6.4.a Implement and troubleshoot IP SLA

ip sla monitor using nbar and wireshark…

first the simple network (the asa is for another project, this is about ip sla, 6.4a for the ccie written)…

ip_sla_w_asa

prove connectivity…

R1#ping 100.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/56 ms

ciscoasa(config)# sh xlate
1 in use, 2 most used
Flags: D – DNS, i – dynamic, r – portmap, s – static, I – identity, T – twice
ICMP PAT from inside:10.1.1.1/2 to outside:100.1.1.2/51441 flags ri idle 0:00:03 timeout 0:00:30

ciscoasa(config-cmap)# sh run policy-map | i icmp
inspect icmp

put nbar on the router interfaces:

R1(config)#int f0/0
R1(config-if)#ip nbar protocol-discovery

R2#sh ip nbar protocol-discovery protocol http

FastEthernet0/0
Input                    Output
—–                    ——
Protocol                 Packet Count             Packet Count
Byte Count               Byte Count
5min Bit Rate (bps)      5min Bit Rate (bps)
5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
———————— ———————— ————————
http                     0                        0

use ip sla monitor to send http traffic:

R1(config)#do sh run | b ip sla
ip sla monitor 5
type http operation get url http://100.1.1.1
ip sla monitor schedule 5 life forever start-time now

prove it’s being generated:

R1(config)#do sh ip nbar proto proto http

FastEthernet0/0
Input                    Output
—–                    ——
Protocol                 Packet Count             Packet Count
Byte Count               Byte Count
5min Bit Rate (bps)      5min Bit Rate (bps)
5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
———————— ———————— ————————
http                     14                       10
4492                     624
0                        0
2000                     0

capture it with wireshark:

http_asa

very nice…

add other kinds of traffic (tip of the hat to rene at http://gns3vault.com/Labs/all/)

! ICMP Echo
ip sla monitor 1
type echo protocol ipIcmpEcho 100.1.1.1
timeout 0
frequency 5
ip sla monitor schedule 1 start-time now life forever

! DNS Request
ip sla monitor 2
type dns target-addr www.cisco.com name-server 100.1.1.1
timeout 0
frequency 9
ip sla monitor schedule 2 start-time now life forever

! G711 conversation
ip sla monitor 3
type jitter dest-ipaddr 100.1.1.1 dest-port 16384 codec g711ulaw codec-numpackets 50 codec-size 160 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 3 start-time now life forever

! G729 conversation
ip sla monitor 4
type jitter dest-ipaddr 100.1.1.1 dest-port 16385 codec g729a codec-numpackets 50 codec-size 20 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 4 start-time now life forever

! HTTP GET Traffic
ip sla monitor 5
type http operation get url http://100.1.1.1
frequency 60
ip sla monitor schedule 5 start-time now life forever

! TCPConnect to Telnet
ip sla monitor 6
type tcpConnect dest-ipaddr 100.1.1.1 dest-port 23 control disable
timeout 1000
frequency 2
ip sla monitor schedule 6 life forever start-time now

! TCPConnect to HTTPS
ip sla monitor 7
type tcpConnect dest-ipaddr 100.1.1.1 dest-port 443 control disable
timeout 1000
frequency 3
ip sla monitor schedule 7 life forever start-time now

! TCPConnect to FTP
ip sla monitor 8
type tcpConnect dest-ipaddr 100.1.1.1 dest-port 21 control disable
timeout 1000
frequency 1
ip sla monitor schedule 8 life forever start-time now

! TCPConnect to SSH
ip sla monitor 9
type tcpConnect dest-ipaddr 100.1.1.1 dest-port 22 control disable
timeout 1000
frequency 2
ip sla monitor schedule 9 life forever start-time now

!voip-rtp
ip sla mon 10
voip rtp 100.1.1.1 source-