Tags

, , , , , , ,

There has been some interesting discussions on configuration differences with IOS and JUNOS on Twitter the past few days.  One of the biggest things has been the inclusion of a Rollback command in JUNOS; and to be perfectly honest, that has to be one of the best commands that JUNOS has!
In case you are not familiar with it, in JUNOS if you submit a change and then enter commit confirm (default 10 minutes), the router will not “save” the configuration change until you commit the change again.  This way if you make a change, lock yourself out of the device, it will revert to the previous configuration and you should have your access back.
(some housekeeping)
Router/Switch Output
Commands
Notes

[edit]
user@host#
commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete
#commit confirmed will be rolled back in 10 minutes
By entering commit again, the change will become permenant
[edit]

user@host# commit

Now, what about IOS?  Well, typically we do the reload in x command before we make a change, but is there another way?  Well, yes there is!  We have the archive command and the config replace command string that will perform a similar function to to the JUNOS command and less drastic then the reload in command.
So, lets first cover the archive command.
The archive command allows you to make an archive of the config either over a time-period (say 1440 minutes) or when the write-memory command is initiated.  The archive can be stored in flash, tftp, ftp, or a few other places. To setup archiving:
Rack1R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
To enter the archive config, enter the archive command
Rack1R2(config)#archive
From there, you need to tell it 1) where to store the file and 2) what to call it.
Here it will be flash:/archive with a name of Rollback
Rack1R2(config-archive)#path flash:/archive/Rollback
Here I tell it to archive the previous config whenever the write-memory command is executed
Rack1R2(config-archive)#write-memory
Also, I might as well make sure that we back it up once a day at a minimum.  Range is from 1 minute to 525600 minutes (1 year)
Rack1R2(config-archive)#time-period ?
<1-525600>  Number of minutes to wait between archive creation
Rack1R2(config-archive)#time-period 1440
Rack1R2(config-archive)#
Now, if we look at the flash:/archive/ folder, what will we see?  Lets look (I already have some saved in memory)
Rack1R2#dir flash:archive
Directory of flash:/archive/
17  -rw-        1806   Jun 3 2011 19:34:16 +00:00  Rollback-2
18  -rw-        1806   Jun 3 2011 19:35:02 +00:00  Rollback-3
16  -rw-        1744   Jun 3 2011 19:31:54 +00:00  Rollback-1
512057344 bytes total (328622080 bytes free)
Rack1R2#
As you can see, we have a few files there, each appended with a number (call it revision with highest being most recent). To check, use the show archive command
Rack1R2#show archive
There are currently 4 archive configurations saved.
The next archive file will be named flash:/archive/Rollback-4
Archive #  Name
0
1       flash:/archive/Rollback-1
2       flash:/archive/Rollback-2
3       flash:/archive/Rollback-3 <- Most Recent
4
5
6
7
8
9
10
11
12
13
14
Rack1R2#
So, what does all this mean and how does this relate to the commit confirm command in Junos?  Good question!  Here we go!
So, when you need to do a change, just execute the archive config command prior to the change.  That will create a snapshot of the existing config in the archive directory.
Rack1R2#archive config

Lets take a look and see what revision we have saved:
Rack1R2#show archive
There are currently 5 archive configurations saved.
The next archive file will be named flash:/archive/Rollback-5
Archive #  Name
0
1       flash:/archive/Rollback-1
2       flash:/archive/Rollback-2
3       flash:/archive/Rollback-3
4       flash:/archive/Rollback-4 <- Most Recent
5
6
7
8
9
10
11
12
13
14
Rack1R2#
Now, there is another command that we need to know about – its the configure replace command!  We can use that similar to the commit confirm command because of the archive command.
Rack1R2#configure replace flash:archive/Rollback-4 time 60
That is all good – lets test the command!
 
I have R1 and R2 configured like the diagram below, connected via Frame-Relay and all interfaces are in RIPv2

