Two-stage Configuration Commit
About Two-stage Configuration Commit
Guidelines and Limitations
Configuring in Two-Stage Configuration Commit Mode
Aborting the Two-Stage Configuration Commit Mode
Displaying Commit IDs
Rollback Capability
Viewing Current Session Configurations

Two-stage Configuration Commit

This chapter describes how to enable two-stage configuration commit mode on the Cisco NX-OS device.

This chapter includes the following sections:

About Two-stage Configuration Commit

In an interactive session, when you run a command, it’s executed and it changes the running configuration. This behaviour is known as one-stage configuration commit. In the confirm-commit or the two-stage configuration commit, changes in configurations are stored in a staging database. These changes don’t affect the running configuration until you run the commit command. This two-stage process creates a target configuration session, where you can make, edit, and verify configuration changes before committing them to the running state of the switch. You can also commit the changes for a time period you specify before you commit them permanently. After the specified time period, the switch reverts to the previous configuration if you don’t run the commit command. When a commit is successful, you can view the commit information that includes the commit ID, username, and timestamp.

The following figure shows the two-stage configuration commit process.

Figure 1. Two-Stage Configuration Commit Process

Guidelines and Limitations

Two-stage configuration commit has the following configuration guidelines and limitations:

This feature is supported only for a CLI interface in a user-interactive session.
Before you run any feature-related configuration commands, enable the feature using the feature command and commit it using the commit command.
Two-stage configuration commit mode doesn’t support other modes like maintenance mode, scheduler mode, or virtual mode.
When you’re in the two-stage configuration commit mode, avoid editing configurations in one-stage configuration commit mode from different sessions at the same time.
Review the configurations using the show configuration command before committing the changes.
Show configuration displays the staged configs:
- It displays the real difference, that is yes and no form of the same command will result in empty config.
- It is recommended to issue the exact no form of the cli to negate the config.
  
  Example: to negate ‘ip address x’ config, user has to give ‘no ip address x’ instead of ‘no ip address’.
- Interface layer change commands (switchport/no switchport) should be issued explicitly.
- Any invalid config in the session should manually be removed by the user before attempting commit. If could not remove manually clear the session and start a new session.
If the verification fails, edit and retry the commit.
If the commit fails, the configuration rolls back to the previous configuration.
Configurations that you don’t commit aren’t saved after you reload the switch.
This feature doesn’t support commits with NX-API, EEM, PPM and Netconf.
You can have only one active two-stage configuration commit session at a given time.
N9K-C92348GC-X supports two-stage configuration commit from Cisco NX-OS Release 10.5(1)F.

Configuring in Two-Stage Configuration Commit Mode

To enable a feature in the two-stage configuration commit mode, perform the following steps:

Note

In this procedure, the BGP feature is enabled as an example.

Procedure

Command or Action Purpose

Step 1

configure dual-stage

Example:

switch# configure dual-stage
switch(config-dual-stage)#

Creates a new target configuration session.

Note

The target configuration isn’t a copy of the running configuration. It has only the configuration commands entered during the target configuration session.

Step 2

feature feature_name

Example:

switch(config-dual-stage)# feature bgp
switch(config-dual-stage)#

Enables the feature.

Note

You can enable the feature even before entering the two-stage configuration commit mode.
You can’t combine feature-related commands in a commit if the feature isn’t already enabled.

Step 3

commit [confirmed seconds]

Example:

switch(config-dual-stage-router)# commit confirmed 30
Verification Succeeded.
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.

Configuration committed by user 'admin' using Commit ID : 1000000001

switch(config-dual-stage)# 
switch(config-dual-stage)# commit
Confirming commit for trial session.
switch(config-dual-stage)#

Example:

switch(config-dual-stage)# hostname example-switch
switch(config-dual-stage)# commit 
Verification Succeeded.

Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Configuration committed by user 'admin' using Commit ID : 1000000002
example-switch(config-dual-stage)#

Commits changes to the running configuration.

confirmed : Commits the changes to the running configuration.
seconds : Commits the configuration in global configuration mode on a trial basis for a minimum of 30 seconds and a maximum of 65535 seconds.

Note

If you enter a trial period, run the commit command to confirm the configuration. If you don’t run the commit command, the switch reverts to the previous configuration after the trial period.

Step 4

Example:

switch(config-dual-stage)# router bgp 64515.46
switch(config-dual-stage-router)# 
switch(config-dual-stage-router)#   router-id 141.8.139.131
switch(config-dual-stage-router)#

Run any feature-related commands that are supported in this configuration mode.

Step 5

show configuration

Example:

switch(config-dual-stage-router)# show configuration
! Cached configuration
!
router bgp 64515.46
 router-id 141.8.139.131

Displays the target configuration.

Note

You can run this command only in the dual-stage configuration mode.

Step 6

commit [confirmed seconds ]

Example:

switch(config-dual-stage-router)# commit 
Verification Succeeded.
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Configuration committed by user 'admin' using Commit ID : 1000000003

Commits changes to the running configuration.

Step 7

(Optional) show configuration commit [changes] commit-id

Example:

switch(config-dual-stage-router)# show configuration commit changes 1000000003
*** /bootflash/.dual-stage/1000000003.tmp       Fri Mar 19 10:59:00 2021
--- /bootflash/.dual-stage/1000000003   Fri Mar 19 10:59:05 2021
***************
*** 378,383 ****
--- 378,385 ----
  line console
  line vty
  boot nxos bootflash:/nxos64.10.1.1.44.bin 
+ router bgp 64515.46
+   router-id 141.8.139.131
  xml server timeout 1200
  
  no priority-flow-control override-interface mode off

Example:

switch(config-dual-stage)# show configuration commit 1000000003 
feature bgp
router bgp 64515.46
  router-id 141.8.139.131
.
.
.

(Optional)

Displays commit-related information.

Only the last 50 commits or the commit files stored in the reserved disk space are saved. The reserved disk space is 20 MB. All the commit sessions will be removed when you reload the switch. However, the commit IDs are not removed. Also, these commit IDs will not be removed in case of write, erase, and reload.

Use the show configuration commit changes commit-id command to view only the changes in the current session of the commit you specify.

Use the show configuration commit commit-id command to view the complete configurations in the commit that you specify, along with few class-map policies. These class-map policies are not new policies but hidden policies. To view the hidden policies, use the show run all command.

Step 8

(Optional) save configuration filename

Example:

switch(config-dual-stage)# save configuration bootflash:test.cfg

(Optional)

Saves the target configurations to a separate file without committing them to the running configuration.

Note

You can load the target configuration files later, modify, or commit. The file will be saved in bootflash.
You can view the configuration file you saved by running the show configuration file filename command.
Some of the user-specific information will be masked based on the user role.
Configs saved in dual stage mode is an encrypted file and can be viewed only using #show configuration file <> and not using #show file <>.

Step 9

(Optional) load filename

Example:

switch (config-dual-stage)# show configuration 
! Cached configuration
switch (config-dual-stage)# load test.cfg
switch (config-dual-stage-router)# show configuration 
! Cached configuration
!
router bgp 1
switch(config-dual-stage-router)#

(Optional)

Loads a target configuration that you saved. After loading a file, you can modify it or commit it to the running configuration. To save the changes, use the save configuration filename command.

You can load a target configuration that you saved using only the save configuration filename command.

Step 10

(Optional) clear configuration

Example:

switch(config-dual-stage)# show configuration 
! Cached configuration
!
router bgp 64515.46
router-id 141.8.139.131
switch (config-dual-stage)# clear configuration 
switch (config-dual-stage)# show configuration 
! Cached configuration
switch (config-dual-stage)#

(Optional)

Clears changes made to the target configuration without terminating the configuration session. It deletes any configuration changes that aren’t committed.

Step 11

end

Example:

switch(config-dual-stage-if)# end
Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]

Exits the global dual stage configuration mode.

