Implementing Advanced EIGRP

3 Advanced Basic Configuration

3.1 EIGRP over NBMA Networks

figure 1

How DLCIs work

• X.25 (this was the first protocol of frame relay – followed by)
• ATM
• MPLS

• Each Router is connected to a shared bandwidth
• This is called a PVC (permanent virtual connection)
• The connected participants uses numbers(DLCI) to communicate
• DLCI = data link connection identifier
• Communication over the cloud uses numbers instead of MAC addresses
• Each PVC has its own bandwidth limitation – called CIR(committed information rate)
• Different PVC’s can come in on a single physical interface
• the DLCIs numbers must be different in one Frame Relay cloud




Frame Relay PVC Design

figure 2






How EIGRP handles NBMA

• EIGRP can use “Pseudo-Broadcasts” or manual neighbors
• Broadcasts were denied
• Multicast messages were denied
• Multicast address were 224.0.0.10 to form neighbor relationship
• Pseudo Broadcast, because the broadcast were limited of the use of DLCIs. So it is called a Pseudo-Broadcast.
  Later, there will be explained in the LAB.
• With multipoint you save subnets. With point-to-point not
• Using the neighbor command in the routing process, you change a multicast address into a unicast address.
• One manual neighbor statement disables multicast.
• Split Horizon can be an issue
• figure 2 – Hub and Spoke. If a Router MD# sends a routing advertisement, the router AZ# who recieved this packet,
  send the advertisement not back on the same interface, where he gets the advertisement. So – CA#
  do not know everything about the networks from MD#.
• Split Horizon – Disabled on physical interfaces
• Split Horizon – Enabled on Sub-interfaces




EIGRP Frame Relay Configuration

LAB environment






LAB Configuration

Configuration of the Frame – Relay Switch

+++++++ FRS +++++++
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface Serial2/2 201
frame-relay route 103 interface Serial2/1 301
!
interface Serial2/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 301 interface Serial2/0 103
!
interface Serial2/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface Serial2/0 102
!
+++++++ HQ +++++++
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial2/0.1 multipoint
ip address 172.16.124.1 255.255.255.248
frame-relay map ip 172.16.124.3 103 broadcast
frame-relay map ip 172.16.124.2 102 broadcast
!
+++++++ EAST +++++++
!
interface Serial2/2
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial2/2.1 multipoint
ip address 172.16.124.2 255.255.255.248
frame-relay map ip 172.16.124.1 201 broadcast
!
+++++++ WEST +++++++
!
interface Serial2/1
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial2/1.1 multipoint
ip address 172.16.124.3 255.255.255.248
frame-relay map ip 172.16.124.1 301 broadcast
!




Objectives

• Configure EIGRP using AS 25 for the shown network. All networks should be announced via EIGRP
and should be reachable from all routers (you can ping the loopback interfaces to test). You may not
change the underlying Frame Relay configuration or IP addressing to accomplish this.

Configure EIGRP using AS 25….

+++++++ HQ +++++++
HQ#conf t
HQ(config)#router eigrp 25
HQ(config-router)#network 10.1.0.0 0.0.255.255
HQ(config-router)#network 172.16.0.0
HQ(config-router)#no auto-summary
HQ(config-router)#end
HQ#

+++++++ EAST +++++++
HQ#conf t
HQ(config)#router eigrp 25
HQ(config-router)#network 10.2.0.0 0.0.255.255
HQ(config-router)#network 172.16.0.0
HQ(config-router)#no auto-summary
HQ(config-router)#end
HQ#

+++++++ WEST +++++++
HQ#conf t
HQ(config)#router eigrp 25
HQ(config-router)#network 10.3.0.0 0.0.255.255
HQ(config-router)#network 172.16.0.0
HQ(config-router)#no auto-summary
HQ(config-router)#end
HQ#

• If you type at Router EAST ‘show ip route’ you do not see the 10.3.0.0 from the WEST Router. This is because of the ‘Split Horizon’ effect.

+++++++ HQ +++++++
HQ#conf t
HQ(config)#int s2/0.1
HQ(config-subif)#no ip split-horizon eigrp 25
HQ(config-subif)#
*Aug 21 13:36:21.419: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 25: Neighbor 172.16.124.2 (Serial2/0.1) is resync: split horizon changed
*Aug 21 13:36:21.419: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 25: Neighbor 172.16.124.3 (Serial2/0.1) is resync: split horizon changed
HQ(config-subif)#end
HQ#

• Each office should generate an efficient EIGRP summary route to minimize routing table entries.

Each office should generate….

+++++++ HQ +++++++
HQ# conf t
HQ(config)#itn s2/0.1
HQ(config-subif)#ip summary-address eigrp 25 10.1.1.0 255.255.252.0
HQ(config-subif)#end
HQ#

WEST# sh ip route
.
output suppressed
.
D 10.1.0.0/22 [90/2297856] via 172.16.124.1, 05:00:17, Serial2/2.1
.

• configure ‘summary-address’ for EAST and WEST Router, too

• Configure the HQ router to utilize up to 30% more of the allocated serial interface bandwidth then
EIGRP’s default configuration.

Configure the HQ router….

In normal case eigrp use the half bandwidth for eigrp updates on one interface. This will divided by the amount of neighbors. In our case that will be 32kbps/2 = 16kbps.
To encrease this value up to 30% use the following command.

HQ#conf t
HQ(config)#int s2/0.1
HQ(config-subif)#ip bandwidth-percent eigrp 25 80
HQ(config-subif)#end
HQ#

3.2 Enabling EIGRP Authentication

• Enable authentication between all EIGRP routers. You should use two authentication keys:

Key 1
Passphrase:”cisc1″
Accepted from: Midnight on Jan 1, 2010 until Midnight on Feb 1, 2010
Sent from: Midnight on Jan 1, 2010 until Midnight on Feb 1, 2010

Key 2
Passphrase:”cisco2″
Accepted from: Midnight on Jan 28, 2010 until eterity
Sent from: Midnight on Jan 28, 2010 until eterity

Enable authentication….

+++++++ HQ +++++++

HQ#sh run | s key chain
key chain EIGRP_KEYS
key 1
key-string cisco1
accept-lifetime 00:00:00 Jan 1 2010 00:00:00 Feb 1 2010
send-lifetime 00:00:00 Jan 1 2010 00:00:00 Feb 1 2010
key 2
key-string cisco2
accept-lifetime 00:00:00 Jan 28 2010 infinite
send-lifetime 00:00:00 Jan 28 2010 infinite
HQ#

• Configure the above strings also to router EAST and WEST. Simply copy and paste.

Activate the authentication

HQ#conf t
HQ(config)#int s2/0.1
HQ(config-subif)#ip authentication mod eigrp 25 md5
HQ(config-subif)#ip authentication key-chain eigrp 25 EIGRP_KEYS
HQ(config-subif)#end
HQ#

• Configure the above strings also to router EAST and WEST. Simply copy and paste.

3.3 Best Practices

• 3.3.1 Eavesdropping on EIGRP neighbors
• 3.3.2 Understanding the Query Process

3.3.1 Eavesdropping on EIGRP neighbors

debug modes

EAST#debug eigrp ?
<1-65535> Autonomous System
fsm EIGRP Dual Finite State Machine events/actions
neighbors EIGRP neighbors
nsf EIGRP Non-Stop Forwarding events/actions
packets EIGRP packets
transmit EIGRP transmission events
vrf Select a VPN Routing/Forwarding instance


EAST#debug eigrp packets ?
SIAquery EIGRP SIA-Query packets
SIAreply EIGRP SIA-Reply packets
ack EIGRP ack packets
hello EIGRP hello packets
ipxsap EIGRP ipxsap packets
probe EIGRP probe packets
query EIGRP query packets
reply EIGRP reply packets
request EIGRP request packets
retry EIGRP retransmissions
stub EIGRP stub packets
terse Display all EIGRP packets except Hellos
update EIGRP update packets
verbose Display all EIGRP packets


EAST#debug eigrp packets
EAST#
*Aug 21 19:53:05.858: EIGRP: Sending HELLO on Loopback2
*Aug 21 19:53:05.858: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Aug 21 19:53:05.866: EIGRP: Received HELLO on Loopback2 nbr 10.2.2.1
*Aug 21 19:53:05.866: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0
*Aug 21 19:53:05.866: EIGRP: Packet from ourselves ignored
*Aug 21 19:53:06.694: EIGRP: Sending HELLO on Loopback1
*Aug 21 19:53:06.694: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Aug 21 19:53:06.702: EIGRP: Received HELLO on Loopback1 nbr 10.2.1.1
*Aug 21 19:53:06.702: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0
*Aug 21 19:53:06.702: EIGRP: Packet from ourselves ignored
EAST#
*Aug 21 19:53:06.726: EIGRP: Sending HELLO on Loopback3
*Aug 21 19:53:06.726: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Aug 21 19:53:06.734: EIGRP: Received HELLO on Loopback3 nbr 10.2.3.1
*Aug 21 19:53:06.734: AS 25, Flags 0x0, Seq 0/0 idbQ 0/0
*Aug 21 19:53:06.734: EIGRP: Packet from ourselves ignored

3.3.2 Understanding the Query Process

figure 3





Look at figure 3.


When network 172.30.1.0 goes down, R2# send a query messages to all Routers and so on.
This causes an enormous control traffic of eigrp. R2 keep in for minimum 3 minutes in stuck in active mode. All other Routers reply with a Query Reply.
There are two methods to correct this problem.
• 1. Summary Routes
• .2 stub configuration



1. The summary route will be send with a query to a neighbors router. But they don’t reply with a query,
because the router says. You told me about this summary address and i can’t help with a backup route.

2. Go into the router process for eigrp 25 and configure a stub.

R2(config-router)#eigrp stub ?
connected Do advertise connected routes
leak-map Allow dynamic prefixes based on the leak-map
receive-only Set IP-EIGRP as receive only neighbor
redistributed Do advertise redistributed routes
static Do advertise static routes
summary Do advertise summary routes


R2(config-router)#eigrp stub

If you hit enter, the default value is ‘connected’ and ‘summary’