It’s approaching 10pm on Friday night and you are getting ready to apply your IWAN / Routing Protocol / <Insert major project of your choosing> migration script to the very last of your branch site routers. You have been saving this branch till last for a very special reason. This is after all that branch site that is in the furthest darkest corner of the globe. Your company of course has no local IT resource there and even if they did its probably that site that you can only get to via 3-hour snowmobile ride. This is the site that has the potential to really ruin your weekend. But hey that’s why we left it until last right. We have applied our configurations to our other 10 sites without a hitch, you have this change down pat. At this rate, you might even make it to the bar in time celebrate your success with a couple of well-earned adult beverages.
So, without a second thought you kick off your continuous ping to the remote sites loopback address, copy your config out of notepad and apply it to your router. Your configurations whizz bye in a haze of yellow Lucinda 10pt font on black background (My personal favorite terminal appearance settings) and then suddenly it stops. You look nervously over to the command window running the ping you just started.
One timeout (That’s expected), Two timeouts (You saw that at a couple of the other sites, all is not lost), Three timeouts, Four timeouts, five timeouts. Your heart sinks as the realization of your predicament dawns on you. You hit enter a couple of times on your ssh terminal session in the hope you can somehow resuscitate the router. Come back to me you scream as you look to the heavens. Well ok maybe that’s a little bit on the dramatic side but you get my point.
What went wrong you may ask. Well there could be a multitude of reasons for our current predicament. Perhaps it could be as simple as a typo in your configuration script for this site or maybe you pasted in the configuration from a different site. We will leave the post mortem of our situation to the management team. In this blog, I want to focus on how this situation could have been avoided by using a surprisingly little-known Cisco IOS/IOS-XE feature named “Configuration Rollback”. I say surprising because this feature has been around since IOS “12.4(20)T”, yet most customers I work with have never heard of this feature.
The Configuration Rollback feature enables you to take a snapshot of your configuration when entering global configuration mode and starting an automatic rollback timer, which can be an absolute time in minutes or an idle time. I personally like to use the ideal time so that as long as I’m entering commands the rollback will be delayed. Should you lose connectivity to your device then the configuration will automatically be rolled back to the configuration snapshot.
Let’s see it in action.
First, we need to enable the “Archive” feature:
The above allows us to create a maximum of one snapshot which will be stored in the root of flash. I like to restrict snapshots to one to avoid our backups filling up our local storage.
Now we are ready to apply our scheduled changes:
The output above shows a simple change to the router hostname automatically rolled back. Note that now when entering global configuration mode, we need to append the command “revert timer idle1” to the configure terminal command. This addition tells IOS to create a snapshot (named “Aug-21-21-51-23-4” above) of the current configuration and to automatically roll back to this snapshot after 1 minute of idle time. In the example above I stopped entering commands after running the “show clock”. Note the difference in time highlighted in red.
Finally, when you are happy with your config and you have not lost connection to your router you can confirm your changes by entering the command “configure confirm” which is demonstrated in the output below.
So, the next time you must make some changes on your Cisco equipment I encourage you to utilize Cisco’s Configuration Rollback feature. It might just save your bacon.
Written By: Chris Marshall, LookingPoint Senior Solutions Architect - CCIE #29940