Q&A
CISCO IOS IP SERVICE LEVEL AGREEMENTS
OVERVIEW
Q. What are Cisco IOS IP Service Level Agreements?
A. Cisco IOS IP Service Level Agreements (SLAs) is functionality to perform network performance measurement within Cisco Systems® devices. It allows Cisco customers to understand IP service levels for IP applications and services, increase productivity, lower operational costs, and reduce the frequency of network outages. Cisco IP technology and SLAs are converging and extending IP performance monitoring to be application aware, which is critical for new IP network applications such as voice over IP (VoIP), audio and video, enterprise resource management (ERP), customer relationship management (CRM), material requirements planning (MRP), and VPN. SLA measurements within an IP network must be end to end, embedded for accuracy, flexibility, and cost-effectiveness. Cisco IOS IP SLAs uses unique service-level assurance metrics and methodology to provide highly accurate, precise service-level assurance measurements. It allows the user to verify service guarantees, increases network reliability by validating network performance, proactively identifies network issues, and eases the deployment of new IP services.
Cisco IOS IP SLAs uses active traffic monitoring-the generation of traffic in a continuous, reliable, and predictable manner-for measuring network performance. Cisco IOS IP SLAs actively sends data across the network to measure performance between multiple network locations or across multiple network paths. It uses the timestamp information to calculate performance metrics such as jitter, latency, network, and server response times, packet loss, and mean opinion score.
Q. How can Cisco customers use Cisco IOS IP SLAs?
• Performance visibility for VoIP, video, business-critical applications, Multiprotocol Label Switching (MPLS), and VPN networks
• Service-level agreement monitoring
• Network performance monitoring
• IP service network health readiness or assessment
• Edge-to-edge network availability monitoring
• Business-critical applications performance monitoring
• Network operation troubleshooting
Q. What benefits will customers realize with Cisco IOS IP SLAs?
• Enables customers to deploy new applications and services with complete confidence. Performance visibility, reduced deployment time for new applications, enhanced acceptance of business-critical services, and proactive identification of issues enforce higher reliability.
• Verifies and monitors quality of service (QoS) and differentiates service levels.
• Creates higher end-user confidence and satisfaction.
• Continuously, reliably, and predictably measures network performance.
Q. Why is Cisco IOS IP SLAs unique in the market?
A. SLAs measurement has been available for many years, but the combination of IP services, end-to-end measurement, and application awareness is unique to Cisco and better than the traditional approach. This traditional SLA is a fixed circuit and point to point, in no way indicative of the end-to-end experience of the end user and the user's IP application.
Q. What is a service-level agreement?
A. A service-level agreement (SLA) is a contract between the network provider and its customers, or between an IT department and internal corporate customers. It provides a form of guarantee to customers with regard to the level of user experience.
Typically, an SLA contains the following levels of guarantee:
• Network availability (for example, 99 percent of the time)
• Network performance (for example, the round-trip delay is less than three seconds 95 percent of the time)
• Latency, jitter, packet loss, Domain Name System (DNS) lookup time, and Website response time
• Help desk hours (for example, 24 hours a day)
• Trouble response time (for example, within three hours)
• Resolution time (for example, within one day)
• Reimbursement schedule if any of the thresholds is violated
Q. Is Cisco IOS IP SLAs an IETF standard?
A. Work is under way, and standardization is planned. Many of the protocols used by IP SLAs are currently IETF standards.
Q. What Cisco hardware supports Cisco IOS IP SLAs?
A. Other than the Cisco Catalyst® 4500 Series Switch, all Cisco hardware that runs Cisco IOS Software supports Cisco IOS IP SLAs.
Q. How do customers benefit from providing SLAs to their customers?
A. The network has become increasingly critical for customers, and any downtime or degradation can adversely impact revenue. Companies need some form of predictability with regard to IP services, regardless of the cost. An SLA provides well-defined expectations for the provider of the SLA and a customer. The IT department can use the SLAs to verify that the service provider is meeting its own SLAs and will thus induce payback for violations. Service providers experience higher profit margins, enhanced customer satisfaction and retention, and better competitive position. The IT department has the capability to define service levels for critical business applications. Its effectiveness is largely judged by network efficiency and user experience. An SLA can also be used as the basis for planning budgets and justifying network expenditures. Administrators can ultimately reduce the mean time to repair by proactively isolating network issues. They can change the network configuration based on optimized performance metrics.
