IP SLA

  • IP SLA is a feature that enables a Cisco router or a switch to simulate specific types of traffic useful for analysis. Cisco IOS IP SLAs performs active monitoring by generating and analyzing traffic to measure performance either between Cisco IOS devices or from a Cisco IOS device to a remote IP device such as a network application server. 
  • IP SLA probes can simulate various types of traffic, such as HTTP, FTP, DHCP, UDP jitter, UDP echo, HTTP, TCP connect, ICMP echo, ICMP path echo, ICMP path jitter, and DNS.
  • IP SLA can report statistics such as path jitter.
  • IP SLA  has highly granular application configuration options such as TCP/UDP port numbers, TOS byte, and IP prefix bits. This is useful for measuring application performance end-to-end across your network.
  • IP SLA can also be used to track reachability and then decrement HSRP/VRRP priority values or bring up secondary links.
  • IP SLA can also be used as a measure of reliability and continuous availability.
  • Using IP SLA, SNMP traps can be generated from events such as connection loss, timeout, roundtrip time threshold, average jitter threshold, one-way packet loss, one-way jitter, and one-way latency.
  • SLAs operations can be used for troubleshooting, for problem analysis, and for designing network topologies. 

Steps to Configure an IP SLA
  • The responder can be a computer, or it can be another Cisco device. Configure the Receiver/Responder with global config command 'ip sla responder'. The Cisco IOS IP SLAs Responder is a component embedded in the destination Cisco routing device that allows the system to anticipate and respond to Cisco IOS IP SLAs request packets. The Cisco IOS IP SLAs Responder provides an enormous advantage with accurate measurements without the need for dedicated probes and additional statistics not available via standard ICMP-based measurements.
  • One benefit of using a Cisco device as the responder is that it can add timestamps to help measure latency and jitter. These timestamps take into account the device processing time so that the measurement reflects only network latency.
  • The configuration of the IP SLA source is more complex. You must create a monitor session, list the traffic type, responder IP address, and any other desired variables such as DSCP value. Then you schedule the probes. Optionally configure tracking using the IP SLA session. The following commands set up an IP SLA session that measures UDP jitter for a voice port. Traffic is sent every 120 seconds, starting when the last command is given and continues until it is manually stopped.

Tracking a Static route using IP SLA

In this example, R1 connects to a Server 2.2.2.2/32 connected behind R2 through directly connected primary link 10.10.12.0/24.

An IP SLA is configured to track the status of the primary link. In case the primary link fails, R1 should reach the Server using a backup path R1-R3-R2 path.



Two static routes are configured as below:

R1(config)#ip route 2.2.2.2 255.255.255.255 10.10.12.2 track 10   >>>>> Primary
R1(config)#ip route 2.2.2.2 255.255.255.255 10.10.13.3  20          >>>>> Secondary

The primary Static route is tracked by an IP SLA and should be used if the primary link (10.10.12.0/24) is up.
In the below config, IP SLA 1 tracks the primary link using icmp-echo packets send at a frequency of 5 seconds.

R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 10.10.12.2 source-ip 10.10.12.1
R1(config-ip-sla-echo)#frequency 5
R1(config-ip-sla-echo)#timeout 1000
R1(config)#ip sla schedule 1 life forever start-time now

R1(config)track 10 ip sla 1 reachability


R1#sh track 10
Track 10
  IP SLA 1 reachability
  Reachability is Up
    4 changes, last change 00:00:27
  Latest operation return code: OK
  Latest RTT (millisecs) 24
  Tracked by:
    STATIC-IP-ROUTING 0


R1#sh ip route track-table
 ip route 2.2.2.2 255.255.255.255 10.10.12.2 track 10 state is [up]


 R1#sh ip sla statistics
Round Trip Time (RTT) for       Index 1
Type of operation: icmp-echo
        Latest RTT: 33 ms
Latest operation start time: *21:49:39.059 UTC Wed Oct 25 2017
Latest operation return code: OK
Number of successes: 47
Number of failures: 33
Operation time to live: Forever


You can also configure Authentication b/w an IP SLA source and a Responder to impose some security. Link to understand IP SLA Authentication.

There are many other operations you can perform using an IP SLA as shown below:

R1(config)#ip sla 2
R1(config-ip-sla)#?
IP SLAs Entry configuration commands:
  dhcp             DHCP Operation
  dns               DNS Query Operation
  ethernet       Ethernet Operations
  ftp                 FTP Operation
  http               HTTP Operation
  icmp-echo    ICMP Echo Operation
  mpls              MPLS Operation
  path-echo     Path Discovered ICMP Echo Operation
  path-jitter     Path Discovered ICMP Jitter Operation
  tcp-connect   TCP Connect Operation
  udp-echo       UDP Echo Operation
  udp-jitter      UDP Jitter Operation


TCP Connect Operation

You can use the TCP Connect Operation to compute response time by measuring the time taken by the source to perform a TCP connect operation to the destination device.

If the destination or target device is a Cisco router, you can configure it as a responder in the target router (ip sla responder). If the destination device is a non-Cisco, you have to specify a well-known port number.  Below is an example of Telnet to remote server 2.2.2.2.

R1(config)# ip sla 2
R1(config-ip-sla)#tcp-connect 2.2.2.2 23 source-ip 10.10.12.1

DNS operation
Using Cisco IP SLA, DNS response time can be computed by calculating the difference between the time taken to send a DNS request and the time a reply is received. The IP SLA DNS operation queries for an IP address if the user specifies the domain name, or queries for a domain name if the user specifies an IP address.

R1(config)# ip sla 3
R1(config-ip-sla)#dns www.google.com name-server DNS source-ip 10.10.12.1

IP SLA can also be used to configure the probes for network monitoring and analysis using UDP-Jitter.

R1(config)# ip sla 4
R1(config-ip-sla)# udp-jitter 10.10.12.2 5000 source-ip 10.10.12.1 num-packets 50 interval 10
R1(config-ip-sla-jitter) tos 104
R1(config-ip-sla-jitter) timeout 1000
R1(config-ip-sla-jitter) frequency 30


Some more commands:

sh ip sla authentication
sh ip sla application
sh ip sla statistics
sh ip sla responder
sh ip sla configuration