IP SLA - BGP

Has anyone used IP SLA for internet type monitoring please let me know. 
I have few sites i managed in the UK, US & Germany with different provides BGP Multihoming and wanted to use IP SLA to do some measurement related to availability, performance and health of  Internet services. At present if something change within the provider cloud upstream to us for example a device failure cauisng a re-route, latency, we have no way of finding out!!!  Has anyone deployed this type of setup?
Francisco.

Hi,
this might help you a little:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-eot.html#GUID-329D3946-840D-4C0D-85B6-5AB207C86F6F
If you need something more complex to watch, you might ask your providers if they are able to provide you SLA measurement reports (see
http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper0900aecd8017f8c9_ps6602_Products_White_Paper.html ).
HTH,
Milan

Similar Messages

  • EEM / IP SLA to shutdown lossy high RTT BGP neighbor

    Hi,
    I'm relatively new to the IP SLA procedure and very new to EEM. I'm searching for the most efficient way to monitor the availability (packet loss and latency) of a BGP neighbor from a router to actively shutdown the neighbor relationship in order to failover to a back up L2L VPN I have configured on an ASA. It's important that I'm able to continue monitoring the BGP neighbor so that when the neighbor becomes stable again, I can reenable the BGP neighbor relationship. I've put something quick together (below) but am not sure if it will do what I want. I'd appreciate any suggestions and feedback.
    Thank you!
    -Mike
    ip sla 90
     icmp-echo <neighbor_ip> source-ip <source_ip>
     threshold 250
     timeout 500
     frequency 3
    ip sla schedule 90 life forever start-time now
    ip sla enable reaction-alerts
    track 90 ip sla 90 reachability
      delay down 3 up 180
    event manager applet BGP_NEIGHBOR_DIRTY
     description SHUT DOWN BGP NEIGHBOR IF RTT OVER 250 FOR 3 SECONDS
     event syslog pattern "90 ip sla 90 reachability Up->Down"
     action 1.0  cli command "enable"
     action 1.1  cli command "configure term"
     action 1.2  cli command "router bgp 63320"
     action 1.3  cli command "neighbor <neighbor_ip> shutdown"
     action 1.4  cli command "end"
    event manager applet BGP_NEIGHBOR_CLEAN
     description ENABLE BGP NEIGHBOR IF RTT UNDER 250 FOR 3 MINUTES
     event syslog pattern "90 ip sla 90 reachability Down->Up"
     action 1.0  cli command "enable"
     action 1.1  cli command "configure term"
     action 1.2  cli command "router bgp 63320"
     action 1.3  cli command "no neighbor <neighbor_ip> shutdown"
     action 1.4  cli command "end"

    By chosing a target that is along your desired path, you can certainly have a more robust script. I would use loopback to loopback communication as well, this will force the traffic through the router, and also find any potential issues where the peer is alive and sending bgp but not actually passing traffic. You will definitely need some "fudge" factors in there to deal with routers have to process the ICMP packets (Any CoPP will really really skew the results you are getting). I have had experiences where testing to/from a Nexus device gives wildly different results vs testing through the boxes. 
    HTH

  • Need suggestion on IP SLA on DC and DR scenario

    Dear Experts,
    I need to build a back-up MPLS connectivity for an existing MPLS link connecting multiple locations to DC and DR as shown in the diagram.

    Hello.
    Sure you may use ip sla (on spokes) to track ISP1 reachability and failover to ISP2 in case of any issue.
    At the same time this would work ONLY if you have dynamic routing between DC and ISP1!
    If only statics are available for DC, then I would suggest to build a mesh of GRE tunnels (mGRE) over both ISPs and run EIGRP over tunnels.
    PS: it's also possible to run BGP over ISP clouds, but it would make things slightly more complicated.

