Enhanced Interior Gateway Routing Protocol 1. EIGRP EIGRP is an advanced distance-vector routing protocol that relies on features commonly associated

Enhanced Interior Gateway Routing Protocol

1

EIGRP• EIGRP is an advanced distance-vector routing protocol that relies

on features commonly associated with link-state protocols. • Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior

gateway protocol .• very low usage of network resources during normal operation; only

hello packets are transmitted on a stable network• when a change occurs, only routing table changes are propagated,

not the entire routing table; this reduces the load the routing protocol itself places on the network

• rapid convergence times for changes in the network topology (in some situations convergence can be almost instantaneous)

• Administrative Distance– Internal: 90– Summary: 5– External: 170

Rick Graziani [email protected]

Comparing EIGRP with IGRP

• Comparisons between EIGRP and IGRP fall into the following major categories:– Compatibility mode – Metric calculation – Hop count – Automatic protocol redistribution – Route tagging

IGRP Is no more in use

EIGRP Design FeaturesThe advantages of EIGRP over simple distance vector protocols:

1. EIGRP routers converge quickly because they rely on DUAL; guarantees loop-free operation at every instant throughout a route computation allowing all routers involved in a topology change to synchronize at the same time.

2. Make use of bandwidth by sending partial,bounded updates and its minimal consumption of bandwidth when network is stable.

3. Unlike IGRP, EIGRP offers full support for classless IP by exchanging subnet masks in routing updates.

4. Supports IP, IPX and AppleTalk

EIGRP Features

Flexible network design Multicast and unicast instead of broadcast

address Support for VLSM and discontiguous subnets Manual summarization at any point in the

internetwork Support for multiple network layer protocols Network Size is not limited .

Advanced distance vector Rapid convergence 100% loop-free classless routing Easy configuration Incremental updates Load balancing across equal- cost

by default and unequal-cost path

EIGRP Features ( cont..)

– RTP ( Reliable Transport Protocol )– DUAL ( Diffusing Update Algorithm )– PDM (Protocol Dependent Module)

Reliable Transport Protocol (RTP)

• Guarantee ordered delivery of EIGRP packets to all neighbors.• EIGRP uses RTP as its own proprietary transport-layer protocol

to guarantee delivery of routing information. • EIGRP can multicast and unicast to different peers

simultaneously, which allows for maximum efficiency.

DUAL finite-state machine algorithm

• The centerpiece of EIGRP is the Diffusing Update Algorithm (DUAL), which is the EIGRP route-calculation engine.

• DUAL tracks all the routes advertised by neighbors. Composite metrics of each route are used to compare them.

• EIGRP keeps important route and topology information readily available in a neighbor table and a topology table. These tables supply DUAL with comprehensive route information in case of network disruption. DUAL selects alternate routes quickly by using the information in these tables. If a link goes down, DUAL looks for an alternative route path, or feasible successor, in the topology table.

Protocol-dependent modules (PDM)

• Support for routed protocols, such as IP, IPX, and AppleTalk, is included in EIGRP through PDMs.

• Each PDM is responsible for all functions related to its specific routed protocol. • The IP-EIGRP module is responsible for the following:

– Sending and receiving EIGRP packets that bear IP data – Notifying DUAL of new IP routing information that is received – Maintaining the results of DUAL routing decisions in the IP routing table – Redistributing routing information that was learned by other IP-capable routing

protocols

The five EIGRP packet types are as follows:

– Hello: used to discover, verify, and rediscover neighbor routers– Acknowledgment: hello packets w/out data to indicate receipt

of any EIGRP packet – Update: used when a router discovers a new neighbor and

detects topology change– Query : used when specific information needed from one or

all of its neighbors– Reply: used to respond to a query packet

Hello and Holdtime Intervals

• Hellos – Used by the neighbor discovery and recovery process. – Multicast– Unreliable delivery (not acknowledged)– T1 and faster : Hello interval 5 seconds, hold time 15 seconds – Slower than T1: Hello interval 60 seconds, hold time 180

seconds – If a neighbor is not heard from for the duration of the hold time

(three times hello interval), EIGRP considers that neighbor down, and DUAL must step in to reevaluate the routing table.

– EIGRP routers do not need to have the same hello intervals and hold down intervals


EIGRP Terminology • Successor – Current Route / Best Route• Feasible Successor - A backup route• Feasible distance (FD) is the minimum distance (metric) along a path to a

destination network.• Reported distance (RD) is the distance (metric) towards a destination as

advertised by an upstream neighbor. Reported distance is the distance reported in the queries, the replies and the updates.

• A neighbor meets the feasible condition (FC) if the reported distance by the neighbor is less than to the current feasible distance (FD) of this router. "If a neighbors metric is less than mine, then I know the neighbor doesn't have a loop going through me.“

• A feasible successor is a neighbor whose reported distance (RD) is less than or equal to the current feasible distance (FD). Feasible successor is one who meets the feasible condition (FC).


EIGRP Successors and Feasible Successors

Successor: a route selected as primary route to use to reach a destination.

Feasible successor: a backup route

EIGRP Metric

• The criteria that EIGRP uses by default to calculate its metric:

–Bandwidth–Delay

• The optional criteria that EIGRP can be configured to use when calculating its metric:

–Reliability–Load

• Note: Although MTU is exchanged in EIGRP packets between neighbor routers, MTU is not factored into the EIGRP metric calculation.

Metrics• Metrics:

– Bandwidth– Delay– Reliability– Load

• Default Metric

– bandwidth = (10,000,000/bandwidth kbps) * 256– delay = (delay/10) * 256

– By default, EIGRP metric:Metric = bandwidth (slowest link) + delay (sum of delays)

– Delay = sum of the delays in the path, in tens of microseconds, multiplied by 256

– Bandwidth = [107 / (minimum bandwidth link along the path, in kilobits per second)] * 256

– Formula with default K values (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0):Metric = [K1 * BW + ((K2 * BW) / (256 – load)) + K3 * delay]

– If K5 not equal to 0:Metric = metric * [K5 / (reliability + K4)]:


A B C D Least bandwidth 64 kbps Total delay 6,000

A X Y Z D Least bandwidth 256 kbps Total delay 8,000• Delay is the sum of all the delays of the links along the paths:

Delay = [delay in tens of microseconds] x 256

• Bandwidth is the lowest bandwidth of the links along the paths:Bandwidth = [10,000,000 / (bandwidth in kbps)] x 256

EIGRP Metrics Calculation Example

EIGRP Concepts• EIGRP maintains three tables:

– Neighbor table: lists adjacent routers– Topology table: all EIGRP routing tables in AS– Routing table:holds best routes to a destination

• By forming adjacencies, EIGRP routers:– Dynamically learn of new routes that join their network – Identify routers that become either unreachable or inoperable – Rediscover routers that had previously been unreachable

• Every EIGRP router maintains a topology table for each configured network protocol.

• All learned routes to a destination are maintained in the topology table.

EIGRP IP Routing Table

Neighbor discovery and recovery

• Establish adjacencies with neighbor routers by using small hello packets

• Hellos are sent by default every five seconds• By forming adjacencies, EIGRP routers do the

following:– Synch the Routing table when new adjacency are formed– Dynamically learn of new routes that join their network– Identify routers that become either unreachable or

inoperable– Rediscover routers that had previously been unreachable

Topology Table

• Topology Table– A passive route is one that is stable and available

for use. – An active route is a route in the process of being

recomputed by DUAL.


Initial Route Discovery

Feasible Successor Route Selection Rules

Select Routes• If a link goes down, DUAL looks for an alternative route

path, or feasible successor, in the topology table. • If a feasible successor is not found, the route is flagged as

Active, or unusable at present. • Query packets are sent to neighboring routers requesting

topology information. • If the neighbors do not have the lost-route information,

queries are sent to their neighbors.• DUAL uses this information to recalculate successor and

feasible successor routes to the destination. • If a router has an alternate route, it answers the query;

this stops the query from spreading in that branch of the network.

Example: EIGRP TablesRouter C Tables:

router eigrp autonomous-system-number

• Defines EIGRP as the IP routing protocol.

• All routers in the internetwork that must exchange EIGRP routing updates must have the same autonomous system number.

Configuring EIGRP

network network-number [wildcard-mask]

• Identifies attached networks participating in EIGRP.

• The wildcard-mask is an inverse mask used to determine how to interpret the address. The mask has wildcard bits, where 0 is a match and 1 is “don’t care.”

Router(config)#

Router(config-router)#

bandwidth kilobits

• Defines the interface’s bandwidth for the purposes of sending routing update traffic.

Configuring EIGRP (Cont.)Router(config-if)#

Using the Wildcard Mask in EIGRP

EIGRP ConfigurationRouterX(config)# router eigrp autonomous-system

RouterX(config-router)# network network-number

EIGRP Route Summarization: Automatic

– Purpose: Smaller routing tables, smaller updates– Automatic summarization:

• On major network boundaries, subnetworks are summarized to a single classful (major) network.

• Automatic summarization occurs by default.

EIGRP and Discontiguous Networks Default Scenario Configuration

EIGRP, by default, does not advertise subnets and, therefore, cannot support discontiguous subnets.

EIGRP Route Summarization: Manual

•Manual summarization has the following characteristics:

– Summarization is configurable on a per-interface basis in any router within a network.

– When summarization is configured on an interface, the router immediately creates a route pointing to null0.

• Loop-prevention mechanism– When the last specific route of the summary goes away, the summary is

deleted.– The minimum metric of the specific routes is used as the metric of the

summary route.

EIGRP and Discontiguous Networks with no auto-summary

EIGRP with the no auto-summary parameter can advertise subnets and, therefore, can support discontiguous subnets.

Manual Summarization with EIGRP

RTC(config)#router eigrp 2446

RTC(config-router)#no auto-summary

RTC(config-router)#exit

RTC(config)#interface serial 0/0

RTC(config-if#ip summary-address eigrp 2446 2.1.0.0 255.255.0.0

Example EIGRP Configuration

R2 EIGRP Configuration

<output omitted>

interface FastEthernet0/0

ip address 172.17.2.2 255.255.255.0

<output omitted>

interface Serial0/0/1

bandwidth 64

ip address 192.168.1.102 255.255.255.224

<output omitted>

router eigrp 100

network 172.17.2.0 0.0.0.255

network 192.168.1.0

Verifying EIGRP: show ip eigrp neighbors

R1#show ip eigrp neighbors

IP-EIGRP neighbors for process 100

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 192.168.1.102 Se0/0/1 10 00:07:22 10 2280 0 5

R1#

Verifying EIGRP: show ip route eigrp

R1#show ip route eigrp

D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:07:01, Serial0/0/1

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D 172.16.0.0/16 is a summary, 00:05:13, Null0



R1#show ip route

<output omitted>

Gateway of last resort is not set

D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:06:55, Serial0/0/1



C 172.16.1.0/24 is directly connected, FastEthernet0/0


C 192.168.1.96/27 is directly connected, Serial0/0/1


Verifying EIGRP: show ip protocolsR1#show ip protocols

Routing Protocol is "eigrp 100"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Default networks flagged in outgoing updates

Default networks accepted from incoming updates

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Redistributing: eigrp 100

EIGRP NSF-aware route hold timer is 240s

<output omitted>

Maximum path: 4

Routing for Networks:

172.16.1.0/24

192.168.1.0

Routing Information Sources:

Gateway Distance Last Update

(this router) 90 00:09:38

Gateway Distance Last Update

192.168.1.102 90 00:09:40

Distance: internal 90 external 170

Verifying EIGRP: show ip eigrp interfaces

R1#show ip eigrp interfaces

IP-EIGRP interfaces for process 100

Xmit Queue Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes

Fa0/0 0 0/0 0 0/10 0 0

Se0/0/1 1 0/0 10 10/380 424 0

Verifying EIGRP: show ip eigrp topology

R1#show ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 192.168.1.96/27, 1 successors, FD is 40512000

via Connected, Serial0/0/1


via Summary (40512000/0), Null0


via Summary (28160/0), Null0


via Connected, FastEthernet0/0


via 192.168.1.102 (40514560/28160), Serial0/0/1

Verifying EIGRP: show ip eigrp traffic

R1#show ip eigrp traffic

IP-EIGRP Traffic Statistics for AS 100

Hellos sent/received: 429/192

Updates sent/received: 4/4

Queries sent/received: 1/0

Replies sent/received: 0/1

Acks sent/received: 4/3

Input queue high water mark 1, 0 drops

SIA-Queries sent/received: 0/0

SIA-Replies sent/received: 0/0

Hello Process ID: 113

PDM Process ID: 73

RouterX# show ip eigrp interfaces

IP EIGRP interfaces for process 109

Xmit Queue Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes

Di0 0 0/0 0 11/434 0 0

Et0 1 0/0 337 0/10 0 0

SE0:1.16 1 0/0 10 1/63 103 0

Tu0 1 0/0 330 0/16 0 0

Verifying the EIGRP Configuration

RouterX# show ip eigrp interfaces

Displays information about interfaces configured for EIGRP

RouterX# show ip protocols

RouterX# show ip route eigrp

Displays the current EIGRP entries in the routing table

Displays the parameters and current state of the active process

RouterX# show ip eigrp neighbors

IP-EIGRP Neighbors for process 77

Address Interface Holdtime Uptime Q Seq SRTT RTO

(secs) (h:m:s) Count Num (ms) (ms)

172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20

172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24

172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20

RouterX# show ip eigrp neighbors [detail]

Displays the neighbors discovered by IP EIGRP

Verifying the EIGRP Configuration (Cont.)

RouterX# show ip eigrp topology [all]

Displays the IP EIGRP topology table

Without the [all] parameter, shows successors and feasible successors

RouterX# show ip eigrp topology

IP-EIGRP Topology Table for process 77

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776

via 172.16.80.28 (46251776/46226176), Ethernet0

via 172.16.81.28 (46251776/46226176), Ethernet1

via 172.16.80.31 (46277376/46251776), Serial0

P 172.16.81.0 255.255.255.0, 2 successors, FD is 307200

via Connected, Ethernet1

via 172.16.81.28 (307200/281600), Ethernet1

via 172.16.80.28 (307200/281600), Ethernet0

via 172.16.80.31 (332800/307200), Serial0


RouterX# show ip eigrp traffic

Displays the number of IP EIGRP packets sent and received

RouterX# show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 77

Hellos sent/received: 218/205

Updates sent/received: 7/23

Queries sent/received: 2/0

Replies sent/received: 0/2

Acks sent/received: 21/14


RouterX# debug ip eigrp

IP-EIGRP: Processing incoming UPDATE packet

IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960

IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960

IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960

IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1

IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200








debug ip eigrp Command

Note: EIGRP routes are exchanged only when a change in topology occurs.

EIGRP Load Balancing

– By default, EIGRP does equal-metric load balancing:

• By default, up to four routes with a metric equal to the minimum metric are installed in the routing table.

– There can be up to 16 entries in the routing table for the same destination:

• The number of entries is configurable with themaximum-paths command.

EIGRP Unequal-Cost Load Balancing

variance multiplier

RouterX(config-router)#

Allows the router to load-balance across routes with a metric smaller than the multiplier value times the minimum metric route to that destination.

The default variance is 1, which means equal-cost load balancing.

Variance Example

Router E chooses router C to route to network 172.16.0.0 because it has the lowest feasible distance of 20.

With a variance of 2, router E also chooses router B to route to network 172.16.0.0 (20 + 10 = 30) < [2 * (FD) = 40].

Router D is not considered to route to network 172.16.0.0 (because 25 > 20).

Simple Password vs. MD5 Authentication

– Simple password authentication:• Router sends packet and key.• Neighbor checks whether key matches its key.• Process not secure.

– MD5 authentication: • Configure a key (password) and key ID; router

generates a message digest, or hash, of the key, key ID and message.

• Message digest is sent with packet; key is not sent.• Process IS secure.

EIGRP MD5 Authentication

– EIGRP supports MD5 authentication.– The router identifies itself for every EIGRP packet

it sends.– The router authenticates the source of each

routing update packet that it receives.– Each participating neighbor must have the same

key configured.

