Archive for March, 2017

IP SLA (icmp) on Cisco routers

Posted: March 24, 2017 in Cisco Security - IOS
0

Just a brief overview on setting up a IP SLA (icmp) on Cisco routers. The idea is to have a primary connectivity line (via MPLS) and backup connectivity line in case primary line is down. The backup line should take traffic load until primary line is back on line (such a fancy wordings).. The switch to the primary line should be automatically with no user interventions. If you need more info about IP SLA features you can click on the link.

Here is connectivity diagram:

ipsla

The idea is to have constant communication between RTR 4331 and RTR2′ loopback interface Lo1 (ip address 4.4.4.4). This simulates connectivity to, lets say Exchange server located in the main office, even dough these days most of the Exchange servers are in the cloud already but you got the point.

Lets get to the bread and butter:

Router’s configuration related to IP SLA only is listed below. Router has default config, no fancy stuff, IP addresses were assigned to interfaces as per diagram above.
ip sla 10
icmp-echo 4.4.4.4 source-interface GigabitEthernet0/0/0
frequency 5000
threshold 2
track 10 ip sla 10 reachability
ip sla schedule 10 life forever start-time now

ip route 0.0.0.0 0.0.0.0 10.238.254.134 track 10
ip route 0.0.0.0 0.0.0.0 1.1.1.2 10

 

Cool. Lets test this stuff..

FEI-R-4331-1#sh ip sla summary 
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

ID           Type        Destination       Stats       Return      Last
(ms)        Code        Run
———————————————————————–
*10          icmp-echo   4.4.4.4           RTT=1       OK          5 minutes, 42
seconds ago

FEI-R-4331-1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 10.238.254.134 1 msec 1 msec 0 msec
2 20.20.20.22 0 msec *  1 msec
FEI-R-4331-1#

FEI-R-4331-1#sh ip sla statistics 
IPSLAs Latest Operation Statistics

IPSLA operation id: 10
Latest RTT: 1 milliseconds
Latest operation start time: 09:22:57 pdt Fri Mar 24 2017
Latest operation return code: OK
Number of successes: 1
Number of failures: 0
Operation time to live: Forever

Let start constant ping to 4.4.4.4, then disconnect the cable on MPLS line, and do tracert to 4.4.4.4…
FEI-R-4331-1#ping 4.4.4.4 repeat 6000
Type escape sequence to abort.
Sending 6000, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
… deleted for clarity
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! – lost 1 ping
… deleted for clarity

Success rate is 99 percent (5998/6000), round-trip min/avg/max = 1/1/7 ms

FEI-R-4331-1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 1.1.1.2 1 msec 1 msec 1 msec
2 30.30.30.32 1 msec *  1 msec – communication goes over backup line
FEI-R-4331-1#

Switching it back to MPLS:
FEI-R-4331-1#ping 4.4.4.4 repeat 6000
Type escape sequence to abort.
Sending 6000, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! – lost 1 ping while MPLS interface came up.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (5999/6000), round-trip min/avg/max = 1/1/6 ms
FEI-R-4331-1#

FEI-R-4331-1#traceroute 4.4.4.4  – route is switched back automatically to the higher priority one.
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 10.238.254.134 1 msec 1 msec 0 msec
2 20.20.20.22 0 msec *  1 msec
FEI-R-4331-1#

Here it goes. Very useful feature that saved valuable time to most of my customers base.