IP SLA and Object Tracking

I’ve recently been doing some work with our HSRP setup around our network. Like most people, we use HSRP as a first hop redundancy mechanism to provide clients attached to the network with a virtual default gateway. HSRP will, be default, fail from Active to Standby, should the routers lose the ability to talk to one another on the subnet the HSRP for.

But what if something “down the line” fails…


Take this example to the right, R1 and R2 have a HSRP group between them for the 10.0.0.0/24 network, with R1 having the higher priority. R6 is playing the part of “host” and has a default route to the HSRP Virtual IP Address.

The aim of the lab is to ensure that R6 can always get to the 4.2.2.2 address on R5. There is a very basic OSPF setup between R1, R2, R3, R4 & R5, with R5 propagating default information.

What happens if the link between R1 and R3 were to fail, R1 and R2 would be able to speak to each other, so R2 would not take over as the Active HSRP node.

All of a sudden, R6 has lost connectivity to 4.2.2.2

There are a few different tools at our disposal to combat this problem – IP SLA and Tracking.

IP SLA is Internet Protocol Service Level Agreement, and allows you to retrieve statics for all manner of things, from as simple as a ping response, to making sure a TCP Port is open, to path jitter for your IP Telephony deployments.

Tracking allows you to track a wide range of objects, such as interface status, or the results of an IP SLA object.  Tracking objects are either UP or DOWN. Tracking can be used to influence a number of things – HSRP priority, GLBP weighting or policy routing decisions.

In this first example, we are going to be using IP SLA to checking that R1 can ping 4.2.2.2 with a source IP of 10.0.0.11, and then creating a tracking object.


ip sla 10
 icmp-echo 4.2.2.2 source-interface FastEthernet0/1
 frequency 5
ip sla schedule 10 life forever start-time now
!
track 10 rtr 10

You won’t get SLA information unless you add the schedule line (you can set it to only function during certain times etc…)

Once it’s up and running, the below command shows the results


R1#show ip sla statistics 10

Round Trip Time (RTT) for       Index 10
        Latest RTT: 80 milliseconds
Latest operation start time: *01:02:44.343 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 4
Number of failures: 0
Operation time to live: Forever

R1#show track brief
Track   Object                           Parameter        Value Last Change
10      rtr         10                   state            Up    00:06:28

You can see that the SLA object is getting a response, so returning an OK code, and therefore the tracked object is showing as UP.

Tracked objects do work without SLA objects, the following checks that a certain route exists in the routing table


track 20 ip route 0.0.0.0 0.0.0.0 reachability

When you look at the tracked object, it confirms the state, and even shows you where the route is learned from.


R1#show track 20
Track 20
  IP route 0.0.0.0 0.0.0.0 reachability
  Reachability is Up (OSPF)
    7 changes, last change 01:33:21
  First-hop interface is FastEthernet0/0

You can also use tracking to check the state of interfaces, you can check layer 1/2


track 40 interface FastEthernet0/0 line-protocol

or layer 3


track 30 interface FastEthernet0/0 ip routing

This is a type of tracking object called a list, this lets you bundle several other tracking objects together.


track 1 list boolean and
 object 30
 object 40

Tracking lists are using boolean logic to decide its status, you have a choice of OR or AND

OR – if any object is up, the main track group is up
AND – all objects need to be up for the main track group to be up (if any single object is down, the group is down)

If you have a particularly flaky network; and things might blip very quickly, or you just want to allow a little time to make sure the condition is true before things start failing over, you can add delays to a tracked object, either when they are due to go down, or up.


track 1 list boolean and
 delay down 10 up 10

this means that when trigger changes, and the object should be down, it will wait 10 seconds before actually changing its status, obviously, if the conditions change during this count down, then the countdown will cancel and the object will remain up. Equally, using the up delay, when an object is down, and is due to change to up, it will take 10 seconds before actually changing.


Track 1
  List boolean and
  Boolean AND is Up, delayed Down (8 secs remaining)
    2 changes, last change 00:09:33
    object 30 Down
    object 40 Down
  Delay up 10 secs, down 10 secs

So now you have setup all your tracked objects, what can you actually do with them? with HSRP, you can use the tracked object to adjust the routers priority, in the example above, HSRP is setup between R1 and R2,

R1 priority = 200
R2 priority = 180

In this example, when any of the tracked object are triggered, they will decrement the routers priority by 30, taking its priority to below that of R2, and because preempt is configured, it will cause R2 to transition into Active state.


interface FastEthernet0/1
 ip address 10.0.0.11 255.255.255.0
 standby 10 ip 10.0.0.1
 standby 10 priority 200
 standby 10 preempt
 standby 10 track 10 decrement 30
 standby 10 track 20 decrement 30
 standby 1 0 track 1 decrement 30
end

You can use tracking objects for adjusting the weighing in GLBP


interface FastEthernet0/1
 ip address 10.0.0.12 255.255.255.0
 speed 100
 full-duplex
 glbp 10 ip 10.0.0.1
 glbp 10 priority 200
 glbp 10 preempt
 glbp 10 weighting track 1 decrement 30
 glbp 10 weighting track 30 decrement 30
 glbp 10 weighting track 40 decrement 30

or, you can use it to verify the existence of a next hop in your policy based routing


ip sla 15
 icmp-echo 10.0.0.12
ip sla schedule 15 life forever start-time now
!
track 15 rtr 15
!
route-map MYROUTEMAP permit 10
 set ip next-hop verify-availability 10.0.0.12 1 track 15

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: