Cisco IOS IP Service Level Agreementv (IP SLA)

Responder and Control Protocol

1.Responder
内嵌在思科目标路由器中的一个组件，用来对IP SLA请求包做应答，通过对应达包添加时间戳属性，以提高测量计算的准确性。只有Cisco厂家的路由器才能作为Cisco IP Sla的Responder。

2.Control Protocol
   Cisco IP Sla 利用Control message通知Responder需要监听指定端口。一旦Responder收到带有指定端口属性的Control message，它将立即对指定的本地端口进行监听，直到接受到IP LSA探测报文或超时定时器过期之后，Responder将会停止对该端口的listening。可以配置MD5认证来增强Control message的安全性。

IP SLA与Responder的交互过程：

1.用户初始化IP SLA，指定需要进行探测的目标地址、协议、端口等信息

2.Source向Responder发送带有初始化信息的Control message

3.如果配置了MD5认证，Control message将携带MD5信息一同发送

4.Responser收到Control message,如果开启MD5认证，Responder检查MD5认证，如果MD5认证失败，Responder返回失败信息

5.如果source没有收到Responder的反馈信息，它会继续重传，直到重传超时

6.当Responder收到Control message,它会对Control message进行处理，开始对指定的端口进行listening，并返回ok消息，如果无法处理则返回error消息。(Responder可以在同一个指定端口上处理来自不同source的IP SLA操作)

7.如果source收到Responder的ok响应，则开始发送测试包。(show ip sla statistics可以看到响应代码)

8.当Responder对IP SLA经行了响应或超时之后，将停止对指定端口的listening

RTT(Round Trip Time)计算方法

 

RTT = T4-△-T1

MD5认证配置范例(source和responder需要同时配置)：

R1(config)#key chain sla   //定义key chain

R1(config-keychain)#key 1

R1(config-keychain-key)#key-string 2008pj.cn //定义密钥

R1(config-keychain-key)#exit

R1(config-keychain)#exit

R1(config)#ip sla key-chain sla  //SLA调用key chain

验证命令：

show ip sla application  //查看支持哪些应用

show ip sla configuration

show ip sla statistics [details]

UDP Echo Operation

用于测量Cisco路由和和路由器之间，或者Cisco路由器和任何IP设备之间的响应时间。如果目标设备是Cisco路由器，并且作为responder，那么Responder可以监听默认UDP Echo端口(7)或者用户自定义端口。

如果目标设备是非Cisco路由器，那么它只能监听默认UDP Echo端口(7)

备注：

UDP echo server 默认端口是7，而且思科路由器在Release 11.2之后默认关闭该服务。如果Responder(目标路由器)开启echo service，并且IP SLA echo option指定测量端口为7，由于port 7已经被echo server 占用，那么会导致IP SLA测量失败。

配置示例：

R1(config)#ip sla 1

R1(config-ip-sla)#udp-echo 2.2.2.2 500

R1(config-ip-sla-udp)#frequency 30

R1(config-ip-sla-udp)#threshold 150

R1(config-ip-sla-udp)# *** 其他可选配置

R1(config)#ip sla schedule  1 life 600 start-time now

验证命令：

R1#show ip sla statistics 1

Round Trip Time (RTT) for       Index 1

Latest RTT: 71 milliseconds

Latest operation start time: *13:45:45.440 UTC Fri Mar 1 2002

Latest operation return code: OK

Number of successes: 6

Number of failures: 0

Operation time to live: 0

R1#show ip sla statistics 1 details

Round Trip Time (RTT) for       Index 1

Latest RTT: 71 milliseconds

Latest operation start time: *13:45:45.440 UTC Fri Mar 1 2002

Latest operation return code: OK

Over thresholds occurred: FALSE

Number of successes: 6

Number of failures: 0

Operation time to live: 0

Operational state of entry: Inactive

Last time this entry was reset: Never

UDP Jitter Operation

Jitter, 代表交互数据包的延迟变量。例如Source连续的间隔10ms向目标发送探测报，在理想情况下，也会间隔10ms收到目标地址的应答包。如果网络出现延迟，在12ms之后收到应打包，那么 jitter为2(positive value)；如果在8ms之后收到应答包，jitter为-2(negative value)；理想情况下,jitter应该为0。

UDP Jitter Option支持的测量结果类型：

1.  Per-direction jitter(单向jitter)

2.  Per-direction packet-loss(单向丢包)

3.  Per-direction delay(单向延迟,需要配置NTP来让时间同步)

4.  Round-trip delay (average round-trip time)

测量出的单向结果可以明显的显示在哪个方向出现了拥塞或者瓶颈，这样对网络质量可以有个很好的评定。

默认情况下，IP SLA间隔F执行一组探测操作。每组操作中，连续共发送N个UDP数据包，每个数据包负载为S bytes,间隔T ms发送一次。

Parameter	Default Value	Configured Command
Number of packet(N)	10 packets	num-packets x
Playload size per packet(S)	32 bytes	request-data-size x
Time between packets, in milliseconds(T)	20 ms	interval x
Repeat interval (F)	60 s	frequency x
Time out	5000 ms	time-out x

如果做Per-direction delay，需要source和destination时间同步(配置NTP)，如果时间不同步，返回值为0。Per-direction jitter和packet loss不需要时间同步。

配置示例：

R1(config)#ip sla 1

R1(config-ip-sla)#udp-jitter 2.2.2.2 222 source-ip 1.1.1.1 source-port 111 num-packets 5 interval 1000 //N=5，T=1s

R1(config-ip-sla-jitter)#timeout 10000 //time out=10s

R1(config-ip-sla-jitter)#frequency 10  //F=10s

R1(config)#ip sla schedule 1 life 11 start-time now

上述配置中，life为11s,frequency为10，刚好超过1s，而不到5s(发送5个包的时间为5)，但是IP SLA仍然会执行第二组操作(共花掉15s)，总共发送10个UDP包和2个control message(默认开启)。

R1#show ip sla statistics 1 details

Round Trip Time (RTT) for       Index 1

Latest RTT: 61 milliseconds

Latest operation start time: *01:45:41.307 UTC Fri Mar 1 2002

Latest operation return code: OK

Over thresholds occurred: FALSE

RTT Values:

Number Of RTT: 5                RTT Min/Avg/Max: 56/61/76 milliseconds

Latency one-way time:

Number of Latency one-way Samples: 0

Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds

Source to Destination Latency one way Sum/Sum2: 0/0

Destination to Source Latency one way Sum/Sum2: 0/0

Jitter Time:

Number of Jitter Samples: 4

Source to Destination Jitter Min/Avg/Max: 1/7/12 milliseconds

Destination to Source Jitter Min/Avg/Max: 1/6/12 milliseconds

Source to destination positive jitter Min/Avg/Max: 4/4/4 milliseconds

Source to destination positive jitter Number/Sum/Sum2: 1/4/16

Source to destination negative jitter Min/Avg/Max: 1/8/12 milliseconds

Source to destination negative jitter Number/Sum/Sum2: 3/24/266

Destination to Source positive jitter Min/Avg/Max: 12/12/12 milliseconds

Destination to Source positive jitter Number/Sum/Sum2: 1/12/144

Destination to Source negative jitter Min/Avg/Max: 1/4/7 milliseconds

Destination to Source negative jitter Number/Sum/Sum2: 3/12/66

Interarrival jitterout: 0       Interarrival jitterin: 0

Packet Loss Values:

Loss Source to Destination: 0           Loss Destination to Source: 0

Out Of Sequence: 0      Tail Drop: 0    Packet Late Arrival: 0

Voice Score Values:

Calculated Planning Impairment Factor (ICPIF): 0

Mean Opinion Score (MOS): 0

Number of successes: 2

Number of failures: 0

Operation time to live: 0

Operational state of entry: Inactive

Last time this entry was reset: Never

statistic 描述
Number Of RTT	成功往返数据包
Out Of Sequence	无序数据包
Tail Drop	无法确定丢失原因的数据包(可能是尾丢弃)
Packet Late Arrival	超时之后到达的数据包

UDP Jitter Operation for VoIP

UDP Jitter Operation 可以用作VOIP性能测试。支持的语音编码类型：g711alaw, g711ulaw, g729a 三种。

测量结果有一下两种衡量方式：

1.ICPIF(The Calculated Planning Impairment Factor)：障碍因子。范围为1到55，值越小，表明网络性能越好。

Upper Limit for ICPIF	Speech Communication Quality
5	very good(最佳)
10	Good(很好)
20	Adequate(偏好)
30	Limiting case(一般)
45	Exceptional limiting case(差)
55	极差

2.MOS(Mean Opinion Scores):平均意见评分。范围为1到5，值越大，表明语音传输性能越好。

Score	Quality
5	Excellent
4	Good
3	Fair
2	Poor
1	Bad

配置示例：

R1(config)#ip sla 2

R1(config-ip-sla)udp-jitter 2.2.2.2 222 codec g711alaw

R1(config)#ip sla schedule 2 life 60 start-time now

其他属性采用默认配置

R1#show ip sla statistics 2 details

Round Trip Time (RTT) for       Index 2

Latest RTT: 46 milliseconds

Latest operation start time: *02:22:08.807 UTC Fri Mar 1 2002

Latest operation return code: OK

Over thresholds occurred: FALSE

RTT Values:

