Download presentation
Presentation is loading. Please wait.
Published byBrandon Nelson Modified over 9 years ago
1
Chapter 2: Configuring the Enhanced Interior Gateway Routing Protocol
Cisco Networking Academy Program CCNP ROUTE: Implementing IP Routing Chapter 2: Configuring the Enhanced Interior Gateway Routing Protocol CCNP ROUTE: Implementing IP Routing
2
Chapter 2 Objectives Describe the basic operation of EIGRP.
Plan and implement EIGRP routing. Configure and verify EIGRP routing. Configure and verify basic EIGRP in an enterprise WAN. Configure and verify EIGRP Authentication. Describe and configure EIGRP optimization mechanisms; verify and troubleshoot the overall implementation. Chapter 2 Objectives
3
Understanding EIGRP Terminology and Operation
4
EIGRP Capabilities and Attributes
EIGRP is a Cisco-proprietary distance-vector protocol with link-state features. EIGRP features include: Fast convergence Partial updates Multiple network layer support Use of multicast and unicast communication Variable-length subnet masking (VLSM) support Seamless connectivity across all data link layer protocols and topologies By default, it performs automatic route summarization at major network boundaries (can be disabled) but can also be configured to summarize on interfaces. Fast convergence—EIGRP uses DUAL to achieve rapid convergence. A router running EIGRP stores its neighbors’ routing tables so that it can quickly adapt to changes in the network. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternative route. These queries are propagated until an alternative route is found, or it is determined that no alternative route exists. Partial updates—EIGRP sends partial triggered updates instead of periodic updates. These updates are sent only when the path or the metric for a route changes; they contain information about only that changed link rather than the entire routing table. Propagation of these partial updates is automatically bounded so that only those routers that require the information are updated. As a result, EIGRP consumes significantly less bandwidth than IGRP. This behavior is also different than link-state protocol operation, which sends a change update to all routers within an area. Multiple network layer support—EIGRP supports IP version 4 (IPv4), IP version 6 (IPv6), AppleTalk, and Novell NetWare Internetwork Packet Exchange (IPX) using protocol-dependent modules that are responsible for protocol requirements specific to the network layer. EIGRP’s rapid convergence and sophisticated metric offer superior performance and stability when implemented in IP, IPv6, IPX, and AppleTalk networks. Use of multicast and unicast—EIGRP uses multicast and unicast for communication between routers, rather than broadcast. As a result, end stations are unaffected by routing updates or queries. The multicast address used for EIGRP is Other EIGRP features include the following: Variable-length subnet masking (VLSM) support—EIGRP is a classless routing protocol, which means that it advertises a subnet mask for each destination network; this enables EIGRP to support discontinuous subnetworks and VLSM. Seamless connectivity across all data link layer protocols and topologies—EIGRP does not require special configuration to work across any Layer 2 protocols. Other routing protocols, such as Open Shortest Path First (OSPF), require different configurations for different Layer 2 protocols, such as Ethernet and Frame Relay (as you will see in Chapter 3, “Implementing an OSPF-based Solution”). EIGRP was designed to operate effectively in both local-area network (LAN) and wide-area network (WAN) environments. In multiaccess topologies, such as Ethernet, neighbor relationships (also known as neighborships) are formed and maintained using reliable multicasting. EIGRP supports all WAN topologies: dedicated links, point-to-point links, and nonbroadcast multiaccess (NBMA) topologies. EIGRP accommodates differences in media types and speeds when neighbor adjacencies form across WAN links. The amount of bandwidth that EIGRP uses on WAN links can be limited. Sophisticated metric—EIGRP uses the same algorithm for metric calculation as IGRP, but represents values in a 32-bit format, rather than IGRP’s 24-bit format, to give additional granularity (thus, the EIGRP metric is the IGRP metric multiplied by 256). A significant advantage of EIGRP (and IGRP) over other protocols is its support for unequal metric load balancing that allows administrators to better distribute traffic flow in their networks.
5
EIGRP Terminology Neighbor table Topology table Routing table
Advertised Distance (AD) Feasible Distance (FD) Successor Feasible successor (FS) Passive Versus Active Routes
6
EIGRP Tables Neighbor table Topology table Routing table
Contains EIGRP neighbor addresses and the interface through which they can be reached. Topology table Contains all destinations advertised by neighboring routers. Routing table Contains EIGRP successor routes. Neighbor table EIGRP routers use hello packets to discover neighbors. When a router discovers and forms an adjacency with a new neighbor, it includes the neighbor’s address and the interface through which it can be reached in an entry in the neighbor table. This table is comparable to the neighborship (adjacency) database used by link-state routing protocols (as described in Chapter 3). It serves the same purpose—ensuring bidirectional communication between each of the directly connected neighbors. EIGRP keeps a neighbor table for each network protocol supported; in other words, the following tables could exist: an IP neighbor table, an IPv6 neighbor table, an IPX neighbor table, and an AppleTalk neighbor table. Topology table When the router dynamically discovers a new neighbor, it sends an update about the routes it knows to its new neighbor and receives the same from the new neighbor. These updates populate the topology table. The topology table contains all destinations advertised by neighboring routers; in other words, each router stores its neighbors’ routing tables in its EIGRP topology table. If a neighbor is advertising a destination, it must be using that route to forward packets; this rule must be strictly followed by all distance vector protocols. An EIGRP router maintains a topology table for each network protocol configured (IP, IPv6, IPX, and AppleTalk). Routing table The routing table holds the best routes to each destination and is used for forwarding packets; EIGRP successor routes are offered to the routing table. As discussed in Chapter 1, “Routing Services,” if a router learns more than one route to exactly the same destination from different routing sources, it uses the administrative distance to determine which route to keep in the routing table. By default, up to 4 routes to the same destination with the same metric can be added to the routing table (recall that the router can be configured to accept up to 16 per destination). The router maintains one routing table for each network protocol configured.
7
AD versus FD Advertised Distance (AD) Feasible Distance (FD)
Advertised distance (AD), also referred to as the Reported Distance, is the cost between the next-hop router and the destination. Feasible Distance (FD) Feasible distance (FD) is the cost between the local router and the next-hop router plus the next-hop router’s AD to the destination network.
8
Successor and Feasible Successor
A successor is a neighboring router that has a least-cost path to a destination (the lowest FD) that is guaranteed not to be part of a routing loop. Successor routes are offered to the routing table to be used for forwarding packets. Multiple successors can exist if they have the same FD. Feasible successor (FS) A feasible successor is a neighbor that is closer to the destination, but it is not the least-cost path. A feasible successor ensures a loop-free topology because it must have an AD less than the FD of the current successor route. Feasible successors are selected at the same time as successors but are kept in the topology table as backups to the successor routes. The topology table can maintain multiple feasible successors for a destination.
9
Passive versus Active Routes
Passive Route A route is considered passive when the router is not performing recomputation on that route. Passive is the operational, stable state. Active route A route is active when it is undergoing recomputation.
10
Key EIGRP Technologies
Reliable Transport Protocol (RTP) Responsible for guaranteed, ordered delivery of EIGRP packets to all neighbors. Neighbor discovery/recovery mechanism Enables EIGRP routers to dynamically learn when their neighbors become unreachable or inoperative by periodically sending small hello packets. Protocol-dependent modules (PDMs) Responsible for network layer protocol-specific requirements such as IP, IPv6, AppleTalk, and Novell NetWare. DUAL finite-state machine Diffusing Update Algorithm (DUAL) is the routing algorithm that tracks all routes advertised by all neighbors and uses distance information, known as the composite metric, to select efficient, loop-free paths to all destinations. Reliable Transport Protocol (RTP) RTP is responsible for guaranteed, ordered delivery of EIGRP packets to all neighbors. RTP supports intermixed transmission of multicast or unicast packets. For efficiency, only certain EIGRP packets are transmitted reliably. For example, on a multiaccess network that has multicast capabilities, such as Ethernet, it is not necessary to send hello packets reliably to all neighbors individually, so EIGRP sends a single multicast hello packet containing an indicator that informs the receivers that the packet need not be acknowledged. Other types of packets, such as updates, indicate in the packet that acknowledgment is required. RTP contains a provision for sending multicast packets quickly even when unacknowledged packets are pending, which helps ensure that convergence time remains low in the presence of varying speed links. Neighbor discovery/recovery mechanism EIGRP's neighbor discovery mechanism enables routers to dynamically learn about other routers on their directly attached networks. Routers also must discover when their neighbors become unreachable or inoperative. This process is achieved with low overhead by periodically sending small hello packets. As long as a router receives hello packets from a neighboring router, it assumes that the neighbor is functioning, and the two can exchange routing information. DUAL finite-state machine DUAL embodies the decision process for all route computations. DUAL tracks all routes advertised by all neighbors and uses distance information, known as the composite metric or cost, to select efficient, loop-free paths to all destinations. Protocol-dependent modules EIGRP’s protocol-dependent modules are responsible for network layer protocol-specific requirements. EIGRP supports IP, IPv6, AppleTalk, and IPX; each protocol has its own EIGRP module and operates independently from any of the others that might be running. The IP-EIGRP module, for example, is responsible for sending and receiving EIGRP packets that are encapsulated in IP. Likewise, IP-EIGRP is also responsible for parsing EIGRP packets and informing DUAL of the new information that has been received. IP-EIGRP asks DUAL to make routing decisions, the results of which are stored in the IP routing table. IP-EIGRP is also responsible for redistributing routes learned by other IP routing protocols.
11
Reliable Transport Protocol
EIGRP cannot use the services of UDP or TCP since IPX and Appletalk do not use the TCP/IP protocol suite. Reliable Transport Protocol (RTP) is the Transport layer protocol uniquely used by EIGRP for the delivery and reception of EIGRP packets. RTP is similar to TCP but is a Cisco proprietary. RTP provides reliable or unreliable service as the situation warrants. Reliable packets (Update, Query, Reply) require explicit acknowledgement while unreliable packets (Hello, ACK) do not.
12
Neighbor Discovery / Recovery
EIGRP routers actively establish relationships with their neighbors. Adjacencies are established using small Hello packets which are sent every 5 or 60 seconds. If a neighbor misses 3 consecutive Hello packets then the route is considered invalid. Default = 15 seconds or 180 seconds.
13
Neighbor Discovery / Recovery
14
Protocol-Dependent Modules
Various routed protocols are supported through its PDMs. Provides independence from routed protocols. PDMs are modular, scalable and adaptable. EIGRP can adapt to new or revised routed protocols. PDMs protect EIGRP from painstaking revision. Each PDM is responsible for all functions related to its specific routed protocol.
15
Protocol-Dependent Modules
EIGRP maintains individual tables for each routed protocol.
16
DUAL finite-state machine
DUAL uses the Neighbor and Topology tables to calculate route information. When a link fails, DUAL looks for a feasible successor in its Neighbor and Topology tables. It compares all routes advertised by neighbors by using a composite metric for each route. Lowest-cost paths are then inserted into the routing table.
17
EIGRP Packet Frame Header Frame Payload CRC IP Header Protocol Number
EIGRP Message On a LAN, the EIGRP packet is encapsulated in an Ethernet frame with a destination multicast MAC address: E A The destination IP address is set to the multicast and the EIGRP protocol field is 88. The EIGRP header identifies the type of EIGRP packet and autonomous system number. The EIGRP message consists of the Type / Length / Value (TLV).
18
EIGRP Header EIGRP uses these 5 packet types to maintain its various tables and establish complex relationships with neighbor routers: Hello Acknowledgment Update Query Reply
19
EIGRP Header
20
EIGRP Packet
21
Hello Packets EIGRP relies on Hello packets to discover, verify, and rediscover neighbor routers. EIGRP Hello packets are multicast to Hello packets are always sent unreliably and therefore do not require acknowledgment.
22
EIGRP Hello Packets
23
Hello Packets Hellos are sent at a fixed (and configurable) interval, called the Hello interval. Hello/Hold timers do not need to match. To reset the Hello interval: no ip hello-interval eigrp as# Hello interval depends on the interface’s bandwidth. High bandwidth = 5 seconds Default interval on point-to-point serial links, multipoint circuits with bandwidth greater than T1, and LANs. Low Bandwidth = 60 seconds Default interval on T1 or less multipoint WAN circuits.
24
Hello Packets On hearing Hellos, a router creates a neighbor table and the continued receipt of Hellos maintains the table. Holdtime is the maximum amount of allowed time that Hellos are not heard from a neighbor. Three times the Hello Interval: Low Bandwidth (3 x 60 sec.) = 180 seconds High bandwidth (3 x 5 sec.) = 15 seconds
25
Hello Packets T3
26
Acknowledgement Packets
Are used to indicate receipt of any EIGRP packet during a "reliable" (i.e., RTP) exchange. To be reliable, a sender's message must be acknowledged by the recipient. Acknowledgment packets are: Dataless Hello packets. Unicast.
27
Update Packets After the local router discovers a new neighbor, update packets are sent to the new neighbor. Update packets are also used when a router detects a topology change. The router sends a multicast Update packet to all neighbors, alerting them to the change. All Update packets are sent reliably.
28
Update Packets Update packet
Initially sent after a new neighbor is discovered. Sent when a topology change has been detected.
29
Query and Reply Packets
Query and Reply packets are sent when a destination has no feasible successors. Both packet types are sent reliably. A Query packet is multicasted to other EIGRP routers during the route re-computation process. Query packets are always multicast. A Reply packet is used to respond to a query to instruct the originator not to recompute the route because feasible successors exist. Reply packets are always unicast.
30
Query and Reply Packets
31
EIGRP Message
32
EIGRP Message - TLVs
33
TLV 0x0001 - EIGRP Parameters
K values are used to calculate the EIGRP metric. The Hold Time advertised by a neighbor is the maximum time a router should wait for any valid EIGRP message sent by that neighbor before declaring it dead.
34
TLV 0x0002 - Internal IP Routes
Delay: Sum of delays in units of 10 microseconds from source to destination. Bandwidth: Lowest configured bandwidth on any interface along the route. Prefix length: Specifies the number of network bits in the subnet mask. Destination: The destination address of the route.
35
TLV 0x0003 - External IP Routes
Fields used to track external source of route. Same fields contained in the Internal IP route TLV (0x0002). IP external routes are routes which are imported into EIGRP through redistribution of a default route or other routing protocols.
36
Packet Types Packet Type Use Hello
Used to discover other EIGRP routers in the network. Acknowledgement Used to acknowledge the receipt of any EIGRP packet. Update Convey routing information to known destinations. Query Used to get specific information from a neighbor router. Reply Used to respond to a query.
37
Initial Route Discovery
Process to establish and discover neighbor routes occurs simultaneously in EIGRP: A new router (router A) comes up on the link and sends a hello packet through all of its EIGRP-configured interfaces. Routers receiving the hello packet (router B) on one interface reply with update packets that contain all the routes they have in their routing tables, except those learned through that interface (split horizon). Router B sends an update packet to router A, but a neighbor relationship is not established until router B sends a hello packet to router A. The update packet from router B has the initialization bit set, indicating that this is the initialization process. The update packet includes information about the routes that the neighbor (router B) is aware of, including the metric that the neighbor is advertising for each destination. After both routers have exchanged hellos, and the neighbor adjacency is established, router A replies to router B with an ACK packet, indicating that it received the update information. Router A assimilates all update packets in its topology table. The topology table includes all destinations advertised by neighboring (adjacent) routers. It lists each destination, all the neighbors that can reach the destination, and their associated metric. Router A then sends an update packet to router B. Upon receiving the update packet, router B sends an ACK packet to router A. After router A and router B successfully receive the update packets from each other, they are ready to update their routing tables with the successor routes from the topology table.
38
IP EIGRP Neighbor Table IP EIGRP Topology Table
EIGRP Operations EIGRP selects primary (successor) and backup (feasible successor) routes and injects those into the topology table. The primary (successor) routes are then moved to the routing table. IP EIGRP Neighbor Table Neighbor IP Address Local router exit interface to neighbor List of directly connected adjacent EIGRP neighbor routers and the local interface to exit to reach it. IP EIGRP Topology Table Destination 1 FD / AD via each neighbor List of all routes learned from each EIGRP neighbor and identifies successor routes and feasible successor routes. When a router discovers a new neighbor, an update is sent to and received from its new neighbor populating the topology table (containing destinations advertised by all neighbors) The topology table: Updated when a directly connected route or interface changes or when a neighboring router reports a change to a route Entry for a destination exists in either active or passive state: Passive state: router is not performing a recomputation Active state: router is performing a recomputation Recomputation occurs when the destination has no feasible successors (initiated by sending a query packet to each of the neighboring routers IP Routing Table Destination 1 Best route List of the best (successor) routes from the EIGRP topology table and other routing processes.
39
Example: EIGRP Tables Router C’s tables:
The network shown illustrates router C’s EIGRP tables. Routers A and B have established a neighbor relationship with router C. Both routers A and B have paths to network /24, among many others that are not shown. Router A has an EIGRP metric of 1000 for /24, so router A advertises /24 to router C with a metric of Router C installs the route to /24 via router A in its EIGRP topology table with an advertised distance of 1000. Router B has network /24 with a metric of 1500 in its IP routing table, so router B advertises /24 to router C with an advertised distance of Router C places the route to /24 network via router B in the EIGRP topology table with an advertised distance of 1500. Router C has two entries to reach /24 in its topology table. The EIGRP metric for router C to reach both routers A and B is This cost (1000) is added to the respective advertised distance from each router, resulting in the feasible distances from router C to reach network /24 shown in the figure. Router C chooses the least-cost feasible distance, which is 2000, via router A, and installs it in the IP routing table as the best route to reach /24. The EIGRP metric in the routing table is equal to the feasible distance from the EIGRP topology table. Router A is the successor for the route to /24.
40
EIGRP Neighbor Table R1# show ip eigrp neighbors
SRTT (Smooth Round Trip Timer) and RTO (Retransmit Interval) are used by RTP to manage reliable EIGRP packets. SRTT indicates how long it takes for this neighbor to respond to reliable packets. RTO indicates how long to wait before retransmitting if no ACK is received. R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :07: R1# Neighbor’s IP address Queue count should always be zero otherwise there’s congestion on the link. The sequence number of the last update, query, or reply packet that was received from this neighbor. Amount of time since this neighbor was added to the neighbor table. Lists the order in which a peering session was established with the specified neighbor, starting with 0. How EIGRP uses these tables: EIGRP uses the Neighbor table to list adjacent routers. Topology table lists all learned routes to each destination Routing table contains the best route (successor route) and backup route (feasible successor route) When a neighbor adjacency is formed, it records the neighbor’s address and the interface through which it can be reached as an entry in the neighbor table. One neighbor table exists for each protocol-dependent module. The EIGRP neighbor table is comparable to the adjacencies database that link-state routing protocols use and serves the same purpose: to ensure bidirectional communication between each of the directly connected neighbors. When the hello packet is sent, it advertises a hold time (time a router reports a neighbor as reachable and operational). If a hello packet from a neighboring router is not received within the hold time, it expires, and DUAL is informed of the topology change. The neighbor-table includes information required by RTP. Sequence numbers are used to match acknowledgments with data packets (helping to check out-of-order packets). transmission list is used to queue packets for possible retransmission on a per-neighbor basis. Round-trip timers are kept in the neighbor-table entry to estimate an optimal retransmission interval. Local interface receiving EIGRP Hello packets. Seconds remaining before declaring neighbor down. The current hold time and is reset to the maximum hold time whenever a Hello packet is received.
41
EIGRP Topology Table R1# show ip eigrp topology
Destination network. Number of successors Feasible distance (FD) to the successor R1# show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID( ) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P /16, 1 successors, FD is via ( /28160), Serial0/0/1 R1# Indicates if the route is in passive or active state. The command output also lists the networks known by this router through the EIGRP routing process. The codes used in the first column of this output indicate the state of the entry. Passive and Active refer to the EIGRP state with respect to this destination. Update, Query, and Reply refer to the type of packet being sent. The codes are as follows: Passive (P)—This network is available, and installation can occur in the routing table. Passive is the correct state for a stable network, indicating that no EIGRP computations are being performed for this route. Active (A)—This network is currently unavailable, and installation cannot occur in the routing table. Being active means that outstanding queries exist for this network, indicating that EIGRP computations are being performed for this route. Update (U)—This network is being updated (indicating that an update packet is being sent). This code also applies if the router is waiting for an acknowledgment for this update packet. Query (Q)—There is an outstanding query packet for this network, indicating that a query packet was sent. This code also applies if the router is waiting for an acknowledgment for a query packet. Reply (R)—The router is generating a reply for this network, indicating that a reply packet was sent, or is waiting for an acknowledgment for the reply packet. Stuck-in-active (S)—There is an EIGRP convergence problem for this network. Next-hop address for successor. Feasible distance (FD) to the successor Advertised distance (AD) from the successor Outbound interface to reach the network.
42
EIGRP Routing Table R1# show ip route <output omitted>
Local router exit interface to destination network Next-hop address to reach the network Time indicating the last update packet received EIGRP route Destination network Administrative distance Feasible distance R1# show ip route <output omitted> Gateway of last resort is not set D /16 [90/ ] via , 00:02:22, Serial0/0/1 /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:31:31, Null0 C /24 is directly connected, FastEthernet0/0 R1# Notice that the routing table includes routes, to null0, for the advertised (summarized) routes. Cisco IOS Software automatically puts these routes in the table; they are called summary routes. Null 0 is a directly connected, software-only interface. The use of the null0 interface prevents the router from trying to forward traffic to other routers in search of a more precise, longer match. For example, if the R1 router in Figure 2-20 receives a packet to an unknown subnet that is part of the summarized range— for example—the packet matches the summary route based on the longest match. The packet is forwarded to the null0 interface (in other words, it is dropped, or sent to the bit bucket), which prevents the router from forwarding the packet to a default route and possibly creating a routing loop. Summary route automatically created as the result of the default classful behavior of EIGRP.
43
EIGRP Administrative Distance (AD)
EIGRP default administrative distances Routes manually summarized. Routes redistributed into EIGRP.
44
DUAL Example Router D Router C Router E 10.1.1.0 /24 A B D
EIGRP FD AD Topology /24 2 ***** Passive ***** via B 1 Successor via C 5 3 (1) (1) B D (2) (2) (1) The following example examines partial entries for network /24 in the topology tables for Routers C, D, and E, to give you a better understanding of EIGRP behavior. The partial topology tables indicate the following: AD—The advertised distance is equal to the cost of the path to network /24 as advertised by neighboring routers. For example, consider Router E's neighbors: Router D has an AD of 2 and Router C has an AD of 3, for /24. FD—The feasible distance is equal to the sum of the AD for a neighbor to reach /24, plus the metric to reach that neighbor. For example, again consider Router E: The FD of the route to /24 via Router D is Router D's AD (2) plus the metric to reach Router D from Router E (1), for a total of 3. The FD of the route to /24 via Router C is Router C's AD (3) plus the metric to reach Router C from Router E (1), for a total of 4. Successor—The successor is the forwarding path used to reach network /24. The cost of this path is equal to the FD. For example, Router E chooses the path to /24 with the lowest FD, which is via Router D. This is the route that Router E puts in its routing table. FS—The feasible successor is an alternative loop-free path to reach network /24. For example, in Router C, the path via Router D is an FS because the AD (2) is less than the FD (3) via the successor Router B. Routers D and E do not have any FSs because the AD of the alternate routes are not less than the FD of their current successors. (1) C E Router C Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D 4 2 Feasible Successor via E EIGRP FD AD Topology /24 3 ***** Passive ***** via D 2 Successor via C 4
45
DUAL Example Router D Router C Router E 10.1.1.0 /24 A B D
EIGRP FD AD Topology /24 2 ***** Passive ***** via B 1 Successor via C 5 3 (1) (1) B D (2) (2) (1) Routers B and D detect a link failure. After being notified of the link failure, DUAL does the following: At Router D, it marks the path to network /24 through Router B as unusable. (1) C E Router C Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D 4 2 Feasible Successor via E EIGRP FD AD Topology /24 3 ***** Passive ***** via D 2 Successor via C 4
46
DUAL Example Router D Q Q Q Router C Router E = Query 10.1.1.0 /24 A B
EIGRP FD AD Topology /24 -1 ***** ACTIVE ****** via E (Q) Query via C 5 3 (1) B D Q Q Q = Query (2) (2) (1) The following steps then occur: At Router D, there is no FS to network /24, because the AD via Router C (3) is greater than the FD via Router B (2). Therefore, DUAL does the following: Sets the metric to network /24 as unreachable (–1 is unreachable). Because an FS cannot be found in the topology table, the route changes from the passive state to the active state. In the active state, the router sends out queries to neighboring routers looking for a new successor. Sends a query to Routers C and E for an alternative path to network /24. Marks Routers C and E as having a query pending (Q). At Router E, DUAL marks the path to network /24 through Router D as unusable. At Router C, DUAL marks the path to network /24 through Router D as unusable. (1) C E Router C Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D 4 2 Feasible Successor via E EIGRP FD AD Topology /24 3 ***** Passive ***** via D 2 Successor via C 4
47
DUAL Example Router D Q R R Router C Q Router E = Query = Reply
/24 Router D A EIGRP FD AD Topology /24 -1 ***** ACTIVE ****** via E (Q) Query via C 5 3 (1) B D Q = Query R = Reply (2) (2) (1) R The following steps then occur: At Router D: DUAL receives a reply from Router C that indicates no change to the path to network /24. DUAL removes the query flag from Router C. DUAL stays active on network /24, awaiting a reply from Router E to its query (Q). At Router E, there is no FS to network /24, because the AD from Router C (3) is not less than the original FD (also 3). DUAL generates a query to Router C. DUAL marks Router C as query pending (Q). At Router C, DUAL marks the path to network /24 through Router E as unusable. (1) C E Router C Q Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D via E 4 EIGRP FD AD Topology /24 -1 ***** ACTIVE ****** via D via C 4 3 (Q) Query
48
DUAL Example Router D Q R Router C R Router E = Query = Reply
/24 Router D A EIGRP FD AD Topology /24 -1 ***** ACTIVE ****** via E (Q) Query via C 5 3 (1) B D Q = Query R = Reply (2) (2) (1) The following steps then occur: At Router D: DUAL stays active on network /24, awaiting a reply from Router E (q). At Router E: DUAL receives a reply from Router C indicating no change. It removes the query flag from Router C. It calculates a new FD and installs a new successor route in the topology table. It changes the route to network /24 from active to passive (converged). (1) C E Router C R Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D via E EIGRP FD AD Topology /24 4 ***** Passive ***** via C 3 Successor via D
49
DUAL Example Router D Q R R Router C Router E = Query = Reply
/24 Router D A EIGRP FD AD Topology /24 5 ***** Passive ***** via C 3 Successor via E 4 (1) B D Q = Query R = Reply (2) (2) (1) R The following steps then occur: At Router D DUAL receives a reply from Router E. It removes the query flag from Router E. It calculates a new FD. It installs new successor routes in the topology table. Two routes (through Routers C and E) have the same FD, and both are marked as successors. It changes the route to network /24 from active to passive (converged). At Router D, two successor routes are in the topology table for network /24. Both successor routes are listed in the routing table, and equal-cost load balancing is in effect. The network is stable and converged. (1) C E Router C Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D via E EIGRP FD AD Topology /24 4 ***** Passive ***** via C 3 Successor via D
50
DUAL Example Router D Router C Router E 10.1.1.0 /24 A B D
EIGRP FD AD Topology /24 5 ***** Passive ***** via C 3 Successor via E 4 (1) B D (2) (2) (1) At Router D, two successor routes are in the topology table for network /24. Both successor routes are listed in the routing table, and equal-cost load balancing is in effect. The network is stable and converged. (1) C E Router C Router E EIGRP FD AD Topology /24 3 ***** Passive ***** via B 1 Successor via D via E EIGRP FD AD Topology /24 4 ***** Passive ***** via C 3 Successor via D
51
EIGRP Metric Calculation
EIGRP uses a composite metric which can be based on the following metrics: Bandwidth Delay Reliability Load Only Bandwidth and Delay are used by default. Note: It is often incorrectly stated that EIGRP can also use the smallest MTU in the path. In actual fact, the MTU is included in the EIGRP routing update, but is not actually used in the metric calculation.
