CCNP ROUTE (Part 10 EIGRP Over NBMA)

In what I think will be the last post on EIGRP (I will save redistribution between routing protocols for another time), I want to look at what is needed to insure EIGRP runs smoothly over NBMA (non broadcast multi access) networks such as Frame Relay.

As I have covered before EIGRP relies on multicast hello messages to form its neighbour relationships, but NBMA network by default do not forward any broadcast or multicast traffic. So this is the first issue with getting it up and running.

To achieve this you have two choices. First you could if you wished manually set up the neighbours. Going under the EIGRP AS process you can issues the command

router#(config-router)#neighbor <IP ADDRESS>  <INT ID>

This need to be done on both ends of the link, and will change the interface from sending out multicast hello messages to directed broadcasts, so you need to enter addition neighbour statements for each neighbour you want to connect to.

For some NBMA networks (such as frame relay) CISCO has added in a command to allow the router to forward the broadcasts over the link. It does this by sending a copy of the multicast/broadcast packet to each neighbouring router. This is needed for multipoint networks

#router(config-inf)#frame-relay  map IP <neighbour IP>  <Local DLCI>  broadcast

Now rather than using the neighbour command the router will forward any EIGRP hello’s across the to any routers configured with the broadcast command in there mapping.

Either of these two methods will allow the formation across the NBMA.

However there’s is now the issue of split horizon. Imagen you have a central router connected to two remote routers, each with there own routing tables. Split horizon says that a route update received on an interface will not be sent back out that same interface.  This means that if one of the remote routers sends an update to the central router, it will not then be relayed over to the second remote router.. To allow this to happen you must manually disable split horizon (it is disabled by default on a physical interface but enabled on sub interfaces). The command is as follows

router(config-inf)#no ip split-horizon eigrp <AS>

So recapping there is two parts to this, first allowing the hello messages across the NBMA, and then insuring the updates get copied to all routers.

These problems mainly occur when using the multipoint method, using point to point (although requiring more IP addresses and subnetting) avoids both the split horizon issue and the non broadcast issues, and is generally the recommended option.

DevilWAH

CCNP ROUTE (Part 9 EIGRP Authentication)

Seeing as we just finished up a simple EIGRP lab, it seems a good opportunity to add one more simple thing in to the mix.

At the moment any one could in theory add a router in to the network, sniff for packets to determined the AS number we are running EIGRP on, and start advertising routes and forming neighbours. This is not something we want to happen, even if not a malicious attack a rogue router sending EIGRP hellos and updates could cause havoc with a network.

So like all good network administrators it is important to secure EIGRP against such happenings. This is achieved in EIGRP by means of md5 authentication and key-chains.

The theory works some thing like this. All routers must be in time with each other, if possible a time protocol such as NTP should be used, but you could also set the clocks manually (just remember to redo this after a reboot as the router will lose its time). One they are in sync we can set up the key-chains. Each key chain has a number, time frame in which it will be sent and a time frame in which it will be accepted, along with the actual key value its self.

For a key to be accepted as valid by a router, when it receives it, the key-chain number and the key value must match on both devices, and it must be revived with in the accepted time frame. Below is a generic template for setting up a key-chain.

Router(config)#key chain
Router(config-keychain)#key
Router(config-keychain-key)#key
Router(config-keychain-key)#send-lifetime
Router(config-keychain-key)#accept-lifetime

The idea is that you may use one key each month for example, with the accept and send time of the next key in the chain over lapping with the last slightly (if you have NTP the over lap can be a matter of seconds due to the increased sync of the routers clocks), to insure the neighbours do not get dropped during the change over of keys.

Once the keys have been set up you apply them to the interface which is sending out EIGRP updates as below.

interface FastEthernet0/0
 ip authentication mode eigrp <AS> md5
 ip authentication key-chain eigrp <AS> <keychain name>

I have set this up in the GNS3 lab here.. to get it working you will need to set the time on router 1 to 00:00:00 24th october 2010 (#clock set 00:00:00 24 october 2010), and then on router 2 remove and re-add the NTP server. This will sync up the clocks to the correct time for the configured key chains. You should then see the neighbours come up. Running a #Debug eigrp packets, and you will see the hellos and updated getting sent with the md5 authentication.

DevilWAH

CCNP ROUTE (Part 7 EIGRP General commands)

OK so been reading the intro to EIGRP, now its time to get configuring,  I think the best way to remember these is to take each one in turn and describe its function. Starting with the global commands, then the EIGRP specific commands, followed by some of the interface commands, and ending with a few basic verification commands. (For this post the configured name of the router will be “R1″)

GLOBAL COMMANDS.

R1(config)#ip routing.

This command is enabled by default on routers and disabled on layer 3 switches (some newer IOS do seem to have it enabled). Running this command enables routing on the device, with out it no routing of any kind will be preformed by the switch.

R1(config)#ip route <ip address> <subnet mask> <next hop address>

This command set a static route entry, not strictly EIGRP but important enough to know to be here. The next hop address can by an ip address to forward the traffic to, or jsut the interface to send the traffic out. It is considered best practice to if possible specify an ip address if possible. One common route entered this way is the “default route”

R1(config)#ip route 0.0.0.0 0.0.0.0 &lt;next hop address / interface&gt;

This sets the destination to pass all unknown traffic to, traffic that there is no specific entry in the routing table for.

R1(config)#router eigrp <AS number>

Enters into the eigrp configuration mode for the stated AS number, all routers running eigrp that are so share routing table/information, must be running the same AS number. If this is different then routers will not form neighbour relationships.

R1(config)#router eigrp 10

EIGRP CONFIGURATION MODE

R1(config-router)#auto-summary

By default this command is set to be enabled (although I believe in IOS version 15 is is now defaulted to “no auto-summery”). Having it enabled will cause EIGRP to automatically summarise all routes to their class full boundaries. Most people will want to diable this to give more control and manage summarization manually.

R1(config-router)#network <ip address> <wildcard mask>

This command has two separate effects. First it will enable the sending of routing update out of any interface that matches the address and wild card mask. Secondly it will advertise the networks that those interfaces have assigned to them. if for example you have the interface with the following ip address and subnet mask assigned. 192.168.5.254 255.255.255.0. and you add the eigrp network command.

R1(config-router)#192.168.5.254 255.255.255.255 (only the single ip address)

eigrp will send out updates on that interface, but these will included the advertised route 192.168.5.0 / 24, as this is the network subnet assigned to the interface.

R1(config-router)#Passive interface <int ID / Default>

Image you run the last command (network x.x.x.x y.y.y.y) on  the IP range for an interface that is connected to an end users network, with no other routers to form neighbours with? In this case you most likley do not want to send out routing updates but you still wish to advertise the network. In this case you can run the passive interface command to prevent multicast hello and update messages getting sent out.

R1(config-router)#neighbour <IP address> <interface ID>

Now Imagen you have run the passive interface command, but you wish to still send and receive updates from and two specific routers out of that interface? Using the neighbour command allows you to do this. In fact setting a neighbour in this method effectively turns the interface in to a passive interface by changing the hello messages from using the multicast address, to using unicast addresses.

INTERFACE CONFIGURATION MODE.

R1(config-if)#ip summary-address eigrp <AS num> <ip> <subnet mask>

If you have disabled auto-summary in the eigrp config mode, you may still want to do manual summarization. Configured under an interface, this command will summarize all routes that are advertised out that interface and that fall in to the summary network specified in to a single routing advertisment. Multiply summary address can be configured per interface, to cover multiply summary routes.

OK so that’s some of the eigrp commands to get started with. There are of course many more but using these it is possible to enable eigrp, configure the networks to be advertised (and what interfaces to advertise them on), and form neighbour relationships that will populate the routers routing table. So then the questions becomes how do we tell if it is all working

VERIFY COMMANDS

R1#show ip route

This will display the current routing table that has been populated by all routing protocols running, plus static routes and connected networks, that is used by the router to make decisions on the actually forwarding of data packets.

R1#show ip eigrp neighbours

Displays details about the neighbours EIGRP knows about. (neighbour table)

R1#Show ip eigrp topology

Show details of all networks that EIGRP has learnt about, details of how to reach them and what neighbours have advertised them. things like which one is the successor and feasible successors are shown here. This is a display of the topology table.

Now this table is not complete, so look out for part 2 to this table for when we get on to redistribution and more complex EIGRP setups.

DevilWAH

CCNP ROUTE (Part 6 EIGRP Terminology in Diagrams)

Well after last post I thought it would be good to get together some simple diagrams to help explain the different terms and how they are use in EIGRP.

So to start with lets look at the difference between the Feasible distance and the advertised distance.

Fig 1

We are assuming that we are router A in this set up looking to reach the destination network 192.168.10.0/24. When router B sends it update packet to router A it will contain an entry for this destination network, this will include the bandwidth, delay, reliability and load values along with the MTU (100kb and 250) delay for router B’s downstream link. Router A will then computer the metric from these, This will be the advertised distance. Router A will then add on any additional values from it’s link to the neighbour and recompute the metric, this will become the Feasible distance.

These two values are used for determining the best path to the destination network, and also for deciding if a router should be considered a valid back up route to a network. So lets add some more routers.

Fig 2

So now there are two paths, and the EIGRP needs to determine which one to use. Just like you would expect from any routing protocol when DUAL runs it will pick the route with the lowest Feasible Distance and assign this route as the Successor. So in the example above the Feasible distance (FD) going through router B is 76800, so this route becomes the Successor. Each alternate route is then examined and the Advertised Distance (AD) for each is compared to the FD of the Successor route (76800). If the AD of the alternative is less than the FD of the Successor, the route is added as a Feasible Successor (FS). This means it can be made the active route if the Successor fails, with out any need for re-computation. If the AD is grater than the FD then the route will be ignored. This simple little formula insures there can be no loops in the routes. However as we can see in this case it can also rule out valid redundant links, here the route through C would not be added as a FS.

Rather than an instant fail over, now if router B fails, router A will have to send a query out to router C, wait for the reply to return and re-computer through DUAL.

Hopefully this post helps make clear exactly how EIGRP determines the best routes and how it acts in the event of topology changes. I also hope it shows how it takes the best parts of the distant vector protocols, borrows some things from link state, to achieve a low overhead, fast and efficient solution.

DevilWAH

CCNP ROUTE (Part 5 EIGRP Terminology)

Rather than dive straight in to configuring EIGRP, I thought it would be nice to cover some of the terminology and some of the basic commands for setting it up with a little explication on what exactly they do. I have not decided if I will actually at any point include my labs on this site, as from experience I know there are some great labs around already. But what ever happens, I will either add my own or make sure there are links to some of the good ones I have come across in the course materials.

Termonology

DUAL, This is the EIGRP algorthem that runs to determine what routes are used by traffic.

Autonomous System (AS), all EIGRP routers that are to share the same routing topology, must be running in the same AS, we will cover setting this up later in the post.

Neighbour, a neighbour is a router that can be reached through a network segment that is running the same EIGRP AS and is directly sharing routing information with the local router.

Successor, the neighbouring router with the best cost path too a destination network, will be marked as the successor for that network and will be used as the next hop to forward traffic to it.

Feasible Successor, Other routers that also have a path to the same destination as the successor will be marked as Feasible Successors and used in the event of the primary successor failing. For a router to be considered a feasible successor the advertised distance to the destination, must be less than the feasible distance of the successor. (don’t worry I will come back to this with a digram later)

Feasible distance, this is the total cost to reach a destination network, it includes the cost of the link to the neighbour who is advertising the link.

Advertised Distances, this is the cost of reaching a destination network as advertised by the neighbouring router, or to look at it another way, it is the feasible distance minus the cost of the link to the neighbour.

Neighbour Table, contains a list of the neighbouring routers and information about them.

Topology Table, contains a list of all the known destination networks along with what neighbours are advertising them and there costs among other information.

Routing Table, once DUAL has run against the Topology table, it picks the best routes and adds them in to the routing table. It is this table that is used for actual routing discussions for data packets.

Metric, the metric is used when determining the best path to a destination network. It is worked out from a formula that included, Delay, Bandwidth, Reliability and Load.

Metric = 256*([K1*Bw + K2*Bw/(256-Load) + K3*Delay]*[K5/(Reliability + K4)])

with default settings K1 and K3 are set to = 1 and K2, K4 and K5 = 0 and this reduces the formmular to metric = 256*(Bw + Delay), where Bw is 10^7  divided by the bandwidth in kb/s (bandwidth is taken as the minimum along the path), and delay is the sum of the delay on each hop of the path in 10’s of microseconds, be-aware delay on show interface is shown in microseconds so needs to be divided by 10.

Note that the MTU is also sent as part of the metric, however it is not used for the purpose of finding the best route but is tracked so the routers know end to end the max MTU that can be used.

OK this post is getting longer than I expected, so rather than carry on with the configuration, I think I will get together a digram to help visualise some of these terms. So look out for part 6 coming your way in the near future

DevilWAH

CCNP ROUTE (Part 4 EIGRP Intro)

Before getting in to the configuration of EIGRP, its worth knowing some of the fundamental workings of the protocol, why and from where it was developed and how it differs from the other protocols in offer.

The first thing to note about EIGRP is that it is a CISCO propriety protocol. So no matter how great it is, unless you have 100% kit, and you company allows non-standardised protocols to be used (many government organisation for example will not allow its use), then you will be unable to implement. But lets assume you do have 100% CISCO and your company allows EIGRP, should you use it?

EIGRP was CISCO’s a step along from IGRP,  while IGRP was developed by CISCO as the step up from RIP. All are distant vector protocols where each routers receives a list of destination networks from each of its neighbouring routers, along with the cost to reach these networks. And from this information build a routing table that is used to route data packets by selecting the paths with the lowest cost to each destination.

EIGRP has several advantages on IGRP. First routes can be summarised at any interface on any router in the Autonomous system (more on AS’s in later posts), making it very flexible and truly a classless routing protocol. Secondly EIGRP runs DUAL ( Diffusing Update Algorithm ), Unlike most other routing protocols EIGRP learns not only the best path to a destination network but also any backup routes. So if there is a topology change, and a backup route exists it can be determined and activated in a very short space of time (milliseconds). Running DUAL also results in much lower processor overheads during topology changes and allows for not only load balancing across equal links, but also across unequal links (the only protocol to allow this). CISCO label EIGRP as an advanced distant vector protocol, as it benefits from many things found in link state protocols (loop free), while retaining the speed and simplicity of distant vector. It is also very simple to configure. Should you use it or not is a personal choice, however many of the networking experts in the field will agree with CISCO and confirm it is a very solid and efficient protocol to use.

EIGRP relies on 4 major components.

  1. Neighbour discovery and recovery.
  2. Reliability of transport of EIGRP management traffic.
  3. The DUAL finate state machine.
  4. The Protocol dependent model.

For neighbour discovery, Each router sends out periodic hello messages, when other routers receive these they check for compatibility and then reply. Once the neighbour relationship is formed updates containing routing data can be sent. One the initial updates have been exchanged and each router has the routing tables from its neighbour, the only updates that will be sent are for changed in topology. Other wise only hello messages are sent to determine the status of the relationship.

To keep traffic overheads down, EIGRP only uses reliable transport when needed. For example Hello messages may be sent as multicast with out reliability. Where as updates are sent as unicast with reliability. If it is to be used or not is determined by the originator requesting it in the packet.

DUAL finite state machine. When DUAL is run on the neighbourhood table and Topology table (more about them later), it will pick the best cost path and add this to the routing table as the successor route. All other routes will be checked to see iof they match the requirements to be a Feasible successor, if so they will be marked as such. In the case of the successor failing, DUAL will pick the next best Feasible successor and add that to the routing table. This requires no re computation, if no Feasible successor can be found then it will query the neighbouring routers for the route.