EIGRP MD5 Authentication Configuration Steps

1. Create the keychain, a group of possible keys (passwords).

2. Assign a key ID to each key.3. Identify the keys.4. (Optional) Specify the duration a key will be valid. 5. Enable MD5 authentication on the interface.6. Specify which keychain the interface will use.

Configuring EIGRP MD5 Authentication

key chain name-of-chain

RouterX(config)#

Enters the configuration mode for the keychain

RouterX(config-keychain)#

key key-id

Identifies the key and enters the configuration mode for the key ID

RouterX(config-keychain-key)#

key-string text

Identifies the key string (password)


accept-lifetime start-time {infinite | end-time | duration seconds}

(Optional) Specifies when the key is accepted for received packets


send-lifetime start-time {infinite | end-time | duration seconds}

(Optional) Specifies when the key can be used for sending packets

Configuring EIGRP MD5 Authentication (Cont.)

ip authentication mode eigrp autonomous-system md5

RouterX(config-if)#

Specifies MD5 authentication for EIGRP packets

RouterX(config-if)#

ip authentication key-chain eigrp autonomous-system

name-of-chain Enables authentication of EIGRP packets using the key in the keychain

Configuring EIGRP MD5 Authentication (Cont.)

Example MD5 Authentication Configuration

R1 Configuration for MD5 Authentication

<output omitted>

key chain R1chain

key 1

key-string firstkey

accept-lifetime 04:00:00 Jan 1 2006 infinite

send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006

key 2

key-string secondkey


send-lifetime 04:00:00 Jan 1 2006 infinite

<output omitted>


ip address 172.16.1.1 255.255.255.0

!


bandwidth 64

ip address 192.168.1.101 255.255.255.224

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 R1chain

!

router eigrp 100

network 172.16.1.0 0.0.0.255

network 192.168.1.0

auto-summary

R2 Configuration for MD5 Authentication<output omitted>

key chain R2chain

key 1

key-string firstkey



key 2

key-string secondkey



<output omitted>


ip address 172.17.2.2 255.255.255.0

!


bandwidth 64

ip address 192.168.1.102 255.255.255.224

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 R2chain

!

router eigrp 100

network 172.17.2.0 0.0.0.255

network 192.168.1.0

auto-summary

Verifying MD5 AuthenticationR1#

*Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102 (Serial0/0/1) is up: new adjacency

R1#show ip eigrp neighbors


H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14

R1#show ip route

<output omitted>

Gateway of last resort is not set

D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1



C 172.16.1.0/24 is directly connected, FastEthernet0/0


C 192.168.1.96/27 is directly connected, Serial0/0/1


R1#ping 172.17.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

Components of Troubleshooting EIGRP

Troubleshooting EIGRP Neighbor Issues

Troubleshooting EIGRP Routing Tables

Troubleshooting EIGRP Authentication

RouterX# debug eigrp packets

EIGRP Packets debugging is on

(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)

*Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1

*Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102

*Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe

erQ un/rely 0/0

RouterY# debug eigrp packets


(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY,

SIAREPLY)

RouterY#

*Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2

*Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101

*Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe

erQ un/rely 0/0

A successful MD5 authentication between RouterX and RouterY

Troubleshooting EIGRP Authentication Problem

RouterX(config-if)#key chain RouterXchain

RouterX(config-keychain)#key 2

RouterX(config-keychain-key)#key-string wrongkey

RouterY#debug eigrp packets


(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)

RouterY#

*Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch

*Jan 21 16:50:18.749: EIGRP: Serial0/0/1: ignored packet from 192.168.1.101, opc

ode = 5 (invalid authentication)

*Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication

*Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/1

*Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101

(Serial0/0/1) is down: Auth failure

RouterY#show ip eigrp neighbors


RouterY#

Unsuccessful MD5 authentication between RouterX and RouterY when RouterX key 2 is changed

Documents

Enhanced Interior Gateway Routing Protocol 1. EIGRP EIGRP is an advanced distance-vector routing protocol that relies on features commonly associated