- Nile unwraps NaaS security features for enterprise customers
- Get these premium Sony Bravia home theater speakers for $500 off during Black Friday
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- One of the best pool-cleaning robots I've tested is $450 off for Prime Day
- Apple's M2 MacBook Air is on sale for $749 for Black Friday
IP SLA with Object Tracking and Automatic Preempting in MPLS TE
Original post # https://rekrowten.wordpress.com/2012/10/19/ip-sla-with-object-tracking-and-automatic-preempting-in-mpls-te-part-5/
IP SLA was described in this post. Some of the examples were provided here. This post showed an option, where IP SLA was used to monitor static routes and preempting them. Today’s post will be similar to that one. Today I am monitoring MPLS TE tunnels and dynamically preempting to backup path, when certain threshold in IP SLA probe is met. Good example on how to monitor network and dynamically and automatically reroute traffic to backup path without any administrator intervention.
Here is diagram.
Dummy router is incapable of routing. It is pure host.
Between R1 and R2 routers, I run LDP (MPLS), IS-IS as routing protocol, RSVP and MPLS TE is enabled on interfaces between R1 and R2. Two TE tunnels are configured on R1. One is taking primary path via 192.168.12.2 and secondary tunnel is taking path via 172.16.12.2. Tunnel with primary path has metric lowered by 2 and secondary tunnel has metric lowered by 1. This assures that tunnel 0 has best metric and is used. In case of failure, tunnel 1 is used. In case of both tunnels are down, traditional routing is used (IS-IS chooses best path).
IP SLA probe is monitoring IP 200.0.0.1 by ICMP echo type. Frequency is every 10 seconds and threshold is only 20 ms. Timeout is set to default 5000 ms. That means that probe should be received within 5000 ms, but everything above 20 ms is considered as failed and preemption on tracked object is initiated. If tracked object is failed and positive result from IP SLA probe is received, preemption is delayed for 30 seconds. In other words, 3 probes must be successful in a row to make preemption back. As you can see, I can reach 200.0.0.1 via static routing. Tunnel 0 has best administrative distance and is monitored by object tracking, which is driven by IP SLA probe. In case of failure, tunnel 1 (backup path) is used. If physical interface fails, IS-IS detects failure and tunnel 0 fails. IP SLA probes will continue anyway, but result doesn’t matter as tunnel 1 is used anyway.
TE tunnels use autoroute option, metric change, and explicit path. Please, read corresponding MPLS TE posts or the whole series on this topic.
Configuration
Here are configs:
Dummy:
hostname Dummy ! no ip routing ! interface FastEthernet0/0 ip address 192.168.0.2 255.255.255.0
R1:
hostname R1 ! ip sla monitor 2 type echo protocol ipIcmpEcho 200.0.0.1 threshold 20 frequency 10 ip sla monitor schedule 2 life forever start-time now ! mpls traffic-eng tunnels ! track 1 rtr 2 delay up 30 ! interface Loopback0 ip address 192.168.1.1 255.255.255.255 ip router isis ! interface Tunnel0 ip unnumbered Loopback0 tunnel destination 200.0.0.1 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng autoroute metric relative -2 tunnel mpls traffic-eng path-option 10 explicit name PRIMARY no routing dynamic ! interface Tunnel1 ip unnumbered Loopback0 tunnel destination 200.0.0.1 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng autoroute metric relative -1 tunnel mpls traffic-eng path-option 10 explicit name SECONDARY no routing dynamic ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip router isis ! interface FastEthernet0/1 ip address 192.168.12.1 255.255.255.0 ip router isis mpls ip mpls traffic-eng tunnels ip rsvp bandwidth ! interface FastEthernet1/0 ip address 172.16.12.1 255.255.255.0 ip router isis mpls ip mpls traffic-eng tunnels ip rsvp bandwidth ! router isis net 49.0000.0000.0000.0001.00 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! ip route 200.0.0.1 255.255.255.255 Tunnel0 5 track 1 ip route 200.0.0.1 255.255.255.255 Tunnel1 6 ! ip explicit-path name PRIMARY enable next-address 192.168.12.2 ! ip explicit-path name SECONDARY enable next-address 172.16.12.2
R2:
hostname R2 ! ip sla monitor responder ! mpls traffic-eng tunnels ! interface Loopback0 ip address 200.0.0.1 255.255.255.255 ip router isis ! interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 ip router isis mpls ip mpls traffic-eng tunnels ip rsvp bandwidth ! interface FastEthernet0/1 ip address 172.16.12.2 255.255.255.0 ip router isis mpls ip mpls traffic-eng tunnels ip rsvp bandwidth ! router isis net 49.0000.0000.0000.0002.00 metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1 ! ip route 192.168.0.0 255.255.255.0 FastEthernet0/1
This is how it looks, when everything is working fine.