MEASUREMENTS AND CALCULATIONS
Q. What type of measurements can Cisco IOS IP SLAs perform?
Table 1. Cisco IOS IP SLAs Operations and Applications
Q. What applications from Cisco and other companies use Cisco IOS IP SLAs measurements?
A. Many of the major performance-monitoring applications used in networks support Cisco IOS IP SLAs. When a third-party application uses Cisco IOS IP SLAs to collect or configure measurements, it generally uses Simple Network Management Protocol (SNMP) for the interface.
For additional information, please visit www.cisco.com/go/ipsla/.
GENERAL INFORMATION
Q. What is Cisco IOS IP SLAs Responder?
A. When a Cisco Router has been designated to reply to Cisco IOS IP SLAs test packets, configuring it to be a Cisco IOS IP SLAs Responder provides greater accuracy in the measurements. The responder can utilize MD5 authentication for securing the control protocol exchange.
After the initial exchange, the responder can listen to Cisco IOS IP SLAs test packets in the port requested by the Cisco IOS IP SLAs source. Upon receiving the test packets, it captures the timestamps when the packets arrive, as well as when the replies leave. These timestamps help the Cisco IOS IP SLAs source to make accurate assessments on one-way delay and the processing time in the target routers.
Cisco IOS IP SLAs Responder can be enabled for the following operations:
• UDP Echo
• UDP Jitter
• TCP Connect
• Application Performance Monitor
Q. How can Cisco IOS IP SLAs troubleshoot the network?
A. Cisco IOS IP SLAs can be configured with thresholds. When the performance level crosses the thresholds, Cisco IOS IP SLAs can generate SNMP traps to notify applications. This helps to detect a potential problem.
Additionally, a network administrator can obtain hop-by-hop performance information using Cisco IOS IP SLAs ICMP Path Echo and Path Jitter operations. This isolates any performance bottleneck.
Q. What is a dedicated (shadow) SLAs router? What are the benefits?
A. The dedicated or SLAs router is used exclusively for Cisco IOS IP SLAs operations and is connected to the edge routers to simulate the customer network traffic. It is typically a Cisco 2600, 2800, 3700, 3800, or 7200 Series Router. SLAs routers are particularly useful for point-of-presence (POP) or hub sites to gain access to router monitoring, which requires thousands of Cisco IOS IP SLAs operations. The number of dedicated routers will scale with the number of access routers that Cisco IOS IP SLAs is monitoring.
A dedicated router reduces the resource impact on primary routers. It enables the upgrade of Cisco IOS IP SLAs features without affecting normal operations and is independent from Cisco IOS Software images in the production network.
Q. How can Cisco IOS IP SLAs monitor different classes of services?
A. Cisco IOS IP SLAs can be configured to monitor different classes of services, if the differentiated services code point (DSCP) bits are configured with the TOS command.
This command is supported by all Cisco IOS IP SLAs operations. The feature is available in Release 12.2T and all subsequent releases.
Q. How is round-trip delay calculated?
A. This represents the time between sending the test packet and receiving a reply, subtracting the processing time on the source and end routers. Round-trip delay is calculated by recording the timestamps.
The processing time on the end routers is only assessed for operations that involve the responder, which will increase the accuracy of round trip time measurements as compared to traditional ICMP ping measurements.
Q. How is one-way delay calculated?
A. One-way delay is the time delta of the time the test packet goes out and the time when the test packet arrives at the responder.
The UDP Jitter Operations are the only operations that can compute one-way delay measurement. The end router must enable the Cisco IOS IP SLAs responder, as well as the time-synchronization of the source and end routers. The time synchronization is usually implemented with network time protocol (NTP) and an accurate reference clock for timing.
Q. How is jitter calculated?
A. Jitter is the variance of delay. The Cisco IOS IP SLAs jitter operation sends out multiple packets with equal time spacing between each interval. The jitter is then calculated as the variance of the round-trip delay measurements. One-way jitter is possible using without time synchronization of the clocks.
UDP Jitter and ICMP Path Jitter operations can measure jitter. The minimum number of packets for measuring jitter is three; however, ten is the default, with twenty ms time spacing.
Q. How can measurement information be retrieved from Cisco IOS IP SLAs?
A. The measurement can be retrieved using Cisco IOS Command Line Interface (CLI) or SNMP. The measurements are stored in the RTTMON MIB. The SNMP MIB is available at: http://tools.cisco.com/ITDIT/MIBS/servlet/index
Q. How granular are Cisco IOS IP SLAs measurements?
A. Submillisecond (ms) accuracy is available.
Q. Why does the UDP Jitter operation obtain more accurate measurements than operations based on Internet Control Message Protocol (ICMP)?
