CCNP Route Notes EIGRP
EIGRP Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary, advanced distance vector, classless routing protocol that uses a complex metric based on bandwidth and delay. The following are some features of EIGRP:
- Fast convergence.
- Support for VLSM.
- Partial updates conserve network bandwidth.
- Support for IP, AppleTalk, and IPX.
- Runs directly over IP, using protocol number 88.
- Support for all Layer 2 (data link layer) protocols and topologies.
- Sophisticated metric that supports load-balancing across unequal-cost paths
- Use of multicast (and unicast where appropriate) instead of broadcasts.
- Support for authentication.
- Manual summarization at any interface.
- Uses multicast 224.0.0.10.
EIGRP’s function is controlled by four key technologies:
- Neighbor discovery and maintenance: Periodic hello messages
- The Reliable Transport Protocol (RTP): Controls sending, tracking, and acknowledging EIGRP messages
- Diffusing Update Algorithm (DUAL): Determines the best loop-free route
- Protocol-independent modules (PDM): Modules are “plug-ins” for IP, IPX, and AppleTalk versions of EIGRP
EIGRP uses three tables:
- The neighbor table is built from EIGRP hellos and used for reliable delivery.
- The topology table contains EIGRP routing information for best paths and loop-free alternatives.
- EIGRP places best routes from its topology table into the common routing table.
EIGRP Messages
EIGRP uses various message types to initiate and maintain neighbor relationships, and to maintain an accurate routing
table. It is designed to conserve bandwidth and router resources by sending messages only when needed and only to those
neighbors that need to receive them.
Packet Types
EIGRP uses five packet types:
- Hello: Identifies neighbors and serves as a keepalive mechanism
- Update: Reliably sends route information
- Query: Reliably requests specific route information
- Reply: Reliably responds to a query
- ACK: Acknowledgment
EIGRP is reliable, but hellos and ACKs are not acknowledged. The acknowledgment to a query is a reply.
If a reliable packet is not acknowledged, EIGRP periodically retransmits the packet to the nonresponding neighbor as a unicast. EIGRP has a window size of one, so no other traffic is sent to this neighbor until it responds. After 16 unacknowledged retransmissions, the neighbor is removed from the neighbor table.
Neighbor Discovery and Route Exchange
When EIGRP first starts, it uses hellos to build a neighbor table. Neighbors are directly attached routers that have a matching AS number and k values. (The timers don’t have to agree.) The process of neighbor discovery and route exchange between two EIGRP routers is as follows:
Step 1. Router A sends out a hello.
Step 2. Router B sends back a hello and an update. The update contains routing information.
Step 3. Router A acknowledges the update.
Step 4. Router A sends its update.
Step 5. Router B acknowledges.
When two routers are EIGRP neighbors, they use hellos between them as keepalives. Additional route information is sent only if a route is lost or a new route is discovered. A neighbor is considered lost if no hello is received within three hello periods (called the hold time). The default hello/hold timers are as follows:
- 5 seconds/15 seconds for multipoint circuits with bandwidth greater than T1 and for point-to-point media
- 60 seconds/180 seconds for multipoint circuits with bandwidth less than or equal to T1
The exchange process can be viewed using debug ip eigrp packets, and the update process can be seen using debug ip eigrp. The neighbor table can be seen with the command show ip eigrp neighbors.
EIGRP Route Selection
An EIGRP router receives advertisements from each neighbor listing the advertised distance (AD) and feasible distance (FD) to a route. The AD is the metric from the neighbor to the network. FD is the metric from this router, through the neighbor, to the destination network.
EIGRP Metric
The EIGRP metric is shown in Figure 2-1.
The k values are constants. Their default values are k1 = 1, k2 = 0, k3 = 1, k4 = 0, and k5 = 0. If k5 = 0, the final part of the equation (k5 / [rel + k4]) is ignored.
BWmin is the minimum bandwidth along the path—the choke point bandwidth.
Delay values are associated with each interface. The sum of the delays (in tens of microseconds) is used in the equation.
Taking the default k values into account, the equation simplifies to the one shown in Figure 2-2.
If default k values are used, this works out to be 256 (BW + cumulative delay).
Bandwidth is the largest contributor to the metric. The delay value enables us to choose a more direct path when bandwidth is equivalent.
Diffusing Update Algorithm (DUAL)
DUAL is the algorithm used by EIGRP to choose best paths by looking at AD and FD. The path with the lowest metric is called the successor path. EIGRP paths with a lower AD than the FD of the successor path are guaranteed loop-free and called feasible successors. If the successor path is lost, the router can use the feasible successor immediately without risk of loops.
After the router has chosen a path to a network, it is passive for that route. If a successor path is lost and no feasible successor is identified, the router sends out queries on all interfaces in an attempt to identify an alternate path. It is active for that route. No successor can be chosen until the router receives a reply to all queries. If a reply is missing for 3 minutes, the router becomes stuck in active (SIA). In that case, it resets the neighbor relationship with the neighbor that did not reply.
Three common causes for SIA routes are
- CPU or memory usage is so high on the neighbor that it cannot process the query or reply.
- The link between the routers drops packets. Enough packets get through to maintain the neighbor relationship, but some queries or replies are dropped.
- Unidirectional link, so the router never receives packets from its neighbor.
Route Selection Example
The following diagrams show EIGRP advertisements to R3 and R5 about a destination network connected to R1. In Figure 2-3, R5 chooses R4 as the successor path because it offers the lowest feasible distance. The AD from R3 indicates that passing traffic through R3 will not loop, so R3 is a feasible successor.
How does R3 choose its path? Figure 2-4 shows the path selection process for R3.
FIGURE 2-3 EIGRP Path Selection, Part One
R1 will be its successor because it has the lowest metric. However, no feasible successor exists because R2’s AD is greater than the successor path metric. If the direct path to R1 is lost, R3 has to query its neighbors to discover an alternative path. It must wait to hear back from R2 and R5 and will ultimately decide that R2 is the new successor.
Planning an EIGRP Implementation
When planning an EIGRP implementation, gather the following information:
- Current network setup and future requirements: Document the IP addressing used and the network topology, including links types, bandwidth, and utilization. A good IP addressing design allows summarization at various points in the network.
- Network design: Although EIGRP does not require a hierarchical network design, it can perform more efficiently within that type of network.
- Plans for EIGRP scaling options: These would include summarization, stub areas, and changes in interface metrics
to improve bandwidth utilization.
Your final implementation plan needs to include detailed parameters such as the exact topology, IP networks to be advertised, EIGRP AS number, lists of routers to run EIGRP, and any nondefault metrics to be used. It needs to list implementation tasks for each router in the network. Finally it needs to provide verification tasks for each router such as verifying neighbors, IP routing tables, EIGRP topology tables, and network connectivity.
Basic EIGRP Configuration
EIGRP is configured by entering router configuration mode and identifying the networks within which it should run. When setting up EIGRP, an autonomous system number must be used (7 is used in the example). Autonomous system numbers must agree for two routers to form a neighbor relationship and to exchange routes.
Router(config)# router eigrp 7 Router(config-router)# network 192.168.1.0
The wildcard mask option can be used with the network command to more precisely identify EIGRP interfaces. For instance, if a router has two interfaces—fa0/0 (192.168.1.1/27) and fa0/1 (192.168.1.33/27)—and needs to run EIGRP only on fa0/0, the following command can be used:
Router(config-router)# network 192.168.1.0 0.0.0.1
In this command, a wildcard mask of 0.0.0.1 matches only two IP addresses in network 192.168.1.0–192.168.1.0 and 192.168.1.1. Therefore, only interface fa0/0 is included in EIGRP routing.
To ensure that the correct metric is calculated, or to influence the metric, you might want to configure the bandwidth on the interface. Use the interface command:
R1(config)# interface s0/0/0 R1(config-if)# bandwidth kbps
Creating an EIGRP Default Route
Figure 2-5 shows a simple two-router network. You can configure EIGRP on R1 to advertise a default route to R3 in these ways:
n R1 can specify a default network:
R1(config)# ip default-network 10.0.0.0 R3 now sees a default network with a next hop of R1. n Create a static default route and then include network 0.0.0.0 in EIGRP: R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2 R1(config)# router eigrp 7 R1(config-router)# network 0.0.0.0
FIGURE 2-5 EIGRP Default Route
Verify and Troubleshoot EIGRP
The most straightforward way to troubleshoot EIGRP is to inspect the routing table, show ip route. To filter the routing table and show only the routes learned from EIGRP, use the show ip route eigrp command. The show ip protocols command verifies autonomous system, timer values, identified networks, and EIGRP neighbors (routing information sources).
The command show ip eigrp topology shows the EIGRP topology table and identifies successors and feasible successors. Use show ip eigrp neighbors to verify that the correct routers are neighbors, and use show ip eigrp traffic to show the amount and types of EIGRP messages. The command show ip eigrp interfaces lists the interfaces participating in EIGRP and any neighbors found out those interfaces, along with some other statistics.
