Introduction:
In this document we will be discussing on NX-OS "Configuration Rollback" feature. The rollback feature allows you to take a snapshot, or user checkpoint, of the Cisco NX-OS configuration and then reapply that configuration to your device at any point without having to reload the device. This checkpoint can be extremely useful when a new change is being tested and want immediate return to an original/stable configuration if any problem occurs.
You can also create multiple checkpoints to save different version of your running configuration.
When you roll back the running configuration, you can trigger the following rollback types:
- Atomic: it’s a default type and Implement a rollback only if no errors occur.
- Best-effort: Implement a rollback and skip any errors.
- Stop-at-first-failure: Implement a rollback that stops if an error occurs.
- Verbose: Displays the execution log and allows the user to see the events occurring during configuration rollback.
Please read Guidelines and Limitations for rollback configuration and High Availability
Configuration Example:
Let's first verify for any checkpoint configured on device.
N5K# sh checkpoint summary
N5K#
We don’t have any checkpoints configure yet. Let's create one
N5K# checkpoint ?
<CR>
WORD Checkpoint name (Max Size 32)
description Checkpoint description for the given checkpoint
file Create configuration rollback checkpoint to file
N5K# checkpoint test description "testing_purpose"
..Done
N5K#
Verify created checkpoint using “sh checkpoint summary” command
N5K# sh checkpoint summary
User Checkpoint Summary
-------------------------------------------------------------------------------
1) test:
Created by admin
Created at Mon, 07:37:22 29 Sep 2014
Size is 5,824 bytes
Description: "testing_purpose"
N5K#
Now let's verify what feature we have enabled and configuration of any one of interface of box.
N5K(config)# sh run | in feature
feature telnet
no feature http-server
N5K(config)# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Mon Sep 29 07:40:53 2014
version 5.1(3)N1(1)
interface Ethernet1/1
N5K(config)#
As you can see we have only telnet enabled and no configuration on interface e1/1, so let's turn on some feature.
N5K(config)# feature hsrp
N5K(config)# feature vrrp
N5K(config)# int e1/1
N5K(config-if)# switchport mode trun
N5K(config-if)# switchport trunk allowed vlan 150
N5K(config-if)# no sh
N5K(config-if)#end
Verify running config
N5K# sh run | in feature
feature telnet
no feature http-server
feature vrrp
feature hsrp
N5K# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Mon Sep 29 07:43:48 2014
version 5.1(3)N1(1)
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 150
N5K#
Check the differences of checkpoint config with running one with “sh diff rollback-patch checkpoint test running-config” command as shown below:
N5K# sh diff rollback-patch checkpoint test running-config
Collecting Running-Config
#Generating Rollback Patch
feature vrrp
feature hsrp
!
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 150
So you can see the difference between current configuration and created checkpoint and will be extremely useful when you are doing new change and want immediate return to an original/stable configuration if any problem occurs.
We will rollback running config to checkpoint:
N5K# rollback running-config checkpoint test
Collecting Running-Config
Generating Rollback patch for switch profile
Rollback Patch is Empty
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Rollback completed successfully.
Verifying running config:
N5K# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Mon Sep 29 08:07:28 2014
version 5.1(3)N1(1)
interface Ethernet1/1
N5K# sh run | in feature
feature telnet
no feature http-server
N5K#
As discussed above, if you do rollback with verbose keyword will give you events occurring during configuration rollback.
N5K# rollback running-config checkpoint test verbose
Collecting Running-Config
Generating Rollback patch for switch profile
Rollback Patch is Empty
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
========================================================
`config t `
`interface Ethernet1/1`
`no switchport trunk allowed vlan`
`no switchport mode`
`exit`
`no feature hsrp`
`no feature vrrp`
`end`
========================================================
Generating Running-config for verification
Generating Patch for verification
Rollback completed successfully.
There are some of the limitation like you can’t run checkpoint on storage vdc, also if you enable "feature fcoe" on 5k it will disable rollback as shown below:
N5K# sh diff rollback-patch running-config checkpoint test
ERROR: FCOE is enabled. Disabling rollback module
To delete all checkpoints, two things can be done:
1. ‘write erase’ command and reload the switch
2. ‘clear checkpoint database’ command
Hope you like it, share your views and experience with us.
Related Information:
Nexus7k:Configuring Rollback
