What is IP SLA (Internet Protocol Service Level Agreement) How to configure IP SLA?

IP SLA (Internet protocol service level agreement) is a great feature of the Cisco Internetwork Operating System (Cisco IOS). It is used to measure the ongoing behavior of the network. the measurement can be simple as using ping where we check the round-trip time or something more advanced like a VoIP RTP packet where we check the delay, and jitter and calculate a MOS score that gives you an indication of what the voice quality will be. IP SLA primarily acts as a tool and gathers data about a network.

We can configure IP SLA on the router and then the router sends packets, receive a response, and gather information about whether a response was received and measurement delay, jitter, packet loss, response times, and latency. We can combine IP SLA with static routes, policy-based routing, and routing protocols like OSPF or EIGRP.

Why do we need it? how its work?

As you can see from the above topology, we have a customer router connected to two ISPs with serial interfaces, and also, we have configured default routes with different AD in order to provide backup if one ISP or link fails, we can switch to another ISP. Now our customer router can reach the server on the internet and it can.  

but it's not very much reliable. because as long as the interface is up and the next hop is reachable the default route will be in the routing table. now if ISP 1 is having an issue with connectivity and ISP 1 cannot reach that server on the internet but our router still uses them for all the traffic. We don’t want this to happen to prevent this we are going to combine IP SLA with default routes.

now our router is configured with IP SLA now we check end-to-end connectivity.  IP SLA ping to the server and get a reply from the server. if somehow the ping fails then we switch over to ISP2, this method is reliable. 

we can also use different measurements (operation) besides ping and RTP. 

• TCP Connections
• UDP
• DNS
• DHCP
• HTTP
• FTP

 let's see the configuration of IP SLA.

• Configure the topology as per the diagram 
• Assign the IP addresses as per our topology 
• Assign IP on PC-1 10.1.1.2 and PC-2 40.1.1.2
• Configure the default route between R-1 to ISP-1 Primary
• configure default route between R-1 and ISP-2 with a backup link using AD 12
• Configure Static route from ISPs
• verify the backup link between R-1 and ISPs
• configure IPSLA 
• make sure the backup will work even ISP side link is down. 

R1(config)#interface serial 2/0

R1(config-if)#ip address 1.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

*May 16 12:07:59.435: %LINK-3-UPDOWN: Interface Serial4/0, changed state to up

*May 16 12:08:00.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0, changed state to up

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

*May 16 12:08:21.963: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*May 16 12:08:22.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config)#interface serial 2/1

R1(config-if)#ip address 3.1.1.2 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

*May 16 12:09:25.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to up

*May 16 12:11:27.531: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to up

R1#show ip interface brief

Interface                  IP-Address      OK? Method Status     Protocol

FastEthernet0/0        10.1.1.1        YES manual up                    up

Serial2/0                  1.1.1.1         YES manual up                    up

Serial2/1                  3.1.1.2         YES manual up                    up

R2(config)#interface serial 2/0

R2(config-if)#ip address 1.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface fastEthernet 1/1

R2(config-if)#ip address 2.2.2.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2#show ip interface brief

Interface                  IP-Address      OK? Method Status       Protocol

FastEthernet1/1        2.2.2.1         YES manual up                    up

Serial2/0                  1.1.1.2         YES manual up                    up

R3(config)#interface serial 2/1

R3(config-if)#ip address 3.3.3.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface fastEthernet 1/0

R3(config-if)#ip address 4.1.1.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3#show ip interface brief

Interface                  IP-Address      OK? Method Status       Protocol

FastEthernet1/0       4.1.1.2         YES manual up                    up

Serial2/1                  3.3.3.1         YES manual up                    up

R4(config)#interface fastEthernet 1/0

R4(config-if)#ip address 4.1.1.1 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface fastEthernet 0/0

R4(config-if)#ip address 40.1.1.1 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            40.1.1.1        YES manual up                    up

