Introduction
EIGRP is a Cisco proprietary enhanced distance vector (hybrid) routing protocol. The basic configuration of EIGRP
is covered in another lab. This one focuses on advanced EIGRP features such as summarization, stub routing, load
balancing and authentication.
Technology Background
Let's recap on commands needed to start EIGRP and advertise networks:
Router(config)#router eigrp <as>
Router(config-router)#network <network> <wildcard mask>
Example:
Router(config)#router eigrp 10
Router(config-router)#network 10.1.1.0 0.0.0.255
Route Summarization:
A large routing table can cause scalability problem and an administrative nightmare. EIGRP automatically
summarizes routes at classful network boundaries. It can be disabled using the no auto-summary command in the
EIGRP configuration mode.
Manual summarization can be done at any point in the network. Manual summarization is configured using the
following command:
ip summary-address eigrp <as> address mask
For example if you have a router advertising network 10.1.0.0/24 to 10.1.254.0/24 to an upstream neigbor, then all
the routes can be summarized to a single route using the following command:
ip summary-address eigrp 10 10.1.0.0 255.255.0.0
Stub Routing:
EIGRP keeps track of all the routes that it learns. If a route is lost, it will query every neighbor for that route. The
neighbors in turn will query their neighbor and will not respond to the original query till it receives a reply from all
its neighbors. Lets look at Figure 1 to understand what happens when a route is lost :
Figure 1
Let's assume that EIGRP is running on all routers in Figure 1 and RouterA is advertising a route to 10.1.1.0/24
network to RouterB. If RouterA goes down, RouterB will query RouterC for any an alternate route to 10.1.1.0/24.
At this stage the route to 10.1.1.0/24 is said to have gone active.
RouterC will query RouterD and wait for RouterD to resond before it will respond to RouterB. Meanwhile RouterD
will query RouterE and wait for RouterE to respond. So all the Routers in the chain are queried.
Now let's assume that RouterE has temporary network lag or high CPU usage and fails to respond to RouterD. So
RouterD does not respond to RouterC which does not respond to RouterB.
On RouterB the route to 10.1.1.0/24 is now said to be Stuck in Active (SIA). Since a response was not received the
EIGRP neighborship will be torn down in some time and re-established using normal procedure.
SIA situations can become very ugly and cause some serious downtime. To prevent such situations Cisco introduced
stub routing in EIGRP. Any neighbor that receives a packet informing it of the stub status will not query the stub
router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on
itsneigboring router to send the proper updates to all peers.
A router can be configured as stub using the following command:
Router(config-router)# eigrp stub [receive-only | connected | redistributed | static | summary]
The options of the command are discussed below:
receive-only : This will not permit the router not to advertise any routes. It cannot be combined with any other
option
connected: This will permit the router to advertise connected routes. This option can be combined with other
options. This option is enabled by default.
redistributed: This will permit the router to advertise redistributed routes. This option can be combined with other
options.
static: This will permit the router to advertise redistributed static routes. This option can be combined with other
options.
summary: This will permit the router to advertise summary routes. This option can be combined with other options.
This option is enabled by default.
Example:
Router(config-router)#eigrp stub connected static
Load Balancing:
EIGRP will load balance across 4 equal cost pathss by default. Which means if the metric of up to 4 paths to the
same destination are equal, the packets will be divided amongst the paths. The number of such paths can be
increased to 6 using the following command:
Router(config-router)#maximum-paths 6
EIGRP also supports load balancing across unequal cost paths using the variance command. If the variance number
is higher than the default value of 1, the EIGRP process multiplies
the best (lowest) metric by the variance. All paths to the same destination that have metrics
less than this value are now included in load balancing. The amount of traffic sent over
each link is proportional to the metric for the path.The variance can be between 1 to 128.
Example:
Router(config-router)#variance 5
Authentication:
EIGRP supports two forms of authentication: simple passwords and MD5 hashes. Simple
passwords are sent as clear-text and matched to the key on the receiver. Anyone listneing on the wire can find out
the clear-text key. Hashed keys, sent as MD5 values, are secure because a listener cannot use the value in the packet
to compute the key.
Before configuring authentication we will need to create a key-chain containing the key used for authentication. The
commands require to do this are :
Router(config)#key chain <name>
Router(config-keychain)#key <key-id>
Router(config-keychain-key)#key-string <key>
Once the key chain is created, authentication needs to be applied on per interface basis:
Router(config-if)#ip authentication mode eigrp <AS> md5
Router(config-if)#ip authentication key-chain eigrp <AS> <key chain name>
If the first command is not used then clear text mode will be used.
Example:
Router(config)#key chain labkey
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string myeigrppassword
Router(config-if)#ip authentication mode eigrp 10 md5
Router(config-if)#ip authentication key-chain eigrp 10 labkey
Lab Scenario
We are using EIGRP across our network and require some changes made to the way EIGRP is working. Our
network is shown in Figure 2 and the relevant configuration of the routers is given below:
Figure 2
Existing Configuration:
RouterA#sh run
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 192.168.1.0
no auto-summary
RouterB#sh run
!
interface FastEthernet0/0
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
bandwidth 9000
ip address 192.168.3.2 255.255.255.0
delay 1
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
RouterC#sh run
!
interface FastEthernet0/0
ip address 192.168.2.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.4.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
RouterD#sh run
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
bandwidth 9000
ip address 192.168.3.4 255.255.255.0
delay 1
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
bandwidth 9000
ip address 192.168.5.4 255.255.255.0
delay 1
clock rate 2000000
!
router eigrp 10
network 192.168.0.0 0.0.255.255
no auto-summary
!
