (e.g., 10.1.1.173)
- ETM Server port (e.g., 4313)
To enter Last Resort boot
- Attach an RS-232 serial cable from the Console port to the appropriate serial port on your terminal.
- Start the terminal emulation application (such as HyperTerminal) on your terminal. Configure your terminal using the following serial port settings:
- 115,200 bps
- no parity
- 8 data bits
- no flow control
- 1 stop bit
- Press any key on your keyboard to activate the screen.
- Press and hold the Service Switch, then power on the Appliance or press the Reset switch.
- Continue to hold the Service Switch until the Error LED turns red. The Error LED stays red for 5 seconds.
- Release the Service Switch while the Error LED is red.
- A script similar to the following appears on your terminal:
********************************************************
Downloading the Last Resort bootstrap file: LastResort-SLC8241-0.0.1-bootstrap
********************************************************
Last Resort – Version 1.01 – 06 January 2005
Please specify the script filename and the IP parameters needed to connect to the Last Resort Server or MS. Enter ‘q’ at any prompt to restart at the script prompt. Hit ‘Enter’ to accept the default. The default values and default script will be used if a script name is not specified within 60 seconds.
Enter script name [LastResort-SLC8241-0.0.1-bootstrap]:
Enter appliance IP [10.1.2.55]:
Enter gateway IP [10.1.2.1]:
Enter netmask [255.255.255.0]:
Enter MS IP [10.1.1.173]: 10.1.2.46
Enter MS port [4313]:
eth0: driver changed get_stats after register
e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex
-LR- Retrieving LastResort-SLC8241-0.0.1-bootstrap from MS…
********************************************************
Running the bootstrap file: /opt/slc/lr/LastResort-SLC8241-0.0.1-bootstrap
********************************************************
*** Downloading the Last Resort toolkit….
Last Resort – Version 1.01 – 06 January 2005
-LR- Parms file defined and read
-LR- Retrieving LastResort-toolkit-SLC824X-0.0.1.tgz from MS…
*** Downloading the version list….
Last Resort – Version 1.01 – 06 January 2005
-LR- Parms file defined and read
-LR- Retrieving SLC8241/versions from MS…
These versions are available:
————–
5.0
4.1
4.0
————–
Enter the version you wish to install:
8. Type the version of Card software that you want to install (5.0, 4.1, or 4.0), then press ENTER.
The ETM Server accepts the connection from the Card, then transmits the files required to rebuild the compact flash and firmware. When the process is complete, you are prompted to reboot the Card.
9. After the Card has rebooted, complete the “out-of-the-box” setup procedures as described in the ETM® System Installation Guide.
Using Fail Safe When Last Resort is Installed
When Last Resort is installed, the Service switch is used for both Fail-Safe boot and Last Resort boot.
Note: For v3.x and v4.0 Appliances, switching between Last Resort and Failsafe Boot menu requires a change of Console baud rate. The default baud rate for normal and Failsafe connections for v3.x and v4.0 Appliances is 9600; the baud rate for Last Resort is 115200.
To enter Fail-Safe boot when Last Resort is installed
- Press and hold the Service Switch, then power on the Appliance or press the Reset switch. The Error LED will turn red and will remain in this state for 5 seconds.
- After the Error LED has turned off and the Status LED has turned yellow, release the Service Switch.
Last Resort etmServer
The ETM Server version 5.0.1 can communicate with an Appliance Card running Last Resort; however, if you are running an ETM Server v5.0 and prior, you will need to run the Last Resort “etmServer” program. You can install etmServer on any Windows or Linux computer connected to the same TCP network as the Appliance Card running Last Resort.
Installing etmServer
To install etmServer
- Obtain the Last Resort files from Customer Support.
- Copy the entire Last Resort directory from the Customer Support CD to a directory on any Linux or Windows computer connected to the same TCP network as the Appliance Card running Last Resort.
Running etmServer
To start the etmServer
On Windows
- In the \last_resort\etmServer\Win32 directory, double-click etmServer_win32.exe
On Linux
- Execute /last_resort/etmServer/Linux/etmServer_linux
Last Updated: 6/30/2005
SecureLogix Corporation
13750 San Pedro, Suite 230 o San Antonio, Texas 78232 o (210) 402-9669 o www.securelogix.com
Support (877) SLC-4HELP – EMAIL support@securelogix.com o http://support.securelogix.com
ETM, TeleWatch Secure, TWSA, SecureLogix, SecureLogix Corporation, the Voice Firewall, Usage Manager, Performance Manager, Voice IPS, Call Recording, ETM, and the SecureLogix Diamond Emblems are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
© Copyright 2005 SecureLogix Corporation. All Rights Reserved.
U.S. Patents No. US 6,249,575 B1, US 6,320,948 B1, US 6,542,421 B2, US 6,687,353 B1, US 6,718,024 B1,
US 6,735,291 B1, US 6,760,420 B2, US 6,700,964 B2, US 6,879,671B2 and CA 2,354,149.
U.S. and Foreign Patents Pending.