Cisco Nexus Checkpoint & Rollback [NX-OS]

Introduction:

The Cisco NX-OS checkpoint feature provides the capability to capture at any time a snapshot (backup) of the Cisco Nexus configuration before making any changes. The captured configuration (checkpoint) can then be used to roll back and restore the original configuration.

Configuration:

1- Create Checkpoint:

Switch(config)# checkpoint Checkpoint-1 description *** Testing the checkpoint feature ***
.....Done

2- Verification:

N5k-UP(config)# show checkpoint summary

3- Call Rollback:

The next rollback command options are provided for the Nexus 5000, Nexus 7000 and Nexus 9000 Series:

Atomic: This is the default rollback type and applies the rollback file only if no errors occur
Verbose: This option displays the execution log and allows the user to see the applied configuration

In addition, the Nexus 7000 and Nexus 9000 Series supports the following extra rollback options:

Best-effort: Implement a rollback and skip any errors
Stop-at-first-failure: Implement a rollback that stops if an error occurs

Switch(config)# rollback running-config checkpoint Checkpoint-1 ?
<CR>
atomic Stop rollback and revert to original configuration (default)
verbose Show the execution log

system-generated checkpoint:

The system-generated checkpoint name convention has the format system-fm-feature. To help illustrate this automated feature we attempted to disable the VRRP feature on our Nexus 5000 therefore triggering the system to create a checkpoint. First we confirm the VRRP feature is enabled by issuing the show feature | include vrrp command then disable it and then verify it has been disabled:

Switch(config)# no feature vrrp

vrrp 1 disabled

Switch# show checkpoint summary
User Checkpoint Summary
--------------------------------------------------------------------------------
1) Checkpoint-1:
Created by admin
Created at Thu, 08:10:29 22 May2017
Size is 15,568 bytes
Description: *** Testing the checkpoint feature ***
System Checkpoint Summary
--------------------------------------------------------------------------------
2) system-fm-vrrp:
Created by admin
Created at Thu, 11:31:41 22 May2010
Size is 15,581 bytes
Description: Created by Feature Manager.

NX-OS CHECKPOINT & ROLLBACK LIMITATIONS & Guidelines:

The maximum number of checkpoints supported is equal to ten (10).
Checkpoints are stored in an internal repository not accessible by the common user.
Checkpoints are persistent and synced between redundant supervisors.
It is not possible to apply or import the checkpoint file from another Nexus switch. Checkpoints can only be used on the device they were created on.
Only one user at a time can perform a checkpoint, rollback, or copy of the running configuration to the startup configuration.
Checkpoints are cleared from the system’s database after executing the write erase or reload command (switch reload).
Checkpoints can be manually cleared by running the clear checkpoint database command. The checkpoints saved to the bootflash are not affected by the aforementioned commands.
Checkpoints are only local to the NX-OS switch.
Rollback using files stored in bootflash is supported only if it has been created using the checkpoint command.
Checkpoint names must be unique. You cannot overwrite previously saved checkpoints. If attempting to overwrite existing checkpoints the user will receive the following error: ERROR: ascii-cfg: Checkpoint Name already exists (err id 0x405F002B)
Checkpoints are local to a virtual device context (VDC) for the Nexus 7000.
Rollback is not supported in the storage VDC for the Nexus 7000
Rollback is not supported on the Nexus 5000 after enabling the FCoE feature. System will generate the following error after enabling the FCoE feature: ERROR: FCOE is enabled. Disabling rollback module.