Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary routing protocol. You can only use it in an all-Cisco network, but EIGRP more than makes up for this deficiency by being easy to configure, fast, and reliable. A detailed discussion of the protocol’s theory and operation is out of the scope of this book. If you are unfamiliar with EIGRP in general, or need more detail on how the protocol works, we recommend reading the relevant sections of IP Routing (O’Reilly).
Like RIP, EIGRP is based on a distance vector algorithm that determines the best path to a destination. But EIGRP uses a more complex metric than RIP’s simple hop count. The EIGRP metric is based on the minimum bandwidth and net delay along each possible path, which means that EIGRP can accommodate larger networks than RIP. It also means that EIGRP needs a different algorithm for loop removal, because EIGRP can’t simply increment the hop count to infinity to eliminate a loop, as RIP does. EIGRP uses a more sophisticated algorithm called Diffusing Update Algorithm (DUAL).
The DUAL algorithm ensures that every router can individually make sure that its routing table is always free from loops. EIGRP also allows the router to take advantage of several different possible paths, if they all have the same metric. This facilitates load sharing among equal cost links. Further, the EIGRP topology database on each router keeps track of higher cost candidates for the same destinations. This helps routing tables throughout the network to reconverge quickly after a topology change such as a link or router failure.
It is the sophisticated DUAL algorithm that distinguishes EIGRP from the earlier Cisco proprietary protocol, called Interior Gateway Routing Protocol (IGRP). IGRP is rarely used anymore, except for backward compatibility with older networks. Rather than implementing a new network with IGRP, we recommend using either EIGRP or OSPF. In fact, Cisco includes many useful features such as automatic two-way redistribution that make the migration from IGRP to EIGRP relatively straightforward.
EIGRP operates very efficiently over large networks. It achieves this efficiency in part by sending non-periodic updates. This means that, unlike RIP, EIGRP only distributes information about routes that have changed, and only when there is a change to report. The rest of the time, routers only exchange small “Hello” packets to verify that routing peers are still available. So, in a relatively stable network, EIGRP uses very little bandwidth. This is especially useful in WAN configurations.
It is also extremely efficient over LAN portions of a network. On each network segment, routers exchange routing information using multicast packets, which helps to limit bandwidth usage on segments that hold many routers. EIGRP uses multicast address 224.0.0.10
, sending packets as raw IP packets using protocol number 88. These multicast packets are always sent with a TTL value of 1 to ensure that locally relevant routing information doesn’t leak off the local segment and confuse routers elsewhere in the network.
Every router in an EIGRP network includes a topology table, which is a central feature of the DUAL algorithm. Every time a router receives a new piece of routing information from one of its neighbors, it updates the topology table. This helps to give it a reliable and up-to-date image of all of the connections in the network that are currently in use. Every destination subnet known to EIGRP appears in the topology table.
EIGRP includes many of the features such as Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masks (VLSM) that are needed in larger networks. But we suspect that this protocol owes most of its popularity to the fact that it is considerably easier to configure in medium-sized to large networks than other protocols with similar capabilities (such as OSPF).
Much of this chapter will discuss special features that Cisco has built into this protocol to help improve scalability. A detailed discussion of design guidelines for building scalable and reliable EIGRP networks is out of the scope of this book. Please refer to Designing Large-Scale LANs (O’Reilly) for information about efficient EIGRP architectures.
The following commands configure EIGRP on one router in a simple network:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-if)#Ethernet0
ip address
Router1(config-if)#192.168.20.1 255.255.255.0
exit
Router1(config)#interface
Router1(config-subif)#Serial0.1
point-to-pointip address
Router1(config-subif)#172.25.2.2 255.255.255.252
exit
Router1(config)#router eigrp
Router1(config-router)#55
network
Router1(config-router)#172.25.0.0
network
Router1(config-router)#192.168.20.0
end
Router1#
Naturally, you need to configure the other routers in this network to also exchange routing information using EIGRP and the same process number (55). For example:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface Serial0.1 point-to-point
Router2(config-subif)#ip address
Router2(config-subif)#172.25.2.1 255.255.255.252
exit
Router2(config)#router eigrp
Router2(config-router)#55
network
Router2(config-router)#172.25.0.0
end
Router2#
This example shows how simple the basic EIGRP configuration is. To get the standard default functionality, you only need to enable EIGRP and add at least one network statement. In the example, we have set the EIGRP process ID numbers on both routers to 55:
Router1(config)#router eigrp 55
This process ID number, which is sometimes referred to as an Autonomous System Number (ASN), is just an arbitrary number between 1 and 65,535. The only restriction is that all of the routers that will be exchanging interior routing information via EIGRP must be configured with the same process number. You can configure multiple EIGRP instances on the same router by specifying different process ID numbers, but the router will keep them separate unless you configure redistribution in between the processes.
As we discuss in Chapter 9, BGP attaches much greater significance to an ASN, using it to label the networks that a path passes through. In BGP, the ASN must be globally unique. The EIGRP process ID number, on the other hand, has no significance outside of the AS.
The network statements in EIGRP serve a dual role, both defining which networks this router will distribute, and which interfaces will take part in the routing protocol. So, the network 172.25.0.0 command in this example means that, if this router has any interfaces that are directly connected to subnets of 172.25.0.0
, then it will inject this information into the routing protocol. It also means that it will try to find EIGRP neighbor routers through these same interfaces.
It is important to remember that while EIGRP is a classless routing protocol, the argument of the network statement is classful by default. This isn’t actually a problem, though, because you can separately prevent certain interfaces from taking part in the protocol, and you can define classless summarization of subnets along whatever boundaries you like. We will discuss these features in Recipe 7.6 and Recipe 7.7, respectively. There is also a classless version of the network command, which we will discuss later in this recipe.
The show ip protocols command allows you to look at the details of your EIGRP configuration:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
192.168.20.0/24 for Loopback0, Serial0.1
172.25.0.0/16 for Ethernet0
Summarizing with metric 128256
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.20.0
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 90 00:01:49
Distance: internal 90 external 170
Router2#
In this case, you can see that this router is using EIGRP process number 55 to redistribute routing information about 172.25.0.0
and 192.168.20.0
. It also shows several other useful pieces of information, such as what filters this router applies when sending and receiving routes, what external information is redistributed into EIGRP, and what neighboring devices we exchange information with. Most of the parameters shown in this particular output reflect the default values for EIGRP, but throughout this chapter you will find other examples showing several different useful variations.
One of the most useful EIGRP commands is show ip eigrp neighbors:
Router1#show ip eigrp neighbors
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 172.25.2.1 Se0.1 13 00:00:01 1 2000 2 296
Router1#
By default, the router attempts to find adjacent routers on all interfaces included in your network statements. In this case, we see only one EIGRP neighbor router. The router will exchange routing information only with the active neighbors listed in this command.
The show ip route eigrp command lists the routes that have been learned through EIGRP:
Router1#show ip route eigrp
D 172.22.0.0/16 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1 172.25.0.0/16 is variably subnetted, 6 subnets, 4 masks D 172.25.25.6/32 [90/2300416] via 172.25.2.1, 00:04:04, Serial0.1D 172.25.25.1/32 [90/2297856] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1 D 172.25.0.0/16 is a summary, 00:06:39, Null0 D 10.0.0.0/8 [90/4357120] via 172.25.2.1, 00:04:04, Serial0.1 Router1#
This output shows that we can reach the destination subnet 172.25.1.0/24
through the neighboring router at 172.25.2.1
, which is connected through interface Serial0.1
. This route has an EIGRP metric value of 2172416
and an administrative distance of 90. Please refer to Chapter 5 for a more detailed discussion of administrative distance.
Starting in IOS Version 12.0(4)T, Cisco added a netmask argument to the network command, following a similar syntax to the corresponding OSPF command. This gives greater control over which interfaces will take part in the protocol, as well as what networks will be distributed into EIGRP:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
Router1(config-router)#
network 172.25.2.2 0.0.0.0
network
Router1(config-router)#192.168.20.0 0.0.0.255
end
Router1#
Note that this command uses a wildcard rather than a netmask. So the first command specifies only the single address, 172.25.2.2/32
, while the second command includes anything that is a subnet of 192.168.20.0/24
.
The output of show ip protocols shows the change:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by (prefix-list) Inbound
Default networks flagged in outgoing updates
Default networks not accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: static, eigrp 55
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.25.2.2/32
192.168.20.0/24
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 90 00:17:06
Distance: internal 90 external 170
Router1#
This configuration can be slightly confusing because, for example, we have configured an EIGRP network statement for just the one address, 172.25.2.2/32
. Looking at the actual interface you can see that while its IP address does match the configured address, it belongs to a larger subnet, 172.25.2.0/30
. So, while we know that this will enable EIGRP for this interface, you might think that the router would advertise the host route, 172.25.2.2/32
, instead of the whole subnet, 172.25.2.0/30
. If you try it in practice, you will see that the router advertises the larger /30
subnet. This is usually the desired behavior. However, if you want something else, Recipe 7.2 shows how to filter routes with EIGRP.
You can filter the routes that EIGRP receives on a particular interface (or subinter-face) using the distribute-list in command as follows:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#access-list
Router2(config)#34
deny192.168.30.0
access-list
Router2(config)#34
permit anyrouter eigrp
Router2(config-router)#55
distribute-list
Router2(config-router)#34
inSerial0.1
end
Router2#
EIGRP also provides a distribute-list out command that allows you to filter the routes that are sent out through a particular interface (or subinterface):
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list
Router1(config)#57
permit172.25.1.0
access-list
Router1(config)#57
deny anyrouter eigrp
Router1(config-router)#55
distribute-list
Router1(config-router)#57
outSerial0/0.2
end
Router1#
The best way to see the action of these distribute-list commands is to look at the routing tables both with and without the filters. In the example, this is how the routing table looked before we applied any distribute lists:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:06, Serial0.1
D 172.22.0.0/16 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1
172.25.0.0/16 is variably subnetted, 6 subnets, 4 masks
D 172.25.25.6/32 [90/2300416] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.25.1/32 [90/2297856] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.0.0/16 is a summary, 00:06:39, Null0
D 10.0.0.0/8 [90/4357120] via 172.25.2.1, 00:04:04, Serial0.1
Router2#
Then, after applying the inbound filter, you can see that network 192.168.30.0
is gone:
Router2#show ip route eigrp
D 172.22.0.0/16 [90/2172416] via 172.25.2.1, 00:00:08, Serial0.1
172.25.0.0/16 is variably subnetted, 6 subnets, 4 masks
D 172.25.25.6/32 [90/2300416] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.25.1/32 [90/2297856] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.0.0/16 is a summary, 00:08:42, Null0
D 10.0.0.0/8 [90/4357120] via 172.25.2.1, 00:00:08, Serial0.1
Router2#
You can use the show ip protocols command to see what filters have been applied to which interfaces, both inbound and outbound:
Router2#show ip protocols
Routing Protocol is "eigrp 55" Outgoing update filter list for all interfaces is not setIncoming update filter list
for all interfaces is not set Serial0.1 filtered by 34 (per-user), default is 34 Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 55 Automatic network summarization is in effect Automatic address summarization: 192.168.20.0/24 for Loopback0, Serial0.1 172.25.0.0/16 for Ethernet0 Summarizing with metric 128256 Maximum path: 4 Routing for Networks: 172.25.0.0 192.168.20.0 Routing Information Sources: Gateway Distance Last Update 172.25.2.1 90 00:02:10 Distance: internal 90 external 170 Router2#
The second example in the solution section of this recipe shows an outbound distribute list. It is difficult to see the effect of an outbound filter from the router that has the filter, so we will apply this filter to the neighbor device.
Look back at the output of the previous show ip route eigrp command to see what the routing table looked like before applying this filter. Then, after applying the outbound distribute-list command on the neighboring router, the routing table looks like this:
Router2#show ip route eigrp
172.25.0.0/16 is variably subnetted, 4 subnets, 4 masks
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:03:56, Serial0.1
Router2#
Note that we have applied an extremely restrictive outbound route filter. This technique is often used in WAN situations where there is only one path from the remote site to the rest of the network. In such cases, it is often possible to send only a few summary routes, or perhaps even a single default route, 0.0.0.0/0
.
Again, the show ip protocols command shows information about both the filters and the interfaces that they act on:
Router1#show ip protocols
Routing Protocol is "eigrp 55"Outgoing update filter list
for all interfaces is not set Serial0/0.2 filtered by 57 (per-user), default is 57 Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 55 Automatic network summarization is in effect Automatic address summarization: 172.25.0.0/16 for FastEthernet0/1, Serial0/1 Summarizing with metric 28160 172.22.0.0/16 for FastEthernet0/0.1, Serial0/0.2, Loopback0 Serial0/1 Summarizing with metric 28160 10.0.0.0/8 for FastEthernet0/0.1, Serial0/0.2, Loopback0 FastEthernet0/1 Summarizing with metric 3845120 Maximum path: 4 Routing for Networks: 10.0.0.0 172.22.0.0 172.25.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.1 90 00:04:45 172.25.1.7 90 00:04:45 172.25.2.2 90 00:04:45 172.22.1.4 90 00:04:45 Distance: internal 90 external 170 Router1#
You can also use prefix lists to filter routes with EIGRP. This technique is most commonly used for filtering routes with BGP. Prefix lists do essentially the same thing as the access lists that we have already discussed. But they give you a different way to approach filtering that is in some ways more in tune with how we think about routing. And, because of the highly granular control they offer, it is often much easier to configure a prefix list to do the same job as an access list. Further, in mixed BGP/EIGRP networks, it can be extremely convenient to be able to use the same method for both routing protocols:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip prefix-list
Router2(config)#Inbound
seq 10 permit10.0.0.0/8
ip prefix-list
Router2(config)#Inbound
seq 20 deny10.0.0.0/8
ge9
ip prefix-list
Router2(config)#Inbound
seq 30 permit 0.0.0.0/0 le 32router eigrp
Router2(config-router)#55
distribute-list prefix
Router2(config-router)#Inbound
inSerial0.1
end
Router2#
There are three lines in the prefix list called “Inbound” in this example. The first line permits the 10.0.0.0/8
network. The second line denies any network belonging to 10.0.0.0
that has a mask with 9 or more bits. The final line permits all other routes.
