SLA Lab

Over the last few days here at the Circus we have been playing around with trying to test our service level agreements (SLA). It came about because one of our off-campus sites was having connectivity issues and were extremely vocal in their complaints, squeaky wheel and all that.

The problem is that a vendor was blaming their poor performance on the site connectivity. Of course we set up nagios to poll every minute but that wasn’t good enough. We needed to be able to graph response time. Eventually I wrote a perl script to feed data to MRTG but before we did that we played around with IOS rtr and ip sla commands.

I was working on something else when my counterpart began playing with ip sla and rtr, so I decided to lab it even though it is not on the ONT exam.

A short note about IP SLA and responders. Depending upon version number and platform you are able to do different operations. It is interesting that Cisco SLA monitoring is very careful regarding time stamps. This is so that you can truly get line speed as opposed to application or processing delays. From the Cisco documentation, IP SLA test packets use time stamping to minimize the processing delays. When the IP SLA responder is enabled, it allows the target device to take time stamps when the packet arrives on the interface at interrupt level and again just as it is leaving, eliminating the processing time. This time stamping is made with a granularity of sub-milliseconds.

Below is an image of the lab setup I am using. Once again it is the general cabling diagram from the ONT Lab book because I am not changing the wiring until I have to.

sla

 

Goals for the lab:

  • Have R1 download the index page from the web server 192.168.24.234 and report it’s statistics for a 24 hour period under the tag HTTP.234.
  • Have R1 report the SLA for tcpConnect for a one hour period to R2.

How I did the lab:

The server at 192.168.24.234 is running a web server and we want to have the IOS HTTP SLA measure performance. Let’s test downloading a file from the server:

R1#copy http://192.168.24.234/index.html null:
Loading http://192.168.24.234/index.html
55 bytes copied in 0.060 secs (917 bytes/sec)

Now let’s see what operations sla supports on our router.

R1#sh ip sla monitor application
<omitted>
Supported Operation Types
Type of Operation to Perform: dhcp
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: frameRelay
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho
Type of Operation to Perform: voip

You might as well configure snmp on the router, I used the ubiquitous public community string, I would recommend changing that:

snmp-server community public RO

Now to configure a test of the sla in the lab:

ip sla monitor 1
 type http operation get url http://192.168.24.234/index.html
 tag HTTP.234
ip sla monitor schedule 1 life 86400 start-time now

Notice that when we scheduled it we are only going to run it for a day, 86,400 seconds with a start-time of now. If you wanted to run this test indefinitely you would configure life forever.

Now to show what is going on:

R1#sh ip sla monitor collection-statistics
Entry number: 1
Start Time Index: *15:43:14.400 UTC Sun Mar 31 2002
Number of successful operations: 5
Number of operations over threshold: 0
Number of failed operations due to a Disconnect: 0
Number of failed operations due to a Timeout: 0
Number of failed operations due to a Busy: 0
Number of failed operations due to a No Connection: 0
Number of failed operations due to an Internal Error: 0
Number of failed operations due to a Sequence Error: 0
Number of failed operations due to a Verify Error: 0
DNS RTT: 0
TCP Connection RTT: 57
HTTP Transaction RTT: 44
HTTP time to first byte: 86
DNS TimeOut: 0
TCP TimeOut: 0
Transaction TimeOut: 0
DNS Error: 0
TCP Error: 0
Transaction Error: 0

I also wanted to test the IP SLA tcpConnect SLA configuration. Here is the command to set up R2 as the responder:

ip sla monitor responder

And the commands to enable it on R1 as the source of the tcpConnect:

ip sla monitor 2
 type tcpConnect dest-ipaddr 192.168.12.2 dest-port 5000 source-ipaddr 192.168.12.1 source-port 5000
 timeout 1000
 frequency 10
ip sla monitor schedule 2 start-time now

And to confirm that is work on R1:

R1#sh ip sla monitor collection-statistics 2
Entry number: 2
Start Time Index: *10:14:13.723 UTC Mon Apr 1 2002
Number of successful operations: 6
Number of operations over threshold: 0
Number of failed operations due to a Disconnect: 0
Number of failed operations due to a Timeout: 4
Number of failed operations due to a Busy: 0
Number of failed operations due to a No Connection: 0
Number of failed operations due to an Internal Error: 1
Number of failed operations due to a Sequence Error: 0
Number of failed operations due to a Verify Error: 0

Now to confirm that is working on R2:

R2#sh ip sla monitor responder
IP SLA Monitor Responder is: Enabled
Number of control message received: 93 Number of errors: 0
Recent sources:
	192.168.12.1 [01:21:55.972 UTC Fri Mar 29 2002]
	192.168.12.1 [01:21:45.968 UTC Fri Mar 29 2002]
	192.168.12.1 [01:21:35.972 UTC Fri Mar 29 2002]
	192.168.12.1 [01:21:25.972 UTC Fri Mar 29 2002]
	192.168.12.1 [01:21:15.968 UTC Fri Mar 29 2002]
Recent error sources:

You can find the SNMP Object Navigator here where you can look up Cisco MIBs.

This is how you would download snmp data from your router:

# snmpwalk -v 2c -c public 192.168.12.1 1.3.6.1.4.1.9.9.42.1.3.4.1.11.1
SNMPv2-SMI::enterprises.9.9.42.1.3.4.1.11.1.104057532 = Counter32: 329

And to make it more MRTG friendly:

# snmpwalk -v 2c -c public 192.168.12.1 1.3.6.1.4.1.9.9.42.1.3.4.1.11.1 | cut -d \: -f 4 | sed -e 's/ //g'
357

I used the IP SLA documentation to help me configure SLA, it is also the source of the quote above.

This entry was posted in Routing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s