Forum Discussion

Zaq_340228's avatar
Zaq_340228
Icon for Nimbostratus rankNimbostratus
Nov 08, 2017

Quick rollback

Hi,

 

I wonder if there is an option to quickly rollback configuration change? Feature similar to checkpoint on the Cisco Nexus platform. Requirement would be for this rollback to not impact connections.

 

application delivery
LTM
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Nov 08, 2017

    If you've made changed in the command line you can reload the bigip.conf.bak file although this isn't ideal and only advised to get you out of a mess - Reloading this file will re-start TMM and would potentially drop connections.

     

    If using an HA pair, you can sync the previous changes back to the active device - or promote the device with the old config on to active (assuming you don't have auto-sync enabled) This would be the safest method and would reduce impact to current sessions (depending how you have VIPs configured - mirroring etc)

     

    Unfortunately there is no Nexus style equivalent feature for rolling back a change.. just planning :)

     

  • MvdG's avatar
    MvdG
    Icon for Cirrus rankCirrus
    Nov 08, 2017

    Hi,

     

    You could create an archive before the changes and restore this archive in case you need to rollback. But this also causes an impact on connections.

     

    The best way is the option MrPlastic mentions. Make the configuration on the Active member and is case of issues, fail-over to the Standby member which should have the old configuration if Auto-Sync is disabled.

     

    Martijn

     

  • Zaq_340228's avatar
    Zaq_340228
    Icon for Nimbostratus rankNimbostratus
    Nov 08, 2017

    Thank you guys. The solution with HA looks interesting but think that when I disable synchronization then info about new connections will not go to the standby box right? If so then when i failover then i will lose those clients that established connection in that short period of time.

     

    • MvdG's avatar
      MvdG
      Icon for Cirrus rankCirrus
      Nov 08, 2017

      Zaq,

       

      There is a difference between configuration sync and connection sync (called mirroring).

       

      Configuration sync is configured in so called Device Groups and is only applicable for configuration changes. You can configure auto-sync. A change on the Active member is synced right away to the Stanby member. When you disable auto-sync, you manually have to sync the configuration to the Standby member.

       

      Connection sync (mirroring) is configured on the virtual server by selecting the Advanced pull down menu in the virtual server configuration page. Keep in mind not all connections can be synced (using client en server SSL profiles for example) and it may have impact on the performance.

       

      Martijn

       

    • Lee_Sutcliffe's avatar
      Lee_Sutcliffe
      Icon for Nacreous rankNacreous
      Nov 08, 2017

      I think you're confusing synchronisation (the sync-ing of system configuration) with Mirroring (the duplication of connection state information with the peer device)

       

      You can configure mirroring on a per virtual server basis. You only need to mirror services such as FTP which will break if there the session is broken. Services such as HTTP will continue to work during a failover as the clients will re-connect without the users knowing.