[sdnog] IP SLA and SPAN overview

wadah khalid engwada7 at gmail.com
Sat Apr 1 13:21:48 SAST 2017

[ IP SLA and SPAN ]  Overview

eng. Wadah A Osman .

SLA is a service level agreement between the enterprise and ISP which
states the type of services and amount of availability for a service on
time .

IP SLA is a router feature which can be configured on the router to
generate same traffic that requires that service and also provide
statistics about jitter packet loss and round trip time .
Engineer can use these information to generate reports about network
statistics also kbowing if problems happen with the service .

Basic IP SLA probe is ICMP-echo probe

ICMP-echo probe provide two basic important informations about round rip
time RRT also the return code

RRT means the time that the packet takes to be sent and recived by the same
interface .

Configuring basic ICMP-echo probe

#ip SLA 1
#icmp-echo [destination addess] source-ip [ip address] .
#frequency 60
#history filter all
#ip sla schedule 1 life forever start-time now

The last command defines the schedule to until when this SLA will be
operate and its configured as forever , which means until the engineer
issue #no ip SLA schedule 1 ,  and when to start as configured now .

Displaying the gathered informations by this sla by showing that sla
summery #show ip sla  summery provides RRT and Return codes while #show ip
sla statistics 1 provide informations about number of success and failures
each time .


Switched port analyzer

This utility allow monitoring for layer 2 ports rather than IP SLA which
used for layer 3 .

The idea behind the SPAN is to allocate a software/hardware analyzer to
analyze traffic within switched network / intrusion prevention systems IPS .

The concept is to make a copy of each transmitted neither received frame on
a specified interface and send them to a pre defined interface where the
analyzer resides .

SPAN can work on access , trunk and etherchannel ports as well . Once it's
configured the port will stop learning MAC addresses on that interface .

Configuring Local SPAN ,

While local SPAN analyze the traffic locally ( mean the SPAN source port
and destination port on the same switch ) .

RSPAN or Remote SPAN allow sending Ethernet copies to the analyzer through
the switched networks either through trunk interface or Encapsulation into
GRE tunnel .

#monitor session 1 source interface gig0/1 [tx - rx - both]

Tx means capturing the frames when transmitted from the switch through that
interface while rx means capturing frames when received by the switch on
that interface .
The command also support both as when transmitted or received .

Also SPAN can be implemented on VLAN

#monitor session 2 source  VLAN 20 both

Means capturing traffic on both directions for VLAN 20 .

#monitor session 1 destination interface gig0/0

Setting up the destination interface where the analyzer resides .

Note :
- each monitor session should have only one destination interface .

- an interface can not be as a source and destination at the same time for

#show monitor session all , displays informations about all sessions .

#show monitor sessio detail , provides informations about each session
separately .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20170401/31c5f527/attachment.html>

More information about the sdnog mailing list