wasn't a big fan of sla in switch... seemed like a waste of time there... see how it goes with this scenario...
the lab...
r1
int lo0
des r1 lan
ip add 192.168.1.1 255.255.255.0
int s1/1
des r1-->i1
ip add 209.165.201.2 255.255.255.252
clock rat 128000
band 128
no shut
int s1/3
des r1-->i2
ip add 209.165.202.130 255.255.255.252
band 128
no shut
r2
int lo0
des inet web
ip add 209.165.200.254 255.255.255.255
int lo1
des i1 dns
ip add 209.165.201.30 255.255.255.255
int s1/1
des i1-->r1
ip add 209.165.201.1 255.255.255.252
band 128
no shut
int s1/2
des i1-->i2
ip add 209.165.200.225 255.255.255.252
clock rat 128000
band 128
no shut
r3
int lo0
des inet web
ip add 209.165.200.254 255.255.255.255
int lo1
des i2 dns
ip add 209.165.202.158 255.255.255.255
int s1/3
des i2-->r1
ip add 209.165.202.129 255.255.255.252
clock rat 128000
band 128
no shut
int s1/2
des i2-->i1
ip add 209.165.200.226 255.255.255.252
band 128
no shut
the tale of the tape...
i am especially enamored of the imaginary web server... it is, my imaginery lover...
branch#sh int des | incl up
Se1/1 up up r1-->i1
Se1/3 up up r1-->i2
Lo0 up up r1 lan
this one requires suspension of disbelief, like going to the movies, get over it...
r1
ip route 0.0.0.0 0.0.0.0 209.165.201.1
r2
router eigrp 1
netw 209.165.200.224 0.0.0.3
netw 209.165.201.0 0.0.0.31
no auto-summ
exit
ip route 192.168.1.0 255.255.255.0 209.165.201.2
r3
router eigrp 1
netw 209.165.200.224 0.0.0.3
netw 209.165.202.128 0.0.0.31
no auto-summ
exit
ip route 192.168.1.0 255.255.255.0 209.165.202.130
i2(config)#ip route 192.168.1.0 255.255.255.0 209.165.202.130
i2(config)#
i2(config)#
*Aug 19 15:32:11: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 209.165.200.225 (Serial1/2) is up: new adjacency
i2(config)# end
foreach address {
209.165.200.254
209.165.201.30
209.165.202.158
} {
ping $address source 192.168.1.1
}
from r1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.201.30, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.202.158, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
branch(tcl)#
do the above with trace... the idea is path determination here, but you were all over that...
foreach address {
209.165.200.254
209.165.201.30
209.165.202.158
} {
trace $address source 192.168.1.1
}
Type escape sequence to abort.
Tracing the route to 209.165.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.201.1 8 msec 24 msec *
Type escape sequence to abort.
Tracing the route to 209.165.201.30
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.201.1 20 msec 12 msec *
Type escape sequence to abort.
Tracing the route to 209.165.202.158
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.201.1 16 msec 20 msec 4 msec
2 209.165.200.226 8 msec 36 msec *
so we'll monitor icmp traffic with ip sla, because, it's what we got... build a probe to monitor imaginery dns on i1...
ip sla 11
icmp-echo 209.165.201.30
freq 10
exit
ip sla sched 11 life forever start-time now
we create the sla, tell it to echo every ten seconds and make it last forever...
branch#sh ip sla config 11
IP SLAs Infrastructure Engine-III
Entry number: 11
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source address: 209.165.201.30/0.0.0.0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 10 (not considered if randomly scheduled)
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
and there you have it... look at it's stats...
branch#sh ip sla stati
IPSLAs Latest Operation Statistics
IPSLA operation id: 11
Latest RTT: 7 milliseconds
Latest operation start time: 16:22:11 UTC Sun Aug 19 2012
Latest operation return code: OK
Number of successes: 11
Number of failures: 0
Operation time to live: Forever
it is highly successful, like this lab...
do the same for imaginery dns on i2...
ip sla 22
icmp-echo 209.165.202.158
freq 10
exit
ip sla sched 22 life forever start-time now
branch#sh ip sla stati 22
IPSLAs Latest Operation Statistics
IPSLA operation id: 22
Latest RTT: 8 milliseconds
Latest operation start time: 16:25:26 UTC Sun Aug 19 2012
Latest operation return code: OK
Number of successes: 3
Number of failures: 0
Operation time to live: Forever
it also is highly successful, like this lab...
if you did this to measure the jitter of a phone you might have something useful going on...
branch#sh ip route | excl L | incl Loop
Gateway of last resort is 209.165.201.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 209.165.201.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Loopback0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/30 is directly connected, Serial1/1
209.165.202.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.202.128/30 is directly connected, Serial1/3
make r1's default route a floater with AD 5...
ip route 0.0.0.0 0.0.0.0 209.165.201.1 5
branch#sh run | incl route
ip route 0.0.0.0 0.0.0.0 209.165.201.1 5
branch#
branch#sh ip route | incl 0.0.0.0
Gateway of last resort is 209.165.201.1 to network 0.0.0.0
S* 0.0.0.0/0 [5/0] via 209.165.201.1
note AD change
track ip sla 11's reachability
track 1 ip sla 11 reachability
delay down 10 up 1
branch#debug ip routing
IP routing debugging is on
now change the default route's AD to a better number and track sla 11
branch(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1 2 track 1
we're changing the AD to 2 and track 1's (sla 11) reachabiltiy...
branch#
*Aug 19 16:56:16: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.201.1
*Aug 19 16:56:16: RT: closer admin distance for 0.0.0.0, flushing 1 routes
*Aug 19 16:56:16: RT: add 0.0.0.0/0 via 209.165.201.1, static metric [2/0]
*Aug 19 16:56:16: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.201.1
*Aug 19 16:56:16: RT: rib update return code: 17
*Aug 19 16:56:16: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.201.1
*Aug 19 16:56:16: RT: rib update return code: 17
so it flushed the route with the old AD and added the new one with AD of 2... because we're tracking it's activities... it has very nice activities...
ok... now, when tracked objects go bad...
set up a track for the alternate route r1 would take if the current default route failed... do this by creating a new tracked object with an AD not better than the current of 2... confused yet?
first...
we know 201.1 is the way to go, with...
branch#sh ip route | incl 0.0.0.0
Gateway of last resort is 209.165.201.1 to network 0.0.0.0
S* 0.0.0.0/0 [2/0] via 209.165.201.1
se we get slick and make a backup? default route to track with worse priority...
track 2 ip sla 22 reachabi
delay down 10 up 1
exit
ip route 0.0.0.0 0.0.0.0 209.165.202.129 3 track 2
get it? the AD is 3, not as good as the other route at 2, but better than the original at 5, so AD 2 is still our guy...
branch#sh ip route | excl L | incl Loop
Gateway of last resort is 209.165.201.1 to network 0.0.0.0
S* 0.0.0.0/0 [2/0] via 209.165.201.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Loopback0
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.201.0/30 is directly connected, Serial1/1
209.165.202.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.202.128/30 is directly connected, Serial1/3
branch#sh run | incl 0.0.0.0
ip route 0.0.0.0 0.0.0.0 209.165.201.1 2 track 1
ip route 0.0.0.0 0.0.0.0 209.165.202.129 3 track 2
ip route 0.0.0.0 0.0.0.0 209.165.201.1 5
shut i1's lo1 (current path) and...
branch#debug ip routing
IP routing debugging is on
branch#
*Aug 19 17:26:31: %TRACKING-5-STATE: 1 ip sla 11 reachability Up->Down
*Aug 19 17:26:31: RT: del 0.0.0.0 via 209.165.201.1, static metric [2/0]
*Aug 19 17:26:31: RT: delete network route to 0.0.0.0/0
*Aug 19 17:26:31: RT: default path has been cleared
*Aug 19 17:26:31: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.202.129
*Aug 19 17:26:31: RT: add 0.0.0.0/0 via 209.165.202.129, static metric [3/0]
*Aug 19 17:26:31: RT: default path is now 0.0.0.0 via 209.165.202.129
*Aug 19 17:26:31: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.201.1
*Aug 19 17:26:31: RT: rib update return code: 17
*Aug 19 17:26:31: RT: updating static 0.0.0.0/0 (0x0):
via 209.165.202.129
the upshot...
branch#sh ip route | incl 0.0.0.0
Gateway of last resort is 209.165.202.129 to network 0.0.0.0
S* 0.0.0.0/0 [3/0] via 209.165.202.129
a little artificial, but still worth the effort...
branch#sh ip sla stati
IPSLAs Latest Operation Statistics
IPSLA operation id: 11
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 17:30:31 UTC Sun Aug 19 2012
Latest operation return code: Timeout
Number of successes: 35
Number of failures: 26
Operation time to live: Forever
IPSLA operation id: 22
Latest RTT: 20 milliseconds
Latest operation start time: 17:30:26 UTC Sun Aug 19 2012
Latest operation return code: OK
Number of successes: 33
Number of failures: 0
Operation time to live: Forever
another step further in path verification...
branch#trace 209.165.200.254 source 192.168.1.1
Type escape sequence to abort.
Tracing the route to 209.165.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.202.129 8 msec 4 msec *
ok, finish up... bring lo1 on i1 back up..
branch#sh ip sla stati
IPSLAs Latest Operation Statistics
IPSLA operation id: 11
Latest RTT: 28 milliseconds
Latest operation start time: 17:37:41 UTC Sun Aug 19 2012
Latest operation return code: OK
Number of successes: 45
Number of failures: 59
Operation time to live: Forever
IPSLA operation id: 22
Latest RTT: 32 milliseconds
Latest operation start time: 17:37:46 UTC Sun Aug 19 2012
Latest operation return code: OK
Number of successes: 77
Number of failures: 0
Operation time to live: Forever
and... back to squares...
branch#sh ip route | incl 0.0.0.0
Gateway of last resort is 209.165.201.1 to network 0.0.0.0
S* 0.0.0.0/0 [2/0] via 209.165.201.1
wow... a lot of work, but i'm actually impressed when i thought i'd be disappointed... as i said before, i wasn't impressed with sla in switch, but this has been another ballgame...
the practicality of this, however, is questionable because of the effort and resources that it requires...
No comments:
Post a Comment