EIGRP-Advanced Configuration and troubleshooting

Automatic summarization
Note: Automatic summarization is only an option with EIGRP for IPv4. Classful addressing does
not exist in IPv6; therefore, there is no need for automatic summarization with EIGRP for IPv6.

R1(config)# router eigrp as-number

R1(config-router)# auto-summary

R1 summarizes the
192.168.10.4/30 and 192.168.10.8/30 subnet. It forwards the summarized address of
192.168.10.0/24 to its neighbors on its Serial 0/0/0 and GigabitEthernet 0/0 interfaces. Because
R1 does not have any EIGRP neighbors on its GigabitEthernet 0/0 interface, the summarized
routing update is only received by R2.
R1 also has the 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/30 subnets in its IPv4 routing table.
R3 selects R1 as the successor to 172.16.0.0/16 because it has a lower feasible distance. The R3
S0/0/0 interface connecting to R1 uses a default bandwidth of 1,544 kb/s. The R3 link to R2 has a
higher feasible distance because the R3 S0/0/1 interface has been configured with a lower
bandwidth of 1,024 kb/s.

Notice that the 172.16.0.0/16 summarized update is not sent out R1’s GigabitEthernet 0/0 and
Serial 0/0/0 interfaces. This is because these two interfaces are members of the same 172.16.0.0/16
class B network. The 172.16.1.0/24 non-summarized routing update is sent by R1 to
R2. Summarized updates are only sent out interfaces on different major classful networks.
Routing loop by Automatic summarization

EIGRP for IPv4 automatically includes a Null0 summary route whenever the following conditions
exist:
 There is at least one subnet that was learned via EIGRP.
 There are two or more network EIGRP router configuration mode commands.
 Automatic summarization is enabled.
The purpose of the Null0 summary route is to prevent routing loops for destinations that are
included in the summary, but do not actually exist in the routing table.
1. R1 has a default route, 0.0.0.0/0 via the ISP router.

2. R1 sends a routing update to R2 containing the default route.

3. R2 installs the default route from R1 in its IPv4 routing table.

4. R2’s routing table contains the 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24 subnets in its
routing table.

5. R2 sends a summarized update to R1 for the 172.16.0.0/16 network.

6. R1 installs the summarized route for 172.16.0.0/16 via R2.

7. R1 receives a packet for 172.16.4.10. Because R1 has a route for 172.16.0.0/16 via R2, it
forwards the packet to R2.

8. R2 receives the packet with the destination address 172.16.4.10 from R1. The packet does not
match any specific route so using the default route in its routing table R2 forwards the packet
back to R1.

9. The packet for 172.16.4.10 is looped between R1 and R2 until the TTL expires and the packet
is dropped.
step 1-7 are same as the example above, After step 7
8. R2 receives the packet with the destination address 172.16.4.10 from R1. The packet does not
match any specific subnet of 172.16.0.0 but does match the 172.16.0.0/16 summary route to
Null0. Using the Null0 route, the packet is discarded.

A summary route on R2 for 172.16.0.0/16 to the Null0 interface, discards any packets that begin
with 172.16.x.x, but do not have a longer match with any of the subnets: 172.16.1.0/24,
172.16.2.0/24, or 172.16.3.0/24.

Even if R2 has a default route of 0.0.0.0/0 in its routing table, the Null0 route is a longer match.

Note: The Null0 summary route is removed when autosummary is disabled using the no auto-
summary router configuration mode command.
Manual Summarization

Because EIGRP is a classless routing protocol and includes the subnet mask in the routing
updates, manual summarization can include supernet routes. Remember, a supernet is an
aggregation of multiple major classful network addresses.
How to manual summarization
We can use same method to calculate the IPV4 or IPV6 route summary. I will use one example
to show how to summarize the route, in this example we have 3 route, 192.168.1.0/24,
192.168.2.0/24,192.168.3.0/24

Step 1. Write out the networks to be summarized in binary.

Step 2. To find the subnet mask for summarization, start with the far left bit.

Step 3. Working from left to right, find all the bits that match consecutively.
Step 4. When there is a column of bits that do not match, stop. This is the summary boundary.

Step 5. Count the number of far left matching bits, which in this example is 22. This number is
used to determine the subnet mask for the summarized route: /22 or 255.255.252.0.

Step 6. To find the network address for summarization, copy the matching 22 bits and add all 0
bits to the end to make 32 bits.

