Lab - Implement IP SLA

Topology

Addressing Table
Device Interface IPv4 Address/Mask IPv6 Address/Prefix IPv6 Link Local
R1 G0/0/0 172.16.12.1/24 2001:db8:acad:12::1/64 fe80::1:1
R1 G0/0/1 172.16.1.1/24 2001:db8:acad:1721::1/64 fe80::1:2
R2 G0/0/0 172.16.12.2/24 2001:db8:acad:12::2/64 fe80::2:1
R2 G0/0/1 172.16.24.2/24 2001:db8:acad:23::2/64 fe80::2:2
R2 Loopback 0 192.168.1.1/24 2001:db8:acad:1000::1/64 fe80::2:3
R3 G0/0/0 172.16.23.3/24 2001:db8:acad:23::3/64 fe80::3:1
R3 G0/0/1 172.16.3.1/24 2001:db8:acad:1723::1/64 fe80::3:2
D1 G1/0/11 172.16.1.2/24 2001:db8:acad:1721::2/64 fe80::d1:1
D1 VLAN 2 10.0.2.1/24 2001:db8:acad:2::1/64 fe80::d1:2
D1 VLAN 3 10.0.3.1/24 2001:db8:acad:3::1/64 fe80::d1:3
D2 G1/0/11 172.16.3.2/24 2001:db8:acad:23::3/64 fe80::d2:1
D2 VLAN 2 10.0.2.2/24 2001:db8:acad:2::2/64 fe80::d2:2
D2 VLAN 3 10.0.3.2/24 2001:db8:acad:3::2/64 fe80::d2:3
A1 VLAN 2 10.0.2.3/24 2001:db8:acad:2::3/64 fe80::a1:1
PC 1 NIC DHCP SLAAC EUI-64
PC 2 NIC DHCP SLAAC EUI-64

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 7 www.netacad.com
Lab - Implement IP SLA

Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Observe IP SLA Operations
Part 3: Configure and Observe HSRP IP SLA Tracking

Background / Scenario
Cisco IP service level agreements (SLAs) allow users to monitor network performance between Cisco devices (switches or
routers), or from a Cisco device to a remote IP device. Cisco IP SLAs can be applied to VoIP and video applications as well as
monitoring end-to-end IP network performance.
Note: This lab is an exercise in deploying and verifying IP SLAs and does not necessarily reflect networking best practices. The
IP SLA itself is an additional task that must be performed by the switch CPU. A large number of intensive SLAs could create a
significant burden on the CPU, possibly interfering with other switch functions and having detrimental impact on the overall
device performance. Therefore, you should carefully evaluate the benefits of running IP SLAs. The CPU load should be
monitored after the SLAs are deployed to verify that they do not stress the device’s CPU above safe limits.
Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the
default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual-ipv4-and-ipv6 default global
configuration command. Changing the template will require a reboot.

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
Step 1: Cable the network as shown in the topology.
Step 2: Configure basic settings for each switch.

Router R1 Router R2 Router R3

hostname R1 hostname R2 hostname R3
ipv6 unicast-routing ipv6 unicast-routing ipv6 unicast-routing
line con 0 line con 0 line con 0
logging synchronous logging synchronous logging synchronous
line vty 0 4 line vty 0 4 line vty 0 4
privilege level 15 privilege level 15 privilege level 15
password cisco123 password cisco123 password cisco123
logging synchronous exec-timeout 0 0 logging synchronous
login logging synchronous login
interface g0/0/0 login interface g0/0/0
ip address 172.16.12.1 255.255.255.0 interface g0/0/1 ip address 172.16.23.3 255.255.255.0
ipv6 address fe80::1:1 link-local ip address 172.16.23.2 255.255.255.0 ipv6 address fe80::3:1 link-local
ipv6 address 2001:db8:acad:12::1/64 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:acad:23::3/64
no shutdown ipv6 address 2001:db8:acad:23::2/64 no shutdown
interface g0/0/1 no shutdown interface g0/0/1
ip address 172.16.1.1 255.255.255.0 interface g0/0/0 ip address 172.16.3.1 255.255.255.0
ipv6 address fe80::1:2 link-local ip address 172.16.12.2 255.255.255.0 ipv6 address fe80::3:2 link-local
ipv6 address 2001:db8:acad:1721::1/64 ipv6 address fe80::2:2 link-local ipv6 address
no shutdown ipv6 address 2001:db8:acad:12::2/64 2001:db8:acad:1723::1/64
router ospf 4 no shutdown no shutdown
router-id 1.1.1.4 interface loopback 0 router ospf 4
network 172.16.0.0 0.0.255.255 area 0 ip address 192.168.1.1 255.255.255.0 router-id 3.3.3.4
ipv6 router ospf 6 ipv6 address fe80::2:3 link-local network 172.16.0.0 0.0.255.255 area
router-id 1.1.1.6 ipv6 address 2001:db8:acad:1000::1/64 0
interface g0/0/0 ip ospf network point-to-point ipv6 router ospf 6
ipv6 ospf 6 area 0 ipv6 ospf network point-to-point router-id 3.3.3.6
interface g0/0/1 no shutdown exit
ipv6 ospf 6 area 0 router ospf 4 interface g0/0/0
exit router-id 2.2.2.4 ipv6 ospf 6 area 0
network 172.16.0.0 0.0.255.255 area 0 interface g0/0/1
network 192.168.1.0 0.0.0.255 area 0 ipv6 ospf 6 area 0
ipv6 router ospf 6 end
router-id 2.2.2.6
exit
interface g0/0/0
ipv6 ospf 6 area 0
interface g0/0/1
ipv6 ospf 6 area 0
interface Loopback 0
ipv6 ospf 6 area 0
exit

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 7 www.netacad.com
Lab - Implement IP SLA

Switch D1 Switch D2 Switch A1

hostname D1 hostname D2 hostname A1
ip routing ip routing line con 0
ipv6 unicast-routing ipv6 unicast-routing logging synchronous
line con 0 line con 0 line vty 0 4
logging synchronous logging synchronous privilege level 15
line vty 0 4 line vty 0 4 password cisco123
privilege level 15 privilege level 15 logging synchronous
password cisco123 password cisco123 login
logging synchronous logging synchronous interface range f0/1-24, g0/1-2
login login shutdown
interface range g1/0/1-24, g1/1/1-4, interface range g1/0/1-24, g1/1/1- interface range f0/1-4
g0/0 4, g0/0 switchport mode trunk
shutdown shutdown no shutdown
interface range g1/0/1-6 interface range g1/0/1-6 interface range f0/1-2
switchport mode trunk switchport mode trunk channel-group 1 mode active
no shutdown no shutdown interface range f0/3-4
interface range g1/0/1-4 interface range g1/0/1-4 channel-group 2 mode active
channel-group 12 mode active channel-group 12 mode active vlan 2
interface range g1/0/5-6 exit name SECOND_VLAN
channel-group 1 mode active interface range g1/0/5-6 vlan 3
interface g1/0/11 channel-group 2 mode active name THIRD_VLAN
no switchport interface g1/0/11 interface f0/23
ip address 172.16.1.2 255.255.255.0 no switchport switchport mode access
ipv6 address fe80::d1:1 link-local ip address 172.16.3.2 switchport access vlan 2
ipv6 address 2001:db8:acad:1721::2/64 255.255.255.0 spanning-tree portfast
no shutdown ipv6 address fe80::d2:1 link- no shutdown
vlan 2 local interface f0/24
name SECOND_VLAN ipv6 address switchport mode access
vlan 3 2001:db8:acad:1723::2/64 switchport access vlan 3
name THIRD_VLAN no shutdown spanning-tree portfast
spanning-tree vlan 2 root primary vlan 2 no shutdown
spanning-tree vlan 3 root secondary name SECOND_VLAN interface vlan 2
interface vlan 2 vlan 3 ip address 10.0.2.3 255.255.255.0
ip address 10.0.2.1 255.255.255.0 name THIRD_VLAN ipv6 address fe80::a1:1 link-local
ipv6 address fe80::d1:2 link-local spanning-tree vlan 2 root ipv6 address 2001:db8:acad:2::3/64
ipv6 address 2001:db8:acad:2::1/64 secondary no shutdown
no shutdown spanning-tree vlan 3 root primary ip default-gateway 10.0.2.254
interface vlan 3 interface vlan 2 end
ip address 10.0.3.1 255.255.255.0 ip address 10.0.2.2 255.255.255.0
ipv6 address fe80::d1:3 link-local ipv6 address fe80::d2:2 link-
ipv6 address 2001:db8:acad:3::1/64 local
no shutdown ipv6 address
interface vlan 2 2001:db8:acad:2::2/64
standby version 2 no shutdown
standby 2 ip 10.0.2.254 interface vlan 3
standby 2 priority 150 ip address 10.0.3.2 255.255.255.0
standby 2 preempt ipv6 address fe80::d2:3 link-
standby 26 ipv6 autoconfig local
standby 26 priority 150 ipv6 address
standby 26 preempt 2001:db8:acad:3::2/64
interface vlan 3 no shutdown
standby version 2 interface vlan 2
standby 3 ip 10.0.3.254 standby version 2
standby 3 preempt standby 2 ip 10.0.2.254
standby 36 ipv6 autoconfig standby 2 preempt
standby 36 preempt standby 26 ipv6 autoconfig
router ospf 4 standby 26 preempt
router-id 0.13.1.4 interface vlan 3
network 172.16.1.0 0.0.0.255 area 0 standby version 2
network 10.0.0.0 0.0.255.255 area 0 standby 3 ip 10.0.3.254
passive-interface vlan 2 standby 3 priority 150
passive-interface vlan 3 standby 3 preempt
ipv6 router ospf 6 standby 36 ipv6 autoconfig
router-id 0.13.1.6 standby 36 priority 150
passive-interface vlan 2 standby 36 preempt
passive-interface vlan 3 router ospf 4
interface g1/0/11 router-id 0.13.2.4
ipv6 ospf 6 area 0 network 172.16.3.0 0.0.0.255 area
interface vlan 2 0
ipv6 ospf 6 area 0 network 10.0.0.0 0.0.255.255 area
interface vlan 3 0
ipv6 ospf 6 area 0 passive-interface vlan 2
ip dhcp excluded-address 10.0.2.1 passive-interface vlan 3
10.0.2.5 ipv6 router ospf 6
ip dhcp excluded-address 10.0.2.128 router-id 0.13.2.6
10.0.2.254 passive-interface vlan 2
ip dhcp pool SECOND_VLAN_DHCP_POOL passive-interface vlan 3
network 10.0.2.0 255.255.255.0 interface g1/0/11
default-router 10.0.2.254 ipv6 ospf 6 area 0

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 7 www.netacad.com
Lab - Implement IP SLA

ip dhcp excluded-address 10.0.3.1 interface vlan 2

10.0.3.128 ipv6 ospf 6 area 0
ip dhcp excluded-address 10.0.3.254 interface vlan 3
ip dhcp pool THIRD_VLAN_DHCP_POOL ipv6 ospf 6 area 0
network 10.0.3.0 255.255.255.0 ip dhcp excluded-address 10.0.2.1
default-router 10.0.3.254 10.0.2.128
end ip dhcp excluded-address
10.0.2.254
ip dhcp pool SECOND_VLAN_DHCP_POOL
network 10.0.2.0 255.255.255.0
default-router 10.0.2.254
ip dhcp excluded-address 10.0.3.1
10.0.3.5
ip dhcp excluded-address
10.0.3.128 10.0.3.254
ip dhcp pool THIRD_VLAN_DHCP_POOL
network 10.0.3.0 255.255.255.0
default-router 10.0.3.254
exit

a. Set the clock on each switch to UTC time.

b. Save the running configuration to startup-config.
Step 3: Configure the PCs for network connectivity.
Configure PC1 and PC2 for DHCP and SLAAC.

Part 2: Configure and Observe IP SLA Operations

In Part 2 you will configure and observe IP SLA operations. The SLA itself is simply a testing mechanism. Our example will test
for simple reachability with an ICMP echo, but SLAs can do a lot more with many other protocols.
For now, all you will do is configure and schedule the IP SLAs and then query their status. This way you see the SLA operation
separate from any application it might be used for.
Step 1: Create IP SLAs on switch D1.
a. Create IP SLA 4 using the command ip sla 4. The number 4 is locally significant and could be any number between 1
and 2147483647.
D1(config)# ip sla 4
b. Configure IP SLA 4 to send an icmp-echo to the IPv4 address 192.168.1.1 and set the frequency for the ping to be
every 15 seconds.
D1(config-ip-sla)# icmp-echo 192.168.1.1
D1(config-ip-sla-echo)# frequency 15
D1(config-ip-sla-echo)# exit
c. Create IP SLA 6.
D1(config)# ip sla 6
d. Configure IP SLA 6 to send an icmp-echo to the IPv4 address 2001:db8:acad:1000::1 and set the frequency for the
ping to be every 15 seconds.
D1(config-ip-sla)# icmp-echo 2001:db8:acad:1000::1
D1(config-ip-sla-echo)# frequency 15
D1(config-ip-sla-echo)# exit
e. Use the ip sla schedule command to configure both SLA 4 and SLA 6 with a life of forever and to start immediately.
D1(config)# ip sla schedule 4 life forever start-time now
D1(config)# ip sla schedule 6 life forever start-time now
Step 2: Observe IP SLA operation.
a. Issue the command show ip sla summary to see a summarized status of the SLAs now that you have scheduled
them.
D1# show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 7 www.netacad.com
Lab - Implement IP SLA

All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats Return Last
Code Run
-----------------------------------------------------------------------
*4 icmp-echo 192.168.1.1 RTT=2 OK 12 seconds ago

*6 icmp-echo 2001:DB8:ACAD:100 RTT=1 OK 12 seconds ago

0::1

b. To test and see what response the SLAs give in a failure, issue the shutdown command on R1 interface G0/0/0, then
issue the show ip sla summary command again.
D1# show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
All Stats are in milliseconds. Stats with u are in microseconds

ID Type Destination Stats

Return Last
Code Run
-----------------------------------------------------------------------
*4 icmp-echo 192.168.1.1 - Timeout 8 seconds ago

*6 icmp-echo 2001:DB8:ACAD:100 - Timeout 8 seconds ago

0::1

c. Issue the command show ip sla configuration 4 to see details on IP SLA 4.

D1# show ip sla configuration 4
IP SLAs Infrastructure Engine-III
Entry number: 4
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source address: 192.168.1.1/0.0.0.0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Data pattern: 0xABCDABCD
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 15 (not considered if randomly scheduled)
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
Enhanced History:
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None

d. Issue the command show ip sla statistics 4 to examine statistical information on this IP SLA.
D1# show ip sla statistics 4
IPSLAs Latest Operation Statistics

IPSLA operation id: 4

Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 19:04:46 UTC Fri Feb 7 2020
Latest operation return code: Timeout
Number of successes: 14
Number of failures: 7
Operation time to live: Forever

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 7 www.netacad.com
Lab - Implement IP SLA

e. Issue the no shutdown command on R1 interface G0/0/0.

f. Configure the same IP SLAs on Switch D2. Verify them in the same manner, issuing the shutdown command on R3
interface G0/0/0. When you have verified that SLA is tracking reachability to R2 interface Loopback 0, issue the no
shutdown command on R3 interface G0/0/0.

Part 3: Configure and Observe HSRP IP SLA Tracking

In this part, we will put the IP SLAs that you created into use, and you can see how they work. In this case, our network is
operational and HSRP is providing first-hop redundancy. HSRP will react to a directly connected interface that is failing or coming
online, as you saw in the tracking section of the HSRP lab. But what if there is an indirect link failure that makes the active HSRP
router less desirable? The IP SLA will allow us to handle this scenario. For this example, we will treat R2 interface Loopback 0
as a critical entity on the internet, like a DNS server. The organizational policy is that if that DNS server is not reachable from
the gateway, the gateway should not be used.
Step 1: Verify HSRPv2 is operational.
a. Verify that HSRP is active and operating on Switch D1 with the show standby brief command.
D1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl2 2 150 P Active local 10.0.2.2 10.0.2.254
Vl2 26 150 P Active local FE80::D2:2 FE80::5:73FF:FEA0:1A
Vl3 3 100 P Standby 10.0.3.2 local 10.0.3.254
Vl3 36 100 P Standby FE80::D2:3 local FE80::5:73FF:FEA0:24

As you can see from the output, switch D1 is the active virtual router for VLAN 2 and the standby for VLAN 3 for both
IPv4 and IPv6.
b. From PC1, start a continuous ping to 192.168.1.1.
c. On D1, issue the shutdown command on interface VLAN 2. You should see that HSRP fails over to D2 as the Active
Virtual Router for VLAN 2, and the pings continue to succeed. When verified, issue the no shutdown command on
switch D1 interface VLAN 2.
d. From PC2, start a continuous ping to 192.168.1.1.
e. On D2, issue the shutdown command on interface VLAN 3. You should see that HSRP fails over to D1 as the Active
Virtual Router for VLAN 3, and the pings continue to succeed. When verified, issue the no shutdown command on
switch D2 interface VLAN 3.
f. Now issue the shutdown command on R1 interface G0/0/0 and R3 interface G0/0/0. Note that there is no impact on
either D1 or D2 regarding HSRP, and the pings start failing. Stop the continuous pings on PC1 and PC2 and issue the
no shutdown command on R1 interface G0/0/0 and R3 interface G0/0/0.
Step 2: Reconfigure HSRP to use the IP SLA.
a. Create a track object using the command track [number] ip sla [sla number].
D1(config)# track 4 ip sla 4
b. Set the delay timers. These are used to help manage changes on flapping links. In this case, R2 interface Loopback 0
is known to D1 and D2 via OSPF, so the delay needs to take OSPF timers into account. The command is setting the
SLA up so that it will wait a period of time after the first failed SLA to make sure it is actually down, and it will wait a
period of time after it appears to be returned to operation to be sure it is actually operating.
D1(config-track)# delay down 45 up 20
c. Configure track 6 to pay attention to IP SLA 6 with the same delay values.
D1(config)# track 6 ip sla 6
D1(config-track)# delay down 45 up 20
d. Now that the IP SLAs are being tracked, we must associate the status of the track with the HSRP group. This is done
on the VLAN interface using the standby [group] track [track number] command. As a part of that command, add a
decrement value, which will drop the interface’s HSRP priority should the IP SLA fail.
D1(config)# interface vlan 2
D1(config-if)# standby 2 track 4 decrement 60
D1(config-if)# standby 26 track 4 decrement 60

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 7 www.netacad.com
Lab - Implement IP SLA

D1(config)# interface vlan 3

D1(config-if)# standby 3 track 4 decrement 60
D1(config-if)# standby 36 track 4 decrement 60
Close configuration window

e. Repeat the same commands on D2 so that HSRP is tracking IP SLAs there as well.
Open configuration window

D2(config)# track 4 ip sla 4

D2(config-track)# delay down 45 up 20
D2(config)# track 6 ip sla 6
D2(config-track)# delay down 45 up 20
D2(config)# interface vlan 2
D2(config-if)# standby 2 track 4 decrement 60
D2(config-if)# standby 26 track 4 decrement 60
D2(config)# interface vlan 3
D2(config-if)# standby 3 track 4 decrement 60
D2(config-if)# standby 36 track 4 decrement 60
Close configuration window

Step 3: Observe and validate HSRPv2 operation with IP SLAs.

a. On PC1, start a continuous ping to 192.168.1.1.
b. On R1, shutdown interface G0/0/0.
c. After about 45 seconds, you should see that HSRP fails over for VLAN 2 from switch D1 to switch D2, and pings from
PC1 work again.
d. Issue the no shutdown command on R1 interface G0/0/0.
e. Switch D1 takes over again as the Active Virtual Router for VLAN 2, and the host is still able to ping 192.168.1.1.
f. Stop the continuous ping running on PC1.

© 2020 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 7 www.netacad.com