IP SLA
IPSLA是 Internet Protocol Service-Level Agreement的缩写,意思是 互联网协议 服务等级协议。 IP SLA主要有以下三种应用场合:
1.浮动静态路由下一跳检测。
2.HSRP出接口检测。
3.PBR策略路由下一跳检测。
1900&2900&3900 series
IPSLA Cisco IOS IP Service-Level Agreements (SLAs) enable you to assure new business-critical IP applications, as well as IP services that use data, voice, and video in an IP network.

4500 series
Switches running the IP base or LAN base feature set support only IP SLAs responder functionality and
must be configured with another device that supports full IP SLAs functionality, for example, a Catalyst
4500 series switch running the IP services feature set.

3750X serier
Switches running the IP base or LAN base feature set support only IP SLAs responder functionality and must be configured with another device that supports full IP SLAs functionality, for example, a Catalyst 3750-X switch running the IP services feature set.

3560 serier
The IP SLAs responder is available only on Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality,such as a Catalyst 3750-X or 3560-X s witch running the LAN base feature set ora Catalyst 2960 switch.

应用一:IP SLA在浮动静态路由中的使用

IP SLA_第1张图片

完成基础配置后分别在R1R2上指静态:

R2(config)#ip route 1.1.1.0 255.255.255.0 12.1.1.1

R2(config)#ip route 1.1.1.0 255.255.255.0 21.1.1.1 20

R1上起创建服务条目:

R1(config)#ip sla monitor 10

R1(config-sla-monitor)#type echo protocol ipIcmpEcho 12.1.1.2 source-ip 12.1.1.1

R1(config-sla-monitor-echo)#timeout 100

R1(config-sla-monitor-echo)#frequency 2

R1(config)#track 10 rtr 10 reachability

R1(config)#ip sla monitor schedule 10 life forever start-time now

R1(config)#ip route 2.2.2.0 255.255.255.0 21.1.1.2 20

R1(config)#ip route 2.2.2.0 255.255.255.0 12.1.1.2 track 10


应用二:IP SLA在HSRP中的使用

IP SLA_第2张图片

----------------------------------IP SLA for  HSRP--------

Use the ip sla enable timestamp command to enable low-level time stamping for IP SLAs.
IP SLAs low-level time stamping increases the length of time between when the packet arrives at the interface and when the packet is handed to the application. For Hot Standby Router Protocol (HSRP) on a Cisco Catalyst 3560 Series switch, the longer elapsed time will exceed the default hold time at the standby interface, causing the standby HSRP to be declared active and making both (the active and standby) HSRPs active at the same time. To ensure that HSRP continues to operate correctly when the IP SLAs time stamp is enabled, also configure the standby timers command on the standby interface to increase the HSRP hello and hold timers. The recommended hello and hold timer values are 15 seconds and 16 seconds, respectively.


Router A Configuration

ip sla monitor 10

type echo protocol ipIcmpEcho 114.114.114.114 source-ipaddr 202.1.1.1

request-data-size 32

timeout 1000

frequency 3

exi

ip sla monitor schedule 10 life forever start-time now

track 20 rtr 10 reachability

interface FastEthernet0/0

ip address 10.1.1.2 255.255.255.0

standby 1 preempt

standby 1 ip 10.1.1.1

standby 1 priority 110

standby 1 track 20 decrement 10

Router B Configuration

ip sla monitor 10

type echo protocol ipIcmpEcho 114.114.114.114 source-ipaddr 203.1.1.1

request-data-size 32

timeout 1000

frequency 3

ip sla monitor schedule 10 life forever start-time now

exi

track 20 rtr 10 reachability

interface FastEthernet0/0

ip address 10.1.1.3 255.255.255.0

standby 1 preempt

standby 1 ip 10.1.1.1

standby 1 priority 105

standby 1 track 20 decrement 10


应用三:IP SLA 在PBR中的使用(iso 15.0 配置)
IP SLA_第3张图片
本地路由设备到 ISP 中间往往连接一个光电转换器( Layer2 ),当对端 shutdown 状态 , 本地设备仍处于 UP ,这时将导致所谓的“黑洞”现象,我们可以通过 SLA 来做网络端到端的可用性监测,从而解决这个问题。

1、定义相关ACL

conf t

ip access-list extended all-net
permit ip any any
exi
access-list 1 permit 202.1.1.2
access-list 2 permit 203.1.1.2