The result is the summary network address and mask for 192.168.0.0/22.

Configure EIGRP Manual Summarization

To establish EIGRP manual summarization on a specific EIGRP interface, use the following
interface configuration mode command:

Router(config-if)# ip summary-address eigrp as-number network-address subnet-mask

To configure EIGRP for IPv6 manual summarization on a specific EIGRP interface, use the
following interface configuration mode command:

Router(config-if)# ipv6 summary-address eigrp as-number prefix/prefix-length

Recall that the OSPF use area area-id range address maskcommand to summarize the address.
For more see here.
Propagate a default static route
Router(config-router)#ip route 0.0.0.0 0..0.0.0 serial 0/0/1

Router(config-router)# redistribute static

(recall that in RIP and OSPF the command is router(config-router)#default-information
originate)

IPv6

Router(config)# ipv6 route ::/0 serial 0/1/0

Router(config-router)# redistribute static

Note: Some IOSs may require that the redistribute static command include the EIGRP metric
parameters before the static route can be redistributed.
Verify: show ip route | include 0.0.0.0
The entry for the EIGRP learned default route is identified by the following:

 D – This route was learned from an EIGRP routing update.

 * – The route is a candidate for a default route.
 EX – The route is an external EIGRP route, in this case a static route outside of the EIGRP
routing domain.
 170 – This is the administrative distance of an external EIGRP route.
Fine-tune EIGRP interface
Bandwidth utilization
By default, EIGRP uses only up to 50 percent of an interface’s bandwidth for EIGRP
information. This prevents the EIGRP process from over-utilizing a link and not allowing
enough bandwidth for the routing of normal traffic.

For Ipv4, Use the ip bandwidth-percent eigrp command to configure the percentage of
bandwidth that can be used by EIGRP on an interface.
Router(config-if)# ip bandwidth-percent eigrp as-number percent
For IPv6, use the ipv6 bandwidth-percent eigrp command in interface configuration mode. To
restore the default value, use the no form of this command.
Router(config-if)# ipv6 bandwidth-percent eigrp as-number percent
Hello and hold timers
Hello intervals and Hold times are configurable on a per-interface basis and do not have to match
with other EIGRP routers to establish or maintain adjacencies.

IPv4, The command to configure a different Hello interval is:

Router(config-if)# ip hello-interval eigrp as-number seconds

If the Hello interval is changed, ensure that the Hold time value is equal to, or greater than, the
Hello interval. Otherwise, neighbor adjacency goes down after the Hold time expires and before
the next Hello interval. Use the following command to configure a different Hold time:

Router(config-if)# ip hold-time eigrp as-number seconds

The seconds value for both Hello and Hold time intervals can range from 1 to 65,535.
IPv6

EIGRP for IPv6 uses the same Hello interval and Hold times as EIGRP for IPv4. The interface
configuration mode commands are similar to those for IPv4:
Router(config-if)# ipv6 hello-interval eigrp as-number seconds
Router(config-if)# ipv6 hold-time eigrp as-number seconds

Load balancing
Equal-cost
Equal-cost load balancing is the ability of a router to distribute outbound traffic using all
interfaces that have the same metric from the destination address. Load balancing uses network
segments and bandwidth more efficiently. For IP, Cisco IOS Software applies load balancing
using up to four equal-cost paths by default.

Take this topology for example

The show ip protocols command can be used to verify the number of equal-cost paths currently
configured on the router.
The routing table maintains both routes.

Figure shows that R3 has two EIGRP equal-cost routes for the 172.16.3.0/30 network. One route
is via R1 at 192.168.10.5 and the other route is via R2 at 192.168.10.9. Looking at the topology,
it may seem as if the path via R1 is the better route because there is a 1544 kb/s link between R3
and R1, whereas the link to R2 is only a 1024 kb/s link. However, EIGRP only uses the slowest
bandwidth in its composite metric which is the 64 kb/s link between R1 and R2. Both paths have
the same 64 kb/s link as the slowest bandwidth, this results in both paths being equal.
When a packet is process-switched, load balancing over equal-cost paths occurs on a per-packet
basis. When packets are fast-switched, load balancing over equal-cost paths occurs on a per-
destination basis. Cisco Express Forwarding (CEF) can perform both per packet and per-
destination load balancing.

Cisco IOS, by default, allows load balancing using up to four equal-cost paths; however, this can
be modified. Using the maximum-paths router configuration mode command, up to 32 equal-
cost routes can be kept in the routing table.
Router(config-router)# maximum-paths value
The value argument refers to the number of paths that should be maintained for load balancing.
If the value is set to 1, load balancing is disabled.

Similar to the previous scenario for IPv4, R3 has two EIGRP equal-cost routes for the network
between R1 and R2, 2001:DB8:CAFE:A001::/64. One route is via R1 at FE80::1 and the other
route is via R2 at FE80::2.

Unequal-Cost Load Balancing

EIGRP for IPv4 and IPv6 can also balance traffic across multiple routes that have different
metrics. This type of balancing is called unequal-cost load balancing.

Setting a value using the variance command in router configuration mode enables EIGRP to
install multiple loop-free routes with unequal cost in a local routing table.
A route learned through EIGRP must meet two criteria to be installed in the local routing table:
 The route must be loop-free, being either a feasible successor or having a reported distance
that is less than the total distance.
 The metric of the route must be lower than the metric of the best route (the successor)
multiplied by the variance configured on the router.
For example, if the variance is set to 1, only routes with the same metric as the successor are
installed in the local routing table.
If the variance is set to 2, any EIGRP-learned route with a metric less than 2 times the successor
metric will be installed in the local routing table.

 E-B-A with a metric of 30

 E-C-A with a metric of 20
 E-D-A with a metric of 45
Router E chooses the path E-C-A with a metric of 20 because 20 is better than 30 and 45. In
order to instruct EIGRP to select the path E-B-A as well, configure variance with a multiplier of
2:
router eigrp 1

network x.x.x.x

variance 2
This configuration increases the minimum metric to 40 (2 * 20 = 40). EIGRP includes all routes
that have a metric of less than or equal to 40 and satisfy the feasibility condition. In the
configuration in this section, EIGRP now uses two paths to get to Network X, E-C-A and E-B-A,
because both paths have a metric of under 40. EIGRP does not use path E-D-A because that path
has a metric of 45, which is not less than the value of the minimum metric of 40, because of the
variance configuration. Also, the reported distance of neighbor D is 25, which is greater than the
feasible distance (FD) of 20 through C. This means that, even if variance is set to 3, the E-D-A
path is not selected for load balancing because Router D is not a feasible successor.
Traffic Sharing
EIGRP not only provides unequal cost path load balancing, but also intelligent load balancing,
such as traffic sharing. In order to control how traffic is distributed among routes when there are
multiple routes for the same destination network that have different costs, use the traffic-
share balanced command.

With the keyword balanced, the router distributes traffic proportionately to the ratios of the
metrics that are associated with different routes. This is the default setting:
router eigrp 1

network x.x.x.x

variance 2

traffic-share balanced

The traffic share count for this example is:

 For path E-C-A: 30/20 = 3/2 = 1
 For path E-B-A: 30/30 = 1
Because the ratio is not an integer, round down to the nearest integer. In this example, EIGRP
sends one packet to E-C-A and one packet to E-B-A.
Now, assume that the metric between E-B is 25 and the metric between B-A is 15. In this case,
the E-B-A metric is 40. However, this path will not be selected for load balancing because the
cost of this path, 40, is not less than (20 * 2 ), where 20 is the FD and 2 is the variance. In order
to include this path also in load sharing, the variance should be changed to 3. In this case, the
traffic share count ratio is:
 For path E-C-A: 40/20 = 2
 For path E-B-A: 40/40 = 1
In this situation, EIGRP sends two packets to E-C-A and one packet to E-B-A. In this way,
EIGRP provides both unequal cost path load balancing and intelligent load balancing. Refer to
the Load Balancing section of Enhanced Interior Gateway Routing Protocol for more
information on how EIGRP load balances traffic over unequal cost links.
Similarly, when you use the traffic-share command with the keyword min, the traffic is sent only
across the minimum-cost path, even when there are multiple paths in the routing table.
router eigrp 1
network x.x.x.x

variance 3

traffic-share min across-interfaces

In this situation, EIGRP sends packets only through E-C-A, which is the best path to the
destination network.
This is identical to the forwarding behavior without use of the variance command. However, if
you use the traffic-share min command and the variance command, even though traffic is
sent over the minimum-cost path only, all feasible routes get installed into the routing table,
which decreases convergence times.

Page: 2
Secure EIGRP
EIGRP message authentication ensures that routers only accept routing messages from other
routers that know the same pre-shared key. Without authentication configured, if an unauthorized
person introduces another router with different or conflicting route information on the network,
the routing tables on the legitimate routers can become corrupt and a DoS attack may ensue.

EIGRP supports routing protocol authentication using MD5. The configuration of EIGRP
message authentication consists of two steps:
1. The creation of a keychain and key
Before authentication can be enabled, create a keychain and at least one key.a. In global
configuration mode, create the keychain. Although multiple keys can be configured, this
section focuses on the use of a single key.Router(config)# key chain name-of-chain b. Specify the
key ID. The key ID is the number used to identify an authentication key within a keychain.
The range of keys is from 0 to 2,147,483,647. It is recommended that the key number be the
same on all routers in the configuration.Router(config-keychain)# key key-id
c. Specify the key string for the key. The key string is similar to a password. Routers
exchanging authentication keys must be configured using the same key string.
Router(config-keychain-key )# key-string key-string-text
2. configuration of EIGRP authentication to use that keychain and key.
a. In global configuration mode, specify the interface on which to configure EIGRP message
authentication.Router(config)# interface type number b. Enable EIGRP message authentication.
The md5 keyword indicates that the MD5 hash is to be used for authentication.Router(config-
if)# ip authentication mode eigrp as-number md5 c. Specify the keychain that should be used for
authentication. The name-of-chain argument specifies the keychain that was created in Step 1.
Router(config-if)# ip authentication key-chain eigrp as-number name-of-chain
Each key has its own key ID, which is stored locally. The combination of the key ID and the
interface associated with the message uniquely identifies the authentication algorithm and
MD5 authentication key in use. The keychain and the routing update are processed using the
MD5 algorithm to produce a unique signature.
Configuring EIGRP for IPv6 Authentication

The algorithms and the configuration to authenticate EIGRP for IPv6 messages are the same as
EIGRP for IPv4. The only difference is the interface configuration mode commands use ipv6,
instead of ip.
Verify the Authentication
After EIGRP message authentication is configured on one router, any adjacent neighbors that
have not yet been configured for authentication are no longer EIGRP neighbors. For example,
when R1’s Serial 0/0/0 interface was configured for MD5 authentication, but R2 had not yet
been configured, the following IOS message appeared on R1:

%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is down:

authentication mode changed
When the adjacent Serial 0/0/0 interface on R2 is configured, the adjacency is re-established and
the following IOS message is displayed on R1:

%DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.3.2 (Serial0/0/0) is up: new

adjacency
Similar messages are also displayed on R2.

Adjacencies are only formed when both connecting devices have authentication configured. To
verify that the correct EIGRP adjacencies were formed after being configured for authentication,
use the show ip eigrp neighbors command on each router.
To verify the neighbor adjacencies EIGRP for IPv6, use the show ipv6 eigrp
neighbors command.

Troubleshooting EIGRP
Neighbor issues:
Neighbor adjacency might not be formed for a number of reasons, including the following:

 The interface between the devices is down.

 The two routers have mismatching EIGRP autonomous system numbers (process IDs).
 Proper interfaces are not enabled for the EIGRP process.
 An interface is configured as passive.
Some issues that may cause a connectivity problem for EIGRP include:

 Proper networks are not being advertised on remote routers.

 An incorrectly-configured passive interface, or an ACL, is blocking advertisements of remote
networks.
 Automatic summarization is causing inconsistent routing in a discontiguous network.
If all of the required routes are in the routing table, but the path that traffic takes is not correct,
verify the interface bandwidth values.

Show command
show ip eigrp interfaces command displays which interfaces are enabled for EIGRP. If
connected interfaces are not enabled for EIGRP, then neighbors do not form an adjacency.
The “Routing for Networks” section of the show ip protocols command indicates which
networks have been configured.
If the network is not present in this section, use show running-config to ensure that the
proper network command was configured.
“IP Routing is NSF aware” refers to Nonstop Forwarding (NSF). This capability allows the
EIGRP peers of a failing router to retain the routing information that it has advertised, and to
continue using this information until the failed router resumes normal operation and is able to
exchange routing information. For more information refer
to: http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/eigrp-nsf-
awa.html
Reference:
Unequal Cost Path Load balancing: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-
interior-gateway-routing-protocol-eigrp/13677-19.html