Number Of RTT: 893              RTT Min/Avg/Max: 4/52/425 milliseconds

Latency one-way time:

Number of Latency one-way Samples: 0

Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds

Source to Destination Latency one way Sum/Sum2: 0/0

Destination to Source Latency one way Sum/Sum2: 0/0

Jitter Time:

Number of Jitter Samples: 892

Source to Destination Jitter Min/Avg/Max: 1/15/51 milliseconds

Destination to Source Jitter Min/Avg/Max: 1/19/385 milliseconds

Source to destination positive jitter Min/Avg/Max: 1/17/51 milliseconds

Source to destination positive jitter Number/Sum/Sum2: 535/9142/196352

Source to destination negative jitter Min/Avg/Max: 1/13/51 milliseconds

Source to destination negative jitter Number/Sum/Sum2: 350/4726/90074

Destination to Source positive jitter Min/Avg/Max: 1/33/385 milliseconds

Destination to Source positive jitter Number/Sum/Sum2: 185/6282/712336

Destination to Source negative jitter Min/Avg/Max: 1/15/52 milliseconds

Destination to Source negative jitter Number/Sum/Sum2: 680/10424/210344

Interarrival jitterout: 0       Interarrival jitterin: 0

Packet Loss Values:

Loss Source to Destination: 0           Loss Destination to Source: 0

Out Of Sequence: 0      Tail Drop: 107  Packet Late Arrival: 0

Voice Score Values:

Calculated Planning Impairment Factor (ICPIF): 1

MOS score: 4.34  // mean opinion score(平均意见得分)

Number of successes: 1

Number of failures: 0

Operation time to live: 0

Operational state of entry: Inactive

Last time this entry was reset: Never

ICMP Echo Operation

通过ICMP echo request和ICMP echo reply来测量源和目标之间的响应时间，也可以通过设置DSCP值来测量QoS。ICMP packet size为request-size加上36byte的和(如果request-size为28byte，那么ICMP packet size为28+36=64byte)

配置示例：

R1(config)#no ip sla 1

R1(config-ip-sla)#icmp-echo 2.2.2.2

R1(config-ip-sla-echo)#request-data-size 30

R1(config)#ip sla schedule 1 life 60 start-time now

R1#show ip sla statistics 1 details

Round Trip Time (RTT) for       Index 1

Latest RTT: 56 milliseconds

Latest operation start time: *05:43:11.446 UTC Fri Mar 1 2002

Latest operation return code: OK

Over thresholds occurred: FALSE

Number of successes: 1

Number of failures: 0

Operation time to live: 0

Operational state of entry: Inactive

Last time this entry was reset: Never

ICMP Path Echo Operation

ICMP Path Echo Operation，如同traceroute命令，测量到每一个中间节点的响应时间

配置示例：

R1(config)#ip sla 1

R1(config-ip-sla)#path-echo 3.3.3.3 source-ip 1.1.1.1

R1(config-ip-sla-pathEcho)#timeout 2

R1(config-ip-sla-pathEcho)#frequency 1

R1(config)#ip sla schedule 2 life 60 start-time now

TCP Connect Operation

用于测量虚应用程序到服务器的可用性、稳定性。例如telnet, SQL, http, ftp等。如果目标是被是非Cisco路由器，那么需要其开启知名端口服务

配置示例：

R1(config)#ip sla 1

R1(config-ip-sla)#tcp-connect 3.3.3.3 23

R1(config-ip-sla-tcp)#timeout 3

R1(config-ip-sla-tcp)#frequency 1

R1(config)#ip sla schedule 1 life 60 start-time now

DNS Operation

测量DNS的响应时间

配置示例:

R1(config)#ip sla 3

R1(config-ip-sla)#dns www.baidu.com name-server 8.8.8.8

HTTP Operation

http响应时间有3部分构成。

1.  域名查找

2.  TCP connect to HTTP Server

3.  发送请求，获取数据

配置示例：

R1(config)#ip sl 3

R1(config-ip-sla)#http get http://www.2008pj.cn

R1(config)#ip sl schedule 3 life 6 start-time now

R1#show ip sla statistics 3 details

Round Trip Time (RTT) for       Index 3

Latest RTT: 512 milliseconds

Latest operation start time: *00:45:17.935 UTC Fri Mar 1 2002

Latest operation return code: OK

Over thresholds occurred: FALSE

Latest DNS RTT: 263 ms

Latest TCP Connection RTT: 120 ms

Latest HTTP time to first byte: 248 ms

Latest HTTP Transaction RTT: 129 ms

Latest HTTP Status: 400

Latest HTTP Message Size: 168

Latest HTTP Entity-Body size: 39

Number of successes: 1

Number of failures: 0

Operation time to live: 0

Operational state of entry: Inactive

Last time this entry was reset: Never

SLA触发操作

当SLA检测结果超过指定阈值之后，可以出发其他操作。触发条件在reaction-configuration命令下配置，触发动作在reaction-trigger命令下配置。

