two-stage commit config for NX-OS

if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR.

what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this:

nxos10# configure dual-stage 
Enter configuration commands, one per line. End with CNTL/Z.
nxos10(config-dual-stage)# interface vlan 888
nxos10(config-dual-stage-if)# ip address 192.168.88.1/24
nxos10(config-dual-stage-if)# no shut
nxos10(config-dual-stage-if)# [and rest of the interface configuration]

! let's double-check we don't have this VLAN yet in configuration
! at this point:

nxos10(config-dual-stage-if)# do sh ip int brief

IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan33               192.168.33.1    protocol-up/link-up/admin-up       
Vlan66               192.168.66.1    protocol-up/link-up/admin-up       
Vlan555              192.168.55.1    protocol-up/link-up/admin-up
Vlan999              192.168.99.1    protocol-up/link-up/admin-up     

! now, let's commit the changes we did

nxos10(config-dual-stage-if)# commit 
Verification Succeeded.

Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Configuration committed by user 'cisco' using Commit ID : 1000000001

! ...and the interface is already in the config:

nxos10(config-dual-stage)# do sh ip int brief

IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan33               192.168.33.1    protocol-up/link-up/admin-up       
Vlan66               192.168.66.1    protocol-up/link-up/admin-up       
Vlan555              192.168.55.1    protocol-up/link-up/admin-up
Vlan888              192.168.88.1    protocol-up/link-up/admin-up    
Vlan999              192.168.99.1    protocol-up/link-up/admin-up

obviously, you can also roll back to the specific commit configuration, as every commit has it’s own ID:

nxos10# rollback configuration to 1000000001

you can also check changes for specific commit by its ID:

nxos10# show configuration commit changes 1000000001
*** /bootflash/.dual-stage/1000000001.tmp       Mon Jul 12 17:14:49 2021
--- /bootflash/.dual-stage/1000000001   Mon Jul 12 17:14:51 2021
***************
*** 535,540 ****
--- 535,543 ----
  
+ interface Vlan888
+   ip address 88.88.88.1/24
+

and during configuration session, you can also check what’s currently in the session before you commit it to running config (to double-check if we didn’t make any errors/typos):

nxos10(config-dual-stage-if)# show configuration 
! Cached configuration
!
interface Vlan888
 no ip unreachables
 no shutdown
 ip redirects

right now, NX-OS 2-stage commit is not as rich and extended as IOS XR one, but it’s great to see that significant enhancement in OS existing for extended period of time already.

happy committing :)