EIGRP

Enhanced Interior Routing Protocol (EIGRP)
Why EIGRP? Some advances in Routing
BRKRST-3372
Housekeeping
 We value your feedback – don’t forget to complete

your online session evaluations after each session
& complete the Overall Conference Evaluation
which will be available online from Thursday
 Visit the World of Solutions
 Please remember this is a ‘non-smoking’ venue!
 Please switch off your mobile phones
 Please make use of the recycling bins provided
 Please remember to wear your badge at all times
BRKRST-3372 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Prerequisites
This Session Assumes Basic Knowledge of:

 EIGRP Operation and Network Design
 IPv4 Routing Principals
 IPv6 Routing Principals
 Routing Protocols
Introduction
 Feature Overview
 Unified Configuration
 Scaling Enhancements
 Security Enhancements
 Routing Enhancements
 IPv6 Support Primer
Introduction
EIGRP Features over the years
Peer Scaling
1993 exceeds 600 2000 2003
EIGRP 1998 PE/CE Route-Maps
Introduced SIA Rewrite Support 3-Way Handshake
1994 1999 2001

Transport Hub and Neighbor
Rewrite Spoke Reliability
NSF/SSO
2010
2006 IPv6 VRF
2004 DMVPN 2008 HMAC SHA2
3rd Party Next- SRP Code Harding Authentication
hop OER Unified CLI Peer Groups
SNMP Manet Stub Leaking Remote
BFD Support Plugin Support Summary Peers
Leaking
2005 2007 2009

Pix Firewall Cross Licensing Summary
MTR Service Family Metric
IPv6 Support vNet Support
BFD
Prefix Limits DMVPN Peer DMVPN Peer
Site of Origin Scaling exceeds Scaling Expected
1000 to exceed 3000
Introduction
Determining if a feature is available
“show eigrp plugins” provided detailed information on the capabilities of
eigrp running:
version of eigrp
patch level for the version
features available in your image
Router>#show eigrp plugins detail
EIGRP feature plugins:::
eigrp-release : 6.00.00 : Portable EIGRP Release
: 4.01.05 : Source Component Release(dev6)
parser : 2.02.00 : EIGRP Parser Support
igrp2 : 3.00.00 : Reliable Transport/Dual Database
bfd : 1.01.00 : BFD Platform Support
mtr : 1.00.01 : Multi-Topology Routing(MTR)
eigrp-pfr : 1.00.01 : Performance Routing Support
PfR Initialized
Debug off
Detail Debug off
vNets : 1.00.00 : vNets Platform Support
IPv4 vNets Enabled
IPv6 vNets Disabled
ipv4-af : 2.01.01 : Routing Protocol Support
ipv4-sf : 1.01.00 : Service Distribution Support
ipx-af : 2.00.01 : Routing Protocol Support
ipv6-af : 2.01.01 : Routing Protocol Support
ipv6-sf : 1.01.00 : Service Distribution Support
snmp-agent : 1.01.01 : SNMP/SNMPv2 Agent Support
Unified Configuration
 Named Mode Configuration

What problem are we solving?
Exec Commands
Configuration Commands
Introduction
Unified Configuration – Problems
 EIGRP is more than just routing!!
EIGRP supports 2 major distribution types
IPX
3 Protocol Stacks route distribution
 Commands are scattered IPv4
IPv6
 Commands were similar but different
service distribution
 Scope is sometimes unclear
EIGRP IPv4 EIGRP IPv6

interface gigabitethernet0/0 ipv6 unicast-routing
ip bandwidth-percent eigrp 1 75 !
no shut interface gigabitethernet0/0
! ipv6 enable
router eigrp 1 ipv6 eigrp 1
network 0.0.0.0 0.0.0.0 ipv6 bandwidth-percent eigrp 1 75
address-family ipv4 vrf BLUE no shut
!
ipv6 router eigrp 1
eigrp router-id 10.1.1.1
no shut
Introduction
Unified Configuration Solution – Named Mode
 To solve these issues, we created a new configuration mode:

Clearly define the effect of the command, or the expected outcome
Allows you to enter information needed for a given mode (avoid missing AS
configuration errors)
Provides ONE place to configure all of eigrp
Provides ONE common way to define a feature
Enter it the same way! Reduce the time needed to learn a new protocol
 And a new set of exec commands :

Exec command should mirror the corresponding configuration commands
Enter it the same way! Reduce the time needed to learn a new protocol
 Supports all current and future feature development in an extensible

way
 Above all – allow you to keep the existing Config/Exec Mode in case
you prefer the classic configuration mode
Introduction
EIGRP Named Mode – Creating an Instance
 Classic mode:
Configuring “router eigrp” command with a number.
 Named mode:
Configuring “router eigrp” command with the virtual-instance-name
Named mode supports both IPv4 and IPv6, and VRF (virtual routing and
forwarding) instances
Named mode allows you to create a single Instance of EIGRP which can
be used for all family type
Named mode supports multiple VRFs limited only by available system
resources
Named mode does not enable IPV4 routing
router eigrp [virtual-instance-name | asystem]

[no] shutdown
.
.
.
Introduction
EIGRP Named Mode – Family sub-mode
 Defines what you’re routing/distributing
 “common look and feel”
 Provide support for both routing (address-family) and
services (service-family)
 Can be configured for VRFs
 Single place for all commands needed to completely define
an instance.
“show run | section router eigrp”
 Assure subcommands are clear as to their scope
 Static neighbors, peer-groups, stub, etc, ..
 neighbor, neighbor remote, etc
router eigrp [virtual-instance-name]
address-family <protocol> [vrf <name>] autonomous-system <#>
…
exit-address-family
service-family <protocol> [vrf <name>] autonomous-system <#>
…
exit-service-family
Introduction
EIGRP Named Mode – Interface sub-mode
 EIGRP specific interface properties are configuration in the af-
interface mode. for example;
authentication, timers, and bandwidth control
 “af-interface default” applies to all interfaces

Not all commands are supported
 “af-interface <interface>” applies to one interface

Only “eigrp” specific commands are available
Interface delay and bandwidth are configured under the interface
address-family <protocol> autonomous-system <#>
af-interface default
…
exit-af-interface
af-interface <interface>
…
exit-af-interface
exit-address-family
Introduction
EIGRP Named Mode – Interface Inheritance
 Command inheritance following the following rules;
① af-interface specific
Explicit User configuration overrides “af-interface default”
② af-interface default
Explicit User defaults configuration overrides factory settings
③ factory
 Consider the example; where do the settings come from?
router eigrp nw010

address-family ipv6 vrf blue auto 2 Ethernet 0
af-interface default hello-interval
hello-interval 10
exit-af-interface hold-time
af-interface Ethernet0 split-horizon factory setting!
hello-interval 5
hold-time 10
exit-af-interface Ethernet 1
af-interface Ethernet1 hello-interval
hold-time 30
no split-horizon
hold-time
exit-af-interface split-horizon
exit-address-family
Introduction
EIGRP Named Mode – Topology sub-mode
 Support for multi topology routing (MTR)

 Topology specific configuration such as;
 default-metric
 event-log-size
 external-client
 metric config
 timers config Applies to global, or default,
 redistribution
Routing Table

address-family <protocol> autonomous-system <#>
topology base
…
exit-topology
exit-address-family
Introduction
EIGRP Named Mode – EXEC Commands
{show | clear | debug} eigrp What action are you performing?

[service | address]-family {ipv4 | ipv6} Protocol family?
[vrf {<vrf-name> | *}] Does it apply to specific VRF?
[<asystem>] [additional parameters] One specific AS?
Example:
show eigrp address-family ipv4 topology
show eigrp service-family ipv4 topology
Introduction
EIGRP Classic Mode - Changes
 Behavior of autonomous-system command under VRFs has

changed to address common configurations errors.
1 The AS Can be entered on the address-family or standalone or both
2 The AS must be defined for the address-family to "start" processing
3 The AS will nvgen wherever it is entered, if configured both ways it nvgens both ways
4 The standalone keyword can be removed if the AS is defined on the address-family
command
5 Once configured on address-family the AS can only be removed by removing the address-
family
router eigrp 1
address-family ipv4 vrf RED
autonomous-system 99
network 10.0.0.0
router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
network 10.0.0.0
router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
autonomous-system 99
network 10.0.0.0
Introduction
EIGRP Classic Mode - Changes
 The auto-summary command is a relic from the days of classful

routing. It was enabled by default in pre-release 5 images.
The auto-summarization feature is no longer widely used and 'no auto-
summary' has since become the prevailing configuration.
CSCso20666 changed auto-summary behavior to disabled by default.
Because 'no auto-summary' is the factory default setting it will not nvgen --
auto-summary will now only nvgen if it is explicitly enabled.
default nvgen behavior IOS Version (eigrp version)
auto-summary 'auto-summary' : does not nvgen 12.2SR(rel2), 12.2SX(rel3),

'no auto-summary' : nvgens 12.2SG(rel4)
auto-summary 'auto-summary' : nvgens 12.2S(rel1), 12.4T(rel1),
'no auto-summary' : nvgens 12.2SB(rel1)
no auto-summary 'auto-summary' : nvgens 15.0(rel5), 15.0T(rel5),
'no auto-summary' : does not nvgen 12SRE(rel5), 122XNE(rel5)
122XNF(rel5_1),
122(55)SG(rel5_2)
Introduction
EIGRP Classic vrs Named Mode Comparisons
classic router configuration eigrp named mode configuration
interface Eithernet0/0 interface Eithernet0/0
ip address 1.1.1.1 ip address 1.1.1.1
ip hello eigrp 1 30 ipv6 enable
ipv6 enable
ipv6 enable eigrp 1 !
ipv6 bandwidth-percent eigrp 1 40 !
router eigrp nw010
router eigrp 1 address-family ipv4 autonomous-system 1
network 10.0.0.0 255.0.0.0
network 10.0.0.0 255.0.0.0 af-interface Ethernet0/0
hello 30
exit-af-interface
!
address-family ipv4 vrf savage address-family ipv4 vrf savage autonomous-system 4453
autonomous-system 4453 network 192.168.0.0
network 192.168.0.0 !
!
ipv6 router eigrp 1 address-family ipv6 autonomous-system 1
no shutdown af-interface Ethernet0/0
no shutdown
bandwidth-percent 40
exit-af-interface
!
*no support for ipv6 address-family ipv6 autonomous-system 6473
vrf in classic af-interface default
no shutdown
exit-af-interface
Introduction
EIGRP Named Mode – For more information
 12.4T
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/
12_4t/ire_12_4t_book.html
 12.2SR
http://www.ciscosystems.com/en/US/docs/ios/iproute_eigrp/configuratio
n/guide/12_2sr/ire_12_2sr_book.html
 15.0
http://www.cisco.com/en/US/docs/ios/iproute_eigrp/configuration/guide/
ire_cfg_eigrp_ps10591_TSD_Products_Configuration_Guide_Chapter.
html
 More on Service Family Configuration

