How to setup a Cisco IP SLA TCP connect operation

Cisco How-To Tutorials
In this blog, we will outline what is involved when creating an IP SLA ICMP Echo monitor on Cisco routers. We will also discuss how to create IP SLA reports through SNMP using an typical SNMP trending tool. Why setup an IP SLA TCP connect operation? This exercise is useful when trying to baseline the performance of a specific port carrying a specified DiffServ codepoint over a WAN link. An SNMP trend can be created which helps administrators understand how an application may perform. What is The IP SLA TCP connect operation? The IP SLA TCP Connect operation measures the response time taken to perform a TCP Connect operation between a Cisco router and devices using IP. TCP is a transport layer (Layer 4) internet protocol that provides reliable full-duplex data transmission. The destination device can be any device using IP. ICMP Echo response times can be measured between Cisco routers by enabling the IP SLA Responder. Using another Cisco router is not required. Skip to the "IP TCPConnect Monitor # Availability Verification" section destination is not a Cisco Router. IOS Version Warning Some IOS versions support IP SLA operations with slightly different navigation or methods of creation although the overall methods for creating IP SLA operations are the same. The administrator may need to use the "?" command to apply the correct commands for that IOS. Setting up the IP SLA Responder In order for a successful implementation of the IP SLA TCP connection operation using another Cisco router as the destination, the destination router needs to be configured to respond to the router initiating the request to be able to generate the values necessary for performance trending. Enable IP SLA Responder:

Router (config)# ip sla monitor responder

Enabling Specific Responders: It may be necessary to provide a specific destination IP address, port number and/or other details for the responder to work with firewalls.

Router (config)# ip sla monitor responder type ipaddress port <1-65535>

Verification of Responder Status: Once the responder has been configured, the administrator should verify that the responder is currently enabled.

Router (config)# exit Router# show ip sla monitor responder

Responder Config
View more details on responder configuration

Steps to configure TCP Connect IP SLA IP SLA TCP Connect Monitor # Availability Verification: The administrator should first verify that there are no other IP SLA Monitors that exist with the same number scheduled to be used. The IOS will not allow the user to overwrite an existing IP SLA Monitor. Existing IP SLA Monitors can be viewed by entering the following command:

Router# show ip sla monitor configuration

Create Monitor: Once the administrator has identified an available monitor number for the IP SLA Monitor the administrator can continue with the creation of the TCP Connect IP SLA Monitor. Enter config mode and proceed with the following steps.

Router (config)# ip sla monitor < 1-2147483647 >

Specify Type: Once the monitor has been created, specify what type of monitor that should be used along with the required configuration options. Below is an example of how to setup a typical TCP Connect IP SLA Operation.

Router(config-sla-monitor)# type tcpconnect dest-ipaddr dest-port <1-65535>

Specify Tag: It is necessary to add the line below as it will be picked up by the SNMP measuring tool and used as the description of what this IP SLA operation is.

Router (config-sla-monitor-tcp)# tag

Specify Frequency: The frequency of this monitor should be 300 seconds or less. Giving this monitor a smaller time value is acceptable; keeping in mind that increased frequency will create more overhead for the router. A frequency of 300 seconds will produce statistics in the SNMP measurement tool.

Router(config-sla-monitor-tcp)# frequency <1-604800>

Specify Owner: The administrator of this IP SLA Monitor should specify the contact responsible for the configuration. This is done by adding the owner config line.

Router (config-sla-monitor-jitter)# owner

Specify Type of Service: This line defines a type of service (ToS) byte in the IP header of an IP SLA operation. IP SLA Monitors emulate and keep statistics on traffic that is identical to the type of traffic the administrator needs to monitor. If the administrator needs to measure traffic in a specific QoS queue, the ToS value associated with that queue should be specified. If the ToS is not specified, the TCP Connect operation will not include a QoS tag in the packet. The chart below is useful in determining which Diffserv or decimal to use for the ToS config line.

DiffServ Codepoints
Router (config-sla-monitor-tcp)# tos <0-255>

Enabling the IP SLA TCP Connect Monitor: The next step is to exit configuration mode and return to exec mode in order to start the IP SLA operation.

Router(config-sla-monitor-tcp)# exit

Schedule the Monitor to Start: Once the monitor configuration has been completed, it must be enabled. There are many variations on how to schedule IP SLA Monitors. For the purpose of creating dependable reports, the administrator should start the monitor upon completion and keep it running permanently or until it is no longer needed.

Router (config)# ip sla monitor schedule <1-2147483647> start-time now life forever

Verification of IP SLA TCP Connection Operation Configuration: Once the IP SLA Monitor has been started, it will generate statistics on the first transaction between the source and destination. The administrator may run statistics on the new IP SLA Monitor by running:

Router# show ip sla monitor configuration statistics <1-2147483647>
RTT Display

A successful implementation will result in the latest round trip time (RTT) being displayed. The number of successes and failures will also be displayed. If the monitor fails to connect, the administrator will see a number greater than zero in the failures line, and the cause of the problem will be displayed. It will be necessary to review the configuration or check network issues that may be blocking the connection.

Router#show ip sla monitor configuration <1-2147483647>

Editing or Removing an IP SLA Monitor: If the administrator finds a problem with the monitor or would like to make a change in the monitor, the monitor must then be removed and recreated by repeating the process. To remove an IP SLA Monitor, the command below may be used:

Router (config)# no ip sla monitor <1-2147483647>

Troubleshooting IP SLAs: If problems persist, try verifying firewall configurations, access lists, or other networking issues that may be interfering in the process. The administrator should also make sure that the current IOS version supports these IP SLA Operations.

Create IP SLA Reports with Denika Performance Trender
Once the IP SLA Monitor has been successfully created and scheduled, the administrator can create IP SLA Performance Reports like the ones above with the Denika SNMP Performance Trender. Steps to create reports in Denika SNMP Performance Trender:

1. Download the free version at
2. Install Denika on a Windows server
3. Log in to the web interface
4. Click on the discovery button in the Admin Tools Tab
5. Click on the Single Device button
6. Enter the IP Address and the SNMP Community string for the router currently being configured for SLA Reporting. If the community string is not public the administrator may simply create a credential with the correct community string.
7. Click on the View First button and select the reports to be created. Follow the instructions on the screen if the reports options wanted are not listed.
8. Wait 10-15 minutes for the trends to show up and celebrate.
Michael Patterson
"Scrutinizer Netflow Analyzer and Denika SNMP Performance Trender both have a 3rd party integration feature so that integrating between the two or with any other network management application with a web interface is fast and simple," said Michael Patterson - CEO – Plixer International. "Plixer recommends having the integration between Denika and Scrutinizer enabled."

If you would like assistance creating Reports in Denika, feel free to contact Plixer directly. View Cisco documentation on IP SLA TCP connect and other IP SLA operations.

View more Cisco How-To Tutorials

Contact Brad Reese

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.