Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2085
Views
0
Helpful
3
Replies

SLA ICMP-echo failure even though router can ping IP

jasonww04
Level 1
Level 1

‎02-12-2014 12:38 PM - edited ‎03-04-2019 10:19 PM

I'm using 64.x.x.1 as my ICMP-echo target for an SLA. The best it can do is get two replies in a row before failing. While the SLA is active, I can send 10000 pings to the same target and not lose a single one.

WTF is wrong?

track 1 ip sla 1 reachability

delay down 60 up 40

!

!

interface GigabitEthernet0/0

description LAN

ip address 172.18.8.2 255.255.255.0

ip nat inside

ip virtual-reassembly in

standby delay minimum 30 reload 60

standby version 2

standby 1 ip 172.18.8.1

standby 1 priority 115

standby 1 preempt

duplex full

speed 1000

!

interface GigabitEthernet0/0.19

description Facility

encapsulation dot1Q 19

ip address 172.19.8.3 255.255.255.0

ip nat inside

ip virtual-reassembly in

standby delay minimum 30 reload 60

standby version 2

standby 2 ip 172.19.8.1

standby 2 priority 115

standby 2 preempt

!

interface GigabitEthernet0/0.20

description Guest

encapsulation dot1Q 20

ip address 172.20.8.3 255.255.255.0

ip nat inside

ip virtual-reassembly in

rate-limit input 1024000 192000 384000 conform-action transmit exceed-action drop

standby delay minimum 30 reload 60

standby version 2

standby 3 ip 172.20.8.1

standby 3 priority 115

standby 3 preempt

!

interface GigabitEthernet0/0.23

description WAPs

encapsulation dot1Q 23

ip address 172.23.8.3 255.255.255.0

standby delay minimum 30 reload 60

standby version 2

standby 4 ip 172.23.8.1

standby 4 priority 115

standby 4 preempt

!

interface GigabitEthernet0/1

ip address 10.255.255.42 255.255.255.252

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

crypto map VPN

!

router bgp 65212

bgp log-neighbor-changes

network 172.18.8.0 mask 255.255.255.0

network 172.19.8.0 mask 255.255.255.0

network 172.20.8.0 mask 255.255.255.0

neighbor 10.255.255.41 remote-as 65112

neighbor 10.255.255.41 description Windstream Managed Router

neighbor 10.255.255.41 allowas-in

neighbor 10.255.255.41 prefix-list bgp-adv out

!

ip forward-protocol nd

!

!

ip nat inside source route-map NAT-rm interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 172.18.8.3

ip route 10.11.0.0 255.255.0.0 10.255.255.41

ip route 10.15.1.0 255.255.255.0 10.255.255.41

ip route 10.61.0.0 255.255.0.0 172.18.8.3

ip route 64.x.x.1 255.255.255.255 172.18.8.3

!

ip access-list extended NAT-ACL

deny   ip 172.18.8.0 0.0.0.255 10.11.0.0 0.0.255.255

deny   ip 172.18.8.0 0.0.0.255 10.15.1.0 0.0.0.255

deny   ip 172.18.8.0 0.0.0.255 10.61.0.0 0.0.255.255

permit ip 172.18.8.0 0.0.0.255 any

permit ip 172.19.8.0 0.0.0.255 any

permit ip 172.20.8.0 0.0.0.255 any

!

!

ip prefix-list bgp-adv seq 1 permit 172.18.8.0/24

ip prefix-list bgp-adv seq 2 permit 172.19.8.0/24

ip prefix-list bgp-adv seq 3 permit 172.20.8.0/24

ip sla auto discovery

ip sla 1

icmp-echo 64.x.x.1 source-interface GigabitEthernet0/0

frequency 20

ip sla schedule 1 life forever start-time now

!

route-map NAT-rm permit 10

match ip address NAT-ACL

Labels:
0 Helpful
3 Replies 3

JohnTylerPearce
Level 7
Level 7

‎02-12-2014 01:09 PM

Jason,

When you do your pings that work 10000 times are you using gi0/0 are your source interface for the pings?

Also can you post the results from

'show ip sla auto discovery' ?

0 Helpful

jasonww04
Level 1
Level 1
In response to JohnTylerPearce

‎02-12-2014 01:43 PM

Yes, I do source from g0/0:

cao-nj_hami1#ping 64.x.x.1 sou g0/0 repeat 10000

Type escape sequence to abort.

Sending 10000, 100-byte ICMP Echos to 64.106.227.1, timeout is 2 seconds:

Packet sent with a source address of 172.18.8.2

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (10000/10000), round-trip min/avg/max = 12/14/108 ms

cao-nj_hami1#sh ip sla auto discovery

IP SLAs auto-discovery status: Enabled

The following Endpoint-list are configured to auto-discovery:

cao-nj_hami1#

cao-nj_hami1#sh ip sla stat

IPSLAs Latest Operation Statistics

IPSLA operation id: 1

        Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: 16:42:06 EST Wed Feb 12 2014

Latest operation return code: Timeout

Number of successes: 45

Number of failures: 18

Operation time to live: Forever

cao-nj_hami1#sh track 1

Track 1

  IP SLA 1 reachability

  Reachability is Up

    118 changes, last change 00:06:21

  Delay up 40 secs, down 60 secs

  Latest operation return code: OK

  Latest RTT (millisecs) 120

0 Helpful

BautistaNicolas
Level 1
Level 1
In response to jasonww04

‎06-20-2015 09:45 AM

This happens to me quite often as well and can be extremely frustrating. What usually happens to me is that after a while of having configured icmp-echo (2-3 months), either one or two of my SLAs randomly timeout. To fix it I stop and start the SLA schedule or I reconfigure the SLA to ping a different destination. The issue must be that I'm pinging public servers such as 8.8.8.8 or 8.8.4.4. After a while Google is probably blocking or rate limiting the pings. By changing the icmp-echo destination address to a server or device that is owned by you or someone you know that doesn't rate limit should fix the issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card