Again, to see how this works it is easiest to look at the routing table before and after applying the filter. So, in this case we will start with a routing table that looks like this:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:16, Serial0.1
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
D EX 10.0.0.0/8 [170/4357120] via 172.25.2.1, 00:00:16, Serial0.1
D 10.2.2.0/24 [90/2300416] via 172.25.2.1, 00:00:16, Serial0.1
D 10.1.1.0/30 [90/4357120] via 172.25.2.1, 00:00:16, Serial0.1
D*EX 0.0.0.0/0 [170/2172416] via 172.25.2.1, 00:00:16, Serial0.1
Router2#
After applying the filter, this routing table is reduced to the following:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:22, Serial0.1
D EX 10.0.0.0/8 [170/4357120] via 172.25.2.1, 00:00:22, Serial0.1
D*EX 0.0.0.0/0 [170/2172416] via 172.25.2.1, 00:00:22, Serial0.1
Router2#
You want to redistribute routes that were learned by other means into the EIGRP routing process.
The simplest way to redistribute routes into EIGRP uses the redistribute command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip route
Router1(config)#192.168.10.0 255.255.255.0 192.168.20.5
router eigrp
Router1(config-router)#55
redistribute static
Router1(config-router)#end
Router1#
You can set the properties of the routes that are redistributed from another routing protocol with the default-metric command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
redistribute rip
Router1(config-router)#default-metric
Router1(config-router)#1000 100 250 100 1500
end
The show ip protocols command tells you about any route redistribution that the protocol is performing:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by 34 (per-user), default is 34
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: static, eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
192.168.20.0/24 for Loopback0, Serial0.1
172.25.0.0/16 for Ethernet0
Summarizing with metric 128256
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.20.0
Routing Information Sources:
Gateway Distance Last Update
(this router) 90 00:05:00
172.25.2.1 90 00:01:57
Distance: internal 90 external 170
Router1#
If you look at the routing table of a downstream router, you can see that EIGRP has forwarded information about this static route:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/156160] via 172.22.1.4, 00:00:02, FastEthernet0/1D EX
192.168.10.0/24 [170
/2195456] via 172.25.2.2, 00:00:01, Serial0/0.2 Router2#
There are two extremely important things to note in this output. The first is that the redistributed route is tagged as external, which is signified by the “EX” near the start of the line. An external route is any route that didn’t originate with this routing protocol. This makes the information inherently less reliable than any internal route, so EIGRP also sets a higher administrative distance to ensure that internal EIGRP routes are always preferred over redistributed routes. This becomes extremely important when you have two or more redistribution points in your network that might be injecting the same routing information.
In this case, the administrative distance for the redistributed static route is 170, instead of the default EIGRP distance of 90. Recall from Chapter 5 that the default administrative distance for static routes is 1.
The second example in this recipe shows how to redistribute routes from a foreign routing protocol, instead of just static routes. The key difference is the default-metric command:
Router1(config-router)#redistribute rip
Router1(config-router)#default-metric
1000 100 250 100 1500
With static routes you don’t need to configure a default metric, you can just use the redistribute static command. However, whenever you redistribute another routing protocol into EIGRP, you must configure the default metric. There is no default metric (strangely enough), so if you don’t put it in, the router will not redistribute anything.
The parameters in the default-metric command allow EIGRP to construct an appropriate metric. Since none of this information is available from the foreign protocol, you have to specify it manually. The parameters are, in order:
This value specifies the minimum bandwidth along the path in kilobits per second. It can have any value between 1 and 4,294,967,295.
This value defines the mean latency for the path in 10 microsecond units. It can be anything between 0 and 4,294,967,295.
The reliability parameter is a numerical estimate of how likely the route and the path are to be available at any given moment. You can specify any value between 0 and 255, where 255 represents perfect 100% reliability.
This value is intended to provide a way of shifting traffic off of heavily loaded network links. You can give it a value between 0 and 255, where 255 represents 100% utilization.
You can use this value to specify a path MTU to reach the foreign routing protocol. The range of values for this metric is between 0 and 4,294,967,295.
As it turns out, however, EIGRP doesn’t use most of this information by default. If you look at the output of any show ip protocols command in this chapter, you will see a line that specifies the EIGRP metric weights:
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP uses these K values as coefficients in an involved equation that specifies how to combine all of these different individual metrics into a single numerical value, the composite EIGRP metric. Note that only K1 and K3 are non-zero. The result is that, by default, EIGRP uses only bandwidth and delay when computing its metric. You can generally fill in just about anything for the other parameters in the default-metric command, and it won’t make any difference.
While you can change these different K values using the metric weights command, we strongly advise against changing the defaults. These values were of some use in IGRP, and when Cisco introduced EIGRP (with its superior DUAL algorithm), they carried the parameters forward. However, it was discovered that in practice it was relatively easy to make routing extremely unstable by changing them. And it’s almost impossible to make things any better by changing these weight values in EIGRP.
The default-metric command sets the metric values for all external routing protocols. If you need to specify different metrics for different protocols, you can put the same information on the redistribute command line as follows:
Router1(config-router)#redistribute rip metric
Router1(config-router)#1000 100 250 100 1500
redistribute ospf 99 metric
1500 10 255 10 1500
Table 7-1 shows all of the different protocols that you can redistribute into EIGRP using this method. You must specify each redistributed protocol separately.
keyword | Description |
bgp | Border Gateway Protocol |
connected | Connect interfaces |
egp | Exterior Gateway Protocol |
eigrp | Enhanced IGRP |
igrp | Interior Gateway Routing Protocol |
isis | ISO IS-IS Routing Protocol |
mobile | Mobile routes |
odr | On Demand stub routes |
ospf | Open Shortest Path First |
rip | Routing Information Protocol |
static | Static routes |
Actually, there is an important exception in this list. If a router has EIGRP and IGRP, both sharing the same process ID number, it will automatically redistribute between them. This is a convenient feature because it makes it relatively easy to migrate an IGRP network to EIGRP. However, if the EIGRP process number is not the same as the one used for IGRP, you need to configure the redistribution.
Sometimes you don’t want to redistribute all of the routes from a particular external routing protocol, just some of them. In this case, you can apply a distribute list (as shown in Recipe 7.2) to ensure that only those routes that are redistributed from a particular protocol. For example, you might have several static routes on your router, but you only want to redistribute some of them. In that case, you can apply a distribute list to only the static routes:
Router1(config)#router eigrp
Router1(config-router)#55
redistribute static
Router1(config-router)#distribute-list
7
out static
This will apply access list number 7 to all of the static routes before distributing them. You can also use this technique when redistributing routes learned from other routing protocols. For example, you might want to filter the routes learned from OSPF before redistributing them into EIGRP. You can do this as follows:
Router1(config)#router eigrp
Router1(config-router)#55
redistribute ospf
Router1(config-router)#99
distribute-list
7
out ospf 99
You require greater control over the routes that are redistributed and their associated metrics and route tags.
You can use route maps to do more sophisticated redistribution of routes into EIGRP:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip route
Router1(config)#192.168.10.0 255.255.255.0 172.22.1.4
ip route
Router1(config)#192.168.11.0 255.255.255.0 172.22.1.4
ip route
Router1(config)#192.168.12.0 255.255.255.0 172.22.1.4
access-list
Router1(config)#20
permit192.168.10.0
access-list
Router1(config)#21
permit192.168.11.0
route-map
Router1(config-route-map)#STATIC
permit10
match ip address
Router1(config-route-map)#20
set metric
Router1(config-route-map)#56 100 255 1 1500
set tag
Router1(config-route-map)#2
exit
Router1(config)#route-map
Router1(config-route-map)#STATIC
permit20
match ip address
Router1(config-route-map)#21
set metric
Router1(config-route-map)#128 200 255 1 1500
exit
Router1(config)#route-map
Router1(config-route-map)#STATIC
deny30
exit
Router1(config)#router eigrp
Router1(config-router)#55
redistribute static route-map
Router1(config-router)#STATIC
end
Router1#
This recipe is extremely similar to Recipe 6.4 in the RIP chapter of this book. And, just as in that example, we use route maps to set not only metrics but also route tags for redistributed static routes. Please refer to Recipe 7.1 for a detailed discussion of how route maps work.
The one thing that you need to be careful of with EIGRP is that, as we discussed in Recipe 7.3, there is no default default metric. So if you don’t define EIGRP metrics for foreign routing protocols, EIGRP will not redistribute anything. This is not necessary for the static routes shown in the example, though.
You can configure EIGRP to propagate a default route by simply redistributing a static route to 0.0.0.0/0
, as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip route 0.0.0.0 0.0.0.0
Router1(config)#172.25.1.1
access-list
Router1(config)#7
permit 0.0.0.0router eigrp
Router1(config-router)#55
redistribute static
Router1(config-router)#distribute-list
Router1(config-router)#7
out staticend
Router1#
This example actually shows two things. We have redistributed a simple static default route into EIGRP, as shown in Recipe 7.3. And we have also implemented an outbound route filter that only affects the static routes, as discussed in Recipe 7.2. Note that because of the static keyword on the distribute-list command, this distribute list applies only to static routes. So, if there are many static routes on this router, this feature ensures that we will only redistribute the default route.
If we go to a downstream router, you can see that EIGRP is forwarding this route, and that it is accepted as a candidate default route:
Router2#show ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet Known via "eigrp 55",distance 170
, metric 2172416,candidate default
path, typeexternal
Redistributing via eigrp 55 Last update from 172.25.2.1 on Serial0.1, 00:02:16 ago Routing Descriptor Blocks: * 172.25.2.1, from 172.25.2.1, 00:02:16 ago, via Serial0.1 Route metric is 2172416, traffic share count is 1 Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Router2#
You can look at the topology table to see how EIGRP classifies the default route:
Router2#show ip eigrp topology 0.0.0.0
IP-EIGRP (AS 55): Topology entry for 0.0.0.0/0 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2172416 Routing Descriptor Blocks: 172.25.2.1 (Serial0.1), from 172.25.2.1, Send flag is 0x0 Composite metric is (2172416/28160),Route is External
Vector metric: Minimum bandwidth is 1544 Kbit Total delay is 20100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 External data:Originating router is 172.25.25.1
AS number of route is 0External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000) Exterior flag is set Router2#
In this case, the command was issued on a downstream router that has received this default route via EIGRP. So it is shown as an external route. You can also see that the router 172.25.25.1
was responsible for introducing this external route into EIGRP, and that the external routing protocol is “static.”
Recipe 7.10 shows another way of distributing a default gateway that doesn’t mark the route as external.
You can prevent an interface from participating in EIGRP by simply designating it as passive:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
passive-interface
Router1(config-router)#Serial0/1
end
Router1#
The passive-interface command in EIGRP prevents directly connected routers from establishing an EIGRP neighbor relationship. Since they can’t become neighbors, they will never exchange routing information. This is critically different from the way RIP behaves, as we saw in Chapter 6. In RIP, making an interface passive means that it will still accept routes, it just won’t send them. But with EIGRP, a passive interface will not send or receive any routing information.
Furthermore, configuring one router to be passive means that it can’t form an EIGRP adjacency relationship with any other routers through this interface. If there are only two routers on a link, you can disable EIGRP on that link by simply configuring one of the routers with a passive interface.
You can see the neighbor relationships with the following command:
Router1#show ip eigrp neighbors
IP-EIGRP neighbors for process 55 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 172.25.2.2 Se0/0.2 11 00:07:03 1563 5000 0 81 3 172.25.1.7 Fa0/0.1 77 00:18:17 11 200 0 348 2 172.22.1.4 Fa0/1 12 00:18:42 4 200 0 1971 10.1.1.1 Se0/1
14 00:18:43 7 200 0 196 Router1#
If we then implement the passive-interface command on this router, as shown above, you can see that the neighbor disappears from the table:
Router1#show ip eigrp neighbors
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 172.25.2.2 Se0/0.2 14 00:08:56 1563 5000 0 81
3 172.25.1.7 Fa0/0.1 69 00:20:10 11 200 0 348
2 172.22.1.4 Fa0/1 12 00:20:35 4 200 0 197
Router1#
The show ip protocols command lists all of the passive interfaces that are configured on this router:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Redistributed static filtered by 7
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: static, eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
172.25.0.0/16 for FastEthernet0/1
Summarizing with metric 28160
172.22.0.0/16 for FastEthernet0/0.1, Serial0/0.2, Loopback0
Summarizing with metric 28160
10.0.0.0/8 for FastEthernet0/0.1, Serial0/0.2, Loopback0
FastEthernet0/1
Summarizing with metric 3845120
Maximum path: 4
Routing for Networks:
10.0.0.0
172.22.0.0
172.25.0.0
Passive Interface(s):
Serial0/1
Routing Information Sources:
Gateway Distance Last Update
172.25.1.7 90 00:09:57
172.25.2.2 90 00:09:57
172.22.1.4 90 00:09:57
Distance: internal 90 external 170
Router1#
You want to reduce the size of your routing tables to improve the stability and efficiency of the routing process.
