When a configuration is pushed from Director or Concerto to a VOS device, and the change results in a disruption of connectivity between the VOS device and the Director, the configuration will automatically roll back to previous working configuration. 


Scenarios That Can Disrupt Connectivity Between Director and VOS Device

Several configuration changes can break the connectivity between the Director and the VOS device. Common examples include:

  • WAN IP Changes: Connectivity remains intact as long as at least one underlay transport remains unchanged during the configuration push.
  • Changes to IKE/IPsec Parameters: Incorrect configurations, such as an incorrect pre-shared key (PSK), mismatched Diffie-Hellman (DH) group, or incompatible encryption algorithms, can disrupt connectivity.
  • Invalid BGP Configuration: Incorrect BGP settings between the Branch/Hub and the Controller can cause communication issues.


Mechanisms for Automatic Rollback of Invalid Configurations

Two primary mechanisms are available to ensure automatic rollback in the event of an invalid configuration:

  1. NetConf-based Auto Rollback

    When the Director pushes a configuration to the VOS device, it requests confirmation from the device commit went through fine. If connectivity is lost between the Director and the VOS device cannot confirm the commit, the configuration is automatically rolled back to its previous state.

  2. Connectivity Monitoring on the VOS Device

    The VOS device continuously monitors its connectivity to the Controller. If connectivity is lost within 13 minutes after a configuration push from the Director, the configuration will be automatically rolled back, provided the device has not been rebooted within the previous 10 minutes.

How to push configuration which may break connectivity between Director and VOS?

There may be legitimate use cases where pushing configurations—such as changing all WAN IP addresses or modifying underlay transport routes—could disrupt connectivity. In these cases, it is recommended to commit the configuration with the "reboot" option.

The "reboot" option bypasses connectivity validation checks and pushes the configuration directly to the VOS device. If any issues arise that prevent the VOS device from re-establishing connectivity with the Controller or Director, the configuration will not be rolled back.

How to Apply Configuration with Reboot Option on Director:


How to Apply Configuration with Reboot Option on Concerto:


Releases Supported: 20.2 and above.