sla monitor in Cisco ASA land
SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but pretty uniform.
TokyoASA1(config)# sla monitor 33 TokyoASA1(config-sla-monitor)# type echo protocol ipIcmpEcho 150.6.2.2 int outside type echo TokyoASA1(config-sla-monitor-echo)# ?
default Set a command to its defaults
exit Exit probe configuration
frequency Frequency of an operation
no Negate a command or set its defaults
num-packets Number of Packets
request-data-size Request data size
threshold Operation threshold in milliseconds
timeout Timeout of an operation
tos Type Of Service
TokyoASA1(config-sla-monitor-echo)# frequency ?
sla-monitor-echo mode commands/options:
<1-604800> Frequency in seconds
TokyoASA1(config)# sla monitor schedule 33 ?
ageout How long to keep this Entry when inactive
life Length of time to execute in seconds
recurring Probe to be scheduled automatically every day
start-time When to start this entry
TokyoASA1(config)# sla monitor schedule 33 life forever start after 00:05:00
Now create tracking process to be later applied to the static route:
TokyoASA1(config)# track 1 rtr 33 reachability
And finally we create static route and attach to it the created track :
TokyoASA1(config)# route outside 0 0 136.6.123.3 track 1
Now let's see some statistics on the track:
TokyoASA1# sh track
Track 1
Response Time Reporter 33 reachability
Reachability is Down
1 change, last change 00:04:03
Latest operation return code: Unknown
Tracked by:
STATIC-IP-ROUTING 0
The final configuration looks like
sla monitor 33
type echo protocol ipIcmpEcho 150.6.2.2 interface outside
num-packets 3
request-data-size 1500
timeout 30
frequency 5
sla monitor schedule 33 life forever start-time after 00:05:00
TokyoASA1# sh sla monitor configuration
Entry number: 33
Owner:
Tag:
Type of operation to perform: echo
Target address: 150.6.2.2
Interface: outside
Number of packets: 3
Request size (ARR data portion): 1500
Operation timeout (milliseconds): 30
Type Of Service parameters: 0x0
Verify data: No
Operation frequency (seconds): 5
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Enhanced History:
TokyoASA1# sh sla monitor configuration operational-state
Entry number: 33
Modification time: 15:14:04.168 UTC Sun May 23 2010
Number of Octets Used by this Entry: 1480
Number of operations attempted: 48
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 1
Latest operation start time: 15:22:59.169 UTC Sun May 23 2010
RTT Values:
RTTAvg: 1RTTMin: 1RTTMax: 1
NumOfRTT: 3RTTSum: 3RTTSum2: 3
TokyoASA1# debug sla monitor ?
error Output IP SLA Monitor Error Messages trace Output IP SLA Monitor Trace Messages
TokyoASA1# debug sla monitor trace
TokyoASA1# IP SLA Monitor(33) Scheduler: Starting an operation
IP SLA Monitor(33) echo operation: Sending an echo operation
IP SLA Monitor(33) echo operation: RTT=0 OK
IP SLA Monitor(33) echo operation: RTT=0 OK
IP SLA Monitor(33) echo operation: RTT=1 OK
IP SLA Monitor(33) Scheduler: Updating result
IP SLA Monitor(33) Scheduler: Starting an operation
IP SLA Monitor(33) echo operation: Sending an echo operation
IP SLA Monitor(33) echo operation: RTT=0 OK
IP SLA Monitor(33) echo operation: RTT=0 OK
IP SLA Monitor(33) echo operation: RTT=1 OK
And by the way it really works - when track is down the route to which it is attached magically disappeared from the routing table as should.
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.