😁 **配置 SLA 监控:** 首先，使用 `sla monitor` 命令创建一个 SLA 监控条目，并指定监控类型为 `echo`，协议为 `icmp-echo`，目标地址为 `150.6.2.2`，接口为 `outside`。此外，还可以设置其他参数，例如数据包数量、请求数据大小、超时时间、频率等。 例如，以下命令创建一个名为 `33` 的 SLA 监控条目，并设置监控类型为 `echo`，目标地址为 `150.6.2.2`，接口为 `outside`，数据包数量为 `3`，请求数据大小为 `1500` 字节，超时时间为 `30` 秒，频率为 `5` 秒： sla monitor 33 type echo protocol ip icmp-echo 150.6.2.2 interface outside num-packets 3 request-data-size 1500 timeout 30 frequency 5

😊 **配置 SLA 监控调度:** 接下来，使用 `sla monitor schedule` 命令配置 SLA 监控的调度时间。可以使用 `life` 参数指定监控持续时间，使用 `start-time` 参数指定监控开始时间。 例如，以下命令创建一个名为 `33` 的 SLA 监控调度，设置监控持续时间为 `forever`，开始时间为 `00:05:00`： sla monitor schedule 33 life forever start-time after 00:05:00

😉 **创建路由跟踪对象:** 为了将 SLA 监控与路由关联，需要创建一个路由跟踪对象。使用 `track` 命令创建一个路由跟踪对象，并指定其名称和关联的 SLA 监控条目。 例如，以下命令创建一个名为 `1` 的路由跟踪对象，并将其与名为 `33` 的 SLA 监控条目关联： track 1 rtr 33 reachability

😎 **创建静态路由并关联路由跟踪对象:** 最后，创建静态路由并将其与创建的路由跟踪对象关联。使用 `route` 命令创建静态路由，并使用 `track` 参数指定关联的路由跟踪对象。 例如，以下命令创建一条指向 `136.6.123.3` 的静态路由，并将其与名为 `1` 的路由跟踪对象关联： route outside 0.0.0.0 0.0.0.0 136.6.123.3 track 1

🥳 **监控 SLA 状态:** 通过 `sh track` 命令可以查看路由跟踪对象的状态。如果 SLA 监控结果表明目标地址不可达，则路由跟踪对象的状态将变为 `Down`，相应的静态路由将从路由表中删除。 例如，以下命令显示了路由跟踪对象 `1` 的状态，可以看到其状态为 `Down`： sh track Track 1 ResponseTimeReporter 33 reachability Reachability is Down 1 change, last change 00:04:03 Latest operation return code: Unknown Tracked by: STATIC-IP-ROUTING 0

SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status.Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but pretty uniform.

TokyoASA1(config)# sla monitor 33 TokyoASA1(config-sla-monitor)# type echo protocol ipIcmpEcho 150.6.2.2 int outside type echoTokyoASA1(config-sla-monitor-echo)# ?

default            Set a command to its defaults     exit               Exit probe configuration      frequency          Frequency of an operation     no                 Negate a command or set its defaults     num-packets        Number of Packets     request-data-size  Request data size     threshold          Operation threshold in milliseconds     timeout            Timeout of an operation     tos                Type Of Service  

TokyoASA1(config-sla-monitor-echo)# frequency ?

sla-monitor-echo mode commands/options:     <1-604800>  Frequency in seconds 

TokyoASA1(config)# sla monitor schedule 33 ?

ageout      How long to keep this Entry when inactive     life        Length of time to execute in seconds     recurring   Probe to be scheduled automatically every day     start-time  When to start this entry

TokyoASA1(config)# sla monitor schedule 33 life forever start after 00:05:00

Now create tracking process to be later applied to the static route:

TokyoASA1(config)# track 1 rtr 33 reachability

And finally we create static route and attach to it the created track :

TokyoASA1(config)# route outside 0 0 136.6.123.3 track 1

Now let's see some statistics on the track:

TokyoASA1# sh track

Track 1     Response Time Reporter 33 reachability     Reachability is Down     1 change, last change 00:04:03     Latest operation return code: Unknown     Tracked by:       STATIC-IP-ROUTING 0 

The final configuration looks like

sla monitor 33    type echo protocol ipIcmpEcho 150.6.2.2 interface outside    num-packets 3    request-data-size 1500    timeout 30    frequency 5   sla monitor schedule 33 life forever start-time after 00:05:00 

TokyoASA1# sh sla monitor configuration

Entry number: 33   Owner:    Tag:    Type of operation to perform: echo   Target address: 150.6.2.2   Interface: outside   Number of packets: 3   Request size (ARR data portion): 1500   Operation timeout (milliseconds): 30   Type Of Service parameters: 0x0   Verify data: No   Operation frequency (seconds): 5   Next Scheduled Start Time: Start Time already passed   Group Scheduled : FALSE   Life (seconds): Forever   Entry Ageout (seconds): never   Recurring (Starting Everyday): FALSE   Status of entry (SNMP RowStatus): Active   Enhanced History:

TokyoASA1# sh sla monitor configuration operational-state

Entry number: 33   Modification time: 15:14:04.168 UTC Sun May 23 2010   Number of Octets Used by this Entry: 1480   Number of operations attempted: 48   Number of operations skipped: 0   Current seconds left in Life: Forever   Operational state of entry: Active   Last time this entry was reset: Never   Connection loss occurred: FALSE   Timeout occurred: FALSE   Over thresholds occurred: FALSE   Latest RTT (milliseconds): 1   Latest operation start time: 15:22:59.169 UTC Sun May 23 2010   RTT Values:   RTTAvg: 1RTTMin: 1RTTMax: 1   NumOfRTT: 3RTTSum: 3RTTSum2: 3 

TokyoASA1# debug sla monitor ?

error Output IP SLA Monitor Error Messages trace Output IP SLA Monitor Trace Messages

TokyoASA1# debug sla monitor trace

TokyoASA1# IP SLA Monitor(33) Scheduler: Starting an operation   IP SLA Monitor(33) echo operation: Sending an echo operation   IP SLA Monitor(33) echo operation: RTT=0 OK   IP SLA Monitor(33) echo operation: RTT=0 OK   IP SLA Monitor(33) echo operation: RTT=1 OK   IP SLA Monitor(33) Scheduler: Updating result   IP SLA Monitor(33) Scheduler: Starting an operation   IP SLA Monitor(33) echo operation: Sending an echo operation   IP SLA Monitor(33) echo operation: RTT=0 OK   IP SLA Monitor(33) echo operation: RTT=0 OK   IP SLA Monitor(33) echo operation: RTT=1 OK 

And by the way it really works - when track is down the route to which it is attached magically disappearedfrom the routing table as should.

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.