The IOS IP Service-Level Agreement (IP SLA) feature measures the ongoing behavior of the network.
We can configure static routes and PBR to use IP SLA operations, so that if the operation shows a failure of a particular measurement or reduced performance of the measurement below a configured threshold, the router stops using either the static route or PBR logic.
IP SLA uses the concept of an operation (or probe). Each operation defines a type of packet that the router will generate, the destination and source address, and other characteristics of the packet.
All the SLA operations rely on the router sending packets and some other device sending packets back.
The general steps to configure an ICMP-based IP SLA operation are as follows:
Step 1. Create the IP SLA Operation, and assign it an integer operation number, using the ip sla sla-ops-number global configuration command.
Step 2. Define the operation type and the parameters for that operation type.
For ICMP echo, you define the destination IP address or hostname, and optionally, the source IP address or hostname, using the icmp-echo {destination-ipaddress | destination-hostname} [source-ip {ip-address | hostname} | source-interface interface-name] SLA operation subcommand.
Step 3. (Optional) Define a (nondefault) frequency that the operation should send the packets, in seconds, using the frequency seconds IP SLA subcommand.
Step 4. Schedule when the SLA will run, using the ip sla schedule sla-ops-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day month] | pending | now | after hh:mm:ss}] [ageout seconds] [recurring] global command.
Let's consider R6 as the router originating the probe and R4's Serial0/2 IP 172.16.0.13 as the destination.
The purpose of the operation is to test the PBR route through R4.
The following criteria will be considered for the operation:
- Send ICMP Echo Requests to 172.16.0.13
- Use source address 172.16.0.9 (R6's Serial0/1)
- Send these packets every 60 seconds
- Start the operation immediately, and run it forever
- Enable PBR for locally generated packets, matching the IP SLA operation with the PBR configuration so that the SLA operation’s packets flow over the lower route.
Initially, packets flowing from R6's Serial0/1 to the 172.16.0.12/30 subnet go to R5 first due to the higher bandwidth of that link.
We can configure a route map which matches all packets coming from R6's Serial0/1 and redirects them to another next-hop, R4's 172.16.0.2.
R6#traceroute 172.16.0.13
Type escape sequence to abort.
Tracing the route to 172.16.0.13
1 172.16.0.6 28 msec 40 msec 16 msec
2 172.16.0.13 8 msec * 36 msec
R6(config)#ip access-list extended 100
R6(config-ext-nacl)#permit ip host 172.16.0.9 host 172.16.0.13
R6(config)#route-map go-to-R4 permit
R6(config-route-map)#match ip address 100
R6(config-route-map)#set ip next-hop 172.16.0.2
R6(config)#ip sla monitor 10
R6(config-sla-monitor)#type echo protocol ipIcmpEcho 172.16.0.13 source-ipaddr 172.16.0.9
R6(config-sla-monitor-echo)#frequency 60
R6(config-sla-monitor-echo)#exit
R6(config)#ip sla monitor schedule 10 start-time now life forever
R6(config)#ip local policy route-map go-to-R4
The ip local policy route-map go-to-R4 global command tells R6 to process packets generated by itself, including the IP SLA operation packets, using PBR.
The results:
R6#traceroute 172.16.0.13 source 172.16.0.9
Type escape sequence to abort.
Tracing the route to 172.16.0.13
1 172.16.0.2 24 msec * 12 msec
R6#show ip sla monitor configuration
SA Agent, Infrastructure Engine-II
Entry number: 10
Owner:
Tag:
Type of operation to perform: echo
Target address: 172.16.0.13
Source address: 172.16.0.9
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Type Of Service parameters: 0x0
Verify data: No
Operation frequency (seconds): 60
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
Enhanced History:
R6#show ip sla monitor statistics 10
Round trip time (RTT) Index 10
Latest RTT: 32 ms
Latest operation start time: *00:22:26.347 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 16
Number of failures: 0
Operation time to live: Forever
We can configure both static routes and PBR to be used only when an SLA operation remains successful.
The tracking object looks at the IP SLA operation’s most recent return code to then determine the tracking state as either “up” or “down”.
