Introduction EIGRP is a Cisco proprietary enhanced distance vector (hybrid) routing protocol. The basic configuration of EIGRP is covered in another lab. This one focuses on advanced EIGRP features such as summarization, stub routing, load balancing and authentication. Technology Background Let's recap on commands needed to start EIGRP and advertise networks: Router(config)#router eigrp <as> Router(config-router)#network <network> <wildcard mask> Example: Router(config)#router eigrp 10 Router(config-router)#network 10.1.1.0 0.0.0.255 Route Summarization: A large routing table can cause scalability problem and an administrative nightmare. EIGRP automatically summarizes routes at classful network boundaries. It can be disabled using the no auto-summary command in the EIGRP configuration mode. Manual summarization can be done at any point in the network. Manual summarization is configured using the following command: ip summary-address eigrp <as> address mask For example if you have a router advertising network 10.1.0.0/24 to 10.1.254.0/24 to an upstream neigbor, then all the routes can be summarized to a single route using the following command: ip summary-address eigrp 10 10.1.0.0 255.255.0.0 Stub Routing: EIGRP keeps track of all the routes that it learns. If a route is lost, it will query every neighbor for that route. The neighbors in turn will query their neighbor and will not respond to the original query till it receives a reply from all its neighbors. Lets look at Figure 1 to understand what happens when a route is lost : Figure 1 Let's assume that EIGRP is running on all routers in Figure 1 and RouterA is advertising a route to 10.1.1.0/24 network to RouterB. If RouterA goes down, RouterB will query RouterC for any an alternate route to 10.1.1.0/24. At this stage the route to 10.1.1.0/24 is said to have gone active. RouterC will query RouterD and wait for RouterD to resond before it will respond to RouterB. Meanwhile RouterD will query RouterE and wait for RouterE to respond. So all the Routers in the chain are queried. Now let's assume that RouterE has temporary network lag or high CPU usage and fails to respond to RouterD. So RouterD does not respond to RouterC which does not respond to RouterB. On RouterB the route to 10.1.1.0/24 is now said to be Stuck in Active (SIA). Since a response was not received the EIGRP neighborship will be torn down in some time and re-established using normal procedure. SIA situations can become very ugly and cause some serious downtime. To prevent such situations Cisco introduced stub routing in EIGRP. Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on itsneigboring router to send the proper updates to all peers. A router can be configured as stub using the following command: Router(config-router)# eigrp stub [receive-only | connected | redistributed | static | summary] The options of the command are discussed below: receive-only : This will not permit the router not to advertise any routes. It cannot be combined with any other option connected: This will permit the router to advertise connected routes. This option can be combined with other options. This option is enabled by default. redistributed: This will permit the router to advertise redistributed routes. This option can be combined with other options. static: This will permit the router to advertise redistributed static routes. This option can be combined with other options. summary: This will permit the router to advertise summary routes. This option can be combined with other options. This option is enabled by default. Example: Router(config-router)#eigrp stub connected static Load Balancing: EIGRP will load balance across 4 equal cost pathss by default. Which means if the metric of up to 4 paths to the same destination are equal, the packets will be divided amongst the paths. The number of such paths can be increased to 6 using the following command: Router(config-router)#maximum-paths 6 EIGRP also supports load balancing across unequal cost paths using the variance command. If the variance number is higher than the default value of 1, the EIGRP process multiplies the best (lowest) metric by the variance. All paths to the same destination that have metrics less than this value are now included in load balancing. The amount of traffic sent over each link is proportional to the metric for the path.The variance can be between 1 to 128. Example: Router(config-router)#variance 5 Authentication: EIGRP supports two forms of authentication: simple passwords and MD5 hashes. Simple passwords are sent as clear-text and matched to the key on the receiver. Anyone listneing on the wire can find out the clear-text key. Hashed keys, sent as MD5 values, are secure because a listener cannot use the value in the packet to compute the key. Before configuring authentication we will need to create a key-chain containing the key used for authentication. The commands require to do this are : Router(config)#key chain <name> Router(config-keychain)#key <key-id> Router(config-keychain-key)#key-string <key> Once the key chain is created, authentication needs to be applied on per interface basis: Router(config-if)#ip authentication mode eigrp <AS> md5 Router(config-if)#ip authentication key-chain eigrp <AS> <key chain name> If the first command is not used then clear text mode will be used. Example: Router(config)#key chain labkey Router(config-keychain)#key 1 Router(config-keychain-key)#key-string myeigrppassword Router(config-if)#ip authentication mode eigrp 10 md5 Router(config-if)#ip authentication key-chain eigrp 10 labkey Lab Scenario We are using EIGRP across our network and require some changes made to the way EIGRP is working. Our network is shown in Figure 2 and the relevant configuration of the routers is given below: Figure 2 Existing Configuration: RouterA#sh run interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! router eigrp 10 network 192.168.1.0 no auto-summary RouterB#sh run ! interface FastEthernet0/0 ip address 192.168.2.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 bandwidth 9000 ip address 192.168.3.2 255.255.255.0 delay 1 clock rate 2000000 ! interface FastEthernet0/1 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto ! router eigrp 10 network 192.168.0.0 0.0.255.255 no auto-summary RouterC#sh run ! interface FastEthernet0/0 ip address 192.168.2.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.4.3 255.255.255.0 duplex auto speed auto ! router eigrp 10 network 192.168.0.0 0.0.255.255 no auto-summary RouterD#sh run ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 bandwidth 9000 ip address 192.168.3.4 255.255.255.0 delay 1 clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 bandwidth 9000 ip address 192.168.5.4 255.255.255.0 delay 1 clock rate 2000000 ! router eigrp 10 network 192.168.0.0 0.0.255.255 no auto-summary ! RouterE#sh run ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Loopback1 ip address 1.1.2.1 255.255.255.0 ! interface Loopback2 ip address 1.1.3.1 255.255.255.0 ! interface Loopback3 ip address 1.1.4.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.4.5 255.255.255.0 duplex auto speed auto ! interface Serial0/0 bandwidth 9000 ip address 192.168.5.5 255.255.255.0 delay 1 clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! router eigrp 10 network 1.1.0.0 0.0.255.255 network 192.168.0.0 0.0.255.255 no auto-summary ! Your task is to : Configure EIGRP to use the most secure authentication method between RouterA and RouterB Configure EIGRP such that RouterB does not query RouterA for any lost routes Configure EIGRP such that RouterE advertises a single route for all the 1.1.x.x/24 networks Configure EIGRP such that Traffic to 1.1.x.x/24 network from RouterA and the reply traffic is load balanced across both the paths. Lab Objectives Configure EIGRP authentication on RouterA's fa0/0 and RouterB's fa0/1 interfaces Configure RouterA as stub Configure manual summarization on RouterE's fa0/0 and s0/0 interface Configure variance on RouterB and RouterE Lab Solution First task requires us to use MD5 hash based authentication between RouterA and RouterB: RouterA(config)#key chain lab RouterA(config-keychain)#key 1 RouterA(config-keychain-key)#key-string mypassword RouterA(config-keychain-key)#int fa0/0 RouterA(config-if)#ip authentication mode eigrp 10 md5 RouterA(config-if)#ip authentication key-chain eigrp 10 lab RouterB(config)#key chain lab RouterB(config-keychain)#key 1 RouterB(config-keychain-key)#key-string mypassword RouterB(config-keychain-key)#int fa0/1 RouterB(config-if)#ip authentication mode eigrp 10 md5 RouterB(config-if)#ip authentication key-chain eigrp 10 lab Let's verify if authentication is working well before moving on: RouterB#sh ip eigrp interfaces detail fa0/1 IP-EIGRP interfaces for process 10 Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Fa0/1 1 0/0 130 0/2 288 0 Hello interval is 5 sec Next xmit serial <none> Un/reliable mcasts: 0/6 Un/reliable ucasts: 7/12 Mcast exceptions: 3 CR packets: 3 ACKs suppressed: 0 Retransmissions sent: 5 Out-of-sequence rcvd: 0 Authentication mode is md5, key-chain is "lab" Use multicast The above output shows that md5 authentication is being used. The next step requires us to ensure that RouterA is not queried if RouterB looses a route. This means we will need to configure RouterA as stub: RouterA(config-router)#eigrp stub connected Let's verify the configuration: RouterB#sh ip eigrp neighbors detail fa0/1 IP-EIGRP neighbors for process 10 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) 2 192.168.1.1 Fa0/1 (ms) Cnt Num 14 00:00:33 129 774 0 15 Version 12.4/1.2, Retrans: 0, Retries: 0 Stub Peer Advertising ( CONNECTED ) Routes Suppressing queries The next step requires us to summarize the 1.1.x.x/24 routes being advertised by RouterE: RouterE(config)#int fa0/0 RouterE(config-if)#ip summary-address eigrp 10 1.1.0.0 255.255.248.0 RouterE(config-if)#int s0/0 RouterE(config-if)#ip summary-address eigrp 10 1.1.0.0 255.255.248.0 Let's verify the summarization: RouterD#sh ip route --output truncated-Gateway of last resort is not set 1.0.0.0/21 is subnetted, 1 subnets D 1.1.0.0 [90/1152000] via 192.168.5.5, 00:02:01, Serial0/1 --output truncated-The final task requires us to configure variance on RouterB and RouterE: RouterB(config-router)#variance 5 RouterE(config-router)#variance 5 Let's verify the routing table at RouterB and RouterE to see if variance worked: RouterB#sh ip route --output truncated-Gateway of last resort is not set 1.0.0.0/21 is subnetted, 1 subnets D 1.1.0.0 [90/412928] via 192.168.3.4, 00:01:38, Serial0/0 [90/435200] via 192.168.2.3, 00:01:38, FastEthernet0/0 D 192.168.4.0/24 [90/307200] via 192.168.2.3, 00:01:38, FastEthernet0/0 D 192.168.5.0/24 [90/284928] via 192.168.3.4, 00:01:38, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/1 C 192.168.2.0/24 is directly connected, FastEthernet0/0 C 192.168.3.0/24 is directly connected, Serial0/0 RouterE#sh ip route --output truncated-Gateway of last resort is not set 1.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D 1.1.0.0/21 is a summary, 00:08:16, Null0 C 1.1.1.0/24 is directly connected, Loopback0 C 1.1.2.0/24 is directly connected, Loopback1 C 1.1.3.0/24 is directly connected, Loopback2 C 1.1.4.0/24 is directly connected, Loopback3 C 192.168.4.0/24 is directly connected, FastEthernet0/0 C 192.168.5.0/24 is directly connected, Serial0/0 D 192.168.1.0/24 [90/310528] via 192.168.5.4, 00:08:07, Serial0/0 [90/332800] via 192.168.4.3, 00:08:07, FastEthernet0/0 D 192.168.2.0/24 [90/307200] via 192.168.4.3, 00:08:07, FastEthernet0/0 D 192.168.3.0/24 [90/284928] via 192.168.5.4, 00:08:07, Serial0/0 The output shows that both the paths are listed in the routing table. Which means a load balancing is being done. References: