Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

request system zeroize (Junos OS Evolved)

Syntax

Description

Use this command to sanitize the disks on a Routing Engine, to make it difficult to access data on the disks, using various levels of sanitization corresponding to degrees of difficulty, as defined in the NIST 800-88 standard. If the device has two Routing Engines, the command is broadcast to both Routing Engines on the device. As a result, both Routing Engines are zeroized. When you issue this command, the console logs show which sanitization level was actually used on the disks. The console logs also provide a list of the erase procedures supported by the disk. The same list order is used by this command to erase the disk. If any erase procedure fails, the next erase mechanism is tried, and so on, until the last erase mechanism is what is used to sanitize the disk.​

Starting in Junos OS Evolved Release 21.3R1, for devices that support this feature, if the disks in the Routing Engine support the ATA standard, this command sanitizes the disks on the Routing Engine using the ATA secure erase command to overwrite the data. The ATA secure erase command overwrites the contents of LBA 0 through the greater of either READ NATIVE MAX or READ NATIVE MAX EXT, and replaces the contents with 0s or 1s. If the disks do not support the ATA standard (for example, they support the SCSI standard), they are sanitized using the older method described below. The secure erase capability is classified under the CLEAR NIST media sanitization level, according to the NIST 800-88 standard. When the secure erase is complete, the system copies the current running OS from RAMDISK to the ATA disk. Once the current running OS is installed, the system reboots and comes back to the factory default configuration.

Starting in Junos OS Evolved 24.4R1, for devices that support this feature, if the disks in the Routing Engine support the SATA standard, this command sanitizes the disks using the PURGE NIST media sanitization level, according to the NIST 800-88 standard. The PURGE level is comprised of both the CRYPTO_SCRAMBLE (if supported by the SATA SSD controller) and the BLOCK_ERASE mechanisms. The CRYPTO_ERASE mechanism (if supported by the SATA SSD controller) is followed by the BLOCK_ERASE mechanism in all cases of sanitization. Whenever the CRYPTO_SCRAMBLE mechanism is not supported, only the BLOCK_ERASE mechanism is run. When the disk sanitization is complete, the system copies the current running OS from RAMDISK to the SATA disk. Once the current running OS is installed, the system reboots and comes back to the factory default configuration.

Prior to Junos OS Evolved Release 21.3R1, and in any release for disks that do not support the NIST 800-88 sanitization standard, this command removes all data files, including any customized configuration and log files, by unlinking the files from their directories. The command removes all user-created files from the system, including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPSec, RADIUS, TACACS+, and SNMP.

This command reboots the device and sets it to the factory default configuration. After the reboot, you cannot access the device through the management Ethernet interface. Log in through the console as root and start the CLI by typing cli at the prompt.

Options

(disk1 | disk2)

(For Routing Engines that contain two disks only. For Routing Engines that contain only one disk, the (disk1|disk2) option does not apply.) The disk1 and disk2 options refer to the absolute disk; that is, to the primary disk and to the snapshot disk, respectively. One use case for this option is when you need to replace a disk on the Routing Engine, and you want to securely erase the information before removing the disk from the Routing Engine.

The request system zeroize disk1 command secure erases the primary disk and installs the current running Junos OS Evolved version on the Routing Engine (or on the primary disk on both Routing Engines in a chassis-based system. The contents on disk 2 (that is, the snapshot disk) remain unchanged.

The request system zeroize disk2 command secure erases the snapshot disk and installs the current running Junos OS Evolved version on the Routing Engine (or on the secondary disk on both Routing Engines in a chassis-based system). The contents on disk 1 (that is, the primary disk) remain unchanged.

When you use any zeroize option that cleans the active disk (disk 1 in the case of primary boot or disk 2 in the case of snapshot boot), the system automatically reboots to finish the zeroize of the active disk. When you zeroize the backup disk (that is, disk 2 in the case of primary boot or disk 1 in the case of snapshot boot), the system does not reboot.

Note that the behavior of the request system zeroize (disk1 | disk2) command is non-deterministic in a dual Routing Engine system where one Routing Engine is in snapshot boot and other Routing Engine is in primary boot. For example, if the primary Routing Engine is in primary boot and the backup Routing Engine is in snapshot boot, then the request system zeroize disk1 command acts on the active disk in the primary Routing Engine and on the backup disk in the backup Routing Engine. Because the primary Routing Engine reboots the chassis after zeroizing its active disk, the backup Routing Engine, which is zeroizing its snapshot disk, is interrupted by the reboot and the data on its snapshot disk will be inconsistent. Therefore, the final behavior is non-deterministic in the case of the master and backup Routing Engine, because they are running from different boot disks.

Default: Zeroize all disks and both Routing Engines, if applicable. The default order is to first create a snapshot on secondary disk and then to install the OS on the primary disk. There is no difference in behavior between single Routing Engine or dual Routing Engine systems, except that for dual Routing Engine systems, the command is run on both Routing Engines.

Determine whether both Routing Engines are Booted from the Same Disk

Log in into both Routing Engines. The show system software list command displays a banner if the Routing Engine was booted from the snapshot disk (disk2). The same command doesn't display a banner if the Routing Engine was booted from the primary disk (disk1). In this way, you can check if both Routing Engines are booted from the same disk. For example, if the command show system software list on RE0 does not display a banner for booting from snapshot and RE1 shows a banner, then RE0 was booted from its primary disk, but RE1 was booted from its snapshot disk instead.

In case of issues, you can boot the affected Routing Engine from either disk1 or disk2, whichever disk did not boot from the required disk. Both Routing Engines may boot from disk1 or disk2, based on where this command was issued.

Required Privilege Level

maintenance

Sample Output

request system zeroize

Example: Console logs for SATA drive sanitization

Release Information

Command introduced in Junos OS Evolved Release 18.3R1.

Secure erase capability according to the NIST 800-88 standard introduced in Junos OS Evolved Release 21.3R1.

disk1 and disk2 options introduced in Junos OS Evolved Release 23.4R1.

Support for NIST PURGE capability for SATA drives introduced in Junos OS Evolved 24.4R1.

Related Documentation