Cisco IP SLA Configuration

In this article we focus on the configuration of Cisco IP SLA in three flavours: ICMP-echo, ICMP Jitter and delay.

Configuration steps

The quick steps to configure IP SLA on a Cisco device are:
– create the IP SLA monitor
– configure it
– schedule it
Cisco IOS did not show me help when I type interrogation mark. Yet, commands are accepted.

IP SLA Track Delay

IP SLA delay is an option that facilitates the failover and fallback of links when you have multiple of them. A common complaint among network engineers is that a primary link flaps up and down, and with it flaps the secondary links too.

In order to avoid flapping back and forth between the primary and the secondary links, and assuming there is IP SLA configuration with tracking (see a sample configuration for IP SLA tracking applied to Policy-based Routing), you can tell the IOS to wait a certain delay before declaring an tracked object officially down or up.

Cisco IP SLA delay configuration

The delay command is a subcommand of the track command. It is not a subcommand of the IP SLA as you might have thought. The syntax is as follow:

track {TRACKED-OBJ} ip sla {IP-SLA-OP} reachability

delay up {UP-DLY} down {DOWN-DLY}

IP SLA Tracking with Delay: example

Topology

This simple topology is enough to understand the concept of delay in IP SLA tracking. The topology consists of two routers R2 and R4.

ip sla topology

R2 is configured with IP SLA operation number 1

cisco-ip-sla-track-delay-2

R2 IP SLA and tracking with delay configuration

ip sla 1
icmp-echo 192.168.100.5 source-interface FastEthernet0/0
frequency 10
ip sla schedule 1 life forever start-time now ageout 3600

!

track 11 ip sla 1 reachability
delay down 20 up 10
R2(config)#do sh ip sla config
IP SLAs Infrastructure Engine-III
Entry number: 1
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source interface: 192.168.100.5/FastEthernet0/0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 10 (not considered if randomly scheduled)
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): 3600
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None

We make sure that the IP SLA operation works correctly

R2#sh ip sla stat
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 51 milliseconds
Latest operation start time: 13:19:42 UTC Mon Nov 13 2017
Latest operation return code: OK
Number of successes: 9
Number of failures: 1
Operation time to live: Forever


R2#sh ip sla stat
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 19 milliseconds
Latest operation start time: 13:19:52 UTC Mon Nov 13 2017
Latest operation return code: OK
Number of successes: 10
Number of failures: 1
Operation time to live: Forever

and the track object is correctly set up with the delay feature:

R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up
    1 change, last change 00:01:52
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 20

Testing IP SLA and tracking with delay

Now we test the delay feature. We shut down the R4 interface that is being monitored by IP SLA. And we observe the tracked object:

R4(config)#interf f0/0
R4(config-if)#shut
R2#sh ip sla statistics 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 20 milliseconds
Latest operation start time: 13:21:42 UTC Mon Nov 13 2017
Latest operation return code: OK
Number of successes: 21
Number of failures: 1
Operation time to live: Forever


R2#sh ip sla statistics 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 13:21:52 UTC Mon Nov 13 2017
Latest operation return code: Timeout
Number of successes: 21
Number of failures: 2
Operation time to live: Forever

The track object on R2 will remain in the up state. However, the delay counter for the down state fires up:

R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (18 secs remaining)
    3 changes, last change 00:00:36
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (14 secs remaining)
    3 changes, last change 00:00:40
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (9 secs remaining)
    3 changes, last change 00:00:45
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (5 secs remaining)
    3 changes, last change 00:00:50
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (3 secs remaining)
    3 changes, last change 00:00:51
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up, delayed Down (2 secs remaining)
    3 changes, last change 00:00:52
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 11
R2#
*Nov 13 13:24:54.895: %OSPF-5-ADJCHG: Process 11, Nbr 192.168.100.5 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down
    4 changes, last change 00:00:01
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#
*Nov 13 13:24:58.347: %TRACK-6-STATE: 11 ip sla 1 reachability Up -> Down

It took 20 seconds for the Track object to be considered really down. And that is good, because in the real world the service provider link could flap for a couple of seconds and then stabilize itself again.

Let us see now the behaviour of the tracked object, when R4 interface reachability is restored.