52
EIGRP Bandwidth EIGRP uses the slowest bandwidth (BW) in its metric calculation. Calculated BW = reference BW / slowest BW (kbps) The value of the bandwidth may or may not reflect the actual physical bandwidth of the interface. For example, most serial interfaces use the default bandwidth value of Mbps but this may not accurately reflect the links actual bandwidth.
53
EIGRP Bandwidth Because both EIGRP and OSPF use bandwidth in default metric calculations, a correct value for bandwidth is very important to the accuracy of routing information. If the actual bandwidth of the link differs from the default bandwidth value, then the bandwidth value should be modified. To modify the bandwidth value, use the bandwidth interface command. Note: The bandwidth command does NOT change the physical bandwidth of the link.
54
EIGRP Delay Delay is a measure of the time it takes for a packet to traverse a route. EIGRP uses the cumulative sum of all outgoing interfaces. Calculated Delay = the sum of outgoing interface delays / 10 The delay (DLY) metric is a static value based on the type of link to which the interface is connected and is expressed in microseconds.
55
Other EIGRP Metrics Reliability (not a default EIGRP metric) is a measure of the likelihood that a link will fail. Measure dynamically & expressed as a fraction of 255. The higher the fraction the better the reliability Load (not a default EIGRP metric) reflects how much traffic is using a link Number is determined dynamically and is expressed as a fraction of 255 The lower the fraction the less the load on the link These optional criteria can be used but are not recommended, because they typically result in frequent recalculation of the topology table.
56
EIGRP Composite Metric Calculation
The EIGRP composite metric formula consists of values K1 through K5, known as EIGRP metric weights. By default, only K1 (bandwidth) and K3 (delay) are set to 1. K2 (load), K4 (reliability), and K5 (MTU) are set to 0. K values can be changed with the EIGRP router command: Router(config-router)# metric weights tos k1 k2 k3 k4 k5
57
Mismatched K Values EIGRP neighbors cannot use mismatched metric values. All EIGRP neighbors must use the same metrics. Metrics can be altered using the metric weights command.
58
EIGRP Metric Calculation Example
Slowest bandwidth: Plus the sum of the delays
59
EIGRP Bandwidth Calculation Example
60
EIGRP Delay Calculation Example
61
EIGRP Metric Calculation Example
62
Planning EIGRP Routing Implementations
63
Planning to Deploy EIGRP
Prior to deploying an EIGRP routing solution, the following should be considered: IP addressing plan Network topology EIGRP traffic engineering Once the requirements have been assessed, the implementation plan can be created. IP addressing plan: The IP addressing plan governs how EIGRP can be deployed and how well the EIGRP deployment will scale. A detailed IP subnet and addressing plan must be produced, and should be hierarchical to enable EIGRP summarization, allow the network to scale more easily, and to optimize EIGRP behavior. Network topology: The topology consists of the devices (routers, switches, and so on) and the links connecting them. A detailed network topology should be created to assess EIGRP scalability requirements and to determine which EIGRP features might be required (for example, EIGRP stub routing). EIGRP traffic engineering: By changing the interface metrics, EIGRP traffic engineering can be deployed to improve bandwidth utilization and enable the administrator to have control over traffic patterns.
64
Implementing EIGRP The information necessary to implement EIGRP routing includes the following: The IP addresses to be configured on individual router interfaces The EIGRP AS number, used to enable EIGRP. A list of routers and interfaces on which EIGRP is to be enabled. Metrics that need to be applied to specific interfaces, or EIGRP traffic engineering. In the implementation plan, EIGRP the tasks include the following: Enabling the EIGRP routing protocol. Configuring the proper network statements. Optionally configuring the metric to appropriate interfaces.
65
Verifying EIGRP After implementing EIGRP, verification should confirm proper deployment on each router. Verification tasks include verifying: The EIGRP neighbor relationships. That the EIGRP topology table is populated with the necessary information. That IP routing table is populated with the necessary information. That there is connectivity in the network between routers and to other devices. That EIGRP behaves as expected in a case of a topology change, by testing link failure and router failure events.
66
Documenting After a successful EIGRP deployment, the solution and verification process and results should be documented for future reference. Documentation should include: A topology map The IP addressing plan The AS number used The networks included in EIGRP on each router Any special metrics configured
67
Configuring and Verifying EIGRP
68
Enable EIGRP Routing Define EIGRP as the IP routing protocol.
Router(config)# router eigrp autonomous-system-id To exchange routing updates, EIGRP routers must have the same autonomous system ID. To configure basic EIGRP for IP, perform the following steps: Step 1: Enable EIGRP and define the autonomous system using the router eigrp autonomous-system-number command. The autonomous system number value must match on all routers within the autonomous system.
69
Identify EIGRP Networks
Define EIGRP networks to advertise to EIGRP neighbors. Router(config-router)# network network [mask] The network parameter can be a network, a subnet, or the address of a directly connected interface. The mask is a wildcard mask (inverse mask) used to determine how to interpret the address. The mask has wildcard bits, where 0 is a match and 1 is “don’t care.” For example, indicates a match in the first 2 octets. Step 2: Indicate which networks are part of the EIGRP autonomous system using the network command. This command determines which interfaces of the router are participating in EIGRP and which networks the router advertises. The wildcard mask can be entered as a network mask or as an inverse mask. It will be displayed as an inverse mask. Network commands should only be configured for interfaces on which the router will send and receive updates. If you do not use the optional wildcard mask, the EIGRP process assumes that all directly connected networks that are part of the major network will participate in the EIGRP routing process, and EIGRP will attempt to establish EIGRP neighbor relationships from each interface that is part of the overall Class A, B, or C network. Use the optional wildcard mask to identify a specific IP address, subnet, or network. The router interprets the network number using the wildcard mask to determine which connected interfaces will participate in the EIGRP routing process; the router then attempts to establish neighbor relationships on those interfaces. If you want to specify an interface address, use the mask to match all 4 octets of the address. An address and wildcard mask combination of matches all interfaces on the router. There is no limit to the number of network commands that can be configured on the router.
70
Note on EIGRP Masks Most EIGRP references state that the wildcard mask is required. However, since IOS 12.0(4)T, the mask argument can actually be configured using wild card bits or a regular subnet mask. For example, either format could be used to configure the network: network or network
71
Define the Interface Bandwidth
Defines the interface’s bandwidth (optional). Router(config-if)# bandwidth kilobits The kilobits parameter indicates the intended bandwidth in kbps. For example, to set the bandwidth to 512,000 bps, use the bandwidth 512 command. The configured bandwidth is used by routing protocols in the metric calculation. The command does not actually change the speed of the interface. For serial links the link’s bandwidth may be specified for the purposes of sending routing update traffic on the link. If you do not define the bandwidth value for these interfaces, EIGRP assumes that the bandwidth on the link is the default, which varies with interface type. Recall that EIGRP uses bandwidth as part of its metric calculation. If the link is actually slower than the default, the router might not be able to converge, or routing updates might become lost.
72
Enable / Disable Automatic Summarization
By default, EIGRP automatically summarizes subnets. Router(config-router)# auto-summary This makes EIGRP behave like a classful routing protocol and therefore summarizes subnets on the classful boundary. Automatic summarization can be disabled using the no auto-summary router configuration command. For serial links the link’s bandwidth may be specified for the purposes of sending routing update traffic on the link. If you do not define the bandwidth value for these interfaces, EIGRP assumes that the bandwidth on the link is the default, which varies with interface type. Recall that EIGRP uses bandwidth as part of its metric calculation. If the link is actually slower than the default, the router might not be able to converge, or routing updates might become lost.
73
Configuring EIGRP Example: Classful
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R1(config)# interface Fa0/0 R1(config-if)# ip address R1(config-if)# no shut R1(config-if)# interface S0/0/0 R1(config-if)# ip address R1(config-if)# bandwidth 64 R1(config-if)# exit Interfaces are configured on routers R1 and R2. R2(config)# interface Fa0/0 R2(config-if)# ip address R2(config-if)# no shut R2(config-if)# interface S0/0/0 R2(config-if)# ip address R2(config-if)# bandwidth 64 R2(config-if)# interface S0/0/1 R2(config-if)# ip address R2(config-if)# exit
74
Configuring EIGRP Example: Classful
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# Specific network subnets are identified (without a wildcard mask) on R1 and R2. The EIGRP adjacency automatically establishes once the R2 S0/0/0 network is configured. R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# network *Jul 26 10:02:25.963: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/0) is up: new adjacency R2(config-router)# R2#
75
Verifying EIGRP Example
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R1# show running-config | section router eigrp router eigrp 100 network network auto-summary R1# show ip route <output omitted> Gateway of last resort is not set D /16 [90/ ] via , 00:24:02, Serial0/0/0 /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:25:27, Null0 C /24 is directly connected, FastEthernet0/0 /24 is variably subnetted, 3 subnets, 2 masks C /27 is directly connected, Serial0/0/0 D /27 [90/ ] via , 00:16:56, Serial0/0/0 D /24 is a summary, 00:25:27, Null0 R1# Notice that the R1 running configuration did not recognize the specific configured subnets but instead configured the classful networks. As well, the R1 routing table only included the classful /16 network and not the more specific /24.
76
Verifying EIGRP Example
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R2# show running-config | section router eigrp router eigrp 100 network network auto-summary R2# show ip route <output omitted> Gateway of last resort is not set /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:13:10, Null0 C /24 is directly connected, FastEthernet0/0 D /16 [90/ ] via , 00:13:26, Serial0/0/0 /24 is variably subnetted, 3 subnets, 2 masks C /27 is directly connected, Serial0/0/0 C /27 is directly connected, Serial0/0/1 D /24 is a summary, 00:13:10, Null0 R2# Notice that the R2 running configuration did not recognize the specific configured subnets but instead configured the classful networks. As well, the R2 routing table only included the classful /16 network and not the more specific /24. However, pings to the R1 LAN would still be successful.
77
Verifying EIGRP Example
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R2# show ip protocols Routing Protocol is "eigrp 100" <output omitted> Automatic network summarization is in effect Automatic address summarization: /24 for FastEthernet0/0 Summarizing with metric /16 for Serial0/0/0, Serial0/0/1 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: Routing Information Sources: R2# One problem that arises from this automatic summarization configuration is that R2 not also advertises EIGRP messages out of its S0/0/0 interface, it also advertises out of its S0/0/1 interface to the non-EIGRP neighbor. This is because R2 recognized the classful /24 and interface S0/0/1 is also on this classful network. To rectify this situation, the networks should be configured to include the wildcard mask. Without the wildcard mask, R2 would still send EIGRP packets to the external network out of interface S0/0/1, which would waste bandwidth and CPU cycles and would provide unnecessary information to the external network.
78
Configuring EIGRP Example: Classless
Fa0/0 /24 R1 R2 /24 EIGRP AS 100 Internet /27 64 kbps /27 .101 .102 S0/0/1 S0/0/0 .1 Classless configuration example: R1(config)# no router eigrp 100 R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# end R1# show run | section router eigrp router eigrp 100 network network auto-summary R1# R2(config)# no router eigrp 100 R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# network R2(config-router)# end R2# show run | section router eigrp router eigrp 100 network network auto-summary R2# In this case, the router can be configured with a wildcard mask so the router does not try to form an adjacency with the router in the other AS. For example, on R2 the EIGRP 100 configuration is first erased and then reentered but now includes the wildcard mask.
79
Verifying EIGRP Example
Fa0/0 R1 R2 /24 EIGRP AS 100 Internet /27 S0/0/1 /24 S0/0/0 64 kbps /27 .101 .102 .1 Classful configuration example: R2# show ip protocols Routing Protocol is "eigrp 100" <output omitted> Automatic network summarization is in effect Automatic address summarization: /24 for FastEthernet0/0 Summarizing with metric /16 for Serial0/0/0 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: /24 /27 Routing Information Sources: Gateway Distance Last Update (this router) :00:06 :00:26 Distance: internal 90 external 170 This makes EIGRP send messages out of interfaces Fa0/0 and S0/0/1 only. Also notice that the mask is now included in the Routing for Networks section.
80
Verifying EIGRP: show ip protocols
Verify routing protocol information on the router. R1# show ip protocols Routing Protocol is "eigrp 100" <output omitted> EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Automatic address summarization: /24 for FastEthernet0/0 Summarizing with metric /16 for Serial0/0/0 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: /24 /27 Routing Information Sources: Gateway Distance Last Update (this router) :08:56 :07:59 Distance: internal 90 external 170 The show ip protocols command gives information about any and all dynamic routing protocols running on the router.
81
Verifying EIGRP: show ip eigrp neighbors
EIGRP uses the Neighbor table to list adjacent routers. R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :09: R1# The EIGRP IP neighbor table can be displayed with the show ip eigrp neighbors command, as shown in the figure. This output table includes the following key elements: H (handle): A number used internally by the Cisco IOS software to track a neighbor. Address: The neighbor’s network-layer address. Interface: The interface on this router through which the neighbor can be reached. Hold Time: The maximum time, in seconds, that the router waits to hear from the neighbor without receiving anything from a neighbor before considering the link unavailable. Originally, the expected packet was a hello packet, but in current Cisco IOS software releases, any EIGRP packets received after the first hello from that neighbor resets the timer. Uptime: The elapsed time, in hours, minutes, and seconds since the local router first heard from this neighbor. Smooth Round Trip Timer (SRTT): The average number of milliseconds it takes for an EIGRP packet to be sent to this neighbor and for the local router to receive an acknowledgment of that packet. This timer is used to determine the retransmit interval, also known as the retransmit timeout (RTO). RTO: The amount of time, in milliseconds, that the router waits for an acknowledgment before retransmitting a reliable packet from the retransmission queue to a neighbor. Queue count: The number of packets waiting in the queue to be sent out. If this value is constantly higher than 0, a congestion problem might exist. A 0 indicates that no EIGRP packets are in the queue. Seq Num: The sequence number of the last update, query, or reply packet that was received from this neighbor. The additional information provided in this command includes the number of items a packet has been retransmitted (2 in this example), the number of times an attempt was made to retransmit a packet (2 in this example), the packets that are currently waiting to be sent (R1 has 3 updates waiting to be sent in this example), and the neighboring router IOS version (12.4 in this example).
82
Verifying EIGRP: show ip eigrp topology
Verify routing protocol information on the router. R1# show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID( ) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P /27, 1 successors, FD is via Connected, Serial0/0/0 P /24, 1 successors, FD is via Summary ( /0), Null0 P /16, 1 successors, FD is 28160 via Summary (28160/0), Null0 P /16, 1 successors, FD is via ( /28160), Serial0/0/0 P /24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 R1# As shown in the figure, this command output lists the networks known by this router through the EIGRP routing process. The codes in the command output are as follows: Passive (P): This network is available, and installation can occur in the routing table. Passive is the correct state for a stable network. Active (A): This network is currently unavailable, and installation cannot occur in the routing table. Being active means that there are outstanding queries for this network. Update (U): This code applies if a network is being updated (placed in an update packet). This code also applies if the router is waiting for an acknowledgment for this update packet. Query (Q): This code applies if there is an outstanding query packet for this network other than being in the active state. This code also applies if the router is waiting for an acknowledgment for a query packet. Reply (R): This code applies if the router is generating a reply for this network or is waiting for an acknowledgment for the reply packet. Stuck-in-active (SIA) status: This code signifies an EIGRP convergence problem for the network with which it is associated. The number of successors available for a route is indicated in the command output. In this example, all networks have one successor. If there were equal-cost paths to the same network, a maximum of six paths would be shown. The number of successors corresponds to the number of best routes with equal cost.
83
Verifying EIGRP: show ip route eigrp
Verify that the router recognizes EIGRP routes. R1# show ip route eigrp D /16 [90/ ] via , 00:10:18, Serial0/0/0 /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:11:19, Null0 /24 is variably subnetted, 2 subnets, 2 masks D /24 is a summary, 00:11:19, Null0 R1# R1# show ip route <output omitted> Gateway of last resort is not set D /16 [90/ ] via , 00:10:35, Serial0/0/0 D /16 is a summary, 00:11:37, Null0 C /24 is directly connected, FastEthernet0/0 C /27 is directly connected, Serial0/0/0 D /24 is a summary, 00:11:37, Null0 To verify that the router recognizes EIGRP routes for any neighbors, use the show ip route eigrp command, as shown in the figure. The figure also exhibits the show ip route command, which displays the full IP routing table, including the EIGRP routes. EIGRP supports several route types: internal, external, and summary. EIGRP routes are identified with a D in the left column; any external EIGRP routes (from outside of this autonomous system) would be identified with a D EX. After the network number, there is a field that looks similar to [90/ ]. (The numbers may be different from the one in the example.) The second number in the brackets is the EIGRP metric; recall that the default EIGRP metric is the least-cost bandwidth plus the accumulated delays.
84
Verifying EIGRP: show ip eigrp interfaces
Verify EIGRP configured interfaces. R1# show ip eigrp interfaces IP-EIGRP interfaces for process 100 Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Se0/0/ / / Fa0/ / / R1# The show ip eigrp interfaces command displays information about interfaces configured for EIGRP. This output includes the following key elements: Interface: Interface over which EIGRP is configured Peers: Number of directly connected EIGRP neighbors Xmit Queue Un/Reliable: Number of packets remaining in the Unreliable and Reliable transmit queues Mean SRTT: Mean smoothed round trip time (SRTT) interval, in milliseconds Pacing Time Un/Reliable: Pacing time used to determine when EIGRP packets should be sent out the interface (unreliable and reliable packets) Multicast Flow Timer: Maximum number of seconds in which the router will send multicast EIGRP packets Pending Routes: Number of routes in the packets in the transmit queue waiting to be sent
85
Verifying EIGRP: show ip eigrp traffic
Verify EIGRP traffic information. R1# show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 100 Hellos sent/received: 338/166 Updates sent/received: 7/7 Queries sent/received: 0/0 Replies sent/received: 0/0 Acks sent/received: 2/2 SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 228 PDM Process ID: 226 IP Socket queue: 0/2000/1/0 (current/max/highest/drops) Eigrp input queue: 0/2000/1/0 (current/max/highest/drops) R1# To display the number of various EIGRP packets sent and received, use the show ip eigrp traffic command, as illustrated in the figure. For example, in this network, router R1 has sent 338 hello messages and received 166 hello messages. (this is because it is sending messages out of two interfaces but only receiving EIGRP messages through the one interface with a peer.
86
Verifying EIGRP: debug eigrp packets
Traces transmission and receipt of EIGRP packets. R2# debug eigrp packets *Jul 26 10:51:24.051: EIGRP: Sending HELLO on Serial0/0/0 *Jul 26 10:51:24.051: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:24.111: EIGRP: Sending HELLO on FastEthernet0/0 *Jul 26 10:51:24.111: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:26.667: EIGRP: Received HELLO on Serial0/0/0 nbr *Jul 26 10:51:26.667: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/re ly 0/0 *Jul 26 10:51:28.451: EIGRP: Sending HELLO on FastEthernet0/0 *Jul 26 10:51:28.451: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:29.027: EIGRP: Sending HELLO on Serial0/0/0 *Jul 26 10:51:29.027: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:31.383: EIGRP: Received HELLO on Serial0/0/0 nbr *Jul 26 10:51:31.383: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/re *Jul 26 10:51:33.339: EIGRP: Sending HELLO on FastEthernet0/0 *Jul 26 10:51:33.339: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:33.511: EIGRP: Sending HELLO on Serial0/0/0 *Jul 26 10:51:33.511: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:36.347: EIGRP: Received HELLO on Serial0/0/0 nbr *Jul 26 10:51:36.347: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/re *Jul 26 10:51:37.847: EIGRP: Sending HELLO on Serial0/0/0 *Jul 26 10:51:37.847: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jul 26 10:51:37.899: EIGRP: Sending HELLO on FastEthernet0/0 The output shows normal transmission and receipt of EIGRP packets.
87
EIGRP Passive-Interface
Prevent EIGRP updates out a specified router interface. Router(config-router)# passive-interface type number [default] Set a particular interface or all router interfaces to passive. The default option sets all router interfaces to passive. For EIGRP, the command: Prevents neighbor relationships from being established. Routing updates from a neighbor are ignored. Allows a subnet on a passive interface to be announced in EIGRP Step 2: Indicate which networks are part of the EIGRP autonomous system using the network command. This command determines which interfaces of the router are participating in EIGRP and which networks the router advertises. The wildcard mask can be entered as a network mask or as an inverse mask. It will be displayed as an inverse mask. Network commands should only be configured for interfaces on which the router will send and receive updates. If you do not use the optional wildcard mask, the EIGRP process assumes that all directly connected networks that are part of the major network will participate in the EIGRP routing process, and EIGRP will attempt to establish EIGRP neighbor relationships from each interface that is part of the overall Class A, B, or C network. Use the optional wildcard mask to identify a specific IP address, subnet, or network. The router interprets the network number using the wildcard mask to determine which connected interfaces will participate in the EIGRP routing process; the router then attempts to establish neighbor relationships on those interfaces. If you want to specify an interface address, use the mask to match all 4 octets of the address. An address and wildcard mask combination of matches all interfaces on the router. There is no limit to the number of network commands that can be configured on the router.
88
Passive-Interface Example
/24 EIGRP AS 100 Internet /27 /24 64 kbps /27 .101 .102 S0/0/1 S0/0/0 .1 R1(config)# router eigrp 100 R1(config-router)# passive-interface fa0/0 R1(config-router)# R2(config)# router eigrp 100 R2(config-router)# passive-interface fa0/0 R2(config-router)# In this configuration, routing updates are no longer sent on interface Fa0/0 of R1 and R2. The alternative configuration makes all interfaces passive and then makes interface S0/0/0 not passive. This method is efficient when there are many interface that should be passive and only a few that should not be passive. Commands to verify include; show ip protocols show ip eigrp neighbors Alternate configuration: R1(config)# router eigrp 100 R1(config-router)# passive-interface default R1(config-router)# no passive-interface S0/0/0 R2(config)# router eigrp 100 R2(config-router)# passive-interface default R2(config-router)# no passive-interface S0/0/0
89
Propagating a Default Route
To propagate a default route in EIGRP, use either the: ip default-network network-number global configuration command. Or ip route next-hop | interface router configuration command. Once configured, the default route has to be propagated into the EIGRP AS.
90
ip default-network Command
Configures a router to advertise a network as the gateway of last resort. Router(config)# ip default-network network Other routers use their next-hop address to the advertised network as their default route. There is no parameter to specify the subnet mask therefore the command can only be used to advertise a classful network. The specified network must be reachable before it is configured. If the specified network is reachable through: EIGRP, then the default route is propagated automatically to other EIGRP routers in the AS. A static route, then the static route must be redistributed into EIGRP. An error will occur if the specified network is a classless (subnetted) network. If the network is not reachable, then the ip default-network command may have to be re-entered. Multiple default networks can be configured.
91
ip default-network Example
/24 64 kbps EIGRP AS 100 Internet /16 /27 /24 .101 .102 S0/0/1 S0/0/0 .1 /27 .2 R2# show ip route <output omitted> Gateway of last resort is not set /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 02:27:56, Null0 C /24 is directly connected, FastEthernet0/0 D /16 [90/ ] via , 02:27:56, Serial0/0/0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 R2# Verify the routing tables of the routers. R1# show ip route <output omitted> Gateway of last resort is not set
92
ip default-network Example
/24 64 kbps EIGRP AS 100 Internet /16 /27 /24 .101 .102 S0/0/1 S0/0/0 .1 /27 .2 R2(config)# ip route R2(config)# do ping <output omitted> Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms R2(config)# ip default-network R2(config)# router eigrp 100 R2(config-router)# redistribute static R2(config-router)# end R2# The network must be reachable therefore, a static route to the desired destination network is configured and connectivity to it verified. The ip default-network command is then used to specify the network as the default gateway. This install the gateway of last resort in the routing table of R2 but does not install it into the routing table of R1. The static is then redistributed into EIGRP and automatically gets propagated to the R1 router.
93
ip default-network Example
/24 64 kbps EIGRP AS 100 Internet /16 /27 /24 .101 .102 S0/0/1 S0/0/0 .1 /27 .2 R2# show ip route <output omitted> Gateway of last resort is to network S* /16 [1/0] via /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 R2# The routing table of R2 now has the gateway of last resort set and a static route identified as a candidate default route (*). R1 also has the gateway of last resort set and an EIGRP entry as a candidate default route that was learned from an external source (it was redistributed into EIGRP on R2) with an administrative distance of 170. R1# show ip route <output omitted> Gateway of last resort is to network <output omitted. D*EX /16 [170/ ] via , 00:00:20, Serial0/0/0 /27 is subnetted, 1 subnets C is directly connected, Serial0/0/0 R1#
94
ip route 0.0.0.0 0.0.0.0 next-hop | interface Command
Configures a router to advertise a default route as the gateway of last resort. Router(config)# ip route interface | next-hop The choice of parameter affects the next selection of commands. If the interface parameter is used, then only the network needs to also be entered. If the next-hop parameter is used, then the network and the redistribute static command must be configured. The alternative to the ip default-network command is to use the ip route (quad zero) static default route. Note: EIGRP (and IGRP) behave differently than RIP when using the ip route command. For example, EIGRP does not redistribute the default route by default. However, if the network command is added to the EIGRP configuration, it redistributes a default route as a result of the ip route interface command (but not as a result of the ip route address or ip default-network command).
