转自：

SLA简介

SLA (Service-Level Agreement)简单的理解，就是测量一些网络性能参数，在超过一些门限值时，结合track或者EEM它可以触发一些操作。例如：

1. 监控下一跳的可达性，如果不可达了, 则让某一静态路由失效2. 监控领居的接口地址，如果连续三次不可达, 则将端口shutdown

SLA 应用实例

如果客户的线路质量不好，又无法改善时，我们需要一种方法来：当线路质量达到一定阀值时，直接reset端口，用重置链路来改善。

那么我们如何达到这种需求呢，这时SLA就登场了，那么如何部署SLA呢？

分析第一种方法

ip sla 2 icmp-echo 1.1.1.2 timeout 3000 frequency 10<---频率设置为10S发一次ip sla schedule 2 life forever start-time now<---设置SLA的启动时间为马上，有效期为永远!Track 1 rtr 2<---配置track, trace有up和down两种状态!event manager session cli username "username"event manager applet test_track_1<---EEM 配置 event track 1 state down<---如果track 1的状态是down的, 则执行下面的操作 action 1.0 cli command "enable" action 2.0 cli command "conf t" action 3.0 cli command "int g4/3" action 3.1 cli command "shut" action 3.2 cli command "no shut" action 4.0 cli command "end"

根据以上配置，如果设备会每10秒发送一个PING包, 当超时时，track 1会变为down的状态，进而触发对端口的shut/no shut，这样达到最终的目的了么？在实际网络中，偶尔丢一个包是正常的、不可避免的，与此同时，端口是正常工作的。但是，根据上面的配置，端口依然会被reset，导致业务受到影响。

为了避免这一类不必要的业务影响，我们需要对此配置进行优化，让track 1在发生真正的网络故障时才down。

最常用的判断网络故障的标准是连续的超时！因此加入以下命令（只说明增加的命令，另外修改的命令用红色标出）：

ip sla 4 icmp-echo 1.1.1.2 timeout 1000 frequency 10ip sla schedule 4 life 5 start-time pending<---并不是马上启动，有效期也只有5秒!ip sla reaction-configuration 2 react timeout threshold-type consecutive 3 action-type trapandtrigger<---当发生连续3次timeout时，trigger另一个SLA，并发SNMP Trapip sla reaction-trigger 2 4<---SLA 2连续三次timeout就要trigger SLA 4!track 1 rtr 4<---track SLA 4，而不是SLA 2，为什么？

如果配置track 1 rtr 2，则每次SLA 2超时时，track 1都会down，每down一次EEM都会reset端口，这样功能还是和之前一样不合理。所以，需要配置track 1 rtr 4，因为SLA 4是pending的，它在SLA 2连续三次超时时才被触发（10*3 + 5 =35S）

根据上篇文章分析的第一种方法到底行不行呢？

经过测试，确实可以规避原丢一个包就启动EEM的问题。但有个问题，因为要新增一个sla，如777，且其状态为pending，即只有在17丢三个包的情况下才启动777。

有如下两种情况：

1、线路已经开通时，这时配置如上命令时，因17无法连续丢3个包，导致777始终不能启动，导致track17的状态始终为down，最终导致不管丢多少包都不能启动EEM。（想想为什么？）

规避措施：配置完如上命令时需要shut上端或下端端口30s（因每10s探测一次），这时777才能启动，然后再做no shut操作，track17状态才能变为up，才能在专线中断的情况下正常启动EEM。所以在已经开通的线路配置如上命令时都要中断主用线路最少30s。

2、线路尚未开通时，这时需要在配置完如上命令最少30s才能开通此MSTP线路，否则同样会有如上问题。

关于问题的分析及解释：

在这我就不解释命令的含义了，关于命令的含义，可以看上篇文章 《 》

Config：

ip sla monitor 17 type echo protocol ipIcmpEcho 12.1.1.2 timeout 3000 frequency 10!ip sla monitor reaction-configuration 17 react timeout threshold-type consecutive 3 action-type trapAndTriggerip sla monitor reaction-trigger 17 777ip sla monitor schedule 17 life forever start-time now!ip sla monitor 777 type echo protocol ipIcmpEcho 12.1.1.2 timeout 1000 frequency 10!ip sla monitor schedule 777 life 5 start-time pendingtrack 17 rtr 777!event manager session cli username "username"event manager applet test_track_17 event track 17 state down action 1.0 cli command "enable" action 2.0 cli command "conf t" action 3.0 cli command "int s1/0" action 3.1 cli command "shut" action 3.2 cli command "no shut" action 4.0 cli command "end"!R1#sh debuggingTrack debugging is onEmbedded Event Manager:  Debug EEM action cli debugging is onIP SLA Monitor:  TRACE debugging for all operations is on

Debug Information：

1. 初始配置后是down的状态：

R1(config)#track 17 rtr 777*Feb 25 10:15:06.979: Track: 17 Adding rtr object*Feb 25 10:15:06.979: Track: Initialise*Feb 25 10:15:06.983: Track: 17 New rtr 777, state Down*Feb 25 10:15:06.987: Track: Starting processR1#sh trackTrack 17  Response Time Reporter 777 state  State is Down    1 change, last change 00:01:19  Latest operation return code: Unknown  Tracked by:     applet test_track_17

