$30 off During Our Annual Pro Sale. View Details »

EIGRP

 EIGRP

Presentation about routing protocol EIGRP, CCIE level.

Dmitry Figol

August 19, 2016
Tweet

More Decks by Dmitry Figol

Other Decks in Technology

Transcript

  1. EIGRP
    Dmitry Figol
    CCIE R&S #53592
    dmfigol.me
    August, 2016
    Updated: July, 2017

    View Slide

  2. About me
    @dmfigol
    dmfigol
    dmfigol.me
    dmfigol
    dmfigol
    2

    View Slide

  3. Out of scope
    3
    • EIGRP PE-CE for MPLS L3VPN
    • EIGRP Over The Top (OTP)
    • EIGRP Stub Site (IWAN)
    • EIGRP Multi Topology Routing (MTR) in Named mode

    View Slide

  4. Quick facts
    4
    • Distance-vector routing protocol
    • Classless
    • Supports unequal cost load-balancing
    • Can provide sub-second convergence
    • Partial and bounded updates
    • Uses Diffusing Update Algorithm (DUAL)
    • Arbitrary route summarization

    View Slide

  5. Transport
    5
    • Uses multicast address 224.0.0.10
    • Uses Reliable Transport Protocol (RTP) for transport – IP Protocol
    Number 88
    • RTP can provide reliable delivery like TCP using sequence numbers
    • EIGRP uses both multicast and unicast packets

    View Slide

  6. Packets
    6
    • Hello
    • ACK – hello with no data
    • Update
    • Query
    • Reply
    • SIA query/reply
    • Goodbye – hello with K values set to 255

    View Slide

  7. Timers
    7
    • Hello timer
    (config-if)# ip hello-interval eigrp as seconds
    • Default is 5 seconds (on multipoint) or 60 seconds (on p2p)
    • Hold timer
    (config-if)# ip hold-interval eigrp as seconds
    • Default is 15 seconds (on multipoint) or 180 seconds (on p2p)
    • Active timer
    (config-router)# timers active-time minutes
    • Default is 3 minutes
    • SIA retransmit timer
    • Default is 90 seconds

    View Slide

  8. Adjacency
    8
    • To establish adjacency the following parameters should match:
    • AS number
    • K-values
    • Common subnet
    • Authentication type/password
    • Automatic neighbor discovery is configured using network command.
    (сonfig)# router eigrp as
    (config-router)# network
    • Enables EIGRP on all interfaces where IP addresses match subnet + wild card mask AND
    advertises the original prefix from the interface
    • Manual neighbor can be configured using:
    (config-router)# neighbor
    • Must be configured on both neighbors. The command also turns off sending and receiving
    multicast hello
    • Verification: # show ip eigrp neighbors [detail]

    View Slide

  9. 9
    • You can stop processing and sending any EIGRP packets on the
    interface using passive interface feature:
    (config-router)# passive-interface [default | int-name]
    • Manual neighbors will also stop working on this link, unlike in RIP
    Passive interface

    View Slide

  10. Administrative distance
    10
    • EIGRP uses the following administrative distances:
    • Internal – 90
    • External – 170
    • Summary – 5
    • AD for internal and external routes can be changed globally using:
    (config-router)# distance eigrp int-ad ext-ad
    • AD for internal routes can be changed per prefix/neighbor using:
    (config-router)# distance ad neighbor-ip wc-mask acl
    • AD for external routes can’t be changed per prefix
    • AD for summary routes can be changed per prefix using:
    (config-router)# summary-metric prefix/length distance ad

    View Slide

  11. Composite metric
    11
    • EIGRP calculates composite metric using the formula:
    where
    • delaytotal – in microseconds, bandwidthmin
    – in kbps, load is the highest along the path,
    reliability is the lowest.
    • If K5 = 0, the formula changes: last multiplier is excluded
    • Note: load/reliability are not updated live, the current values are sent with a new
    update
    • Note: composite metric is never sent to the neighbor, only individual components
    256 ∗ (1 ∗ ℎ +
    2 ∗ ℎ
    256 −
    + 3 ∗ ) ∗
    5
    + 4
    ℎ =
    107

    =

    10

    View Slide

  12. EIGRP terms and definitions
    12
    • Computed Distance (CD) – composite metric of the whole path
    • Advertised Distance (AD) or Reported Distance (RD) – composite metric
    of the best path from neighbor’s perspective
    • Feasible Distance (FD) – the lowest value of CD of the best path since
    the last transition from Active to Passive
    • Note: FD does not always equal CD of the best path
    • Feasible Successor (FS) – the path that meets Feasibility Condition (FC),
    guaranteed to be loop-free by DUAL
    • Feasibility Condition (FC): RD of the candidate path < FD
    • Successor (S) – one of FS with the lowest CD

    View Slide

  13. Loop prevention
    13
    • Feasibility Condition
    • Split horizon – technically not needed as FC already guarantees loop-
    free path
    • Hop count
    (config-router)# metric maximum-hops 1..255 ! default is 100
    • Router ID for external routes

    View Slide

  14. Operation
    14
    • EIGRP puts all received routes into Topology Table
    • Runs local computation and finds FS/S
    • The best path (or several) are then presented to RIB
    • Converged routes are marked as Passive
    • If there is reconvergence event, it is possible that route will go to Active state
    • Verification:
    # show ip eigrp topology [all-links]
    # show ip eigrp topology prefix/len

    View Slide

  15. 15
    Scenario

    View Slide

  16. Scenario – rules and task
    Rules:
    • If some EIGRP setting is not mentioned, assume default.
    • K3=1, K1=K2=K4=K5=0
    • Delay is written above each link. Please note that you don’t need to divide microseconds by
    10 and then multiply by 256, you can add metrics blindly just for the sake of this exercise
    • All questions are asked from perspective of R1 towards destination prefix 6.6.6.6/32
    Task:
    • Which router is Successor?
    • What is the value of FD?
    • Fill in the table with ✓ or ✗ and write down the
    number of ticks
    # ✓ = ?
    16
    path via
    ..
    in topology
    table?
    is FS/S? (yes or
    no)
    R2
    R3
    R4
    R5

    View Slide

  17. Scenario – answers
    17
    • Which router is Successor? R3
    • What is the value of FD? 110
    • Fill in the table with ✓ or ✗ and write down the number of ticks
    Pitfall: R4 will choose the path to the destination via R1 because 115 < 120.
    Because the best path is via R1, R4 will send an update with infinite metric to
    R1 due to split-horizon on R4 link to R1
    path via
    ..
    in topology
    table?
    is FS/S? (yes or
    no)
    R2 ✓ ✗
    R3 ✓ ✓
    R4 ✗ ✗
    R5 ✓ ✓
    # ✓ = 5

    View Slide

  18. Unequal cost load balancing
    18
    • EIGRP supports unequal cost load balancing
    • The path is considered for load balancing if it is FS
    • Also the metric of the path must follow this inequality:
    CD of FS <= CD of S x Variance
    • Variance is configured using:
    (config-router)# variance number ! default is 1
    • Number of maximum paths for load balancing is configured using:
    (config-router)# maximum-paths number ! default is 4, maximum is 32

    View Slide

  19. Reconvergence
    19
    • If we lose Successor, two scenarios are possible:
    • If there is no FS:
    • The route goes to Active state
    • Router sends QUERY to all neighbors
    • During QUERY process the route is frozen in RIB/topology table
    • Local computation of FS/S is done after we receive REPLY for all queries
    • If there is FS:
    • FS with the lowest CD becomes Successor*
    • The route stays passive
    • Results in sub-second convergence
    *Note: If we lose successor and the path with the lowest CD is not in FS list, the route goes to
    Active state regardless if we have other FS or not.

    View Slide

  20. Reconvergence – Query/Reply
    20
    • Query checks if neighbors have FS/S
    • Query also informs neighbors about the lost path (poisons with infinite
    metric) and they remove this path from the topology table
    • Conditions to send a REPLY to a received QUERY:
    • If we have a Successor, reply with the metric of the Successor
    • If the route is already in Active state, reply with infinite metric
    • If this route is NOT in the topology table, reply with infinite metric
    • Otherwise the route goes into ACTIVE state, queries are sent to all non-
    stub neighbors except of the neighbor from which QUERY was
    received. Upon receiving all replies, local computation is performed
    (FS/S is selected) and REPLY to the original QUERY is sent.
    • Stub router CAN send query to another stub router

    View Slide

  21. Reconvergence - Stuck in Active
    21
    • If all replies are not heard within Active timer (3 minutes) the route will go to
    SIA state and the neighbor from which we didn’t receive reply will be
    declared down
    • This behavior was changed with introduction of new packet types: SIA
    query/reply
    • After half of Active timer (SIA retransmit timer - 90 seconds), SIA query is
    sent to check the status of the query/neighbor and Active timer is reset
    • Neighbor must respond with Reply (if the route is not in topology table or if
    Successor has been found) or with SIA reply (if the route is still in Active)
    • If Reply or SIA reply is not heard, adjacency will be torn down
    • If Reply is not heard after three SIA query attempts, adjacency will be torn down

    View Slide

  22. Reconvergence (cont.)
    22
    • Reconvergence is the function of a query domain: more routers have to
    be queried, slower the process is. Also, more routers increase the
    chance of SIA.
    • To speed up convergence we should limit the query domain using:
    • Stub feature
    • Summarization
    • Filtering

    View Slide

  23. Path manipulation
    23
    • The metric can be influenced by changing individual metric
    components
    • Recommended to use delay to change the metric as it is the only
    cumulative parameter
    • Changing the bandwidth does not always change the metric
    • Changing the bandwidth can also influence other features like QoS

    View Slide

  24. Path manipulation – offset-list
    24
    • You can add specific value to the composite metric inbound or
    outbound per prefix using:
    (config-router)# offset-list [0 | acl] [in | out] [int-name]
    • Note: offset-list does “reverse engineering” in order to find a delay which will cause
    required change in composite metric. It means that offset-list affects only
    cumulative delay. If K3 = 0, offset-list will not work
    • Note: with offset-list you can increase metric to such a high value, that the route
    will not be installed in RIB (232)

    View Slide

  25. Filtering – distribute-list
    25
    • You can filter an update inbound or outbound using distribute-list:
    (config-router)# distribute-list [route-map map | prefix prefix-list
    [gateway prefix-list] | acl] [in | out] [int-name]
    • You can specify allowed list of routes and neighbors using gateway
    keyword with prefix-list.
    • You can also use extended ACL for ”per-neighbor” filtering:
    • Source field in ACL is responsible for the source of the route (neighbor’s IP
    address)
    • Destination field in ACL is responsible for the prefix itself (subnet mask is not
    matched)

    View Slide

  26. Filtering – tagging
    26
    • Using route-map in redistribution or in distribute-list you can tag
    internal and external routes and then filter them based on tag
    • Tags are 32-bit integer and can be represented in dotted-decimal
    format using:
    (config)# route-tag notation dotted-decimal
    • You can also match tag using wildcard:
    (config)# route-tag list tag-list permit ip wildcard
    (config)# route-map map permit 10
    (config-route-map)# match tag list tag-list
    • Refer to the following article for more information EIGRP Route Tag
    Enhancements

    View Slide

  27. Summarization
    27
    • You can summarize networks on any router in EIGRP domain using:
    (config-if)# ip summary-address eigrp as prefix subnet-mask [leak-map
    route-map]
    • By default specifics are suppressed. You can unsuppress them using leak-map
    keyword. By doing so you can achieve traffic engineering
    • EIGRP looks for the lowest metric from specific routes and uses it as a metric
    for the summary
    • Discard route (via Null0 with AD 5) is automatically created locally to prevent
    routing loops
    • You can set maximum AD 255 using summary-metric command, which will
    remove discard route from RIB and as the result neither summary nor
    specific routes will be sent to the neighbor

    View Slide

  28. Stub router
    28
    • You can mark non-transit routers as stub, so queries are not sent to
    them.
    • Configured using:
    (config-router)# eigrp stub [connected | summary | redistributed | static | leak-map route-
    map | receive-only]
    • Default is connected + summary
    • An argument indicates which routes a stub router will send to its
    neighbors
    • Using leak-map keyword you can leak any route in topology table
    • Note: queries are sent to stub routers by another stub routers.

    View Slide

  29. Verification
    29
    # show ip eigrp interfaces
    # show ip eigrp neighbors [detail]
    # show ip eigrp topology [all-links]
    # show ip eigrp topology prefix/len
    # show ip eigrp events
    # show eigrp protocols
    # debug eigrp packet
    # debug eigrp fsm

    View Slide

  30. Authentication
    30
    • Classic mode supports only MD5 authentication, which is configured
    using:
    (config-if)# ip authentication mode eigrp md5
    • You also need to specify key-chain for authentication:
    (config-if)# ip authentication key-chain eigrp
    • If needed, you can configure automatic key rotation using accept-
    lifetime and send-lifetime under key chain configuration

    View Slide

  31. Named mode
    31
    • The main benefit of named mode is that the entire EIGRP configuration
    is located in a single place
    • Activated by:
    (config)# router eigrp process-name

    View Slide

  32. Named mode – Address family
    32
    • To enter address family configuration:
    (config-router)# address-family AFI SAFI [vrf vrf-name] autonomous-
    system as-num
    • For example:
    (config-router)# address-family ipv4 unicast autonomous-system 100
    • This is where any configuration specific to EIGRP process itself is
    applied, like network and neighbor commands

    View Slide

  33. 33
    Named mode – Address family commands

    View Slide

  34. Named mode – AF-interface
    34
    • To enter af-interface configuration:
    (config-router-af)# af-interface | default
    • This is where interface specific configuration is applied, like passive-
    interface or summary-address

    View Slide

  35. 35
    Named mode – AF-interface commands

    View Slide

  36. Named mode – AF topology
    36
    • This section is related to Multi Topology Routing (MTR), which gives an
    ability to create different logical topologies over the same physical
    topology.
    • MTR is not supported in 15.x M/T code train
    • If MTR is not used, relevant commands should be entered under topology base
    • To enter topology base configuration:
    (config-router-af)# topology base
    • This is where commands like redistribute, distribute-list, offset-list,
    variance are applied

    View Slide

  37. 37
    Named mode – AF topology commands

    View Slide

  38. 38
    • Wide metrics
    • HMAC-SHA authentication
    • Add-path
    • Disabling EIGRP on specific interface
    • Default interface settings (af-interface default)
    • Unique IPv6 behavior
    • Default tagging all internal and external routes
    • Over the Top (OTP) – not covered in this presentation
    • Stub site (IWAN) – not covered in this presentation
    Named mode – Exclusive features

    View Slide

  39. 39
    Named mode – Wide metrics
    source: CCIE R&S Official Certification Guide

    View Slide

  40. 40
    • After calculation the metric is scaled down by EIGRP_RIB_SCALE
    variable, which is 128 by default. This is done because RIB supports
    only 32-bit values for metric
    • EIGRP_RIB_SCALE variable can be changed using:
    (config-router-af)# metric rib-scale 1..255
    Named mode – Wide metrics (cont.)

    View Slide

  41. 41
    • Wide metric introduces new K coefficient – K6, which controls two new
    metric components: jitter and energy.
    • Currently are unavailable for configuration
    • Type of the metric (wide/normal) is NOT sent, so neighbor does not
    actually know how metric components were calculated previously
    • Can lead to inconsistent path selection if both wide and normal metrics are
    used in the network because of different delay calculation
    Named mode – Wide metrics (cont.)

    View Slide

  42. 42
    • Named mode supports HMAC-SHA authentication which is stronger
    than MD5. Also it provides anti-replay protection
    • HMAC-SHA authentication can be enabled on the link using:
    (config-router-af-interface)# authentication mode hmac-sha-256

    Note: the neighbor must use named mode as well to form an adjacency
    Named mode – HMAC-SHA authentication

    View Slide

  43. 43
    • Add-path feature allows to send several best equal-cost routes to
    neighbors
    • Note: Useful in DMVPN Phase 2 scenarios where Hub will reflect best
    routes from spoke without changing next-hop
    • Note: Unequal cost load balancing (variance) should be disabled
    • Activated using the following command:
    (config-router-af-interface)# add-paths
    Named mode – Add-path

    View Slide

  44. 44
    • EIGRP process on a specific interface can be disabled using:
    (config-router-af-interface)# shutdown
    • Note: this will stop advertising an associated prefix into EIGRP, unlike
    with passive-interface command
    Named mode – Disabling EIGRP on interface

    View Slide

  45. Named mode – Unique IPv6 behavior
    45
    • When IPv6 unicast address family is entered, EIGRP is automatically
    enabled on all interfaces with IPv6 address
    • It is the easiest way to get IPv6 connectivity in your network

    View Slide

  46. 46
    • You can automatically tag all routes (to filter them later) using:
    (config-router-af)# eigrp default-route-tag
    • Refer to slide “Filtering – tagging”
    Named mode – Default tagging

    View Slide

  47. 47
    • Old classic mode configuration can be converted to the new syntax
    using:
    (config-router)# eigrp upgrade-cli process-name
    Note: appeared only in 15.4(2)T
    Named mode – Conversion from classic

    View Slide

  48. 48
    • Verification commands have new syntax:
    show eigrp protocols
    show eigrp address-family [ipv4 | ipv6] as-num interfaces [detail]
    show eigrp address-family [ipv4 | ipv6] as-num neighbors [detail]
    show eigrp address-family [ipv4 | ipv6] as-num topology [all-links]
    show eigrp address-family [ipv4 | ipv6] as-num events
    Note: Old syntax is still supported
    Named mode – Verification commands

    View Slide

  49. 49
    • RFC 7868 – EIGRP
    • Routing TCP/IP Volume 1, 2nd Edition (Jeff Doyle)
    • CCIE Routing and Switching v5.0, Volume 1 (Narbik Kocharians, Peter
    Paluch)
    • EIGRP Frequently Asked Questions
    • Glimpse of EIGRP named mode
    • Advances in EIGRP
    • EIGRP Route Tag Enhancements
    Additional Resources

    View Slide

  50. Thank you

    View Slide