R4(config)#interf f0/0
R4(config-if)#no shut
R2#
*Nov 13 13:25:50.903: %OSPF-5-ADJCHG: Process 11, Nbr 192.168.100.5 on FastEthernet0/0 from LOADING to FULL, Loading Done
R2#sh ip sla statistics 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 31 milliseconds
Latest operation start time: 13:25:52 UTC Mon Nov 13 2017
Latest operation return code: OK
Number of successes: 26
Number of failures: 21
Operation time to live: Forever


R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (9 secs remaining)
    4 changes, last change 00:00:55
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (7 secs remaining)
    4 changes, last change 00:00:57
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (6 secs remaining)
    4 changes, last change 00:00:58
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (5 secs remaining)
    4 changes, last change 00:00:59
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (4 secs remaining)
    4 changes, last change 00:01:00
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (3 secs remaining)
    4 changes, last change 00:01:01
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (2 secs remaining)
    4 changes, last change 00:01:02
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (1 sec remaining)
    4 changes, last change 00:01:03
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Down, delayed Up (1 sec remaining)
    4 changes, last change 00:01:04
  Delay up 10 secs, down 20 secs
  Latest operation return code: Timeout
R2#sh track 11
Track 11
  IP SLA 1 reachability
  Reachability is Up
    5 changes, last change 00:00:00
  Delay up 10 secs, down 20 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 7
R2#
R2#
*Nov 13 13:26:03.359: %TRACK-6-STATE: 11 ip sla 1 reachability Down -> Up
R2#

It took 10 seconds of delay before the tracked object state is considered officially UP.

IP SLA UDP-Echo

According to Cisco documentation, IP SLA Responder is optional for the IP SLA UDP Echo operation. However, I experienced a different situation in my EVE-NG home lab.

Topology

I am using the same topology as in the Cisco IP SLA track with Delay section.

Configuration

The basic configuration of Cisco IP SLA UDP-Echo is:

ip sla {SLA-OP-ID}

udp-echo {DST-IP} {DST-PORT} [source-ip ]

and its scheduling.

R2#sh ip sla config 1
IP SLAs Infrastructure Engine-III
Entry number: 1
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: udp-echo
Target address/Source address: 192.168.100.5/192.168.100.6
Target port/Source port: 5000/0
Type Of Service parameter: 0x0
Request size (ARR data portion): 16
Verify data: No
Data pattern:
Vrf Name:
Control Packets: enabled
Schedule:
   Operation frequency (seconds): 60  (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): 3600
   Entry Ageout (seconds): 3600
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
   Number of statistic hours kept: 2
   Number of statistic distribution buckets kept: 1
   Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
   Number of history Lives kept: 0
   Number of history Buckets kept: 15
   History Filter Type: None

The result does not seem good at first.

R2#sh ip sla stat 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 21:02:56 UTC Wed Nov 15 2017
Latest operation return code: No connection
Number of successes: 0
Number of failures: 4
Operation time to live: 3382 sec


R2#sh ip sla stat 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 21:02:56 UTC Wed Nov 15 2017
Latest operation return code: No connection
Number of successes: 0
Number of failures: 4
Operation time to live: 3363 sec

In the debug messages the timeout error is clear.

R2#
Nov 15 21:04:01.655: IPSLA-OPER_TRACE:OPER:1 Timeout

Nov 15 21:04:01.655: IPSLA-OPER_TRACE:OPER:1 Ctrl msg: id=41, type=1, len=52, dest_ip=192.168.100.5, enablePort=5000, duration=5000

Nov 15 21:04:01.659: IPSLA-OPER_TRACE:OPER:1 src_ip=192.168.100.6, src_port=0

Nov 15 21:04:01.659: IPSLA-OPER_TRACE:OPER:1 table_id=0, topo_id=0 pktinfo_tableid = 0

And then I activated IP SLA Responder on the target Cisco device and it worked

R4(config)#ip sla responder
R4(config)#
R2#sh ip sla stat 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 21:03:56 UTC Wed Nov 15 2017
Latest operation return code: No connection
Number of successes: 0
Number of failures: 5
Operation time to live: 3295 sec

R2#sh ip sla stat 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
        Latest RTT: 20 milliseconds
Latest operation start time: 21:04:56 UTC Wed Nov 15 2017
Latest operation return code: OK
Number of successes: 1
Number of failures: 5
Operation time to live: 3285 sec

IP SLA ICMP Jitter

The syntax of the ICMP Jitter operation is:

(config-ip-sla)#icmp-jitter {DST}

where DST is the destination host.

Let us use it to collect measurements between R2 and R4, of this topology.

