|
| 1 | +--- |
| 2 | +title: Azure Operator Nexus Network Fabric - Commit Workflow v2 |
| 3 | +description: Learn about Commit Workflow v2 process in Azure Operator Nexus – Network Fabric |
| 4 | +author: sushantjrao |
| 5 | +ms.author: sushrao |
| 6 | +ms.service: azure-operator-nexus |
| 7 | +ms.topic: conceptual |
| 8 | +ms.date: 05/16/2025 |
| 9 | +ms.custom: template-concept |
| 10 | +--- |
| 11 | + |
| 12 | +# Commit Workflow v2 in Azure Operator Nexus - Network Fabric |
| 13 | + |
| 14 | +**Commit Workflow v2** introduces a modernized and transparent approach for applying configuration changes to **Azure Operator Nexus – Network Fabric (NNF)** resources. This enhanced workflow provides better operational control, visibility, and error handling during the configuration update process. |
| 15 | + |
| 16 | +With this update, users can lock configuration states, preview device-level changes, validate updates, and commit with confidence—overcoming earlier limitations such as the inability to inspect pre/post configurations and difficulty in diagnosing failures. |
| 17 | + |
| 18 | +## Key concepts and capabilities |
| 19 | + |
| 20 | +Commit Workflow v2 is built around a structured change management flow. The following core features are available: |
| 21 | + |
| 22 | +- **Explicit configuration locking:** Users must explicitly lock the configuration of a Network Fabric resource after making changes. This process ensures updates are applied in a predictable and controlled manner. |
| 23 | + |
| 24 | +- **Full device configuration preview:** Enables visibility into the exact configuration that is applied to each device before the commit. This helps validate intent and catch issues early. |
| 25 | + |
| 26 | +- **Commit configuration to devices** |
| 27 | + Once validated, changes can be committed to the devices. This final step applies the locked configuration updates across the fabric. |
| 28 | + |
| 29 | +## Prerequisites |
| 30 | + |
| 31 | +Before using Commit Workflow v2, ensure the following environment requirements are met: |
| 32 | + |
| 33 | +### Required versions |
| 34 | + |
| 35 | +* **Runtime version**: `5.0.1` or later is required for Commit Workflow v2. |
| 36 | + |
| 37 | +* **Network Fabric API version**: `2024-06-15-preview` |
| 38 | + |
| 39 | +* **AzCLI version**: `8.0.0.b3` or later |
| 40 | + |
| 41 | +### Supported upgrade paths to runtime version 5.0.1 |
| 42 | + |
| 43 | +* **Direct upgrade**: From `4.0.0 → 5.0.1` or From `5.0.0 → 5.0.1` |
| 44 | + |
| 45 | +* **Sequential upgrade**: From `4.0.0 → 5.0.0 → 5.0.1` |
| 46 | + |
| 47 | +> [!Note] |
| 48 | +> Additional actions may be required when upgrading from version 4.0.0. Please refer to the [runtime release notes](#) for guidance on upgrade-specific steps. |
| 49 | +
|
| 50 | + |
| 51 | +## Behavior and constraints |
| 52 | + |
| 53 | +Commit Workflow v2 introduces new operational expectations and constraints to ensure consistency and safety in configuration management: |
| 54 | + |
| 55 | +- **Availability & Irreversibility** |
| 56 | + |
| 57 | +Commit Workflow v2 is only available after upgrading to Runtime Version 5.0.1. Once upgraded, reverting to Commit Workflow v1 is n't supported. |
| 58 | + |
| 59 | +- **Configuration lock requirements** |
| 60 | + |
| 61 | +Locking is only possible when: |
| 62 | + |
| 63 | +- There's no ongoing commit operation. |
| 64 | + |
| 65 | +- The fabric isn't in maintenance or upgrade mode. |
| 66 | + |
| 67 | +- The fabric is in an administrative enabled state. |
| 68 | + |
| 69 | +- **Unsupported during maintenance or upgrade** |
| 70 | + |
| 71 | +Configuration Lock and View Device Configuration aren't allowed during maintenance or upgrade windows. |
| 72 | + |
| 73 | +- **Commit is final** |
| 74 | + |
| 75 | +Once a configuration is committed, it can't be rolled back. Future changes must go through another lock-commit cycle. |
| 76 | + |
| 77 | +### Supported resource actions via Commit workflow v2 (when parent resources are in administrative state – Enabled) |
| 78 | + |
| 79 | +| **Supported resource actions which require commit workflow** | **Unsupported resource actions which doesn’t require commit workflow** | |
| 80 | +| -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | |
| 81 | +| **All resource updates impacting device configuration:** | **Creation/updating of resources not impacting device configuration:** | |
| 82 | +| - Updates to Network Fabric resource | - Creation of Isolation Domain (ISD) (L3 and L2) | |
| 83 | +| - Updates to Network-to-Network Interconnect (NNI) | - Network Fabric Controller (NFC) creation/updates | |
| 84 | +| - Updates to ISD (L2 and L3) | - Creation and updates to Network TAP rules, Network TAP, Neighbor groups | |
