Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
3
Replies

Nexus 9K IP SLA Config Support

rahulsfsf
Level 1
Level 1

‎04-13-2020 06:06 AM

Hi Team,

 

Can you pls confirm if we need to match copp policying for IPSLA ? for the ports defined in the config?

 

Regards,

Rahul

Labels:
0 Helpful
3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-13-2020 06:44 AM

Hi Rahul,

By default, you do not need to configure any additional CoPP policy for IP SLA, since it will match anyway on the default policy.

However, if you are using IP SLA at a large scale, you will need to configure a new copp policy to avoid drops.

'''

The following CoPP configuration example allows IP SLA packets to pass through. It assumes destination ports and source ports in the range of 6500-7000. In this example, if “insert-before” is not specified, "copp-ipsla" will be added after “class-default.”

'''

ip access-list acl-sla-allow
  10 remark ### ALLOW SLA control packets from 1.1.1.0/24
  20 permit udp 1.1.1.0/24 any eq 1967
  30 remark ### ALLOW SLA data packets from 1.1.1.0/24 using ports 6500-7000
  40 permit udp 1.1.1.0/24 any range 6500 7000

class-map type control-plane match-any copp-ipsla
  match access-group name acl-sla-allow

policy-map type control-plane Custom-copp-policy-strict
    class copp-ipsla insert-before Custom-copp-class-l2-default
    police cir 1500 kbps 

control-plane
  service-policy input Custom-copp-policy-strict

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/ip-sla/configuration/guide/b-nexus-9000-series-nx-os-ip-slas-configuration-guide-93x/b-nexus-9000-series-nx-os-ip-slas-configuration-guide-93x_chapter_0101.html#concept_F5023D... 

 

Cheers,

Sergiu

0 Helpful

rahulsfsf
Level 1
Level 1
In response to Sergiu.Daniluk

‎04-14-2020 03:35 AM

Hi Sergiu, Thanks for the reply.

We have the below config on our device, I could see the SLA operation is unsuccessful. 

No Firewall or routing issues in between, all good

DC1-SW1#
ip sla 100
udp-jitter 192.168.73.144 58010 source-ip 192.168.163.1 codec g711alaw
timeout 10000
ip sla schedule 100 life forever start-time now
ip sla 200
udp-jitter 192.168.73.144 58020 source-ip 192.168.163.1
timeout 10000
ip sla schedule 200 life forever start-time now

############################################

DC2-SW1#

NXOS: version 7.0(3)I5(2)
feature sla responder
ip sla responder udp-echo ipaddress 192.168.163.1 port 58010
ip sla responder udp-echo ipaddress 192.168.163.1 port 58020

 

Regards,

Raghul

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to rahulsfsf

‎04-15-2020 12:33 AM

Maybe you can check the debug (debug ip sla responder all), and see if the ip sla process receives the packets. If you do not see anything generated by debug, then it means there is no connection. In this case you should try configuring a copp class for IP SLA.

 

Regards,

Sergiu

 

0 Helpful
Customers Also Viewed These Support Documents