Beruflich Dokumente
Kultur Dokumente
EIGRP Part 2
EIGRP over Frame Relay EIGRP over MPLS EIGRP Load Balancing EIGRP Bandwidth across WAN Links Authentication EIGRP Scalability in Large Networks
Materials
Book: Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide: Foundation learning for the ROUTE 642-902 Exam By Diane Teare Book ISBN-10: 1-58705-882-0 ISBN-13: 978-1-58705-882-0 eBook ISBN-10: 0-13-255033-4 ISBN-13: 978-0-13-255033-8
Frame Relay Basics A switched WAN technology Virtual circuits (VCs) are created by a Service Provider (SP) Multiple logical VCs to be multiplexed over a single physical interface. Typically PVCs identified by a locally significant data link connection identifier (DLCI). For IP connectivity: A mapping between IP addresses and DLCIs must be defined, either dynamically or statically.
By default, a Frame Relay network is an NBMA network. Like multiaccess networks (Ethernet LANs) All routers are on the same subnet But broadcast (and multicast) packets CANNOT be sent just once as they are in a broadcast environment such as Ethernet. Cisco IOS implements pseudo-broadcasting Router creates a copy of the broadcast or multicast packet for each neighbor reachable through the WAN media (over the PVC). Sends the copy of the broadcast or multicast packet over the appropriate PVC for that neighbor.
DLCI 130
Inverse ARP is on by default Automatically maps the IP address of the devices at the other end of the PVCs to the local DLCI number. Split horizon is disabled by default on Frame Relay physical interfaces. Routes from Router R2 can be sent to Router R3, and vise-versa. Note: Inverse ARP does not provide dynamic mapping for the communication between routers R2 to R3 because they are not connected with a PVC; this must be configured (mapped) manually
7
R1 forms the adjacency with router R2 and R3 over the serial0/0 physical interface. R3 (and R2) forms an adjacency with router R1. No EIGRP relationship exists between routers R2 and R3.
8
interface Serial 0/0 R3 encapsulation frame-relay ip address 192.168.1.103 255.255.255.0 frame-relay map ip 192.168.1.101 130 broadcast router eigrp 110 network 192.168.1.0
Using static mapping disables Inverse ARP No changes to the basic EIGRP configuration. Manual IP-to-DLCI mapping commands on the serial 0/0 interface are necessary on all three routers. Again, because split horizon is disabled by default on Frame Relay physical interfaces, routes from R2 can be sent to R3, and vise-versa. Note: R1 includes a Frame Relay map to its own IP address so it can ping its own interface.
interface Serial 0/0 R3 encapsulation frame-relay ip address 192.168.1.103 255.255.255.0 frame-relay map ip 192.168.1.101 130 broadcast frame-relay map ip 192.168.1.102 130 broadcast router eigrp 110 network 192.168.1.0
The adjacencies formed on R1 using static mapping are the same as those formed using dynamic mapping. R2 and R3 also form an adjacency with router R1. R2 and R3 can also form an EIGRP adjacency to each other if the IP-to-DLCI mapping for that connectivity is provided. Output shows that R3 has two neighbors (router R1 and R2), indicating that this mapping was provided on R3 (but not required between R2 and R3).
10
Same Subnet
DLCI 100
DLCI 103
DLCI 130
Separating a physical interface into multipoint subinterfaces allows each subinterface to be on a separate network. Multipoint subinterfaces are configured with the command: interface serial number.subinterface-number multipoint
11
IP address-to-DLCI mapping on multipoint subinterfaces is done by either: Specifying the local DLCI value (frame-relay interface-dlci dlci) and relying on Inverse ARP Using manual IP address-to-DLCI mapping. The physical interface serial 0/0 is configured for Frame Relay encapsulation and does not have an IP address assigned to it. 12 Note: The spoke router does not have a multipoint-subinterface.
Split horizon is enabled by default on Frame Relay multipoint interfaces. R2 and R3 need to provide connectivity between their connected networks so EIGRP split horizon is disabled on the multipoint subinterface of router R1 with the no ip split-horizon eigrp as-number command.
13
Verify with show ip eigrp neighbors R1 forms an adjacency with routers R2 and R3 over the serial0/0.1 multipoint subinterface. R2 and R3 form the adjacency with R1 Note: R2 and R3 could form an adjacency between each other if the IP address14 to-DLCI mapping for that connectivity is provided. (not required)
Not all Frame Relay service providers support multicasts/broadcasts so routing information must be sent as unicasts. router configuration command:
neighbor {ip-address | ipv6-address} interface-type interface-number
Defines a neighboring router to exchange EIGRP routing information. Instead of using multicast packets, EIGRP exchanges routing information with the specified neighbor using unicast packets.
15
EIGRP does not process any multicast packets coming inbound on that interface EIGRP stops sending multicast packets on that interface.
16
R1 is configured with a neighbor command for R2. R1 will therefore not accept multicast packets on Serial 0/0.1 anymore. R2 must also be configured with a neighbor command for R1 to establish an adjacency. R1 and R3 are not configured with a neighbor command for each other. Therefore, R1 and R3 will not form an adjacency.
17
Because R3 is not using the neighbor command it tries to communicate with multicast packets on its Serial 0/0/.1. However, neighborship is not established because neither R1 nor Router R2 is accepting multicast packets.
18
Same Subnet
DLCI 100 DLCI 103
DLCI 130
Point-to-point subinterfaces are logical interfaces: Emulates a leased line network Provide a routing equivalent to point-to-point physical interfaces As with physical point-to-point interfaces, each interface requires its own subnet. Frame Relay point-to point is applicable to hub and spoke topologies.
19
R1 and R3: The physical interface serial 0/0 is configured for Frame Relay encapsulation The physical interface does not have an IP address assigned to it
20
21
MPLS (Multiprotocol Label Switching) is an IETF standard. Combines the: Advantages of Layer 3 routing Benefits of Layer 2 switching Short fixed-length labels are assigned to each packet at the edge of the MPLS network. Allows for scalable VPNs, end-to-end QoS, and other IP services that allow efficient utilization of existing networks with simpler configuration, management, and quicker fault correction.
22
What is MPLS?
New WAN technology originally defined in RFC 3031 by: Cisco Systems Force 10 Networks Juniper networks Started out as Tag Switching introduced by Ipsilon (now part of Nokia)
Layer 3 End-to-end circuits Advantages IP routing provides dynamic, automatic path setup Provides best path and backup paths Provides QoS Disadvantages Latency in hop-by-hop Layer 3 lookup Latency in routing switching packet forwarding process
Layer 2 End-to-end circuits (ATM, Frame Relay) Advantages Circuits (SVC or PVC) means destinations are pre-established at switches Less latency, switched only - no Layer 3 lookups Disadvantages Circuits difficult to manage - must use management software or human configuration. QoS and SLAs are individually managed
MPLS extends Layer 2 or Layer 3 natively between sites. The MPLS network although owned by a service provider but is an extension of the enterprise network. MPLS network is like a single router or switch with multiple interfaces. MPLS philosophy is that the Layer 3 header contains significantly more information than is necessary to forward the packet.
MPLS Terms
MPLS domain A contiguous set of nodes performing MPLS routing and forwarding. These are typically in one routing or administrative domain. Label Switching Router (LSR) An MPLS node that is capable of forwarding labeled packets. Label A short, fixed-length, physically contiguous identifier used to identify a group of networks sharing a common destination, usually of local significance. MPLS Ingress Node An MPLS node that handles traffic entering an MPLS domain. MPLS Egress Node An MPLS node that handles traffic leaving an MPLS domain.
MPLS Operation
A label identifies a flow of packets (for example, voice traffic between two nodes), also called a Forwarding Equivalence Class (FEC). Grouping of packets which can be used for QoS requirements Packets belonging to the same FEC receive the same treatment in the network. Determined by various parameters including: source or destination IP address port numbers IP protocol IP precedence
28
MPLS Operation
MPLS network nodes are called Label-Switched Routers (LSRs) Use the label to determine the next-hop for the packet. Do not need to examine the packets IP header Forwards packets based on the label. After a path has been established: Packets destined to the same endpoint with the same requirements can be forwarded based on these labels without a routing decision at every hop. Labels usually correspond to Layer 3 destination addresses, which makes MPLS equivalent to destination-based routing.
29
MPLS Operation
A Label-Switched Path (LSP) must be defined for each FEC before packets can be sent. Labels are locally significant to each MPLS node only Therefore nodes must communicate what label to use for each FEC. Label Distribution Protocol Enhanced version of the Resource Reservation Protocol. An interior routing protocol, such as OSPF or EIGRP is also used within the MPLS network to exchange routing information.
30
MPLS Operation
Each of the MPLS nodes has previously communicated the labels it uses for each of the defined FECs to its neighboring nodes. Packet A and Packet B represent different flows; for example, Packet A might be from an FTP session, whereas Packet B is from a voice conversation. Without MPLS, these packets would take the same route through the network.
31
R6 Layer 3 Routed
R5 MPLS Switched
94
R4 MPLS Switched
94 17
R3 MPLS Switched
17
R1 Layer 3 Routed
Note: Label allocation, label imposing, label swapping, and label popping usually happen in the service provider network, not the customer (enterprise) network. Customer routers never see a label. 32
MPLS Features
MPLS Only one examination of the packet Only one assignment to the FEC This is done at the MPLS ingress node
VPNs: First built using leased lines with PPP and HDLC encapsulations. Later, Layer 2 VPNs based on point-to-point data link layer connectivity, using ATM or Frame Relay virtual circuits. MPLS VPNs were introduced to provide a unified network for Layer 3 VPN services. Any Transport over MPLS (AToM) was introduced to facilitate this Layer 2 connectivity across an MPLS backbone.
34
Layer 2 MPLS VPN provides a Layer 2 service across the backbone R1 and R2 are connected together on the same IP subnet. Layer 3 MPLS VPN provides a Layer 3 service across the backbone R1 and R2 are connected to ISP edge routers; on each side, a separate IP subnet is used.
35
The network is divided into: Customer-controlled part (C-network) Provider-controlled part (P-network) Contiguous portions of C-network are called sites and are linked to the P-network via Customer Edge routers (CE-routers). The CE-routers are connected to the PE-routers (Provider Edge routers). The core devices in the provider network (P-routers) provide transport across the provider backbone and do not carry customer routes. 36 The service provider connects customers using MPLS VPNs.
Each customer is assigned an independent routing table - the virtual routing and forwarding (VRF) table in the PE router. PE routers maintain separate routing tables for each customer. Routing across the provider backbone is performed by another routing process that uses global IP routing table, the P-router.
37
In a Layer 3 MPLS VPN, the following requirements must be met: The customer routers (the CE-routers) are not be MPLS VPN-aware Run standard IP routing software. The provider core routers (the P-routers) must not carry customer (VPN) routes, to make the MPLS VPN solution scalable. The provider edge routers (PE-routers) must support MPLS VPN services and traditional IP services.
38
192.168.1.0/30 network
192.168.2.0/30 network
R1 and R2 are configured for EIGRP as if there were a corporate core network between them. EIGRP parameters between R1 and R2 (such as the AS number, authentication password, and so on) are often governed/coordinated by the service provider.
39
R1 establishes an EIGRP neighbor relationship with the PE1 router, R2 establishes an EIGRP neighbor relationship with the PE2 router. Routers R1 and R2 do NOT establish an EIGRP neighbor relationship with each other.
40
Layer 2 MPLS VPN, an MPLS backbone provides a Layer 2 Ethernet port-toport connection between the two customer routers R1 and R2. R1 and R2 are exchanging Ethernet frames. PE1 router: Takes the Ethernet frame received from the directly connected R1 Encapsulates it into an MPLS packet Forwards it across the backbone to the PE2 router. The PE2 router decapsulates the MPLS packet and reproduces the Ethernet frame on its Ethernet link to router R2. This process is a type of AToM, called EoMPLS (a type of Metro Ethernet Service.
41
192.168.1.100/27 network
EIGRP over EoMPLS: No changes to the EIGRP configuration from the customer perspective. EIGRP needs to be enabled with the same AS number on both routers. network command includes the interface toward the PE router (PE1 and PE2) over which the routers R1 and R2 will form their neighbor relationship. From the EIGRP perspective, the MPLS backbone and routers PE1 and PE2 are not visible.
42
A neighbor relationship is established directly between routers R1 and R2 over the MPLS backbone.
43
44
Variance command
Router(config)# router eigrp 1 Router(config-router)# variance multiplier Cisco IOS allows up to 16 equal-cost paths, 4 by default. EIGRP does unequal cost load balancing, forwarding packets relative to the metric. The variance command: Instructs the router to include routes with a metric less than or equal to n times the minimum metric route for that destination n is the number specified by the variance command (1 -128). Default = 1 The maximum-paths number EIGRP is used to sent the number of loadbalancing paths (up to 16 paths). 1 disables load balancing Note: If a path isn't a feasible successor, then it isn't used in load balancing. Note: Load balancing is only performed on traffic that passes through the router, not traffic generated by the router.
45
Variance command
FS Succ
FS
Successor: R3 with a FD of 20 Feasible Successors: R2 and R5 R2s AD of 10 < R3s FD of 20 R5s AD of 10 < R3s FD of 20 R4 is NOT a FS because its AD of 25 > R3s FD of 20
46
Variance command
FS Succ x 2 = 40 R1(config)# router eigrp 110 R1(config-router)# variance 2
FS
Variance = 2 R3s FDv 2 x 20 (FD) = 40 R2 is added as successor to R1s routing table: R2s FD of 30 < R3s FDv of 40 R5 is NOT added to R1s routing table: R5s FD of 50 > R3s FDv of 40 R5 would still be a Feasible Successor Note: R4 is not considered even if its FD was < or = R3s FDv of 40 because it is not a FS The load in is balanced proportional to the bandwidth. FD of the route via router R2 is 30 FD of the route via router R3 is 20 Ratio of traffic between the two paths is via R2: 3/5 and via R3: 2/5
47
48
49
Cisco IOS assumes that point-to-point Frame Relay subinterfaces are operating at the default speed of the interface. In many implementations, however, only fractional speeds (such as a fractional T1) are available. Therefore, when configuring these subinterfaces, set the bandwidth to match the contracted CIR (Committed Information Rate).
50
Multipoint interfaces
Multipoint interfaces the bandwidth is shared equally by all neighbors. EIGRP uses the bandwidth command on the physical interface divided by the number of Frame Relay neighbors connected on that physical interface to get the bandwidth attributed to each neighbor. When configuring multipoint interfaces, configure the bandwidth to represent the minimum CIR times the number of circuits.
51
Bandwidth of 224 kbps Configured bandwidth on the interface, resulting in (224 / 4 = ) 56 kbps allocated per circuit. This 56-kbps allocation matches the provisioned CIR of each circuit.
52
One circuit = CIR of 56 kbps Other three circuits = CIR of 256 kbps. The interface on Router C has been configured for a bandwidth equal to: The lowest CIR times the total number of circuits 56 * 4 = 224 This configuration protects against overwhelming the slowest-speed circuit in the topology.
53
The low-speed circuit configured as point-to-point. The remaining circuits are multipoint Their respective CIRs are added up to set the interfaces bandwidth 256 + 256 + 256 = 768 On the multipoint interface, the bandwidth is shared equally among all circuits. Thus, the bandwidth will be split into 3, with 256 kbps allocated to each circuit.
54
256 kbps
CIR 64 BW 25
CIR 64 BW 25
CIR 64 BW 25
EIGRP AS 63
256 kbps link from Router C to the Frame Relay provider. Hub-and-spoke oversubscribed topology with 10 VCs to the remote sites. (Only 4 of the 10 remote sites are shown in the figure.) The circuits are provisioned as 64-kbps links, but there is insufficient bandwidth on Router C (the hub) to support the allocation. For example, if the hub tries to communicate to all remote sites at the same time, the bandwidth that is required exceeds the available link speed of 256 kbps for the hub10 times the CIR of 64 kbps equals 640 kbps.
55
256 kbps
CIR 64 BW 25
CIR 64 BW 25
CIR 64 BW 25
EIGRP AS 63
In a point-to-point topology: All VCs are treated equally and are therefore configured for exactly onetenth of the available link speed (25 kbps). Alternatively the Serial 0 main interface could be configured with the bandwidth 256 command.
56
Authentication
57
Neighbor router authentication - Routers only participate in routing based on predefined passwords. Routers use two types of authentication: Simple password authentication (also called plain text authentication) Supported by Integrated System-Integrated System (IS-IS), OSPF, and Routing Information Protocol Version 2 (RIPv2) MD5 authentication Supported by OSPF, RIPv2, BGP, and EIGRP Provides authentication but does not provide confidentiality. The contents of the protocol packets are not encrypted. By default, no authentication is used for EIGRP packets.
58
Configuring EIGRP MD5 authentication requires the following steps: Step 1: Configure the authentication mode for EIGRP Step 2: Configure the key chain Step 3: Optionally configure the keys lifetime parameters Step 4: Enable authentication to use the key(s) in the key chain
59
60
The key chain R1chain command enters configuration mode for the R1chain key chain. Two keys are defined in this key chain. Key 1 has the string: firstkey Key 2 has the string secondkey Each key has an authentication string and lifetime specified. The administrator wants to change the keys on all the routers in the network each month to improve the security. The administrator configures an overlap of one week to change the keys on all the routers The validity of key 2 is configured 1 week before the expiration of key 1 to allow the new key to be applied to all 61 the routers in the network.
Sending: send-lifetime Only one key is used for sending EIGRP packets depending upon the lifetime of that key. The router will use the first key (by key number) which has a valid lifetime for sending EIGRP packets.
Receiving: accept-lifetime When receiving an EIGRP packet any valid key can be used as long as its lifetime matches and the keystring matches. If there are multiple valid keys the router will use the first key (by key number) which has a valid lifetime for accepting EIGRP packets.
62
Key 1 is set to firstkey. Acceptable for receiving EIGRP packets received from January 1, 2009 onward: accept-lifetime 04:00:00 Jan 1 2009 infinite However, send-lifetime 04:00:00 Jan 1 2009 04:00:00 Jan 31 2009 specifies that this key is only valid for use when sending packets until January 31, 2009 It is no longer valid for use in sending packets after January 31st 2009. Key 2 is set to secondkey Acceptable for receiving EIGRP packets from January 25, 2009 onward: accept-lifetime 04:00:00 Jan 25 2009 infinite. This key can also be used for sending EIGRP packets from January 25, 2009 onward send-lifetime 04:00:00 Jan 25 2009 infinite
63
The authenticating key ID (number) and the key string on both the sending router and the receiving router must be the same. The key chain can be different
64
The authenticating key and a key ID on both the sending router and the receiving router must be the same. The key chain can be different
The router uses the first, by key number, valid key for sending packets. R1 (sending): Will use key 1 for sending, from January 1st to 31st, 2009, Will use key 2 for sending as of 4:00 am on January 31st 2009.
65
The authenticating key and a key ID on both the sending router and the receiving router must be the same. The key chain can be different
R1 (receiving): Will accept key 1 for received packets, from January 1st 2009, Will also accept key 2 for received packets, from January 25th 2009. All other MD5 packets will be dropped.
66
Verifying Authentication
67
Verifying Authentication
Key chain R1chain and both keys key 1 (with authentication string firstkey) and key 2 (with authentication string secondkey) are displayed. Under each key, the lifetime of the key is also shown.
68
69
EIGRP Scalability
Operating one large flat EIGRP network is normally not scalable. Some issues to consider include: Large routing tables that need to be processed High memory demands: Large topology table Large number of routes in a routing table Large number of neighbors in the neighbor table (some cases) High bandwidth demands Exchange of a large number of routing updates Sending many queries and replies
70
Router loses a route and does not have an FS in its topology table, it looks for an alternative path to the destination. This is known as going active on a route If a neighbor does not have an alternative route, it queries each of its own neighbors for an alternative path. The queries then propagate through the network, thus creating an expanding tree of queries. When a router answers a query, it stops the spread of the query through that branch of the network .
71
Router C
Router D
When EIGRP returns a stuck in active (SIA) message, it means that it has not received a reply to a query. Summarization can help prevent SIA.