If you end a configuration session without committing the configuration changes, you’ll be prompted to save changes, discard changes, or cancel the action:

Yes: Commits the configuration changes and exit configuration mode
No: Exits the configuration mode without committing the configuration changes
Cancel: Remains in configuration mode without committing the configuration changes

Note

If you choose to exit when a confirm commit timer is running, the same options are displayed. If you still chose to exit, the trial configuration rolls back instantly.
If the default session times out before the timer expires, the trial configuration rolls back before exiting the session. In this case, no warning message appears.

Step 12

show configuration dual-stage sessions

Example:

switch(config-dual-stage)# show configuration dual-stage sessions 
SNo. Session          Line         User         Date      
---- ---------------- ------------ ------------ ----------
1    8671-17101913    /dev/ttyS0   admin        Wed Feb 17 10:56:00 2021
switch(config-dual-stage)# end
switch# show configuration dual-stage sessions 
There are no active dual stage sessions
switch#

Before you start a configuration session, you must check if there are other configuration sessions in progress. Only single user is allowed to enter the dual stage configuration mode. Therefore, you need to exit the previous session before starting a new one. There are as many as 32 interactive VSH sessions possible, and the show command displays the PID and line information of the dual stage session.

Note

Dual stage mode will be accessible only after System ready.

Step 13

clear configuration commits diskspace

Example:

Southlake-2# clear configuration commits diskspace ?
<1-20971> Number of Kilo Bytes of disk space to free

Southlake-2# clear configuration commits diskspace 100
Deleting 7 rollback points from '1000005557' to '1000005563'
101 KB of disk space will be freed.
Continue with deletion (yes/no)? [no] y
Southlake-2#

You can delete the oldest configuration commitIDs by entering the clear configuration commits command. The clear configuration commits command must be followed by either the amount of disk space to reclaim or the number of commitIDs to delete. To reclaim disk space from the oldest commitIDs, enter the clear configuration commits command followed by the diskspace keyword and number of kilobytes to reclaim.

Step 14

clear configuration commits oldest

Example:

switch(config-dual-stage)# clear configuration commits oldest 10
Deleting 10 rollback points '1000000030' to '1000000039'
125 KB of disk space will be freed.
Continue with deletion (yes/no)? [no] n

To delete a specific number of the oldest commitIDs, enter the clear configuration commits command followed by the oldest keyword and number of commitIDs to delete.

Step 15

Show configuration failed

Example:

switch(config-dual-stage-if)# commit
Verification Succeeded.

Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Failed to commit one or more configuration items.
Commit Failed, Rolling back ...
switch(config-dual-stage)#
switch(config-dual-stage)# show configuration failed 
`config terminal`
`router bgp 100 `
`neighbor 2.2.2.2 `
`bfd `
Syntax error while parsing 'bfd '

`neighbor 3.3.3.3 `
`bfd `
Syntax error while parsing 'bfd '

`interface port-channel23 `
`bfd `
Syntax error while parsing 'bfd '

`end`
`end`
switch(config-dual-stage)#

Configuration changes are semantically verified during the commit operation, and begins the actual backend commit once the verification is succeeded. A message appears if one or more configuration entry fails while committing. To display an error message and description for a failed configuration, enter the show configuration failed command. This will display the configuration block that failed in last commit. Configuration block is to preserve the configuration context.

Step 16

show configuration failed noerrors

Example:

switch(config-dual-stage)# show configuration failed noerror 
router bgp 100 
  neighbor 2.2.2.2 
    bfd 
  neighbor 3.3.3.3 
    bfd 
interface port-channel23 
  bfd 
switch(config-dual-stage)#

To display only the errored config (without a description) for a failed configuration block, enter the show configuration failed noerrors command.

Step 17

load configuration failed commit

Example:

switch(config-dual-stage)# load configuration failed commit 
switch(config-dual-stage-if)# sh configuration 
! Cached configuration
!
router bgp 100
 neighbor 2.2.2.2
    bfd
!
interface port-channel23
 bfd
switch(config-dual-stage-if)#

If the router displays a verification failure message during commit, the configuration changes are not lost. You can modify the target configuration and commit again. But, if the router displays a configuration failure message (backend error) when you attempt to commit a configuration change, the configuration session will reset. But, while you remain in dual-stage configuration mode, you can reload the failed configuration block into the target configuration, correct the errors, and commit the changes.

