IOS Maintenance and Monitoring Tools – Part 2

Cisco IOS IP Service Level Agreement

Cisco IOS IP SLA, which is described in detail in both the ROUTE and SWITCH certification guides, allows you to monitor, analyze and verify IP service levels for IP applications and services, to increase productivity, to lower operational costs, and to reduce occurrences of network congestion or outages. IP Service Level Agreement uses active traffic monitoring to measure network performance, allowing IP SLAs to not only be used for maintenance and monitoring functions, but for troubleshooting as well as to baseline network performance.

IP SLA can measure and monitor network performance metrics like jitter, latency (delay), and packet loss. IP SLA has evolved with advanced measurement features like application performance, MPLS awareness, and enhanced voice measurements. IP SLA uses active traffic monitoring, which is the generation of traffic in a continuous, reliable, and predictable manner, for measuring network performance edge-to-edge over a network. Given this, IP SLA operations are based on active probes because synthetic network traffic is generated strictly for the purpose of measuring a network performance characteristic of the defined operation.

NOTE: A passive probe is one that captures actual network traffic flows for analysis. Examples would be a packet capture, e.g. Ethereal or Wireshark, and NetFlow.

IP Service Level Agreement is comprised of two components, which are the source (agent) and the target.  The source or agent is where IP SLA operations are defined. In other words, this is where the bulk of the configuration is implemented. Based on the configuration parameters, the source generates packets specific to the defined IP SLA operations and analyzes the results and records it so that it can be accessed through the CLI or using Simple Network Management Protocol (SNMP). SNMP is described in detail in the SWITCH guide. It will also be described briefly later in this chapter and throughout this guide.

A source router can be any Cisco router or switch that can support the IP SLA operation being configured. A particular source or agent can have multiple IP SLA tests running to many remote responders. In addition to this, a particular router or switch can be both an agent and a responder for different IP SLA configurations.

The IP SLA target depends upon the type of IP SLA operation defined and may be a computer or an internetwork device, such as a router or switch. For example, for IP SLA FTP or HTTP operations, the target would be an FTP or HTTP server. For Routing Table Protocol (RTP) and UDP jitter (VoIP), the target must be a Cisco device.

If the target is a Cisco device, the ip sla responder global configuration command must be configured on this device because both the source and target participate in the performance measurement. The IP SLA responder has an added benefit of accuracy because it inserts in and out time-stamps in the packet payload and therefore measures the CPU time spent.

The IP SLA responder (target) is a Cisco IOS software component that is configured to respond to IP SLA request packets. The IP SLA source establishes a connection with the target using control packets before the configured IP SLA Operation begins.

Following the acknowledgement of the control packets, the source then sends the responder test packets. The responder inserts a time-stamp when it receives a packet and factors out the destination processing time and adds time-stamps to the sent packets. This allows for the calculation of unidirectional packet loss, latency, and jitter measurements with the kind of accuracy that is not possible using simple ping tests or other dedicated (passive) probe testing.

Cisco IOS IP SLA operations can be broadly categorized into the following five functional areas:

1. Availability monitoring
2. Network monitoring
3. Application monitoring
4. Voice monitoring
5. Video monitoring

Availability monitoring can be used to monitor network level availability and is primarily performed using ICMP and UDP packets. IP SLA availability monitoring operations are described in detail in the following section.

Network monitoring is used to monitor Layer 2 operations, such as Asynchronous Transfer Mode, Frame Relay, and Multiprotocol Label Switching.

Application monitoring is used to monitor common network applications which include HTTP, FTP, DHCP and DNS.  Voice monitoring is used to determine voice quality scores, Post Dial Delay (PDD), Real Time Protocol (RTP) and gatekeeper registration delay. Video monitoring is used to monitor video traffic. There is no specific IP SLA test for video monitoring; however, the UDP jitter operation can be used to simulate some video traffic.

IP SLA operations are configured in global configuration mode. The configuration of the IP SLA feature depends on the software version running on the router. In Cisco IOS software versions 12.3(14)T, 12.4, 12.4(2)T, and 12.2(33)SXH, IP SLA is configured using the ip sla monitor [operation number] global configuration command. In Cisco IOS 12.4(4)T and later, IP SLA is configured using the ip sla [operation number] global configuration command.

The [operation number] used in all three variations of IP SLA configuration is an integer between 1 and 2147483647. This allows for the configuration of multiple IP SLA operations on the same device. Following IP SLA configuration in global configuration mode, the router transitions to IP SLA monitor configuration mode.

In Cisco IOS software versions 12.3(14)T, 12.4, 12.4(2)T, and 12.2(33)SXH, the IP SLA operation is configured using the type IP SLA monitor configuration command.  The typecommand is used to specify the packet type to send. This may be TCP connect packets, or even UDP echo or ICMP echo packets depending on the operation being configured.

Commonly used additional parameters that are specified when configuring Cisco IOS IP SLA operations are timeout and frequency. The timeout is used to specify the amount of time for which the Cisco IOS IP SLAs operation waits for a response from its request packet. For example, when configuring an IP SLA operation that sends ICMP echo packets (pings) to a remote destination, you can use the timeout keyword to specify the amount of time the operation will wait before a response is received before the operation is considered to be unsuccessful, i.e. fails. The timeout value is specified in milliseconds. The default timeout value varies depending on the type of IP SLAs operation you are configuring.

The frequency is specified in seconds and is used to specify the rate at which a specified Cisco IOS IP SLAs operation is sent into the network. For example, if you specify a frequency of 10 when using the ICMP echo operation, ping packets will be sent every 10 seconds. When configuring the frequency, it is important to understand and remember that the lower the value specified, the greater the overhead on the router or switch sending out the packets.
After configuring the IP SLA operation and specifying additional parameters, the operation can then be enabled using the ip sla monitor schedule [operation-number] global configuration command. While this command can be used with several parameters, parameters typically used when configuring IP SLA for use with the reliable static routing backup using object tracking include the life keyword and the start-time keyword.

The life keyword is used to specify the length of the time to execute the operation. The life can be specified in seconds (up to 2147483647) or infinitely using the forever keyword. The start-time keyword is used to specify when the operation should begin. The most common implementation is to use the now keyword to begin the operation immediately. However, the operation can be configured to start at a specified time, after a specified amount of time, or on a specific date at a specific time, for example.

NOTE: After configuring and starting the Cisco IOS IP SLA operation(s), the results are stored on the source device in the Cisco RTTMON MIB. This same MIB can also be used to configure IP SLA operations using SNMP set commands.  No explicit IP SLA operations configuration is required to begin storing data in the Cisco RTTMOM MIB. Once the IP SLA Monitor has been successfully created and scheduled, you can create IP SLA Performance Reports using tools such as Denika SNMP Performance Trender. Keep in mind that SNMP must be configured on the device though. Basic SNMP configuration is described and illustrated later in this chapter.

The following configuration example illustrates how to configure IP SLA operations measure the response time it takes to perform a TCP Connection operation between the router and remote Web server with the IP address 10.0.0.2. The IP SLA operation timeout value will be set to 5 seconds, and the probe will be run every 10 seconds:

In Cisco IOS versions Cisco IOS 12.4(4)T and later, the same configuration would be implemented on the router as follows:

And as a final example, the following configuration illustrates how to configure a basic IP SLA jitter operation to destination IP address 10.0.0.2 with a destination port of 32768. And finally, the IOS IP SLA operation is scheduled to run every 30 seconds:

Following the IP SLA operation configuration, the show ip sla monitor statistics [operation number] command can be used to view the operations statistics as follows:

If the target or destination device is a Cisco IOS router or switch that has been configured with the ip sla monitor responder global configuration command, you can use the show ip sla monitor responder command on that device to view local IP SLA operations statistics:

And finally, if SNMP is also configured on the local device, the the data can then be collected using SNMP and be used for the creation of reports on network performance. SNMP configuration is described later in this chapter. The primary emphasis in this section is to understand the logic behind, as well as the capabilities of Cisco IOS IP SLA operations and how they are an integral part of the maintenance and monitoring toolkit.