Monday, July 16, 2007

I. EIGRP Topic

EIGRP Enhanced Interior Gateway Routing Protocol

I. Introduction

Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary classless routing protocol that uses a complex metric based on bandwidth and delay. The following are some features of EIGRP:
- fast convergence
- support for VLSM
- partial triggered updates conserve network bandwidth
- supports Multiple Network Protocol,PDM Example: IP, AppleTalk, and IPX
- support for all layer 2 (data link layer) protocols and topologies
- sophisticated metric that supports unequal-metric proportional load-balancing
- use of multicasts and unicasts instead of broadcasts
- support for authentication

- backup Routes (DUAL)

- hybrid Protocol, both distance vector and link-state

- supports multiple AS on a single router

Administrative Distance

External EIGRP(redistributed) – 170

Internal EIGRP - 90

Neighbor Discovery Conditions

  1. Hello and ACK
  2. As-number must be match

Note: different AS don’t share routing information

  1. Identical Metrics (k values)

Hello Protocol

- multicast address

- sent every 5 secs with BW > 1.544

- sent every 60 secs with BW<1.544>

RTP (Reliable Transport Protocol)

- cisco proprietary, guaranteed ordered delivery of packets

- uses multicast and unicast


  1. sends multicast traffic Class D
  2. maintain the lists of neighbors replied
  3. if it doesn’t get a reply it will send unicasts packet
  4. 16 unicasts attempts to declare a neighbor is down

DUAL (Diffusing Update Algorithm)

Convergence in two folds

First: maintains a copy of all the neighbor routes, if best path is down it examines the content of the topology table and select a replacement

Second: if no good alternatives, quickly ask the neighbors to find one

II. EIGRP Tables

  1. Neighbor Table – list adjacent routers

  1. Topology Table – lists all learned routes to each destination, feasible successor are found here

- contains the metric, AD and FD

- active state- router is performing recomputation, if FS are always available, a destination never has to go to active state. passive state – router is not performing recomputation

Recomputation Process (Active State)

- occurs when a destination has no FS

- while destination is in active state, the router’s routing table info cannot be changed

  1. router sends a query packet to each of its neighbors (active state)
  2. if the neighbor has a route for the destination it sends a reply and stops the query from spreading in other branch of the network
  3. if the neighbor has no route, it will send a query packet to other neighbors(active state)
  4. after a router received a reply from each neighboring router, the destination returns to passive and the router can select a successor

  1. Routing Table – contains the best route to each destination called the successor route

-the router compares all FD’s to reach a specific network and selects the route with the lowes FD and places it on the routing table

Holdtime – the amount of time that a router treats a neighbor as reachable and operational

EIGRP Terminologies

Feasible Distance (FD)

- how far a network is away from your router

- cost between the next hop router and the AD

Advertised Distance (AD)

- how far is it away from your neighbor

- cost between the local router and the next hop router

Successor/Current Successor – the best path (injected on the Routing Table)

Feasible Successor – backup path (Topology Table)

By default:

4 Successors with the same FD.

Total of 6 paths= 1 Successor + 5 Feasible Successor

To qualify to be a FS:


FD(successor) > AD(fs to be)

Note: if no suitable successor (FS) is found after topology change, recomputation must occur.

EIGRP Table Illustrations

III. EIGRP Packets

  1. HELLO :

- for neighbor discovery (MULTICAST and NO ACK)

  1. UPDATE:

- contains route change information

- sent reliably to affected routers only (triggered updates)

- unicast to a specific or multicast to multiple attached routers

(Triggered updates – only changes are sent unlike RIP where all Routing tables is sent)

  1. QUERY:

- query are sent when router performs recomputation

- sent to determine if neighbors have FS

- normally multicast or unicast on certain cases

- are sent when a route is lost and no feasible successor is available

- are sent to all neighboring routers on all interface except the interface of the successor

  1. REPLY:

- response to QUERY packet

- are unicast reliably to the originator

  1. ACK:

- acknowledges the UPDATE, QUERY and REPLY packets.