72
Stuck-in-Active
EIGRP 101
EIGRP 102
The most common reasons for SIA routes are as follows: The router is too busy to answer the query The link between the two routers is not good A failure causes traffic on a link to flow in only one direction. This is called a unidirectional link. Misconceptions Using multiple EIGRP domains (ASs) to simulate OSPF areas (later) will help limit the scope of the queries. This is not true, the boundary router will create a new EIGRP query into the other EIGRP domain.
73
Preventing SIA
Cisco IOS Software Release 12.1(5) and later, with the Active Process Enhancement feature. This feature enables an EIGRP router to monitor the progression of the search for a successor route and ensure that the neighbor is still reachable.
74
BEFORE Active Process Enhancement feature. A 10.1.1.0/24 gone; no FS Never heard from B So after 3 min reset adjacency along with all networks Query 3 min timer
75
Thanks for letting me know, A I will not terminate our adjacency. After 1.5 min SIA Query
10.1.1.0/24 gone; no FS The neighbor relationship between Routers A and B remains intact.
Query
SIA Reply: Im ok but waiting on C B After 1.5 min SIA Query (3 attempts until I terminal adjacency with C)
76
Limiting the scope of query propagation through the network (the query range), also known as query scoping.
77
Router A was FS Now Successor Cant reply until I hear From Router A
Example in the book this is the simplified version (What if there were 100 routers!) When the query process starts, each path receives duplicate queries because of the redundant topology. Not only are the remote routers required to respond to queries from the regional offices, but they also continue the search by reflecting the queries back toward the other regional offices router. This significantly complicates the convergence process on the network. 78
Configure route summarization using the ip summary-address eigrp command on the outbound interfaces of the appropriate routers. Network must be designed so it is scalable Configure the remote routers as stub EIGRP routers.
79
When a router has received only a summary route, the specific network is not in the routing table. So the router replies to the query with a network 10.0.0.0/24 unreachable message and does not extend the query any further.
80
Stub Routers
Stub Routers
Introduced with IOS 12.0 Stub router Only has one neighbor Only needs a default route Commonly used in a hub and spoke network topology. Helps with convergence
82
Stub Routers
Queries
X
Im a Stub
Only the remote router is configured as a stub. Only specified routes are propagated from the remote (stub) router. Any neighbor will not query the stub router for any routes. Stub router will send a special peer information packet to all neighboring routers to report its status as a stub router.
83
Stub Routers
84
Queries
Stub Routers
X
Im a Stub
receive-only Stub does not send any route. No other keyword can be specified, Use this option if there is a single interface on the router. connected (default) Stub sends connected routes if the EIGRP network command is used (10.1.1.0/24). Otherwise you will need to use the redistribute connected command under the EIGRP process (later). static Stub sends static routes in its routing table. Redistributing static routes with the redistribute static command is still necessary (later). summary (default) Stub will send summary routes. Configured with the ip summary-address eigrp command or automatically at a major network border router with the auto-summary command enabled. redistribute - Stub will send redistributed routes. Redistributing routes with the redistribute command is still necessary.
85
eigrp stub connected Router B will advertise only 10.1.2.0/24 to Router A. Notice that although 10.1.3.0/24 is also a connected network. It is not advertised to Router A because there is not a network 10.1.3.0 0.0.0.255 command, and connected routes are not redistributed.
86
eigrp stub summary Router B will advertise only 10.1.2.0/23, the summary route that is configured on the router, to Router A.
eigrp stub summary
87
eigrp stub static Router B will advertise only 10.1.4.0/24, the static route that is configured on the router, to Router A. (Note that the redistribute static command is configured on Router B.)
88
89
eigrp stub redistributed Router B will advertise only 10.1.4.0/24, the redistributed static route, to Router A.
eigrp stub redistributed
90
Graceful Shutdown
Goodbye message feature, is designed to improve EIGRP network convergence. Router B is being reconfigured (EIGRP process shutdown). Router A would normally have to wait for its hold timer to expire before it would discover the change and react to it. Packets sent during this time would be lost.
91
Graceful Shutdown
Graceful shutdown - A goodbye message is broadcast when an EIGRP routing process is shut down, to inform adjacent peers about the impending topology change. Sends a Hello packet with K values all equal to 255 EIGRP peers will synchronize and recalculate neighbor relationships immediately instead of waiting for the hold timer expired.
92