配置示例：

R1(config)#ip sla 1

R1(config-ip-sla)#udp-echo 2.2.2.2 222

R1(config-ip-sla-udp)#timeout 5

R1(config-ip-sla-udp)#frequency 1

R1(config)#ip sla 2

R1(config-ip-sla)#icmp-echo 2.2.2.2

R1(config-ip-sla-echo)#timeout 5

R1(config-ip-sla-echo)#frequency 1

R1(config)#ip sla schedule 2 life 5 start-time pending  //将调度挂起，等待其他被其他调度唤醒

R1(config)#ip sla reaction-configuration 1 react connectionLoss action-type action-type trapandTrigger threshold-type immediate //当检测到连接丢失之后采取的动作是向SNMP发送trap消息，并且启动触发操作(SLA 2)

R1(config)#ip sla reaction-trigger 1 2 //SLA 1检测结果违反规则之后唤醒SLA 2

R1(config)#ip sla logging traps

R1(config)#snmp-server enable traps

当目标地址2.2.2.2，端口222连接丢失之后，在本地路由器上产生如下log:

%RTT-4-OPER_CLOSS: condition occurred, entry number = 1

并向SNMP server发送如下SNMP trap信息(1.1.1.1是trap信息源地址，R1(config)#snmp-server trap-source Loopback0)：

IP SLA的应用

IP SLA与track相互协作引用的最广。比如利用IP SLA来跟踪下一跳IP的可达性，从而动态的改变静态路由的下一条。

范例：

在R1上配置默认路由到R2，R1优先选着192.168.1.x的网络，当该条链路不可达的时候，R1自动选则192.168.2.x的链路

R1配置：

!ip route 0.0.0.0 0.0.0.0 192.168.1.2 10 track 1 //修改了默认AD为10ip route 0.0.0.0 0.0.0.0 192.168.2.2 20 track 2 //修改了默认AD为20!ip sla 1

icmp-echo 192.168.1.2

timeout 1000

frequency 1

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 192.168.2.2

timeout 1000

frequency 1

ip sla schedule 2 life forever start-time now

!

正常情况下，两条链路都可达时，一些验证命令：

R1#show ip routeC       1.1.1.1 is directly connected, Loopback0C    192.168.1.0/24 is directly connected, FastEthernet0/0C    192.168.2.0/24 is directly connected, FastEthernet0/1S*   0.0.0.0/0 [10/0] via 192.168.1.2 

R1#show ip route track-table ip route 0.0.0.0 0.0.0.0 192.168.1.2 10 track 1 state is [up] ip route 0.0.0.0 0.0.0.0 192.168.2.2 20 track 2 state is [up]

当主链路不可达时(R2上shutdown直连接口192.168.1.2),并在R1上开启debug track和debug ip routing，可以看到

*Mar  1 01:03:51.975: Track: 1 Change #8 rtr 1, state Up->Down*Mar  1 01:03:51.975: RT: del 0.0.0.0 via 192.168.1.2, static metric [10/0]*Mar  1 01:03:51.975: RT: delete network route to 0.0.0.0*Mar  1 01:03:51.979: RT: NET-RED 0.0.0.0/0*Mar  1 01:03:51.979: RT: NET-RED 0.0.0.0/0

*Mar  1 01:03:51.979: RT: SET_LAST_RDB for 0.0.0.0/0

NEW rdb: via 192.168.2.2

*Mar  1 01:03:51.983: RT: add 0.0.0.0/0 via 192.168.2.2, static metric [20/0]

*Mar  1 01:03:51.983: RT: NET-RED 0.0.0.0/0

*Mar  1 01:03:51.987: RT: default path is now 0.0.0.0 via 192.168.2.2

*Mar  1 01:03:51.987: RT: new default network 0.0.0.0

*Mar  1 01:03:51.987: RT: NET-RED 0.0.0.0/0

R1#

*Mar  1 01:04:10.619: RT: NET-RED 0.0.0.0/0

R1#show ip routeC       1.1.1.1 is directly connected, Loopback0C    192.168.1.0/24 is directly connected, FastEthernet0/0C    192.168.2.0/24 is directly connected, FastEthernet0/1S*   0.0.0.0/0 [20/0] via 192.168.2.2

R1#show ip route track-table ip route 0.0.0.0 0.0.0.0 192.168.1.2 10 track 1 state is [down] ip route 0.0.0.0 0.0.0.0 192.168.2.2 20 track 2 state is [up]