Imagine your network's routing decisions are made based on a blindfolded guess about whether a remote server is reachable. That's the reality without IP SLA and Object Tracking. This chapter covers exam objective 4.3, teaching you how to use IP Service Level Agreements (SLA) to measure actual network performance and then use Object Tracking to trigger routing changes when those measurements fall below thresholds. This is how real enterprises build resilient, self-healing networks that don't rely on simple interface up/down states.
Jump to a section
Think of a traditional routing protocol like a traffic light that operates on a fixed timer. It changes from green to red regardless of whether there's actually any cross-traffic. Similarly, a routing protocol like HSRP or static routing will keep sending traffic down a primary link even if that link is congested or the remote server is down, as long as the interface is up. IP SLA with Object Tracking is like adding a radar sensor to that traffic light. The radar continuously measures the actual traffic flow in the cross street. It tracks metrics like the number of cars waiting (latency) or whether any cars are present (reachability). A traffic management computer (the tracking object) receives this sensor data. If the sensor reports no cars for 10 seconds (a threshold), the computer sends a signal to the traffic light controller to switch to a different timing plan (like a backup route). In networking, the IP SLA 'sensor' sends probe packets (like ICMP echo or UDP jitter) to a target. The 'radar data' (response time, packet loss) is recorded. The 'traffic management computer' is the tracking object that monitors a specific metric, like whether the average round-trip time exceeds 200ms. When the threshold is breached, the tracking object changes state from 'up' to 'down'. This state change is then used by a routing protocol (like HSRP or PBR) or a static route to trigger a failover. Without the radar, the traffic light would blindly follow its timer; without IP SLA, your router blindly follows its routing table, blind to actual path quality.
What is IP SLA and Object Tracking?
IP Service Level Agreement (SLA) is a Cisco IOS feature that allows a router to generate synthetic traffic (probe packets) and measure network performance metrics like latency, jitter, packet loss, and reachability. Object Tracking is a separate mechanism that monitors the state of a 'tracked object' – which can be an IP SLA operation, a line protocol, or even an IP route – and changes its state (Up/Down) based on defined thresholds. When the tracked object goes down, it can trigger a change in routing behavior, such as adjusting HSRP priority, removing a static route, or modifying policy-based routing.
How IP SLA Works Step by Step
Configuration: An IP SLA operation is configured with a type (e.g., ICMP Echo, UDP Jitter, TCP Connect), a target IP address, and parameters like frequency and timeout.
Scheduling: The operation is scheduled to start and run continuously or for a specific duration.
Probe Generation: The router generates probe packets according to the configured type. For ICMP Echo, it sends an ICMP Echo Request to the target.
Response Monitoring: The router waits for a response. If a response is received within the timeout, the round-trip time (RTT) is recorded. If no response is received, the probe is considered lost.
Statistics Collection: The router maintains statistics: number of successes, failures, average RTT, jitter, etc. These are updated each time a probe completes.
Threshold Monitoring: An IP SLA operation can be associated with a reaction configuration that triggers when a threshold (e.g., RTT > 200ms) is exceeded.
Object Tracking Mechanism
Object Tracking uses a tracking object that monitors one or more items (like an IP SLA operation, interface line protocol, or IP route). The tracking object has a state: Up (tracked item is reachable/operational) or Down (tracked item is unreachable/failed). The state is determined by:
For IP SLA: The tracking object monitors the IP SLA operation's state. If the operation returns 'success' (within thresholds), the object is Up. If it returns 'failure' or 'timeout', the object is Down.
For interface line protocol: The object is Up if the interface is up/up, Down if any other state.
For IP route: The object is Up if the route exists in the routing table, Down if not.
Key Timers, Thresholds, and Defaults
IP SLA frequency: Default is 60 seconds between probes. Can be set from 1 to 604800 seconds.
IP SLA timeout: Default is 5000 milliseconds (5 seconds). Must be less than frequency.
IP SLA threshold: Default is 5000 ms. Used for reaction configuration; can be set to any value.
Tracking object delay: Default is 0 seconds. Can be configured to delay the state change (up/down) to prevent flapping.
HSRP decrement: Default is 10. When a tracked object goes down, HSRP priority is decreased by this value.
IOS CLI Verification Commands
To verify IP SLA operations:
show ip sla configuration
show ip sla statistics
show ip sla summaryExample output of show ip sla statistics:
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Type of operation: icmp-echo
Latest RTT: 10 milliseconds
Latest operation start time: 12:00:00 UTC Mon Mar 1 2021
Latest operation return code: OK
Number of successes: 100
Number of failures: 0
Operation time to live: ForeverTo verify tracking objects:
show track
show track briefExample output of show track:
Track 1
IP SLA 1 state
State is Up
3 changes, last change 00:00:05
Latest operation return code: OK
Latest RTT (millisecs): 10
Tracked by:
HSRP GigabitEthernet0/0 10Interaction with Related Protocols
HSRP/VRRP/GLBP: Object tracking can adjust the priority of a virtual router group. When a tracked object goes down, the priority is decremented, potentially causing a failover to the standby router.
Static Routes: A static route can be configured with a 'track' keyword. If the tracked object is down, the static route is removed from the routing table.
Policy-Based Routing (PBR): A route map can use 'set next-hop' with a track option. If the tracked object is down, the next-hop is not used.
Enhanced Object Tracking (EOT): Allows multiple objects to be combined with Boolean logic (AND, OR) for more complex conditions.
Create an IP SLA operation
Enter global configuration mode and define an IP SLA operation with an ID number (1-2147483647). Specify the type of probe (e.g., icmp-echo) and the target IP address. For example: ``` ip sla 1 icmp-echo 192.168.1.1 frequency 10 timeout 2000 threshold 100 ``` This creates operation 1, sending an ICMP Echo Request to 192.168.1.1 every 10 seconds, waiting 2 seconds for a reply, and considering a response time over 100ms as a threshold violation.
Schedule the IP SLA operation
The operation must be scheduled to start. Use the `ip sla schedule` command: ``` ip sla schedule 1 life forever start-time now ``` This starts operation 1 immediately and runs it indefinitely. You can also specify a specific start time or duration. Without scheduling, the operation remains inactive.
Configure a tracking object for the IP SLA
Create a tracking object that monitors the IP SLA operation. Use the `track` command: ``` track 1 ip sla 1 reachability ``` This creates track 1 that monitors the reachability of IP SLA operation 1. The tracking object will be Up when the IP SLA returns 'OK', and Down when it returns any failure. You can also track other metrics like rtt or state.
Apply the tracking object to a routing decision
Use the tracked object to influence routing. For HSRP, apply it under the interface configuration: ``` interface GigabitEthernet0/0 standby 10 ip 192.168.1.254 standby 10 priority 100 standby 10 track 1 decrement 20 ``` If track 1 goes Down, HSRP priority decreases by 20, potentially causing a failover. For static routes: ``` ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1 ``` If track 1 is Down, the default route is removed from the routing table.
Verify the configuration
Use verification commands to confirm IP SLA and tracking are working: ``` show ip sla statistics show track ``` Check that the IP SLA shows 'OK' and the track is Up. If the track is Down, troubleshoot the IP SLA operation (reachability, ACLs, routing). Test by causing a failure (e.g., shutdown the target) and verify the state changes.
Tune thresholds and delay to prevent flapping
To avoid rapid state changes due to intermittent issues, configure thresholds and delays. For IP SLA, set a threshold that triggers a reaction. For tracking, use the `delay` command: ``` track 1 ip sla 1 reachability delay down 10 up 5 ``` This delays the transition to Down by 10 seconds and to Up by 5 seconds. This prevents flapping and ensures stability.
Scenario 1: Dual-Homed Internet with Failover
A company has two ISP connections: primary (ISP1) via a T1 and backup (ISP2) via a cable modem. The edge router has a default route pointing to ISP1 with a track. IP SLA pings a reliable target (e.g., 8.8.8.8) through ISP1. If the ping fails for three consecutive probes (configurable via threshold), the track goes down, removing the default route. The floating static route to ISP2 then becomes active. This is more intelligent than just interface tracking because it detects failures beyond the first hop (e.g., ISP1's router is up but the internet is down).
Scenario 2: HSRP with Uplink Tracking
Two routers provide gateway redundancy for a VLAN. Each router has a separate uplink to the corporate core. Using IP SLA, each router pings a server on the core. If Router A loses its uplink, the IP SLA fails, track goes down, HSRP priority drops, and Router B becomes active. This ensures traffic always exits via a router with a working uplink.
Common Pitfalls:
Forgetting to schedule the IP SLA operation – it will never start.
Using an unreachable target – the track will always be down.
Setting frequency too high (e.g., every 1 second) can cause CPU spikes.
Not configuring ACLs to allow IP SLA traffic – the router may not send probes correctly.
Misunderstanding that object tracking only works for entries in the routing table, not for all routes (e.g., a static route with track will be removed, but a dynamic route will not be removed automatically).
What the CCNA 200-301 Exam Tests
Objective 4.3 covers 'Configure and verify IP SLA and Object Tracking'. The exam expects you to understand the concept, know how to configure basic IP SLA (ICMP echo) and link it to a tracking object, and then apply that tracking to influence HSRP or static routes. You are NOT expected to configure advanced IP SLA types like UDP jitter or VoIP. Focus on:
The command syntax for IP SLA, schedule, track, and application to HSRP/static routes.
The default timers (frequency 60s, timeout 5000ms).
The difference between tracking 'reachability' vs 'state'.
How HSRP priority decrement works with tracking.
Common Wrong Answers
'Object tracking can monitor any routing protocol' – Wrong. Object tracking monitors specific objects (IP SLA, interface, route), not the health of a routing protocol like OSPF. It can only influence routing by changing static routes or HSRP priority.
'IP SLA uses the same source IP as the outgoing interface' – Wrong. IP SLA uses a specific source IP (configurable) or the interface IP. If not configured, it uses the interface IP. Candidates often forget this and think it uses the loopback.
'HSRP priority decrement is always 10' – Wrong. The default decrement is 10, but it can be configured. The exam might ask about the default.
'Tracking an IP SLA operation requires the operation to be scheduled' – Correct, but candidates often skip scheduling and wonder why the track stays down.
Exam Strategy
When faced with a scenario question about failover, look for clues that the failure is not just interface down. If the scenario describes a remote server being unreachable but the link is up, IP SLA with tracking is the solution. If the question asks about adjusting HSRP priority based on uplink health, think 'track'.
IP SLA generates synthetic traffic (probes) to measure network performance metrics like latency, jitter, and reachability.
Object Tracking monitors a tracked object (IP SLA, interface, route) and changes state (Up/Down) based on thresholds.
Default IP SLA frequency is 60 seconds; default timeout is 5000 ms.
To use IP SLA, you must create an operation, schedule it, and create a track object.
Tracking can be applied to HSRP (via priority decrement), static routes (via track keyword), or PBR.
Default HSRP priority decrement when a track goes down is 10.
The 'delay' command on a track object prevents flapping by delaying state changes.
IP SLA with Object Tracking provides application-aware failover beyond simple interface up/down detection.
These come up on the exam all the time. Here's how to tell them apart.
IP SLA with Object Tracking
Monitors end-to-end reachability (e.g., ping to a server).
Can detect failures beyond the first hop (e.g., ISP router up but internet down).
Requires configuration of IP SLA and tracking object.
More flexible: can track multiple metrics (RTT, loss).
Slower to react (depends on probe frequency).
Interface Tracking (no IP SLA)
Monitors only local interface state (up/up or not).
Cannot detect remote failures; only local link status.
Simpler: just 'standby track interface' command.
Limited to interface up/down.
Faster reaction (immediate on interface state change).
Mistake
IP SLA only works with ICMP echo probes.
Correct
IP SLA supports many probe types: ICMP echo, UDP echo, TCP connect, HTTP, DNS, DHCP, etc. CCNA focuses on ICMP echo, but the feature is broader.
Candidates see only icmp-echo examples and assume that's the only type.
Mistake
Object tracking can directly monitor the state of a routing protocol like OSPF.
Correct
Object tracking monitors specific objects: IP SLA, interface line-protocol, or IP route. It cannot directly monitor OSPF adjacency; you would need to track a route learned via OSPF.
Candidates think tracking can be used for any network health metric.
Mistake
Once configured, IP SLA starts immediately without scheduling.
Correct
IP SLA operations must be explicitly scheduled using the 'ip sla schedule' command. Without scheduling, the operation remains inactive.
Candidates forget this step and wonder why the track stays down.
Mistake
HSRP priority decrement is always 10 when tracking is used.
Correct
The default decrement is 10, but it can be configured to any value (1-255) using the 'decrement' keyword. The exam may test the default.
Candidates assume the decrement is fixed because it's often shown as 10 in examples.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
'Reachability' tracks whether the IP SLA operation's return code is 'OK' (success) or not. It is the most common. 'State' tracks the administrative state of the IP SLA operation (active, pending, etc.). For failover, you typically use 'reachability' because you care about successful probes. 'State' is more about whether the operation itself is configured correctly. On the exam, if the scenario is about path health, choose 'reachability'.
Yes, IP SLA can probe any IP address reachable via routing. The probe packets are routed normally. However, you must ensure that the return path is symmetric and that ACLs allow the probe traffic. If the target is across a firewall, you may need to permit ICMP or the specific probe type. This is often used to test end-to-end connectivity to a server in a data center.
You configure 'standby <group> track <track-number> decrement <value>' under the interface. When the track goes Down, the HSRP priority is decreased by the decrement value (default 10). If the priority of the active router drops below the standby's priority, the standby takes over. This allows HSRP to react to path failures, not just interface failures.
The IP SLA probe will fail (timeout), the track will go Down, and any associated actions (like HSRP priority decrement or static route removal) will occur. However, this could cause a failover even if the remote target is actually reachable via a different path. This is a limitation: IP SLA tests a specific path based on the routing table at the time of the probe. For more complex scenarios, you might use multiple IP SLA operations or more advanced tracking.
Yes, using Enhanced Object Tracking (EOT). You can combine multiple tracked objects with Boolean logic (AND, OR). For example, 'track 10 list boolean and' then add 'object 1' and 'object 2'. The track is Up only if both objects are Up. This is useful for requiring multiple conditions before considering a path healthy.
5000 milliseconds (5 seconds). This is the time the router waits for a response before considering the probe lost. It must be less than the frequency. If you set frequency to 10 seconds, timeout can be up to 10 seconds but should be less to allow time for retries if configured.
Yes, IP SLA supports IPv6 probe types (e.g., icmp-echo for IPv6). The configuration is similar but uses IPv6 addresses. Object tracking can also track IPv6 IP SLA operations. However, the CCNA exam focuses on IPv4, so you are unlikely to see IPv6 IP SLA questions.
You've just covered IP SLA with Object Tracking — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?