- unicast hello packets , nonzero acknowledgment number

Initial Route Discover

IV. EIGRP Metric (k values)

- same metric as IGRP, EIGRP metric is IGRP metric multiplied by 256

- IGRP metric is 24 bits length, EIGRP metric is 32 bits in length

- for routers to communicate they must have the same metric or k values, mismatched can cause neighbor to be reset

5 Criteria for metric computation

  1. Bandwidth

- the smallest bandwidth between source and destination

  1. Delay

- the cumulative interface delay along the path

The following critera are not to be change as cisco recommends it.

  1. Reliability

- worst reliability between source and destination based on keepalives

  1. Load/Loading

- worst load on a link between source and destination based on packet rate and configured bandwidth of the interface

  1. MTU

- smallest MTU on the path

Router#show interface serial 0

MTU 1500 bytes, BW 1 Kbit, DLY 50 usec, rely 255/255, load 1/255

Calculating Metrics

By default:

Metric = bandwidth (slowest link) + delay (sum of delays)

Delay – sum of delays in the path, in microseconds

Bandwidth – 10^7 / min bandwidth (kilobits)

K values

K1 = 1 (BW)

K3 = 1 (Delay)

K2(Load),K3(Rlb),K4(MTU) = 0

EIGRP metric = Bandwidth + Delay

EIGRP Bandwidth = (10^7/min bandwidth along the path in kbps)*256

EIGRP Delay= (sum of delay in the path in tens of microseconds)*256

Notes: the format of the delay and bandwidth values used for EIGRP metric calculations is different from those displayed by the show interface command.


IGRP metric = EIGRP metric / 256

Changing the values



Router(config-if)#ip bandwidth-percent eigrp

Router(config-router)#metric weights k1 k2 k3 k4 k5

Router#show ip protocols

V. Configuring EIGRP

Router(config)#router eigrp

Router(config-router)# network

Router(config-router)#no auto-summary


Router(config-if)ip bandwidth-percent eigrp

- network command indicates what interface will participate in eigrp process

- no auto summary turns off classful routing (on by default)

- if you do not use wildcard mask it will assume a classful network

- use the mask to specify interface

- use the wildcard mask combination matches all interface

- wildcard are useful when connecting to different AS

- if no bandwidth is configured on the interface it will default to 1.544Mbps T1


By default, EIGRP uses 50 percent of the bandwidth on an interface.

The ip bandwidth-percent egrp 100 200 command will process 200 percent of the bandwidth.

Example: Configure EIGRP process on AS 100

Router(config)#router eigrp 100




Router(config-router)#no auto-summary


Router(config)#interface serial 0/0

Router(config-if)#bandwidth 64

Router(config-if)#ip bandwidth-percent eigrp 100 50

Wildcard Mask in EIGRP

VI. Configuring the ip default-network command

- used to configure the last-resort gateway or default route

- router configured on this command considers the network listed as the last-resort gateway which will be announce to other routers

Router(config-router)#ip default-network

<> - classful destination

- must be recheable by the router

- the network must be either be EIGRP derived in the routing table or be generated using a static route, redistributed


Router(config)#router eigrp 100

Router(config-router)#ip default-network

Router#show ip route


Example:Advertising a default route

Router(config)#router eigrp 100


Router(config-router)#router eigrp

Router(config)#interface loopback 0

Router(config)#ip address

Router(config)#ip route lo 0

Router#show ip route

S* is directly connected

Configuring ip default-network command

VII. Verifying EIGRP Routes

To verify EIGRP operations

Router#show ip route eigrp

Router#show ip protocols

- gives information on dynamic routing protocol running on the router

Router#show ip eigrp traffic

- displays number of various EIGRP packets send and recieved

Router#show ip eigrp topology

- lists networks known by this router through EIGRP process

Router#show ip eigrp interfaces

- displays information about interfaces configured for EIGRP

Router# show ip eigrp neighbors

-shows eigrp neighbors

Several route types:

D – EIGRP routes

D EX – external EIGRP routes

VIII. Route Summarization

Summarization on EIGRP

- reduces the amount of EIGRP traffic

- smaller routing tables, smaller updates, less bandwidth intensive

- automatic summarization is enabled by default for EIGRP

- configured on a per interface basis, creates a routing point to null0

- the minimum metric of the specific routes is used as the metric of the summary route

- when the last specific route of the summary goes away, the summary is deleted

Configuring Manual route summarization

1. Turn off automatic summarization

Router(config-router)#no auto-summary

2. Create summary address that this interface will generate

Router(config-if)#ip summary-address eigrp


Router(config-if)#ip summary-address eigrp 100

Router#show ip route

D is a summary, 00:00:02, Null0


- The summary route is advertised only if a component of the summary route is present in the routing table

- Summary route is source from Null0 and not the actual interface.

- If no AD is configured it will default to 5

- for discontigous network auto-summarization must be disabled and use ip-address summary command instead.

Routing Table Entries

  1. Most specific routes, /30 is preferred over /24.
  2. AD – the lesser the preferred
  3. metrics

Manual Summarization

Verifying the result

IX. EIGRP Load Balancing

Equal Cost Load Balancing

- the ability of a router to distribute traffic over all its network ports that are the same metric from the destination address

- max of 4 equal paths by default

- using the maximum-paths command, up to 6 equally good routes can be kept in the routing table

- setting the maximum-paths 1 command will disable load balancing

- when process-switched, load balancing over equal cost occurs on per-packet basis

- when fast-switched, load balancing over equal cost occurs on per-destination basis

Unequal-cost Load Balancing

- EIGRP can balance traffic across multiple routes that have different metrics

- it is controlled with the variance command

- if path is not a feasible successor it is not used for load balancing

variance command

- multiplier with a value of 1 to 128

- default is one (equal cost load balancing)



  1. FD(successor) > AD(feasible path to be)
  2. FD(successor) x Variance > FD(feasible path to be)


Router(config-router)#variance 2

Router(config)#clear ip eigrp neighbor

Variance example

X. EIGRP Bandwidth Across WAN Links

- EIGRP operates efficiently in WAN environments

- scalable on both P2P and multipoint NBMA links

- by default, EIGRP uses 50 percent of the bandwidth of an interface or subinterface

- uses the bandwidth of the link set by the bandwidth command

Changed the percentage used

Router(config-if)#ip bandwidth-percent eigrp

Bandwidth utilization over WAN interfaces

1. P2P using Frame Relay

- treats bandwidth as T1 by default

- should manually configure bandwidth as the CIR of the PVC

- all virtual circuit are treated equally, dividing the link speed into the number of remote sites

2. Multipoint Frame Relay, ATM and ISDN PRI

- uses bandwidth on the physical interface divided by the number of neighbors on that interface to calculate the bandwidth attributed per neighbor

XI. EIGRP Route Authentication

- to prevent your router from receiving fraudulent route updates

- no authentication by default

- when enabled the router authenticates the source of each routing update packet it receives

- authentication is accomplished by exchanging authentication key (password) that is known to both the sending and receiving router

2 Types of Authentication

a. Simple password Authentication/Plain Text Authentication

- supported by IS-IS, OSPF and RIPv2

- sends the key over the wire, unsecured process

b. MD5 Authentication

- supported by OSPF, RIPv2, BGP and EIGRP

- sends message digest instead of the key

- cryptographic authentication, a key(password) and key-id are configured

- key ID generates a message digest called hash that is appended to the packet

Configuring MD5 Authentication

1. Type of authentication used for EIGRP packets

Router(config-if)#ip authentication mode eigrp md5

Example: Configure md5 authentication on interface serial 0, on AS 100

Router(config)#interface serial 0

Router(config-if)# ip authentication mode eigrp 100 md5

2. Enable authentication of EIGRP packet

Router(config-if)#ip authentication key-chain eigrp

Example: Enable authentication on AS 100 and identifies key-chain named JEPOY

Router(config)#interface serial 0

Router(config-if)#ip authentication key-chain eigrp 100 JEPOY

3. Enter configuration mode for the key-chain

Router(config)#key chain

4. Identify key and enters configuration mode for the key-id


5. Identify key string(password) from 1 to 80 alphanumeric character, except the first character must not be a number


6. Optional: when key will be accepted for received and sending packets

Router(config-keychain-key)#accept-lifetime {infinite | duration }

Router(config-keychain-key)#send-lifetime {infinite | duration }


hh:mm:ss month date year

hh:mm:ss date month year

hh hours, mm minutes, ss seconds, month first 3 letters, date (1-31), year (4 digits)

default time and date is January 1, 1993

Creating the key chain

Order of commands:

key chain


key string




Router(config)#interface serial 0

Router(config-if)# ip authentication mode eigrp 100 md5

Router(config-if)#ip authentication key-chain eigrp 100 JEPOY


Router(config)#key chain JEPOY

Router(config-keychain)#key 1

Router(config-keychain-key)#key string 0123456789

Router(config-keychain-key)#accept-lifetime 04:00:00 Jan 1 2007 infinite

Router(config-keychain-key)#send-lifetime 01:00:00 Jan 1 2007 04:00:00 Jan 1 2006

accept-lifetime 04:00:00 Jan 1 2006 infinite

- this key is acceptable for use on packets received from Jan 1 ,2007 onward

send-lifetime 05:00:00 Jan 1 2007 05:05:00 Jan 1 2007

- this command specifies that this key is valid for use only when sending packets for one minute only on Jan 1, 2007


Verifying MD5 Authentication

Router(config)#debug eigrp packets

- invalid authentication, authentication mismatch are seen on the console

Authentication example


Hub/Distribution Router

Stub/Remote Router

Hub and spoke topology

- stub router forward all non local traffic to hub so it becomes unnecessary to hold the complete routing table

- stub router sends a special peer info packet to all neighboring routers to report its status as a stub router

- a neighbor that receives a packet informing if of the stub status does not query the stub router for any routes

- stub router responds to queries as inaccessible

- queries are not propagated on stub routers

- only remoter routers are configured as stub

- hub router need not send anything more than a default route to the remote router

Configuring EIGRP Stub

Router(config-router)#eigrp stub [connected,summary,static,receive-only]


- default is summary and connected if no options is configured

summary - permits stub to send summary routes

connected – permit stub to send connected routes, must be redistributed

static – permits stub to advertises static routes only, must be redistributed

receive-only – prevents stub from sending any type of route, will not advertised anything

SIA Stuck in Active

Stuck in Active: taking too long waiting for a query

- route can only move from active to passive state if it receives a reply message generated by a query

- if it doesn’t receive a reply for 3 minutes the route goes to SIA state

- when the route goes SIA state, the querying router resets the neighbor relationship to the neighbor that fails to reply

Common reasons for SIA routers

  1. high CPU usage or memory problems
  2. link between the routers is not good, packets are lost
  3. unidirectional link, traffic on one direction only

Graceful shutdown

- implemented with the goodbye message feature

- a goodbye message is broadcast when an EIGRP routing process is shut down

- are sent in hello packets

- sends on a interface with all K values to 255

Eavesdropping on EIGRP Neighbors

Router#debug eigrp packets

Router#undebug all

To be more specific

Router#debug eigrp packets query reply

EIGRP: Enqueueing QUERY


EIGRP: Receiving REPLY


Gaurav said...

Hi This is very usefull for the Networking guys ...and good luck ...

Anonymous said...

Hello would you mind letting me know which hosting company you're working with? I've loaded your blog in 3 completely different web
browsers and I must say this blog loads a lot faster then
most. Can you recommend a good hosting provider at a reasonable price?
Thanks, I appreciate it!

my web blog ... Psn Code Generator