| 85 | +| - Creation and updates to Internal and External Networks of enabled L3 ISD | - Creation of new Route Policy and connected resources (IP Prefix, IP Community, IP Extended Community) | |
| 86 | +| - Addition/updates/removal of Route Policy in Internal, External, ISD, and NNI resources | - Update of Route Policy and connected resources when **not attached** to ISD/Internal/External/NNI | |
| 87 | +| - Addition/updates/removal of IP Prefixes, IP Community, and Extended IP Community when **attached** to Route Policy or Fabric | - Creation/update of new Access Control List (ACL) which is **not attached** | |
| 88 | +| - Addition/updates/removal of ACLs to Internal, External, ISD, and NNI resources | | |
| 89 | +| - Addition/updates/removal of Network Fabric resource in Network Monitor resource | | |
| 90 | +| - Additional description updates to Network Device properties | | |
| 91 | +| - Creation of multiple NNI | | |
| 92 | +| | **ARM resources updates only:** | |
| 93 | +| | - Tag updates for all supported resources | |
| 94 | +| | **Other administrative actions and post actions:** | |
| 95 | +| | - Enabling/Disabling Isolation Domain (ISD), Return Material Authorization (RMA), Upgrade, and all administrative actions (enable/disable), serial number update <br> - Deletion of all Nexus Network Fabric (NNF) resources | |
| 96 | + |
| 97 | + |
| 98 | + |
| 99 | +### Allowed actions after configuration lock |
| 100 | + |
| 101 | +Here's a clear, structured table showing **Supported actions post configuration lock is enabled on the fabric**, categorized by type of action and support status: |
| 102 | + |
| 103 | +--- |
| 104 | + |
| 105 | +### **Supported and unsupported actions Post configuration lock** |
| 106 | + |
| 107 | +| **Actions** | **Supported resource actions when fabric is under configuration lock** | **Unsupported resource actions when fabric is under configuration lock** | |
| 108 | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | |
| 109 | +| **Resource Actions (CUD)** | - **NFC** (Only *Update*)<br>- **Network TAP rules**, **Network TAP**, **Neighbor Group** *(Create, Update, Delete)* <br>- **ACL** *(Create/Update)* when **not attached** to parent resource<br>- **Network Monitor** created **without Fabric ID**<br>- **Creation/Update** of **IPPrefix**, **IPCommunity List**, **IPExtendedCommunity** when **not attached** to Route Policy<br>- **Read** of all NNF resources<br>- **Delete** of **disabled** resources and **not attached** to any parent resources | - No CUD operations allowed on:<br> • **Network-to-Network Interconnect (NNI)**<br> • **Isolation Domains (L2 & L3)**<br> • **Internal/External Networks** (Additions/Updates)<br> • **Route Policy**, **IPPrefix**, **IPCommunity List**, **IPExtendedCommunity**<br> • **ACLs** when **attached to parent resources** (for example, NNI, External Network)<br> • **Network Monitor** when **attached to Fabric**<br> • **Deletion** of all **enabled** resources | |
| 110 | +| **Post Actions** | - **Lock Fabric** (administrative state)<br>- **View Device Configuration**<br>- **Commit Configuration**<br>- **ARMConfig Diff** <br>- **Commit batch status** | - All other post actions are **blocked** and must be done **prior to enabling configuration lock** | |
| 111 | +| **Service Actions / Geneva Actions** | - N/A | - **All service actions are blocked** | |
| 112 | + |
| 113 | + |
| 114 | +### Supported and unsupported actions under administrative lock |
| 115 | + |
| 116 | +| **Actions** | **Supported Resources** | **Unsupported Resources** | |
| 117 | +| ------------------------------------ | -------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 118 | +| **Resource Actions (CUD)** | - **NFC**: Update operation allowed<br>- **All read operations** to all Network Fabric resources are supported | **All CUD (Create, Update, Delete) operations are not supported** on the following Network Fabric resources:<br> - L2 ISD<br> - L3 ISD<br> - RCF<br> - IPPrefix (if connected to RCF)<br> - IPCommunity (if connected to RCF)<br> - IPExtendedCommunity (if connected to RCF)<br> - ACL<br> - Internal Networks<br> - External Networks<br> - Network Packet Broker (NPB)<br> - Network TAP<br> - Network TAP Rule<br> - Neighbor Group<br> - Network Monitor<br> - Network Fabric<br> - Network Device | |
| 119 | +| **Post Actions** | - **Unlock Fabric** (administrative state) | **All other post actions are blocked** | |
| 120 | +| **Service Actions / Geneva Actions** | *(None supported)* | **All service actions are blocked** |
| 121 | + |
| 122 | +## Next steps |
| 123 | + |
| 124 | +[How to use Commit Workflow v2 in Azure Operator Nexus](./howto-use-commit-workflow-v2.md) |
0 commit comments