The Protocol dependent module deals with network layer protocol specific requirements. EIGRP can route multiple protocols, it is the IP-EIGRP module that is responsible for IP routing.

EIGRP Tables.

There are 2 tables that are specific to EIGRP, the “neighbour table” and the “topology table”.

The Neighbour table contains a list of every neighbour that the router knows about, along with details of things like, address, interface, hold time, sequence numbers, and round trip times.

The topology table contains a list of all the learnt destination address, and for each router that has advertised the network, the advertised distant for the path, plus feasible distant, as well as the next hop router address. (It is worth noting that routers will only advertised links in actually use to an upstream router, feasible successors are not advertised if they are not involved in forwarding traffic)

DUAL runs on these two tables to form entries to the IP routing table that is used to forward data packets.

EIGRP Packet types.

  • HELLO/ACK’s
  • Updates
  • Queries
  • Reply
  • Requests

Hello’s are sent generally as multicast, in an unreliably manor, the ACK (which is an empty hello message) is sent as unicast to the originator.

Updates that contain route information are usually sent as unicast, however updates that only contain link cost changes can be sent as multicast. Which ever method they are sent using the reliable method.

Queries are sent when a router loses the link to a destination and does now have a feasible successor in there topology, they will then queries all there connected neighbours to see if they have a path. Neighbours will reply is they have a successor to the destination, or if not will pass on the request to there neighbours.  Queries are multi-case replys unicast, both are treated as reliable traffic.

Requests are sent to nebighour routers to request specifice information (route server applications), they can be both multi-cast or unicast and are always set as unreliable.

Route tagging and Route states.

EIGRP is aware of internal and external routes, routes can be tagged to allow passing of information between EIGRP AS’s or when redistribution occurs between different routing protocols. (we will come back to tagging later) This allows from more controlled policy based routing.

Routes in EIGRP can be in one of two states. Passive which is good and means a route is stable in the topology. and Active when the router is forming a re-computation on the route. This would happen where there is no feasible successor and the router is having to query neighbouring routers. Ideally routes should almost never be in the active state.

Further reading

Eigrp intro cisco

Internetworking Technology Handbook EIGRP

Next time we will explore some of the terminology of EIGRP before running through the more common configuration and verification commands.

DevilWAH

CCNP Route

Well I Official started my ROUTE studies last night. :) Back when I started this blog I was already well in to my study of the SWITCH material, and like wise creating Flashcard pack I made up with Anki was a rushed job as I went over the material. So I know neither the blog or the cards are really suitable for any one but me to use for studying.However for the ROUTE I want to do things correctly, even if this means it take me a little longer to achieve. I hope (and please let me know if I don’t) to post around two or three Lab based posts for each of the major area’s of the ROUTE material. Including EIGRP, OSPF, IPv4, BGP, Redistribution and IPv6. These will be tagged in category with a quick link on the menu bar for easy access. I also will be attempting to make a much better set of Flash cards this time round, that are more suitable for using as revision / memory aid. I hope combined these will make useful addition materials to people studying for there ROUTE exam.

Of course along side the ROUTE posts, I will also be trying to keep up with other interesting things I come across both inside and outside of IT. We shall have to see how things go. But I hope over the next few months I can really start to fill out this blog and produce some thing that other people will find useful. After all half the fun in learning things is to be able to pass it on to others.

On a side note I came across this today, EIGRP disababled by default. This is interesting for two reasons. The first of course being that it is nice to see CISCO have listened and have set the default to what 95% of us have to manualy set it to any way :). And secondly this comes from www.tekcert.com. Which is a new blog that Jeremy Cioara of CBT nuggets Fame is now posting on along with a fellow IT tec guru Adam. Another site to add to the Favourite bar, don’t worry if you forget it will be in the links above. 😉

DevilWAH