EIGRP Across a WAN
EIGRP can be used across many types of WAN links. This section examines how it operates over some of them.
EIGRP over EoMPLS
MPLS can provide either a Layer 2 or a Layer 3 connection. In MPLS terminology, your WAN edge routers are called CE (customer edge) routers, and the ISP’s WAN edge routers are called PE (provider edge) routers. Within the ISP’s network
are P (provider) routers, but they should not be visible to the CE.
Ethernet over MPLS (EoMPLS) leverages Any Transport over MPLS (AToM) to provide a Layer 2 connection such as Metro Ethernet. With EoMPLS, the CE routers appear to have a point-to-point Ethernet connection across the WAN. In reality, each CE router has an Ethernet connection to its local PE router.
Figure 2-6 shows how this works. The PE1 router receives Ethernet frames from CE1, encapsulates them into an MPLS packet, and then forwards them across the WAN to PE2, which is the local router connected to CE2. PE2 decapsulates the packet, rebuilds the Ethernet frame, and sends it to the CE2.
It is important to understand that CE1 and CE2 build an EIGRP neighbor relationship with each other. The ISP routers are not involved in routing with the CE routers. Additionally, the PE routers do not learn any MAC addresses or participate in Spanning Tree.
FIGURE 2-6 Using EIGRP with EoMPLS
EIGRP over MPLS
PE routers are involved in routing when you use EIGRP over Layer 3 MPLS VPNs, however. The connection between the CE and PE routers is a Layer 3 connection. Each connected PE and CE router are EIGRP neighbors. The PE router is just another neighbor to the CE router; it is not aware of the MPLS network or the ISP’s P routers.
In Figure 2-7, CE1 creates an EIGRP neighbor relationship with PE1. CE1 sends routing updates about its networks to PE1, which installs the routes in the correct Virtual Routing and Forwarding (VRF) table and then transmits them across the WAN as MPLS packets to PE2. PE2 is an EIGRP neighbor to CE2, so it forwards the route advertisements as normal EIGRP updates.
When using EIGRP over MPLS, the customer and the provider need to use the same basic EIGRP configuration such as AS number and authentication.
FIGURE 2-7 EIGRP with MPLS
EIGRP over Frame Relay
One issue with using EIGRP over Frame Relay is that one physical interface can support multiple logical connections,
each identified by a Data Link Connection Identifier (DLCI). These are Layer 2 connections and must be mapped to a
Layer 3 neighbor IP address. This mapping can be done either dynamically or statically. Multipoint interfaces are used in
partial and full mesh topologies.
Dynamic mapping uses Inverse ARP. Routers form EIGRP neighbor adjacencies only with routers that they connect to via a Frame Relay virtual circuit (VC). Static mapping requires manual configuration under each interface but enables routers without VC connections to become neighbors. The static mapping command is given under interface configuration mode: frame-relay map ip remote-ip-address local-dlci broadcast
The broadcast keyword is required because Frame Relay is, by default, a nonbroadcast medium. Static mapping can be used with both physical multipoint interfaces and subinterfaces. Note that a multipoint interface stays up if one DLCI is active, so a neighbor loss might not be detected until the hold timer expires.
Frame Relay can emulate physical point-to-point links by using point-to-point subinterfaces. This is used in a hub-andspoke topology. Neighbor loss is detected much more quickly on point-to-point links for two reasons:
- The default timers are shorter, 5 second hold timer and 15 second dead timer.
- The subinterface goes down when its associated DLCI goes down.
WAN Bandwidth
By default, EIGRP limits itself to bursting to half the link bandwidth. This limit is configurable per interface using the ip bandwidth-percent command. The following example assumes EIGRP AS 7 and limits EIGRP to one quarter of the link bandwidth:
Router(config)# int s0/0/0 Router(config-if)# ip bandwidth-percent eigrp 7 25
The real issue with WAN links is that the router assumes that each link has 1544 kbps bandwidth. If interface Serial0/0/0 is attached to a 128 k fractional T1, EIGRP assumes it can burst to 768 k and could overwhelm the line. This is rectified by correctly identifying link bandwidth:
Router (config)# int serial 0/0/0 Router (config-if)# bandwidth 128
Figure 2-8 shows a situation in which these techniques can be combined: Frame Relay.
FIGURE 2-8 EIGRP with Frame Relay
In this example, R1 has a 256 kbps connection to the Frame Relay network and two permanent virtual circuits (PVCs) with committed information rates (CIR) of 128 Kpbs and 64 Kbps. EIGRP divides the interface bandwidth evenly between the number of neighbors on that interface. What value should be used for the interface bandwidth in this case?
The usual suggestion is to use the CIR, but the two PVCs have different CIRs. You can use the bandwidth-percent command to allow SNMP reporting of the true bandwidth value, while adjusting the interface burst rate to 25 percent, or 64 kbps.
R1(config)# int serial 0/0/0 R1 (config-if)# bandwidth 256 R1 (config-if)# ip bandwidth-percent eigrp 7 25
A better solution is to use point-to-point subinterfaces and identify bandwidth separately. In the following example, s0/0/0.1 bursts to 64 k, and s0/0/0.2 bursts to 32 k, using EIGRP’s default value of half the bandwidth.
R1(config)# int serial 0/0/0.1 point-to-point R1(config-if)# bandwidth 128 R1(config-if)# frame-relay interface-dlci 100 ! R1(config)# int serial 0/0/0.2 point-to-point R1(config-if)# bandwidth 64 R1(config-if)# frame-relay interface-dlci 101
In cases where the hub interface bandwidth is oversubscribed, it might be necessary to set bandwidth for each subinterface arbitrarily low and then specify an EIGRP bandwidth percent value over 100 to allow EIGRP to use half the PVC bandwidth.
Customizing the EIGRP Configuration
EIGRP provides some ways to customize its operation, such as passive interface, unicast neighbors, route summarization, unequal-metric load balancing, and authentication. This section describes how to configure these.
Passive Interface
The passive-interface command prevents either routing updates or hello messages from being sent out an interface. RIP does not send updates when it enabled; EIGRP and OSPF do not send hellos, and thus they don’t discover neighbors or form an adjacency out that interface. To disable the protocol on one interface, use the routing protocol configuration command passive-interface interface. To turn off the protocol on all interfaces, use passive-interface default. You can then use no passive-interface interface for the ones that should run the protocol, as shown here:
Router(config)# router eigrp 7 Router(config-router)# passive-interface default Router(config-router)# no passive-interface s0/0/0
Unicast Neighbors
EIGRP usually uses a multicast to IP address 224.0.0.10 for its messages. You can configure it to use a unicast address
instead with the routing protocol configuration command neighbor ip-address. The IP address must be in the same
subnet as one of the router’s own interfaces.
Summarization
EIGRP defaults to automatically summarizing at classful network boundaries. Automatic summarization is usually disabled using the following command:
Router(config-router)# no auto-summary
Summaries can be produced manually on any interface. When a summary is produced, a matching route to null0 also becomes active as a loop prevention mechanism. Configure a summary route out a particular interface using the ip summary-address eigrp autonomous_system command. The following example advertises a default route out FastEthernet0/1 and the summary route 172.16.104.0/22 out Serial0/0/0 for EIGRP AS 7.
Router(config)# int fa0/1 Router(config-if)# ip summary-address eigrp 7 0.0.0.0 0.0.0.0 ! Router(config)# int s0/0/0 Router(config-if)# ip summary-address eigrp 7 172.16.104.0 255.255.252.0
Load Balancing
EIGRP, like most IP routing protocols, automatically load balances over equal metric paths. What makes EIGRP unique is that you can configure it to proportionally load balance over unequal metric paths. The variance command is used to configure load balancing over up to six loop-free paths with a metric lower than the product of the variance and the best metric. Figure 2-9 shows routers advertising a path to the network connected to R1.
By default, R5 uses the path through R4 because it offers the lowest metric (14,869,333). To set up unequal cost load balancing, assign a variance of 2 under the EIGRP process on R5, which multiplies the best metric of 14,869,333 by 2 to get 29,738,666. R5 then uses all loop-free paths with a metric less than 29,738,666, which includes the path through R3.
By default, R5 load balances over these paths, sending traffic along each path in proportion to its metric.
R5(config)# router eigrp 7 R5(config-router)# variance 2
FIGURE 2-9 EIGRP Unequal-cost Load Balancing
EIGRP Authentication
By default, no authentication is used for any routing protocol. Some protocols, such as RIPv2, IS-IS, and OSPF, can be configured to do simple password authentication between neighboring routers. In this type of authentication, a clear-text
password is used. EIGRP does not support simple authentication. However, it can be configured to authenticate each
packet exchanged using an MD5 hash created from a preconfigured, shared password. This is more secure than clear text
because only the message digest is exchanged, not the password. The password is called the key.
EIGRP authenticates each of its packets and verifies the source of each routing update by including the hash in each one.
If the hash value does not match, the packet is silently dropped.
To implement EIGRP authentication, first create a plan:
- Look at the current configuration to determine the AS number and interfaces where it will be configured.
- Decide the authentication type. (For EIGRP this must be MD5.)
- Decide the key strings, and how many keys will be used.
- Optionally decide the key lifetimes.
To configure the router for EIGRP authentication, follow these steps:
Step 1. Configure a key chain to group the keys.
Step 2. Configure one or more keys within that key chain. The router checks all inbound packets against the list of keys and uses the first valid one it finds.
Step 3. Configure the password or authentication string for that key. Repeat Steps 2 and 3 to add more keys if desired.
Step 4. Optionally configure a lifetime for the keys within that key chain. If you do this, be sure that the time is synchronized between the two routers.
Step 5. Enable authentication and assign a key chain to an interface.
Step 6. Designate MD5 as the type of authentication.
Example 2-1 shows a router configured with EIGRP authentication. It shows configuring a lifetime for packets sent using key 1 that starts at 10:15 and lasts for 300 seconds. It also shows configuring a lifetime for packets received using key 1 that starts at 10:00 and lasts until 10:05. Router clocks must be synchronized when using lifetimes, so use an NTP server.
Example 2-1 Configuring EIGRP Authentication
Router(config)# key chain RTR_Auth Router(config-keychain)# key 1 Router(config-keychain-key)# key-string mykey Router(config-keychain-key)# send-lifetime 10:15:00 300 Router(config-keychain-key)# accept-lifetime 10:00:00 10:05:00 ! Router(config)# interface s0/0/0 Router(config-if)# ip authentication mode eigrp 10 md5 Router(config-if)# ip authentication key-chain eigrp 10 RTR_Auth
Verify your configuration with the show key chain command. show ip eigrp neighbors is also useful, as no neighbor relationship will be formed if authentication fails. Using the debug eigrp packets command should show packets containing authentication information sent and received, and it enables you to troubleshoot configuration issues. The debug output lists an authentication mismatch message if authentication does not succeed.
EIGRP Scalability
Four factors influence EIGRP’s scalability:
- The number of routes that must be exchanged
- The number of routers that must know of a topology change
- The number of alternate routes to a network
- The number of hops from one end of the network to the other (topology depth)
To improve scalability, summarize routes when possible, try to have a network depth of no more than seven hops, and limit the scope of EIGRP queries.
EIGRP Stub
Stub routing is one way to limit queries. A stub router is one that is connected to no more than two neighbors and should
never be a transit router. This feature is commonly used in a hub-and-spoke topology. When a router is configured as an
EIGRP stub, it notifies its neighbors. The neighbors then do not query that router for a lost route. An EIGRP stub router
still receives all routes from its neighbors by default.
Under router configuration mode, use the command eigrp stub [receiveonly|connected|static|summary|redistributed] . Table 2-1 lists each of the command options and their affect.
Table 2-1 eigrp stub Command Options:
Command Option |
Affect |
receive-only | Prevents the router from advertising any networks, including its own. Cannot be combined with any other option |
connected | Enables the router to advertise connected routes. These must either be included in a network statement or redistributed into EIGRP. Enabled by default |
Static | Enables the router to advertise static routes. They must be redistributed into EIGRP before they will be advertised |
Summary | Enables the router to advertise summary routes, both those created manually and automatically. Enabled by default |
redistributed | Allows the router to advertise routes redistributed into EIGRP from another protocol or AS. |
Active Process Enhancement
The Active Process Enhancement enables routers to use SIA-Queries and SIA-Replies to prevent the loss of a neighbor unnecessarily during SIA conditions. A router sends its neighbor a SIA-Query after no reply to a normal query. If the neighbor responds with a SIA-Reply, the router does not terminate the neighbor relationship after 3 minutes, because it knows the neighbor is available.
Graceful Shutdown
Graceful shutdown is another feature that speeds network convergence. Whenever the EIGRP process is shut down, the router sends a “goodbye” message to its neighbors. Ironically, the goodbye message is sent in a “hello” packet. The neighbors can then immediately recalculate any paths that used the router as the next hop, rather than waiting for the hold timer to expire.
More Resources
- CCNP Route Notes
- CCNP Route Lab Manual with Solutions
- CCNP Security VPN FAQ
- CCNP Secure IPS FAQ
- CCNP Switch FAQ
- CCNP Switch Lab Manual with Solutions
- CCNA Security Lab Manual With Solutions
- CCNA Security FAQ
- 210-451 CCNA Cloud CLDFND FAQ
- Cisco Network Mgmt Protocol FAQ
- Network Security FAQ
- CCDA FAQ
- CCNA Cloud FAQ
- CCNA RSE Lab