FastEthernet1/0            4.1.1.1         YES manual up                    up

FastEthernet1/1            2.2.2.2         YES manual up                    up

PC-1

PC-2

R1(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2

R1(config)#ip route 0.0.0.0 0.0.0.0 3.1.1.1 12

R2(config)#ip route 10.0.0.0 255.0.0.0 1.1.1.1

R2(config)#ip route 40.0.0.0 255.0.0.0 2.2.2.2

R3(config)#ip route 10.0.0.0 255.0.0.0 3.1.1.2

R3(config)#ip route 40.0.0.0 255.0.0.0 4.1.1.1

R4(config)#ip route 10.0.0.0 255.0.0.0 2.2.2.1

R4(config)#ip route 10.0.0.0 255.0.0.0 4.1.1.2

R4(config)#ip route 1.0.0.0 255.0.0.0 2.2.2.1

R4(config)#ip route 3.0.0.0 255.0.0.0 4.1.1.2

\

{now ping 40.1.1.2 from PC-1}

PC1> ping 40.1.1.2 -1

84 bytes from 40.1.1.2 icmp_seq=1 ttl=61 time=90.686 ms

84 bytes from 40.1.1.2 icmp_seq=2 ttl=61 time=91.024 ms

84 bytes from 40.1.1.2 icmp_seq=3 ttl=61 time=91.986 ms

84 bytes from 40.1.1.2 icmp_seq=4 ttl=61 time=91.668 ms

84 bytes from 40.1.1.2 icmp_seq=5 ttl=61 time=91.013 ms

PC1> ping 40.1.1.2 -3

Connect   7@40.1.1.2 seq=1 ttl=61 time=105.601 ms

SendData  7@40.1.1.2 seq=1 ttl=61 time=106.607 ms

Close     7@40.1.1.2 seq=1 ttl=61 time=121.265 ms

Connect   7@40.1.1.2 seq=2 ttl=61 time=92.187 ms

SendData  7@40.1.1.2 seq=2 ttl=61 time=90.703 ms

Close     7@40.1.1.2 seq=2 ttl=61 time=106.370 ms

Connect   7@40.1.1.2 seq=3 ttl=61 time=90.521 ms

SendData  7@40.1.1.2 seq=3 ttl=61 time=107.727 ms

Close     7@40.1.1.2 seq=3 ttl=61 time=120.897 ms

Connect   7@40.1.1.2 seq=4 ttl=61 time=75.339 ms

SendData  7@40.1.1.2 seq=4 ttl=61 time=106.885 ms

Close     7@40.1.1.2 seq=4 ttl=61 time=121.503 ms

Connect   7@40.1.1.2 seq=5 ttl=61 time=106.025 ms

SendData  7@40.1.1.2 seq=5 ttl=61 time=105.729 ms

Close     7@40.1.1.2 seq=5 ttl=61 time=122.395 ms

{from the above output our PC-1 can ping 40.1.1.2 somewhere on the internet. now trace the 40.1.1.2 from router 1}

R1#traceroute 40.1.1.2

Type escape sequence to abort.

Tracing the route to 40.1.1.2

  1 1.1.1.2 16 msec 28 msec 32 msec

  2 2.2.2.2 60 msec 68 msec 52 msec

  3 40.1.1.2 76 msec 76 msec 84 msec

{as you can see router 1 is using our primary interface serial 2/0 because we made this interface primary}

{now shutdown the ISP - 1 interface serial 2/0 to ensure the backup link is working or not}

 R2(config)#interface serial 2/0

R2(config-if)#shutdown

R2(config-if)#exit

*May 16 13:25:24.551: %LINK-5-CHANGED: Interface Serial2/0, changed state to administratively down

*May 16 13:25:25.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

{now trace 40.1.1.2 from router 1 and make sure router 1 uses a backup link serial 2/1 in order to reach 40.1.1.2.}

R1#traceroute 40.1.1.2

Type escape sequence to abort.

Tracing the route to 40.1.1.2

  1 3.3.3.1 32 msec 28 msec 32 msec

  2 4.1.1.1 44 msec 60 msec 72 msec

  3 40.1.1.2 64 msec 76 msec 84 msec

{as you can see the above output router 1 is using a backup link which is serial 2/1 in the failover primary link.}

{what will happen if the interface between ISP-1 and router-4 goes down. router 1 will use a backup link or not. let's verify it, first, bring the interface UP which we shut down.} 

R2(config)#interface serial 2/0

R2(config-if)#no shutdown

R2(config-if)#exit

*May 16 13:33:07.427: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up

*May 16 13:33:08.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

R2(config)#interface fastEthernet 1/1

R2(config-if)#shutdown

R2(config-if)#exit

*May 16 14:04:05.183: %LINK-5-CHANGED: Interface FastEthernet1/1, changed state to administratively down

*May 16 14:04:06.183: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down

R1#traceroute 40.1.1.1

Type escape sequence to abort.

Tracing the route to 40.1.1.1

  1 1.1.1.2 20 msec 24 msec 36 msec

  2 1.1.1.2 !H  !H  !H

R1#ping 40.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

R1#show run | include ip route

ip route 0.0.0.0 0.0.0.0 1.1.1.2

ip route 0.0.0.0 0.0.0.0 3.3.3.1 12

{as you can see router 1 is not using a backup link because the default route is still in the routing table and it's working but the link is down from the ISP side. now we need IP SLA to track end-to-end reachability}

(First, bring the link UP)

R2(config)#interface fastEthernet 1/1

R2(config-if)#no shutdown

R2(config-if)#exit

*May 16 14:07:36.903: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up

*May 16 14:07:37.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up

R1(config)#ip sla 1

R1(config-ip-sla)#icmp-echo 40.1.1.1 source-ip 10.1.1.1

R1(config-ip-sla-echo)#frequency 5

R1(config-ip-sla-echo)#threshold 100

R1(config-ip-sla-echo)#exit

R1(config)#ip sla schedule 1 life forever start-time now

R1(config)#track 1 ip sla 1

R1(config-track)#delay down 10 up 10

R1(config-track)#no ip route 0.0.0.0 0.0.0.0 1.1.1.2

R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.2 track 1

R1(config)#do show track

Track 1

  IP SLA 1 state

  State is Up

    5 changes, last change 00:00:59

  Delay up 10 secs, down 10 secs

  Latest operation return code: OK

  Latest RTT (millisecs) 52

  Tracked by:

    STATIC-IP-ROUTING 0

{Now again shutdown the ISP-1 interface f1/0}

R2(config)#interface fastEthernet 1/1

R2(config-if)#shutdown

R2(config-if)#exit

*May 16 14:15:07.067: %LINK-5-CHANGED: Interface FastEthernet1/1, changed state to administratively down

*May 16 14:15:08.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down

R1#

R1#

*May 16 15:13:26.799: %TRACKING-5-STATE: 1 ip sla 1 state Up->Down

R1#

R1#

{above you see the message on router-1 the link is down. IP SLA track end to end now let's see router 1 switches to backup link dynamically or not}

R1#ping 40.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/56/60 ms

R1#traceroute 40.1.1.1

Type escape sequence to abort.

Tracing the route to 40.1.1.1

  1 3.3.3.1 16 msec 32 msec 36 msec

  2 4.1.1.1 56 msec 60 msec 60 msec

{router-1 switch to backup link even if the ISP side link is down}

R1#show ip sla statistics

IPSLAs Latest Operation Statistics

IPSLA operation id: 1

Type of operation: icmp-echo

        Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: *15:25:08.511 UTC Tue May 16 2023

Latest operation return code: Timeout

Number of successes: 42

Number of failures: 74

Operation time to live: Forever

thank you so much