A. The UDP Jitter operation uses the responder that provides information on the processing delay in the end router. It then subtracts that information from both the one-way and round-trip measurements. Tests have shown that processing delay for a router under load can produce large inaccuracies when using ICMP. The tests show inaccuracy by as much as 30 times the actual delay measurement.
Q. What methods are available to monitor service-level performance?
A. There are two primary dimensions to performance monitoring: where and how the measures are completed.
A measurement may reside in a dedicated appliance. This approach allows network providers to monitor a given link by deploying hardware-based probes next to both the source and target routers. While it is feasible to monitor performance between a limited number of routers, it is cost prohibitive to monitor hub-to-CPE, as the number of CPEs tends to be large.
Cisco IOS IP SLAs is embedded in Cisco IOS Software. By including the measurement capabilities in the router, the Cisco IOS IP SLAs approach eliminates the need to deploy additional appliances. Therefore, there is no additional cost, training, or maintenance to deploy the solution. Since it is supported in almost all Cisco hardware, it is possible to monitor any connection. There is no additional appliance to deploy and therefore no additional cost.
Q. To what extent does Cisco IOS IP SLAs impact CPU utilization or memory?
A. As Cisco IOS IP SLAs is a software-based measurement, it does consume CPU usage and memory.
Table 2 illustrates the CPU usage based on 2,000 active operations, activated sequentially. The data generated per operation is 10 packets of 64 byte sizing, with 20ms spacing using the IP SLAs jitter operation. The data represents four destinations, activated per one second versus percentage of CPU usage in a 12.4 Cisco IOS release.
Table 2. Cisco IOS IP SLAs CPU Usage
The memory used per Cisco IOS IP SLAs operation does vary with different Cisco IOS Software releases.
Table 3. Cisco IOS IP SLAs Memory Usage
Q. What MIB should I use for IP SLAs, and where do I find it?
A. Use the RTTMON-MIB: ftp://ftp.cisco.com/pub/mibs/v2/CISCO-RTTMON-MIB.my
Q. What debug commands can be run for troubleshooting?
A. On a source router, run "debug ip sla trace" and "debug ip sla error". Further information is available in the IOS documentation: www.cisco.com/go/ipsla/
Q. What is a good deployment guide for Cisco IOS IP SLAs?
A. For deployment information, please see the Cisco IOS IP SLAs user guide at www.cisco.com/go/ipsla/.
THRESHOLDS
Q. What is the benefit of setting thresholds?
A. Setting a threshold allows network administrators to remotely monitor network performance. If the threshold is violated, Cisco IOS IP SLAs generates an SNMP trap to the application.
Q. What conditions or thresholds can be set in Cisco IOS IP SLAs for SNMP traps?
A. Cisco IOS IP SLAs can generate SNMP traps for timeout, threshold violation, loss of connection, and data verification error (the data in source packet and reply are not the same). Available thresholds include round trip delay, average jitter, and connection loss and for one-way jitter, packet loss and latency, and MOS VoIP scoring.
SECURITY
Q. How secure is Cisco IOS IP SLA?
A. The Cisco IOS IP SLAs control protocol can be configured with MD5 authentication.
Q. What is the control protocol used to secure Cisco IOS IP SLAs?
A. The Cisco IOS IP SLAs control protocol is a proprietary protocol for initial exchange between the Cisco IOS IP SLAs source and the responder. With this exchange, the Cisco IOS IP SLAs source can specify which port the responder should listen to for a particular operation.
Note that this port is capable of listening to multiple operations, and will thus be disabled after the operation is completed.
CONFIGURATION AND OPERATION INFORMATION
Q. Can configuration variables be changed while the operation is running?
A. Configuration parameters cannot be changed while the operation is running, as it would adversely impact the data storage. It is therefore recommended to configure an `ageout' in the `ip sla schedule' command, if operations may be changed in the future.
Q. How can an operation be stopped once it has been configured to run "forever"?
A. This is not possible, so it is advisable to configure a specific time, rather than "forever".
Example:
*ip sla 1
icmp-echo ip 10.2.20.20
frequency 3600
ip sla schedule 1 start-time 12:00 life 864000
In this example, the operation will run for ten days.
* The phase 1 implementation of the CLI is available in Cisco Software IOS Release 12.4M. The IP SLAs CLI described will be implemented in three phases across Cisco Software IOS Release 12.4T releases.
