Saturday, February 22, 2020

IP SLA (Service-Level Agreement) on Cisco IOS

IP SLA (Service-Level Agreement) is a great feature on Cisco IOS devices that can be used to “measure” network performance.
This can be something simple like a ping where we check the round-trip time or something more advanced like a VoIP RTP packet where we check the delay, jitter and calculate a MOS score that gives you an indication what the voice quality will be like.
Measuring network performance is pretty cool but what makes IP SLA even more powerful is that you can combine it with static routes, policy based routing and routing protocols like OSPF or EIGRP.
Let me give you an example why this is a great feature to use. Take a look at the image below:
Customer ISP1 ISP2 Default Route
Above we have a customer router connected to two ISPs. Somewhere on the Internet there’s a server we’d like to reach. In a scenario like this, typically we use two default routes with different ADs. Whenever ISP1 fails, we switch over to ISP2.
The problem with this setup is that it’s not very reliable. The default route will be in the routing table as long as the interface is up and/or the next hop is reachable. It’s possible that ISP1 is having connectivity issues and unable to reach that remote server but we still use them for all our traffic.
To prevent this from happening we can combine default routes with IP SLA. Here’s an example:
Customer ISP1 ISP2 IP SLA ICMP
Our customer router is now using IP SLA to ping the remote server. As long as we get a reply, we will keep using ISP1 as our main route. When the ping fails, we switch over to ISP2. This method is far more reliable as we check end-to-end connectivity.
Here’s another example where IP SLA might be useful:
HQ Branch IP SLA RTP Probe
Above we have two ISPs that we can use to reach a remote branch router. Instead of a simple ping, we can send RTP packets and check these for a certain delay, jitter and calculate a MOS score. When we get below a certain threshold we will switch from ISP1 to ISP2.
Each measurement that we do with IP SLA is called an operation. For each operation we have to configure the type of traffic, source IP, destination IP, port numbers, etc. We can then configure when to run the operation…24/7, 9-to-5, etc.
When you use IP SLA for a simple ping then you only have to configure your local router. However when you want to use it for some more advanced things like sending RTP packets then you have to configure the remote router to respond to your IP SLA traffic.
Besides pings and RTP, there are a lot of different operations we can use:
  • TCP Connections
  • UDP
  • DNS
  • DHCP
  • HTTP
  • FTP
Now you have an idea what IP SLA is about, let’s take a look how we can configure an operation.

Configuration

I will show you two examples so you will learn how to configure IP SLA operations. We’ll try an example with pings and an example with UDP jitter.

ICMP echo Operation

We will use the following topology:
R1 R2 FastEthernet
All I need is two routers, R1 will send ICMP echo requests and R2 will reply to them. Here’s how to configure IP SLA:
R1(config)#ip sla 1
R1(config-ip-sla)#?
IP SLAs entry configuration commands:
  dhcp         DHCP Operation
  dns          DNS Query Operation
  ethernet     Ethernet Operations
  exit         Exit Operation Configuration
  ftp          FTP Operation
  http         HTTP Operation
  icmp-echo    ICMP Echo Operation
  icmp-jitter  ICMP Jitter Operation
  mpls         MPLS Operation
  path-echo    Path Discovered ICMP Echo Operation
  path-jitter  Path Discovered ICMP Jitter Operation
  tcp-connect  TCP Connect Operation
  udp-echo     UDP Echo Operation
  udp-jitter   UDP Jitter Operation
  voip         Voice Over IP Operation
First we have to choose an operation number, let’s pick number 1. You can see that there are a lot of different operations we can choose from. Let’s start with the icmp echo:
R1(config-ip-sla)#icmp-echo 192.168.12.2 
R1(config-ip-sla-echo)#?  
IP SLAs Icmp Echo Configuration Commands:
  default            Set a command to its defaults
  exit               Exit operation configuration
  frequency          Frequency of an operation
  history            History and Distribution Data
  no                 Negate a command or set its defaults
  owner              Owner of Entry
  request-data-size  Request data size
  tag                User defined tag
  threshold          Operation threshold in milliseconds
  timeout            Timeout of an operation
  tos                Type Of Service
  verify-data        Verify data
  vrf                Configure IP SLAs for a VPN Routing/Forwarding instance
Let’s send ICMP echos to 192.168.12.2. There are a lot of optional parameters you can configure for an operation, for example let’s change the frequency:
R1(config-ip-sla-echo)#frequency 10
We’ll send an ICMP echo every 10 seconds. The only thing left to do is to start our IP SLA operation. This is how you do it:
R1(config)#ip sla schedule 1 ?
  ageout      How long to keep this Entry when inactive
  life        Length of time to execute in seconds
  recurring   Probe to be scheduled automatically every day
  start-time  When to start this entry
  <cr>
You have to use the ip sla schedule command to start your operation. You can schedule it but we will start our operation right now and let it run forever:
R1(config)#ip sla schedule 1 start-time ?
  after     Start after a certain amount of time from now
  hh:mm     Start time (hh:mm)
  hh:mm:ss  Start time (hh:mm:ss)
  now       Start now
  pending   Start pending
R1(config)#ip sla schedule 1 start-time now ?
  ageout     How long to keep this Entry when inactive
  life       Length of time to execute in seconds
  recurring  Probe to be scheduled automatically every day
R1(config)#ip sla schedule 1 start-time now life ?
  <0-2147483647>  Life seconds (default 3600)
  forever         continue running forever
R1(config)#ip sla schedule 1 start-time now life forever
It should now be up and running. You can check your IP SLA configuration like this:
R1#show ip sla configuration 
IP SLAs Infrastructure Engine-III
Entry number: 1
Owner: 
Tag: 
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source address: 192.168.12.2/0.0.0.0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Verify data: No
Vrf Name: 
Schedule:
   Operation frequency (seconds): 10  (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): Forever
   Entry Ageout (seconds): never
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
   Number of statistic hours kept: 2
   Number of statistic distribution buckets kept: 1
   Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
   Number of history Lives kept: 0
   Number of history Buckets kept: 15
   History Filter Type: None
Above you can see the details of our IP SLA operation. A lot of parameters are configured by default. This is how you can check if it’s running or not:
R1#show ip sla statistics 
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
 Latest RTT: 1 milliseconds
Latest operation start time: 13:51:18 UTC Tue Jul 7 2015
Latest operation return code: OK
Number of successes: 5
Number of failures: 1
Operation time to live: Forever
Use the show ip sla statistics command to see the results. You can see my pings are successful and our round trip time is only 1 ms.
hostname R1
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
ip sla 1
 icmp-echo 192.168.12.2 
 frequency 10
!
ip sla schedule 1 start-time now life forever
!
end
hostname R2
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
end

