Eigrp

Enhanced Interior Routing Protocol (EIGRP)
Why EIGRP? Some advances in Routing

BRKRST-3372

Housekeeping

 We value your feedback – don’t forget to complete
your online session evaluations after each session
& complete the Overall Conference Evaluation
which will be available online from Thursday
 Visit the World of Solutions
 Please remember this is a ‘non-smoking’ venue!
 Please switch off your mobile phones
 Please make use of the recycling bins provided
 Please remember to wear your badge at all times

BRKRST-3372 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Prerequisites

This Session Assumes Basic Knowledge of:
 EIGRP Operation and Network Design
 IPv4 Routing Principals
 IPv6 Routing Principals
 Routing Protocols


Introduction
 Feature Overview
 Unified Configuration
 Scaling Enhancements
 Security Enhancements
 Routing Enhancements
 IPv6 Support Primer

Introduction
EIGRP Features over the years

Peer Scaling
1993 exceeds 600 2000 2003
EIGRP 1998 PE/CE Route-Maps
Introduced SIA Rewrite Support 3-Way Handshake

1994 1999 2001
Transport Hub and Neighbor
Rewrite Spoke Reliability
NSF/SSO

2010
2006 IPv6 VRF
2004 DMVPN 2008 HMAC SHA2
3rd Party Next- SRP Code Harding Authentication
hop OER Unified CLI Peer Groups
SNMP Manet Stub Leaking Remote
BFD Support Plugin Support Summary Peers
Leaking

2005 2007 2009
Pix Firewall Cross Licensing Summary
MTR Service Family Metric
IPv6 Support vNet Support
BFD
Prefix Limits DMVPN Peer DMVPN Peer
Site of Origin Scaling exceeds Scaling Expected
1000 to exceed 3000


Introduction
Determining if a feature is available
“show eigrp plugins” provided detailed information on the capabilities of
eigrp running:
version of eigrp
patch level for the version
features available in your image
Router>#show eigrp plugins detail
EIGRP feature plugins:::
eigrp-release : 6.00.00 : Portable EIGRP Release
: 4.01.05 : Source Component Release(dev6)
parser : 2.02.00 : EIGRP Parser Support
igrp2 : 3.00.00 : Reliable Transport/Dual Database
bfd : 1.01.00 : BFD Platform Support
mtr : 1.00.01 : Multi-Topology Routing(MTR)
eigrp-pfr : 1.00.01 : Performance Routing Support
PfR Initialized
Debug off
Detail Debug off
vNets : 1.00.00 : vNets Platform Support
IPv4 vNets Enabled
IPv6 vNets Disabled
ipv4-af : 2.01.01 : Routing Protocol Support
ipv4-sf : 1.01.00 : Service Distribution Support
ipx-af : 2.00.01 : Routing Protocol Support
ipv6-af : 2.01.01 : Routing Protocol Support
ipv6-sf : 1.01.00 : Service Distribution Support
snmp-agent : 1.01.01 : SNMP/SNMPv2 Agent Support


Unified Configuration

 Named Mode Configuration
What problem are we solving?
Exec Commands
Configuration Commands


Introduction
Unified Configuration – Problems
 EIGRP is more than just routing!!
EIGRP supports 2 major distribution types
IPX
3 Protocol Stacks route distribution
 Commands are scattered IPv4
IPv6
 Commands were similar but different
service distribution
 Scope is sometimes unclear

EIGRP IPv4 EIGRP IPv6
interface gigabitethernet0/0 ipv6 unicast-routing
ip bandwidth-percent eigrp 1 75 !
no shut interface gigabitethernet0/0
! ipv6 enable
router eigrp 1 ipv6 eigrp 1
network 0.0.0.0 0.0.0.0 ipv6 bandwidth-percent eigrp 1 75
address-family ipv4 vrf BLUE no shut
!
ipv6 router eigrp 1
eigrp router-id 10.1.1.1
no shut


Introduction
Unified Configuration Solution – Named Mode

 To solve these issues, we created a new configuration mode:
Clearly define the effect of the command, or the expected outcome
Allows you to enter information needed for a given mode (avoid missing AS
configuration errors)
Provides ONE place to configure all of eigrp
Provides ONE common way to define a feature
Enter it the same way! Reduce the time needed to learn a new protocol

 And a new set of exec commands :
Exec command should mirror the corresponding configuration commands
Enter it the same way! Reduce the time needed to learn a new protocol

 Supports all current and future feature development in an extensible
way
 Above all – allow you to keep the existing Config/Exec Mode in case
you prefer the classic configuration mode


Introduction
EIGRP Named Mode – Creating an Instance
 Classic mode:
Configuring “router eigrp” command with a number.
 Named mode:
Configuring “router eigrp” command with the virtual-instance-name
Named mode supports both IPv4 and IPv6, and VRF (virtual routing and
forwarding) instances
Named mode allows you to create a single Instance of EIGRP which can
be used for all family type
Named mode supports multiple VRFs limited only by available system
resources
Named mode does not enable IPV4 routing

router eigrp [virtual-instance-name | asystem]
[no] shutdown
.
.
.


Introduction
EIGRP Named Mode – Family sub-mode
 Defines what you’re routing/distributing
 “common look and feel”
 Provide support for both routing (address-family) and
services (service-family)
 Can be configured for VRFs
 Single place for all commands needed to completely define
an instance.
“show run | section router eigrp”
 Assure subcommands are clear as to their scope
 Static neighbors, peer-groups, stub, etc, ..
 neighbor, neighbor remote, etc
router eigrp [virtual-instance-name]
address-family <protocol> [vrf <name>] autonomous-system <#>
…
exit-address-family
service-family <protocol> [vrf <name>] autonomous-system <#>
…
exit-service-family


Introduction
EIGRP Named Mode – Interface sub-mode
 EIGRP specific interface properties are configuration in the af-
interface mode. for example;
authentication, timers, and bandwidth control

 “af-interface default” applies to all interfaces
Not all commands are supported

 “af-interface <interface>” applies to one interface
Only “eigrp” specific commands are available
Interface delay and bandwidth are configured under the interface
address-family <protocol> autonomous-system <#>
af-interface default
…
exit-af-interface
af-interface <interface>
…
exit-af-interface
exit-address-family


Introduction
EIGRP Named Mode – Interface Inheritance
 Command inheritance following the following rules;
¨ç af-interface specific
Explicit User configuration overrides “af-interface default”
¨è af-interface default
Explicit User defaults configuration overrides factory settings
¨é factory
 Consider the example; where do the settings come from?

router eigrp nw010
address-family ipv6 vrf blue auto 2 Ethernet 0
af-interface default hello-interval
hello-interval 10
exit-af-interface hold-time
af-interface Ethernet0 split-horizon factory setting!
hello-interval 5
hold-time 10
exit-af-interface Ethernet 1
af-interface Ethernet1 hello-interval
hold-time 30
no split-horizon
hold-time
exit-af-interface split-horizon
exit-address-family


Introduction
EIGRP Named Mode – Topology sub-mode

 Support for multi topology routing (MTR)
 Topology specific configuration such as;
 default-metric
 event-log-size
 external-client
 metric config
 timers config Applies to global, or default,
 redistribution
Routing Table

address-family <protocol> autonomous-system <#>
topology base
…
exit-topology
exit-address-family


Introduction
EIGRP Named Mode – EXEC Commands

{show | clear | debug} eigrp What action are you performing?
[service | address]-family {ipv4 | ipv6} Protocol family?
[vrf {<vrf-name> | *}] Does it apply to specific VRF?
[<asystem>] [additional parameters] One specific AS?

Example:
show eigrp address-family ipv4 topology



show eigrp service-family ipv4 topology


Introduction
EIGRP Classic Mode - Changes

 Behavior of autonomous-system command under VRFs has
changed to address common configurations errors.
1 The AS Can be entered on the address-family or standalone or both
2 The AS must be defined for the address-family to "start" processing
3 The AS will nvgen wherever it is entered, if configured both ways it nvgens both ways
4 The standalone keyword can be removed if the AS is defined on the address-family
command
5 Once configured on address-family the AS can only be removed by removing the address-
family
router eigrp 1
address-family ipv4 vrf RED
autonomous-system 99
network 10.0.0.0

router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
network 10.0.0.0

router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
autonomous-system 99
network 10.0.0.0


Introduction
EIGRP Classic Mode - Changes

 The auto-summary command is a relic from the days of classful
routing. It was enabled by default in pre-release 5 images.
The auto-summarization feature is no longer widely used and 'no auto-
summary' has since become the prevailing configuration.
CSCso20666 changed auto-summary behavior to disabled by default.
Because 'no auto-summary' is the factory default setting it will not nvgen --
auto-summary will now only nvgen if it is explicitly enabled.

default nvgen behavior IOS Version (eigrp version)

auto-summary 'auto-summary' : does not nvgen 12.2SR(rel2), 12.2SX(rel3),
'no auto-summary' : nvgens 12.2SG(rel4)
auto-summary 'auto-summary' : nvgens 12.2S(rel1), 12.4T(rel1),
'no auto-summary' : nvgens 12.2SB(rel1)
no auto-summary 'auto-summary' : nvgens 15.0(rel5), 15.0T(rel5),
'no auto-summary' : does not nvgen 12SRE(rel5), 122XNE(rel5)
122XNF(rel5_1),
122(55)SG(rel5_2)

Introduction
EIGRP Classic vrs Named Mode Comparisons
classic router configuration eigrp named mode configuration
interface Eithernet0/0 interface Eithernet0/0
ip address 1.1.1.1 ip address 1.1.1.1
ip hello eigrp 1 30 ipv6 enable
ipv6 enable
ipv6 enable eigrp 1 !
ipv6 bandwidth-percent eigrp 1 40 !
router eigrp nw010
router eigrp 1 address-family ipv4 autonomous-system 1
network 10.0.0.0 255.0.0.0
network 10.0.0.0 255.0.0.0 af-interface Ethernet0/0
hello 30
exit-af-interface
!
address-family ipv4 vrf savage address-family ipv4 vrf savage autonomous-system 4453
autonomous-system 4453 network 192.168.0.0
network 192.168.0.0 !
!
ipv6 router eigrp 1 address-family ipv6 autonomous-system 1
no shutdown af-interface Ethernet0/0
no shutdown
bandwidth-percent 40
exit-af-interface
!
*no support for ipv6 address-family ipv6 autonomous-system 6473
vrf in classic af-interface default
no shutdown
exit-af-interface


Introduction
EIGRP Named Mode – For more information

 12.4T
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/
12_4t/ire_12_4t_book.html

 12.2SR
http://www.ciscosystems.com/en/US/docs/ios/iproute_eigrp/configuratio
n/guide/12_2sr/ire_12_2sr_book.html

 15.0
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/
ire_cfg_eigrp_ps10591_TSD_Products_Configuration_Guide_Chapter.
html

 More on Service Family Configuration
http://cisco.biz/en/US/docs/ios/saf/command/reference/saf_book.html


Scaling Enhancements
 Improving Convergence
 EIGRP Stub Enhancements
 Stub overview
 Stub Leaking
 Summary Enhancements
 Summary Leaking
 Summary Metric

Improving Convergence
EIGRP – Faster than you think
IPv4 IGP Convergence Data
 IS-IS with default timers Routes
7000

Milliseconds
 OSPF with default timers
6000
 EIGRP without feasible
successors 5000

 OSPF with tuned timers 4000

 IS-IS with tuned timers 3000

 EIGRP with feasible 2000
successors
Route 1000
Generator

A
0

5000
4000
1000

2000

3000
B C

D


Terms

 Failure detection
How quickly a device on the network can detect and
react to a failure
 Information propagation
How quickly the failure in the previous stage is
communicated to other devices
 Repair
How quickly a devices notified of a failure can
calculate an alternate path

 Improvements any of these stages provides an improvement in overall
convergence

Failure Detection

 EIGRP Hello timers can be tuned to a minimum of 1 second. This is not
configurable to sub-second
router eigrp nw010-hello
address-family ipv6 auto 6473
hello-interval ?
<1-65535> Seconds between hello transmissions

 There are reasons for not recommending this and also for us not offering
such low values; for example, depending on the number of interfaces, 1
sec rates can become CPU intensive and lead to spikes in
processing/memory requirements


Failure Detection - BFD

Bidirectional Forwarding Detection (BFD)
 BFD exhibits lower overhead than aggressive
hellos
 BFD is a heartbeat at Layer 2.5
 BFD can provide sub-second failure detection
http://www.ietf.org/internet-drafts/draft-ietf-bfd-generic-02.txt
http://www.ietf.org/internet-drafts/draft-ietf-bfd-base-05.txt

 BFD works on most media
 For SONET/SDH alarm detection, BFD can provide
close to the same reaction time


BFD
B D

 BFD working together with EIGRP as the upper layer protocol
 BFD relies on EIGRP to tell it about Neighbors
 Notifies EIGRP quickly about changes in Layer 2 state

router eigrp nw010-bfd
bfd ! Enable BFD on all interfaces
af-interface Ethernet1/0
bfd ! Enable BFD on specific interface


BFD
B D

B#show bfd neighbors
OurAddr NeighAddr LD/RD RH Holdown(mult) State Int
14.1.1.1 14.1.1.2 5/1 1 252 (3 ) Up E1/0
B#

Verbose output
B#show bfd neighbor detail | begin Registered
Registered protocols: EIGRP
Uptime: 00:06:33
B#show eigrp address-family ipv4 interface detail e1/0
EIGRP-IPv4 VR(nw010) Address-Family Interfaces for AS(4453)
BFD is enabled


Information propagation - Hierarchy

 The depth of the Core
hierarchy doesn’t alter the
way EIGRP is deployed;
there are no “hard edges” Distribution

Summarization
 Summarize at every
boundary where possible
Access
 Divide complexity with
summarization points


Information propagation – Summary Basics

 192.168.1.0/24,
192.168.2.0/24, and 192.168.0.0/22
192.168.3.0/24 can 1 Network
be advertised as 1024 Addresses
192.168.0.0/22
3 Networks
 Rather than three networks, 255 Addresses Each
each with 255 addresses
(253 hosts), A advertises
a single network,
with 1024 addresses
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24

253 Hosts


Information propagation – Summary Basics

 Summarization is an information-hiding technique used to minimize
the number of prefixes advertised while still maintaining full
reachability.
 Summarization will be most effective if the network
is designed in a hierarchical way so that multiple prefixes can be
represented at some point in the network by a single, less specific
prefix.
 One typical place of summarization is from distribution routers toward
remotes that only need to know a default route
(or at least some subset of total routes) in order to reach the
remainder of the network.
 When summarization is used in EIGRP networks, scalability is
greatly enhanced both because of the fewer number of prefixes
known throughout the network as well as the decreased query scope
that summarization brings.


Information propagation – excessive redundancy

 What is excessive redundancy? Isn’t redundancy
a good thing, not something I should have?
1.1.1.0/24
 No. excessive redundancy is alternative paths
that exist in the network that provide little if any
real benefit of improved reliability, and are often
unplanned and unexpected. A

 In this example, the four Ethernets on the left are
there to provide users with access to the network.
 There are two routers connected to each VLAN in
order to provide redundancy (probably via HSRP)
so that the users will have failover capability
if there is a problem.

 Unfortunately, the designer may have created a
network topology a little different than what he
intended



RtrA#show ip route | begin 1.1.1.0
RtrA#show eigrp address-family ipv4 topo all | begin 1.1.1.0
C 1.1.1.0 is directly connected, Loopback1
P 1.1.1.0/24, 1 successors, FD is 128256, serno 2673915
….snip…. 1.1.1.0/24
via Connected, Loopback1
via 10.0.19.2 (9690112/9173248), FastEthernet6/0.19
via 10.0.13.2 (9688576/9173248), FastEthernet6/0.13 A
RtrA#show ip eigrp(9696000/9173248), FastEthernet6/0.42
via 10.0.42.2 topo | begin 1.1.1.0
P 1.1.1.0/24, 1 successors, FD is 128256
via Connected, Loopback1
P 10.0.11.0/24, 1 successors, FD is 9048064
….snip….
via 10.0.41.2 (9695744/9173248), FastEthernet6/0.41 Wow, Where Did All
….snip…. of These Alternative Paths
Come from! For
a Connected Route!


 Each user segments will be Passive-
treated as a possible alternative Interfaces 1.1.1.0/24

path!
 Generally network designers C
generally do not have these user O
segments as transit paths R
E
 Each user segments is in the
query path, so we’re causing
EIGRP to do a lot of work by
including these extra links. Users
 Extra work means shower router eigrp nw010
convergence. address-family ipv4 auto 4453
passive-interface fastethernet6/0.1
 A simple solution is provided with passive-interface fastethernet6/0.2
Or
the use of the “passive-interface” address-family ipv4 auto 6473
command. passive-interface default
no passive-interface fastethernet0/0


Information dissemination – Packet Improvements

 Startup times improved from minutes to A B
seconds in duration
 Hello packet suppression
Updates
 Better packet utilization allowed us to Hello
see better utilization of bandwidth
 Fewer Updates means fewer ACKs, Hello
noticeably reducing the over all packets
being sent
 Fewer packets means less congestion,
and in turn reduced packet loss and
retransmissions
 Results… significant increase in both
peer counts, as well as convergence
time…. so how did we do it…


Information dissemination – Packet Improvements
 Minimum RTO was decreased to 100ms. For a well functioning network, an
occasional dropped packet will allow EIGRP to converge faster. If the network is
not well behaved, it only adds one additional Retry to max out the RTO (5
seconds).
 EIGRP no longer sends a poison update in response to newly learned route

 EIGRP no longer sends “startup” updates twice.
 EIGRP no longer sends a poison update if part of a distribute-list

 EIGRP multicast updates now delays the next Hello. This helps with DMVPN

 EIGRP now handles the ACK cleanup immediately (as opposed to 1 per pacing
timer) when it suppress a multicast update,

 EIGRP was not taking into account routes that would never be sent out a
particular interface, making the packets utilization smaller than possible.

 EIGRP should not send hello's on Loopbacks - Small convenience in debugs and
slight increase in EIGRP performance.

 EIGRP “probes” which were never used in the field, were removed.


Repair - Feasible Successor

 EIGRP is the fastest converging of all IGP protocols using this
technique
 EIGRP provides nearly instantaneous convergence through
these pre-computed backup routes
 This prevents us going Active for a destination, thereby
avoiding the overhead of the Query process
 The Feasibility Distance is the sum of the Reported Distance
from a neighbor plus the cost of the link to that neighbor.
 A feasible Successor is found when when a neighbor’s
Reported Distance to the destination is lower than the
Feasible Distance


Repair - Feasible Successor

 show eigrp ipv4 topology
displays a list of successors B
and feasible successors

10.200.1.0
for all destinations .1 .2 .1 .2
56k 128k
known by EIGRP A C E

 Remember, don’t want to
many!!

RtrA#show eigrp address-family ipv4 topology D
EIGRP-IPv4 VR(nw010) Topology Table for AS(1)/ID(10.1.6.1)
..snip…..
P 10.200.1.0/24, 1 successors, FD is 21026560 Feasible Distance
via 10.1.1.2 (21026560/20514560), Serial1/0 Successor
via 10.1.2.2 (46740736/20514560), Serial1/1 Feasible Successor

Computed Reported
Distance Distance


Review

 For paths with feasible successors, convergence time is in the
milliseconds
The existence of feasible successors is dependant on the
network design
Right size it!!

 For paths without feasible successors, convergence time is
dependant on the number of routers that have to handle and
reply to the query
Queries are blocked one hop beyond aggregation and route filters
Query range is dependant on network design

 Good design is the key to fast convergence and scalability in
an EIGRP network



 Stub overview
 Stub Leaking

 Summary Leaking
 Summary Metric


EIGRP Stub
Operations

 Assume these spokes are remotes
sites and for resiliency they have two

10.1.1.0/24
connections.
A B
 If A loses its connection to 10.1.1.0/24,
it builds and transmits five queries: one
to each remote, and one to B
 A should never use the spokes to
transit traffic between A and B, so
there’s no reason to learn about, or
query for, routes through these spokes
 However, each of the remote sites will
send a query to B as part of going
active. This will result in B processing
and replying to five additional queries!
 Image if there we 1000 peers!! Don’t Use
These Paths

EIGRP Stub
Operations

 Marking the spokes as stubs
allows them to signal A and B that

10.1.1.0/24
they are not valid transit paths
A B
 When the link to 10.1.1.0/24 is lost,
A will not query the remotes, which
in turn will not query B, reducing
the total number of queries in this
example to 1!
 B will only have one path
to 10.1.1.0/24
S(config)#router eigrp nw-1-spoke
S(config-router)#address-family ipv6 auto 6473
S(config-router)#eigrp stub connected


CSCec80943
EIGRP Stub Leak
Leaking routes

In a single remote site with two routers
we want to mark the entire site as a
Stub A B

 C and D are Stub 0.0.0.0/0 0.0.0.0/0
 A and B advertise only a default to
C and D

D
C
 Because C and D are Stub they do
Remote Site
not talk to each other and there are
no advertisements 10.1.1.0/24


EIGRP Stub Leak
Leaking routes

 Network 10.1.1.0/24 cannot be
reached from A
D isn’t advertising 10.1.1.0/24 to C, since D A B
is a Stub
 D can’t reach A, or anything behind A
C is not advertising the default route to D,
since C is a Stub

D
C
Remote Site
 The link from B to D fails 10.1.1.0/24


EIGRP Stub Leak
Configuration Example
 We want that C and D advertises a subset of
their learned routes, even though they are both
Stub
 Stub leaking is the solution A B

router eigrp nw010-leaky-stub
network 10.0.0.0
eigrp stub leak-map LeakList
!
route-map LeakList permit 10
match ip address 1
match interface e0/0 D
! C
match ip address 2
match interface e1/0 Remote site 10.1.1.0/24
!
access-list 1 permit 10.1.1.0

EIGRP Stub Leak
Route Leaking

 The link from B to D fails A B

 D is advertising 10.1.1.0/24 to C, and
from C to A, so 10.1.1.0/24 is still
reachable
 C is leaking the default route to D, so
D can still reach the rest of the
network through D
D
 A and B will still not query towards C
the remote site as C and D are stubs Remote Site
10.1.1.0/24

Leak 10.1.1.0/24 and 0.0.0.0/0



 Stub overview
 Stub Leaking

 Summary Leaking
 Summary Metric


CSCed01736
EIGRP Summary Leak
Overview
 Good design implies C should receive as
few routes as possible
 We still optimally route to 10.1.1.0/24 and 10.1.0.0/16
10.1.2.0/24

 We could use a combination of static
routes and route filters to advertise both 10.1.1.0/24 10.1.2.0/24
10.1.0.0/16 and the more specific to C A B
 However, this is difficult for customers to
maintain
 You can also use a pair of summaries to

10.1.0.0/16

10.1.0.0/16
“float” the 10.1.1.0/24 and 10.1.2.0/24
summaries, but this could remove the
dynamic nature of the longer prefix
optimal route advertisements.
C


EIGRP Summary Leak
Overview 10.1.0.0/16

 The simplest way to handle this is
to configure a leak list on the 10.1.1.0/24 10.1.2.0/24
summary route
A B

10.1.0.0/16

10.1.0.0/16
match ip address 1
!
!
router eigrp nw010-leaky-stub C
network 10.0.0.0
af-interface Serial0/0
summary-address 10.1.0.0 255.255.0.0 leak-map LeakList


CSCed01736
EIGRP Summary Metric
Summary Metric Calculation Review

 When Components Changes, EIGRP must recalculate the
summary metric.
 If the best component changes, the summary needs to be re-
advertised to all of it’s peers. While it hides the changes for
each component prefix, it still causes updates and processing
to occur.
 The updates can result in downstream routers going active if
the change in the metric is large enough.
 Even if the best component isn’t the one that changed, EIGRP
internally has to cruise every topology table to make sure the
summary isn’t affected.
 With large numbers of components or large numbers of
summary, this can be significant processing.


Using a loopback as a partial solution

A
 One way to eliminate the updates is to create
a loopback which has the best metric of any
component of the summary.
 The loopback will remain up unless 10.1.0.0/23
administratively shut down, the metric of the Cost 10

summary will not change. B

 This does not eliminate the CPU processing
for summaries

10.1.0.0/24
Cost 20

10.1.1.0/24
Cost 20
 In release five EIGRP code, the summary
metric can be configured coded, thus avoiding
the metric churn and processing

loopback 0
ip address 10.1.1.1 255.255.255.255
delay 1


Solution – use the summary-metric command
 A better solution is to use the summary-metric
A
command which established a constant metric
value thereby:
It eliminate the updates
It eliminate re-computing the summary metric when
components change
It allows the summary to be withdrawn when all 10.1.0.0/23
comments are lost

 Supported by IPv4 and IPv6 B

 Only available only in named mode

router eigrp nw010-summ-metric

10.1.0.0/24
Cost 20

10.1.1.0/24
Cost 20
network 10.0.0.0
summary-address 10.1.0.0/23
exit-af-interface
topology base
summary-metric 10.1.0.0/23 100000 255 1 1500


Security Enhancements
 MD5
 HMAC SHA-256
 ASA Firewall

EIGRP Security Enhancements
MD5 Authentication

 The addition of authentication to EIGRP A
packets ensures that your routers only
accept routing updates from other routers
that know the same pre-shared key.
 This prevents someone from purposely or
accidentally adding another router to the
network and causing a problem.

key chain NW010-CHAIN
key 1
key-string securetraffic B C
!
router eigrp nw010-md5
authentication mode md5
authentication key-chain NW010-CHAIN
exit-af-interface


CSCsj57286
HMAC SHA2 256bit Authentication

 MD5 has been has been cracked and a number of tools exist
on various sites to crack MD5 hash
 With new peering options in development will allow for multi-
hop remote peers, a new method is needed
 SHA1 was considered, but SHA-1 is not collision free and can
be broken in 2^69 attempts instead of 2^80. While this It was
still a nontrivial problem, it could be done so we wanted to
consider ‘better’ options.
 SHA2 seems to be the best available and has not been shown
to be very secure. Block sizes of 512 vs. 256 did not show
much difference in security for the additional processing
requirements


CSCsj57286
HMAC SHA2 256bit Authentication

 EIGRP packets will be authenticated using HMAC-SHA-256
message authentication codes.
 The HMAC algorithm takes as inputs the data to authenticate
the EIGRP packet and a shared secret key that is known to
both the sender and the receiver, and outputs a 256-bit hash
that will be used for authentication.
 Shared secret key is a concatenation of the user-configured
shared secret key with the IPv4 (or IPv6) address from which
this particular packet is sent. This prevents Hello Packet DOS
replay attacks with a spoofed source address.
 Simpler configuration mode using a common ‘password’
 Keychain support when additional security is needed
 So how do we configure it….


CSCsj57286
HMAC SHA2 256bit configuration

 Configuration is similar to for MD5
 Simple configuration using only one password
authentication mode hmac-sha-256 eigrp-rocks
exit-af-interface

 Additional security can be added with key-chains
key 1
key-string securetraffic
!
authentication mode hmac-sha-256 eigrp-rocks
exit-af-interface
* Named mode only

CSCsj57286
HMAC SHA2 256bit configuration

 Interface inheritance can be used to simplify configuration:
key 1
key-string securetraffic
key chain NW010-LAB
key 2
key-string labtraffic
!
exit-af-interface
af-interface Ethernet0
authentication mode hmac-sha-256 ADMIN
exit-af-interface
authentication mode hmac-sha-256 CAMPAS
exit-af-interface
authentication mode hmac-sha-256 LAB
authentication key-chain NW010-LAB
exit-af-interface


ASA Firewall

 The Cisco® ASA® 5500 series offers EIGRP
support
 Common portable EIGRP core code with a
platform dependent OS-shim
 Supports EIGRP stub and other key features
 Newer platforms supported

Additional CCO information
http://www.cisco.com/go/asa


Routing Enhancements
 Third Party Next Hop
 Route-map Enhancements
 MPLS VPN PE/CE
 SNMP
 Manet RFC4938bis
 EIGRP OER Support

EIGRP Routing Enhancements
Third Party Next-hop

 Here the multipoint PVC between A, B
A
and C means B learns the IPv6 prefix
from both A and C FE80::FF:FEEA:4042

af-interface serial2/0 F-R
no next-hop-self
exit-af-interface

 Next-hop and the source of that
B C
information source are visible in the
topology table
P 2040:6666:5555:6666::/90, 1 successors, FD is 2681856
via FE80::FF:FEEA:4042 (2681856/2169856), Serial2/0
via FE80::A8BB:CCFF:FE00:1601 (2707456/2681856), Ethernet1/0
FE80::FF:FEEA:4042 via FE80::A8BB:CCFF:FE00:1601 (3193856/2681856), Serial2/0


CSCdk23784
Third Party Next-hop
 A, B and C share the same af-interface Ethernet0/0
no next-hop-self
broadcast segment exit-af-interface
A redistributes RIP into EIGRP
B isn’t running RIP A
C isn’t running EIGRP .3
EIGRP RIP
 For redistributed RIP routes B normally
shows A as next hop despite a direct
connection to C .2 .1

B C
 A now sends updates to B with C as the
next-hop
10.1.1.0/24
....
P 10.1.1.0/24, 1 successors
via 10.1.2.1

CSCdw22585
Route-map Support Overview
 EIGRP has supported route-maps for years, but in a very limited fashion.
 They could only be used during redistribution out of the routing table from
another protocol, which made them fairly useless.
 Enhanced support of route maps allows EIGRP to use a route map to
prefer one path over another
 As shown above, route-maps can now be applied on the distribute-list in
statement, so the filters can be applied even before the prefix hits the
topology table
route-map setmetric permit 10
match interface serial 0/0
set metric 1000 1 255 1 1500
route-map setmetric permit 20
match interface serial 0/1
set metric 2000 1 255 1 1500
....
router eigrp nw010-rmaps
topology base
distribute-list route-map setmetric in

CSCdw22585
Route-map Supported Commands

match ip address Matches routes from prefix list or access
list

match ip route-source Matches routes based on source address,
or neighbor list, of peer which sent the
route
match ip route-source redistribution- Matches external routes based on
source originating-router router-id

match interface Matches routes based on the interface
used for next-hop

match tag Matches internal and external routes based
on tag

match ip next-hop Matches routes based on next-hop field


CSCdw22585
Route-map Supported Commands (continued)

match metric [+-] Matches routes based on metric, with
deviation (+-)

match metric external [+-] Matches routes based on external protocol
metric

match source-protocol Matches external routes based on external
protocol and AS

set metric Sets metric components

set tag Sets the tag on internal or external routes.
Internal is limited to 8 bits


Simple Network Management Protocol (SNMP)

EIGRP supports 68 MIB objects in 4 major tables
eigrpRouteSIA and eigrpAuthFailure can trigger SNMP traps

 EIGRP Traffic Statistics  EIGRP Interface Data
AS Number Peer Count
Number of Hellos, Updates, Reliable/Unreliable Queues
Queries, and Replies Sent/Received Pending Routes
Hello Interval
 EIGRP Topology Data
Destination Net/Mask  EIGRP Peer Data
Active State, Feasible Successors Peer Address, Interface
Origin Type, Distance Hold Time, Up Time
Reported Distance SRTT/RTO
Version

 Additional CCO information
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
http://www.cisco.com/go/mibs
ftp://ftp.cisco.com/pub/mibs/oid/


EIGRP Routing Enhancements CSCek40468

Mobile Ad-hoc Network (MANET)
 Support for Mobile Ad-hoc Network deployments
 The fundamental requirement for MANET applications is effective
integration of routing and radio technologies
 RFC4938(bis) is support by EIGRP
 Effective routing requires immediate recognition of topology changes, the
ability to respond to radio link quality fluctuations, and a means by which
routers can receive and act upon feedback from a radio network
 New Virtual Multipoint Interface (VMI) and L2L3 API connects Layer 2 RF
network with layer 3

Mobile EIGRP Mobile Radio Mobile Radio Mobile EIGRP
Router Router

PPPoE RF PPPoE

PPP Sessions


EIGRP Routing Enhancements CSCek40468

Mobile Ad-hoc Network (MANET)

 The VMI interface maps multiple PPPoE sessions into a broadcast-
capable multi-access interface
 The quality of a neighbor will vary based on raw radio link characteristics
collected dynamically.
 The radio metrics are used to compute the composite EIGRP metric which
is used to determines best paths
 To avoid churn from frequent changes, a dampening mechanism is
implemented

router eigrp nw010-manet
address-family ipv4 autonomous-system 4453
af-interface vmi1
dampening-interval <seconds>
dampening-change <percent>
address-family ipv6 autonomous-system 6473
af-interface vmi1
dampening-interval <seconds>
dampening-change <percent>

* Will work on all interface types


Performance Routing (PfR)

 Cisco® IOS® Performance Routing (PfR) supports Route control
using EIGRP
 Currently PfR supports BGP, static routes and PBR only for route
control
 Monitors traffic performance for prefixes passively with NetFlow
and/or actively using IP SLA probes
 Chooses best performing path to a given destination
Delay, MOS
Load Balancing
For prefix, traffic-class and application
 Additional CCO information
http://www.cisco.com/go/pfr


IPv6 Support Primer
 Overview
 Router Configuration
 Topology Database
 Summarization
 Event logs and Debug review

EIGRP IPv6
Overview

 A new Protocol Dependent Module (PDM) to route IPv6
 A familiar Look and Feel means incumbent EIGRP operational expertise
can be leveraged
 Add new TLV’s (Type, Length, Value) in EIGRP packets to carry IPv6
prefixes
Internal routes TLV (Type 0x0401)
External routes TLV (Type 0x0402)

 Uses proven Reliable Transport Protocol (RTP) for reliable delivery of
packets

 DUAL performs route computations for IPv6 without modifications


EIGRP IPv6
Addressing Basics
 An IPv6 address is an extended 128-bit / 16 bytes address that
gives
2128 possible addresses (3.4 x 1038)
 IPv6 addresses
64 bits for the subnet ID, 64 bits for the interface ID
Separated into 8 * 16-bit Hexadecimal numbers
Each block is separated by a colon :
:: can replaced leading, trailing or consecutive zeros
:: can only appear once
 EIGRP IPv6 Multicast transport
FF02:0:0:0:0:0:0:A or abbreviated to FF02::A

Examples:
2003:0000:130F:0000:0000:087C:876B:140B
2003:0:130F::87C:876B:140B


EIGRP IPv6
IPv6 Link-Local Address
 A IPv6 Link-local address is used by EIGRP to source Hello
packets and establish an adjacency
 IPv6 Link-local address is never routed
 IPv6 packet forwarding and must be configured first under global
configuration
 They are auto assigned when you enable the interface
ipv6 unicast
interface Ethernet1/0
ipv6 enable

 You can configure this manually on an interface
 An IPv6 link-local is prefixed by fe80 and has a prefix length of /10

ipv6 address ?
X:X:X:X::X IPv6 link-local address
X:X:X:X::X/<0-128> IPv6 prefix
……


EIGRP IPv6
Router Configuration

classic router configuration eigrp named mode configuration
int Ethernet 0/0 router eigrp nw010-v6
ipv6 eigrp 6473 address-family ipv6 auto 6476
! af-interface default
router eigrp 6473 no shutdown
no shutdown

 Router-ID is require and selected
¨ç from highest loopback IPv4 address
¨è from first IPv4 address found on any physical interface.

 If no IPv4 address is available, a 32-bit router-id can be configured
manually using the router-id command
router eigrp nw010-v6
router-id 1.1.1.1


EIGRP IPv6
Topology Table

 The Topology show commands are congruent with IPv4

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r
- reply Status, s - sia Status

P 2040:3333::31:113:0/112 , 1 successors, FD is 281600
P 2040:3333::31:114:0/112, 1 successors, FD is 281600

 The next-hop is the Neighbors 128-bit link-local


EIGRP IPv6
Topology Table

 The information source and next-hop 128-bit address
show eigrp address-family ipv6 topology 2040:3333::31:113:0/112
EIGRP-IPv6 VR(nw010) Topology entry for AS(6473)/ID(1.1.1.1) for 2040:3333::31:113:0/112
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 281600
Routing Descriptor Blocks:
FE80::A8BB:CCFF:FE00:200 (Ethernet0/0), from FE80::A8BB:CCFF:FE00:200, Send flag is 0x0
Composite metric is (281600/256), Route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1000 microseconds
Reliability is 0/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 2.2.2.2
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)


EIGRP IPv6
Route Summarization

Summaries
 Auto-summary is not configurable in EIGRP IPv6 because IPv6 is
essentially classless
 Manual summarization is supported, as it is with EIGRP IPv4, and can
therefore be configured at any point in the network

classic router configuration eigrp named configuration
interface Ethernet0/0 router eigrp nw010-ipv6
ipv6 summary-address eigrp 6473 ? address-family ipv6 auto 6473
X:X:X:X::X/<0-128> IPv6 prefix af-interface Ethernet0/0
summary-address ?
X:X:X:X::X/<0-128> IPv6 prefix


EIGRP IPv6
Event logs and Debugs Supported

EIGRP IPv6 information in existing debugs
debug eigrp ?
fsm EIGRP Dual Finite State Machine events/actions
neighbors EIGRP neighbors
nsf EIGRP Non-Stop Forwarding events/actions
packets EIGRP packets
transmit EIGRP transmission events

debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)

00:52:47: EIGRP: Received HELLO on Ethernet1/0 nbr FE80::A8BB:CCFF:FE00:401
00:52:47: AS 6473, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ
un/rely 0/0


EIGRP IPv6
Event logs and Debugs Supported

 EIGRP IPv6 Event Log
show eigrp address-family ipv6 event
1 06:27:52.115 Change queue emptied, entries: 1
2 06:27:52.115 Metric set: 2040:3333::31:113:0/112 281600
3 06:27:52.115 Update reason, delay: new if 4294967295
4 06:27:52.115 Update sent, RD: 2040:3333::31:113:0/112 4294967295
5 06:27:52.115 Update reason, delay: metric chg 4294967295
6 06:27:52.115 Update sent, RD: 2040:3333::31:113:0/112 4294967295

EIGRP IPv6 Specific Debugging
debug eigrp address-family ipv6 ?
<1-6473> Autonomous System
neighbor EIGRP neighbor debugging
notifications EIGRP event notifications
summary EIGRP summary route processing
<cr>


EIGRP IPv6
Review
Provides feature parity with most IPv4 Features (stubs, scaling,
summarization, etc)
Implementation EIGRP IPv6 uses the same Reliable Multicast Transport protocol used by
IPv4
IPv6 Link-local address are used to establish an adjacency
32 bit Router ID must be explicitly configured if no IPv4 address is available
Hellos are sourced from the link-local address and destined
to FF02::A (all EIGRP routers);
Neighbors are not required to share the same global prefix (with the
exception of explicitly specified neighbors where traffic is sent unicast)
Important
Automatic summarization disabled by default for EIGRP IPv6, and is not
Differences even configurable for EIGRP IPv6
“no split-horizon” is the default configuration for EIGRP IPv6 (IPv6 supports
multiple prefixes per interface)
EIGRP IPv6 does not support the “default-information” command as there is
no support in IPv6 for the configuration of default networks other than ::/0
“ipv6 unicast” must be configured under global mode to enable ipv6 routing
Note “ipv6 enable” must be configured under all interfaces which will be enabled
for ipv6


Recommended Reading

ASIN: 1578701651 ISBN: 0201657732


Other References

 Continue your Cisco Live
learning experience with further
reading from Cisco Press
 Check the Recommended
Reading flyer for suggested
books

Available Onsite at the Cisco Company Store

Meet the Engineer

To make the most of your time at Networkers at Cisco
Live 2010, schedule a Face-to-Face Meeting with a top
Cisco Engineer.

Designed to provide a "big picture" perspective as well as
"in-depth" technology discussions, these face-to-face
meetings will provide fascinating dialogue and a wealth of
valuable insights and ideas.

Visit the Meeting Centre reception desk located in the
Meeting Center in World of Solutions


Complete Your Online
Session Evaluation

 Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
 Receive 20 Cisco Preferred
Access points for each session
evaluation you complete.
 Complete your session
evaluation online now (open a
browser through our wireless
network to access our portal)
or visit one of the Internet Don’t forget to activate your
stations throughout the Cisco Live and Networkers Virtual
Convention Center. account for access to all session
materials, communities, and on-demand
and live activities throughout the year.
Activate your account at any internet
station or visit www.ciscolivevirtual.com.


Enter to Win a 12-Book Library
of Your Choice from Cisco Press

Visit the Cisco Store in the
World of Solutions, where
you will be asked to enter
this Session ID code

Check the Recommended Reading brochure for
suggested products available at the Cisco Store


Eigrp

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Eigrp

Ähnlich wie Eigrp (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Eigrp