To load a failed configuration, enter the load configuration failed commit command. After recovery, correct and commit the configuration or save it to a file to avoid losing it. Please note that while loading, syntactically wrong configurations will get ignored. You can use ‘show configuration’ to view the target configuration.

Aborting the Two-Stage Configuration Commit Mode

When you abort a configuration session, uncommitted changes are discarded and the configuration session ends. No warning appears before the configuration changes are deleted.

switch(config-dual-stage)# router bgp 1
switch(config-dual-stage-router)# neighbor 1.2.3.4
switch(config-dual-stage-router-neighbor)# remote-as 1
switch(config-dual-stage-router-neighbor)# show configuration 
! Cached configuration
!
router bgp 1
neighbor 1.2.3.4
remote-as 1
switch(config-dual-stage-router-neighbor)# show run bgp 

!Command: show running-config bgp
!Running configuration last done at: Wed Mar 17 16:17:40 2021
!Time: Wed Mar 17 16:17:55 2021

version 10.1(2) Bios:version 
feature bgp


switch(config-dual-stage-router-neighbor)# abort
switch# show run bgp

!Command: show running-config bgp
!Running configuration last done at: Wed Mar 17 16:18:00 2021
!Time: Wed Mar 17 16:18:04 2021

version 10.1(2) Bios:version 
feature bgp

switch#

Displaying Commit IDs

At each successful commit, the commit ID is displayed in the syslog. The total number of commit IDs saved in the system depends on the configuration size and the disk space available. However, the maximum number of commit IDs stored at any given time is 50.

Use the show configuration commit list command to view information about the last 50 commit IDs. Each entry shows the user who committed configuration changes, the connection used to execute the commit, and commit ID timestamp.

switch# show configuration commit list
SNo. Label/ID     User     Line         Client     Time Stamp
~~~~ ~~~~~~~~~~~~ ~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
1    1000000001   admin    /dev/ttyS0   CLI        Wed Jul 15 15:21:37 2020
2    1000000002   admin    /dev/ttyS0   Rollback   Wed Jul 15 15:22:15 2020
3    1000000003   admin    /dev/pts/0   CLI        Wed Jul 15 15:23:08 2020
4    1000000004   admin    /dev/pts/0   Rollback   Wed Jul 15 15:23:46 2020

Rollback Capability

You can rollback the configuration to any of the previous successful commits. Use the rollback configuration command to rollback to any of the last 50 commits.

switch# rollback configuration to ?
1000000015
1000000016
1000000017

:
:

switch#

Each commit ID acts as a (checkpoint or) rollback point. You can rollback to any given
commit ID. When you roll back the configuration to a specific rollback point, you undo
all configuration changes made during the session identified by the commitID for that
rollback point, and you undo all configuration changes made after that point. The
rollback process rolls back the configuration and commits the rolled-back configuration.
The rollback process also creates a new rollback point (commit ID)so that you can roll
back the configuration to the previous configuration.


switch(config-dual-stage)# rollback configuration to 1000000002
Rolling back to commitID :1000000002
ADVISORY: Rollback operation started...
Modifying running configuration from another VSH terminal in parallel
is not recommended, as this may lead to Rollback failure.

Configuration committed by rollback using Commit ID : 1000000004
switch(config-dual-stage)#

Viewing Current Session Configurations

You can view the current session configuration using the show configuration command. This command is supported only in the dual-stage mode. The session configuration is cleared if a commit fails.

switch(config-dual-stage-cmap)# show configuration
! Cached configuration
!
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
switch(config-dual-stage-cmap)#

If there is no configuration, the following message appears:

switch(config-dual-stage)# show configuration
! Cached configuration
switch(config-dual-stage)# commit
No configuration changes to commit.
switch(config-dual-stage)#

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.5(x)

Bias-Free Language

Book Title

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.5(x)

Chapter Title