The ip summary-address eigrp configuration command allows you to configure manual summary addresses on a per-interface basis:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-subif)#Serial0/0.2
ip summary-address eigrp
Router1(config-subif)#55 172.25.0.0 255.255.0.0
end
Router1#
By default, EIGRP will automatically summarize subnet routes into network-level routes. You can disable this with the no auto-summary configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
no auto-summary
Router1(config-router)#end
Router1#
Summarization is one of the most powerful features of EIGRP, and one of the most frequently overlooked ways to improve network efficiency. Unlike RIP, which summarizes along classful network boundaries, EIGRP uses CIDR, allowing you to summarize at any bit in the address as well as allowing supernets. And, while OSPF also allows this sort of summarization, as we will discuss in Chapter 8, OSPF can only summarize at the ABR. Conversely, EIGRP allows you to summarize at any router in the network. This means that you can have multiple hierarchical levels of address summarization with EIGRP, which can greatly improve the maximum size and efficiency of a large network that is designed properly to allow it.
You can see all of the summarization information, including which interfaces will send out summary addresses, using the show ip protocols command:
Router1#show ip protocols
Routing Protocol is "eigrp 55" Outgoing update filter list for all interfaces is not set Redistributed static filtered by 7 Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: static, eigrp 55 Automatic network summarization is not in effectAddress Summarization:
172.25.0.0/16 for Serial0/0.2
Summarizing with metric 28160 Maximum path: 4 Routing for Networks: 10.0.0.0 172.22.0.0 172.25.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.1 90 1d23h 172.25.1.7 90 00:00:57 172.25.2.2 90 00:00:57 172.22.1.4 90 00:00:57 Distance: internal 90 external 170 Router1#
Note that when you summarize like this, the router doing the summarization will install a special route pointing to the null interface:
Router1#show ip route 172.25.0.0
<lines deleted for brevity>
D 172.25.0.0/16 is a summary, 00:00:23, Null0
Router1#
In this example, we have only summarized 172.25.0.0/16
on interface Serial0/0.2
. However, it is important to remember that you can summarize several networks at the same time on a single interface by simply configuring all of the different summary addresses, as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-subif)#Serial0/0.2
ip summary-address eigrp
Router1(config-subif)#55 172.25.0.0 255.255.0.0
ip summary-address eigrp
Router1(config-subif)#55 10.0.0.0 255.0.0.0 80
end
Router1#
When it summarizes addresses, EIGRP will automatically suppress all of the routes that are included in the summary. Of course, if there are no routes to summarize, the router won’t distribute the summary address.
The metric of this summary route will be equal to the best metric of the routes being summarized. It is important to remember this because, if the route with the best metric goes away for any reason, EIGRP will change the metric of the summary. So, if the route with the best metric is unstable, it will make the summary route unstable. If you want to ensure that this doesn’t happen, you can configure a static route within the summarized range and point it to a null interface. Then you must configure the router to redistribute this static route into EIGRP.
The following example shows a CIDR supernet summarization:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-subif)#Serial0/0.2
ip summary-address eigrp
Router1(config-subif)#55
0.0.0.0 0.0.0.0end
Router1#
In this case, if there are any routes to distribute at all, EIGRP will distribute only the default route 0.0.0.0/0
, and suppress all of the individual routes. This is actually an extremely useful technique on low-speed WAN links, particularly when this link represents the only path to the rest of the network. In such cases, the remote site only needs to know that it can get to everything it needs through this link. Further, because routing is always done by taking the longest match first, if the remote site happens to have more specific routing information for a particular destination, it won’t use this summary route.
You could accomplish the same thing by injecting a default route (as shown in Recipe 7.5) and filtering out everything except 0.0.0.0/0
using a distribute list (as in Recipe 7.2). But this summary address technique does both of these actions in a single step. Furthermore, with this technique, the default route appears in the routing table as an internal route:
Router2#show ip route eigrp
D*
0.0.0.0/0 [90
/2172416] via 172.25.2.1, 00:00:30, Serial0.1 Router2#
You can use the offset-list configuration command to modify the metrics of routes that EIGRP learns through a particular interface:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list
Router1(config)#22
permit192.168.30.0
router eigrp
Router1(config-router)#55
offset-list
Router1(config-router)#22
in10000 Serial0.1
end
Router1#
This command can also modify the EIGRP metrics of routes as the router sends them out through an interface:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list
Router1(config)#33
permit192.168.30.0
router eigrp
Router1(config-router)#55
offset-list
Router1(config-router)#33
out10000 Serial0.1
end
Router1#
This command simply adds a constant value to the metrics of all of the routes that are either sent or received through a particular interface. There are actually two other ways to modify metrics in EIGRP. Recall that the EIGRP metric is a combination of the aggregate delay and the minimum bandwidth along a path. So, instead of adding an offset to the entire metric, you can modify the bandwidth and delay separately as follows:
Router1(config)#interface
Router1(config-if)#Serial0.1
bandwidth
Router1(config-if)#56
delay
1000
The bandwidth command takes an argument in kilobits per second, and will accept a value between 1 and 10,000,000Kbps. The delay command is measured in tens of microseconds, and can be anywhere between 1 and 16,777,215. In this case, we have specified a value of 1000, meaning a delay of 10,000 microseconds (10 milliseconds). You can see the current values for both of these parameters with the show interface command:
Router1#show interfaces serial0.1
Serial0.1 is up, line protocol is up
Hardware is HD64570
Internet address is 172.25.2.2/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY
Router1#
In this example, subinterface Serial0.1
has the default values for a serial interface, a bandwidth of 1544Kbps (a T1), and a delay of 20,000 microseconds (20 milliseconds). It is always a good idea to check the current values before adjusting either the bandwidth or delay parameters, if only to make sure that you are moving them in the right direction.
We offer one important caution on adjusting the bandwidth parameter in particular. This same value also appears in the SNMP variable ifSpeed for this interface. This is often used by performance management software to define the total available bandwidth for the interface. Changing this number to fix an EIGRP issue might cause a problem for your performance management system.
