Mar 25, 2014

Learning JUNOS from IOS - Day2 (Configuration Management)

Configuration Management

Day 2 - How to review router configuration ?

In Cisco IOS, it has two default configuration files: 
(1) startup-config: is used for initialization of router boot up process 
(2) running-config. is the real-time concurrent configuration repository whenever you type any commands in IOS.



And how do you differentiate screen output is the startup-config or running-config ?




  • Startup-config is stored in NVRAM, so you can see how many disk space it is using out of NVRAM total bytes.
Router#show startup-config
Using 1448 out of 129016 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
...
  • Running-config is stored in RAM, so you can see the prompt of "Current configuration"
Router#show running-config
Building configuration...
Current configuration : 1448 bytes
!
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot-start-markerboot-end-marker

If the final change of configuration is okay, you need to remember to backup the current configuration  by below command:

Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

or you can use legacy quick command as below:

Router#write
Building configuration...
[OK]

It's a pity that Cisco IOS has no rollback feature. Just imagine that if you don't have a well-designed change and rollback SOP for Cisco IOS(it sometime happened when emergency change to control routing path for congestion mitigation or apply ACL for security incident by emergency request from security team), you may create a disaster if you did lots of wrong configuration and you forgot what you did and your terminal clients buffer config was not enough to store all the change history. You may need to review the running-configuration in details then remove the wrong configuration line-by-line.

In some rare case, the router did not load the final configuration as you expected, then please use below command to check the configuration register by below command.

Router#sh ver
...
Configuration register is 0x2102

In normal condition, the configuration register value should be 0x2102. If you would like to skip the startup-configuration during router boot-up process for special purpose (ex: password recovery), then you would need to use below command to change the configuration register value to 0x2142.

Don't forget to change it back to 0x2102 as below or it will bypass startup-config again, it means you may not be able to access the router remotely after it reboot by power on/off or power outage accident.)

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#end
Router#show version
...
Configuration register is 0x2142 (will be 0x2102 at next reload)

In fact, if you want to backup your running-config to other file but not the default startup-config, you can use below command to backup configurations as you want:

Router#copy running-config disk0:/backup-20140325.cfg
Destination filename [backup-20140325.cfg]?
766 bytes copied in 0.356 secs (2152 bytes/sec)

Router#dir
Directory of disk0:/ 
1 -rw- 766 Mar 25 2014 14:49:26 +00:00 backup-20140325.cfg
66850816 bytes total (66846720 bytes free)



Archive command

I believe many people may not know that Cisco IOS has provide a similar feature with JUNOS rollback features - archive. We can leverage the archive command that will perform a similar rollback function to to the JUNOS command.

At first, let's how it works and configure:
  • path: directory: disk0:/archive, rollback is each filename common prefix (it depends on hardware model, you may use slot0: or disk0: or flash:)
  • write-memory: Enable automatic backup generation during write memory
  • maximum: the maximum number of backup copies(max is 14)
  • time-period: I defined 1440 mins(One day) then it will auto-backup running-config
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
Router(config)#archive
Router(config-archive)#path disk0:/archive/rollback
Router(config-archive)#write-memory
Router(config-archive)#maximum 14
Router(config-archive)#time-period 1440
Router(config-archive)#^Z
Router#

Then let's create the directory in router's file system(it depends on your hardware model):

Router#mkdir disk0:/archive
Create directory filename [archive]?
Created dir disk0:/archive

Router#cd archive
Router#dir
Directory of disk0:/archive/
No files in directory
66850816 bytes total (66842624 bytes free)

Router#

Next, please try to use write command to backup your running-config to startup-config:


Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1

R1(config)#^Z

R1#wr
Building configuration...
[OK]
R1#dir
Directory of disk0:/archive/
3 -rw- 796 Mar 25 2014 15:06:22 +00:00 rollback-1
66850816 bytes total (66838528 bytes free)

Here you are, now you use leverage this file system as your configuration repository!

So, how can we know the difference between these files and current running-config ?

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#hostname XYZ
XYZ(config)#int loopback 0
00:47:47: %LINK-3-UPDOWN: Interface Loopback0, changed state to up
00:47:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
XYZ(config-if)#ip address 1.1.1.1 255.255.255.255
XYZ(config-if)#^Z
XYZ#
00:47:52: %SYS-5-CONFIG_I: Configured from console by console

XYZ#sh archive config differences disk0:/archive/rollback-1
Contextual Config Diffs:
+hostname R1
-hostname XYZ
-interface Loopback0
-ip address 1.1.1.1 255.255.255.255
-no clns route-cache

XYZ#wr
Building configuration...
[OK]
XYZ#dir
Directory of disk0:/archive/
3 -rw- 796 Mar 25 2014 15:06:22 +00:00 rollback-1
4 -rw- 876 Mar 25 2014 15:12:24 +00:00 rollback-2
66850816 bytes total (66834432 bytes free)


Yes, it looks like JUNOS compare feature, if you have ever used JUNOS

So, if you want to rollback to previously backup configuration, you can use below command:

XYZ#config replace disk0:/archive/rollback-1
This will apply all necessary additions and deletions to replace the current running configuration with thecontents of the specified configuration file, which is assumed to be a complete configuration, not a partialconfiguration. Enter Y if you are sure you want to proceed. ? [no]: yes
Total number of passes: 1
Rollback Done

R1#
00:54:59: Rollback:Acquired Configuration lock.
00:55:01: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
00:55:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down 





In JUNOS configuration, you need to develop a good habit that is to remember to commit to make the change take effect every time. Several case of JUNOS configuration troubleshooting and the root cause is not the SOP config issue just because users forgot to commit it to activate the change.

Commit command

[edit]
user@router# commit
commit complete


When you make a configuration change, the change does not take effect immediately. Instead, it goes into a candidate configuration file.

You can make as many configuration additions, deletions, and changes as you like, and none of them become active on the router until you enter a commit command. That command causes the candidate configuration to become the active configuration.

You can use below command to review the change(the difference between candidate and active configuration) before you commit:

user@router# show | compare rollback 0
[edit interfaces ge-0/0/0 unit 0]
+ family iso;

You can make all your changes, check them as many times as you like during the configuration process, and only commit them when you are ready and are sure the changed configuration looks right.

Even more, you can compare all previously commit changes(up to 50) by below command:

user@router# show | compare rollback ?
Possible completions:
0 2014-03-24 14:11:30 UTC by lab via cli
1 2014-03-19 10:55:50 UTC by lab via cli
2 2014-03-18 15:43:37 UTC by lab via cli
3 2014-03-18 15:17:23 UTC by lab via cli
...
49 2014-03-11 02:40:59 UTC by root via cli


[edit]
user@router# show | compare rollback 1
[edit protocols ospf]
+ export default-static;
- export static-default
[edit policy-options]
+ policy-statement default-static {
+ from protocol static;
+ then accept;
+ }


Junos provides another automatic rollback mechanism to returns to the previous version of the configuration. To use commit confirmed to rollback to previously configuration if you did not commit again during that time period you defined (default is 10mins):

[edit]
user@router# commit confirmed
commit confirmed will be automatically rolled back in 10 minutes unless confirmed
commit complete


# commit confirmed will be rolled back in 10 minutes

[edit]
user@router#

# commit confirmed will be rolled back in 7 minutes
[edit]
user@router# commit
commit complete



Rollback command

If you want to get back to an earlier configuration(three days ago), you can do that in JUNOS because when you do a commit and the candidate configuration becomes the active configuration, the previous configuration is saved to a hard disk on the router.

So if you want to get back to a previous configuration, you can use below command to achieve:

[edit]user@router# rollback 1
load complete

[edit]user@router# commit
commit complete

Hint1: DO REMEBER to commit after you rollback!
Hint2: rollback 0 is the Candidate Configuration which included the commands not commit yet. If you executed "rollback 0", it means you abort all the changes and rollback to the original configuration you commit last time!

JUNOS saves the last 49 configuration files. When you commit a new configuration, the old active configuration is saved as juniper.conf.1. What was juniper.conf.1 becomes juniper.conf.2, what was juniper.conf.2 becomes juniper.conf.3, and so on. 

So if you want to go back to some config older than the most recently saved one, you can do that. For example if you enter rollback 3, juniper.conf.3 – the configuration that was active before the last three commits – is loaded back into the candidate configuration.

Save Command

Sometimes you would like to save the "golden" configuration(which is running for a long time without any issue) as a permanent file as an rescue configuration, then you can apply below command:

[edit]
user@host# save golden_config_20140325.cfg
Wrote 367 lines of configuration to 'golden_config_20140325.cfg' 


[edit]
user@host# run file list
/cf/var/home/lab/:
.ssh/golden_config_20140325.cfg


As you see, the files will be located at the login user home directory.

Actually, you have another choice to save current configuration as rescue config:

user@host> request system configuration rescue save
user@host>

If you want to rollback the rescue config, you can use below command:

[edit]
user@router# rollback rescue
load complete 

[edit]
user@router# commit
commit complete



Load Command

When you got a old juniper device and you would like to reset it to default, you can use below command:

[edit]
user@router# load factory-default
warning: activating factory configuration

[edit]
user@router# commit
commit complete

In JUNOS configuration mode, it provides a great feature which let you to load a partial config from terminal, it helps a lot in most changes when you only have soft copy of another JUNOS online configuration in hierarchical format.

For example, I got a SOP configuration as below from my colleague, but such configuration cannot just like Cisco IOS to paste it to apply.(This would be one of most difficulties when Cisco IOS engineer start learning JUNOS)

protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.0;

            interface lo0.0;
        }
    }
}


So how can you use copy & paste to apply to the target change router?

[edit]
lab@router# load merge terminal 
[Type ^D at a new line to end input]
protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.0;
            interface lo0.0;
        }
    }
}
load complete

[edit]
lab@router# commit 
commit complete

But you should be aware when you use this command which hierarchical level you are, because if your SOP configuration is just a part of specific hierarchical level code it might not be able to apply without proper command.

For example: as below incomplete config should be under [policy-options] hierarchical level

    policy-statement Export_to_EBGP {
        from {                          
            protocol static;
            route-filter 10.0.0.0/8 orlonger;
        }
        then accept;
    }

If you did not change to correct hierarchical level, you would see the error message:

[edit]
lab@router# load merge terminal 
[Type ^D at a new line to end input]
    policy-statement Export_to_EBGP {
        from {                          
            protocol static;
terminal:1:(20) syntax error: policy-statement
  [edit]
    'policy-statement Export_to_EBGP {'
      syntax error
            route-filter 10.0.0.0/8 orlonger;
        }
        then accept;
    }
^C[abort]

When you see the error message, what you can do is use Ctrl-C to abort it, then try again!

[edit]
lab@router# edit policy-options 

[edit policy-options]
lab@router# load merge terminal 
[Type ^D at a new line to end input]
    policy-statement Export_to_EBGP {
        from {                          
            protocol static;
terminal:1:(20) syntax error: policy-statement
  [edit]
    'policy-statement Export_to_EBGP {'
      syntax error
            route-filter 10.0.0.0/8 orlonger;
        }
        then accept;
    }
^C[abort]

You might feel a little frustrated..let me show you the correct command:

[edit policy-options]
lab@router# load merge terminal relative 
[Type ^D at a new line to end input]
    policy-statement Export_to_EBGP {
        from {                          
            protocol static;
            route-filter 10.0.0.0/8 orlonger;
        }
        then accept;
    }
load complete

[edit policy-options]
lab@router# commit 
commit complete

When you got a partial config which was under specific hierarchical level, you should change to the correct hierarchical level then use the command load merge terminal relative then paste the configuration and do remember commit it to make it take effect!
Post a Comment