2. shutdown本断或对断端口，激活777，使track 17成为down

*Feb 25 10:16:25.107: IP SLA Monitor(777) Scheduler: Starting an operation*Feb 25 10:16:25.107: IP SLA Monitor(777) echo operation: Sending an echo operation*Feb 25 10:16:26.107: IP SLA Monitor(777) echo operation: Timeout*Feb 25 10:16:26.107: IP SLA Monitor(777) Scheduler: Updating result*Feb 25 10:16:26.777: IP SLA Monitor(777) Scheduler: AgeoutR1#sh trackTrack 17  Response Time Reporter 777 state  State is Down    1 change, last change 00:01:55  Latest operation return code: Timeout  Tracked by:     applet test_track_17

3. no shut端口，再次激活777，使其成为up

*Feb 25 10:17:42.159: IP SLA Monitor(777) Scheduler: Starting an operation*Feb 25 10:17:42.159: IP SLA Monitor(777) echo operation: Sending an echo operation*Feb 25 10:17:42.171: IP SLA Monitor(777) echo operation: RTT=12*Feb 25 10:17:42.175: IP SLA Monitor(777) Scheduler: Updating result*Feb 25 10:17:42.175: IP SLA Monitor(777) Scheduler: Ageout*Feb 25 10:17:46.983: Track: 17 Change #2 rtr 777, state Down->UpR1#sh trackTrack 17  Response Time Reporter 777 state  State is Up    2 changes, last change 00:09:16  Latest operation return code: OK  Latest RTT (millisecs) 12  Tracked by:     applet test_track_17

4. shutdown本端端口，测试是否可以达到效果

注意：下面的时间戳跟上面的不是连续的，是经过两次测试得到的

R1#config terEnter configuration commands, one per line.  End with CNTL/Z.R1(config)#int s1/0R1(config-if)#R1(config-if)#shutdownR1(config-if)#endR1#*Feb 25 09:47:27.911: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down*Feb 25 09:47:27.915: %ENTITY_ALARM-6-INFO: ASSERT INFO Se1/0 Physical Port Administrative State Down*Feb 25 09:47:28.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down*Feb 25 09:47:31.775: IP SLA Monitor(17) Scheduler: Starting an operation*Feb 25 09:47:31.775: IP SLA Monitor(17) echo operation: Sending an echo operation*Feb 25 09:47:34.779: IP SLA Monitor(17) echo operation: Timeout*Feb 25 09:47:34.779: IP SLA Monitor(17) Scheduler: Updating result*Feb 25 09:47:41.775: IP SLA Monitor(17) Scheduler: Starting an operation*Feb 25 09:47:41.779: IP SLA Monitor(17) echo operation: Sending an echo operation*Feb 25 09:47:44.779: IP SLA Monitor(17) echo operation: Timeout*Feb 25 09:47:44.779: IP SLA Monitor(17) Scheduler: Updating result*Feb 25 09:47:51.775: IP SLA Monitor(17) Scheduler: Starting an operation*Feb 25 09:47:51.775: IP SLA Monitor(17) echo operation: Sending an echo operation*Feb 25 09:47:54.779: IP SLA Monitor(17) echo operation: Timeout*Feb 25 09:47:54.779: IP SLA Monitor(17) Scheduler: Updating result*Feb 25 09:47:54.827: IP SLA Monitor(777) Scheduler: Starting an operation*Feb 25 09:47:54.827: IP SLA Monitor(777) echo operation: Sending an echo operation*Feb 25 09:47:55.831: IP SLA Monitor(777) echo operation: Timeout*Feb 25 09:47:55.831: IP SLA Monitor(777) Scheduler: Updating result*Feb 25 09:47:55.835: IP SLA Monitor(777) Scheduler: Ageout*Feb 25 09:47:56.231: Track: 17 Change #5 rtr 777, state Up->Down*Feb 25 09:47:56.251: fh_schedule_callback: EEM callback policy EEM Policy Director has been scheduled to run*Feb 25 09:47:56.275: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : CTL : cli_open called.*Feb 25 09:47:56.291: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.291: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1>*Feb 25 09:47:56.295: %HA_EM-6-LOG:R1#test_track_17 : DEBUG(cli_lib) : : IN  : >enable*Feb 25 09:47:56.311: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.311: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1#*Feb 25 09:47:56.311: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #conf t*Feb 25 09:47:56.327: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.331: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :Enter configuration commands, one per line.  End with CNTL/Z.*Feb 25 09:47:56.335: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1(config)#*Feb 25 09:47:56.339: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #int s1/0*Feb 25 09:47:56.355: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.355: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1(config-if)#*Feb 25 09:47:56.355: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #shut*Feb 25 09:47:56.371: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.375: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1(config-if)#*Feb 25 09:47:56.379: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #no shut*Feb 25 09:47:56.411: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.411: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1(config-if)#*Feb 25 09:47:56.415: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #end*Feb 25 09:47:56.435: %SYS-5-CONFIG_I: Configured from console by name on vty1*Feb 25 09:47:56.447: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT :*Feb 25 09:47:56.447: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : OUT : R1#*Feb 25 09:47:56.451: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : IN  : #exit*Feb 25 09:47:56.455: %HA_EM-6-LOG: test_track_17 : DEBUG(cli_lib) : : CTL : cli_close called.*Feb 25 09:47:58.387: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up*Feb 25 09:47:58.391: %ENTITY_ALARM-6-INFO: CLEAR INFO Se1/0 Physical Port Administrative State Down*Feb 25 09:47:59.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to upR1#sh trackR1#sh track 17Track 17  Response Time Reporter 777 state  State is Up    6 changes, last change 00:15:41  Latest operation return code: OK  Latest RTT (millisecs) 3  Tracked by:     applet test_track_17