Friday, October 12, 2012

IP SLA With EEM

Elements

Our network consists of 3 routers, R1 is the customer router, R2 and R3 will simulate ISPs
The goal is if the target IP address 2.2.2.2 is lost, a default route will be injected pointing to R3 and this will be monitored via an IP SLA configuration.
If the reach ability is maintained again, then the default route is removed , and again using the original default route via R2.

Configuration


R1#sh run int s0/0
interface Serial0/0
 ip address 10.1.12.1 255.255.255.0
 no fair-queue
 clock rate 64000

R1#sh run int s0/1
interface Serial0/1
 ip address 192.168.13.1 255.255.255.0
 clock rate 64000

R1#sh run | sec router ospf
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.12.1 0.0.0.0 area 0

R1#sh run | sec ip route
ip route 0.0.0.0 0.0.0.0 10.1.12.2

R2#sh run int s0/0
interface Serial0/0
 ip address 10.1.12.2 255.255.255.0
 no fair-queue
 clock rate 64000

R2#sh run int lo0
interface Loopback0
 ip address 2.2.2.2 255.255.255.255

R2#sh run | sec router ospf
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 10.1.12.2 0.0.0.0 area 0

R3#sh run int s0/0
interface Serial0/0
 ip address 192.168.13.3 255.255.255.0
 clock rate 64000

IP SLA and EEM Configuration

R1#sh run | sec ip sla
ip sla monitor 2
 type echo protocol ipIcmpEcho 2.2.2.2 source-interface Serial0/0
 timeout 1000
 frequency 2
ip sla monitor schedule 2 start-time now

R1#sh ip sla monitor statistics 2
Round trip time (RTT)   Index 2
        Latest RTT: 1 ms
Latest operation start time: *01:02:03.299 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 12
Number of failures: 0
Operation time to live: 3577 sec


R1#sh ip sla monitor statistics 2
Round trip time (RTT)   Index 2
        Latest RTT: 1 ms
Latest operation start time: *01:02:05.299 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 13
Number of failures: 0
Operation time to live: 3574 sec

Ok, our IP SLA is functioning properly, let us move now to the EEM configuration, we will rely on configuring the EEM on a specific SNMP OID 1.3.6.1.4.1.9.9.42.1.2.9.1.6 which refer to SNMP Object name rttMonCtrlOperTimeoutOccurred
According to Cisco’s explanation “This object is set to true when an operation times out, and set to false when an operation completes under rttMonCtrlAdminTimeout. When this value changes, a reaction may occur, as defined by rttMonReactAdminTimeoutEnable”

event manager applet SLA_OUT
 event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 1 exit-op eq exit-val 2 poll-interval 5
 action 1.0 syslog msg "Test"
 action 1.1 cli command "enable"
 action 1.2 cli command "configure terminal"
 action 1.3 cli command "ip route 0.0.0.0 0.0.0.0 192.168.13.3"
 action 1.4 syslog msg "There is a problem on our Primary connection , move all the traffic to the Secondary Line"
event manager applet SLA_OK
 event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 2 exit-op eq exit-val 1 poll-interval 5
 action 1.0 syslog msg "OK"
 action 1.1 cli command "enable"
 action 1.2 cli command "configure terminal"
 action 1.3 cli command "no ip route 0.0.0.0 0.0.0.0 192.168.13.3"
 action 1.4 syslog msg "Our Primary connection is functionin again , stop using the Secondary Line"

Note: The bolded number is the same number as the configured IP SLA

Let us check R1’s routing table

R1#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "static", distance 1, metric 0, candidate default path
  Routing Descriptor Blocks:
  * 10.1.12.2
      Route metric is 0, traffic share count is 1

R1#debug event manager action cli

Let us now turn the loopback 0 interface of R2 off (our monitored target)

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int lo0
R2(config-if)#shut

R1#
*Mar  1 01:11:43.591: %HA_EM-6-LOG: SLA_OUT: Test

*Mar  1 01:11:43.595: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : CTL : cli_open called.
*Mar  1 01:11:43.599: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT :
*Mar  1 01:11:43.603: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT : R1>
*Mar  1 01:11:43.603: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : IN  : >enable
*Mar  1 01:11:43.615: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT :
*Mar  1 01:11:43.615: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT : R1#
*Mar  1 01:11:43.615: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : IN  : #configure terminal
*Mar  1 01:11:43.627: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT :
*Mar  1 01:11:43.627: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
*Mar  1 01:11:43.627: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT : R1(config)#
*Mar  1 01:11:43.627: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : IN  : #ip route 0.0.0.0 0.0.0.0 192.168.13.3
*Mar  1 01:11:43.739: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT :
*Mar  1 01:11:43.739: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : OUT : R1(config)#
*Mar  1 01:11:43.739: %HA_EM-6-LOG: SLA_OUT: There is a problem on our Primary connection , move all the traffic to the Secondary Line

*Mar  1 01:11:43.739: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : IN  : #exit
*Mar  1 01:11:43.743: %HA_EM-6-LOG: SLA_OUT : DEBUG(cli_lib) : : CTL : cli_close called.

R1#sh run | sec ip route
ip route 0.0.0.0 0.0.0.0 10.1.12.2
ip route 0.0.0.0 0.0.0.0 192.168.13.3

We can see that a default route has been injected pointing to R3

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int l
*Mar  1 01:13:17.115: %SYS-5-CONFIG_I: Configured from console by consoleo0
R2(config-if)#no shut

R1#sh run | inc ip route | ?     
LINE    <cr>

R1#                       
*Mar  1 01:13:25.695: %HA_EM-6-LOG: SLA_OK: OK

*Mar  1 01:13:25.699: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : CTL : cli_open called.
*Mar  1 01:13:25.703: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT :
*Mar  1 01:13:25.703: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT : R1>
*Mar  1 01:13:25.703: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : IN  : >enable
*Mar  1 01:13:25.715: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT :
*Mar  1 01:13:25.715: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT : R1#
*Mar  1 01:13:25.715: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : IN  : #configure terminal
*Mar  1 01:13:25.727: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT :
*Mar  1 01:13:25.727: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
*Mar  1 01:13:25.727: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT : R1(config)#
*Mar  1 01:13:25.727: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : IN  : #no ip route 0.0.0.0 0.0.0.0 192.168.13.3
*Mar  1 01:13:25.743: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT :
*Mar  1 01:13:25.743: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : OUT : R1(config)#
*Mar  1 01:13:25.743: %HA_EM-6-LOG: SLA_OK: Our Primary connection is functionin again , stop using the Secondary Line

*Mar  1 01:13:25.743: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : IN  : #exit
*Mar  1 01:13:25.743: %HA_EM-6-LOG: SLA_OK : DEBUG(cli_lib) : : CTL : cli_close called.
*Mar  1 01:13:25.755: %SYS-5-CONFIG_I: Configured from console by vty0

R1#sh run | sec ip route          
ip route 0.0.0.0 0.0.0.0 10.1.12.2

The default route pointing to R3 is gone now
at

No comments:

Post a Comment