Mikrotik RSC backup scripts taken via Unimus are failing to restore

General discussion of anything Unimus
Post Reply
viv
Posts: 2
Joined: Wed Nov 18, 2020 4:12 am

Wed Nov 18, 2020 5:20 am

We have generated backup RSC script using the UNIMUS backup for mikrotik procedure.
and then trying to restore same file on a new device which is same model Hardware and also have same RouterOS version using command
/system reset-configuration no-defaults=yes skip-backup=yes run-after-reset=flash/backup.rsc

But restore is not replicating configuration available in the rsc backup file on the same model Hardware.

We get some random configuration commands like loop-protect=0s, or inclusion of source MAC on Ethernet interface configuration which seems to be breaking the backup restore.

Please suggest a way forward.

We have tested this on Hex Gr3 Mikrotik with both 6.44.5 (LT) and 6.46.8(latest LT) separately.
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Wed Nov 18, 2020 5:46 am

Hello,

Unimus simply takes the export file from RouterOS and stores it - it does not modify or change the configuration file (rsc script) in any way. Therefore if restore fails, you will need to work with MikroTik as to why. For example, if MAC addresses are included in the configuration - this is because RouterOS outputs this as a change from the default configuration - Unimus has in no way any effect on how MikroTik (or any vendor we support) ouputs it's backups.

For a more real-world experience:

If you are using the same hardware and same RouterOS version to restore as the backup was taken from, usually (but not always) the restore should work. One REALLY important thing tho is to add a delay at the start of the rsc script when using "run-after-reset".

This is because RouterOS can start importing the config file before all internal services are up. RouterOS is internally comprised of many services, and they take time to start. So it's possible RouterOS will start importing the config before all interfaces are registered, and will fail the import.

I would always recommend adding ":delay 5" at the start of the script file when using "run-after-reset".

If you want, feel free to post the .rsc file you are trying to restore - I will be happy to take a look at why it could fail.
viv
Posts: 2
Joined: Wed Nov 18, 2020 4:12 am

Wed Nov 18, 2020 9:39 am

Thanks Tomas,

I have mentioned in the post that some random flags in Vlan interface configuration like loop-protect=0. This is how the configuration line look.
/interface vlan add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1001 vlan-id=1001

RouterOS version is 6.44.5 Hardware Hex Gr3
yahel
Posts: 4
Joined: Thu Nov 15, 2018 4:13 am

Wed Nov 18, 2020 9:05 pm

Tomas, to clarify, the offending text in the .RSC backup file is "loop-protect-disable-time=0s" in the line posted by Viv...
If we remove this the restore works (ohh and yes, also the MAC addresses, and also the delay at the start which we always add).

This seems to be something new with Mikrotik -- but the versions Viv mentioned both have that problem (it didn't happen before, or we never were so unlucky).

We get that it's a Mikrotik bug -- Mikrotik should export a file that is restorable - dah...
However, this makes my decision regarding buying Unimus challenging...
A key goal is to have field-team ability to restore configuration (replace failed hardware in the field) --- they're not expected to edit the .rsc file and debug Mikrotik bugs...
We have thousands of devices, and field-team is growing, hence our interest in Unimus --- but less so if it does not solve the problem.

Can you work with Mikrotik on that?
Can you add an option to "clean Mikrotik" backup files?

Alternatively, is there a better way to restore configuration other than "run-after-reset"?
Using binary backup never really worked unless it was being restored on the same device (not the same model - the same device)!
I find this ridiculously idiotic of Mikrotik... Am I missing something here?

Similarly, using .RSC backup, even when it works, we can't restore certificates (and I think also other security sensitive aspects) -- I get the security part... But how does Mikrotik suggest to replace failed hardware in the field?! Isn't that a business-101 requirement..

Sorry for dumping this on you Thomas -- I know this isn't your fault -- but you are the expert and you want to sale solutions that work with Mikrotik -- how can we get them to understand the magnitude of the problem (or am I just missing something).

Thanks!

Yahel.
Yahel Ben-David, Ph.D.
De Novo Group - Executive Director
Bridging the gap between research and impact.
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Tue Nov 24, 2020 1:50 am

I discussed with the dev team on how to approach the Tik issues discussed here. We think we have a solution - but I would like to validate if it will work properly for your case.

Would you be available for a Zoom session to provide feedback on our design (which will hopefully solve this)?
Post Reply