2Route-mapNat

route-map isp1-line permit 10

match ip address all-net

match  ip next-hop 1

exi

route-map isp2-line permit 10

match ip address all-net

match  ip next-hop 2

exi

ip nat inside source route-map isp1-line int gi0/1 overload

ip nat inside source route-map isp2-line int gi0/2 overload

3IP SlA

i p sla 202
icmp-echo 202.1.1.2 source-ip 202.1.1.1
timeout    5000
frequency 2
exi
ip sla schedule 202 life forever start-time now
ip sla 203
icmp-echo 203.1.1.2 source-ip 203.1.1.1
timeout    5000
frequency 2
exi
ip sla schedule 203 life forever start-time now

定义SLA监视组

t rack 1 ip sla 202 reachability
track 2 ip sla 203 reachability

写路由

-----------------------------------------------------------------------

R1(config)#ip route 0.0.0.0 0.0.0.0 202.1.1.2 track 1
R1(config)#ip route 0.0.0.0 0.0.0.0 203.1.1.2 track 2

--------------------------- 查看状态-------------------------------------------------------
Router#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 202
Type of operation: icmp-echo
       Latest RTT: 1 milliseconds
Latest operation start time: 10:46:13.267 UTC Fri Apr 4 2014
Latest operation return code: OK
Number of successes: 246
Number of failures: 0
Operation time to live: Forever
IPSLA operation id: 203
Type of operation: icmp-echo
       Latest RTT: 1 milliseconds
Latest operation start time: 10:46:07.131 UTC Fri Apr 4 2014
Latest operation return code: OK
Number of successes: 10
Number of failures: 0
Operation time to live: Forever

----------------------------测试一----断掉isp-1线缆----------
Router#show ip sla s
Apr 4 10:49:11.707: %TRACKING-5-STATE: 1 ip sla 202 reachability Up->Downt
Router#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 202
Type of operation: icmp-echo
       Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 10:49:03.267 UTC Fri Apr 4 2014
Latest operation return code: Timeout
Number of successes: 262
Number of failures: 1
Operation time to live: Forever
IPSLA operation id: 203
Type of operation: icmp-echo
       Latest RTT: 1 milliseconds
Latest operation start time: 10:49:07.131 UTC Fri Apr 4 2014
Latest operation return code: OK
Number of successes: 19
Number of failures: 0
Operation time to live: Forever

-----------------------------测试二---- 恢复isp-1线缆------------------
Router#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 202
Type of operation: icmp-echo
       Latest RTT: 1 milliseconds
Latest operation start time: 10:51:43.267 UTC Fri Apr 4 2014
Latest operation return code: OK
Number of successes: 263
Number of failures: 16
Operation time to live: Forever
IPSLA operation id: 203
Type of operation: icmp-echo
       Latest RTT: 1 milliseconds
Latest operation start time: 10:51:27.131 UTC Fri Apr 4 2014
Latest operation return code: OK
Number of successes: 26
Number of failures: 0
Operation time to live: Forever
Router#
Apr 4 10:51:46.883: %TRACKING-5-STATE: 1 ip sla 202 reachability Down->Up
--------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------
IP SLA 在PBR中的使用(iso 12.2 配置)

1、定义相关ACL
conf t
ip access-list extended all-net
permit ip any any
exi
access-list 1 permit 202.1.1.1
access-list 2 permit 203.1.1.1

2Route-mapNat
route-map isp1-line permit 10
match ip address all-net
match  ip next-hop 1
exi
route-map isp2-line permit 10
match ip address all-net
match  ip next-hop 2
exi
ip nat inside source route-map isp1-line int fa0/1 overload
ip nat inside source route-map isp2-line int fa0/2 overload

3IP SlA
本地路由设备到ISP中间往往连接一个光电转换器(Layer2),当对端shutdown状态,本地设备仍处于UP,这时将导致所谓的“黑洞”现象,我们可以通过SLA来做网络端到端的可用性监测,从而解决这个问题。

ip sla monitor 10
type echo protocol ipIcmpEcho 202.1.1.1 source-ipaddr 201.1.1.2
timeout 5000

frequency 2
exi
ip sla monitor schedule 10 life forever start-time now

ip sla monitor 20
type echo protocol ipIcmpEcho 203.1.1.1 source-ipaddr 202.1.1.2
timeout 5000

frequency 2
exi
ip sla monitor schedule 20 life forever start-time now
定义SLA监视组
track 1 rtr 10 reachability
track 2 rtr 20 reachability

写路由

R1(config)#ip route 0.0.0.0 0.0.0.0 202.1.1.1 track 1
R1(config)#ip route 0.0.0.0 0.0.0.0 203.1.1.1 track 2