One of the problems with adjusting the delay and bandwidth on the interface is that you can’t use this to separately adjust inbound and outbound routing metrics. If you need this level of control, the offset list method discussed previously is the best way to achieve it.
You can see effect of an offset list in the output of the show ip protocols command:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by (prefix-list) Inbound
Incoming routes in Serial0.1 will have 10000 added to metric if on list 22
Default networks flagged in outgoing updates
Default networks not accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: static, eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
192.168.20.0/24 for Loopback0, Serial0.1
172.25.0.0/16 for Ethernet0
Summarizing with metric 128256
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.20.0
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 90 00:02:09
Distance: internal 90 external 170
Router1#
You can also see the difference it makes by looking at the routing tables. In this case, the route looked like this before we applied the offset list:
Router1#show ip route eigrp
D 192.168.30.0/24 [90/200416
] via 172.25.2.1, 00:00:24, Serial0.1
As you can see, the metric has increased by 10,000 after applying the offset:
Router1#show ip route eigrp
D 192.168.30.0/24 [90/210416
] via 172.25.2.1, 00:00:24, Serial0.1
There are two important EIGRP timers, the hello interval and the hold time. You can adjust both of these timers separately on each interface on a router as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-subif)#Serial0.1
ip hello-interval eigrp
Router1(config-subif)#55 3
ip hold-time eigrp
Router1(config-subif)#55 9
end
Router1#
One of the unique features of EIGRP is that you can adjust its timers separately on each interface. As we mentioned in Chapter 6, RIP requires you to adjust the timers identically on every interface of every device participating in RIP. In Chapter 8 you will see that while OSPF allows you to adjust the timers separately on each link, you have to make sure that it is the same on all routers on this link. But with EIGRP, you can adjust the timers on one router on a link independently of what you have configured on other interfaces on this router, or on other routers on this link.
EIGRP handles this by simply telling the other routers on the link what its parameters are. Therefore, if one router has a particular hello time of, say, 5 seconds, then all of the other routers on this link will expect to see a hello packet from this router every 5 seconds. This is true regardless of what the other routers have for their own parameters. The result is that when you adjust the timers on an interface on one router, you affect what its neighbors expect to see from it.
The default timer values for most interface types are 5 seconds for hellos and a 15-second hold timer. This means that the router will send out a hello packet to verify its neighbor relationships every 5 seconds. And, if it doesn’t hear from a neighbor device, it will wait 15 seconds before declaring that neighbor down.
On multipoint interfaces with sub-T1 speeds, the default hello time is 60 seconds, with a hold time of 180 seconds. Note that the defaults always have a hold time equal to three times the hello time. It is a good rule of thumb to keep this three to one ratio if you choose to adjust your timers.
You can cause serious network stability problems if you don’t adjust the hold and hello times together. In particular, if the hold time is less than the hello time, you will see frequent loss of neighbor status, causing instability. And if the hold time is too long, you will find that your network does not converge quickly after link failures.
In our example, we have attempted to speed up convergence by decreasing the timers. The new hello time is 3 seconds and the hold time is 9 seconds. Before applying this change, you can see that the hold time is 15 seconds:
Router1#show ip eigrp neighbors
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 172.25.2.1 Se0.1 15 00:10:02 16 200 0 549
Router1#
This command actually shows the amount of time remaining in the hold time interval. Each time you look at the neighbor table you will see that the router is counting down from the configured hold time. Each time this router receives a hello packet from the specified neighbor router, it resets its hold timer and begins counting down again. If it ever reaches zero, it will reset the neighbor relationship.
If we go to the neighbor router in the example, you can see that the hold time for Router2 counts down from 9 seconds, instead of the default 15:
Router2#show ip eigrp neighbors
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 172.25.2.2 Se0/0.2 9 00:10:50 16 200 0 114
2 172.25.1.7 Fa0/0.1 65 1d22h 15 200 0 377
0 172.22.1.4 Fa0/1 13 1d22h 2 200 0 230
Router2#
You want to authenticate your EIGRP traffic to ensure that no unauthorized equipment can affect your routing tables.
To enable MD5-based EIGRP packet authentication, you must first define a key chain for the encryption, then apply the authentication commands to the interface:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#key chain
Router1(config-keychain)#ORA
key 1
Router1(config-keychain-key)#key-string
Router1(config-keychain-key)#oreilly
exit
Router1(config-keychain)#exit
Router1(config)#interface
Router1(config-if)#Serial0/1
ip authentication mode eigrp
Router1(config-if)#55
md5ip authentication key-chain eigrp
Router1(config-if)#55 ORA
end
Router1#
As soon as we configure EIGRP authentication on this router, the neighbor relationship dropped because it failed to authenticate:
IP-EIGRP 55: Neighbor 172.25.2.2 (Serial0/0.2) is down: Auth failure
To bring this neighbor back up, you have to ensure that both routers use the same authentication keys.
It’s important to remember that this is just an authentication system. The routers do not encrypt the routing update packets as they send them through the network. They just authenticate these packets using MD5. This prevents people from either accidentally or maliciously injecting routes into your network. This authentication is often useful in environments where you don’t control all of the routers.
You can see from the following debug trace that when the authentication fails, EIGRP simply ignores the routing updates:
Router1#debug eigrp packet
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY,
SIAREPLY)
Router1#
Oct 3 01:40:59.704: EIGRP: ignored packet from 172.25.2.2 opcode = 5
(invalid authentication)
One of the biggest problems with using this sort of authentication system is that changing the keys can break routing throughout your network. The following example shows a way around this problem. By configuring timed keys, you can roll out a new key throughout your network without disrupting service:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#key chain
Router1(config-keychain)#Mars
key 1
Router1(config-keychain-key)#key-string
Router1(config-keychain-key)#rocket
accept-lifetime
Router1(config-keychain-key)#00:00:00 Jan 1 1993 00:15:00 Nov 1 2002
send-lifetime
Router1(config-keychain-key)#00:00:00 Jan 1 1993 00:00:00 Nov 1 2002
key 2
Router1(config-keychain-key)#key-string
Router1(config-keychain-key)#martian
accept-lifetime
Router1(config-keychain-key)#23:45:00 Oct 31 2002
infinitesend-lifetime
Router1(config-keychain-key)#00:00:00 Nov 1 2002
infiniteend
Router1#
In this case, the router will accept the original key string, rocket, until 12:15 A.M. on November 1, 2002. It will send this same key string until 12:00 A.M. on the same date. And it will start accepting the new key string, martian, at 11:45 P.M. on October 31, 2002. In this way there is a safe 30-minute transition period that you can configure in advance throughout the network. Then, the next day (or whenever it is convenient), you can remove the configuration for the old key string.
The show key chain command includes information about all of the configured key chains and the corresponding key strings:
Router1#show key chain
Key-chain ORA: key 1 -- text "oreilly" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] Key-chain Mars: key 1 -- text "rocket" accept lifetime (00:00:00 Jan 1 1993) - (00:15:00 Nov 1 2002)[valid now]
send lifetime (00:00:00 Jan 1 1993) - (00:00:00 Nov 1 2002)[valid now]
key 2 -- text "martian" accept lifetime (23:45:00 Oct 31 2002) - (infinite) send lifetime (00:00:00 Nov 1 2002) - (infinite) Router1#
To enable the logging of EIGRP neighbor state changes, use the eigrp log-neighbor-changes configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
eigrp log-neighbor-changes
Router1(config-router)#end
Router1#
When a neighbor relationship is lost, you also lose all of the routing entries for that neighbor. The effects of this lost routing information are often felt throughout the network. Therefore, it can be extremely useful to have a good log of neighbor change events for troubleshooting strange intermittent network problems. This feature also gives you a good way of looking for faults on links that don’t have a way of telling you about loss of connectivity.
Two important examples of this are tunnels and LAN extensions. In many cases, when the network breaks and brings down a tunnel, the two tunnel end points are unable to see the problem. Similarly, in a LAN extension service, the two end point routers are both connected to Layer 2 LAN switches that are then bridged to one another through another medium, such as ATM. The problem in this case is that the intermediate network between the switches can break and neither router will see a problem because they are both connected to an active switch port. It’s also important to note that EIGRP neighbor relationships can break just because of noisy or congested links.
Whatever the cause, one of the easiest ways to detect a connectivity problem in the hidden network is to configure EIGRP between the routers via this link. In some cases, this will be done on a separate EIGRP process ID number to make it easier to differentiate between normal network topology changes and these hidden network faults. If you log EIGRP neighbor changes and configure the routers to send their SYSLOG events to a central fault management server (as discussed in Chapter 18), you can get an instant alarm on these types of problems.
The log messages show not only that the neighbors have changed, but they also give you an indication of why they changed state:
Oct 2 22:00:38: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency Oct 2 22:03:23: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down:summary configured
Oct 2 22:03:23: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency Oct 2 22:04:14: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down:manually cleared
Oct 2 22:04:19: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency Oct 2 22:07:26: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down:peer restarted
Oct 2 22:07:27: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency Oct 2 22:30:06: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down:holding time expired
Oct 2 22:30:38: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
In this example, we have shown four different reasons for EIGRP to reset its neighbor relationships. Of these, only the last one, holding time expired, is likely to indicate a network fault.
You want to limit the fraction of an interface’s bandwidth available to EIGRP for routing updates.
To modify the fraction of the total bandwidth available to EIGRP, use the ip bandwidth-percent configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface
Router1(config-subif)#Serial0.1
ip bandwidth-percent eigrp
Router1(config-subif)#55 40
end
Router1#
This example shows how to restrict EIGRP process number 55 to use, at most, 40% of the available capacity of this link. By default, EIGRP will limit its own bandwidth utilization to ensure that it never takes more than 50% of a link’s capacity. However, this default isn’t always appropriate. Sometimes you need to reduce this fraction to reduce overall congestion. And sometimes the total bandwidth value specified on an interface is not accurate.
For example, in Recipe 7.7 we discussed how to change what the router thinks the interface’s bandwidth is. If this value is significantly lower than the real physical bandwidth of the interface, you might want to increase the fraction that EIGRP can use. This can help to improve network convergence times when EIGRP suddenly needs to exchange a large amount of routing information.
In the following example, we have manually reduced bandwidth value on this interface to 32Kbps. Since this is much less than the true value, we have then increased the fraction that EIGRP can use to 200%, bringing it up to a maximum of 56Kbps, which would be the default for a real 128kbps circuit:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface Serial0.1
Router1(config-subif)#bandwidth
Router1(config-subif)#32
ip bandwidth-percent eigrp
Router1(config-subif)#55 200
end
Router1#
You want to stabilize your network by sending smaller routing tables out to stub branches and reducing the scope of EIGRP queries.
To enable stub routing, use the eigrp stub configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router eigrp
Router1(config-router)#55
eigrp stub
Router1(config-router)#end
Router1#
This feature became available starting in IOS 12.0(15)S. It is most commonly used in hub-and-spoke network designs, in which a remote router connects to the rest of the network through only one or two central routers, and the remote router is the only connection for a small number of LAN segments. In general, you would configure the central routers in this case to send only a default route, as discussed in Recipe 7.2, Recipe 7.5, and Recipe 7.10.
In situations where a route suddenly goes away, every router will ask all of its neighbors if they have a path to that remote network by default. However, it is never going to be fruitful to ask these remote branch routers if they can reach the missing network. If these stub routers are reachable at all, they will already be exchanging information about the few networks that they can access. No trick of topology will allow them to find the missing route if the central routers don’t have it. So the EIGRP stub feature disables these queries. This should help to improve overall network stability. And, in particular, this feature could significantly improve the stability of hub-and-spoke WANs:
Router2#show ip eigrp neighbors detail
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 172.25.2.2 Se0/0.2 6 00:15:57 787 4722 0 148
Version 12.2/1.2, Retrans: 0, Retries: 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
2 172.25.1.7 Fa0/0.1 70 1w0d 12 200 0 405
Version 12.0/1.0, Retrans: 1, Retries: 0
0 172.22.1.4 Fa0/1 12 1w0d 1 200 0 258
Version 12.2/1.2, Retrans: 2, Retries: 0
Router2#
The eigrp stub command can take four different keywords:
The router becomes a receive-only neighbor. This router will not share its routing information with its neighbors.
This router will only advertise connected networks. Note that you must configure the appropriate network statements for these connected networks, or alternatively use the redistribute connected command.
The router will advertise static routes. Note that with this option you must also configure the redistribute static command.
The router will advertise summary routes. This function is enabled by default. Refer to Recipe 7.10 for details on route summarization.
You want to tag specific routes to prevent routing loops while mutually redistributing routes between two routing protocols.
This example shows how to tag external routes in EIGRP:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip route
Router1(config)#0.0.0.0 0.0.0.0 172.25.1.1
access-list
Router1(config)#7
permit0.0.0.0
route-map
Router1(config-route-map)#TAGGING
permit10
match ip address
Router1(config-route-map)#7
set tag
Router1(config-route-map)#5
exit
Router1(config)#router eigrp
Router1(config-router)#55
redistribute static route-map
Router1(config-router)#TAGGING
end
Router1#
The external route is static here, but the same technique applies to routes learned through other routing protocols.
You can only tag routes that EIGRP has learned from another routing protocol. As we saw when talking about route tags with RIP, EIGRP does not use these tags directly, it only distributes them. You would use these tags at network boundaries when redistributing routes into another routing process.
For instance, if our EIGRP network was being used as a transit network between two other routing protocols we could tag routes learned from the first external network. We could then redistribute only the first network’s routes into the second external network. Similarly, we could redistribute only the second network’s routes into the first network. In this way we could ensure that the external networks use the EIGRP network for only transit, and prevent them from reaching anything internal.
As discussed in Chapter 6, RIP Version 2 supports 16-bit tags, which gives it a range from 0 to 65,535. EIGRP and OSPF use 32-bit tags for a range from 0 to 4,294,967,295. These tags are purely internal, of course, so there is no interoperability problem. It is unlikely that you will need 4 billion tags, but this expanded range can be useful because you can map the 32-bit tags to IP addresses as a mnemonic for the external network information:
Router1#show ip eigrp topology
IP-EIGRP (AS 55): Topology entry for 0.0.0.0/0 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 28160 Routing Descriptor Blocks: 0.0.0.0, from Rstatic, Send flag is 0x0 Composite metric is (28160/0),0.0.0.0
Route is External
Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 0 External data: Originating router is 172.25.25.1 (this system) AS number of route is 0External protocol is Static
, external metric is 0 Administrator tag is 5 (0x00000005) Exterior flag is set 0.0.0.0 (Null0), from 0.0.0.0, Send flag is 0x0 Composite metric is (28160/0), Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 0 Exterior flag is set Router1#
The following is a simple example in which we redistribute from EIGRP into OSPF only those routes that have a route tag value of 5. Presumably this tag was set at another network boundary:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#router ospf
Router1(config-router)#11
redistribute eigrp
Router1(config-router)#55
route-mapTAGOUT
exit
Router1(config)#route-map
Router1(config-route-map)#TAGOUT
permit10
match tag
Router1(config-route-map)#5
route-map
Router1(config-route-map)#TAGOUT
deny20
end
Router1#
There are several useful commands for looking at EIGRP status. As we have seen throughout this chapter, the show ip protocols command displays a wealth of useful information:
Router1#show ip protocols
You can look at a routing table of only those routes that were learned via EIGRP as follows:
Router1#show ip route eigrp
Another extremely useful EIGRP command displays a table of all of the adjacent EIGRP routers:
Router1#show ip eigrp neighbors
You can see information about the interfaces that exchange routing information using EIGRP with this command:
Router1#show ip eigrp interfaces
Finally, you can view the EIGRP topology database as follows:
Router1#show ip eigrp topology
The precise output of the show ip protocols command varies depending on what features are enabled. However, we have shown several examples of different output throughout this chapter:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by (prefix-list) Inbound
Default networks flagged in outgoing updates
Default networks not accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: static, eigrp 55
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.25.2.2/32
172.25.0.0
192.168.20.0
Routing Information Sources:
Gateway Distance Last Update
(this router) 90 5d23h
172.25.2.1 90 00:03:32
Distance: internal 90 external 170
Router1#
The standard command to view the IP routing table is show ip route. However, this will show you all of the IP routes, including static routes, connected routes, routes learned through other protocols, and EIGRP routes. If you just want to see the EIGRP routes, you can add the keyword eigrp to this command:
Router1#show ip route eigrp
D*EX 0.0.0.0/0 [170/91942912] via 172.25.2.1, 00:04:29, Serial0.1
Router1#
One of the most useful commands when troubleshooting EIGRP problems looks at the neighbor table:
Router1#show ip eigrp neighbors
IP-EIGRP neighbors for process 55
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 172.25.2.2 Se0/0.2 7 00:25:16 641 3846 0 148
2 172.25.1.7 Fa0/0.1 80 1w0d 17 200 0 406
0 172.22.1.4 Fa0/1 12 1w0d 3 200 0 259
Router1#
There are several important pieces of information in this list. Obviously, it’s useful to look at the IP addresses and interfaces. But it can also be extremely useful to look at the uptime. In this case, two of these neighbors have been up and stable for a week, but the third was reset 25 minutes ago. The router will sort this output so that the most recent neighbors are at the top. This gives you an immediate way to see which neighbors might have problems.
Also useful in this output is the “Q” column. This column tells you how many EIGRP packets are currently queued for the specified neighbor. If the router is consistently queueing EIGRP packets, there may be a congestion or queueing problem with this interface.
If you think you see EIGRP congestion or performance problems like this, it can be useful to look at the interfaces in more detail:
Router1#show ip eigrp interfaces
IP-EIGRP interfaces for process 55
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0.1 1 0/0 17 0/10 50 0
Lo0 0 0/0 0 0/10 0 0
Fa0/1 1 0/0 3 0/10 50 0
Se0/0.2 1 0/0 641 0/15 3163 0
Router1#
This command shows useful information, such as how many peers there are on each interface. It also tells you more about any possible queueing issues, breaking out exactly how many routes are still pending.
Another useful command when debugging EIGRP problems is the show ip eigrp toplogy command. This command gives a view of the EIGRP topology table. The topology table is useful because it often includes information about routes that EIGRP has received, but that the router isn’t using for whatever reason. For example, if there is a similar route with a better administrative distance, such as a static route, the show ip route command will indicate only the static route. The show ip eigrp toplogy command allows you to look through the whole EIGRP topology table to see exactly why the other route is better:
Router1#show ip eigrp topology
IP-EIGRP Topology Table for AS(55)/ID(172.25.25.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 0.0.0.0/0, 1 successors, FD is 28160, tag is 5
via Rstatic (28160/0)
via Summary (28160/0), Null0
P 10.2.2.0/24, 1 successors, FD is 156160
via 172.22.1.4 (156160/128256), FastEthernet0/1
P 10.1.1.0/30, 1 successors, FD is 3845120
via Connected, Serial0/1
P 192.168.10.0/24, 1 successors, FD is 28160, tag is 5
via Rstatic (28160/0)
P 192.168.30.0/24, 1 successors, FD is 156160
via 172.22.1.4 (156160/128256), FastEthernet0/1
P 192.168.20.0/24, 1 successors, FD is 2195456
via 172.25.2.2 (2195456/281600), Serial0/0.2
P 172.25.25.6/32, 1 successors, FD is 156160
via 172.25.1.7 (156160/128256), FastEthernet0/0.1
P 172.25.25.1/32, 1 successors, FD is 128256
via Connected, Loopback0
P 172.25.25.2/32, 1 successors, FD is 2297856
via 172.25.2.2 (2297856/128256), Serial0/0.2
P 172.25.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/0.1
P 172.25.2.0/30, 1 successors, FD is 2169856
via Connected, Serial0/0.2
P 172.22.1.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/1
Router1#
The EIGRP topology table also shows the successors for each route. The successor is the route that will be installed in case the better one goes away.
18.222.252.146