![IP SLA Configuration for Failover: Step-by-Step Guide with EVE-NG Lab & CLI [2025]. [CCNP ENTERPRISE]](https://networkjourney.com/wp-content/uploads/2025/06/IP-SLA-Configuration-for-Failover_networkjourney.png)
Today I want to take you into one of the most practical tools you can add to your network reliability toolkit: IP SLA with tracking for failover.
Back when I was setting up redundant internet links for my enterprise clients, we needed a way to automatically switch to a backup route without manual intervention. That’s where IP SLA + tracking became my best friend.
If you’re building dual WAN, managing backup ISPs, or designing resilient routing, this guide will simplify the failover magic you need—plus, I’ve added a mini EVE-NG lab, real CLI, and use cases.
Table of Contents
Theory in Brief – What is IP SLA?
IP SLA (Service-Level Agreement) is a Cisco feature that monitors connectivity and performance by sending synthetic traffic (like pings or HTTP probes) to a target. When used with tracking and static routing, it enables automatic route failover.
Why It Matters:
Imagine your primary ISP goes down. Without IP SLA, your router keeps sending traffic to a dead link. With IP SLA, the router automatically removes the failed route and uses a backup link.
Common Use Cases:
- Dual ISP failover at branch
- Backup WAN connectivity for critical apps
- Monitoring remote hosts or cloud endpoints
Comparison – Pros and Cons of IP SLA Failover
| Feature | IP SLA with Tracking | Static Route without SLA |
|---|---|---|
| Automatic Failover | Yes | No |
| WAN Link Monitoring | Yes (ICMP, HTTP, etc.) | None |
| Supports Layer 3 Failover | Yes | No |
| Configuration Complexity | Moderate | Simple |
| Compatibility (Cisco) | All IOS platforms | All platforms |
| Ideal For | Branch/Edge routers, Dual WAN | Simple environments |
| Drawback | Slight CPU impact if many probes | No fallback on link failure |
Essential CLI Commands – IP SLA + Tracking
| Task | Command Example | Notes |
|---|---|---|
| Define SLA operation (ping) | ip sla 1 icmp-echo 8.8.8.8 source-interface G0/0 | Monitor primary link target |
| Set schedule for SLA | ip sla schedule 1 life forever start-time now | SLA starts running continuously |
| Configure track object | track 1 ip sla 1 reachability | Ties SLA to tracking |
| Apply to route | ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1 | Route removed if SLA fails |
| Add backup static route | ip route 0.0.0.0 0.0.0.0 192.168.2.1 254 | Used only if primary fails |
| Verify SLA status | show ip sla statistics | See probes and response time |
| Verify tracking status | show track | Track state: up or down |
Real-World Use Case
| Scenario | Description | Solution Using IP SLA |
|---|---|---|
| Branch with Dual ISP | Primary: Fiber, Backup: 4G LTE | SLA on Google DNS, track G0/0 |
| Remote Office VPN Backup | HQ tunnel must shift to LTE if ISP fails | SLA to tunnel IP, backup default |
| Cloud App Failover | Route fails over if AWS endpoint becomes unreachable | SLA on HTTPS or TCP port |
| IoT Network Stability | Monitor MQTT broker availability | SLA with port TCP probe |
| Enterprise with MPLS + Internet | Fail to internet if MPLS dies | SLA track MPLS gateway |
EVE-NG LAB – IP SLA with Dual ISP Failover
Objective:
Configure automatic failover between two ISPs using IP SLA.
Topology Diagram
- G0/0 connects to ISP1: 192.168.1.1
- G0/1 connects to ISP2: 192.168.2.1
Step-by-Step Configuration
Define IP SLA Operation
ip sla 1 icmp-echo 8.8.8.8 source-interface Gig0/0 timeout 1000 frequency 3 ip sla schedule 1 life forever start-time now
Track SLA
track 1 ip sla 1 reachability
Add Static Routes with Tracking
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1 ip route 0.0.0.0 0.0.0.0 192.168.2.1 254
Verifications
show ip route show ip sla statistics show track
Simulate failure by shutting G0/0 and observe route failover.
Troubleshooting Tips
| Symptom | Likely Cause | Fix / Command |
|---|---|---|
| Backup route not taking over | Track object not down | Check show track |
| No SLA data | SLA not scheduled | ip sla schedule missing |
| SLA probe fails unexpectedly | Incorrect source-interface or ACL | Verify source IP, check ACLs |
| Failover delay too long | High frequency/timer values | Reduce SLA frequency/timeout |
| CPU spikes on router | Too many SLA operations | Optimize or limit SLA count |
FAQ – IP SLA Configuration for Failover
1. What is IP SLA and how does it help with failover in Cisco networks?
Answer:
IP SLA (Service Level Agreement) is a Cisco feature that enables real-time monitoring of network performance by sending active probes such as ICMP echo, HTTP GET, UDP jitter, and more. When used with tracking and routing, IP SLA allows routers to detect link failures or performance degradation and initiate automatic failover to a secondary path, maintaining network availability and resilience.
