Chciałem zrobić monitorowanie linku P2P z partnerem za pomocą ip sla - icmp-jitter. Obecna konfiguracja w labie wygląda tak,
i chciałbym reagować na sytuację degradacji łącza np. w przypadku 5% utraty pakietów.
Konfiguracja ip sla wygląda następująco
Kod: Zaznacz cały
ip sla 1
icmp-jitter 1.0.1.242 source-ip 1.0.1.241 num-packets 50
tos 255
threshold 1500
timeout 2000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react packetLoss threshold-value 3 2 threshold-type immediate action-type trapOnly
ip sla logging traps
Kod: Zaznacz cały
event manager applet IPSLA_1_DOWN
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 1.0 track set 1 state down
event manager applet TRACK_1_UP
event syslog pattern "IP SLAs\(1\): Threshold below"
action 1.0 track set 1 state up
Kod: Zaznacz cały
track 1 stub-object
default-state up
delay up 30
!
To co już zrobiłem to wymiana softów na C3925 oraz C7206, wymiana kabli (teraz połączenie jest na cat6e) i niestety nic.
To co ważniejsze z całej konfiguracji zamieszczam poniżej
Kod: Zaznacz cały
!
track 1 stub-object
default-state up
delay up 30
!
track 2 ip sla 1
delay up 30
!
track 3 list boolean and
object 1
object 2
!
!
!
crypto isakmp policy 1
encr aes
hash sha384
authentication pre-share
group 14
crypto isakmp key XXX address 1.0.1.242
!
!
crypto ipsec transform-set LAB-TSET esp-aes esp-sha384-hmac
mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 1.0.1.242
set transform-set LAB-TSET
match address CRYPTO_ACL-LABTST
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description OUTSIDE
ip address 1.0.1.241 255.255.255.252
ip access-group acl_in_interface in
duplex auto
speed auto
bfd interval 250 min_rx 250 multiplier 50
crypto map CMAP
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
description INSIDE
ip address 10.11.21.253 255.255.255.0
standby 1 ip 10.11.21.254
standby 1 priority 110
standby 1 preempt
duplex auto
speed auto
!
router bgp 65000
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
network 2.2.2.3 mask 255.255.255.255
network 3.3.3.0 mask 255.255.255.0
neighbor 1.0.1.242 remote-as 65001
neighbor 1.0.1.242 password XXX
neighbor 1.0.1.242 fall-over bfd
neighbor 1.0.1.242 soft-reconfiguration inbound
neighbor 1.0.1.242 route-map PART-IN in
neighbor 1.0.1.242 route-map PART-OUT out
neighbor 10.11.21.252 remote-as 65000
neighbor 10.11.21.252 next-hop-self
neighbor 10.11.21.252 route-map LOC-OUT out
!
ip route 2.2.2.2 255.255.255.255 10.11.21.1
ip route 2.2.2.3 255.255.255.255 10.11.21.1
ip route 3.3.3.0 255.255.255.0 10.11.21.1
!
ip access-list standard LOC-SUBNET
permit 2.2.2.2
permit 2.2.2.3
permit 3.3.3.0 0.0.0.255
ip access-list standard PART-SUBNET
permit 4.4.4.0 0.0.0.255
permit 4.4.0.0 0.0.255.255
!
ip access-list extended CRYPTO_ACL-LABTST
permit ip host 2.2.2.2 4.4.4.0 0.0.0.255
permit ip host 2.2.2.2 5.5.0.0 0.0.255.255
permit ip host 2.2.2.3 4.4.4.0 0.0.0.255
permit ip host 2.2.2.3 5.5.0.0 0.0.255.255
permit ip 3.3.3.0 0.0.0.255 4.4.4.0 0.0.0.255
permit ip 3.3.3.0 0.0.0.255 5.5.0.0 0.0.255.255
ip access-list extended acl_in_interface
permit tcp any any eq 3784
permit tcp any any eq 3785
permit udp any any eq 3784
permit udp any any eq 3785
permit tcp any any eq bgp
permit icmp any any
permit tcp any any eq 4500
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit esp any any
!
ip prefix-list LOC-SUBNET seq 5 permit 2.2.2.2/32
ip prefix-list LOC-SUBNET seq 10 permit 2.2.2.3/32
ip prefix-list LOC-SUBNET seq 15 permit 3.3.3.0/24
!
ip prefix-list PART-SUBNET seq 5 permit 5.5.0.0/16
ip prefix-list PART-SUBNET seq 10 permit 4.4.4.0/24
ip sla 1
icmp-jitter 1.0.1.242 source-ip 1.0.1.241 num-packets 50
tos 255
threshold 1500
timeout 2000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react packetLoss threshold-value 3 2 threshold-type immediate action-type trapOnly
ip sla logging traps
!
route-map PART-OUT permit 10
match ip address prefix-list LOC-SUBNET
!
route-map LOC-OUT permit 10
match ip address prefix-list PART-SUBNET
!
route-map PART-IN permit 10
match ip address prefix-list PART-SUBNET
set local-preference 150
!
line con 0
exec-timeout 120 0
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 120 0
login local
transport input telnet ssh
!
event manager session cli username "admin"
event manager applet IPSLA_1_DOWN
event syslog pattern "IP SLAs\(1\): Threshold exceeded"
action 1.0 track set 1 state down
event manager applet TRACK_1_UP
event syslog pattern "IP SLAs\(1\): Threshold below"
action 1.0 track set 1 state up