Skip to content

Commit 0ca3604

Browse files
sushantjraosushantjrao
committed
Applied Acrolinix
1 parent f830a3a commit 0ca3604

File tree

2 files changed

+72
-52
lines changed

2 files changed

+72
-52
lines changed

articles/operator-nexus/concepts-commit-workflow-v2.md

Lines changed: 46 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: Azure Operator Nexus Network Fabric - Commit Workflow v2
2+
title: Azure Operator Nexus Network Fabric - Commit Workflow v2
33
description: Learn about Commit Workflow v2 process in Azure Operator Nexus – Network Fabric
44
author: sushantjrao
55
ms.author: sushrao
@@ -19,9 +19,9 @@ With this update, users can lock configuration states, preview device-level chan
1919

2020
Commit Workflow v2 is built around a structured change management flow. The following core features are available:
2121

22-
- **Explicit configuration locking:** Users must explicitly lock the configuration of a Network Fabric resource after making changes. This ensures updates are applied in a predictable and controlled manner.
22+
- **Explicit configuration locking:** Users must explicitly lock the configuration of a Network Fabric resource after making changes. This process ensures updates are applied in a predictable and controlled manner.
2323

24-
- **Full device configuration preview:** Enables visibility into the exact configuration that will be applied to each device before the commit. This helps validate intent and catch issues early.
24+
- **Full device configuration preview:** Enables visibility into the exact configuration that is applied to each device before the commit. This helps validate intent and catch issues early.
2525

2626
- **Commit configuration to devices**
2727
Once validated, changes can be committed to the devices. This final step applies the locked configuration updates across the fabric.
@@ -54,52 +54,70 @@ Commit Workflow v2 introduces new operational expectations and constraints to en
5454

5555
- **Availability & Irreversibility**
5656

57-
Commit Workflow v2 is only available after upgrading to Runtime Version 5.0.1. Once upgraded, reverting to Commit Workflow v1 is not supported.
57+
Commit Workflow v2 is only available after upgrading to Runtime Version 5.0.1. Once upgraded, reverting to Commit Workflow v1 is n't supported.
5858

5959
- **Configuration lock requirements**
6060

6161
Locking is only possible when:
6262

63-
- There is no ongoing commit operation.
63+
- There is no ongoing commit operation.
6464

65-
- The fabric is not in maintenance or upgrade mode.
65+
- The fabric is not in maintenance or upgrade mode.
6666

67-
- The fabric is in an administrative enabled state.
67+
- The fabric is in an administrative enabled state.
6868

6969
- **Unsupported during maintenance or upgrade**
7070

71-
Configuration Lock and View Device Configuration are not allowed during maintenance or upgrade windows.
71+
Configuration Lock and View Device Configuration aren't allowed during maintenance or upgrade windows.
7272

7373
- **Commit is final**
7474

75-
Once a configuration is committed, it cannot be rolled back. Future changes must go through another lock-commit cycle.
75+
Once a configuration is committed, it can't be rolled back. Future changes must go through another lock-commit cycle.
7676

7777
### Supported resource actions via Commit workflow v2 (when parent resources are in administrative state – Enabled)
7878

79-
| **Requires Commit Workflow (Impacts Device Config)** | **Does NOT Require Commit Workflow (ARM-level only)** |
80-
| ---------------------------------------------------- | ----------------------------------------------------- |
81-
| Updates to Network Fabric | ISD Creation (L2/L3) |
82-
| Updates to NNI | Network TAP, Neighbor Group creation/updates |
83-
| Updates to Isolation Domains (L2/L3) | IP Prefix / IP Community (unattached) |
84-
| Internal/External Network updates (L3 ISD) | ACL creation not attached to any parent resource |
85-
| Route Policy changes (attached) | NFC creation/updates |
86-
| ACLs (attached to NNI, External, ISD) | Tag updates |
87-
| IP Prefix / Community changes (attached) | Resource delete when disabled and not attached |
88-
| Additional descriptions to Network Devices | Admin actions like enable/disable, upgrade, RMA |
89-
| Network Monitor updates (with Fabric ID) | Deletion of all NNF resources |
79+
| **Supported resource actions which require commit workflow** | **Unsupported resource actions which doesn’t require commit workflow** |
80+
| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
81+
| **All resource updates impacting device configuration:** | **Creation/updating of resources not impacting device configuration:** |
82+
| - Updates to Network Fabric resource | - Creation of ISD (L3 and L2) |
83+
| - Updates to Network-to-Network Interconnect (NNI) | - NFC creation/updates |
84+
| - Updates to Isolation Domains (L2 and L3) | - Creation and updates to Network TAP rules, Network TAP, Neighbor groups |
85+
| - Creation and updates to Internal and External Networks of enabled L3 ISD | - Creation of new Route Policy and connected resources (IP Prefix, IP Community, IP Extended Community) |
86+
| - Addition/updates/removal of Route Policy in Internal, External, ISD, and NNI resources | - Update of Route Policy and connected resources when **not attached** to ISD/Internal/External/NNI |
87+
| - Addition/updates/removal of IP Prefixes, IP Community, and Extended IP Community when **attached** to Route Policy or Fabric | - Creation/update of new ACL which is **not attached** |
88+
| - Addition/updates/removal of ACLs to Internal, External, ISD, and NNI resources | |
89+
| - Addition/updates/removal of Network Fabric resource in Network Monitor resource | |
90+
| - Additional description updates to Network Device properties | |
91+
| - Creation of multiple NNI | |
92+
| | **ARM resources updates only:** |
93+
| | - Tag updates for all supported resources |
94+
| | **Other administrative actions and post actions:** |
95+
| | - Enabling/Disabling ISD, RMA, Upgrade, and all administrative actions (enable/disable), serial number update <br> - Deletion of all NNF resources |
96+
9097

9198

9299
### Allowed actions after configuration lock
93100

94-
| **Supported Actions** | **Unsupported Actions** |
95-
| ------------------------------------------------------------------- | --------------------------------------------------- |
96-
| Update NFC | Create/update NNI, ISDs, Internal/External Networks |
97-
| Create/update/delete Network TAP rules, TAP, Neighbor Groups | Modify Route Policies, ACLs (if attached) |
98-
| Create/update IP Prefix / IP Community (unattached) | Modify Network Monitor attached to Fabric |
99-
| Read operations across NNF resources | Delete enabled resources |
100-
| Delete disabled, unattached resources | All admin actions (e.g., enable/disable, RMA) |
101-
| Lock Fabric, View Device Config, Commit Config, Check commit status | Other post-actions must be performed before locking |
101+
Here's a clear, structured table showing **Supported actions post configuration lock is enabled on the fabric**, categorized by type of action and support status:
102+
103+
---
104+
105+
### **Supported and unsupported actions Post configuration lock**
106+
107+
| **Actions** | **Supported resource actions when fabric is under configuration lock** | **Unsupported resource actions when fabric is under configuration lock** |
108+
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
109+
| **Resource Actions (CUD)** | - **NFC** (Only *Update*)<br>- **Network TAP rules**, **Network TAP**, **Neighbor Group** *(Create, Update, Delete)* <br>- **ACL** *(Create/Update)* when **not attached** to parent resource<br>- **Network Monitor** created **without Fabric ID**<br>- **Creation/Update** of **IPPrefix**, **IPCommunity List**, **IPExtendedCommunity** when **not attached** to Route Policy<br>- **Read** of all NNF resources<br>- **Delete** of **disabled** resources and **not attached** to any parent resources | - No CUD operations allowed on:<br>  • **Network-to-Network Interconnect (NNI)**<br>  • **Isolation Domains (L2 & L3)**<br>  • **Internal/External Networks** (Additions/Updates)<br>  • **Route Policy**, **IPPrefix**, **IPCommunity List**, **IPExtendedCommunity**<br>  • **ACLs** when **attached to parent resources** (e.g., NNI, External Network)<br>  • **Network Monitor** when **attached to Fabric**<br>  • **Deletion** of all **enabled** resources |
110+
| **Post Actions** | - **Lock Fabric** (administrative state)<br>- **View Device Configuration**<br>- **Commit Configuration**<br>- **ARMConfig Diff** <br>- **Commit batch status** | - All other post actions are **blocked** and must be done **prior to enabling configuration lock** |
111+
| **Service Actions / Geneva Actions** | - N/A | - **All service actions are blocked** |
112+
113+
114+
### Supported and unsupported actions under administrative lock
102115

116+
| **Actions** | **Supported Resources** | **Unsupported Resources** |
117+
| ------------------------------------ | -------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
118+
| **Resource Actions (CUD)** | - **NFC**: Update operation allowed<br>- **All read operations** to all Network Fabric resources are supported | **All CUD (Create, Update, Delete) operations are not supported** on the following Network Fabric resources:<br> - L2 ISD<br> - L3 ISD<br> - RCF<br> - IPPrefix (if connected to RCF)<br> - IPCommunity (if connected to RCF)<br> - IPExtendedCommunity (if connected to RCF)<br> - ACL<br> - Internal Networks<br> - External Networks<br> - NPB<br> - Network TAP<br> - Network TAP Rule<br> - Neighbor Group<br> - Network Monitor<br> - Network Fabric<br> - Network Device |
119+
| **Post Actions** | - **Unlock Fabric** (administrative state) | **All other post actions are blocked** |
120+
| **Service Actions / Geneva Actions** | *(None supported)* | **All service actions are blocked**
103121

104122
## Next steps
105123

0 commit comments

Comments
 (0)