IP SLA is a great tool on Cisco routers that allows us to generate traffic which can be used to check delay/latency, jitter but can also be combined with object tracking. This allows us to check the reachability of a certain IP address (by pinging) or a certain service by connecting to it (using TCP). If the IP address/service is unreachable we can apply a certain action. A simple example to demonstrate IP SLA is when you have a single router that is connected to two ISPs:
Above we have a router (R1) that is connected to two ISPs. We want to use ISP1 as the primary and ISP2 as the backup link. All traffic will be sent towards ISP1 but when it’s unreachable we’ll switch over to ISP2. You can achieve this by using two default routes:
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.13.3 2
By default a static route has an AD (Administrative Distance) of 1, that’s why I configured the second static route towards ISP2 to have an AD of 2. Having a static route with a higher administrative distance is also called a floating static route. When we look at the routing table of R1 this is what you’ll see:
R1#show ip route static
S* 0.0.0.0/0 [1/0] via 192.168.12.2
Above you will only see the route towards ISP1 because it has a lower AD. Now let’s shut the interface towards ISP1 to see what will happen with the routing table:
R1(config)#interface fa0/0
R1(config-if)#shutdown
R1(config-if)#exit
This is what you will find:
R1#show ip route static
S* 0.0.0.0/0 [2/0] via 192.168.13.3
Now everything will be sent towards ISP2 which is great. This solution is quick and simple but it has some potential problems…a static route will always remain in the routing table unless the interface goes down. It’s possible that the link towards ISP1 is up and running but that the ISP1 router itself is unreachable or that ISP1 has problems on their network that prevents us from reaching the Internet through them. This is why we’ll use IP SLA to make our default route more reliable. First let’s unshut the interface:
R1(config)#interface fa0/0
R1(config-if)#no shutdown
I will create an IP SLA instance that pings the IP address of the ISP1 router:
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 192.168.12.2
R1(config-ip-sla-echo)#timeout 100
R1(config-ip-sla-echo)#frequency 1
R1(config-ip-sla-echo)#exit
R1(config)#ip sla schedule 1 start-time now life forever
We will ping IP address 192.168.12.2 each second and when we don’t get a response within 100 Ms we will believe it’s unreachable. You might want to play with these values a bit on a production network. Let’s see if IP SLA works:
R1#show ip sla statistics
Round Trip Time (RTT) for Index 1
Latest RTT: 4 milliseconds
Latest operation start time: *00:09:07.235 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 43
Number of failures: 1
Operation time to live: Forever
It seems to be working, right now it only takes 4 milliseconds to get a response. As long as it stays below 100 milliseconds we’ll be fine. Let’s configure the default route to use IP SLA:
R1(config)#no ip route 0.0.0.0 0.0.0.0 192.168.12.2
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2 track 1
First I’ll remove the old default route and replace it with one that says “track 1”. I can’t connect IP SLA directly with the static route, I have to do this with object tracking. This is how you combine object tracking with IP SLA:
R1(config)#track 1 rtr 1
The command above combines object tracking instance 1 with the IP SLA instance that I configured. Let’s see if this will work…
R1#show ip route static
S* 0.0.0.0/0 [1/0] via 192.168.12.2
Right now everything is working as it should, we use ISP1 for the default route. Curious what happens once ISP1 becomes unreachable?
ISP1(config)#interface fastEthernet 0/0
ISP1(config-if)#shutdown
We’ll shut the interface on ISP1 and this is what you will find on R1:
R1#
%TRACKING-5-STATE: 1 rtr 1 state Up->Down
Object tracking will kick in because we are no longer able to ping the IP address of ISP1. This is what you’ll see in the routing table:
R1#show ip route static
S* 0.0.0.0/0 [2/0] via 192.168.13.3
We now send all traffic towards ISP2. What will happen once ISP1 is reachable again?
ISP1(config)#interface fastEthernet 0/0
ISP1(config-if)#no shutdown
Bring back the interface to the land of the living and this is what you’ll discover on R1:
R1#
%TRACKING-5-STATE: 1 rtr 1 state Down->Up
Object tracking tells us that we can reach ISP1 again and the routing table will be updated:
R1#show ip route static
S* 0.0.0.0/0 [1/0] via 192.168.12.2
There we go, ISP1 is being used again as the primary ISP.
Instead of pinging the ISP’s router IP address it might be a better idea to ping something on the Internet or to configure IP SLA to connect to a device using TCP. Pinging the ISP proves that we can reach the ISP but doesn’t necessarily mean that we can reach the Internet.
hostname ISP1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
!
endhostname ISP2
!
interface FastEthernet0/0
ip address 192.168.13.3 255.255.255.0
!
endhostname R1
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.13.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.12.2 track 1
ip route 0.0.0.0 0.0.0.0 192.168.13.3 2
!
ip sla 1
icmp-echo 192.168.12.2
timeout 100
frequency 1
!
ip sla schedule 1 start-time now life forever
!
track 1 rtr 1
!
end
No comments:
Post a Comment