One of the main reasons that IOS requires the use of this tracking object is so that the routes do not flap.
Route flapping occurs when a router adds a route to the routing table, then quickly removes it; conditions change, so the router soon adds the route to the table again; and so on.
If a static route tracked the IP SLA object directly, the SLA object’s return code could change each time the operation ran, causing a route flap.
The tracking object concept provides the ability to set a delay of how soon after a tracking state change the tracking object should change state.
Next, we will configure the tracking object, which will monitor the state of the IP SLA operation (probe or rtr) number 10 configured above.
The tracking object will evaluate the "Latest operation return code: OK" state, considering a delay of 90 seconds after the state change.
R6(config)#track 1 rtr 10 state
R6(config-track)#delay up 90 down 90
R6(config-track)#exit
To configure PBR to use object tracking, use a modified version of the set command in the route map.
R6(config)#route-map go-to-R4 10
R6(config-route-map)#match ip address 100
R6(config-route-map)#no set ip next-hop 172.16.0.2
R6(config-route-map)#set ip next-hop verify-availability 172.16.0.2 1 track 1
R6#show track
Track 1
Response Time Reporter 10 state
State is Up
1 change, last change 00:13:10
Delay up 90 secs, down 90 secs
Latest operation return code: OK
Latest RTT (millisecs) 20
Tracked by:
ROUTE-MAP 0
When the tracking object is up, PBR works as configured.
When the tracking object is down, PBR acts as if the set command does not exist.
That means that the router will still attempt to route the packet per the normal destination-based routing process.
For now, the object returns the OK state:
R6#show ip sla monitor statistics 10
Round trip time (RTT) Index 10
Latest RTT: 28 ms
Latest operation start time: *00:52:26.347 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 46
Number of failures: 0
Operation time to live: Forever
To test this out, we can configure an ACL on R4 which denies ICMP access coming from 172.16.0.9 to 172.16.0.13.
R4(config)#ip access-list extended 111
R4(config-ext-nacl)#deny icmp host 172.16.0.9 host 172.16.0.13
R4(config-ext-nacl)#permit ip any any
R4(config)#int serial 0/0
R4(config-if)#ip access-group 111 in
After a while, the tracking object changes its state to Down, thus routing the packet per the normal destination-based routing process, meaning through R5, as specified in the routing table:
R6#
*Mar 1 01:05:58.355: %TRACKING-5-STATE: 1 rtr 10 state Up->Down
R6# show ip sla monitor statistics 10
Round trip time (RTT) Index 10
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *01:04:26.347 UTC Fri Mar 1 2002
Latest operation return code: No connection
Number of successes: 57
Number of failures: 1
Operation time to live: Forever
R6#show track
Track 1
Response Time Reporter 10 state
State is Down, delayed Up (86 secs remaining)
2 changes, last change 00:00:33
Delay up 90 secs, down 90 secs
Latest operation return code: No connection
Tracked by:
ROUTE-MAP 0
R6#show ip route | i 172.16.0.12
D 172.16.0.12/30 [90/2195456] via 172.16.0.6, 00:53:49, FastEthernet0/1
R6#traceroute 172.16.0.13 source 172.16.0.9
Type escape sequence to abort.
Tracing the route to 172.16.0.13
1 172.16.0.6 40 msec 28 msec 4 msec
2 172.16.0.13 24 msec * 32 msec
When the tracking object comes back in the Up state, the packet is routed according to the PBR process and its associated route map:
R6#
*Mar 1 01:11:58.367: %TRACKING-5-STATE: 1 rtr 10 state Down->Up
R6#traceroute 172.16.0.13 source 172.16.0.9
Type escape sequence to abort.
Tracing the route to 172.16.0.13
1 172.16.0.2 24 msec * 40 msec
R6#show track
Track 1
Response Time Reporter 10 state
State is Up, delayed Down (43 secs remaining)
5 changes, last change 00:01:16
Delay up 90 secs, down 90 secs
Latest operation return code: OK
Latest RTT (millisecs) 56
Tracked by:
ROUTE-MAP 0
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment