Thursday, November 15, 2007

Cisco IOS: IP SLA monitor to monitor DMVPN


Can I use IP SLA to monitor DMVPN


This may be a very useful tool to use for troubleshooting general VPN issues where infrastructure IP delivery may be unreliable. What this does is to have the router send out periodic ip sla probes, in this case udpecho packets as they are not as likely to be dropped as pings, to the peer (say DMVPN Hub for example) outside of the tunnel. So it's like any-to-any ip keepalives. The probes are tied to EEM via either a track object or SNMP MIB to send notification messages to the syslog, so you'd see something like this:


Jul 12 14:21:02.159: %HA_EM-6-LOG: ipsladown: IP SLA probe failed!
Jul 12 14:22:27.159: %HA_EM-6-LOG: ipslaup: IP SLA probe came up!


Download the config to enable this from here: Config





12.4 using EEM triggered on SNMP MIB
====================================

initiator
---------
ip sla monitor 10
 type udpEcho dest-ipaddr 14.1.23.46 dest-port 1501 source-ipaddr 14.1.21.146 source-port 1501 control disable
 timeout 1000
 frequency 5
ip sla monitor schedule 10 life forever start-time now
!
snmp-server community public RO
!         
event manager applet ipsladown 
 event snmp oid rttMonCtrlOperTimeoutOccurred.10 get-type exact entry-op eq entry-val 1 exit-op eq exit-val 2 poll-interval 5
 action 1.0 syslog msg "IP SLA probe failed!"
event manager applet ipslaup 
 event snmp oid rttMonCtrlOperTimeoutOccurred.10 get-type exact entry-op eq entry-val 2 exit-op eq exit-val 1 poll-interval 5
 action 1.0 syslog msg "IP SLA probe came up!"
!


responder
---------
ip sla monitor responder
ip sla monitor responder type udpEcho ipaddress 14.1.23.46 port 1501


12.4T using EEM triggered on SNMP MIB
=====================================

initiator
---------
ip sla 10
 udp-echo 14.1.23.46 1501 control disable
 timeout 1000
 frequency 5
ip sla schedule 10 life forever start-time now
snmp-server community public RO
!
event manager applet ipsladown 
 event snmp oid rttMonCtrlOperTimeoutOccurred.10 get-type exact entry-op eq entr
y-val 1 exit-op eq exit-val 2 poll-interval 5
 action 1.0 syslog msg "IP SLA probe failed!"
event manager applet ipslaup 
 event snmp oid rttMonCtrlOperTimeoutOccurred.10 get-type exact entry-op eq entr
y-val 2 exit-op eq exit-val 1 poll-interval 5
 action 1.0 syslog msg "IP SLA probe came up!"
!

responder
---------
ip sla responder
ip sla responder udp-echo ipaddress 14.1.23.46 port 1501


12.4T using track object
========================

initiator
---------
track 1 rtr 10
! 
ip sla 10
 udp-echo 14.1.23.46 1501 source-ip 14.1.21.146 source-port 1501 control disable
 timeout 1000
 frequency 5
ip sla schedule 10 life forever start-time now
!
event manager applet ipsladown 
 event track 1 state down
 action 1.0 syslog msg "IP SLA probe failed!"
event manager applet ipslaup 
 event track 1 state up
 action 1.0 syslog msg "IP SLA probe came up!"


responder
---------
ip sla responder
ip sla responder udp-echo ipaddress 14.1.23.46 port 1501





Posted by at
Labels: