Object Tracking and IP SLA

Object Tracking and IP SLA

Object tracking allows the administrator to track specific objects on the device, such as the interface line protocol state, IP routing, and route reachability, and to take some action when the tracked object’s state changes. This feature allows you to increase the availability of the network and shorten recovery time if an object state goes down.

IP Service Level Agreement is a feature included in the Cisco IOS that allow administrators to analyze Service Levels for IP applications and services. IP SLA use active traffic-monitoring technology to continuously monitor the traffic on network.

In this section, I am gonna show you, how you can use the object tracking in conjunction with IP SLA in your production network.

Let’s consider the following scenario:

Object TrackingIn sample network shown above, Site-1 router is connected to Internet via 2 different paths. One is direct serial connection (512 Kbps) to Internet router and other one is via R1 located in Head Office and the GW1 router in Head Office is directly connected to Internet via high speed (10 Mbps) connection.

Normally, you want to use the link between Site-1 and R1 as primary link because it is connected to Internet via high speed 10Mbps circuit. The serial link between Site-1 and Internet is slow, so you want to use it only as backup when the primary link (link between Site-1 and R1) goes down.

We will track the reachability of internet via our Head Office link. So first of all, let us make sure that Site-1 can reach IP address 202.164.44.1 out through fastEthernet1/0 interface.

Site-1#config term
Site-1(config)#ip route 0.0.0.0 0.0.0.0 202.164.42.1 10
Site-1(config)#ip route 202.164.44.1 255.255.255.255 10.10.10.1
Site-1(config)#end
Site-1#ping 202.164.44.1 source FastEthernet1/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.164.44.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/56/64 ms
Site-1#

I added the static default route with Administrative Distance 10 via Serial Link using ip route 0.0.0.0 0.0.0.0 202.164.42.1 10 command and then a static route to tell Site-1 router that in order to reach this particular IP address 202.164.44.1, always go out through R1 (10.10.10.1).

Now, create SLA monitor and schedule it to track the reachability of IP address 202.164.44.1 as shown below:

Site-1#config term
Site-1(config)#ip sla monitor 1
Site-1(config-sla-monitor)#type echo protocol ipIcmpEcho 202.164.44.1 source-interface FastEthrnet1/0
Site-1(config-sla-monitor-echo)#timeout 1000
Site-1(config-sla-monitor-echo)#frequency ?
  <1-604800>  Frequency in seconds

Site-1(config-sla-monitor-echo)#frequency 5
Site-1(config-sla-monitor-echo)#exit
Site-1(config)#ip sla monitor schedule 1 life forever start-time now
Site-1(config)#track 1 rtr 1 reachability
Site-1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1 track 1
Site-1(config)#end
Site-1#

In above configuration commands,

The ip sla monitor 1 command creates SLA monitor with ID 1.

The type echo protocol ipIcmpEcho 202.164.44.1 source-interface FastEthrnet1/0 command tells the SLA monitor to send ICMP echos to destination 202.164.44.1 from source interface FastEthernet1/0.

The frequency 5 command tells it to send ICMP echos every 5 seconds.

The ip sla monitor schedule 1 life forever start-time now command schedules the life of monitor to forever and starts the monitoring.

The track 1 rtr 1 reachability command used to create a tracked object to track the reachability based on SLA object with ID 1.

The ip route 0.0.0.0 0.0.0.0 10.10.10.1 track 1 command adds the static default route based on tracked object. It means this route will remain in Site-1 router’s routing table as long as tracked object (202.164.44.1) is reachable via interface FastEthernet1/0.

You can check the status of SLA monitor and tracked object as shown below:

Site-1#show ip sla monitor statistics
Round trip time (RTT)   Index 1
        Latest RTT: 40 ms
Latest operation start time: *16:02:23.751 UTC Tue Jul 14 2015
Latest operation return code: OK
Number of successes: 2
Number of failures: 48
Operation time to live: Forever

Site-1#show track 1
Track 1
  Response Time Reporter 1 reachability
  Reachability is Up
    1 change, last change 00:00:06
  Latest operation return code: OK
  Latest RTT (millisecs) 40
  Tracked by:
    STATIC-IP-ROUTING 0
Site-1#

Now, our tracked object and SLA monitor are working. Let’s make sure Site-1 router is going to Internet via Head Office link.

Site-1#show ip route
[output cut]

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     8.0.0.0/32 is subnetted, 1 subnets
D       8.8.8.8 [90/161280] via 10.10.10.1, 00:42:48, FastEthernet1/0
     202.164.44.0/24 is variably subnetted, 2 subnets, 2 masks
D       202.164.44.0/30 [90/33280] via 10.10.10.1, 00:42:48, FastEthernet1/0
S       202.164.44.1/32 [1/0] via 10.10.10.1
     10.0.0.0/30 is subnetted, 2 subnets
C       10.10.10.0 is directly connected, FastEthernet1/0
D       10.10.20.0 [90/30720] via 10.10.10.1, 00:42:51, FastEthernet1/0
C    192.168.1.0/24 is directly connected, Loopback0
     202.164.42.0/30 is subnetted, 1 subnets
C       202.164.42.0 is directly connected, Serial2/0
S*   0.0.0.0/0 [1/0] via 10.10.10.1
Site-1#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.10.10.1 12 msec 4 msec 20 msec
  2 10.10.20.2 12 msec 24 msec 24 msec
  3 202.164.44.1 24 msec 28 msec 32 msec
Site-1#

You can see above that Gateway of last resort is 10.10.10.1, means Site-1 is using R1 to send out all the traffic. And traceroute to 8.8.8.8 is also going through 10.10.10.1.

It proves that Site-1 will use Head Office link as primary link. But what about backup link?

Let us consider that link between Site-1 and R1 goes down. As soon as the link goes down, SLA monitor will no longer be able to reach the IP 202.164.44.1. So, the Site-1 router will remove the Tracked route from the routing table and install the route with higher AD value (10) which is serial connection (512 Kbps) towards Internet.

Because I can not cause a failure on ISP router with IP 202.164.44.1. So, I will manually shutdown the interface fastEthernet0/0 on GW1 which is internet gateway in Head Office. And then we will look into the changes happened in Site-1’s routing table.

GW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
GW1(config)#int fa0/0
GW1(config-if)#shut
GW1(config-if)#shutdown
GW1(config-if)#

Now, looking at SIte-1 router

Site-1#show ip route
[output cut]

Gateway of last resort is 202.164.42.1 to network 0.0.0.0

     8.0.0.0/32 is subnetted, 1 subnets
D       8.8.8.8 [90/2297856] via 202.164.42.1, 00:00:52, Serial2/0
     202.164.44.0/24 is variably subnetted, 2 subnets, 2 masks
D       202.164.44.0/30 [90/2172416] via 202.164.42.1, 00:00:52, Serial2/0
S       202.164.44.1/32 [1/0] via 10.10.10.1
     10.0.0.0/30 is subnetted, 2 subnets
C       10.10.10.0 is directly connected, FastEthernet1/0
D       10.10.20.0 [90/30720] via 10.10.10.1, 00:54:42, FastEthernet1/0
C    192.168.1.0/24 is directly connected, Loopback0
     202.164.42.0/30 is subnetted, 1 subnets
C       202.164.42.0 is directly connected, Serial2/0
S*   0.0.0.0/0 [10/0] via 202.164.42.1
Site-1#show ip sla monitor statistics
Round trip time (RTT)   Index 1
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *17:05:33.751 UTC Tue Jul 14 2015
Latest operation return code: Timeout
Number of successes: 34
Number of failures: 54
Operation time to live: Forever

Site-1#show track 1
Track 1
  Response Time Reporter 1 reachability
  Reachability is Down
    4 changes, last change 00:00:37
  Latest operation return code: Timeout
  Tracked by:
    STATIC-IP-ROUTING 0
Site-1#

Did you see that the Gateway of last resort now changed to 202.164.42.1? Also the SLA monitor and Track 1 is showing Reachability is Down.

Let’s try ping and traceroute to Internet IP 8.8.8.8

Site-1#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/36 ms
Site-1#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 202.164.42.1 36 msec 12 msec 8 msec
Site-1#

You can see that Site-1 can now reach internet via Serial link between Site-1 and Internet router.

Now, suppose that the primary link comes up again (I will issue no shutdown command on GW1 Fa0/0 interface).

Site-1#show ip route
[output cut]

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     8.0.0.0/32 is subnetted, 1 subnets
D       8.8.8.8 [90/161280] via 10.10.10.1, 00:00:20, FastEthernet1/0
     202.164.44.0/24 is variably subnetted, 2 subnets, 2 masks
D       202.164.44.0/30 [90/33280] via 10.10.10.1, 00:00:22, FastEthernet1/0
S       202.164.44.1/32 [1/0] via 10.10.10.1
     10.0.0.0/30 is subnetted, 2 subnets
C       10.10.10.0 is directly connected, FastEthernet1/0
D       10.10.20.0 [90/30720] via 10.10.10.1, 00:00:20, FastEthernet1/0
C    192.168.1.0/24 is directly connected, Loopback0
     202.164.42.0/30 is subnetted, 1 subnets
C       202.164.42.0 is directly connected, Serial2/0
S*   0.0.0.0/0 [1/0] via 10.10.10.1
Site-1#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.10.10.1 36 msec 4 msec 20 msec
  2 10.10.20.2 36 msec 20 msec 24 msec
  3 202.164.44.1 24 msec 32 msec 36 msec
Site-1#

The Site-1 started to use the Primary link as soon as it comes up.

Note:- The old version of IOS software does not have ip sla monitor command. In that case you can use SLA commands as shown below:

Router1(config)#ip sla 1
Router1(config-ip-sla)#icmp echo 202.164.44.1 source-interface FastEthernet1/0
Router1(config-ip-sla-echo)#timeout 1000
Router1(config-ip-sla-echo)#frequency 5
Router1(config-ip-sla-echo)#exit
Router1(config)#ip sla schedule 1 life forever start-time now
Router1(config)#end

This concludes our Tracked object configuration with IP SLA.

You can use this concept in your production network if you are having more than one connections to internet and you want to use ISP1 as Primary and ISP2 as backup.

Back

 



Microsoft Certified Professional | Cisco Certified Network Associate

1 Comment

Leave a Reply