Compare the configuration between two commits using show system rollback compare

In Junos you have the possibility to see what has been changed between two commit actions using the command “show system rollback compare”.

The output of the command will show you the configuration difference and the commit actions that are compared don’t need to be sequentially.

Let’s see an example. I will add three family ethernet-switching filters and do a commit after each one was added.

In total, there will be three commit actions:

{master:1}[edit]
lab@EX4200-VC# set firewall family ethernet-switching filter F_1 term 1 then accept

{master:1}[edit]
lab@EX4200-VC# commit
fpc1:
configuration check succeeds
fpc0:
commit complete
fpc1:
commit complete

{master:1}[edit]
lab@EX4200-VC# set firewall family ethernet-switching filter F_2 term 1 then accept

{master:1}[edit]
lab@EX4200-VC# commit
fpc1:
configuration check succeeds
fpc0:
commit complete
fpc1:
commit complete

{master:1}[edit]
lab@EX4200-VC# set firewall family ethernet-switching filter F_3 term 1 then accept

{master:1}[edit]
lab@EX4200-VC# commit
fpc1:
configuration check succeeds
fpc0:
commit complete
fpc1:
commit complete

{master:1}[edit]
lab@EX4200-VC#

Now, the configuration shows three filters under family ethernet-switching configuration hierarchy:

{master:1}[edit]
lab@EX4200-VC# show firewall family ethernet-switching
filter F_1 {
    term 1 {
        then accept;
    }
}
filter F_2 {
    term 1 {
        then accept;
    }
}
filter F_3 {
    term 1 {
        then accept;
    }
}

{master:1}[edit]
lab@EX4200-VC#

These are the commit timestamps:

{master:1}
lab@EX4200-VC> show system commit
0   2015-08-25 02:37:29 EDT by lab via cli commit synchronize
1   2015-08-25 02:37:12 EDT by lab via cli commit synchronize
2   2015-08-25 02:36:51 EDT by lab via cli commit synchronize
3   2015-08-25 02:36:03 EDT by lab via cli commit synchronize

Let’s say that you want to see what has changed between the second commit(02:37:12) and the third commit(02:36:51).

One option would be to do a “show configuration | compare rollback 2” and a “show configuration | compare rollback 3” like this:

{master:1}
lab@EX4200-VC> show configuration | compare rollback 2
[edit firewall family ethernet-switching]
      filter F_1 { ... }
+     filter F_2 {
+         term 1 {
+             then accept;
+         }
+     }
+     filter F_3 {
+         term 1 {
+             then accept;
+         }
+     }

{master:1}
lab@EX4200-VC> show configuration | compare rollback 3
[edit firewall]
+    family ethernet-switching {
+        filter F_1 {
+            term 1 {
+                then accept;
+            }
+        }
+        filter F_2 {
+            term 1 {
+                then accept;
+            }
+        }
+        filter F_3 {
+            term 1 {
+                then accept;
+            }
+        }
+    }

{master:1}
lab@EX4200-VC>

The difference is that we added F_1 filter. In this case, it’s very easy to see the difference because the difference is very small.

But imagine if you have configuration changes done in multiple configuration hierarchies. It’s almost impossible to figure out what has been done between each commit.

Here can help you the “show system rollback compare” command:

{master:1}
lab@EX4200-VC> show system rollback compare 2 3
[edit firewall]
-    family ethernet-switching {
-        filter F_1 {
-            term 1 {
-                then accept;
-            }
-        }
-    }

{master:1}
lab@EX4200-VC>

This will show you that rollback 3 misses the configuration of F_1.

You can execute the command and compare the configuration the other way around and see what rollback 2 has in addition to rollback 3

{master:1}
lab@EX4200-VC> show system rollback compare 3 2
[edit firewall]
+    family ethernet-switching {
+        filter F_1 {
+            term 1 {
+                then accept;
+            }
+        }
+    }

{master:1}
lab@EX4200-VC>

The equivalent of “show configuration | compare rollback 1” where you can see what was the last configuration change:

{master:1}
lab@EX4200-VC> show configuration | compare rollback 1
[edit firewall family ethernet-switching]
      filter F_2 { ... }
+     filter F_3 {
+         term 1 {
+             then accept;
+         }
+     }

{master:1}
lab@EX4200-VC>

is this one:

{master:1}
lab@EX4200-VC> show system rollback compare 1 0
[edit firewall family ethernet-switching]
      filter F_2 { ... }
+     filter F_3 {
+         term 1 {
+             then accept;
+         }
+     }

{master:1}
lab@EX4200-VC>

Using “show system rollback compare” you can see what were the changes performed between any two commit actions.

The following two tabs change content below.

• Bio
• Latest Posts

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Latest posts by Paris ARAU (see all)

• Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
• Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
• Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
• Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
• Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018