R2(config)#ip sla 1
R2(config-ip-sla)#icmp-jitter ?
Hostname or A.B.C.D Destination IP address or hostname, broadcast disallowed

R2(config-ip-sla)#icmp-jitter 192.168.100.5 ?
interval Inter Packet Interval
num-packets Number of Packets to be transmitted
source-ip Source Address
<cr>

R2(config-ip-sla)#icmp-jitter 192.168.100.5 source-ip 192.168.100.6
R2(config-ip-sla-icmpjitter)#
R2(config-ip-sla-icmpjitter)#?
IP SLAs Icmp Jitter Configuration Commands:
default Set a command to its defaults
exit Exit operation configuration
frequency Frequency of an operation
history History and Distribution Data
no Negate a command or set its defaults
owner Owner of Entry
percentile Set percentile statistics levels
tag User defined tag
threshold Operation threshold in milliseconds
timeout Timeout of an operation
tos Type Of Service
vrf Configure IP SLAs for a VPN Routing/Forwarding instance

R2(config-ip-sla-icmpjitter)#frequency 5
R2(config-ip-sla-icmpjitter)#

The results can be seen with show ip sla statistics 1

R2#sh ip sla statistics 1
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Type of operation: icmp-jitter
Latest RTT: 17 milliseconds
Latest operation start time: 13:54:02 UTC Tue Nov 14 2017
Latest operation return code: OK
RTT Values:
Number Of RTT: 10 RTT Min/Avg/Max: 8/17/28 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
Number of SD Jitter Samples: 9
Number of DS Jitter Samples: 9
Source to Destination Jitter Min/Avg/Max: 0/9/17 milliseconds
 Destination to Source Jitter Min/Avg/Max: 0/12/19 milliseconds
Over Threshold:
Number Of RTT Over Threshold: 0 (0%)
Packet Late Arrival: 0
Out Of Sequence: 0
Source to Destination: 0 Destination to Source 0
In both Directions: 0
Packet Skipped: 0 Packet Unprocessed: 0
Packet Loss: 0
Loss Periods Number: 0
Loss Period Length Min/Max: 0/0
Inter Loss Period Length Min/Max: 0/0
Number of successes: 2
Number of failures: 0
Operation time to live: Forever

As I have colored the relevant information, Cisco IP SLA ICMP Jitter operation displays information about:
– number of RTTs
– RTT minimum, average and maximum values
– one-way delay from Source to Destination
– one-way delay from Destination to Source
– operation code

IP SLA Track For PBR

We learn in this section how to leverage Cisco IOS IP SLA tracking with PBR.

Cisco IP SLA track for PBR: a sample topology

I used Eve-NG to generate this network topology.

cisco-ip-sla-track-pbr-topology

Using PBR to change the path of the packet

The normal behaviour is: IP traffic from host A destined to loopback0 goes through DLS1 then Router.

cisco-ip-sla-pbr-topology-2

I configured policy-based routing PBR on DLS1 with this pseudo-algorithm:

if IP or UDP traffic sourced from Host-A destined to loopback0 comes on SVI 100 (which happens to be the default gateway of Host-A)

then force it to go to DLS2 first, then on to Router.

VPCS> trace 2.2.2.2
trace to 2.2.2.2, 8 hops max, press Ctrl+C to stop
 1   172.16.100.1   21.232 ms  15.710 ms  6.978 ms
 2   11.11.11.10   20.314 ms  24.029 ms  18.548 ms !!! this is DLS2
 3   *11.11.11.5   31.603 ms (ICMP type:3, code:3, Destination port unreachable)  *

VPCS>

Policy-based Routing works great. However, when the DLS1-DLS2 link fails, we get a routing hole:

VPCS> trace 2.2.2.2
trace to 2.2.2.2, 8 hops max, press Ctrl+C to stop
 1   172.16.100.1   16.755 ms  18.482 ms  16.274 ms !!! traffic reaches DLS1 and then PBR sends it towards DLS2, which is down.
 2     *  *  *
 3     *  *  *
 4     *  *  *
 5     *  *  *
 6     *  *  *
^C 7

VPCS> 

One solution is to implement IP SLA with Object Tracking, alongside with Policy-based Routing.

Cisco IP SLA with object tracking

The solution suggested to the abovementioned challenge is to implement Object Tracking with IP SLA, then to invoke the Tracking Object within the PBR statement.