Let’s try another example!

UDP Jitter Operation

We’ll use the same topology:
R1 R2 FastEthernet
This time we’ll use UDP packets to simulate G711 VoIP traffic. Let’s start another operation:
R1(config)#ip sla 2
R1(config-ip-sla)#udp-jitter 192.168.12.2 16384 codec g711alaw 
R1(config-ip-sla-jitter)#frequency 60
R1(config-ip-sla-jitter)#tos 184
For this operation I used destination 192.168.12.2 and source port 16384. The codec is G711alaw. We’ll send a probe every 60 seconds and the TOS byte is 184 (equals DSCP 46 or EF). Let’s start it:
R1(config)#ip sla schedule 2 life forever start-time now
This finishes our configuration on R1 but we still have something to do on R2:
R2(config)#ip sla responder
The ip sla responder command is required on R2 otherwise it will drop our UDP packets. Let’s verify our work:
R1#show ip sla configuration 2
IP SLAs Infrastructure Engine-III
Entry number: 2
Owner: 
Tag: 
Operation timeout (milliseconds): 5000
Type of operation to perform: udp-jitter
Target address/Source address: 192.168.12.2/0.0.0.0
Target port/Source port: 16384/0
Type Of Service parameter: 0xB8
Codec Type: g711alaw
Codec Number Of Packets: 1000
Codec Packet Size: 172
Codec Interval (milliseconds): 20
Advantage Factor: 0
Verify data: No
Vrf Name: 
Control Packets: enabled
Schedule:
   Operation frequency (seconds): 60  (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): Forever
   Entry Ageout (seconds): never
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
   Number of statistic hours kept: 2
   Number of statistic distribution buckets kept: 1
   Statistic distribution interval (milliseconds): 20
Enhanced History:
Above you can see the complete configuration for this operation. If you want to see the statistics, take a look below:
R1#show ip sla statistics 2
IPSLAs Latest Operation Statistics

IPSLA operation id: 2
Type of operation: udp-jitter
 Latest RTT: 2 milliseconds
Latest operation start time: 14:21:27 UTC Tue Jul 7 2015
Latest operation return code: OK
RTT Values:
 Number Of RTT: 1000  RTT Min/Avg/Max: 2/2/3 milliseconds
Latency one-way time:
 Number of Latency one-way Samples: 0
 Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
 Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
 Number of SD Jitter Samples: 999
 Number of DS Jitter Samples: 999
 Source to Destination Jitter Min/Avg/Max: 0/1/1 milliseconds
 Destination to Source Jitter Min/Avg/Max: 0/1/1 milliseconds
Packet Loss Values:
 Loss Source to Destination: 0
 Source to Destination Loss Periods Number: 0
 Source to Destination Loss Period Length Min/Max: 0/0
 Source to Destination Inter Loss Period Length Min/Max: 0/0
        Loss Destination to Source: 0
 Destination to Source Loss Periods Number: 0
 Destination to Source Loss Period Length Min/Max: 0/0
 Destination to Source Inter Loss Period Length Min/Max: 0/0
 Out Of Sequence: 0 Tail Drop: 0
 Packet Late Arrival: 0 Packet Skipped: 0
Voice Score Values:
 Calculated Planning Impairment Factor (ICPIF): 1
 MOS score: 4.34
Number of successes: 2
Number of failures: 1
Operation time to live: Forever
Above you can see our results, how often these probes have been sent and at the bottom you can see the MOS score which was calculated. This is based on a scale from 1 – 5 so 4.34 is pretty good.
hostname R1
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
ip sla 2
 udp-jitter 192.168.12.2 16384 codec g711alaw 
 frequency 60
 tos 184
!
ip sla schedule 2 life forever start-time now
!
end
hostname R2
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
ip sla responder
!
end

Conclusion

You have now seen how you can use IP SLA operations to measure your network performance. In other lessons I will show you how you can combine IP SLA with static routes, PBR and a routing protocol.
If you have any questions, feel free to leave a comment!
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)