http://cisco.biz/en/US/docs/ios/saf/command/reference/saf_book.html
Scaling Enhancements
 Improving Convergence
 EIGRP Stub Enhancements
 Stub overview
 Stub Leaking
 Summary Enhancements
 Summary Leaking
 Summary Metric
Improving Convergence
EIGRP – Faster than you think
IPv4 IGP Convergence Data
 IS-IS with default timers Routes
7000
Milliseconds
 OSPF with default timers
6000
 EIGRP without feasible
successors 5000
 OSPF with tuned timers 4000
 IS-IS with tuned timers 3000
 EIGRP with feasible 2000

successors
Route 1000
Generator
A
0
5000
4000
1000
2000
3000
B C
Terms
 Failure detection
How quickly a device on the network can detect and
react to a failure
 Information propagation
How quickly the failure in the previous stage is
communicated to other devices
 Repair
How quickly a devices notified of a failure can
calculate an alternate path
 Improvements any of these stages provides an improvement in overall

convergence
Failure Detection
 EIGRP Hello timers can be tuned to a minimum of 1 second. This is not

configurable to sub-second
router eigrp nw010-hello
address-family ipv6 auto 6473
hello-interval ?
<1-65535> Seconds between hello transmissions
 There are reasons for not recommending this and also for us not offering
such low values; for example, depending on the number of interfaces, 1
sec rates can become CPU intensive and lead to spikes in
processing/memory requirements
Failure Detection - BFD
Bidirectional Forwarding Detection (BFD)

 BFD exhibits lower overhead than aggressive
hellos
 BFD is a heartbeat at Layer 2.5
 BFD can provide sub-second failure detection
http://www.ietf.org/internet-drafts/draft-ietf-bfd-generic-02.txt
http://www.ietf.org/internet-drafts/draft-ietf-bfd-base-05.txt
 BFD works on most media

 For SONET/SDH alarm detection, BFD can provide
close to the same reaction time
BFD
B D
 BFD working together with EIGRP as the upper layer protocol

 BFD relies on EIGRP to tell it about Neighbors
 Notifies EIGRP quickly about changes in Layer 2 state
router eigrp nw010-bfd

bfd ! Enable BFD on all interfaces
af-interface Ethernet1/0
bfd ! Enable BFD on specific interface
BFD
B D
B#show bfd neighbors

OurAddr NeighAddr LD/RD RH Holdown(mult) State Int
14.1.1.1 14.1.1.2 5/1 1 252 (3 ) Up E1/0
B#
Verbose output
B#show bfd neighbor detail | begin Registered
Registered protocols: EIGRP
Uptime: 00:06:33
B#show eigrp address-family ipv4 interface detail e1/0
EIGRP-IPv4 VR(nw010) Address-Family Interfaces for AS(4453)
BFD is enabled
Information propagation - Hierarchy
 The depth of the Core

hierarchy doesn’t alter the
way EIGRP is deployed;
there are no “hard edges” Distribution
Summarization
 Summarize at every
boundary where possible
Access
 Divide complexity with
summarization points
Information propagation – Summary Basics
 192.168.1.0/24,
192.168.2.0/24, and 192.168.0.0/22
192.168.3.0/24 can 1 Network
be advertised as 1024 Addresses
192.168.0.0/22
3 Networks
 Rather than three networks, 255 Addresses Each
each with 255 addresses
(253 hosts), A advertises
a single network,
with 1024 addresses
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
253 Hosts
Information propagation – Summary Basics
 Summarization is an information-hiding technique used to minimize

the number of prefixes advertised while still maintaining full
reachability.
 Summarization will be most effective if the network
is designed in a hierarchical way so that multiple prefixes can be
represented at some point in the network by a single, less specific
prefix.
 One typical place of summarization is from distribution routers toward
remotes that only need to know a default route
(or at least some subset of total routes) in order to reach the
remainder of the network.
 When summarization is used in EIGRP networks, scalability is
greatly enhanced both because of the fewer number of prefixes
known throughout the network as well as the decreased query scope
that summarization brings.
Information propagation – excessive redundancy
 What is excessive redundancy? Isn’t redundancy

a good thing, not something I should have?
1.1.1.0/24
 No. excessive redundancy is alternative paths
that exist in the network that provide little if any
real benefit of improved reliability, and are often
unplanned and unexpected. A
 In this example, the four Ethernets on the left are

there to provide users with access to the network.
 There are two routers connected to each VLAN in
order to provide redundancy (probably via HSRP)
so that the users will have failover capability
if there is a problem.
 Unfortunately, the designer may have created a
network topology a little different than what he
intended
RtrA#show ip route | begin 1.1.1.0

RtrA#show eigrp address-family ipv4 topo all | begin 1.1.1.0
C 1.1.1.0 is directly connected, Loopback1
P 1.1.1.0/24, 1 successors, FD is 128256, serno 2673915
….snip…. 1.1.1.0/24
via Connected, Loopback1
via 10.0.19.2 (9690112/9173248), FastEthernet6/0.19
via 10.0.13.2 (9688576/9173248), FastEthernet6/0.13 A
via 10.0.42.2
RtrA#show ip eigrp(9696000/9173248),
topo | begin 1.1.1.0 FastEthernet6/0.42
via 10.0.16.2
P 1.1.1.0/24, (9689344/9173248),
1 successors, FD is 128256FastEthernet6/0.16
via Connected, Loopback1
P 10.0.11.0/24, 1 successors,
via 10.0.21.2 FD is 9048064
(9690624/9173248), FastEthernet6/0.21
….snip….
via 10.0.41.2 (9695744/9173248), FastEthernet6/0.41 Wow, Where Did All
….snip…. of These Alternative Paths
Come from! For
a Connected Route!
 Each user segments will be Passive-
treated as a possible alternative Interfaces 1.1.1.0/24
path!
 Generally network designers C
generally do not have these user O
segments as transit paths R
E
 Each user segments is in the
query path, so we’re causing
EIGRP to do a lot of work by
including these extra links. Users
 Extra work means shower router eigrp nw010
convergence. address-family ipv4 auto 4453
passive-interface fastethernet6/0.1
 A simple solution is provided with passive-interface fastethernet6/0.2
Or
the use of the “passive-interface” address-family ipv4 auto 6473
command. passive-interface default
no passive-interface fastethernet0/0
Information dissemination – Packet Improvements
 Startup times improved from minutes to A B

seconds in duration
 Hello packet suppression
Updates
 Better packet utilization allowed us to Hello
see better utilization of bandwidth
 Fewer Updates means fewer ACKs, Hello
noticeably reducing the over all packets
being sent
 Fewer packets means less congestion,
and in turn reduced packet loss and
retransmissions
 Results… significant increase in both
peer counts, as well as convergence
time…. so how did we do it…
Information dissemination – Packet Improvements
 Minimum RTO was decreased to 100ms. For a well functioning network, an
occasional dropped packet will allow EIGRP to converge faster. If the network is
not well behaved, it only adds one additional Retry to max out the RTO (5
seconds).
 EIGRP no longer sends a poison update in response to newly learned route
 EIGRP no longer sends “startup” updates twice.
 EIGRP no longer sends a poison update if part of a distribute-list

 EIGRP multicast updates now delays the next Hello. This helps with DMVPN
 EIGRP now handles the ACK cleanup immediately (as opposed to 1 per pacing
timer) when it suppress a multicast update,
 EIGRP was not taking into account routes that would never be sent out a
particular interface, making the packets utilization smaller than possible.
 EIGRP should not send hello's on Loopbacks - Small convenience in debugs and
slight increase in EIGRP performance.
 EIGRP “probes” which were never used in the field, were removed.
Repair - Feasible Successor
 EIGRP is the fastest converging of all IGP protocols using this

technique
 EIGRP provides nearly instantaneous convergence through
these pre-computed backup routes
 This prevents us going Active for a destination, thereby
avoiding the overhead of the Query process
 The Feasibility Distance is the sum of the Reported Distance
from a neighbor plus the cost of the link to that neighbor.
 A feasible Successor is found when when a neighbor’s
Reported Distance to the destination is lower than the
Feasible Distance
Repair - Feasible Successor
 show eigrp ipv4 topology

displays a list of successors B
and feasible successors
10.200.1.0
for all destinations .1 .2 .1 .2
56k 128k
known by EIGRP A C E
 Remember, don’t want to

many!!
RtrA#show eigrp address-family ipv4 topology D

EIGRP-IPv4 VR(nw010) Topology Table for AS(1)/ID(10.1.6.1)
..snip…..
P 10.200.1.0/24, 1 successors, FD is 21026560 Feasible Distance
via 10.1.1.2 (21026560/20514560), Serial1/0 Successor
via 10.1.2.2 (46740736/20514560), Serial1/1 Feasible Successor
Computed Reported
Distance Distance
Review
 For paths with feasible successors, convergence time is in the

milliseconds
The existence of feasible successors is dependant on the
network design
Right size it!!
 For paths without feasible successors, convergence time is

dependant on the number of routers that have to handle and
reply to the query
Queries are blocked one hop beyond aggregation and route filters
Query range is dependant on network design
 Good design is the key to fast convergence and scalability in

an EIGRP network
 Stub overview
 Stub Leaking
 Summary Leaking
 Summary Metric
EIGRP Stub
Operations
 Assume these spokes are remotes

sites and for resiliency they have two
10.1.1.0/24
connections.
A B
 If A loses its connection to 10.1.1.0/24,
it builds and transmits five queries: one
to each remote, and one to B
 A should never use the spokes to
transit traffic between A and B, so
there’s no reason to learn about, or
query for, routes through these spokes
 However, each of the remote sites will
send a query to B as part of going
active. This will result in B processing
and replying to five additional queries!
 Image if there we 1000 peers!! Don’t Use
These Paths
EIGRP Stub
Operations
 Marking the spokes as stubs

allows them to signal A and B that
10.1.1.0/24
they are not valid transit paths
A B
 When the link to 10.1.1.0/24 is lost,
A will not query the remotes, which
in turn will not query B, reducing
the total number of queries in this
example to 1!
 B will only have one path
to 10.1.1.0/24
S(config)#router eigrp nw-1-spoke
S(config-router)#address-family ipv6 auto 6473
S(config-router)#eigrp stub connected
CSCec80943
EIGRP Stub Leak
Leaking routes
In a single remote site with two routers

we want to mark the entire site as a
Stub A B
 C and D are Stub 0.0.0.0/0 0.0.0.0/0

 A and B advertise only a default to
C and D
D
C
 Because C and D are Stub they do
Remote Site
not talk to each other and there are
no advertisements 10.1.1.0/24
EIGRP Stub Leak
Leaking routes
 Network 10.1.1.0/24 cannot be

reached from A
D isn’t advertising 10.1.1.0/24 to C, since D A B
is a Stub
 D can’t reach A, or anything behind A
C is not advertising the default route to D,
since C is a Stub
D
C
Remote Site
 The link from B to D fails 10.1.1.0/24
EIGRP Stub Leak
Configuration Example
 We want that C and D advertises a subset of
their learned routes, even though they are both
Stub
 Stub leaking is the solution A B
router eigrp nw010-leaky-stub

network 10.0.0.0
eigrp stub leak-map LeakList
!
route-map LeakList permit 10
match ip address 1
match interface e0/0 D
! C
match ip address 2
match interface e1/0 Remote site 10.1.1.0/24
!
access-list 1 permit 10.1.1.0
EIGRP Stub Leak
Route Leaking
 The link from B to D fails A B
 D is advertising 10.1.1.0/24 to C, and

from C to A, so 10.1.1.0/24 is still
reachable
 C is leaking the default route to D, so
D can still reach the rest of the
network through D
D
 A and B will still not query towards C
the remote site as C and D are stubs Remote Site
10.1.1.0/24
Leak 10.1.1.0/24 and 0.0.0.0/0
 Stub overview
 Stub Leaking
 Summary Leaking
 Summary Metric
CSCed01736
EIGRP Summary Leak
Overview
 Good design implies C should receive as
few routes as possible
 We still optimally route to 10.1.1.0/24 and 10.1.0.0/16
10.1.2.0/24
 We could use a combination of static

routes and route filters to advertise both 10.1.1.0/24 10.1.2.0/24
10.1.0.0/16 and the more specific to C A B
 However, this is difficult for customers to
maintain
 You can also use a pair of summaries to
10.1.0.0/16
10.1.0.0/16
“float” the 10.1.1.0/24 and 10.1.2.0/24
summaries, but this could remove the
dynamic nature of the longer prefix
optimal route advertisements.
C
EIGRP Summary Leak
Overview 10.1.0.0/16
 The simplest way to handle this is

to configure a leak list on the 10.1.1.0/24 10.1.2.0/24
summary route
A B
10.1.0.0/16
10.1.0.0/16
match ip address 1
!
!
router eigrp nw010-leaky-stub C
network 10.0.0.0
af-interface Serial0/0
summary-address 10.1.0.0 255.255.0.0 leak-map LeakList
CSCed01736
EIGRP Summary Metric
Summary Metric Calculation Review
 When Components Changes, EIGRP must recalculate the

summary metric.
 If the best component changes, the summary needs to be re-
advertised to all of it’s peers. While it hides the changes for
each component prefix, it still causes updates and processing
to occur.
 The updates can result in downstream routers going active if
the change in the metric is large enough.
 Even if the best component isn’t the one that changed, EIGRP
internally has to cruise every topology table to make sure the
summary isn’t affected.
 With large numbers of components or large numbers of
summary, this can be significant processing.
Using a loopback as a partial solution
A
 One way to eliminate the updates is to create
a loopback which has the best metric of any
component of the summary.
 The loopback will remain up unless 10.1.0.0/23
administratively shut down, the metric of the Cost 10
summary will not change. B
 This does not eliminate the CPU processing

for summaries
10.1.0.0/24
Cost 20
10.1.1.0/24
Cost 20
 In release five EIGRP code, the summary
metric can be configured coded, thus avoiding
the metric churn and processing
loopback 0
ip address 10.1.1.1 255.255.255.255
delay 1
Solution – use the summary-metric command
 A better solution is to use the summary-metric
A
command which established a constant metric
value thereby:
It eliminate the updates
It eliminate re-computing the summary metric when
components change
It allows the summary to be withdrawn when all 10.1.0.0/23
comments are lost
 Supported by IPv4 and IPv6 B
 Only available only in named mode
router eigrp nw010-summ-metric
10.1.0.0/24
Cost 20
10.1.1.0/24
Cost 20
network 10.0.0.0
summary-address 10.1.0.0/23
exit-af-interface
topology base
summary-metric 10.1.0.0/23 100000 255 1 1500
Security Enhancements
 MD5
 HMAC SHA-256
 ASA Firewall
EIGRP Security Enhancements
MD5 Authentication
 The addition of authentication to EIGRP A

packets ensures that your routers only
accept routing updates from other routers
that know the same pre-shared key.
 This prevents someone from purposely or
accidentally adding another router to the
network and causing a problem.
key chain NW010-CHAIN

key 1
key-string securetraffic B C
!
router eigrp nw010-md5
authentication mode md5
authentication key-chain NW010-CHAIN
exit-af-interface
CSCsj57286
HMAC SHA2 256bit Authentication
 MD5 has been has been cracked and a number of tools exist
on various sites to crack MD5 hash
 With new peering options in development will allow for multi-
hop remote peers, a new method is needed
 SHA1 was considered, but SHA-1 is not collision free and can
be broken in 2^69 attempts instead of 2^80. While this It was
still a nontrivial problem, it could be done so we wanted to
consider ‘better’ options.
 SHA2 seems to be the best available and has not been shown
to be very secure. Block sizes of 512 vs. 256 did not show
much difference in security for the additional processing
requirements
CSCsj57286
HMAC SHA2 256bit Authentication
 EIGRP packets will be authenticated using HMAC-SHA-256

message authentication codes.
 The HMAC algorithm takes as inputs the data to authenticate
the EIGRP packet and a shared secret key that is known to
both the sender and the receiver, and outputs a 256-bit hash
that will be used for authentication.
 Shared secret key is a concatenation of the user-configured
shared secret key with the IPv4 (or IPv6) address from which
this particular packet is sent. This prevents Hello Packet DOS
replay attacks with a spoofed source address.
 Simpler configuration mode using a common ‘password’
 Keychain support when additional security is needed
 So how do we configure it….
CSCsj57286
HMAC SHA2 256bit configuration
 Configuration is similar to for MD5

 Simple configuration using only one password
authentication mode hmac-sha-256 eigrp-rocks
exit-af-interface
 Additional security can be added with key-chains

key 1
key-string securetraffic
!
authentication mode hmac-sha-256 eigrp-rocks
exit-af-interface
* Named mode only
CSCsj57286
HMAC SHA2 256bit configuration
 Interface inheritance can be used to simplify configuration:

key 1
key-string securetraffic
key chain NW010-LAB
key 2
key-string labtraffic
!
exit-af-interface
af-interface Ethernet0
authentication mode hmac-sha-256 ADMIN
exit-af-interface
authentication mode hmac-sha-256 CAMPAS
exit-af-interface
authentication mode hmac-sha-256 LAB
authentication key-chain NW010-LAB
exit-af-interface
ASA Firewall
 The Cisco® ASA® 5500 series offers EIGRP

support
 Common portable EIGRP core code with a
platform dependent OS-shim
 Supports EIGRP stub and other key features
 Newer platforms supported
Additional CCO information

http://www.cisco.com/go/asa
Routing Enhancements
 Third Party Next Hop
 Route-map Enhancements
 MPLS VPN PE/CE
 SNMP
 Manet RFC4938bis
 EIGRP OER Support
EIGRP Routing Enhancements
Third Party Next-hop
 Here the multipoint PVC between A, B

A
and C means B learns the IPv6 prefix
from both A and C FE80::FF:FEEA:4042

af-interface serial2/0 F-R
no next-hop-self
exit-af-interface
 Next-hop and the source of that

B C
information source are visible in the
topology table
P 2040:6666:5555:6666::/90, 1 successors, FD is 2681856
via FE80::FF:FEEA:4042 (2681856/2169856), Serial2/0
via FE80::A8BB:CCFF:FE00:1601 (2707456/2681856), Ethernet1/0
FE80::FF:FEEA:4042 via FE80::A8BB:CCFF:FE00:1601 (3193856/2681856), Serial2/0
CSCdk23784
Third Party Next-hop
 A, B and C share the same af-interface Ethernet0/0
no next-hop-self
broadcast segment exit-af-interface
A redistributes RIP into EIGRP
B isn’t running RIP A
C isn’t running EIGRP .3
EIGRP RIP
 For redistributed RIP routes B normally
shows A as next hop despite a direct
connection to C .2 .1
B C
 A now sends updates to B with C as the
next-hop
10.1.1.0/24
....
P 10.1.1.0/24, 1 successors
via 10.1.2.1
CSCdw22585
Route-map Support Overview
 EIGRP has supported route-maps for years, but in a very limited fashion.
 They could only be used during redistribution out of the routing table from
another protocol, which made them fairly useless.
 Enhanced support of route maps allows EIGRP to use a route map to
prefer one path over another
 As shown above, route-maps can now be applied on the distribute-list in
statement, so the filters can be applied even before the prefix hits the
topology table
route-map setmetric permit 10
match interface serial 0/0
set metric 1000 1 255 1 1500
route-map setmetric permit 20
match interface serial 0/1
set metric 2000 1 255 1 1500
....
router eigrp nw010-rmaps
topology base
distribute-list route-map setmetric in
CSCdw22585
Route-map Supported Commands
match ip address Matches routes from prefix list or access

list
match ip route-source Matches routes based on source address,

or neighbor list, of peer which sent the
route
match ip route-source redistribution- Matches external routes based on
source originating-router router-id
match interface Matches routes based on the interface

used for next-hop
match tag Matches internal and external routes based

on tag
match ip next-hop Matches routes based on next-hop field
CSCdw22585
Route-map Supported Commands (continued)
match metric [+-] Matches routes based on metric, with

deviation (+-)
match metric external [+-] Matches routes based on external protocol

metric
match source-protocol Matches external routes based on external

protocol and AS
set metric Sets metric components
set tag Sets the tag on internal or external routes.

Internal is limited to 8 bits
Simple Network Management Protocol (SNMP)
EIGRP supports 68 MIB objects in 4 major tables

eigrpRouteSIA and eigrpAuthFailure can trigger SNMP traps
 EIGRP Traffic Statistics  EIGRP Interface Data

AS Number Peer Count
Number of Hellos, Updates, Reliable/Unreliable Queues
Queries, and Replies Sent/Received Pending Routes
Hello Interval
 EIGRP Topology Data
Destination Net/Mask  EIGRP Peer Data
Active State, Feasible Successors Peer Address, Interface
Origin Type, Distance Hold Time, Up Time
Reported Distance SRTT/RTO
Version
 Additional CCO information

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
http://www.cisco.com/go/mibs
ftp://ftp.cisco.com/pub/mibs/oid/
EIGRP Routing Enhancements CSCek40468
Mobile Ad-hoc Network (MANET)

 Support for Mobile Ad-hoc Network deployments
 The fundamental requirement for MANET applications is effective
integration of routing and radio technologies
 RFC4938(bis) is support by EIGRP
 Effective routing requires immediate recognition of topology changes, the
ability to respond to radio link quality fluctuations, and a means by which
routers can receive and act upon feedback from a radio network
 New Virtual Multipoint Interface (VMI) and L2L3 API connects Layer 2 RF
network with layer 3
Mobile EIGRP Mobile Radio Mobile Radio Mobile EIGRP

Router Router
PPPoE RF PPPoE
PPP Sessions
EIGRP Routing Enhancements CSCek40468
Mobile Ad-hoc Network (MANET)
 The VMI interface maps multiple PPPoE sessions into a broadcast-

capable multi-access interface
 The quality of a neighbor will vary based on raw radio link characteristics
collected dynamically.
 The radio metrics are used to compute the composite EIGRP metric which
is used to determines best paths
 To avoid churn from frequent changes, a dampening mechanism is
implemented
router eigrp nw010-manet

address-family ipv4 autonomous-system 4453
af-interface vmi1
dampening-interval <seconds>
dampening-change <percent>
address-family ipv6 autonomous-system 6473
af-interface vmi1
dampening-interval <seconds>
dampening-change <percent>
* Will work on all interface types
Performance Routing (PfR)
 Cisco® IOS® Performance Routing (PfR) supports Route control

using EIGRP
 Currently PfR supports BGP, static routes and PBR only for route
control
 Monitors traffic performance for prefixes passively with NetFlow
and/or actively using IP SLA probes
 Chooses best performing path to a given destination
Delay, MOS
Load Balancing
For prefix, traffic-class and application
 Additional CCO information
http://www.cisco.com/go/pfr
IPv6 Support Primer
 Overview
 Router Configuration
 Topology Database
 Summarization
 Event logs and Debug review
EIGRP IPv6
Overview
 A new Protocol Dependent Module (PDM) to route IPv6

 A familiar Look and Feel means incumbent EIGRP operational expertise
can be leveraged
 Add new TLV’s (Type, Length, Value) in EIGRP packets to carry IPv6
prefixes
Internal routes TLV (Type 0x0401)
External routes TLV (Type 0x0402)
 Uses proven Reliable Transport Protocol (RTP) for reliable delivery of

packets
 DUAL performs route computations for IPv6 without modifications
EIGRP IPv6
Addressing Basics
 An IPv6 address is an extended 128-bit / 16 bytes address that
gives
2128 possible addresses (3.4 x 1038)
 IPv6 addresses
64 bits for the subnet ID, 64 bits for the interface ID
Separated into 8 * 16-bit Hexadecimal numbers
Each block is separated by a colon :
:: can replaced leading, trailing or consecutive zeros
:: can only appear once
 EIGRP IPv6 Multicast transport
FF02:0:0:0:0:0:0:A or abbreviated to FF02::A
Examples:
2003:0000:130F:0000:0000:087C:876B:140B
2003:0:130F::87C:876B:140B
EIGRP IPv6
IPv6 Link-Local Address
 A IPv6 Link-local address is used by EIGRP to source Hello
packets and establish an adjacency
 IPv6 Link-local address is never routed
 IPv6 packet forwarding and must be configured first under global
configuration
 They are auto assigned when you enable the interface
ipv6 unicast
interface Ethernet1/0
ipv6 enable
 You can configure this manually on an interface

 An IPv6 link-local is prefixed by fe80 and has a prefix length of /10
ipv6 address ?
X:X:X:X::X IPv6 link-local address
X:X:X:X::X/<0-128> IPv6 prefix
……
EIGRP IPv6
Router Configuration
classic router configuration eigrp named mode configuration

int Ethernet 0/0 router eigrp nw010-v6
ipv6 eigrp 6473 address-family ipv6 auto 6476
! af-interface default
router eigrp 6473 no shutdown
no shutdown
 Router-ID is require and selected

① from highest loopback IPv4 address
② from first IPv4 address found on any physical interface.
 If no IPv4 address is available, a 32-bit router-id can be configured

manually using the router-id command
router eigrp nw010-v6
router-id 1.1.1.1
EIGRP IPv6
Topology Table
 The Topology show commands are congruent with IPv4

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r
- reply Status, s - sia Status
P 2040:3333::31:113:0/112 , 1 successors, FD is 281600

P 2040:3333::31:114:0/112, 1 successors, FD is 281600
 The next-hop is the Neighbors 128-bit link-local
EIGRP IPv6
Topology Table
 The information source and next-hop 128-bit address

show eigrp address-family ipv6 topology 2040:3333::31:113:0/112
EIGRP-IPv6 VR(nw010) Topology entry for AS(6473)/ID(1.1.1.1) for 2040:3333::31:113:0/112
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 281600
Routing Descriptor Blocks:
FE80::A8BB:CCFF:FE00:200 (Ethernet0/0), from FE80::A8BB:CCFF:FE00:200, Send flag is 0x0
Composite metric is (281600/256), Route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1000 microseconds
Reliability is 0/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 2.2.2.2
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
EIGRP IPv6
Route Summarization
Summaries
 Auto-summary is not configurable in EIGRP IPv6 because IPv6 is
essentially classless
 Manual summarization is supported, as it is with EIGRP IPv4, and can
therefore be configured at any point in the network
classic router configuration eigrp named configuration

interface Ethernet0/0 router eigrp nw010-ipv6
ipv6 summary-address eigrp 6473 ? address-family ipv6 auto 6473
X:X:X:X::X/<0-128> IPv6 prefix af-interface Ethernet0/0
summary-address ?
X:X:X:X::X/<0-128> IPv6 prefix
EIGRP IPv6
Event logs and Debugs Supported
EIGRP IPv6 information in existing debugs

debug eigrp ?
fsm EIGRP Dual Finite State Machine events/actions
neighbors EIGRP neighbors
nsf EIGRP Non-Stop Forwarding events/actions
packets EIGRP packets
transmit EIGRP transmission events
debug eigrp packets

EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)
00:52:47: EIGRP: Received HELLO on Ethernet1/0 nbr FE80::A8BB:CCFF:FE00:401

00:52:47: AS 6473, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ
un/rely 0/0
EIGRP IPv6
Event logs and Debugs Supported
 EIGRP IPv6 Event Log

show eigrp address-family ipv6 event
1 06:27:52.115 Change queue emptied, entries: 1
2 06:27:52.115 Metric set: 2040:3333::31:113:0/112 281600
3 06:27:52.115 Update reason, delay: new if 4294967295
4 06:27:52.115 Update sent, RD: 2040:3333::31:113:0/112 4294967295
5 06:27:52.115 Update reason, delay: metric chg 4294967295
6 06:27:52.115 Update sent, RD: 2040:3333::31:113:0/112 4294967295
EIGRP IPv6 Specific Debugging

debug eigrp address-family ipv6 ?
<1-6473> Autonomous System
neighbor EIGRP neighbor debugging
notifications EIGRP event notifications
summary EIGRP summary route processing
<cr>
EIGRP IPv6
Review
Provides feature parity with most IPv4 Features (stubs, scaling,
summarization, etc)
Implementation EIGRP IPv6 uses the same Reliable Multicast Transport protocol used by
IPv4
IPv6 Link-local address are used to establish an adjacency
32 bit Router ID must be explicitly configured if no IPv4 address is available
Hellos are sourced from the link-local address and destined
to FF02::A (all EIGRP routers);
Neighbors are not required to share the same global prefix (with the
exception of explicitly specified neighbors where traffic is sent unicast)
Important
Automatic summarization disabled by default for EIGRP IPv6, and is not
Differences even configurable for EIGRP IPv6
“no split-horizon” is the default configuration for EIGRP IPv6 (IPv6 supports
multiple prefixes per interface)
EIGRP IPv6 does not support the “default-information” command as there is
no support in IPv6 for the configuration of default networks other than ::/0
“ipv6 unicast” must be configured under global mode to enable ipv6 routing
Note “ipv6 enable” must be configured under all interfaces which will be enabled
for ipv6
Q&A
Recommended Reading
ASIN: 1578701651 ISBN: 0201657732
Other References
 Continue your Cisco Live

learning experience with further
reading from Cisco Press
 Check the Recommended
Reading flyer for suggested
books
Available Onsite at the Cisco Company Store

Meet the Engineer
To make the most of your time at Networkers at Cisco

Live 2010, schedule a Face-to-Face Meeting with a top
Cisco Engineer.
Designed to provide a "big picture" perspective as well as

"in-depth" technology discussions, these face-to-face
meetings will provide fascinating dialogue and a wealth of
valuable insights and ideas.
Visit the Meeting Centre reception desk located in the

Meeting Center in World of Solutions
Complete Your Online
Session Evaluation
 Give us your feedback and you

could win fabulous prizes.
Winners announced daily.
 Receive 20 Cisco Preferred
Access points for each session
evaluation you complete.
 Complete your session
evaluation online now (open a
browser through our wireless
network to access our portal)
or visit one of the Internet Don’t forget to activate your
stations throughout the Cisco Live and Networkers Virtual
Convention Center. account for access to all session
materials, communities, and on-demand
and live activities throughout the year.
Activate your account at any internet
station or visit www.ciscolivevirtual.com.
Enter to Win a 12-Book Library
of Your Choice from Cisco Press
Visit the Cisco Store in the

World of Solutions, where
you will be asked to enter
this Session ID code
Check the Recommended Reading brochure for

suggested products available at the Cisco Store

EIGRP

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

EIGRP

Hochgeladen von

Copyright:

Verfügbare Formate

Enhanced Interior Routing Protocol (EIGRP)

Why EIGRP? Some advances in Routing

 We value your feedback – don’t forget to complete

This Session Assumes Basic Knowledge of:

1994 1999 2001

2005 2007 2009

 Named Mode Configuration

EIGRP IPv4 EIGRP IPv6

 To solve these issues, we created a new configuration mode:

 And a new set of exec commands :

 Supports all current and future feature development in an extensible

router eigrp [virtual-instance-name | asystem]

 “af-interface default” applies to all interfaces

 “af-interface <interface>” applies to one interface

router eigrp nw010

 Support for multi topology routing (MTR)

router eigrp [virtual-instance-name]

{show | clear | debug} eigrp What action are you performing?

show eigrp address-family ipv6 topology

show eigrp address-family ipv4 topology

show eigrp service-family ipv4 topology

 Behavior of autonomous-system command under VRFs has

 The auto-summary command is a relic from the days of classful

default nvgen behavior IOS Version (eigrp version)

auto-summary 'auto-summary' : does not nvgen 12.2SR(rel2), 12.2SX(rel3),

 More on Service Family Configuration

 OSPF with tuned timers 4000

 IS-IS with tuned timers 3000

 EIGRP with feasible 2000

 Improvements any of these stages provides an improvement in overall

 EIGRP Hello timers can be tuned to a minimum of 1 second. This is not

Bidirectional Forwarding Detection (BFD)

 BFD works on most media

 BFD working together with EIGRP as the upper layer protocol

router eigrp nw010-bfd

B#show bfd neighbors

 The depth of the Core

 Summarization is an information-hiding technique used to minimize

 What is excessive redundancy? Isn’t redundancy

 In this example, the four Ethernets on the left are

RtrA#show ip route | begin 1.1.1.0

 Startup times improved from minutes to A B

 EIGRP no longer sends a poison update in response to newly learned route

 EIGRP no longer sends “startup” updates twice.

 EIGRP no longer sends a poison update if part of a distribute-list

 EIGRP is the fastest converging of all IGP protocols using this

 show eigrp ipv4 topology

 Remember, don’t want to

RtrA#show eigrp address-family ipv4 topology D

 For paths with feasible successors, convergence time is in the

 For paths without feasible successors, convergence time is

 Good design is the key to fast convergence and scalability in

 Assume these spokes are remotes

 Marking the spokes as stubs

In a single remote site with two routers

 C and D are Stub 0.0.0.0/0 0.0.0.0/0

 Network 10.1.1.0/24 cannot be

router eigrp nw010-leaky-stub

 The link from B to D fails A B

 D is advertising 10.1.1.0/24 to C, and

Leak 10.1.1.0/24 and 0.0.0.0/0

 We could use a combination of static

 The simplest way to handle this is

 When Components Changes, EIGRP must recalculate the