R1#sh ip ro Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.12.0/24 is directly connected, FastEthernet0/1 200.0.0.0/32 is subnetted, 1 subnets S 200.0.0.1 is directly connected, Tunnel0 172.16.0.0/24 is subnetted, 1 subnets C 172.16.12.0 is directly connected, FastEthernet1/0 C 192.168.0.0/24 is directly connected, FastEthernet0/0 192.168.1.0/32 is subnetted, 1 subnets C 192.168.1.1 is directly connected, Loopback0 R1# R1#sh ip sla monitor st Round trip time (RTT) Index 2 Latest RTT: 9 ms Latest operation start time: *00:12:22.631 UTC Fri Mar 1 2002 Latest operation return code: OK Number of successes: 55 Number of failures: 7 Operation time to live: Foreve
Now I will increase load, so I make worse RTT for a moment.
R1#sh ip sla monitor st Round trip time (RTT) Index 2 Latest RTT: 187 ms Latest operation start time: *00:12:32.631 UTC Fri Mar 1 2002 Latest operation return code: Over threshold Number of successes: 56 Number of failures: 7 Operation time to live: Forever R1# *Mar 1 00:12:33.675: %TRACKING-5-STATE: 1 rtr 2 state Up->Down
RTT is over threshold (20 ms). Tracked object failed. Let’s confirm.
R1#sh track Track 1 Response Time Reporter 2 state State is Down 4 changes, last change 00:00:10 Delay up 30 secs Latest operation return code: Over threshold Latest RTT (millisecs) 27 Tracked by: STATIC-IP-ROUTING 0
Change in routing is expected. Now, we should route via tunnel 1.
R1#sh ip ro Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.12.0/24 is directly connected, FastEthernet0/1 200.0.0.0/32 is subnetted, 1 subnets S 200.0.0.1 is directly connected, Tunnel1 172.16.0.0/24 is subnetted, 1 subnets C 172.16.12.0 is directly connected, FastEthernet1/0 C 192.168.0.0/24 is directly connected, FastEthernet0/0 192.168.1.0/32 is subnetted, 1 subnets C 192.168.1.1 is directly connected, Loopback0
There are few over threshold IP SLA probe responses.
R1#sh ip sla monitor st Round trip time (RTT) Index 2 Latest RTT: 27 ms Latest operation start time: *00:12:42.631 UTC Fri Mar 1 2002 Latest operation return code: Over threshold Number of successes: 57 Number of failures: 7 Operation time to live: Forever R1#sh ip sla monitor st Round trip time (RTT) Index 2 Latest RTT: 21 ms Latest operation start time: *00:12:52.631 UTC Fri Mar 1 2002 Latest operation return code: Over threshold Number of successes: 58 Number of failures: 7 Operation time to live: Forever
Finally, RTT is back in threshold. Tracked object remains down for 30 seconds. If RTT increases above threshold, delay on tracked object is reset and no preemption occurs. RTT must be under threshold for at least 30 seconds to make preemption back to tunnel 0. Routing via tunnel 1 remains until preemption.
R1#sh ip sla monitor st
Round trip time (RTT) Index 2
Latest RTT: 12 ms
Latest operation start time: *00:13:02.631 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 59
Number of failures: 7
Operation time to live: Forever
R1#sh track
Track 1
Response Time Reporter 2 state
State is Down, delayed Up (21 secs remaining)
4 changes, last change 00:00:38
Delay up 30 secs
Latest operation return code: Over threshold
Latest RTT (millisecs) 21
Tracked by:
STATIC-IP-ROUTING 0
R1#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, FastEthernet0/1
200.0.0.0/32 is subnetted, 1 subnets
S 200.0.0.1 is directly connected, Tunnel1
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.12.0 is directly connected, FastEthernet1/0
C 192.168.0.0/24 is directly connected, FastEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
C 192.168.1.1 is directly connected, Loopback0
RTT is below threshold for 30 seconds, preemption occurs back to tunnel 0. Here is confirmation.
R1#sh ip sla monitor st
Round trip time (RTT) Index 2
Latest RTT: 3 ms
Latest operation start time: *00:15:32.631 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 74
Number of failures: 7
Operation time to live: Forever
R1#
*Mar 1 00:15:33.679: %TRACKING-5-STATE: 1 rtr 2 state Down->Up
R1#sh track
Track 1
Response Time Reporter 2 state
State is Up
5 changes, last change 00:00:04
Delay up 30 secs
Latest operation return code: OK
Latest RTT (millisecs) 3
Tracked by:
STATIC-IP-ROUTING 0
R1#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, FastEthernet0/1
200.0.0.0/32 is subnetted, 1 subnets
S 200.0.0.1 is directly connected, Tunnel0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.12.0 is directly connected, FastEthernet1/0
C 192.168.0.0/24 is directly connected, FastEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
C 192.168.1.1 is directly connected, Loopback0
Routing has changed back to tunnel 0. This was just an example. More complex and reasonable MPLS TE tunnels can be created