RouterE#sh run
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 1.1.2.1 255.255.255.0
!
interface Loopback2
ip address 1.1.3.1 255.255.255.0
!
interface Loopback3
ip address 1.1.4.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.4.5 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
bandwidth 9000
ip address 192.168.5.5 255.255.255.0
delay 1
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 1.1.0.0 0.0.255.255
network 192.168.0.0 0.0.255.255
no auto-summary
!
Your task is to :




Configure EIGRP to use the most secure authentication method between RouterA and RouterB
Configure EIGRP such that RouterB does not query RouterA for any lost routes
Configure EIGRP such that RouterE advertises a single route for all the 1.1.x.x/24 networks
Configure EIGRP such that Traffic to 1.1.x.x/24 network from RouterA and the reply traffic is load
balanced across both the paths.
Lab Objectives




Configure EIGRP authentication on RouterA's fa0/0 and RouterB's fa0/1 interfaces
Configure RouterA as stub
Configure manual summarization on RouterE's fa0/0 and s0/0 interface
Configure variance on RouterB and RouterE
Lab Solution
First task requires us to use MD5 hash based authentication between RouterA and RouterB:
RouterA(config)#key chain lab
RouterA(config-keychain)#key 1
RouterA(config-keychain-key)#key-string mypassword
RouterA(config-keychain-key)#int fa0/0
RouterA(config-if)#ip authentication mode eigrp 10 md5
RouterA(config-if)#ip authentication key-chain eigrp 10 lab
RouterB(config)#key chain lab
RouterB(config-keychain)#key 1
RouterB(config-keychain-key)#key-string mypassword
RouterB(config-keychain-key)#int fa0/1
RouterB(config-if)#ip authentication mode eigrp 10 md5
RouterB(config-if)#ip authentication key-chain eigrp 10 lab
Let's verify if authentication is working well before moving on:
RouterB#sh ip eigrp interfaces detail fa0/1
IP-EIGRP interfaces for process 10
Xmit Queue Mean Pacing Time Multicast
Pending
Interface
Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/1
1
0/0
130
0/2
288
0
Hello interval is 5 sec
Next xmit serial <none>
Un/reliable mcasts: 0/6 Un/reliable ucasts: 7/12
Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 0
Retransmissions sent: 5 Out-of-sequence rcvd: 0
Authentication mode is md5, key-chain is "lab"
Use multicast
The above output shows that md5 authentication is being used.
The next step requires us to ensure that RouterA is not queried if RouterB looses a route. This means we will need to
configure RouterA as stub:
RouterA(config-router)#eigrp stub connected
Let's verify the configuration:
RouterB#sh ip eigrp neighbors detail fa0/1
IP-EIGRP neighbors for process 10
H Address
Interface
Hold Uptime SRTT RTO Q Seq
(sec)
2 192.168.1.1
Fa0/1
(ms)
Cnt Num
14 00:00:33 129 774 0 15
Version 12.4/1.2, Retrans: 0, Retries: 0
Stub Peer Advertising ( CONNECTED ) Routes
Suppressing queries
The next step requires us to summarize the 1.1.x.x/24 routes being advertised by RouterE:
RouterE(config)#int fa0/0
RouterE(config-if)#ip summary-address eigrp 10 1.1.0.0 255.255.248.0
RouterE(config-if)#int s0/0
RouterE(config-if)#ip summary-address eigrp 10 1.1.0.0 255.255.248.0
Let's verify the summarization:
RouterD#sh ip route
--output truncated-Gateway of last resort is not set
1.0.0.0/21 is subnetted, 1 subnets
D
1.1.0.0 [90/1152000] via 192.168.5.5, 00:02:01, Serial0/1
--output truncated-The final task requires us to configure variance on RouterB and RouterE:
RouterB(config-router)#variance 5
RouterE(config-router)#variance 5
Let's verify the routing table at RouterB and RouterE to see if variance worked:
RouterB#sh ip route
--output truncated-Gateway of last resort is not set
1.0.0.0/21 is subnetted, 1 subnets
D
1.1.0.0 [90/412928] via 192.168.3.4, 00:01:38, Serial0/0
[90/435200] via 192.168.2.3, 00:01:38, FastEthernet0/0
D
192.168.4.0/24 [90/307200] via 192.168.2.3, 00:01:38, FastEthernet0/0
D
192.168.5.0/24 [90/284928] via 192.168.3.4, 00:01:38, Serial0/0
C
192.168.1.0/24 is directly connected, FastEthernet0/1
C
192.168.2.0/24 is directly connected, FastEthernet0/0
C
192.168.3.0/24 is directly connected, Serial0/0
RouterE#sh ip route
--output truncated-Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
D
1.1.0.0/21 is a summary, 00:08:16, Null0
C
1.1.1.0/24 is directly connected, Loopback0
C
1.1.2.0/24 is directly connected, Loopback1
C
1.1.3.0/24 is directly connected, Loopback2
C
1.1.4.0/24 is directly connected, Loopback3
C
192.168.4.0/24 is directly connected, FastEthernet0/0
C
192.168.5.0/24 is directly connected, Serial0/0
D
192.168.1.0/24 [90/310528] via 192.168.5.4, 00:08:07, Serial0/0
[90/332800] via 192.168.4.3, 00:08:07, FastEthernet0/0
D
192.168.2.0/24 [90/307200] via 192.168.4.3, 00:08:07, FastEthernet0/0
D
192.168.3.0/24 [90/284928] via 192.168.5.4, 00:08:07, Serial0/0
The output shows that both the paths are listed in the routing table. Which means a load balancing is being done.
References: