More to explore

Keep Track of Router Configurations with Configuration Archive

by Ivan Pepelnjak

In the previous IP Corner article, Router Configuration Management … Too Good to be True? I’ve described two router configuration management features introduced in IOS release 12.4: Contextual Configuration Diff and Configuration Change Notification and Logging. Today, we’ll focus on Configuration Archive, which helps you answer the following questions:

Do we have a backup of a working configuration?

What was the router configuration before the last mistake was committed to the startup configuration?

Do I have a copy of the configuration that was used a month ago?

Configuration Archive

The Configuration Archive is a simple, yet powerful concept: every time the router operator requests it (or periodically, if so configured), the router stores its current configuration on an external storage. The external file names can include router name, configuration date-and-time, as well as a configuration version number.

Note

Configuration version number is an increasing integer reset to one on every router reload.

The integration of Configuration Archive with IOS file system is perfect – you can store archived configurations using any file transfer protocol your IOS release supports (FTP, RCP, TFTP, HTTP, HTTPS or SCP), or on Class C flash systems, internal drives, or USB drives.

Note

You’ll find more information about the various file transfer protocols in the IP Corner article Using a Web Server to Manage Your Router Configurations.

The Configuration Archive feature is started with the path configuration command (within the archive configuration section) that specifies the path to archive (internal or external). Additional configuration options (maximum, time-period and write-memory) fine-tune the archiving operation. Command syntax of all relevant commands in summarized in Table 1.

Table 1

Configuring IOS Configuration Archive feature

Configuration command syntax

Explanation

archive

Enters the configuration archive configuration mode.

path file-system-path

Specifies the configuration archive path. The path might include $h (replaced by router’s host name) and $t (replaced by current date and time). A dash and the current backup version number are automatically appended to the path.

maximum number

Specifies the maximum number of archive entries the router remembers in its internal table (up to 14).

time-period time-in-minutes

Specifies the interval (in minutes) between automatic archive creations.

write-memory

Enables automatic generation of a configuration backup prior to write memory or copy running-config startup-config operation.

Note

You cannot include the $t parameter in the path command if you store configurations to a Windows-based platform, as the date-and-time string contains colons (:) which are not valid characters in Windows filenames.

Whenever a Configuration Archive is requested, the router performs the following tasks:

Textual representation of the current running configuration is generated (as with the show running-config command).

The current backup version number is appended to the specified file path.

The router tries to store the running configuration to the calculated (local or remote) file name.

If the archiving operation has been successful, the router saves the archive file name in an internal circular buffer (up to 14 entries long).

The backup version number is incremented by one.

The Configuration Archive request can be triggered from three sources:

Manually with the archive config command.

Periodically every N minutes if you’ve configured the time-period (regardless of whether there has been any change in the running configuration).

Whenever the running configuration is stored into NVRAM with the write memory command or its equivalent.

Configuration Archive Example

Let’s assume you have configured a web server to support PUT requests (detailed configuration guidelines can be found in the IP Corner article Using a Web Server to Manage Your Router Configurations). To use that web server for Configuration Archive, use the IOS configuration commands from Listing 1.

Listing 1

Sample Configuration Archive configuration

! Web server host name (optional)

ip host WebServer 192.168.0.2

!

archive

 path http://WebServer/config/$h.cfg

 write-memory

!

! HTTP username+password; can also appear as part of path URL

!

ip http client username student

After the Configuration Archive has been configured, you can store the current router configuration into the archive with the archive config privileged mode command (Listing 2). The command displays the archived configuration file name and (if it fails) the error status.

Listing 2

Archiving current configuration

test#archive config

Storing http://WebServer/config/test.cfg-7 !

Similarly, the configuration is archived (if you’ve enabled write-memory option) whenever the running configuration is stored into NVRAM (Listing 3).

Listing 3

Archiving the configuration during the write memory operation

fw#write memory

Building configuration...

[OK]

Storing http://WebServer/config/test.cfg-8 !

The names of the latest archived configurations can always be listed with the show archive command (Listing 4).

Listing 4

Circular buffer of archived configurations’ file names

fw#show archive

The next archive file will be named http://WebServer/config/fw.cfg-11

 Archive #  Name

   0

   1       http://WebServer/config/fw.cfg-1

   2       http://WebServer/config/fw.cfg-2

   3       http://WebServer/config/fw.cfg-3

   4       http://WebServer/config/fw.cfg-4

   5       http://WebServer/config/fw.cfg-5

   6       http://WebServer/config/fw.cfg-6

   7       http://WebServer/config/fw.cfg-7

   8       http://WebServer/config/fw.cfg-8

   9       http://WebServer/config/fw.cfg-9

   10       http://WebServer/config/fw.cfg-10 <- Most Recent

   11

   12

   13

   14

Advanced Deployment Scenarios

Using a remote server as a file store for your routers is just the most basic integration of Configuration Archive function into your network management framework. If you use traditional file transfer protocols (TFTP, FTP, RCP or SCP), that’s also the maximum you can get, but if you use HTTP or HTTPS transport, the possibilities are virtually unlimited.

