Question for Cisco Personnel

Unanswered Question
Oct 22nd, 2009

Hi, folks:

Please don't take my question the wrong way because I have a lot of respect for all of Cisco's accomplishments and contributions to the industry for the last decade. But I do have something to ask....

I have been working with Juniper routers (J2350, M series, SRX 3400) for the last 6 months and I must say I am pretty impressed with some of their features. Features that one may argue are pretty basic, which Juniper has offered for the last 11 years, but Cisco still does not.

The ones I will address have to do with CLI flexibility and router management.

For example, with Juniper, the command configuration lines you enter do not take effect until you execute a "commit". When you do, a "commit instance" is created and numbered. So, if I enter 50 command configuration lines and I need to roll them all back, all I have to do is enter "rollback 1" and every command is immediately removed! In Cisco, you have to negate each and every line using the "no" keyword. Very slow and clumsy.

Moreover, you can check the sanity of your configurations before you "commit" them by entering "commit check". And if, for example, you applied an ACL to an interface, but never actually created and defined the ACL in the first place, the router will tell you when you do a "commit check."

Lastly, how many times have we entered a configuration line and didnt think something through, or the router reacted unexpectedly, and we got locked out? It's happened to all of us at one point. With Juniper, when you commit, you can do a "commit confirm", and if you get locked out, its OK because the router will automatically rollback within 10 minutes if it never receives the "confirm" from you.

Oh yeah -- and this is really amazing -- the Juniper router will keep a history of the last 50 "commits", the name of the person who did the commiting, the date and time the commands were committed, and exactly what commands were entered and committed! Its like TACACS+ in a box. Awesome.

Such features are extremely valuable and make life a lot easier for the engineer.

Does Cisco have any plan on implementing such engineer-friendly mechanisms to their CLI?

I know some of these features exist is IOS XR and the CRS, but not in the Enterprise product line.

C'mon, Cisco, tell me something good!

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
nsn-amagruder Thu, 10/22/2009 - 17:28

I'm not "with" Cisco but they have implemented a number of these features with the archive command and config replace. Archive allows you to see who made what changes from the router and the ocnfig replace can rollback to an existing config.

The auto-rollback and commit functions would be nice. Currently, the only option for lock out is to schedule a reload incase something happens, which is intrusive.

Leo Laohoo Thu, 10/22/2009 - 21:21

Enterasys has the same CLI feature: You type your configuration changes in a scratchpad and then save into memory.

thinakraj Fri, 10/23/2009 - 02:27

hi Sony,

can you please see this link as nsn-amagruder told you will find the full details about config archive.

http://www.cisco.mn/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtrollbk.html

and Thank you for the manner in which you expedited this information and giving the opportunity to show you

what is available in cisco.....

We will look forward to hearing from you and hope that you

will afford us the opportunity to help your questions. Thank you.

ex-engineer Fri, 10/23/2009 - 06:10

Thanks, folks:

Ill read that link when I get a chance.

I would like to hear from some Cisco personnel on this board who have access to their R&D teams and can provide some answers with regard to these features and when -- or if -- Cisco will ever offer them on their Enterprise products.

Thanks

Jon Marshall Fri, 10/23/2009 - 13:52

Joe

Not Cisco personnel but would just like to say that i have a number of friends who work with Juniper and they too have told me that it has some very nice features to it that are lacking from most Cisco devices.

Fair enough and i'm not here to defend Cisco but it's worth bearing in mind that IOS has been around a long time whereas JUNOS is in those terms relatively new. I believe that former Cisco employees formed Juniper and they has a blank slate to work from (and some idea as to what didn't work too well in IOS !!).

As has been mentioned some of Cisco's later software is trying to incorporate some of these features and i agree it would be nice to see more.

Me, i'm still in semi-mourning now that Cat0S has largely been replaced :-)

Jon

Giuseppe Larosa Fri, 10/23/2009 - 12:07

Hello Joe,

all this is present in Cisco IOS XR, modular IOS.

there is the concept of commit, rollback and saving of "config snapshots"

But IOS XR is currently available only on the very big boxes like CRS and GSR 12000.

And yes IOS XR is more recent then Junos.

We can expect it on IOS XE of ASR 1000 (I didn't check documentation)and on X-OS of Nexus

These features are very handy.

the use of archive as suggested by others can be a workaround on IOS based devices.

But there are other interesting options I've seen on juniper (I didn't work a lot on them) for example taking advantage of local hard disk debug output are placed in log files: you can have up to 10 files for OSPF debug, other 10 for another and so on.

you then look at the files to see your debug output.

Hope to help

Giuseppe

ex-engineer Sun, 10/25/2009 - 06:38

I got this answer from the "ASK the Expert" forum:

Many of these features exist today in IOS. The ability to do configuration versioning and rollback is already present (though not on by default). It is very easy to activate and use. See http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtrollbk.html for more details.

Using config archive, you can store up to 14 previous configs, and rollback to them as needed. You can even view context-sensitive diffs between different configs in the archive as well as between startup and running. With config replace, you can create a "safety net" of a risky configuration change. You can say, "revert to the last known good config after two minutes if I do not confirm the change." This is much better than "reload in" as it quickly reverts the problematic config change with very little (or no) downtime.

You can also enable config logging as part of this config archive feature. With config logging, each change is logged. For example:

Router#show archive log config all

idx sess [email protected] Logged command

1 1 [email protected] | logging enable

2 0 [email protected] |!exec: enable

3 0 [email protected] |!exec: enable

4 2 [email protected] |snmp-server community *****

5 4 [email protected] |logging 172.18.123.166

6 0 [email protected] |!exec: enable

7 5 [email protected] |archive

8 5 [email protected] | log config

9 5 [email protected] | logging size 1000

10 0 [email protected] |!exec: enable

11 0 [email protected] |!exec: enable

12 0 [email protected] |!exec: enable

Up to 1000 commands can be logged.

Sounds nice, only he doesnt tell you what platforms they exist on. I dont think they exist on any Enterprise platforms.

nsn-amagruder Sun, 10/25/2009 - 10:37

I've used the config replace and rollback in x minutes if not confirmed in the 1841 router during a wan conversion. They are available in 12.4T.

Actions

This Discussion