Q. How does Cisco IOS IP SLAs account for processing delay in the routers?
A. The delay in the source router is always eliminated, while the delay in the end router is only eliminated when the responder is used. Therefore, measurements such as UDP Jitter, TCP Contect, and UDP Echo benefit by using the enhanced accuracy of the responder. .
Q. What processing delay does Cisco IOS IP SLAs remove?
A. There are three processing delays in both the source and the destination routers:
• Ingress Queue: time from when the packet arrives at the router until Cisco IOS IP SLAs receives it
• Cisco IOS IP SLAs Processing: time it takes for Cisco IOS IP SLAs to process the packet
• Egress Queue: time from when the packet leaves Cisco IOS IP SLAs until it is physically sent
Cisco IOS IP SLAs takes out the ingress queuing time and the Cisco IOS IP SLAs processing time in the source. If the Cisco IOS IP SLAs operation involves the responder, then the ingress queuing time and the responder processing time in the destination are also removed.
Q. How can the CLI statistics for the UDP Jitter operation be interpreted?
A. The show ip sla statistics command displays the current state of the Cisco IOS IP SLAs operation. The following is a show output example for the UDP Jitter operation, and the explanation:
Router#sh ip sla statistics 15
Round trip time (RTT) Index 15
Latest RTT: 1 ms
Latest operation start time: *05:43:28.720 UTC Fri May 28 2004
Latest operation return code: OK
Round Trip Time milliseconds
Number Of RTT: 10
RTT Min/Avg/Max: 1/1/1
Latency one-way time milliseconds
Number of one-way Samples: 0
Source to Destination one way Latency Min/Avg/Max: 0/0/0
Destination to source one way Latency Min/Avg/Max: 0/0/0
Jitter time milliseconds
Number of Jitter Samples: 9
Source to Destination Jitter Min/Avg/Max: 20/20/23
Destination to Source Jitter Min/Avg/Max: 0/0/0
Packet Loss Values
Loss Source to Destination: Loss Destination to Source: 0
Out Of Sequence: 0 Tail Drop: 0 Packet Late Arrival: 0
Number of successes: 1
Number of failures: 0
Operation time to live: 3567 sec
* The phase 1 implementation of the CLI is available Cisco IOS Software Release 12.4M. The IP SLAs CLI described will be implemented in three phases across Cisco IOS Software Release 12.4T releases.
Q. Is there any limit to the number of operations that can be configured on a router?
A. The number of operations is limited only by memory and CPU consumption.
Q. How can the operations supported on a router, as well as the current Cisco IOS Software release, be identified?
A. Enter show ip sla application, and the output will list the supported operations.
Q. If continuous monitoring of a link is necessary, what is the best time interval between operations?
A. That depends on the necessary frequency of monitoring. Cisco IOS IP SLAs does consume CPU and memory. Most deployments use five-minute intervals, but some have spacing of as little as one, or as much as fifteen, minutes.
Q. What are the default port number and type of proxy server for HTTP probes?
A. The default port number for HTTP is 80. The proxy server type is unspecified.
Q. What is the port number for the UDP Echo operation?
A. The default port number for UDP Echo is 7.
Q. Why are the One-Way Delay values zero in the output of show commands?
A. There must be time synchronization between the source and the target.
Cisco IOS IP SLAs calculates whether or not the one-way delay is reasonable. If the sum of the source-destination and destination-source times is within ten percent of the round-trip time, keep the one-way values, presuming that the clocks are synchronized accurately.
Note: If the round-trip time is very small, it is more likely to be outside of the ten percent range.
If the network is running NTP to provide clock to the source and destination, use the "show ntp status" command to check.
Q. Why are FTP probes unable to find the configured files?
A. The file name portion of the URL is unique in this situation.
Example 1:
• URL: ftp://user:pass@server/some/file.txt
• The file the router is trying to access in reality is:
/home/user/some/file.txt (assuming /home/user is the home directory)
Example 2:
• URL syntax:
ftp://user:pass@server//some/file.txt
• File is accessed by its absolute path, rather than its relative path. Note the two slashes. This will retrieve the file /some/file.txt.
Q. What does the output "Latest Operation Return Code: timeout" mean in a show command?
Router#sh ip sla statistics 15
Round trip time (RTT) Index 15
Latest RTT: 1 ms
Latest operation start time: *05:43:28.720 UTC Fri May 28 2004
Latest operation return code: Timeout
.....
The response for the operation packet did not come in the expected time. The default timeout is five seconds for an echo operation. If a target device is down, or the reply comes after five seconds due to network congestion, it will be considered a timeout.
