What Is IP SLA for Path Control in Networking?
Also known as: IP SLA, path control, Cisco IP SLA, CCNP ENCOR, IP SLA tracking
On This Page
Quick Definition
IP SLA for Path Control is a feature that lets a network device continuously check the health of a connection to another device. If that connection becomes slow or fails, the device can automatically switch traffic to a backup path. It works like a smart alarm system that tells your router when to use a different route.
Must Know for Exams
IP SLA for Path Control is explicitly covered in the Cisco CCNP Enterprise (350-401 ENCOR) and CCNP Security (350-701 SCOR) exam blueprints, as well as the CCNP Service Provider (SPCOR) exam. In the ENCOR exam, it falls under the domain of Layer 3 technologies and advanced routing. Candidates are expected to understand how IP SLA integrates with object tracking and how tracking objects interact with routing protocols and policy-based routing. The exam objectives require you to describe the purpose of IP SLA, interpret configuration snippets, and troubleshoot issues related to path selection.
Questions on IP SLA for Path Control frequently appear in the context of network assurance and redundancy. You may be asked to identify why a backup path did not activate when a primary link was slow but still up. This tests your understanding of the difference between a link failure and a performance degradation. Another common exam scenario involves a floating static route that does not work as expected because the IP SLA probe is misconfigured. You must know the default timers, the difference between ICMP echo and UDP jitter operations, and the syntax for configuring tracking objects. The exam may also present a policy-based routing configuration that uses IP SLA, and ask you to predict how traffic will be forwarded under different performance conditions. Additionally, the ENCOR exam expects you to understand how IP SLA relates to newer technologies like Cisco SD-WAN, where similar probing mechanisms (like App-Route Policy) are used for path quality measurement. While IP SLA itself is a legacy feature, the underlying concepts of active performance monitoring and trigger-based path control are foundational for modern intent-based networking.
Simple Meaning
Imagine you are a delivery driver who has two possible routes to reach a customer. One route is normally faster, but sometimes it gets blocked by construction or traffic jams. You cannot just blindly take the fast route every time because you might get stuck.
You need a way to know, before you start driving, whether the fast route is open today. IP SLA for Path Control is like having a helper who drives ahead on the fast route every few minutes. This helper checks if the road is clear, measures how long it takes, and reports back to you.
Based on that report, you decide to take the fast route or the backup route. In networking, the router is the delivery driver. The fast route is the primary path across the network.
The backup route is a secondary link or path. The helper is the IP SLA probe, which sends test packets to a target device, like a server or another router. The test measures things like how long the packet takes to travel (latency), how many packets are lost (packet loss), or if the target responds at all (reachability).
If the test results fall below a threshold you set, the router knows the primary path is having problems. It then uses a feature like tracking or policy-based routing to automatically move traffic to the backup path. This all happens in seconds, without a human having to log in and change configurations.
The key idea is that the routing decision is no longer static. It is alive and responsive to the actual condition of the network. The network can heal itself by choosing a different path when the current one is sick.
This makes applications stay online and perform well, even when part of the network has issues.
Full Technical Definition
IP SLA for Path Control refers to the integration of Cisco IOS IP Service Level Agreement (SLA) measurement capabilities with routing features like object tracking, policy-based routing, or static route manipulation to enable dynamic path selection based on network performance. IP SLA is a built-in feature of Cisco IOS that generates synthetic traffic, such as Internet Control Message Protocol (ICMP) echo requests, User Datagram Protocol (UDP) jitter probes, or Transmission Control Protocol (TCP) connection attempts, and sends them to a target device at a configurable frequency, typically every 5 to 60 seconds.
The IP SLA operation collects performance metrics including round-trip time (RTT), packet loss percentage, jitter, and mean opinion score (MOS) for voice traffic. These metrics are compared against configurable thresholds, such as a maximum RTT of 200 milliseconds or a packet loss limit of 2 percent. When a threshold is exceeded or a timeout occurs, the IP SLA operation changes its state from Up to Down. That state change is then fed into a Cisco IOS tracking object, which is a logical container that monitors the IP SLA operation. The tracking object can have multiple thresholds and can combine multiple IP SLA probes using boolean logic.
Once the tracking object changes state, it triggers a reaction in the routing configuration. Common uses include floating static routes, where a static route with a higher administrative distance (AD) is used as a backup. The tracking object modifies the AD of the primary static route when the tracked IP SLA fails, making the backup route active. In policy-based routing (PBR), the tracking object can change which set command is applied to traffic, switching the next-hop. For dynamic routing protocols like Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP), route maps that rely on tracked objects can adjust metrics or even suppress route advertisement. This mechanism is critical for ensuring path redundancy and application performance in enterprise and service provider networks. It allows the network to respond to brown-out conditions, where a link is still physically up but performing poorly, not just complete failures.
Real-Life Example
Think of a large apartment building with a single main entrance and a service entrance in the back. Normally, all residents and visitors use the main entrance because it is faster and more convenient. However, sometimes the main entrance gets congested when a delivery truck blocks the door or when too many people arrive at once.
The building manager needs a way to know when the main entrance is blocked and direct people to the service entrance instead. The manager hires a security guard whose job is to stand by the main entrance every two minutes. The guard checks if the door is accessible, if there is a long line, and if people can pass through easily.
If the guard sees a problem, they radio the manager and say, Main entrance is slow or blocked. The manager then flips a switch that lights up a sign pointing to the service entrance. Visitors see the sign and use the back door.
In this analogy, the security guard is the IP SLA probe making regular checks. The main entrance is the primary network path, and the service entrance is the backup path. The manager is the router running the tracking object.
The radio call is the state change signal from the IP SLA to the tracking object. The sign that changes direction is the routing decision, like a floating static route becoming active. The key mapping is that the guard does not guess.
He actually goes to the door and checks. Similarly, IP SLA does not rely on assumptions about link status. It sends real packets and measures real results. This is more accurate than just knowing the physical cable is plugged in because a cable can be connected but the link can be congested or the remote device can be unresponsive.
The guard also measures how long it takes for people to pass through, which is like measuring latency. If the main entrance is open but takes ten minutes for one person to get through, that is still a problem. The guard reports that too, and the manager can decide to activate the backup path before the line gets too long.
This proactive approach prevents frustration and keeps the building functioning smoothly.
Why This Term Matters
In real-world IT operations, networks are expected to be highly available and performant. Users do not care why an application is slow. They only know that it is broken. IP SLA for Path Control matters because it bridges the gap between physical link availability and actual network performance. A link can be up at layer 1 and layer 2, but if it is experiencing high latency or packet loss due to congestion, a routing loop, or a failing hardware component, applications will suffer. Traditional routing protocols like OSPF or EIGRP rely on interface states or neighbor keepalives. They do not inherently measure performance. IP SLA adds that performance awareness, allowing the network to make intelligent forwarding decisions based on real conditions.
This technology is critical for voice over IP (VoIP) and video conferencing. These applications are sensitive to jitter and latency. If a primary link starts to degrade, IP SLA can detect the increased jitter and switch traffic to a cleaner backup path before users notice call quality issues. In data center environments, IP SLA is used to verify the health of next-hop devices, such as firewalls or load balancers, and redirect traffic if they become unresponsive. For businesses that rely on multiple internet connections for redundancy, IP SLA can monitor each link's performance and automatically route traffic through the best available connection. This avoids the situation where a link is up but provides terrible service, which is worse than being completely down because users still try to use it. Without IP SLA for Path Control, network administrators would have to manually monitor performance and change configurations, which is slow and error-prone. The feature enables self-healing networks that reduce downtime and improve user experience.
How It Appears in Exam Questions
Cisco CCNP and CCIE exams present IP SLA for Path Control in several question formats. Multiple-choice questions often describe a network scenario and ask which technology would best solve a specific problem, such as A router has two paths to a server. The primary path is preferred but occasionally becomes slow. Which feature should be used to automatically switch traffic when latency exceeds 100 milliseconds? The correct answer is IP SLA with object tracking.
Configuration questions require you to analyze a running configuration and identify errors. Example: A candidate configures IP SLA operation 1 with an ICMP echo to 10.1.1.1, a frequency of 5 seconds, and a threshold of 200 ms. They then create a tracking object 1 linked to IP SLA 1 with a delay of 10 seconds. They apply this to a floating static route. The question asks: What is the effect of the 10-second delay? The answer: The route will not switch immediately after the threshold is exceeded. It will wait 10 seconds before reacting, which prevents flapping.
Troubleshooting scenario questions present symptoms like Users on a branch office lose connectivity to the central server for 30 seconds every hour, then it recovers. The logs show that a backup link activates during those 30 seconds. The question asks what is causing this behavior. The answer could be that the IP SLA probe timeouts are too short, causing false positives. Another troubleshooting question might show a configuration where the IP SLA target is unreachable, but the tracking object shows an Up state. This tests knowledge that a tracking object can be configured to consider an IP SLA operation as Up even if no response is received, if the default state is set to Up. Architecture-style questions ask you to design a redundant WAN setup using IP SLA. You must decide whether to use floating static routes or policy-based routing based on the number of paths and traffic types. Always read the exhibit in these questions carefully. Look for the IP SLA operation number, the tracking object number, and the route map or policy that references them. Pay attention to the threshold values and the reaction time.
Study enarsi
Test your understanding with exam-style practice questions.
Example Scenario
ABC Corp has two internet connections at their headquarters. One is a 1 Gbps fiber link, which is fast and reliable. The other is a 100 Mbps backup DSL line. The company uses the fiber link for all internet traffic.
The network administrator wants to automatically switch to the DSL line if the fiber link becomes congested or its latency goes above 150 milliseconds. They configure an IP SLA operation on the main router that sends a ping every 10 seconds to the public IP address of a well-known DNS server, like 8.8.
8.8. The threshold is set to a round-trip time of 150 ms. The IP SLA is attached to a tracking object. A floating static route with an administrative distance of 5 is used for the fiber link, and the backup static route for the DSL link has an administrative distance of 10.
Normally, the fiber route is preferred because of its lower AD. The tracking object monitors the IP SLA probe. When the probe shows that the RTT to 8.8.8.8 exceeds 150 ms, the tracking object marks itself as Down.
This causes the primary static route to be removed from the routing table because its AD is incremented. The backup static route with AD 10 then enters the routing table, and all traffic starts using the DSL line. When the fiber link recovers and the probe shows RTT below 150 ms for a configured delay, the tracking object goes Up, the primary route returns, and traffic switches back.
This whole process is automatic and happens within seconds.
Common Mistakes
Thinking IP SLA can only measure reachability, not performance.
IP SLA can measure many performance metrics such as round-trip time, jitter, packet loss, and mean opinion score for voice. Using only reachability ignores slow links that are still responding.
Use the appropriate IP SLA operation type for your need. For voice, use UDP jitter. For general link quality, configure a threshold for RTT and packet loss.
Configuring IP SLA with a frequency that is too high or too low.
A frequency of 1 second can cause excessive CPU usage on the router and network overhead. A frequency of 60 seconds may delay detection of problems for too long, resulting in poor user experience.
Use a frequency between 5 and 15 seconds for most scenarios. Adjust based on how quickly you need to react and the router's capabilities.
Forgetting to associate the IP SLA operation with a tracking object.
An IP SLA operation alone does not change routing. It only collects data and logs results. Without a tracking object, the router has no mechanism to act on the IP SLA state.
Always create a tracking object with the command 'track object-id ip sla operation-id' and then apply that tracking object to the routing feature you want to control.
Not configuring a delay on the tracking object to prevent flapping.
A single missed probe due to a transient network spike can cause the route to change and then change back immediately, creating instability.
Use the 'delay' command under the tracking object configuration to introduce an up-delay and a down-delay, typically 10-20 seconds, to ensure the condition persists before switching.
Confusing IP SLA with NetFlow or SNMP.
NetFlow is for traffic accounting and analysis, not for active measurement. SNMP polls devices for statistics. IP SLA generates synthetic test traffic to measure performance actively. They serve different purposes.
Remember that IP SLA creates traffic. NetFlow watches existing traffic. SNMP collects counters. Use IP SLA when you need to test something that may not be generating its own traffic.
Exam Trap — Don't Get Fooled
The exam presents a configuration where IP SLA is correctly set up, but the tracking object uses the 'track object-id ip sla operation-id reachability' command instead of the correct syntax. The question asks why the backup route never activates. Memorize the exact IOS syntax.
The correct command is 'track 1 ip sla 1 state' or 'track 1 ip sla 1' (state is implied in newer IOS versions). Never use 'reachability' as a keyword. Always practice configuration on a lab or simulator to see the actual commands.
Commonly Confused With
PBR is a feature that allows you to define policies to route traffic based on attributes like source IP, destination IP, or protocol. IP SLA for Path Control can be used with PBR to make those policies dynamic. The difference is that PBR alone is static. IP SLA adds the ability to change the PBR policy based on performance. PBR is the tool; IP SLA is the sensor.
PBR without IP SLA: Route all traffic from the HR subnet to next-hop 10.1.1.1. IP SLA with PBR: Route all traffic from the HR subnet to next-hop 10.1.1.1 unless IP SLA shows that next-hop has high latency, then route to 10.2.2.2.
A floating static route is a static route with a higher administrative distance, used as a backup. It will only appear in the routing table if the primary route disappears. IP SLA can trigger that disappearance by modifying the administrative distance of the primary route when a performance threshold is exceeded. The floating static route itself is not intelligent. IP SLA makes it intelligent.
A floating static route alone: If the primary link goes down, the backup route activates. A floating static route with IP SLA: If the primary link stays up but is slow, the backup route also activates.
Hot Standby Router Protocol (HSRP) with track monitors the state of an upstream interface and adjusts the priority of the virtual router. This is for first-hop redundancy, not for path control based on performance metrics. HSRP with track only cares about interface state, not latency or packet loss. IP SLA for Path Control works on layer 3 routing decisions, not on gateway redundancy.
HSRP track: If the WAN interface on the active router goes down, the standby router becomes active. IP SLA: If the WAN interface is up but latency to the next hop is high, the router changes the path for certain traffic, but the HSRP gateway remains the same.
Step-by-Step Breakdown
Define the IP SLA operation
You choose a type of test, such as ICMP echo, and a target IP address. You also set the frequency (how often the test runs) and the threshold values. This is like programming your helper to check the route every 10 seconds and report back if the round trip takes longer than 100 ms.
Schedule the IP SLA operation
The operation must be scheduled to start running. In Cisco IOS, you use the 'ip sla schedule' command to specify a start time, an end time, or to run indefinitely. Without this step, the IP SLA probe does not send any packets.
Create a tracking object
The tracking object is a middleman that monitors the state of the IP SLA operation. It looks at the results, such as whether the last probe timed out or if the threshold was exceeded, and it maintains an Up or Down state. The tracking object can include a delay to prevent too-fast state changes.
Link the tracking object to the IP SLA operation
You configure the tracking object to reference the specific IP SLA operation by number. This tells the tracking object which probe to watch. For example, 'track 1 ip sla 2' means tracking object 1 monitors IP SLA operation 2.
Apply the tracking object to a routing feature
You use the tracking object to influence a decision, such as by modifying the administrative distance of a static route, enabling a backup route, or changing a PBR policy. This step connects the health check to the actual routing behavior.
Verification and tuning
You verify the configuration using show commands, such as 'show ip sla statistics' to see probe results and 'show track' to see the tracking object state. You may need to adjust thresholds or delays based on real-world performance.
Practical Mini-Lesson
In a production network, IP SLA for Path Control is one of the most practical ways to achieve application-aware routing without buying expensive hardware controllers. The first thing you need to know is that IP SLA consumes router resources. Each operation uses CPU and memory. Do not create hundreds of probes on a single low-end router. Use a reasonable number, usually under 20 on a branch router. The most common operation type is ICMP echo, but for voice and video, you should use UDP jitter, which measures jitter and packet loss by sending simulated voice packets. To configure UDP jitter, you must specify a source port, destination port, and codec type. For path control, the most critical parameter is the threshold. Set it based on your application requirements. For example, VoIP typically needs less than 150 ms one-way delay and less than 1 percent packet loss. Set the threshold accordingly.
Another important aspect is the reaction to state changes. The tracking object can have an up-delay and a down-delay. The down-delay is the number of seconds the tracking object waits before declaring the path as Down after the threshold is violated. Without this delay, a single dropped probe due to a brief spike can cause a routing change, which then reverses a second later when the next probe succeeds. This flapping can cause instability in the routing table and disrupt active connections. A down-delay of 10 to 15 seconds is standard. The up-delay is the time it waits before declaring the path as Up again after it recovers. This prevents rapid back-and-forth switching.
Troubleshooting IP SLA involves checking several things. First, verify that the IP SLA operation is in an active state with 'show ip sla operational-state'. If the state is inactive, check the schedule. Second, verify that the tracking object is linked correctly and that its state matches the IP SLA state. Third, ensure that the routing feature, like the floating static route, is actually using the tracking object. You can check this with 'show ip route' and observing the administrative distance. If the tracked route has a modified AD, it will not appear in the routing table when the track is down. Finally, remember that IP SLA probes must be able to reach the target. If there is a firewall in the path blocking ICMP, the probe will fail. Use the appropriate operation type that the firewall allows, such as TCP connection to a specific port. For exam purposes, practice by setting up a small lab with two routers connected to a third router that acts as a target. Configure IP SLA on the first router, track the result, and create a floating static route. Observe how the route changes when you simulate a failure by shutting the interface or adding delay.
Memory Tip
Think of IP SLA as the network's health monitor: it checks the pulse (latency) and blood oxygen (packet loss) of a path, and when the patient is sick, the router calls in a backup route.
Covered in These Exams
Related Glossary Terms
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
An A record is a DNS record that maps a domain name to the IPv4 address of the server hosting that domain.
Frequently Asked Questions
Can IP SLA measure more than just ping times?
Yes, IP SLA can measure jitter, packet loss, voice quality (MOS), TCP connect time, HTTP response time, and more. You choose the operation type based on what you need to monitor.
Does IP SLA work across the internet?
Yes, you can configure IP SLA to send probes to any IP address reachable from your router, including public internet destinations like 8.8.8.8. However, be aware that public internet performance can be unpredictable and may trigger false positives.
Will IP SLA cause high CPU usage on my router?
It can if you configure many operations with very short frequencies. For typical use, 5 to 15 operations with a 5 to 10 second frequency have minimal impact on modern routers. Older routers may need lower frequencies.
What is the difference between IP SLA and a simple ping from a router?
A ping is a manual one-time test. IP SLA is automated, scheduled, and its results can be used to trigger routing changes. IP SLA also offers many more metric types and integration with tracking objects.
Can I use IP SLA with dynamic routing protocols like EIGRP or OSPF?
Yes, by using route maps that reference tracking objects. You can manipulate route metrics or prefix distribution based on IP SLA results, though it is more complex than using static routes.
How do I verify that my IP SLA configuration is working?
Use the command 'show ip sla statistics' to see the latest results of each operation. Use 'show track' to confirm the tracking object state. Use 'show ip route' to see if the expected route is in the table.
What happens if the IP SLA target goes down permanently?
The IP SLA operation will show a timeout or failure state, the tracking object will go Down, and the backup path will remain active until the target recovers or you reconfigure the probe to use a different target.
Summary
IP SLA for Path Control is a powerful Cisco IOS feature that allows networks to respond dynamically to performance degradation, not just complete link failures. By generating synthetic traffic and measuring metrics like latency, packet loss, and jitter, IP SLA provides real-time health data about network paths. This data is fed into tracking objects, which can then influence routing decisions through floating static routes, policy-based routing, or route map manipulation.
For certification exams like the CCNP ENCOR and SCOR, you must understand how to configure IP SLA operations, create tracking objects, and apply them to path control mechanisms. Avoid common mistakes such as forgetting to schedule the operation, using a frequency that is too aggressive, or failing to add a delay to prevent flapping. Remember that IP SLA measures performance, not just reachability, and that the feature consumes router resources.
When studying, focus on the relationship between the IP SLA operation, the tracking object, and the routing decision. Mastering this topic will help you build self-healing networks that maintain application performance even under adverse conditions.