cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1747
Views
0
Helpful
3
Replies

Exception found failing to rollback configuration on ACI 4.1(2x)

clement_cheung
Level 1
Level 1

Hi

 

I am testing a new fabric running ACI 4.1(2x), and encounter rollback exception.  The steps I took in the test was simple:

1) Take a snapshot

2) Create a dummy tenant

3) Rollback the snapshot

Step 3 failed.  Fault dump is attached.

Please help.

3 Replies 3

Remi-Astruc
Cisco Employee
Cisco Employee

Hi @clement_cheung ,

Can you please show the following APIC CLI output:

moquery -c fvIPSLAMonitoringPol

 

Remi Astruc

For what its worth, I am seeing this same issue running 14.2(6d) and here is the output you requested from our apic-

 

apic01# moquery -c fvIPSLAMonitoringPol
Total Objects shown: 1

# fv.IPSLAMonitoringPol
name : default
annotation :
childAction :
descr :
dn : uni/tn-common/ipslaMonitoringPol-default
extMngdBy :
lcOwn : local
modTs : 2018-01-02T03:40:40.008-05:00
monPolDn : uni/tn-common/monepg-default
nameAlias :
ownerKey :
ownerTag :
rn : ipslaMonitoringPol-default
slaDetectMultiplier : 3
slaFrequency : 60
slaPort : 0
slaType : tcp
status :
uid : 0

 

davidkosich1
Level 1
Level 1

The behavior seems to have changed in 4.x code. We were able to work around this by changing the default IP SLA policy under the Common tenant, and changed TCP port from 0 to 1. After the change, we can now roll back to any NEW checkpoints (created after the IP SLA workaround), but looks like any created before hand are no longer vlaid. 

 

We dont use IP SLA, so we suspect this setting was set to TCP during a initial XML push when the fabrics were setup with Cisco AS. 

 

Looking at the release notes, this maybe is you are hitting based on your screenshot:

 

Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. Because of the validation, when TCP is configured as the IP SLA type, Cisco APIC no longer accepts an IP SLA port value of 0, which was allowed in previous releases. An IP SLA monitor policy from a previous release that has an IP SLA port value of 0 becomes invalid if the Cisco APIC is upgraded to release 4.1(1) or later. This results in a failure for the configuration import or snapshot rollback.

The workaround is to configure a non-zero IP SLA port value before upgrading the Cisco APIC, and use the snapshot and configuration export that was taken after the IP SLA port change.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License