[sdnog] IP SLA and SPAN overview

mugahed izzeldin mugahedman at hotmail.com
Sun Apr 2 00:07:00 SAST 2017

Thank you Wadah :)

-------- Original Message --------
Subject: [sdnog] IP SLA and SPAN overview
From: wadah khalid
To: sdnog at sdnog.sd

[ IP SLA and SPAN ]  Overview

eng. Wadah A Osman .

SLA is a service level agreement between the enterprise and ISP which states the type of services and amount of availability for a service on time .

IP SLA is a router feature which can be configured on the router to generate same traffic that requires that service and also provide statistics about jitter packet loss and round trip time .
Engineer can use these information to generate reports about network statistics also kbowing if problems happen with the service .

Basic IP SLA probe is ICMP-echo probe

ICMP-echo probe provide two basic important informations about round rip time RRT also the return code

RRT means the time that the packet takes to be sent and recived by the same interface .

Configuring basic ICMP-echo probe

#ip SLA 1
#icmp-echo [destination addess] source-ip [ip address] .
#frequency 60
#history filter all
#ip sla schedule 1 life forever start-time now

The last command defines the schedule to until when this SLA will be operate and its configured as forever , which means until the engineer issue #no ip SLA schedule 1 ,  and when to start as configured now .

Displaying the gathered informations by this sla by showing that sla summery #show ip sla  summery provides RRT and Return codes while #show ip sla statistics 1 provide informations about number of success and failures each time .


Switched port analyzer

This utility allow monitoring for layer 2 ports rather than IP SLA which used for layer 3 .

The idea behind the SPAN is to allocate a software/hardware analyzer to analyze traffic within switched network / intrusion prevention systems IPS .

The concept is to make a copy of each transmitted neither received frame on a specified interface and send them to a pre defined interface where the analyzer resides .

SPAN can work on access , trunk and etherchannel ports as well . Once it's configured the port will stop learning MAC addresses on that interface .

Configuring Local SPAN ,

While local SPAN analyze the traffic locally ( mean the SPAN source port and destination port on the same switch ) .

RSPAN or Remote SPAN allow sending Ethernet copies to the analyzer through the switched networks either through trunk interface or Encapsulation into GRE tunnel .

#monitor session 1 source interface gig0/1 [tx - rx - both]

Tx means capturing the frames when transmitted from the switch through that interface while rx means capturing frames when received by the switch on that interface .
The command also support both as when transmitted or received .

Also SPAN can be implemented on VLAN

#monitor session 2 source  VLAN 20 both

Means capturing traffic on both directions for VLAN 20 .

#monitor session 1 destination interface gig0/0

Setting up the destination interface where the analyzer resides .

Note :
- each monitor session should have only one destination interface .

- an interface can not be as a source and destination at the same time for SPAN .

#show monitor session all , displays informations about all sessions .

#show monitor sessio detail , provides informations about each session separately .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20170401/4464aeae/attachment.html>

More information about the sdnog mailing list