Here is the routing table and interface status on R2:
Rack1R2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
R       150.1.1.1/32 [120/1] via 150.1.12.1, 00:00:23, Serial4/0.1
C       150.1.12.0/24 is directly connected, Serial4/0.1
R       150.1.11.0/24 [120/1] via 150.1.12.1, 00:00:23, Serial4/0.1
R       150.1.111.1/32 [120/1] via 150.1.12.1, 00:00:23, Serial4/0.1
150.2.0.0/32 is subnetted, 3 subnets
C       150.2.222.2 is directly connected, Loopback2
C       150.2.22.2 is directly connected, Loopback1
C       150.2.2.2 is directly connected, Loopback0
Rack1R2#sh ip int br | ex un
Interface                  IP-Address      OK? Method Status                Protocol
Serial4/0.1                150.1.12.2      YES manual up                    up
Loopback0                  150.2.2.2       YES manual up                    up
Loopback1                  150.2.22.2      YES manual up                    up
Loopback2                  150.2.222.2     YES manual up                    up
Rack1R2#
Here is the same information for R1
Rack1R1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.1.1/32 is directly connected, Loopback0
C       150.1.12.0/24 is directly connected, Serial4/0.1
C       150.1.11.0/24 is directly connected, Loopback1
C       150.1.111.1/32 is directly connected, Loopback2
150.2.0.0/32 is subnetted, 3 subnets
R       150.2.222.2 [120/1] via 150.1.12.2, 00:00:12, Serial4/0.1
R       150.2.22.2 [120/1] via 150.1.12.2, 00:00:12, Serial4/0.1
R       150.2.2.2 [120/1] via 150.1.12.2, 00:00:13, Serial4/0.1
Rack1R1#sh ip int br | ex un
Interface                  IP-Address      OK? Method Status                Protocol
Serial4/0.1                150.1.12.1      YES manual up                    up
Loopback0                  150.1.1.1       YES manual up                    up
Loopback1                  150.1.11.1      YES manual up                    up
Loopback2                  150.1.111.1     YES manual up                    up
Rack1R1#
Lets test the connectivity by PINGing R2 Loopback 2 from R1 Loopback2
Rack1R1#ping 150.2.222.2 so lo2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.2.222.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.111.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Rack1R1#
Good, now lets test the config replace command (IOS Rollback)
First, we will archive the config
Rack1R2#archive config
Now lets see what archives we have:
Rack1R2#sh archive
There are currently 6 archive configurations saved.
The next archive file will be named flash:/archive/Rollback-6
Archive #  Name
0
1       flash:/archive/Rollback-1
2       flash:/archive/Rollback-2
3       flash:/archive/Rollback-3
4       flash:/archive/Rollback-4
5       flash:/archive/Rollback-5 <- Most Recent
[– SNIP –]

Ok, Rollback-5 is the most recent.
Now on R1 we will start a 1000 packet ping
Rack1R1#ping 150.2.222.2 so lo2 repeat 100
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 150.2.222.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.111.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Now that we have that started, lets move on
Now, on R2 we will execute the configure replace command, set the timer to 60 seconds, then shut down the Serial 4/0 (frame-relay) interface
Rack1R2#configure replace flash:/archive/Rollback-5 time 60
Timed Rollback: Backing up to flash:/archive/Rollback-7
It will now ask you to make sure you want to do this – checks and balances
This will apply all necessary additions and deletions

to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: Y
Total number of passes: 0
Rollback Done
*Jun  3 21:43:22.026: Rollback:Acquired Configuration lock.
Rack1R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R2(config)#int ser 4/0
Rack1R2(config-if)#shut
Rack1R2(config-if)#
*Jun  3 21:43:28.274: %LINK-5-CHANGED: Interface Serial4/0, changed state to administratively down
*Jun  3 21:43:29.274: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0, changed state to down
Rack1R2(config-if)
Hmm, if we look at the ping that we have going on R1 we see that it can no longer PING R2
Rack1R1#ping 150.2.222.2 so lo2 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 150.2.222.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.111.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!………………………….
……..
Lets wait…. there, the config just rolled back on R2 and R1 can PING again!
Rack1R1#ping 150.2.222.2 so lo2 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 150.2.222.2, timeout is 2 seconds:
Packet sent with a source address of 150.1.111.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!………………………….
…………………!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 94 percent (948/1000), round-trip min/avg/max = 56/57/240 ms
Rack1R1#
So what happened on R2?  Here is the output on the console:
Rack1R2(config-if)#Timed Rollback: rolling to:flash:/archive/Rollback-7
!Pass 1
Neat, it will show you the commands it is about to enter!

!List of Commands:
interface Serial4/0
no shutdown
end
Total number of passes: 1
Rollback Done
*Jun  3 21:44:22.218: Rollback:Acquired Configuration lock.
Rack1R2(config-if)#
*Jun  3 21:44:22.778: %PARSER-3-CONFIGNOTLOCKED: Unlock requested by process ’21’. Configuration not locked.
Rack1R2(config-if)#
*Jun  3 21:44:24.586: %LINK-3-UPDOWN: Interface Serial4/0, changed state to up
*Jun  3 21:44:25.586: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0, changed state to up
Rack1R2(config-if)#
If all is good after your change and you need to not roll-back, just issue the command configure confirm and it will cancel the rollback.

Rack1R2#configure confirm
 
If you already issued that command, you will get the following output:
Rack1R2#configure confirm
%No timed rollback pending
Rack1R2#
Not as simple as the JUNOS commands, but is still valuable in the IOS world!
 
R1 Config Here
R2 Config Here