Disaster Recovery Planning
Disaster Recovery Planning
Section titled “Disaster Recovery Planning”A RouterOS disaster recovery plan covers four distinct failure scenarios, each requiring a different recovery path. This guide presents concrete runbooks for each scenario, a backup strategy that supports fast recovery, and a testing checklist to validate the plan before you need it.
For backup creation and format details, see Backup. For automated backup scheduling and off-router delivery, see Backup Automation.
Recovery Scenarios
Section titled “Recovery Scenarios”| Scenario | Cause | Recovery path | Estimated RTO |
|---|---|---|---|
| A — Misconfiguration | Bad firewall rule, broken routing | Safe mode revert or binary restore | < 5 min |
| B — Failed upgrade | Package incompatibility, boot loop | Pre-upgrade binary restore | 5–15 min |
| C — Hardware replacement | RMA, physical failure | RSC export import on new hardware | 15–30 min |
| D — Complete failure | Corruption, forgotten password, unbootable | Netinstall + restore | 30–60 min |
Backup Strategy for DR
Section titled “Backup Strategy for DR”A recovery plan is only as good as its backups. Keep both backup types for each critical change event.
What to keep
Section titled “What to keep”# Before any significant change: create both formats/system backup save name=("pre-change-" . [/system clock get date]) password="STRONG-PASS"/export compact show-sensitive file=("pre-change-" . [/system clock get date])Binary (.backup) | Text export (.rsc) | |
|---|---|---|
| Restore same device | Yes — fast, exact | Yes |
| Restore to new hardware | Not recommended | Yes — edit interface names first |
| Encrypted at rest | Yes (password arg) | No — protect the file system |
| Human-readable | No | Yes — diff-friendly |
Where to store
Section titled “Where to store”Store at least one copy off the router. The router’s local filesystem is lost in Scenario C and D.
- Email via
/tool e-mail send(see Backup Automation) - SFTP/FTP push from a scheduler script
- MikroTik Cloud (for binary backups only)
A backup stored only on the router does not protect against hardware failure. Off-router storage is mandatory for Scenarios C and D.
Retention minimum
Section titled “Retention minimum”Keep at least:
- Last known-good before each change
- One weekly backup retained for 4 weeks
- One pre-upgrade backup per RouterOS version
Scenario A — Misconfiguration Recovery
Section titled “Scenario A — Misconfiguration Recovery”Use Safe Mode when making changes interactively. If the session is lost, RouterOS automatically reverts changes made during the safe-mode session.
Using Safe Mode (interactive)
Section titled “Using Safe Mode (interactive)”Press Ctrl+X in a Winbox terminal or run:
/safe-modeSafe Mode holds changes in memory. If your connection drops, all changes since entering safe mode are reverted automatically. Exit safe mode normally to commit:
# Commit changes — press Ctrl+X again or:/safe-mode offRestore from binary backup (soft recovery)
Section titled “Restore from binary backup (soft recovery)”If you committed bad changes and can still reach the router:
/system backup load name=pre-change-mar-2026.backup password="STRONG-PASS"The router reboots and returns to the saved configuration. No Netinstall required.
Scenario B — Failed Upgrade Recovery
Section titled “Scenario B — Failed Upgrade Recovery”Always create a binary backup immediately before upgrading:
/system backup save name=("pre-upgrade-" . [/system clock get date]) password="STRONG-PASS"/export compact file=("pre-upgrade-" . [/system clock get date])If the router boots but behaves incorrectly after upgrade
Section titled “If the router boots but behaves incorrectly after upgrade”- Log in via console or Winbox
- Verify package state:
/system package print - Check installation integrity:
/system check-installation - Restore pre-upgrade backup:
/system backup load name=pre-upgrade-mar-2026.backup password="STRONG-PASS"If the router is in a boot loop
Section titled “If the router is in a boot loop”The router cannot load the backup itself. Proceed to Scenario D (Netinstall), then restore from backup after reinstall.
Scenario C — Hardware Replacement
Section titled “Scenario C — Hardware Replacement”Binary backups are tied to the originating device’s MAC addresses and RouterOS version. Use the RSC export for migrating to new hardware.
Step 1 — Obtain the RSC export
Section titled “Step 1 — Obtain the RSC export”If the original router is still reachable:
/export compact show-sensitive file=running-configDownload running-config.rsc via Winbox (Files panel) or SCP/FTP. If the router is not reachable, use the most recent off-router export from your backup storage.
Step 2 — Prepare the new router
Section titled “Step 2 — Prepare the new router”Install the same RouterOS version as the source device. Differences in minor versions are usually tolerable; major version differences require manual review of the export.
# On the new router — verify version matches/system package printStep 3 — Edit the export for new hardware
Section titled “Step 3 — Edit the export for new hardware”Open running-config.rsc in a text editor. Identify and update:
- Interface names (e.g.,
ether1→sfp-sfpplus1on different hardware) - MAC address references in bridge-host entries (if any)
- IP addresses that should change on the new device
Remove any commands for features not present on the new hardware (e.g., PoE settings on a non-PoE device).
Step 4 — Import on the new router
Section titled “Step 4 — Import on the new router”Upload the edited .rsc file to the new router, then:
/import file-name=running-config.rscStep 5 — Verify and adjust
Section titled “Step 5 — Verify and adjust”After import, verify critical services:
/ip address print/ip route print/interface print/system identity printAdjust any settings that could not be imported automatically (certificates, keys, RADIUS secrets).
Scenario D — Complete Failure (Netinstall)
Section titled “Scenario D — Complete Failure (Netinstall)”Use Netinstall when the device is unbootable, corrupted, or the password is lost and a reset is insufficient.
Prerequisites
Section titled “Prerequisites”- A Windows PC with Netinstall installed
- A direct Ethernet connection between the PC and the router’s first Ethernet port
- The correct RouterOS
.npkpackage for your hardware architecture - Off-router backup or RSC export
Step 1 — Enable Etherboot (if router is still reachable)
Section titled “Step 1 — Enable Etherboot (if router is still reachable)”Pre-configure Etherboot to speed recovery next time:
/system routerboard settings set boot-device=try-ethernet-once-then-nandThis causes the router to attempt a network boot once on next reboot, then fall back to local storage — allowing Netinstall without holding the reset button.
Step 2 — Boot into Netinstall mode
Section titled “Step 2 — Boot into Netinstall mode”If Etherboot is not pre-configured, hold the reset button while powering on until the LED flashes. Timing varies by model:
| Model family | Method |
|---|---|
| RouterBOARD (most) | Hold reset button on power-on for ~5 s |
| hEX, RB941, RB951 | Hold reset, power on, release after first LED flash |
| CCR | Hold reset button ≥ 10 s after power-on |
The device broadcasts on the network. Netinstall detects it automatically.
Step 3 — Reinstall RouterOS
Section titled “Step 3 — Reinstall RouterOS”- In Netinstall, select the device
- Check Apply default configuration only if you have no backup to restore
- Select the
.npkpackage matching your hardware - Click Install — the router reboots into a fresh RouterOS installation
Step 4 — Restore configuration
Section titled “Step 4 — Restore configuration”Once the router is accessible (default IP 192.168.88.1):
From binary backup (same hardware/version):
/system backup load name=pre-change.backup password="STRONG-PASS"From RSC export (follow Scenario C steps 3–5):
/import file-name=running-config.rscTesting Your Recovery Plan
Section titled “Testing Your Recovery Plan”A plan that has never been tested is not a plan. Schedule periodic recovery drills.
Monthly — verify backup integrity
Section titled “Monthly — verify backup integrity”Confirm backups exist off-router and are not empty:
# On router — check local backups are being created/file print where type=backup/file print where name~".rsc"On your backup server, check file sizes and timestamps. A backup file that is 0 bytes or not updated within the expected window indicates a broken automation job.
Quarterly — test binary restore
Section titled “Quarterly — test binary restore”On a spare router or a CHR VM running the same version:
- Copy the backup file to the test device
- Run
/system backup load - Verify the configuration loaded correctly
- Check
/ip address print,/interface print, routing table
Annually — full Netinstall drill
Section titled “Annually — full Netinstall drill”Run through the complete Scenario D procedure using a non-production device or CHR. Document:
- Time to complete each step
- Any manual steps required post-import
- Interface name differences requiring RSC edits
Update your runbook with any corrections.
Recovery Checklist
Section titled “Recovery Checklist”Use this before and after any major change or incident.
Before changes:
- Binary backup created with strong password
- RSC export created (
compact show-sensitive) - Both files delivered off-router (email / SFTP / cloud)
- Safe Mode active for interactive changes
After failure:
- Identify scenario (A/B/C/D)
- Locate most recent off-router backup
- Confirm RouterOS version on backup vs. device
- Follow scenario runbook above
- Verify services post-restore
- Document incident and update backup retention policy
Related Resources
Section titled “Related Resources”- Backup — binary backup and export reference
- Backup Automation — scheduled backups with off-router delivery
- Scheduler — scheduling backup scripts
- Netinstall — official Netinstall guide
- Safe Mode — safe mode reference