Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2629
  • Last Modified:

Problem with a cisco sla monitor

I'm having a hard time figuring out why one of my sla monitors is not working correctly.  I know that if i reboot the router or delete and re-create the sla, it will start working again.
I currently have two WAN uplinks and two SLAs (one for each WAN).  The sla was workign fine up until earlier today.

!
ip sla monitor 1
 type echo protocol ipIcmpEcho 4.2.2.1
 threshold 3000
 frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
 type echo protocol ipIcmpEcho 4.2.2.2
 threshold 3000
 frequency 5
ip sla monitor schedule 2 life forever start-time now
!

I then have a permanent route to 4.2.2.1 out of 1 interface, and another route to 4.2.2.2 out of the other interface.
!
ip route 4.2.2.1 255.255.255.255 216.237.15.xxx permanent
ip route 4.2.2.2 255.255.255.255 216.237.30.xxx permanent
!
The trackings are pretty standard, though note that one is reachability and the other is state. (the one tracking state is the one that is shows to be down)
!
track 1 rtr 1 reachability
 delay down 15 up 15
!
track 2 rtr 2
 delay down 15 up 15
!

I can ping both 4.2.2.2 and 4.2.2.1:

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
HQ_Router#ping 4.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/80 ms

This is what track is telling me:

HQ_Router#sh track
Track 1
  Response Time Reporter 1 reachability
  Reachability is Up
    4 changes, last change 2d17h
  Delay up 15 secs, down 15 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 32
  Tracked by:
    STATIC-IP-ROUTING 0
Track 2
  Response Time Reporter 2 state
  State is Down
    4 changes, last change 05:57:57
  Delay up 15 secs, down 15 secs
  Latest operation return code: Timeout
  Tracked by:
    STATIC-IP-ROUTING 0

Here is the sla monitors and notice that index 2 is in Timeout state:

HQ_Router#sh ip sla monitor statistics
Round trip time (RTT)   Index 1
        Latest RTT: 56 ms
Latest operation start time: *20:48:45.428 Pacific Thu Oct 22 2009
Latest operation return code: OK
Number of successes: 433
Number of failures: 0
Operation time to live: Forever

Round trip time (RTT)   Index 2
        Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *20:48:38.508 Pacific Thu Oct 22 2009
Latest operation return code: Timeout
Number of successes: 0
Number of failures: 205
Operation time to live: Forever
0
marinedepot
Asked:
marinedepot
  • 3
  • 2
1 Solution
 
Faruk Onder YerliOwnerCommented:
Hi;

I think you have got wrong idea how to use IP SLA commands. I will try to explain.

1. ****************************************
Defining monitor service parameters
------------------------------------------------------------
ip sla monitor 1
 type echo protocol ipIcmpEcho [Router Gateway IP Address]
 frequency 5
2. *****************************************
ip sla monitor schedule 1 life forever start-time now -> It explains when tracking will start and which condition.
3.*****************************************
track 1 rtr 1 reachability -> Start tracking service in bacround of router.
4. *****************************************
ip route 4.2.2.1 255.255.255.255 [Router Gateway IP Address] [metric] Track 1 -> If track logic is up you will see this route in routing table.-
---*****************************************

I see mismatch conf in 1st and 4th step. You didn't define tracking gateway correctly in 1st step.  You didn't put tracking route in 4th step.





0
 
marinedepotAuthor Commented:
Well, I can't just add the Router Gateway IP Address in step 1. I had to use either source-ipaddress or source-interface.
I chose source-interface.
So now it reads as:
!
ip sla monitor 1
 type echo protocol ipIcmpEcho 4.2.2.1 source-interface FastEthernet0/1
 threshold 3000
 frequency 5
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
 type echo protocol ipIcmpEcho 4.2.2.2 source-interface FastEthernet0/0
 threshold 3000
 frequency 5
ip sla monitor schedule 2 life forever start-time now
!

I did have some routes using the tracking routes, I just didnt add them in the questions.  These were:
!
ip route 0.0.0.0 0.0.0.0 216.237.15.1 track 1
ip route 0.0.0.0 0.0.0.0 216.237.30.17 10 track 2
!

Do you think that just because I didnt have the source-interface on the tracking command, thats why it was failing? even though that after resetting that the tracking would start working? And even though, its been working fine for days?
I just dont understand why it failed all of a sudden and remained in a timeout state even though the router could ping both 4.2.2.1 and 4.2.2.2.

0
 
Faruk Onder YerliOwnerCommented:
If your main aim makes redudanduncy of WAN interfaces,
you have to use interface gateway address in ip sla monitor command. So, it must be as below;
ip sla monitor 1
type echo protocol ipIcmpEcho 216.237.15.1 source-interface FastEthernet0/1
 threshold 3000
 frequency 5

ip sla monitor 2
 type echo protocol ipIcmpEcho 216.237.30.17 source-interface FastEthernet0/0
 threshold 3000
 frequency 5
0
 
marinedepotAuthor Commented:
Yes, the main goal is redundancy.  If one link goes down, traffic should move to the other line.  I have some static routes using WAN2 as well for some particular traffic.

Anyway, there has been times where my gateways were reachable but I still did not have internet access.  This is in part due to my WANs being wireless connections.  So I can't rely on pinging my gateways to determine uplink.  This is why I use 4.2.2.x

0
 
Faruk Onder YerliOwnerCommented:
ok i am telling correctly logic for you.
you will track gateway status with my correction. Then you will define route priority. You can use this track more than one route. also dont forget to use metric. If you are using NAT on WAN interfaces it will create problem without metric.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now