2. What are the main components needed to configure IP SLA-based failover?
Answer:
To implement IP SLA for failover, you need:
- An IP SLA operation (e.g., ICMP Echo)
- A tracking object tied to the SLA result
- A static or default route with a tracking condition
- A backup route with a higher administrative distance
This logic ensures that the primary route is removed when the SLA test fails, and traffic shifts to the secondary path.
3. How does IP SLA detect a primary path failure?
Answer:
IP SLA continuously sends probes (e.g., pings) to a monitored destination, such as the remote next-hop or a public IP like 8.8.8.8. If the destination becomes unreachable due to a physical or logical failure, the SLA operation fails, causing the tracking object to transition to “down” state, which in turn invalidates the primary route, triggering failover.
4. Can IP SLA work with dynamic routing protocols like EIGRP or OSPF?
Answer:
Yes, but not directly. IP SLA is most commonly used with static routing, but it can influence dynamic protocols using:
- Route maps
- Object tracking with redistribution filters
- Policy-based routing (PBR) in advanced cases
However, native failover within routing protocols (e.g., EIGRP variance or OSPF cost) is usually preferred unless precise control is needed.
5. What are some typical SLA probes supported in IP SLA?
Answer:
Cisco IP SLA supports multiple probe types, including:
- ICMP Echo (ping)
- UDP jitter (VoIP simulation)
- TCP connect
- HTTP GET
- DNS lookup
- DHCP, FTP, VoIP (RTT) tests
For failover scenarios, ICMP Echo is the most commonly used due to its simplicity and support across platforms.
6. How frequently should IP SLA probes run for effective failover?
Answer:
A common configuration uses:
- Probe interval: 5–10 seconds
- Timeout: 1–2 seconds
- Threshold: Number of failed probes before declaring down
This strikes a balance between fast convergence and avoiding false positives due to transient issues. Example:
ip sla 1 icmp-echo 8.8.8.8 source-interface Gig0/0 frequency 5
7. What happens when the primary link comes back up?
Answer:
When IP SLA detects the target is reachable again, the tracking object returns to “up”, and the primary route is automatically reinstated, replacing the backup route (assuming it’s still preferred by administrative distance). This ensures fail-back is seamless and automatic, with no manual intervention.
8. How can I verify if IP SLA and tracking are working correctly?
Answer:
Use the following Cisco commands:
show ip sla statistics show track show ip route
These show:
- IP SLA test success/failure status
- Track object status (Up/Down)
- Active route in the routing table
Real-time verification is crucial during lab testing and production rollout.
9. Can I use IP SLA with multiple ISPs for dual internet redundancy?
Answer:
Absolutely. IP SLA is commonly used for dual ISP failover, where:
- The primary ISP is monitored via an ICMP Echo
- The route via ISP 1 is tracked
- If ISP 1 fails, the router falls back to ISP 2
This is particularly useful in SD-WAN edge, branch routers, and SOHO setups.
10. Is IP SLA supported on all Cisco routers and IOS versions?
Answer:
IP SLA is widely supported on most ISR, ASR, and Catalyst routers/switches running Cisco IOS or IOS-XE. However, certain features (like HTTP probes or object tracking) may require:
- IP SLA responder support
- Advanced IP services license (legacy)
- Newer IOS-XE images (on C8000 or ISR1100 platforms)
Always verify platform compatibility via Cisco Feature Navigator.
YouTube Link
Watch the Complete CCNP Enterprise: IP SLA Configuration for Failover: Step-by-Step Guide with EVE-NG Lab & CLI Lab Demo & Explanation on our channel:
Final Note
Understanding how to differentiate and implement IP SLA Configuration for Failover: Step-by-Step Guide with EVE-NG Lab & CLI is critical for anyone pursuing CCNP Enterprise (ENCOR) certification or working in enterprise network roles. Use this guide in your practice labs, real-world projects, and interviews to show a solid grasp of architectural planning and CLI-level configuration skills.
If you found this article helpful and want to take your skills to the next level, I invite you to join my Instructor-Led Weekend Batch for:
CCNP Enterprise to CCIE Enterprise – Covering ENCOR, ENARSI, SD-WAN, and more!
Get hands-on labs, real-world projects, and industry-grade training that strengthens your Routing & Switching foundations while preparing you for advanced certifications and job roles.
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088
Upskill now and future-proof your networking career!
![Virtual Network Functions (VNFs) – The Future of Flexible Networking [CCNP Enterprise]](https://networkjourney.com/wp-content/uploads/2025/06/Virtual-Network-Functions-_VNFs-–-The-Future-of-Flexible-Networking-_networkjourney.png)
![Redundancy Unleashed: Keeping Enterprise Networks Always-On [CCNP Enterprise]](https://networkjourney.com/wp-content/uploads/2025/06/Redundancy-Unleashed_-Keeping-Enterprise-Networks-Always-On_networkjourney.png)
![Network Design: High Availability vs Load Balancing – Know When to Choose What? [CCNP Enterprise]](https://networkjourney.com/wp-content/uploads/2025/06/Network-Design_High-Availability-vs-Load-Balancing-–-Know-When-to-Choose-What_networkjourney.png)