95
ip route 0.0.0.0 0.0.0.0 interface Example
/24 64 kbps EIGRP AS 100 Internet /16 /27 /24 .101 .102 S0/0/1 S0/0/0 .1 /27 .2 R2(config)# ip route S0/0/1 R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# do show ip route <output omitted> Gateway of last resort is to network /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 03:13:25, Null0 C /24 is directly connected, FastEthernet0/0 D /16 [90/ ] via , 03:13:25, Serial0/0/0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 S* /0 is directly connected, Serial0/0/1 R2(config-router)# Specify the outgoing interface creates. Enter the network command and the gateway of last resort is propagated to the EIGRP AS.
96
ip route 0.0.0.0 0.0.0.0 next-hop Example
Fa0/0 R1 R2 /24 64 kbps EIGRP AS 100 Internet /16 /27 /24 .101 .102 S0/0/1 S0/0/0 .1 /27 .2 R2(config)# ip route R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# redistribute static R2(config-router)# do show ip route <output omitted> Gateway of last resort is to network /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 02:53:48, Null0 C /24 is directly connected, FastEthernet0/0 D /16 [90/ ] via , 02:53:48, Serial0/0/0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 S* /0 [1/0] via R2(config-router)# An alternative is to specify the outgoing interface creates. Enter the network command. Redistribute the static route. The gateway of last resort is propagated to the EIGRP AS.
97
EIGRP Route Summarization
EIGRP automatically summarizes routes at a major network boundary by default. Due to the pre-configured auto-summary router configuration command. In most cases, auto summarization is a good thing as it keeps routing tables as compact as possible. Sometimes it’s not a good thing such as when there is a discontiguous subnetwork. Typically for routing to work properly, auto-summarization should be disabled using the no auto-summary router configuration command.
98
Summarization in Discontiguous Networks
/24 EIGRP AS 100 /30 /24 EIGRP Update: Connected to /8 R1# show running-config | section router eigrp router eigrp 100 passive-interface FastEthernet0/0 network network auto-summary R1# show ip protocols Routing Protocol is "eigrp 100" <output omitted> Automatic network summarization is in effect Automatic address summarization: /8 for Serial0/0/0 Summarizing with metric 28160 Maximum path: 4 Routing for Networks: /24 /27 Passive Interface(s): FastEthernet0/0 Routers R1 and R2 have both been configured for EIGRP and are advertising their LAN and serial networks accordingly. Notice that is connected to the /24 network while R2 is connected to /24 and that those networks are separated by a network that is not in the /8 network. Although Router R1 is configured to advertise the /24 network, automatic summarization is configured (by default), and therefore it summarizes the /24 network to the classful /8 network when sending an update to R2.
99
Summarization in Discontiguous Networks
/24 EIGRP AS 100 /30 /24 EIGRP Update: Connected to /8 R2 ignores the R1 update because it is already connected to the classful /8 network. R2# show ip route <output omitted> Gateway of last resort is to network /8 is variably subnetted, 2 subnets, 2 masks C /24 is directly connected, FastEthernet0/0 D /8 is a summary, 00:13:35, Null0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 S* /0 [1/0] via R2# R2 ignores the /8 update from R1 because it is already connected to a /8 network.
100
Null 0 Notice that the summarized route ( /8) has an entry pointing to null0. Null0 is automatically added to the table and are called summary routes. Null 0 is a directly connected, software-only interface. The use of the null0 interface prevents the router from trying to forward traffic to other routers in search of a more precise, longer match. R2# show ip route <output omitted> Gateway of last resort is to network /8 is variably subnetted, 2 subnets, 2 masks C /24 is directly connected, FastEthernet0/0 D /8 is a summary, 00:13:35, Null0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 S* /0 [1/0] via R2# For example, if the R2 router receives a packet destined to the /8 network other than the directly connected /24, then the packet is forwarded to the null0 interface (in other words, it is dropped, or sent to the bit bucket), which prevents the router from forwarding the packet to a default route and possibly creating a routing loop.
101
Disabling Automatic Summarization
/24 EIGRP AS 100 /30 /24 EIGRP Update: Connected to /8 R1(config)# router eigrp 100 R1(config-router)# no auto-summary R1(config-router)# *Jul 26 22:14:07.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/0) is resync: summary configured R1(config-router)# end R1# show ip protocols Routing Protocol is "eigrp 100“ <output omitted> Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: /24 /27 Automatic summarization is disabled on R1 using the no auto-summary router configuration command. A DUAL neighbor change message appears occurs and R1 is no longer summarizing the /24 network to the /8 network.
102
Disable Automatic Summarization
/24 EIGRP AS 100 /30 /24 EIGRP Update: Connected to /8 R2(config)# router eigrp 100 R2(config)# no auto-summary R2(config)# end R2# show ip route <output omitted> Gateway of last resort is to network /24 is subnetted, 2 subnets C is directly connected, FastEthernet0/0 D [90/ ] via , 00:05:21, Serial0/0/0 /27 is subnetted, 2 subnets C is directly connected, Serial0/0/0 C is directly connected, Serial0/0/1 S* /0 [1/0] via R2# The R2 routing table now includes the R1 LAN.
103
Summarizing on an Interface
Earlier distance vector protocols were unable to create summary routes other than the classful boundaries or /8, /16/ or /24. To address this shortcoming, EIGRP added the ip summary-address eigrp interface configuration command. The command is used to create one or more summary routes within a network on any bit boundary (as long as a more specific route exists in the routing table). IP EIGRP summary routes are given an administrative distance value of 5. Standard EIGRP routes receive an administrative distance of 90 External EIGRP routes receive an administrative distance of 170.
104
ip summary-address eigrp
Manually create a summary route at an arbitrary bit boundary. Router(config-if)# ip summary-address eigrp as-number address mask [admin-distance] Parameter Description as-number The number of the EIGRP AS is identified. address The IP address being advertised as the summary address. This address does not need to be aligned on Class A, B, or C boundaries. mask The IP subnet mask used to create the summary address. admin-distance (Optional) Administrative distance. A value from 0 to 255.
105
EIGRP Route Summarization
Fa0/0 R1 R2 /24 EIGRP AS 100 WAN S0/0/0 /24 /8 R3 R1(config)# router eigrp 100 R1(config)# no auto-summary R2(config)# router eigrp 100 R2(config)# no auto-summary R3(config)# interface S0/0/0 R3(config-if)# ip address R3(config-if)# ip summary-address eigrp R3(config-if)# no shut R3(config-if)# exit R3# show ip protocols Routing Protocol is "eigrp 100" <output omitted> Automatic network summarization is not in effect Address Summarization: /16 for Serial0/0/0 Routers R1 and R2 are no longer auto summarizing at the major network boundary and all the subnet routes are carried into R3s routing table. R3 will not auto summarize the and subnets because it does not own the network and would therefore send routing information about those subnets to the WAN. To correct this situation, configure the ip summary-address eigrp command. The resulting configuration would make R3 advertise only one route ( /16) to the WAN.
106
Configuring and Verifying EIGRP in an Enterprise WAN
107
EIGRP and WAN Considerations
There are various deployment options available for supporting EIGRP over a WAN including: Frame Relay Frame-Relay using dynamic mapping Frame-Relay using static mapping Multipoint and point-to-point Frame-Relay subinterfaces Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), Ethernet over Multiprotocol Label Switching (EoMPLS) Other considerations include: EIGRP load balancing Limiting EIGRP bandwidth utilization on WAN links The deployment choice inevitably depends on WAN resources available at the location.
108
Frame Relay Using Dynamic Mapping
Easy deployment due to the use of inverse ARP. Auto detects most settings. Inverse-ARP will dynamically map the IP addresses of the devices at the other ends of the PVCs to the local DLCI number. Consists of three steps: Configure an IP address on the serial interface. Change the encapsulation on an interface using the encapsulation frame-relay command. Activate the interface.
109
Frame Relay Using Dynamic Mapping
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0 /24 .101 .103 .102 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# ip address R1(config-if)# exit R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# Router R1 is a hub for the two spoke routers, R2 and R3. Split horizon is disabled by default on Frame Relay physical interfaces. Therefore routes from Router R2 can be sent to Router R3, and vise-versa. Only the encapsulation frame-relay command is required since Inverse-ARP will detect most FR settings. Note that inverse ARP does not provide dynamic mapping for the communication between routers R2 to R3 because they are not connected with a PVC; this must be configured manually. R3(config)# interface S0/0/0 R3(config-if)# encapsulation frame-relay R3(config-if)# ip address R3(config-if)# exit R3(config)# router eigrp 100 R3(config-router)# network R3(config-router)# network R3(config-router)#
110
Frame Relay Using Dynamic Mapping
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0 /24 .101 .103 .102 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :07: Se0/0/ :09: R1# Split horizon is disabled by default on Frame Relay physical interfaces. Therefore routes from Router R2 can be sent to Router R3, and vise-versa. Note that inverse ARP does not provide dynamic mapping for the communication between routers R2 to R3 because they are not connected with a PVC; this must be configured manually. R3# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :11: R3#
111
Frame Relay Using Static Mapping
Deploying static maps automatically disables the inverse- ARP feature. Consists of four steps: Configure an IP address on the serial interface. Change the encapsulation on an interface using the encapsulation frame-relay command. Map the IP-to-DLCI mapping commands on the interface using the frame-relay map command. Activate the interface.
112
frame-relay map Command
Statically map the remote router's IP address to the local DLCI. Router(config-if)# frame-relay map protocol protocol-address dlci [broadcast] [ietf | cisco] [payload-compress {packet-by-packet | frf9 stack}] Parameter Description protocol Defines the supported protocol, bridging, or logical link control. protocol-address Defines the network layer address of the destination router interface. dlci Defines the local DLCI that is used to connect to the remote protocol address. broadcast (Optional) Allows broadcasts and multicasts over the VC, permitting the use of dynamic routing protocols over the VC. ietf | cisco Enables IETF or Cisco encapsulations. payload-compress (Optional) Enables payload compression. packet-by-packet (Optional) Enables packet-by-packet payload compression, using the Stacker method, a Cisco proprietary compression method. frf9 stac (Optional) Enables FRF.9 compression using the Stacker method.
113
Frame Relay Using Static Mapping
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0 /24 .101 .103 .102 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# ip address R1(config-if)# frame-relay map ip R1(config-if)# frame-relay map ip broadcast R1(config-if)# frame-relay map ip broadcast R1(config-if)# Note: Router R1's configuration includes a frame-relay map to its own IP address on the Frame Relay interface so that the Serial 0/0 local IP address can be pinged from Router R1 itself. R3(config)# interface S0/0/0 R3(config-if)# encapsulation frame-relay R3(config-if)# ip address R3(config-if)# frame-relay map ip R3(config-if)# frame-relay map ip broadcast R3(config-if)# frame-relay map ip broadcast R3(config-if)#
114
Frame Relay Using Static Mapping
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0 /24 .101 .103 .102 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :06: Se0/0/ :08: R3# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :10: Se0/0/ :03:
115
EIGRP over FR Multipoint Subinterfaces
Multipoint subinterfaces can be created using a single Frame Relay physical interface. Uses a single subnet, preserving the IP address space. Frame Relay multipoint is applicable to partial mesh and full mesh topologies. Consists of several steps: Configure the physical interface with no IP address and change the encapsulation to Frame Relay. Create a serial multipoint subinterface. Configure an IP address on the serial interface. Map the IP-to-DLCI mapping commands on the interface using the frame-relay map command. Either rely on dynamic mapping or configure a local DLCI value using the frame-relay interface-dlci command. Multipoint subinterfaces are logical interfaces emulating a multi-access network and act like an NBMA physical interface. Partial mesh Frame Relay networks must deal with split horizon issues, which prevent routing updates from being retransmitted on the same interface on which they were received.
116
EIGRP over FR Multipoint Subinterfaces
Multipoint subinterfaces are configured with the interface serial number.subinterface-number multipoint command. The IP address-to-DLCI mapping is done by either: Specifying the local DLCI value (using the frame-relay interface-dlci dlci command) and relying on Inverse ARP Using manual IP address-to-DLCI mapping.
117
EIGRP over FR Multipoint Subinterfaces
/24 EIGRP AS 100 Frame Relay R2 R3 /24 .103 .102 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 .101 R1(config)# interface S0/0/0 R1(config-if)# no ip address R1(config-if)# encapsulation frame-relay R1(config-if)# exit R1(config)# interface Serial0/0/0.1 multipoint R1(config-subif)# ip address R1(config-subif)# no ip split-horizon eigrp 100 R1(config-subif)# frame-relay map ip R1(config-subif)# frame-relay map ip broadcast R1(config-subif)# frame-relay map ip broadcast R1(config-subif)# A multipoint subinterface Serial 0/0/0.1 is created and an IP address is assigned to it. Split horizon is enabled by default on Frame Relay multipoint interfaces. In this example, routers R2 and R3 need to provide connectivity between their connected networks, so EIGRP split horizon is disabled on the multipoint subinterface of router R1 with the no ip split-horizon eigrp as-number command. Manual IP address-to-DLCI mapping is also configured, using the frame-relay map commands with the broadcast keyword. The EIGRP configuration is not changed from the basic deployment. EIGRP is enabled using AS number 100 and the proper interfaces and networks are included in EIGRP using the network commands under the EIGRP routing process.
118
EIGRP over FR Multipoint Subinterfaces
/24 EIGRP AS 100 Frame Relay R2 R3 /24 .103 .102 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 .101 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :06: Se0/0/ :08: R3# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :10: Se0/0/ :03:
119
EIGRP Unicast Neighbors
Define a neighboring router to exchange EIGRP routing information. Router(config-router)# neighbor {ip-address | ipv6-address} interface-type interface-number EIGRP exchanges routing information with the specified neighbor using unicast packets. Multiple neighbor statements can be used to establish peering sessions with multiple specific EIGRP neighbors. The interface through which EIGRP will exchange routing updates must be specified in the neighbor statement. The interfaces through which two EIGRP neighbors exchange routing updates must be configured with IP addresses from the same network.
120
EIGRP Unicast Neighbors
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 /24 .103 .102 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 .101 R1(config)# interface S0/0/0 R1(config-if)# no ip address R1(config-if)# encapsulation frame-relay R1(config-if)# interface S0/0/0.1 multipoint R1(config-subif)# ip address R1(config-subif)# frame-relay map ip broadcast R1(config-subif)# frame-relay map ip broadcast R1(config-subif)# router eigrp 100 R1(config-router)# neighbor S0/0/0.1 R1(config-router)# Router R1 is configured with a neighbor command for Router R2 and will therefore not accept multicast packets on Serial 0/0/0.1 anymore. In order to establish an adjacency with Router R1, Router R2 must also be configured with a neighbor command, for Router R1
121
EIGRP Unicast Neighbors
Fa0/0 R1 /24 EIGRP AS 100 Frame Relay R2 R3 /24 .103 .102 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 .101 R2(config)# interface S0/0/0 R2(config-if)# no ip address R2(config-if)# encapsulation frame-relay R2(config-if)# interface S0/0/0.1 multipoint R2(config-subif)# ip address R2(config-subif)# frame-relay map ip broadcast R2(config-subif)# router eigrp 100 R2(config-router)# neighbor S0/0/0.1 R2(config-router)# The neighbor command enables Router R2 to use unicast packets, which will be accepted by Router R1. In this scenario, Router R3 is not configured with a neighbor command for Router R1, nor is Router R1 configured with a neighbor command for Router R3. Therefore, routers R1 and R3 will not form an adjacency.
122
EIGRP over FR Point-to-Point Subinterfaces
Point-to-point subinterfaces can be created using a single Frame Relay physical interface. Uses multiple subnets. Frame Relay point-to point is applicable to hub and spoke topologies. Consists of several steps: Configure the physical interface with no IP address and change the encapsulation to Frame Relay. Create a serial point-to-point subinterface. Configure an IP address on the serial interface. Configure a local DLCI value using the frame-relay interface- dlci command. Logical interfaces emulating a leased line network and provide a routing equivalent to point-to-point physical interfaces. EIGRP neighbor loss detection is quite fast on point-to-point subinterfaces because the default values of the EIGRP hello timer and the EIGRP hold timer are identical to the values used on point-to-point physical links (5 seconds for the hello timer and 15 seconds for the hold timer). In the worst case, the neighbor loss is detected within 15 seconds. Another reason that neighbor loss is fast is that a Frame Relay subinterface is declared down if the DLCI attached to the interface is lost; neighbor loss detection is immediate. For multipoint subinterfaces, all of the PVCs attached to it must be lost for the interface to be declared down.
123
EIGRP over FR Point-to-Point Subinterfaces
Multipoint subinterfaces are configured with the interface serial number.subinterface-number multipoint command. The IP address-to-DLCI mapping is done by either: Specifying the local DLCI value (using the frame-relay interface-dlci dlci command) and relying on Inverse ARP.
124
EIGRP over FR Point-to-Point Subinterfaces
/24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 S0/0/0.3= /24 S0/0/0.2= /24 R1(config)# interface S0/0/0 R1(config-if)# no ip address R1(config-if)# encapsulation frame-relay R1(config-if)# exit R1(config)# interface Serial0/0/0.2 point-to-point R1(config-subif)# ip address R1(config-subif)# frame-relay interface-dlci 102 R1(config-subif)# R1(config-subif)# interface Serial0/0/0.3 point-to-point R1(config-subif)# ip address R1(config-subif)# frame-relay interface-dlci 103 On Router R1, two point-to-point subinterfaces, Serial 0/0.2 and Serial 0/0.3, are created and IP addresses are assigned to them. The IP address-to-DLCI mapping is provided for each subinterface. The EIGRP configuration is not changed from the basic deployment.
125
EIGRP over FR Point-to-Point Subinterfaces
/24 EIGRP AS 100 Frame Relay R2 R3 S0/0/0.1 DLCI 103 DLCI 102 DLCI 201 DLCI 301 /24 /24 S0/0/0.3= /24 S0/0/0.2= /24 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :08: Se0/0/ :10: Router R1 forms the adjacency with Router R2 over its serial0/0/0.2 point-to-point interface and with Router R3 over its serial0/0/0.3 point-to-point subinterface. Likewise, Routers R2 and R3 form the adjacency with Router R1 over the serial 0/0/0.1 point-to-point subinterface. Router R3 has one neighbor, Router R1, over its serial0/0.1 point-to-point subinterface. R3# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :13:
126
EIGRP over MPLS Multi-Protocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF) standard architecture that combines the advantages of Layer 3 routing with the benefits of Layer 2 switching. A unique feature of MPLS is its capability to perform label stacking, in which multiple labels can be carried in a packet. The top label, which is the last one in, is always processed first. Label stacking enables multiple LSPs to be aggregated, thereby creating tunnels through multiple levels of an MPLS network.
127
EIGRP over Layer 3 MPLS VPNs
EIGRP AS 100 Layer 3 MPLS VPN Backbone Fa0/0 PE1 .1 PE2 /30 .2 /30 /24 /24 R2 R1 R1(config)# interface FastEthernet0/0 R1(config-if)# ip address R1(config-if)# exit R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# Routers R1 and R2 are configured for EIGRP as if there were a corporate core network between them. The customer has to agree upon the EIGRP parameters (such as the AS number, authentication password, and so on) with the service provider to ensure connectivity; these parameters are often governed by the service provider. The PE routers receive routing updates from the CE routers and install these updates in the appropriate VRF table. This part of the configuration and operation is the SP's responsibility. R2(config)# interface FastEthernet0/0 R2(config-if)# ip address R2(config-if)# exit R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# network R2(config-router)#
128
EIGRP over Layer 3 MPLS VPNs
EIGRP AS 100 Layer 3 MPLS VPN Backbone Fa0/0 PE1 .1 PE2 /30 .2 /30 /24 /24 R2 R1 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Fe0/ :07: Observe the resulting EIGRP neighbor tables on the R1 and R2 routers. Notice that Router R1 establishes an EIGRP neighbor relationship with the PE1 router, and Router R2 establishes an EIGRP neighbor relationship with the PE2 router. Routers R1 and R2 do not establish an EIGRP neighbor relationship with each other. R2# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Fe0/ :17:
129
EIGRP over Layer 2 MPLS VPNs
EIGRP AS 100 EIGRP AS 100 /27 Layer 2 MPLS VPN Backbone /27 .101 .102 R1 Fa0/0 PE1 PE2 Fa0/0 R2 /24 /24 R1(config)# interface FastEthernet0/0 R1(config-if)# ip address R1(config-if)# exit R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# EIGRP needs to be enabled with the correct AS number (the same on both routers R1 and R2). The network commands must include all of the interfaces that will run EIGRP, including the link toward the PE routers (routers PE1 and PE2) over which the routers R1 and R2 will form their neighbor relationship. From the EIGRP perspective, the MPLS backbone and routers PE1 and PE2 are not visible. A neighbor relationship is established directly between routers R1 and R2 over the MPLS backbone R2(config)# interface FastEthernet0/0 R2(config-if)# ip address R2(config-if)# exit R2(config)# router eigrp 100 R2(config-router)# network R2(config-router)# network R2(config-router)#
130
EIGRP over Layer 2 MPLS VPNs
EIGRP AS 100 EIGRP AS 100 /27 Layer 2 MPLS VPN Backbone /27 .101 .102 R1 Fa0/0 PE1 PE2 Fa0/0 R2 /24 /24 R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Fe0/ :07: The resulting EIGRP neighbor tables on the R1 and R2 routers. Notice that Router R1 establishes an EIGRP neighbor relationship with the PE1 router, and Router R2 establishes an EIGRP neighbor relationship with the PE2 router. Routers R1 and R2 do not establish an EIGRP neighbor relationship with each other. R2# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Fe0/ :17:
131
EIGRP Load Balancing Routes with a metric equal to the minimum metric are installed in the routing table. Referred to as “equal-cost load balancing”. All IP routing protocols on Cisco routers can perform equal-cost load balancing. The maximum-paths maximum-path command can be used to allow up to 6 equal-cost paths. Default is 4. Setting the maximum-path option to 1 disables load balancing.
132
EIGRP Equal-Cost Load Balancing
Advertised Distance (AD) Router R1 is configured to support up to three equal-cost paths. Router R1 will keep the routes via R2, R3, and R4 in its routing table because the three paths have the same metric (cost) of 40 (as shown in the FD column). The path through router R5 is not used because the metric is bigger than 40 (it is 60). Even if this metric was the same as the others, only three of the four routes would be used because of the maximum-paths 3 command. R1 Topology Table R1(config)# router eigrp 100 R1(config-router)# network R1(config-router)# network R1(config-router)# network R1(config-router)# network R1(config-router)# network R1(config-router)# maximum–paths 3 R1(config-router)# Network Neighbor AD FD /24 R2 20 40 R3 R4 R5
133
Unequal Cost Load Balancing
EIGRP can also balance traffic across multiple routes that have different metrics. Referred to as unequal-cost load balancing. The degree to which EIGRP performs load balancing is controlled with the variance multiplier command. The multiplier is a value, between 1 and 128, used for load balancing. The default is 1, which means equal-cost load balancing. Setting a variance value greater than 1 allows EIGRP to install multiple loop-free routes with unequal cost in the routing table. EIGRP will always install successors (the best routes) in the routing table. The variance allows feasible successors (and only feasible successor routes) as candidate routes to potentially be installed in the routing table.
134
EIGRP Unequal-Cost Load Balancing
Advertised Distance (AD) Router R1 uses Router R3 as the successor because its FD is lowest (20). The variance 2 command makes the path through Router R2 meet the criteria for load balancing because the FD through Router R2 (30) is less than twice the FD through the successor Router R3 (2*20 = 40). Router R4 is not considered because it was not a feasible successor and only feasible successors are considered. Also the FD through Router R4 (45) is greater than twice the FD for the successor (Router R3) (2*20 = 40). Router R5 is not considered for load balancing even though it is a feasible successor because the FD through router R5 (50) is more than twice of the FD for the successor through router R3 (2*20 = 40). The load is balanced proportional to the bandwidth. The FD of the route via router R2 is 30, and the FD of the route via router R3 is 20; the ratio of traffic between the two paths (via R2 : via R3) is therefore 3/5 : 2/5. R1 Topology Table R1(config)# router eigrp 100 R1(config-router)# variance 2 R1(config-router)# Network Neighbor AD FD /24 R2 10 30 R3 20 R4 25 45 R5 50
135
EIGRP Bandwidth Use Across WAN Links
EIGRP operates efficiently in WAN environments and is scalable on both point-to-point links and NBMA multipoint and point-to-point links. However, default configuration of WAN connections may not be optimal therefore a solid understanding of EIGRP operation coupled with knowledge of link speeds can yield an efficient, reliable, scalable router configuration. There are two commands which could be configured to improve EIGRP operation: bandwidth ip percent-bandwidth
136
Setting EIGRP Bandwidth on a WAN
EIGRP assumes the default bandwidth on the link instead of the true bandwidth, therefore suboptimal path selection may result. For example, Serial links commonly default to 1.5 Mbps however the actual CIR may be 128 Kbps. DUAL would use the 1.5 Mbps value instead of the actual slower 128 Kbps value in its metric calculation. It is recommended to configure the bandwidth setting using the bandwidth kilobits on serial interfaces. An important WAN consideration is the fact that multipoint interfaces physical bandwidth setting is shared equally by all neighbors. EIGRP uses the bandwidth setting of the physical interface divided by the number of Frame Relay neighbors connected on that physical interface to get the bandwidth attributed to each neighbor. The EIGRP configuration should reflect the correct percentage of the actual available bandwidth on the line. The Cisco IOS assumes that point-to-point Frame Relay subinterfaces are operating at the default speed of the interface. In many implementations only fractional speeds (such as a fractional T1) are available therefore the bandwidth should be configured to match the contracted CIR.
137
EIGRP WAN Configuration – Example #1
CIR 56 R1 EIGRP AS 100 Frame Relay R3 R4 R2 R5 T1 (1.5 Mbps) S0/0/0 R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# bandwidth 224 When configuring multipoint interfaces (especially for Frame Relay, but also for ATM and ISDN PRI), remember that the bandwidth is shared equally by all neighbors. That is, EIGRP uses the bandwidth command on the physical interface divided by the number of Frame Relay neighbors connected on that physical interface to get the bandwidth attributed to each neighbor. EIGRP configuration should reflect the correct percentage of the actual available bandwidth on the line. The configuration of the bandwidth command in an NBMA cloud depends on the design of the VCs. If the serial line has many VCs in a multipoint configuration, and all of the VCs share bandwidth evenly, set the bandwidth to the sum of all of the CIRs. For example, each VC's CIR is set to 56 Kbps. Since there are 4 VCs, the bandwidth is set to 224 (4 x 56). All VCs share the bandwidth evenly: 4 (VC) x 56 (CIR) = 224
138
EIGRP WAN Configuration – Example #2a
EIGRP AS 100 Frame Relay R3 R4 R2 R5 T1 (1.5 Mbps) S0/0/0 CIR 256 BW 224 CIR 56 BW 56 R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# bandwidth 224 One circuit has been provisioned for a 56-kbps CIR, and the other three circuits have a higher CIR of 256 kbps. The interface on R1 has been configured for a bandwidth equal to the lowest CIR multiplied by the number of circuits being supported (56 * 4 = 224), as shown in the example. This configuration protects against overwhelming the slowest-speed circuit in the topology. R2, R3, and R4 share the same CIR. To protect against overwhelming the slowest-speed circuit (to R5) the bandwidth should be configured to the lowest CIR multiplied by the number of circuits. 4 (VC) x 56 (CIR) = 224
139
EIGRP WAN Configuration – Example #2b
EIGRP AS 100 Frame Relay R3 R4 R2 R5 T1 (1.5 Mbps) S0/0/0 CIR 256 BW 224 CIR 56 BW 56 R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# interface S0/0/0/0.1 multipoint R1(config-subif)# bandwidth 768 R1(config-subif)# exit R1(config)# interface S0/0/0/0.2 point-to-point R1(config-subif)# bandwidth 56 R1(config-subif)# The link to R5 is the low-speed circuit so it is configured as point-to-point. The remaining circuits are designated as multipoint, and their respective CIRs are added up to set the interface’s bandwidth ( = 768). On the multipoint interface, the bandwidth is shared equally among all circuits therefore the bandwidth will be split into 3, with 256 kbps allocated to each circuit. An alternate solution is to configure a multipoint subinterface for routers R2, R3, and R4 and configure a point-to-point subinterface network for R5.
140
EIGRP ip bandwith-percent
By default, EIGRP is set to use up to 50% of the bandwidth of an interface to exchange routing information. The ip bandwidth-percent eigrp command can be configured to control the amount of bandwidth available to EIGRP. This is not the same as the bandwidth command. However, this command relies on the value set by the bandwidth command.
141
ip bandwidth-percent eigrp
Configure the amount of bandwidth available to EIGRP. Router(config-if)# ip bandwidth-percent eigrp as-number percent The as-number is the EIGRP AS number. The percent parameter is the percentage of the configured bandwidth that EIGRP can use. The percentage value can be set to greater than 100.
142
Configuring and Verifying EIGRP Authentication
143
Router Authentication
Many routing protocols support authentication such that a router authenticates the source of each routing update packet that it receives. Simple password authentication is supported by: IS-IS OSPF RIPv2 MD5 authentication is supported by: BGP EIGRP Neighbor router authentication (also called route authentication) can be configured such that routers only participate in routing based on predefined passwords. By default, no authentication is used for routing protocol packets. When neighbor router authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives, which is accomplished by the exchange of an authentication key (also called a password) that is known to both the sending and the receiving router. There are two types of authentication: simple password authentication (also called plain text authentication) and MD5 authentication. Simple password authentication is supported by Integrated System-Integrated System (IS-IS), Open Shortest Path First (OSPF), and Routing Information Protocol version 2 (RIPv2). MD5 authentication is supported by OSPF, RIPv2, Border Gateway Protocol (BGP), and EIGRP. NOTE: Authentication for EIGRP, OSPF, and BGP is covered in this course.
144
Simple Password vs. MD5 Authentication
Simple password authentication: Router sends packet and key. Neighbor checks if received key matches its key. Is not secure. MD5 authentication: Configure a “key” (password) and key-id; router generates a message digest, or hash, of the key, key-id and message. Message digest is sent with packet; key is not sent. Is secure. Both forms of authentication work in the same way, with the exception that MD5 sends a message digest instead of the authenticating key itself. The message digest is created using the key and a message, but the key itself is not sent, preventing it from being read while it is being transmitted. Simple password authentication sends the authenticating key itself over the wire. Note: Simple password authentication is not recommended for use as part of your security strategy, because it is vulnerable to passive attacks. Anybody with a link analyzer could easily view the password on the wire. The primary use of simple password authentication is to avoid accidental changes to the routing infrastructure. Using MD5 authentication, however, is a recommended security practice.
145
EIGRP MD5 Authentication
EIGRP supports MD5 authentication. Router generates and checks every EIGRP packet. Router authenticates the source of each routing update packet that it receives. Configure a “key” (password) and key-id; each participating neighbor must have same key configured. EIGRP neighbor authentication (also called neighbor router authentication or route authentication) can be configured such that routers can participate in routing based on predefined passwords. By default, no authentication is used for EIGRP packets. EIGRP can be configured to use MD5 authentication. When neighbor authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives. For EIGRP MD5 authentication, an authenticating key (sometimes referred to as a password) and a key-id must be configured on both the sending and the receiving router.
146
MD5 Authentication EIGRP MD5 authentication:
Router generates a message digest, or hash, of the key, key-id, and message. EIGRP allows keys to be managed using key chains. Specify key-id (number, key, and lifetime of key). First valid activated key, in order of key numbers, is used. The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources. Each key has its own key-id, which is stored locally. The combination of the key-id and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use. EIGRP allows keys to be managed using key chains. Each key definition within the key chain can specify a time interval for which that key will be activated (its lifetime). Then, during a given key's lifetime, routing update packets are sent with this activated key. Only one authentication packet is sent, regardless of how many valid keys exist. The software examines the key numbers in order from lowest to highest, and it uses the first valid key it encounters. Keys cannot be used during time periods for which they are not activated. Therefore, it is recommended that for a given key chain, key activation times overlap to avoid any period of time for which no key is activated. If a time period occurs during which no key is activated, neighbor authentication cannot occur, and therefore routing updates will fail. Note that the router needs to know the time to be able to rotate through keys in synchronization with the other participating routers, so that all routers are using the same key at the same moment. Refer to the Network Time Protocol (NTP) and calendar commands in the “Performing Basic System Management” chapter of the Cisco IOS Configuration Fundamentals Configuration Guide for information about configuring time at your router.
147
Planning for EIGRP The following key parameters must be defined in enough detail before configuring EIGRP authentication: The EIGRP AS number The authentication mode (MD5) The definition of one or more keys to authenticate EIGRP packets, according to the network security plan. The keys’ lifetime, if multiple keys are defined. Once defined, the following steps may be implemented: Configure the authentication mode for EIGRP. Configure the key chain. Optionally configure the keys’ lifetime parameters. Enable authentication to use the key(s) in the key chain.
148
Configure the Authentication Mode for EIGRP
Specify MD5 authentication for EIGRP packets. Router(config-if)# ip authentication mode eigrp autonomous-system md5 Enable EIGRP packet authentication using key in the key-chain. Router(config-if)# ip authentication key-chain eigrp autonomous-system name-of-chain To configure MD5 authentication for EIGRP, complete the following steps: Step 1: Specify MD5 authentication for EIGRP packets using the ip authentication mode eigrp md5 command, as shown in the figure. The following table describes the parameter in this command. Enable the authentication of EIGRP packets with a key specified in a key chain by using the ip authentication key-chain eigrp command.
149
Configure the Key Chain
Define the keychain in key chain configuration mode. Router(config)# key chain name-of-chain Identify the key and enter the key-id configuration mode. Router(config-keychain)# key key-id Step 2: Enter the configuration mode for the key chain using the key chain command. Identify a key-id to use, and enter configuration mode for that key using the key command. Identify the key string (password) for this key using the key-string command. Identify key string (password) Router(config-keychain-key)# key-string text
150
Configure Keys Lifetime Parameters (Optional)
Specify when the key will be accepted for received packets. Router(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds} Specify when the key can be used for sending EIGRP packets. Router(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds} Step 3: Optionally specify the time period during which this key will be accepted for use on received packets using the accept-lifetime command, as shown in the figure. The following table describes the parameters in this command. Optionally specify the time period during which this key can be used for sending packets using the send-lifetime command, as shown in the figure. The following table describes the parameters in this command.
151
Enable Authentication to Use the Key Chain
Enable EIGRP packet authentication using key in the key-chain. Router(config-if)# ip authentication key-chain eigrp autonomous-system name-of-chain Step 4: Enable the authentication of EIGRP packets with a key specified in a key chain by using the ip authentication key-chain eigrp command.
152
Configuring EIGRP MD5 Authentication
R1# show running-config ! <output omitted> key chain R1chain key 1 key-string FIRST-KEY accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan :00:00 Jan key 2 key-string SECOND-KEY accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite interface FastEthernet0/0 ip address interface Serial0/0/0 bandwidth 64 ip address ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R1chain router eigrp 100 network network auto-summary EIGRP AS 100 /27 64 kbps .101 R1 .102 S0/0/0 R2 S0/0/0 .1 Fa0/0 .1 Fa0/0 /24 /24 MD5 authentication is configured on the serial 0/0/1 interface with the ip authentication mode eigrp 100 md5 command. When MD5 authentication is configured, an MD5 keyed digest is added to each EIGRP packet sent and is checked in each received EIGRP packet. The key chain R1chain command enters configuration mode for the R1chain key chain. Two keys are defined in this key chain. Each key has an authentication string and lifetime specified. The network administrator wants to change the keys on all the routers in the network each month to improve the security. The administrator configures an overlap of one week to change the keys on all the routers; the validity of key 2 is configured 1 week before the expiration of key 1 to allow the new key to be applied to all the routers in the network. Key 1 is set to FIRST-KEY with the key-string FIRST-KEY command. This key is acceptable for use on packets received by R1 from January 1, 2009 onward, as specified in the accept-lifetime 04:00:00 Jan infinite command. However, the send-lifetime 04:00:00 Jan :00:00 Jan command specifies that this key was only valid for use when sending packets until January 31, 2009; it is no longer valid for use in sending packets after January 31st 2009. Key 2 is set to SECOND-KEY with the key-string SECOND-KEY command. This key is acceptable for use on packets received by R1 from January 25, 2009 onward, as specified in the accept-lifetime 04:00:00 Jan infinite command. This key can also be used when sending packets from January 25, 2009 onward, as specified in the send-lifetime 04:00:00 Jan infinite command. The ip authentication key-chain eigrp 100 R1chain command configured on the Serial 0/0/1 interface specifies that the EIGRP key chain R1chain is to be used on this interface. Recall that the router uses the first, by key number, valid key for sending packets. As a result of this configuration, router R1 will use key 1 for sending, from January 1st to 31st, 2009, and will used key 2 for sending as of 4:00 am on January 31st Router R1 will accept key 1 for received packets, from January 1st 2009, and will also accept key 2 for received packets, from January 25th All other MD5 packets will be dropped.
153
Configuring EIGRP MD5 Authentication
R2# show running-config ! <output omitted> key chain R2chain key 1 key-string FIRST-KEY accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite key 2 key-string SECOND-KEY accept-lifetime 04:00:00 Jan infinite send-lifetime 04:00:00 Jan infinite interface FastEthernet0/0 ip address interface Serial0/0/0 bandwidth 64 ip address ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R2chain router eigrp 100 network network auto-summary EIGRP AS 100 /27 64 kbps .101 R1 .102 S0/0/0 R2 S0/0/0 .1 Fa0/0 .1 Fa0/0 /24 /24 The key chain R2chain command enters configuration mode for the R2chain key chain. Two keys are defined. Key 1 is set to FIRST-KEY with the key-string FIRST-KEY command. This key is acceptable for use on packets received by R2 from January 1, 2009 onward, as specified in the accept-lifetime 04:00:00 Jan infinite command. This key can also be used when sending packets from January 1, 2009 onward, as specified in the send-lifetime 04:00:00 Jan infinite command. Key 2 is set to SECOND-KEY with the key-string SECOND-KEY command. This key is acceptable for use on packets received by R2 from January 25, 2009 onward, as specified in the accept-lifetime 04:00:00 Jan infinite command. This key can also be used when sending packets from January 25, 2009 onward, as specified in the send-lifetime 04:00:00 Jan infinite command. As a result of this configuration, router R2 will use key 1 for sending, from January 1st 2009, because it is the first valid key in the key chain. (Of course, if key 1 is deleted in the future, key 2 would be used for sending.) Router R2 will accept key 1 for received packets, from January 1st 2009, and will also accept key 2 for received packets, from January 25th All other MD5 packets will be dropped.
154
Verifying MD5 Authentication
*Apr 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/0) is up: new adjacency R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Se0/0/ :03: R1# show ip route <output omitted> Gateway of last resort is not set D /16 [90/ ] via , 00:02:22, Serial0/0/0 /16 is variably subnetted, 2 subnets, 2 masks D /16 is a summary, 00:31:31, Null0 C /24 is directly connected, FastEthernet0/0 /24 is variably subnetted, 2 subnets, 2 masks C /27 is directly connected, Serial0/0/0 D /24 is a summary, 00:31:31, Null0 R1# ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms The figure shows the output of the show ip eigrp neighbors and show ip route commands on the R1 router. The neighbor table indicates that the two routers have successfully formed an EIGRP adjacency. The routing table verifies that the network has been learned via EIGRP over the serial connection. The results of a ping to the R2 Fast Ethernet interface address is also displayed to illustrate that the link is working.