Both open-source Apache web server and Internet Information Services (IIS) from Microsoft support the PUT scripts – the ability to execute a server-side script upon a PUT request. A PUT script is the only option offered by the Apache web server; IIS implements PUT requests as file write requests by default and you have to configure application-specific PUT functionality with the IIS Manager application.

Once you’ve configured your web server to implement PUT requests with server-side scripts, the routers can request execution of those scripts when archiving their configuration. For example, the configuration in Listing 5 would execute server-side script /config/save.php with two parameters: parameter host would be equal to the router’s host name and the parameter version would contain the backup version number preceded by a dash (the backup version is always appended to the path parameter).

Listing 5

Using server-side scripts for configuration archive

archive

 path http://WebServer/config/save.php?host=$h&version=

Note

You have to use the escape sequence Ctrl-V,? to enter question mark into a configuration command.

The server-side script receiving the archived router configuration can simply store it into a text file, or it could store it into an SQL database, possibly annotated with a list of differences from the previously saved configurations.

You can also combine Configuration Archive with IOS Embedded Event Manager (EEM) to do a periodic Configuration Archive at preset times of low network activity (if you configure periodic Configuration Archive with the time-period command, it might start building the running configuration when your router is most busy). The simplest EEM applet to achieve that is a cron-based applet that executes the archive configuration every day at a fixed time (the example in Listing 6 would do the archive every morning at 1 AM).

Note

You’ll find an in-depth discussion of the EEM in one of the future IP Corner articles.

Listing 6

Cron-based configuration archive

event manager applet ArchiveConfiguration

 event timer cron name ArchiveConfiguration cron-entry "0 1 * * *"

 action 1.0 cli command "archive config"

If you store the router configurations in a remote file store (you’re not using PUT scripts as described above), you’d probably want to archive the router configuration only if something has actually changed. While this can easily be achieved with the EEM Tool Command Language (Tcl), not everyone is very fluent in that scripting language, so you might appreciate a solution with EEM applets (which does require a bit of creative gymnastics around the limitations of EEM applets):

Whenever a router configuration is changed, the router generates a syslog message containing the –CONFIG_ substring. An EEM applet (ConfigChange applet in Listing 7) is run whenever such a syslog message is detected and sets the ConfigCounter EEM counter to two.

At predefined times, a cron-based EEM applet (DailyConfigCheck applet in Listing 7) decreases the ConfigCounter by one.

Note

If there has been a configuration change in the previous time interval, the counter would be decreased to one; otherwise it would be decreased to zero (a counter value cannot go below zero).

A third EEM applet (ArchiveModifiedConfig applet in Listing 7) triggers on ConfigCounter transition from two to one (which only happens if the configuration has been changed) and starts the archiving process.

The complete set of EEM applets is shown in Listing 7. A very similar set of EEM applets could store the modified configurations a few minutes after the last change has been made.

Listing 7

Archive the router configuration if it has been changed in the last 24 hours

event manager applet ConfigChange

 event syslog pattern "-CONFIG_"

 action 1.0 counter name ConfigCounter op set value 2

!

event manager applet DailyConfigCheck

 event timer cron name DailyConfigCheck cron-entry "0 1 * * *"

 action 1.0 counter name ConfigCounter op dec value 1

!

event manager applet ArchiveModifiedConfig

 event counter name ConfigCounter entry-val 1 entry-op eq exit-val 1 exit-op gt

 action 1.0 cli command "archive config"

 action 2.0 syslog msg "Modified configuration archived "

Summary

The Configuration Archive feature introduced in Cisco IOS release 12.4 enables you to automate the backup of router configurations. The router configurations can be stored:

Locally (if your router has USB drive or Class C flash filesystem);

On a remote file server accessible via TFTP, FTP, RCP or SCP protocol;

On a remote web server.

When using a web server for Configuration Archive, it’s possible to implement functionality far beyond simple file store using server-side PUT scripts.

The configuration backup can be triggered manually (with the archive config command), periodically (with the time-period configuration option) or whenever the running configuration is saved to NVRAM (with the write-memory configuration option). You can also use IOS Embedded Event Manager to detect configuration changes and archive the router configuration at preset times only if it has been actually modified.


Previous chapter Full article Next chapter
© 1997-2008 NIL, Terms of use