While it’s not a new feature for SROS, the introduction of transactional configurations with SROS was not a day one feature (unlike JunOS), so it may be less known to existing users.
Firstly before getting into rollback configurations, I would like to point out that SROS has been saving multiple copies of configurations via rotation based mechanism for quite some time without needing specific activation.
A:SR1# show system information | match expression "Config|Backup" Config Source : primary Last Booted Config File: cf3:\config.cfg Last Boot Config Header: # TiMOS-B-14.0.R4 both/i386 Nokia 7750 SR Copyright Last Saved Config : cf3:\config.cfg Max Cfg/BOF Backup Rev : 5
cf3:\config.cfg (which can be changed from this default by modifying the boot options file) will store the current config and the previous 4 versions and while the number of saved configs is modifiable, 5 is most likely enough for most. Anyway, reverting to a previous configuration can be quite a disruptive event, if you copy an older config over cf3:\config.cfg and performing a system reboot. This is where rollback configurations and combining them with transactional (called candidate) configurations become helpful particularly during a complex task like a network migration.
Achyar Nur Andi has a good post discussing the mechanics around rollbacks and candidate configurations at www.achyarnurandi.net, so I will just highlight a few of the main features and how you can enforce the method of router configuration to only use candidate configurations.
The first thing to do is to specify the rollback file prefix (in this case conf-rollback on compact flash 3):
A:SR1# /configure system rollback A:SR1>config>system>rollback# rollback-location cf3:\conf-rollback INFO: CLI No checkpoints currently exist at the rollback location.
*A:SR1>config>system>rollback# show system rollback =============================================================================== Rollback Information =============================================================================== Rollback Location : cf3:\conf-rollback Max Local Rollback Files : 10 Max Remote Rollback Files : 10 Save Last Rollback Save Result : None Last Save Completion Time : N/A Revert In Progress : No Last Revert Initiated User : N/A Last Revert Checkpoint File: N/A Last Revert Result : None Last Revert Initiated Time : N/A Last Revert Completion Time: N/A Delete Last Rollback Delete Result: None =============================================================================== Rollback Files =============================================================================== Idx Suffix Creation Time Release User Comment ------------------------------------------------------------------------------- No Matching Entries =============================================================================== *A:SR1>config>system>rollback# exit all
We’ll create our first rollback point:
*A:SR1# admin rollback save comment "Baseline Config" Saving rollback configuration to cf3:\conf-rollback.rb... OK
*A:SR1# show system rollback =============================================================================== Rollback Information =============================================================================== Rollback Location : cf3:\conf-rollback Max Local Rollback Files : 10 Max Remote Rollback Files : 10 Save Last Rollback Save Result : Successful Last Save Completion Time : 2017/05/23 02:35:38 UTC Revert In Progress : No Last Revert Initiated User : N/A Last Revert Checkpoint File: N/A Last Revert Result : None Last Revert Initiated Time : N/A Last Revert Completion Time: N/A Delete Last Rollback Delete Result: None =============================================================================== Rollback Files =============================================================================== Idx Suffix Creation Time Release User Comment ------------------------------------------------------------------------------- latest .rb 2017/05/23 02:35:38 UTC B-14.0.R4 admin Baseline Config ------------------------------------------------------------------------------- No. of Rollback Files: 1 ===============================================================================
There’s only one rollback called latest.rb
For this example, just a simply system name change:
*A:SR1# /configure system name "Wrong Name"
Now to compare the current working configuration with the rollback:
*A:Wrong Name# admin rollback compare Processing current config... 0.010 s Processing "cf3:\conf-rollback.rb"... 0.020 s ---------------------------------------------- configure system + name "Wrong Name" - name "SR1" exit exit
It’s very clear what the differences are. I would just like to highlight that at present, these configuration changes are still immediate – rollbacks on their own just provide a means to manage the change, and doesnt provide any atomic operations yet.
Let’s revert back to our old configuration:
*A:Wrong Name# admin rollback revert latest-rb Restoring rollback configuration cf3:\rollback-dir.rb Processing current config... 0.010 s Processing "cf3:\rollback-dir.rb"... 0.020 s Resolving dependencies... 0.000 s Tearing setup down... 0.010 s Rebuilding setup... 0.000 s Finished in 0.050 s *A:SR1#
Using candidate configuration mode, as opposed to the default “immediate” configuration mode does not implement the configuration changes until you commit them, in the event of a failure applying the configuration, the system will back out and re-wind the configuration allowing you the option to discard or modify your changes. Candidate configuration mode is enabled via “candidate edit”. For this example we are going to set the system address on our router, configure an ethernet port, create an IES and attach a VLAN on that port to an IP interface.
