Tracking state flapping but not visible in IP SLA

chrishogewoning · ‎04-14-2017

Hello all,

Im only a youngtimer in the Cisco world and got into a problem i dont get.

I have configured two Cisco 877 routers with IOS 12.4(24)T8 with a ADSL connection.

On the backup router i see a lot of state changes in the log.

Apr 13 16:23:27.096: %TRACKING-5-STATE: 20 ip sla 20 reachability Up->Down
Apr 13 16:23:30.081: %TRACKING-5-STATE: 20 ip sla 20 reachability Down->Up
Apr 13 21:26:51.707: %TRACKING-5-STATE: 20 ip sla 20 reachability Up->Down
Apr 13 21:26:54.707: %TRACKING-5-STATE: 20 ip sla 20 reachability Down->Up
Apr 13 23:45:08.703: %TRACKING-5-STATE: 20 ip sla 20 reachability Up->Down
Apr 13 23:45:11.704: %TRACKING-5-STATE: 20 ip sla 20 reachability Down->Up
Apr 14 04:34:38.032: %TRACKING-5-STATE: 20 ip sla 20 reachability Up->Down
Apr 14 04:34:41.033: %TRACKING-5-STATE: 20 ip sla 20 reachability Down->Up
Apr 14 10:32:23.237: %TRACKING-5-STATE: 20 ip sla 20 reachability Up->Down
Apr 14 10:32:26.238: %TRACKING-5-STATE: 20 ip sla 20 reachability Down->Up

Im not sure why this happens as i dont see the fails back when looking at the IP SLA.

BACKUP#show ip sla statistics
IPSLAs Latest Operation Statistics

IPSLA operation id: 20
Type of operation: icmp-echo
Latest RTT: 36 milliseconds
Latest operation start time: 11:12:43.779 UTC Fri Apr 14 2017
Latest operation return code: OK
Number of successes: 401
Number of failures: 1
Operation time to live: Forever

The IP SLA is configured as followed.

ip sla 20
icmp-echo 8.8.8.8 source-interface ATM0.35
frequency 5

The IP SLA 20 is combined with Track 20.

BACKUP#show track 20
Track 20
IP SLA 20 reachability
Reachability is Up
586 changes, last change 00:03:28
Delay down 2 secs
Latest operation return code: OK
Latest RTT (millisecs) 36
Tracked by:
HSRP Vlan100 100

Does any one have any idea why the track 20 has so many changes while the IP SLA only has one failed attempt?

Im not sure if more information is needed, if so let me know and i will post it.

Regards,

Chris

Georg Pauwen · ‎04-14-2017

Hello Chris,

how is the backup router connected to the other one ? Can you post the full config of both routers ?

chrishogewoning · ‎04-14-2017

Hi Georg,

The routers are connected with a unmanaged gigabit switch.

Pretty default config for testing reasons.

Backup router

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Backup_ADSL
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 52000
enable secret xxxxxxx
!
aaa new-model
!
!
aaa authentication login default enable
aaa authentication enable default enable
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
!
ip dhcp pool WiFi
 network 192.168.20.0 255.255.255.0
 default-router 192.168.20.254 
 dns-server 8.8.8.8 4.2.2.2 
 lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name BACKUP.local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username administrator privilege 15 secret xxxxxxxx
! 
!
!
archive
 log config
 hidekeys
!
!
ip ssh logging events
ip ssh version 2
!
track 20 ip sla 20 reachability
 delay down 2
!
!
!
interface Loopback1
 description SSH-ACCES
 ip address 10.11.12.13 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.35 point-to-point
 description ADSL
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 atm route-bridged ip
 pvc 0/35 
 encapsulation aal5snap
 !
!
interface FastEthernet0
 description WiFi 192.168.20.253
 switchport access vlan 20
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 description UPLINK for SWITCH HSRP
 switchport access vlan 100
!
interface Vlan1
 no ip address
!
interface Vlan20
 description WiFi
 ip address 192.168.20.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 description Voice Backup
 ip address 192.168.101.252 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 standby 100 ip 192.168.101.254
 standby 100 timers 1 3
 standby 100 preempt
 standby 100 name VOICE
 standby 100 track 20 decrement 10
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 217.171.224.193
no ip http server
no ip http secure-server
!
!
no ip nat service sip udp port 5060
ip nat inside source list 100 interface ATM0.35 overload
ip nat inside source static tcp 10.11.12.13 22 interface ATM0.35 22
!
ip sla 20
 icmp-echo 8.8.8.8 source-interface ATM0.35
 frequency 5
ip sla schedule 20 life forever start-time now
access-list 99 permit 5.34.232.0 0.0.7.255
access-list 100 permit ip any any
!
!
!
!
!
control-plane
!
banner login ^C

 ,
 __ _.-"` `'-. 
 /||\'._ __{}_( 
 |||| |'--.__\
 | L.( ^_\^ WARNING : Unauthorized ACCESS is prohibited
 \ .-' | _ | and will be logged !
 | | )\___/
 | \-'`:._]
 \__/; \^C
!
line con 0
 logging synchronous
 no modem enable
line aux 0
line vty 0 4
 access-class 99 in vrf-also
 logging synchronous
 transport input ssh
!
scheduler max-task-time 5000
end

And the main router

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VOICE_Main
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 520000
enable secret xxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
!
ip dhcp pool VOICE
 network 192.168.101.0 255.255.255.0
 default-router 192.168.101.254 
 dns-server 8.8.8.8 4.2.2.2
 lease 1 1 1
!
!
ip cef
ip host RT2 192.168.101.252
ip host RT1 192.168.101.253
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username administrator privilege 15 secret xxxxxxxxxxx
! 
!
!
archive
 log config
 hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
! 
track 100 ip sla 100 reachability
 delay down 2 up 30
!
!
!
interface Loopback1
 description for remote acces
 ip address 10.11.12.13 255.255.255.255
 ip nat inside
 ip virtual-reassembly
!
interface ATM0
 no ip address
 no ip proxy-arp
 no atm ilmi-keepalive
!
interface ATM0.34 point-to-point
 ip address dhcp
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 atm route-bridged ip
 pvc 0/34 
 encapsulation aal5snap
 !
!
interface FastEthernet0
 description VOICE
 switchport access vlan 100
 spanning-tree portfast
!
interface FastEthernet1
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface Vlan1
 shut
!
interface Vlan100
 description VOICE
 ip address 192.168.101.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 standby 100 ip 192.168.101.254
 standby 100 timers 1 3
 standby 100 priority 120
 standby 100 preempt
 standby 100 name VOICE
 standby 100 track 100 decrement 30
!
ip forward-protocol nd
ip route 8.8.8.8 255.255.255.255 81.28.82.1 track 100
ip route 0.0.0.0 0.0.0.0 81.28.82.1
no ip http server
no ip http secure-server
!
!
no ip nat service sip udp port 5060
ip nat inside source list 100 interface ATM0.34 overload
ip nat inside source static tcp 10.11.12.13 22 81.28.82.45 22 extendable
!
ip sla 100
 icmp-echo 8.8.4.4
 request-data-size 200
 timeout 3000
 threshold 1000
 frequency 5
ip sla schedule 100 life forever start-time now
access-list 99 permit 5.34.232.0 0.0.7.255
access-list 100 permit ip any any
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 99 in vrf-also
 exec-timeout 5 0
 transport input ssh
!
scheduler max-task-time 5000
end

paul driver · ‎04-14-2017

Hello
It is possible if the sla misses a ping then the tracking could poll again before another sla ping and the tracking will kick in and down your hrsp state.

Verify that the destination sla address is indeed reachable, and also try increasing the delay to the tracking for the down state.

track 20
delay 30 down

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul