Nexus – Backup and Rollback

Anyone who has been through a change management process can tell you that you need to have a rollback plan. Fortunately, the Nexus platform makes this a little easier for us.

Before a change is made, an administrator can create a checkpoint, which is a point-in-time snapshot of the switch configuration. If there is a problem with the change, the administrator can then rollback to the checkpoint config. A significant advantage to using this in a rollback plan is that the administrator does not need to understand all the config in the switch to roll back.

To create a checkpoint, use the checkpoint command.

Create a Checkpoint

switch# checkpoint NewCheckpoint
..Done

A list of checkpoints can be seen with show checkpoint sumary

switch# show checkpoint summary 
1) NewCheckpoint:
Created by admin
Created at Thu, 02:36:53 24 Nov 2016
Size is 33,512 bytes
User Checkpoint Summary
--------------------------------------------------------------------------------
Description: None

To see a rollback in action, we’re first going to make some config changes. In this case, we’re going to add a VLAN.

switch# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# vlan 200
switch(config-vlan)# name NewVLAN

A list of changes between the checkpoint and the running config can be generated. In addition to the running-config, a combintation of startup-config and other checkpoints can be used.

switch# show diff rollback-patch checkpoint NewCheckpoint running-config 
Collecting Running-Config

#Generating Rollback Patch
 

!!                                                                  
 

! 

vlan 200

 name NewVLAN

There are four options for rolling back:

• Atomic – Roll back will only take effect if no errors occur; This is the default
• Best-Effort – Skip any errors, and continue rollback
• Stop-at-first-failure – Roll back until an error occurs; May result in a partial roll back
• Verbose – Show full detail during roll back

Here, the configuration is rolled back with the rollback command.

switch# rollback running-config checkpoint NewCheckpoint atomic 
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config

#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Verification is Successful.

Rollback completed successfully.

To prove that it works, have a look at the VLAN configuration. You will notice that the VLAN created earlier is now gone.

switch# sh run vlan

!Command: show running-config vlan
!Time: Thu Nov 24 02:43:21 2016

version 7.3(0)D1(1)
vlan 1

Up to 10 checkpoints can be created. In the case of the N7K, this is 10 checkpoints per VDC. Checkpoints are cleared when the write erase command is issued, when the reload command is issued (depending on NXOS version), or when the clear checkpoint database command is issued.

Be aware that roll backs are not supported across different NXOS versions. If this is required, a best-effort rollback could be used, and the administrator could handle any errors manually.

There are some guidelines that apply to valid checkpoint names.