155
Verifying MD5 Authentication
R1# show key chain Key-chain R1chain: key 1 -- text “FIRST-KEY" accept lifetime (04:00:00 Jan ) - (always valid) [valid now] send lifetime (04:00:00 Jan ) - (04:00:00 Jan ) key 2 -- text “SECOND-KEY" accept lifetime (04:00:00 Jan ) - (always valid) [valid now] send lifetime (04:00:00 Jan ) - (always valid) [valid now] Key chain R1chain and both keys key 1 (with authentication string FIRST-KEY) and key 2 (with authentication string SECOND-KEY) are displayed. Under each key, the lifetime of the key is also shown. By observing the same output from the neighboring router R2, the configuration can be verified.
156
Troubleshooting MD5 Authentication
R1# debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1 *Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/0 nbr *Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 R2# debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2 *Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/0 nbr *Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 The output of the debug eigrp packets command on R1 shown in the figure illustrates that R1 is receiving EIGRP packets with MD5 authentication, with a key-id equal to 1, from R2. Similarly, the output of the debug eigrp packets command on R2 shown in the figure illustrates that R2 is receiving EIGRP packets with MD5 authentication, with a key-id equal to 2, from R1.
157
Configuring EIGRP MD5 Authentication
EIGRP AS 100 /27 64 kbps .101 R1 .102 S0/0/0 R2 S0/0/0 .1 Fa0/0 .1 Fa0/0 /24 /24 R1(config-if)# key chain R1chain R1(config-keychain)# key 2 R1(config-keychain-key)# key-string wrongkey R1(config-keychain-key)# R2# debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch *Jan 21 16:50:18.749: EIGRP: Serial0/0/0: ignored packet from , opcode = 5 (invalid authentication) *Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication *Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/0 *Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor (Serial0/0/0) is down: Auth failure R2# R2# show ip eigrp neighbors IP-EIGRP neighbors for process 100 MD5 authentication on both R1 and R2, but R1 key 2 (that it uses when sending) changed. The output of the debug eigrp packets command on R2 shown in the figure illustrates that R2 is receiving EIGRP packets with MD5 authentication, with a key-id equal to 2, from R1, but that there is an authentication mismatch. The EIGRP packets from R1 are ignored, and the neighbor relationship is declared to be down. The output of the show ip eigrp neighbors command confirms that R2 does not have any EIGRP neighbors. The two routers keep trying to re-establish their neighbor relationship. Because of the different keys used by each router in this scenario, R1 will authenticate hello messages sent by R2 using key 1. However, when R1 sends a hello message back to R2 using key 2, there will be an authentication mismatch. From R1’s perspective, the relationship appears to be up for awhile, but then it times out, as illustrated by the following messages received on R1. The output of the show ip eigrp neighbors command on R1 also illustrates that R1 does have R2 in its neighbor table for a short time.
158
Optimizing EIGRP Implementations
159
Factors That Influence EIGRP Scalability
Quantity of routing information exchanged between peers: without proper route summarization, this can be excessive. Number of routers that must be involved when a topology change occurs. Depth of topology: the number of hops that information must travel to reach all routers. Number of alternate paths through the network. Some of the factors that affect network scalability are, as follows: Amount of information exchanged between neighbors: If more information than necessary for routing to function correctly is exchanged between EIGRP neighbors, the routers have to work harder at neighbor startup and to react to changes in the network. Number of routers: When a topology change occurs in the network, EIGRP resource consumption directly relates to the number of routers that must be involved in the change. Depth of the topology: The topology depth can affect the convergence time. Depth refers to the number of hops that information must travel to reach all routers. A multinational network without route summarization is an example of a network with large depth and therefore increasing convergence time. A three-tiered network design (as described in Module 1) is highly recommended for all IP routing environments. There should never be more than seven hops between any two routing devices on an internetwork. The propagation delay and query process across multiple hops when changes occur may slow down convergence of the network. Number of alternate paths through the network: A network should provide alternate paths to avoid single points of failure. However, too much complexity (too many alternate paths) can also create EIGRP convergence problems because the EIGRP routing process, using queries, needs to explore all possible paths for lost routes. This complexity creates an ideal condition for a router to become stuck-in-active (SIA) as it awaits a response to queries that are being propagated through these many alternate paths.
160
EIGRP Query Process Queries are sent when a route is lost and no feasible successor is available. The lost route is now in “active” state. Queries are sent to all neighboring routers on all interfaces except the interface to the successor. If the neighbors do not have their lost-route information, queries are sent to their neighbors. If a router has an alternate route, it answers the query; this stops the query from spreading in that branch of the network. As an advanced distance vector protocol, EIGRP relies on neighboring routers to provide routing information. Recall that when a router loses a route and does not have a feasible successor in its topology table, it looks for an alternative path to the destination. This is known as going active on a route; a route is considered passive when a router is not performing recompilation on that route. The router sends query packets to all neighbors on interfaces other than the one used to reach the previous successor (split horizon), inquiring whether they have a route to the given destination. If a router has an alternative route, it answers the query and does not propagate it further. If a neighbor does not have an alternative route, it queries each of its own neighbors for an alternative path. The queries then propagate through the network, creating an expanding tree of queries. When a router answers a query, it stops the spread of the query through that branch of the network; however, the query can still spread through other branches of the network as other routers attempt to find alternative paths, which might not exist.
161
Overwhelming EIGRP Query Process
In a large internetwork EIGRP queries can generate many resources. Several solutions exist to optimize the query propagation process and to limit the amount of unnecessary EIGRP load on the links, including: Summarization Redistribution EIGRP stub routing feature. The following presents a network example where a single lost route might result in an enormous amount of queries sent throughout the EIGRP domain. The route to the network on router R1 is lost and router R1 sends a query to all neighboring routers on all interfaces except the interface of the successor (because of split horizon). In this case the query is sent to router R2 and then R2 cascades the query to its neighbors, because it has no information about the lost route, and so on. Each query requires a reply from the neighbor; the amount of EIGRP traffic increases. In this network topology there is no redundant path to network available, and the EIGRP query propagation process is far from being efficient. Many queries are sent and each query is followed by a reply. Several solutions exist to optimize the query propagation process and to limit the amount of unnecessary EIGRP load on the links, including summarization, redistribution, and using EIGRP stub routing feature.
162
Stuck-in-Active If a router does not receive a reply to all the outstanding queries within default 3 minutes (180 seconds), the route goes into Stuck-in-Active (SIA) state. Common SIA reasons: A router is too busy to answer the query. A router cannot allocate the memory to process the query. The circuit between the two routers is not reliable. The router has unidirectional links. SIA solutions: Redesign the network to limit the query range by route summarization and the ip summary-address eigrp command. Configure the remote routers as stub EIGRP routers.
163
SIA Solution: Summarization
Poorly designed networks can make summarization difficult. Manually summarize the routes whenever possible to support a hierarchical network design. The more networks EIGRP summarizes, the lower the number of queries being sent out. Ultimately reduces the occurrence of SIA errors.
164
SIA Solution: Summarization
This network design is better because subnet addresses from individual major networks are localized within each cloud, allowing summary routes configured using the ip summary-address eigrp command to be injected into the core. As an added benefit, the summary routes act as a boundary for the queries generated by a topology change.
165
SIA Solution: Stub Networks
The EIGRP Stub Routing feature: Improves network stability Reduces resource utilization and Simplifies remote router (spoke) configuration The EIGRP stub feature was first introduced in Cisco IOS Software Release 12.0(7)T. Only the remote routers are configured as stubs. A stub router sends a special peer information packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes. Therefore, a router that has a stub peer does not query that peer; instead, hub routers connected to the stub router answer the query on behalf of the stub router. The stub routing feature does not prevent routes from being advertised to the remote router. The EIGRP stub routing feature also simplifies the configuration and maintenance of hub-and-spoke networks. When stub routing is enabled in dual-homed remote configurations, you do not have to configure filtering on remote routers to prevent them from appearing as transit paths to the hub routers. Caution: EIGRP stub routing should be used on stub routers only. A stub router is defined as a router connected to the network core or hub layer through which core transit traffic should not flow. A stub router should only have hub routers for EIGRP neighbors. Ignoring this restriction may cause undesirable behavior.
166
EIGRP Stub Routing Stub routing is commonly used in hub-and-spoke topology. Stub router sends a special peer information packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes. Stub routers are not queried and instead, hub routers connected to the stub router answer the query on behalf of the stub router. Only the remote routers are configured as stubs.
167
EIGRP Stub Configure a router as a stub router. Router(config-router)#
eigrp stub [receive-only | connected | static | summary | redistributed] Parameter Description receive-only Restricts the router from sharing any of its routes with any other router within an EIGRP AS. Keyword cannot be combined with any other keyword. connected Permits the EIGRP stub routing feature to send connected routes. This option is enabled by default and is the most widely practical stub option. static Permits the EIGRP stub routing feature to send static routes. Redistributing static routes with the redistribute static command is still necessary. summary Permits the EIGRP stub routing feature to send automatically summarized and / or manually summarized routes. This option is enabled by default. redistributed Permits the EIGRP stub routing feature to send redistributed routes. Redistributing routes with the redistribute command is still necessary. The optional parameters in this command can be used in any combination, with the exception of the receive-only keyword. If any of the keywords (except receive-only) is used individually, the connected and summary routes are not sent automatically.
168
Example: EIGRP Stub Parameters
If stub connected is configured: B will advertise /24 to A. B will not advertise /23, /23, or /24. If stub summary is configured: B will advertise /23 to A. B will not advertise /24, /24, or /24. In the first scenario, with the eigrp stub connected command, router B will only advertise /24. Notice that although /24 is also a connected network, it is not advertised to router A because it is not advertised in a network command, and connected routes are not redistributed. In the second scenario, with the eigrp stub summary command, router B will only advertise /23, the summary route that is configured on the router.
169
Example: EIGRP Stub Parameters (Cont.)
If stub static is configured: B will advertise /24 to A. B will not advertise /24, /23, or /24. If stub receive-only is configured: B won’t advertise anything to A, so A needs to have a static route to the networks behind B to reach them. In the third scenario, with the eigrp stub static command, router B will only advertise /24, the static route that is configured on the router. In the final scenario, with the eigrp stub receive-only command, router B will not advertise anything.
170
Graceful Shutdown Graceful shutdown, implemented with the goodbye message feature, is designed to improve EIGRP network convergence. In the figure, router A is using router B as the successor for a number of routes; router C is the feasible successor for the same routes. Router B normally would not tell router A if the EIGRP process on router B was going down, for example, if router B was being reconfigured. Router A would have to wait for its hold timer to expire before it would discover the change and react to it. Packets sent during this time would be lost. With graceful shutdown, the goodbye message is broadcast when an EIGRP routing process is shut down to inform adjacent peers about the impending topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor relationships more efficiently than would occur if the peers discovered the topology change after the hold timer expired. The goodbye message is supported in Cisco IOS Software Release 12.3(2), 12.3(3)B, and 12.3(2)T and later. Goodbye messages are sent in hello packets. EIGRP sends an interface goodbye message with all K values set to 255 when taking down all peers on an interface.
171
Chapter 2 Summary The chapter focused on the following topics:
Features of EIGRP, including fast convergence, use of partial updates, multiple network layer support, use of multicast and unicast, VLSM support, seamless connectivity across all data link layer protocols and topologies, and sophisticated metric. EIGRP’s underlying processes and technologies—neighbor discovery/recovery mechanism, RTP, DUAL finite state machine, and protocol-dependent modules. EIGRP's tables—neighbor table, topology table, and routing table EIGRP terminology: Advertised distance (the metric for an EIGRP neighbor router to reach the destination; the metric between the next- hop router and the destination) Feasible distance (the sum of the AD from the next-hop neighbor, and the cost between the local router and the next- hop router) Successor (a neighboring router that has a least-cost loop-free path to a destination, the lowest FD) Feasible successor (a neighboring router that has a loop-free backup path to a destination). Passive routes, those not undergoing recomputation; active routes, those undergoing recomputation The five EIGRP packet types: hello, update, query, reply, and acknowledgment. Updates, queries, and replies are sent reliably.
172
Chapter 2 Summary EIGRP initial route discovery process, started by a router sending hello packets. Neighboring routers reply with update packets, which populate the router's topology table. The router chooses the successor routes and offers them to the routing table. The DUAL process including selecting FSs. To qualify as an FS, a next-hop router must have an AD less than the FD of the current successor route for the particular network, to ensure a loop-free network. The EIGRP metric calculation, which defaults to bandwidth (the slowest bandwidth between the source and destination) + delay (the cumulative interface delay along the path). Planning EIGRP implementations, including: IP addressing Network topology EIGRP traffic engineering. The list of tasks for each router in the network include: Enabling the EIGRP routing protocol (with the correct AS number) Configuring the proper network statements Optionally configuring the metric to appropriate interfaces.
173
Chapter 2 Summary (continued)
Basic EIGRP configuration commands. Commands for verifying EIGRP operation. Configuring a passive-interface. Propagating a default route. EIGRP summarization. EIGRP over Frame Relay. EIGRP over MPLS. EIGRP load-balancing EIGRP operation in WAN environments: Configuring, verifying, and troubleshooting EIGRP MD5 authentication. EIGRP scalability factors, including the amount of information exchanged, the number of routers, the depth of the topology, and the number of alternative paths through the network. The SIA state and how to limit the query range to help reduce SIAs. Configuring the remote routers as stub EIGRP routers. Graceful shutdown, which broadcasts a goodbye message (in a hello packet, with all K values set to 255) when an EIGRP routing process is shut down, to inform neighbors
174
Resources http://www.cisco.com/go/eigrp
p/command/reference/ire_book.html
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.