  • NX-OS vrf bgp local-as interaction with L3vpn

    I use standard MPLS BGP-L3vpn to forward traffic between VRFs on Nexus 7k routers.  All of my VRFs are within the same BGP process, so have the same local-as.
    I'd like to bring-up an eBGP session from one VRF to a carrier, but the carriers requires that they peer with a specific BGP ASN (call it "65432").  It doesn't look like NX-OS supports the "router bgp 1234, vrf VRF1 neighbor w.x.y.z local-as 65432" command.  However, it does appear to support "router bgp 1234, vrf VRF1, local-as 65432".  
    My limited understanding is that this would prepend "65432" onto all routes advertised to all VRF1 neighbors?  And that all neighbors defined under VRF1 on this router would learn routes from me with as-path "^65432 1234 ..."?
    If so, would this have any affect on routes exchanged with other VRFs using import/export rd? 

    It's tricky given that BGP's AD is always going to beat out EIGRP's all other things being equal. Most of the things you can do with BGP route-maps involve making one BGP route preferred over another.
    You could inject the preferred path as a static route (AD = 1) to the firewall using an ip sla operation and having the static route track that. Once the ip sla operation fails, the static route is withdrawn and then the BGP-learned route (AD = 20) will take precedence.

  • Best Practice Two ISPs and BGP

    Hello Experts.
    I was wanting to hear opinions for the best way to setup two ISR4431's with two 2960x's and two ASA firewalls.
    My current design is:
    ISP1 router -> ISR4431-A ->{2960x pair} -> ASA-A
    ISP2 router -> ISR4431-B ->{2960x pair} -> ASA-B
    Currently using public BGP and HSRP on the inside with an SLA monitor to a public IP.
    If HSRP is the best way to accomplish this, how do i solve these two problems or is there a better design? (The two 4431's are not connected to each other currently.)
    -Least Cost routing (i guess that is what its called) - I want to visit a website that is located on ISP2's network (or close to it), but HSRP currently has ISP1 as active. If i go out ISP1 it may go around the country or 10 hops before it hit a site that is 4 hops away on the other ISP.
    -Assymetric routing - i think that is where a reply comes in the non-active ISP - how do i prevent that.
    I am really just looking for design advice about the best way to use this hardware to create as much redundancy as possible and best performance possible. If you could just share your opinion of "I would use ____" or give me a stamp of reassurance on the above design and any opinion on the two problems.
    Thanks for the time!

    Hi,
    If you are running BGP with the service provides, you need an IBGP link between the 2 ISR-4431 routers.  If for example you want traffic to go out using sp-1 and come back using the same provider you need to us AS path prepending, so sp-2 sees a longer path to your network  and so traffic goes out and comes back through the same provider.  In this case you use sp-2 as backup link, if not you can be dealing with Asymmetric routing. In addition, for HSRP/VRRP to work both routers should be connecting to the set of  2960x switches. You can simply stack the 2960x switches so they logically look as one device. The same should go for the firewalls. They should connect to the switch stack.
    HTH

  • IPV6 statics and IP SLA

    Hi,
    I have a test setup working fine in general with IPV4/IPV6. However, I have one situation where I'd like to do what I do in IPV4 for IPV6
    The situation is where an IPV4 SLA pings two IP addresses. Then there are two static routes tracking these two routes. Under certain failure conditions, the tested destinations disappear and the pings fail. The static routes disappear and a floating static on another router seen via OSPF takes over.
    All this works well with IPV4.
    I'd like to do the same in IPV6 but there is no equivalent to the
    ip route x.x.x.x y.y.y.y z.z.z.z track N command
    I have 12.4.22T and can configure the icmp echo tests fine and they go up/down correctly when the tested destination goes, but I can't configure the ipv6 static as there is no command:
    ipv6 route x:x:x:x::/x z:z:z:z::z track N
    Had a look round 15.2 code and still nothing.
    Anyone know if this is coming ?
    Or is there another way ?

    Answered my own question. Found a link on a non-Cisco forum that said IPV6 static route track not yet there although on the list and referred to EEM as alternative.
    So this is what I did - and it all works correctly.
    #On c7200-adventerprisek9-mz.124-22.T4.bin
    #First create tests that check the availability of something known via BGP.
    #If BGP peering fails this goes away.
    #There are two tests to BGP peer loopbacks for resilience
    #since in this case there are two BGP peers
    ip sla 3
    icmp-echo FC00:1:11:115::1
    timeout 1000
    frequency 5
    ip sla schedule 3 life forever start-time now
    ip sla 4
    icmp-echo FC00:1:11:115::2
    timeout 1000
    frequency 5
    ip sla schedule 4 life forever start-time now
    #Then setup some trackers against the SLAs.
    track 3 ip sla 3 reachability
    delay down 2 up 2
    track 4 ip sla 4 reachability
    delay down 2 up 2
    #then set up 2 'down' handlers and 2 'up' handlers. The handlers add static routes if the BGP peers
    #are up. The handlers remove if they are down letting OSPF (in this case) deal with an alternate.
    #a syslog is sent to show the handler action.
    event manager applet track_ipv6_test1_down
    event track 3 state down
    action 1.0 syslog msg "EEM applet track_ipv6_test1_down - removing ipv6 static track route 1"
    action 2.0 cli command "enable"
    action 3.0 cli command "conf term"
    action 4.0 cli command "no ipv6 route fc00:1:12:48::/48 fc00:1:11:115::1"
    event manager applet track_ipv6_test2_down
    event track 4 state down
    action 1.0 syslog msg "EEM applet track_ipv6_test2_down - removing ipv6 static track route 2"
    action 2.0 cli command "enable"
    action 3.0 cli command "conf term"
    action 4.0 cli command "no ipv6 route fc00:1:12:48::/48 fc00:1:11:115::2"
    event manager applet track_ipv6_test1_up
    event track 3 state up
    action 1.0 syslog msg "EEM applet track_ipv6_test1_up - adding ipv6 static track route 1"
    action 2.0 cli command "enable"
    action 3.0 cli command "conf term"
    action 4.0 cli command "ipv6 route fc00:1:12:48::/48 fc00:1:11:115::1"
    event manager applet track_ipv6_test2_up
    event track 4 state up
    action 1.0 syslog msg "EEM applet track_ipv6_test2_up - adding ipv6 static track route 2"
    action 2.0 cli command "enable"
    action 3.0 cli command "conf term"
    action 4.0 cli command "ipv6 route fc00:1:12:48::/48 fc00:1:11:115::2"

  • Lower Admin Distance of BGP so EIGRP is higher

    Customers current WAN is using P2P T1s (ML-PPP) Telco sold them a MPLS T1 network as a Backup Network. P2P T1 network is using EIGRP and MPLS is using BGP. My problem is I want to change the admistrative of the Routes learned from BGP (mpls provider) from a weight of 20 to value greater tham 90. This way the primary path is the ML-PPP NxT1 EIGRP links and the back up is MPLS. If MPLS was using Static routes, I would use IP SLA with a Track object on my static routes to the MPLS network.
    I have tried the Distance BGP command 200 200 200 and it does not appear to work. But since the documentation says " configure a rating of the trustworthiness of a routing information source" on the Distance BGP command, that is not what I want. Can this be done? or should I go the Static Route way on my MPLS backup WAN network?
    Thanks
    Charlie

    HI Charlie,
    To increase BGP AD you can use distance commmand to either increase the AD of all BG routes of specific routes from specific source.
    here an example.
    Router bgp AS#
    distance AD IP Souce Wildcard
    In this example i have 2 routers connected via serial interfaces R4 and R5 and both running OSPF and BGP R4 advertise 4.4.4.4/32 via both OSPF and BGP, BGP route selected and installed in the FIB table but once the BGP AD changed OSPF route become the best.
    router bgp 200
    distance 120 10.10.45.4 0.0.0.0
    R5#show ip bg
    BGP table version is 4, local router ID is 100.10.10.5
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    Network Next Hop Metric LocPrf Weight Path
    r> 4.4.4.4/32 10.10.45.4 0 0 100 i
    R5#show ip route ospf | inc 4.4
    O 4.4.4.4 [110/2] via 192.168.45.4, 00:06:19, GigabitEthernet0/1
    Also i got the same result with the below command.
    router bgp 200
    distance bgp 200 200 200
    Note that hard clear is a must, so don't forget to use clear ip bg x.x.x.x
    Please rate helpful posts.
    Best Regards,
    Mounir Mohamed