A:SR1# candidate edit A:SR1>edit-cfg# configure router interface "system" address 111.111.111.111/32 A:SR1>edit-cfg# configure port 1/2/3 shutdown A:SR1>edit-cfg# configure port 1/2/3 ethernet mode access A:SR1>edit-cfg# configure port 1/2/3 ethernet encap-type dot1q A:SR1>edit-cfg# configure port 1/2/3 no shutdown A:SR1>edit-cfg# configure service ies 123 customer 1 create A:SR1>edit-cfg>config>service>ies# interface TEST create A:SR1>edit-cfg>config>service>ies>if# address 192.168.1.1/24 A:SR1>edit-cfg>config>service>ies>if# sap 1/2/3:4 create A:SR1>edit-cfg>config>service>ies>if>sap# back A:SR1>edit-cfg>config>service>ies>if# back A:SR1>edit-cfg>config>service>ies# no shutdown
Based on where we are within the configuration tree, we can see the associated configuration changes:
A:SR1>edit-cfg>config>service>ies# candidate view ---------------------------------------------- 17: interface "TEST" create 18: address "192.168.1.1/24" 19: sap "1/2/3:4" create 20: exit 21: exit 22:* no shutdown ----------------------------------------------
Or if we get to the root of the configuration tree, we can see all the associated changes that are yet to be applied to the running configuration:
A:SR1>edit-cfg>config>service>ies# exit all A:SR1>edit-cfg# candidate view ---------------------------------------------- 1: configure 2: router 3: interface "system" 4: address "111.111.111.111/32" 5: exit 6: exit 7: port "1/2/3" 8: shutdown 9: ethernet 10: mode access 11: encap-type dot1q 12: exit 13: no shutdown 14: exit 15: service 16: ies "123" customer 1 create 17: interface "TEST" create 18: address "192.168.1.1/24" 19: sap "1/2/3:4" create 20: exit 21: exit 22:* no shutdown 23: exit 24: exit 25: exit ----------------------------------------------
Now we can accept and attempt to push the configuration the router using “candidate commit”
A:SR1>edit-cfg# candidate commit Processing current config... 0.010 s Error at line 7: Command 'port "1/2/3"' failed in 'configure' MINOR: CLI Port "1/2/3" does not exist. Reverting changes... Processing current config... 0.010 s Processing memory checkpoint... 0.000 s Resolving dependencies... 0.000 s Tearing setup down... 0.000 s Rebuilding setup... 0.010 s Finished in 0.040 s MINOR: CLI Commit failed and has been reverted.
Since there was an error in the configuration – our router doesn’t have a port 1/2/3 – the configuration failed and the whole new configuration context was backed out allowing the option to correct and reapply, or to reject the changes which is quite a powerful configuration tool and concept. As we know the problem was on line 7, we can specifically edit that line using “candidate replace 7” and replacing the string port “1/2/3” with the proper port which is “1/1/3”
*A:SR1>edit-cfg# candidate replace 7 *A:Replace by: port "1/1/3" INFO: CLI Added 10 lines: 'port "1/1/3"'. INFO: CLI Removed 10 lines: 'port "1/2/3"'.
It’s probably worth double checking the revised configuration is okay
*A:SR1>edit-cfg# candidate view ---------------------------------------------- 1: configure 2: router 3: interface "system" 4: address "111.111.111.111/32" 5: exit 6: exit 7: port "1/1/3" 8: shutdown 9: ethernet 10: mode access 11: encap-type dot1q 12: exit 13: no shutdown 14: exit 15: service 16: ies "123" customer 1 create 17: interface "TEST" create 18: address "192.168.2.1/24" 19: sap "1/2/3:4" create 20: exit 21: exit 22:* no shutdown 23: exit 24: exit 25: exit ----------------------------------------------
The SAP also requires correction to align with the new port – this is on line 19
*A:SR1>edit-cfg# candidate replace 19 *A:Replace by: sap "1/1/3:4" create INFO: CLI Added 2 lines: 'sap "1/1/3:4" create'. INFO: CLI Removed 2 lines: 'sap "1/2/3:4" create'.
Now lets apply the configuration
*A:SR1>edit-cfg# candidate commit Saving checkpoint file... OK INFO: CLI Successfully executed 25 lines in 0.000 s.
Configuration mode is still quite handy to view what has been configure by jumping into the right configuration context and doing an info or info detail:
*A:SR1# /configure service *A:SR1>config>service# info ---------------------------------------------- customer 1 create description "Default customer" exit ies 1 customer 1 create interface "External" create address 200.200.200.1/24 sap 1/1/1 create exit exit no shutdown exit ies 123 customer 1 create interface "TEST" create address 192.168.2.1/24 sap 1/1/3:4 create exit exit no shutdown exit ----------------------------------------------
An operational problem can occur if we allow the use of both configuration candidate and immediate configurations such as being able to do
*A:SR1>config>service# ies 123 description "Candidate Config Test"
the most likely will end up with people sticking with immediate configuration mode unless they are forced to use candidate configs. Fortunately there it is quite easy to enable this.
*A:SR1# /configure system management cli configuration no immediate
It doesn’t remove the facility to view configurations, just configuration changes:
*A:SR1# configure service ies 123 *A:SR1>config>service>ies# info ---------------------------------------------- description "Candidate Config Test" interface "TEST" create address 192.168.2.1/24 sap 1/1/3:4 create exit exit no shutdown ----------------------------------------------
If we now attempt a non-candidate mode configuration change:
*A:SR1>config>service>ies# description "New Description" MINOR: CLI Direct modification of the configuration is not allowed. Use 'candidate edit' for all changes.
We are now forced to use candidate configs:
*A:SR1>config>service>ies# candidate edit *A:SR1>edit-cfg# configure service ies 123 description "New Description" *A:SR1>edit-cfg# candidate commit Processing current config... 0.010 s Saving checkpoint file... OK INFO: CLI Successfully executed 7 lines in 0.000 s.
Coupled with the right processes, this is one of the tools to help increase the MTBM (Mean Time Between Mistakes) and reduce the amount of network disruption.
Recent Comments