Configuration Rollback

TNSR software version 22.02 and later includes a configuration rollback feature which uses a timer to revert configuration changes that may be disruptive. This fail-safe measure can be useful, for example, to make a batch of changes which may break connectivity to a remote TNSR instance.

If an administrator does not cancel the rollback timer before it expires, TNSR restores and commits a copy of the configuration from when the timer started.

Start the Rollback Timer

The first step in using the rollback feature is to start a timer.

The command to start a timer is configuration rollback timer start, for example:

tnsr(config)# configuration rollback timer start minutes 10 config-source running

The timer starts immediately when the command is entered. After starting the timer, proceed to make any necessary changes. If the changes are working as expected, then cancel the timer with configuration rollback cancel.

This command requires the following parameters:

minutes:

The amount of time, in minutes, after which the timer will expire and TNSR will rollback the configuration if the timer is not canceled.

The value can be between 1 and 120 minutes.

Tip

The timer should be long enough to not only make the configuration changes but also to properly evaluate the changes before they are reverted by the rollback process.

For example, if it takes 5 minutes to make all of the changes, then another 5 minutes to know for sure if the changes are working properly, then the timer should be at least 10 minutes.

config-source:

The configuration that TNSR will restore when the timer expires if the timer was not canceled. The rollback process copies the specified configuration source when creating the timer.

running:

Use a copy of the current running configuration database.

startup:

Use a copy of the startup configuration database.

<filename>:

The full path to a copy of a configuration in XML format.

Note

A rollback timer is only active while TNSR is running and a timer does not persist between TNSR restarts. For example, the timer will no longer be active if the TNSR router reboots, the TNSR services are stopped and started, or if there is a crash.

View the Rollback Timer

To view information about the most recent timer, use the following command:

tnsr(config)# show configuration rollback timer

For example:

tnsr(config)# show configuration rollback timer
Started: yes
Expires in 9 minute(s) 6 second(s)
Configuration source: running
Initiator: tnsr

The output includes the following information:

Started:

Whether the timer is currently running. If this is no, then there is no other information in the output.

Expires in:

The amount of time remaining before the timer expires.

Configuration Source:

The configuration copied by the rollback timer process.

Initiator:

The TNSR administrator who initiated or restarted the rollback timer.

Change a Running Timer

The amount of time remaining before the timer expires can be changed to give administrators more time to complete their work and evaluation, or to expire sooner if it will take less time to complete the work than planned.

This command resets the timer to the new expiration time:

tnsr(config)# configuration rollback timer restart minutes <minutes>

The minutes <minutes> parameter works the same as when starting a new timer.

Note

The timer is set to the given value, the given value is not added to the existing timer. In other words, this is an absolute value, not a relative amount of time.

For example, start a timer for 10 minutes and then change it to 15 minutes:

tnsr(config)# configuration rollback timer start minutes 10 config-source running
tnsr(config)# show configuration rollback timer
Started: yes
Expires in 9 minute(s) 55 second(s)
Configuration source: running
Initiator: tnsr

tnsr(config)# configuration rollback timer restart minutes 15
tnsr(config)# show configuration rollback timer
Started: yes
Expires in 14 minute(s) 58 second(s)
Configuration source: running
Initiator: tnsr

Trigger the Rollback Timer

It is also possible to trigger the rollback manually:

tnsr(config)# configuration rollback trigger

This can be useful if an administrator still has connectivity to TNSR but the changes made are not working properly. Rather than undo the changes manually or wait for the timer to expire, triggering the rollback will undo all of the changes immediately.

Cancel the Rollback Timer

The last step in the process is to cancel the timer if the changes are working properly. This stops the timer and prevents the rollback from being executed.

tnsr(config)# configuration rollback cancel

Example

This example demonstrates how the timer commands would be used for a set of changes.

First, start a new timer based on the running configuration:

tnsr(config)# configuration rollback timer start minutes 10 config-source running

Next, make some potentially disruptive changes:

tnsr(config)# ipsec tunnel 0
tnsr(config-ipsec-tunnel)# remote-address 203.0.113.25
tnsr(config-ipsec-tunnel)# exit
tnsr(config)#

In this case, that would make the tunnel fail as the remote identifier was not updated. If the user was connecting to TNSR over that IPsec tunnel they may have been cut off.

Wait for the timer to expire and the configuration will roll back as directed, after which connectivity will be restored.

Now log back in, start a fresh timer, and make the complete set of correct configuration changes:

tnsr(config)# configuration rollback timer start minutes 10 config-source running
tnsr(config)# ipsec tunnel 0
tnsr(config-ipsec-tunnel)# remote-address 203.0.113.25
tnsr(config-ipsec-tunnel)# crypto ike
tnsr(config-ipsec-crypto-ike)# identity remote
tnsr(config-ike-identity)# value 203.0.113.25
tnsr(config-ike-identity)# exit
tnsr(config-ipsec-crypto-ike)# exit
tnsr(config-ipsec-tunnel)# exit
tnsr(config)#

In this example, now the changes are working properly, so it is safe for the administrator to cancel the timer:

tnsr(config)# configuration rollback cancel