  • PBR Using Tracked BGP Route

    Hello Guys,
    My scenario is:
    2 Sites interconnected by 2 MPLS Links and BGP between the routers.
    I need some help to force some traffic to be routed using one Link based on Protocol or TCP Port.
    But if the link goes down, I need the traffic to be send using another link.
    I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
    Can someone tell me some tips for this case?
    Best Regards.
    Heleno Fagundes

    Hi,
    For your two concerns.
    **2 Sites interconnected by 2 MPLS Links and BGP between the routers
     Do you have some sort of network diagram ????
    **I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
    We can always apply a track and an IP sla monitoring an IP address which the router is receiving from its BGP peer which you wish to monitor.
    I am sure if you provide me sample diagram/config i'll be able to give some more descriptive answer.
    Regards,
    HK

  • BGP + HSRP Active Passive failover solution

    Hi all,
    I would like to know how to configure an Active Passive failover solution using BGP + HSRP(with ip sla to track line up/down) in 2x Cisco CPE. 
    For example the IP assignment as below:
    Primary Router:-
    WAN IP: 10.10.10.2/30; GW: 10.10.10.1/30
    LAN IP(Primary): 172.16.1.1/24
    LAN IP(Secondary): 12.12.12.1/24
    HSRP Virtual IP: 172.16.1.3
    Backup Router:-
    WAN IP: 10.10.10.6/30; GW: 10.10.10.5/30
    LAN IP(Primary): 172.16.1.2/24
    LAN IP(Secondary): 12.12.12.2/24
    HSRP Virtual IP: 172.16.1.3
    BGP info:
    AS No: 12345
    Remote-AS: 67890
    Password: abcde
    There will be an unmanaged switch connect to these 2 routers LAN interface and my PC will connect to this switch to perform failover test.
    Appreciate if anyone can share his/her knowledge and guide me on this.
    Let me know if the details above is insufficient.
    Thanks.
    CS

    Hi,
    As per my understaing few things are missing here:
    First you mentioned only 1 virtual IP here from primary LAN Subnet, what about secondary LAN Subnet?
    Secondly, you need to advertise something ( atlest 1 subnet) to BGP, that will show in remote side routing table.
    1 IP SLA and 1 tracking object should be configure also.
    Thanks,
    SAP

  • Tracking packet loss to selected destination on BGP gateway

    Hi,
    We have a Multihomed(2-ISP on 1-Router) BGP connectivity for ISP redundancy, through this link we are advertising our own IP prefix. The link failover works perfectly fine, it happens if either of the local loop for the ISP physically goes down or if the remote peer(neighbor router) is not reachable.
    The existing BGP configuration is not helping us much to address the intermittent packet loss issues that occurs with some of our critical remote destinations.
    I am not sure how we can fix this issue on the gateway router. I am actually trying with IP SLA configurations to see if we can address this issue.
    Let me know if there is a better way to address such issues on border router.

    VPN01#sh ip cef switching statistics
           Reason                          Drop       Punt  Punt2Host
    RP LES No route                          19          0          0
    RP LES Packet destined for us             0      39625         98
    RP LES No adjacency                     480          0          0
    RP LES TTL expired                        0          0      29428
    RP LES Fragmentation failed, DF         346          0       1877
    RP LES Features                       18434          0      21821
    RP LES Unclassified reason               18          0          0
    RP LES Neighbor resolution req         1029         20          0
    RP LES Tun decap, gre payload             0        187          0
    RP LES Fragmentation no pak               0          0      13108
    RP LES Total                          20326      39832      66332
    All    Total                          20326      39832      66332

  • ASA BGP Multihoming

    Hi All,
    Has anyone tried or successfully running BGP on ASA with a Multi-homed setup with two ISP's and a provider independent Public Subnet with a Public ASN.
    Currently BGP is running on the Primary ISP and we are only taking the default route from there.
    We are planning to implement a pair of ASA's in Active/Passive Setup with both ISP's terminating on them. To achieve ISP redundancy we would configure ISP failover using SLA Monitoring, however I would also like our Public Subnet unaltered if we switch to the backup ISP in case of a failure.
    Both ISP Drops are Gig-Ethernet Copper Links, for which we will be using a switch stack to distribute both links to the ASA pair.
    I just wanted to confirm if someone is running a similar setup or has validated that this works?

    Hola!
    I can't say that I've seen this running in the wild - but I have seen it designed in Cisco documentation.  I'd be a little leery about using ASAs for BGP Internet peering - you might run into some feature issues and I'd be concerned about memory issues for large routing tables.
    My preference would be to place (1) or (2) Cisco 29xx or 39xx with a fair amount of memory (depending on the design).
    Please rate helpful posts.

  • HSRP + BGP - LAN interface failover occurs but BGP fails to work

    I have 2 ISP's with 2 separate routers. 1 - 3845 and 1 - 2801. The routers are connected to a 2900 Catalyst switch stack on the LAN side. My Goal is to have BGP "follow" HSRP. When HSRP fails over I would like BGP to failover as well. Currently if I test failure of the LAN interface on the master router, HSRP works correctly but BGP fails to route traffic.
    I have attached modified examples of the configs from both routers.

    @Gary,
    See attached document. Some disclaimers:
    Its the Internet, failover will not be fast. It will not be pleasant. In most cases, ( even in L3VPN scenario and on the open Internet), I've seen BGP converge in ~2 minutes. This depends on how your ISPs are connected and how your users are connected to the internet. (Waves hand vigorously, its the Internet, such is beyond the scope of this example :)
    Because of point 1 above, real-time traffic will drop during failover. But the failover is automatic so no 5am surprise while your stuck in traffic on the way into the office. Failback is also automatic ( although some people prefer users not to have two hits if at all possible. If that's the case, this isn't for you. As soon as that other active router returns to service, BGP will failback
    You should test the crap out of this in a lab environment there may be idiosyncrasies in your network I did not account for ( goes without saying)
    I would remove your track of "4.4.4.4" in the original configuration. Pinging stuff on the Internet is notoriously unreliable. More important, if it causes HSRP to switch _AND_ there's only a problem with the path to "4.4.4.4", you will have asymmetric routing within your network (i.e. egress from your site, you'll take router_b path, ingress to your site will take router_a path). Not totally as bad thing but something to be aware of. Whats more, egress path from internal network will go to router_a, come back on the 2960S stack, and then hit router_b. Again not totally a bad thing but something to think about. You can either add a direct link between router_a and router_b or track additional stuff ( I personally track Google and Microsoft's anycast DNS servers). The former solves the "back through stack" problem; the latter solves the "no one cares about pings / transient internet pathing problem"
    One last thing. It occurred to me: What happens in this scenario:
    router_a ebgp with ISPA is up. ( Or router_a bgp is down but link is up/up?)
    router_a is up as well
    From router_b, path to router_a is up
    You get a blackhole for your site prefixes. This is because router_b still does not advertise your site prefixes because it still has the ISPA connected /30 in is BGP RIB. The workaround is to condition the announcement on the existence of prefixes originated from ISPA directly ( see doc).  If you don't have such routes, you don't have a direct connection to ISPA and that verifies that router_a is no longer a viable ingress/egress point.
    I'll make one last commentary: All these mechanisms -- EEM scripts, BGP conditional announcement, IP SLA tracking, etc-- add complexity. Not strictly a bad thing, but I like to keep things simple and avoid turning knobs where possible. That said, you wouldn't have to go through these theatrics to cover the failure cases if you had a direct link between router_a and router_b, I would seriously consider making it so.
    If you can't spring for an EHWIC, you could recreate your edge network by connecting both interfaces on your edge routers to the 2960S. Both ISPs would connect to either 2960S switch. Logically, you establish a full mesh eBGP sessions between your routers and your ISPs. But that's just trading one complexity for another. I'd spring for the EHWIC and add a link between your routers...
    Mark if you find helpful. Come back and show me your results as well...