Configure an IP SLA operation

First configure the IP SLA operation on DLS1. In the real world, it can be either ICMP Echo or a UDP Echo IP SLA. Since I’m using Cisco virtual IOS in my home lab, then I know that IP SLA ICMP-Echo-based operations are not supported by my equipement. Therefore I used UDP Echo IP SLA operations instead.

ip sla 3
 udp-echo 11.11.11.10 5000 source-ip 11.11.11.9 source-port 5001
 frequency 10
ip sla schedule 3 start-time after 00:01:00

Configure a Tracking object

Configure a Tracking Object and set it to track the IP SLA operation you configured above.

track 33 ip sla 3

I named it 33 because it reminds me of IP SLA operation number 3 :)

Cisco IP SLA Track for PBR

You would configure a route-map normally, with an access-list that defines the traffic to be matched and a set command. But instead of setting set ip next-hop {blabla}, use set ip next-hop verify-availability  command.

route-map RmapPBR permit 10
 match ip address PBRacl1
 continue 20
 set ip next-hop verify-availability 11.11.11.10 1 track 33

This configuration line conditions the existence of the next hop 11.11.11.10 with the reachability of the IP SLA operation 3, tracked by the Tracking object 33. The 1 after 11.11.11.10 refers to the sequence number. In fact, we can configure many set ip next-hop verify-availability commands in a same Route-map.
cisco-ip-sla-track-pbr

When the IP SLA 3 gives a reachable host (here 11.11.11.10) then the next hop in the Route-map is 11.11.11.10.

VPCS> trace 2.2.2.2
trace to 2.2.2.2, 8 hops max, press Ctrl+C to stop
 1   172.16.100.1   15.724 ms  21.130 ms  14.142 ms
 2   11.11.11.10   28.583 ms  21.695 ms  25.356 ms
 3   *11.11.11.5   11.877 ms (ICMP type:3, code:3, Destination port unreachable)  *

VPCS>
VPCS>

If the IP SLA 3 gives an unreachable host, then the Tracking Object notifies Route-map with that. And the whole set ip next-hop command has no longer any effect: traffic is routed according to the regular routing table:

-------
Sep 25 15:38:08.561: %TRACK-6-STATE: 33 ip sla 3 state Up -> Down
------
VPCS> trace 2.2.2.2
trace to 2.2.2.2, 8 hops max, press Ctrl+C to stop
 1   172.16.100.1   16.167 ms  44.836 ms  25.935 ms
 2   *11.11.11.1   23.718 ms (ICMP type:3, code:3, Destination port unreachable)  *

VPCS> 

When reachability of the tracked object (the UDP-Echo-based IP SLA to DLS2 from DLS1) is established, the Tracking Object returns a positive status code to the route-map, and the set ip next-hop statement is valid again.

Sep 25 15:38:33.573: %TRACK-6-STATE: 33 ip sla 3 state Down -> Up

Now you can scroll the sections and copy the text below into your own home lab in order to be able to reproduce my network topology.

Host A config

ip 172.16.100.101/24 172.16.100.1
save Config

Host B config

ip 172.16.200.101/24 172.16.200.1
save Config

Router config

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EET 2 0
no ipv6 cef
ipv6 multicast rpf use-bgp
!
ip cef
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
description — to DLS1 —
no switchport
ip address 11.11.11.1 255.255.255.252
!
interface Ethernet0/2
description — to DLS2 —
no switchport
ip address 11.11.11.5 255.255.255.252
!
interface Ethernet0/3
duplex auto
!
!
router eigrp 2534
network 2.2.2.2 0.0.0.0
network 11.11.11.0 0.0.0.3
network 11.11.11.4 0.0.0.3
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
end

ALS1 config

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname ALS-1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
spanning-tree mst configuration
name CCNP
revision 1
instance 1 vlan 99-100
instance 2 vlan 110, 120
!
spanning-tree vlan 666 priority 36864
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface Port-channel3
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport access vlan 100
switchport mode access
media-type rj45
negotiation auto
spanning-tree portfast edge
!
interface GigabitEthernet0/3
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol lacp
channel-group 3 mode active
!
interface Vlan99
ip address 172.16.99.101 255.255.255.0
!
interface Group-Async1
physical-layer async
no ip address
encapsulation slip
!
ip default-gateway 172.16.99.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
ip sla responder
ip sla responder udp-echo ipaddress 172.16.99.1 port 5000
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
ntp source Vlan99
ntp server 172.16.99.1
!
end

ALS2 config

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname ALS-2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
enable password ine
!
no aaa new-model
no process cpu autoprofile hog
clock timezone cet 1 0
!
!
!
!
!
vtp file vlan.dat
!
!
!
no ip domain-lookup
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode mst
spanning-tree portfast edge default
spanning-tree extend system-id
!
spanning-tree mst configuration
name CCNP
revision 1
instance 1 vlan 99-100
instance 2 vlan 110, 120
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface Port-channel3
switchport access vlan 5
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol pagp
spanning-tree mst 2 cost 10000
!
interface GigabitEthernet0/3
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet1/0
switchport access vlan 200
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode access
switchport nonegotiate
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
switchport access vlan 2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
switchport access vlan 5
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
negotiation auto
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/3
description — to router R4 —
switchport access vlan 4
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
channel-protocol lacp
channel-group 3 mode active
spanning-tree portfast edge
!
interface Vlan1
ip address 1.1.1.22 255.255.255.0
shutdown
!
interface Vlan4
ip address 4.4.4.22 255.255.255.0
shutdown
!
interface Vlan99
ip address 172.16.99.102 255.255.255.0
!
ip default-gateway 172.16.99.1
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
!
ip sla responder
ip sla responder udp-echo ipaddress 172.16.99.1 port 5000
!
!
!
control-plane
!
line con 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
password ine
login
!
!
end

DLS1 config

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname DLS-1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no process cpu autoprofile hog
clock timezone cet 1 0
!
!
!
!
!
vtp file vlan.dat
!
!
!
no ip domain-lookup
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 99-100,200 priority 24576
!
vlan internal allocation policy ascending
!
track 33 ip sla 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
no negotiation auto
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
no negotiation auto
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/2
description — router —
no switchport
ip address 11.11.11.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet1/3
shutdown
media-type rj45
negotiation auto
!
interface Vlan99
ip address 172.16.99.1 255.255.255.0
!
interface Vlan100
ip address 172.16.100.1 255.255.255.0
ip policy route-map RmapPBR
!
interface Vlan101
ip address 11.11.11.9 255.255.255.252
!
interface Vlan200
ip address 172.16.200.1 255.255.255.0
!
!
router eigrp 2534
network 11.11.11.0 0.0.0.3
network 11.11.11.8 0.0.0.3
network 172.16.100.0 0.0.0.255
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
ip access-list extended PBRacl1
permit icmp host 172.16.100.101 host 2.2.2.2
permit udp host 172.16.100.101 host 2.2.2.2
permit ip host 172.16.100.101 host 2.2.2.2
!
ip sla 1
icmp-echo 172.16.100.101
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 172.16.200.101
ip sla schedule 2 life forever start-time now
ip sla 3
udp-echo 11.11.11.10 5000 source-ip 11.11.11.9 source-port 5001
frequency 10
ip sla schedule 3 start-time after 00:01:00
ip sla 4
udp-jitter 172.16.99.102 5000
ip sla schedule 4 life forever start-time now
ip sla 5
icmp-echo 11.11.11.10 source-ip 11.11.11.9
frequency 40
ip sla schedule 5 start-time after 00:30:00
!
route-map PmapPBR permit 10
match ip address PBRacl1
!
route-map RmapPBR permit 10
match ip address PBRacl1
continue 20
set ip next-hop verify-availability 11.11.11.10 1 track 33
!
!
!
control-plane
!
line con 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
login
!
ntp master 5
!
end

DLS2 config

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname DLS-2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
enable password ine
!
no aaa new-model
no process cpu autoprofile hog
clock timezone EET 2 0
!
!
!
!
!
vtp file vlan.dat
!
!
!
no ip domain-lookup
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast edge default
spanning-tree extend system-id
!
spanning-tree mst configuration
name CCNP
revision 1
instance 1 vlan 99-100
instance 2 vlan 110, 120
!
spanning-tree vlan 99-100,200 priority 28672
spanning-tree vlan 101 priority 24576
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet0/3
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
media-type rj45
duplex full
no negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 2-998,1000-4094
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport mode trunk
switchport nonegotiate
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
description — router —
no switchport
ip address 11.11.11.6 255.255.255.252
duplex full
no negotiation auto
spanning-tree portfast edge
!
interface GigabitEthernet1/3
switchport access vlan 4
switchport mode access
shutdown
media-type rj45
negotiation auto
!
interface Vlan1
ip address 1.1.1.33 255.255.255.0
!
interface Vlan99
ip address 172.16.99.2 255.255.255.0
!
interface Vlan101
ip address 11.11.11.10 255.255.255.252
!
!
router eigrp 2534
network 11.11.11.4 0.0.0.3
network 11.11.11.8 0.0.0.3
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
!
ip sla responder
ip sla responder udp-echo ipaddress 11.11.11.9 port 5000
!
!
!
control-plane
!
line con 0
logging synchronous level 0 limit 20
line aux 0
line vty 0 4
password ine
login
!
!
end

1 thought on “Cisco IP SLA Configuration”

Leave a Comment