  • Cisco BGP Peering Between 2 ISP

    Hi Cisco People,
    Just have a question with BGP peering in Cisco's. I have two ISP's which I am peering against for an active and standby configuration. I would like to know if there is a way to configure some sort of 'dead-peer detection' on the router to monitor a public IP address in the event of an ISP failure. I want to find a way to dynamically failover the link in the event of failure when losing pings to an external address.
    Regards
    Chris

    Chris
    Dead Peer Detection is one of the functions performed by BGP. If the peer goes dead then BGP will detect it and will withdraw routes learned from that peer from the routing table.
    What you describe about monitoring a public address is more about validating that the ISP routing logic is learning and advertising appropriate routes than it is about detecting if a peer has gone dead. I would think that this is possible - but a bit complex. I would think that you could configure IP SLA to track some public address (the tricky bit here is to make sure that you are tracking through ISP1 and not using ISP2 for this). Then you should be able to configure EEM to watch the track and if the route is lost to make appropriate changes in BGP to force the failover.
    HTH
    Rick

  • Service desk SLA

    Hi all,
    I have implemented basic service desk.
    Now i want to implement SLA for the same.
    Currently i have config the mailing action depending upon Status change. But now the req is to to trigger the mails depending upon timeline.Which can be done via SLA.
    I have gone thru the Service desk additional guide which is available on service.sap but not that much helpful.
    Can anyone please explain me how to implement the same.
    Points will be rewarded for sure.

    Dear Prakhar,
    If you want to work with SLAs a service product and contracts have to be
    used. The relevant dates then are not on header level of a service desk
    message but on item level. The actions concerning the SLA have to be
    defined on item level.
    The processing of the service desk messages is done with the transaction
    CRM_DNO_MONITOR. In this transaction monitor fields to the header of a
    message as well as to the item of a message are available and can be
    displayed.
    CRM transaction type SLFN actually is NOT configured for the use with
    contracts, SLAs,... . If you want to use these functionalities CRM
    transaction type SLF1 or an own defined transaction type should be used.
    Availability and Response Times can be maintained with transaction
    CRMD_SERV_SLA.
    Detailed information about the use and the customizing of Service
    Contracts and Service Level Agreements can be found
    - in the online documentation to Service Level Agreements
    - in the CRM IMG documentation, e.g.:
      - Customer Relationship Management
        - Transactions
          - Settings for Service Processes
            - SLA Escalation Management      <-
            - in the additional informations to the service desk that are to
    find in the SAP Service Marketplace under the quicklink
    'Solutionmanager'
      - Media Library
        - Technical Papers
          -> Service Desk: Additional Information
    Hope this helps explain things.
    Regards
    Amit

  • Service Desk with SLA: item data not automatic

    Hello all.
    I'm trying to setup service desck with contract determination for monitoring SLA (SolMan 7.0 SP 15)
    Everything works well, except for item/product determination. I mean, when i check a  support message creatde in a satellite system, organizational data are ok, but item's data are blank. Well, i put manually my own product in Item, quantity, press Enter and... that's all: contract data are correctly fullfilled, SLA schema ok, no errors at all.
    I'm sure that i missed some basic configuration, but i don't know where... Maybe in the Action Profile of the ABA message? Or in the Item category determination?
    Help me!

    Hi Michele
    Go to SPPFCADM > Select Application DNO_NOTIF >> Define Action Profile and Actions >> Action Profile - SLFN0001_STANDARD_DNO >> Action  - SLFN0001_STANDARD_DNO_CRM >> Select the processing type Method Call and choose 'change'icon in Method call settings >>
    In the container editor , Choose create >>  Maintain Element, Name & Description - maintain as ITEM_PRODUCT_ID, Choose ABAP Dict. Reference , Maintain values - Structure CRMD_ORDERADM_I, Field ORDERED_PROD, choose tab - intial value, enter the product code (Ex.SUPPORT)
    enter and save.
    This setting will ensure you to determine the product id in the Support message automatically, during your message creation process.
    Thanks
    Ram

Maybe you are looking for