EIGRP – Stub review, default behaviors, basic configuration, Summary-Address and Leak-Maps config, and verification!

EIGRP_NEW

I have added loopbacks to simulate some EIGRP Networks behind our two Stub routers, to demonstrate some different concepts such as Summary Address and Leak-Maps, however I will start right at the beginning of EIGRP Stub routing and what it does.

My labbing kind of got long winded but I really wanted to drive some points home, so I apologize for those that came to this post looking for quick facts!

Review of EIGRP Stub Routers / Stub Routing along with some default behaviors

To put it simply, EIGRP Stub Areas are configured to save Router Hardware resources from unnecessary route lookups, and network bandwidth as well by limiting DUAL Queries from traversing into EIGRP Areas where they cannot be answered.

The configuration of making an EIGRP Router a “Stub” is done only on the Stub Router itself, which will then trigger an EIGRP update to Upstream EIGRP routers that it is now a Stub Router, and by default will only Advertise “Connected” and “Summary” routes.

When the Upstream routers learn that this device is a Stub Router, it will never send a DUAL Query , so the Topology essentially looks like this:

Stub_graphic

Anything from a lost route / down interface / network Topology change can trigger these Queries, so having this logical “Stub” Query boundary saves that overhead!

Note – This can help with the “Stuck in Active” situation where a DUAL Query is not getting a response, because they are not being sent into a network segment that has no possible way of producing a new route to the destination!

EIGRP Stub Routers are almost really meant for a Hub and Spoke Topology, as you can issue the following command on the Stub which will only be pushed down to its spokes:

Back1-Stub(config-router-af-topology)#?
Address Family Topology configuration commands:
auto-summary Enable automatic network number summarization
default Set a command to its defaults
default-information Control distribution of default information

This is the “default-information originate” so all spokes send their traffic to the Hub, and the Hub send its out to the rest of the network / Internet, this is in the “Topology Base” config mode for Address-Family configuration.

 

Configuration of Stub routers in the EIGRP Topology

I have configured the Loopbacks to simulate the networks behind the Stubs already:

Back1Stub

Back1-Stub#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet2/0 unassigned YES NVRAM administratively down down
FastEthernet3/0 unassigned YES NVRAM administratively down down
FastEthernet4/0 unassigned YES NVRAM administratively down down
FastEthernet5/0 192.168.10.2 YES NVRAM up up
FastEthernet6/0 unassigned YES NVRAM administratively down down
Loopback11 192.168.11.1 YES NVRAM up up
Loopback12 192.168.12.1 YES NVRAM up up
Loopback13 192.168.13.1 YES NVRAM up up
Loopback14 192.168.14.1 YES NVRAM up up
Loopback15 192.168.15.1 YES NVRAM up up
Back1-Stub#

Back2Stub

Back2-Stub# sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES NVRAM administratively down down
FastEthernet2/0 unassigned YES NVRAM administratively down down
FastEthernet3/0 unassigned YES NVRAM administratively down down
FastEthernet4/0 unassigned YES NVRAM administratively down down
FastEthernet5/0 192.168.20.2 YES NVRAM up up
FastEthernet6/0 unassigned YES NVRAM administratively down down
Loopback21 192.168.21.1 YES NVRAM up up
Loopback22 192.168.22.1 YES NVRAM up up
Loopback23 192.168.23.1 YES NVRAM up up
Loopback24 192.168.24.1 YES NVRAM up up
Loopback25 192.168.25.1 YES NVRAM up up
Back2-Stub#

First I will be making Back1Stub Router an EIGRP Stub, but want to take a look at the EIGRP route table of Back2Stub to see what it already knows of:

Back2-Stub#sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.20.1, 00:02:10, FastEthernet5/0
D 192.168.1.0/24 [90/256000] via 192.168.20.1, 00:02:05, FastEthernet5/0
D 192.168.2.0/24 [90/153600] via 192.168.20.1, 00:02:11, FastEthernet5/0
D 192.168.10.0/24 [90/256000] via 192.168.20.1, 00:02:05, FastEthernet5/0
D 192.168.100.0/24 [90/256000] via 192.168.20.1, 00:02:05, FastEthernet5/0
D 192.168.112.0/24 [90/204800] via 192.168.20.1, 00:02:10, FastEthernet5/0
D 192.168.122.0/24 [90/204800] via 192.168.20.1, 00:02:10, FastEthernet5/0
D 192.168.200.0/24 [90/153600] via 192.168.20.1, 00:02:11, FastEthernet5/0
D 192.168.211.0/24 [90/153600] via 192.168.20.1, 00:02:11, FastEthernet5/0
D 192.168.221.0/24 [90/153600] via 192.168.20.1, 00:02:11, FastEthernet5/0
Back2-Stub#

Only knows of our soon to be “Stub” routers main subnet between itself and “BackSite1” router, so lets turn Back1Stub into a Stub Router and see what we can break(!):

This configuration is found in Address-Family configuration under “eigrp” commands (along with RID manual config, good to know):

Back1-Stub(config-router)#address-family ipv4 unicast autonomous-system 100
Back1-Stub(config-router-af)#?
Address Family configuration commands:
af-interface Enter Address Family interface configuration
default Set a command to its defaults
eigrp EIGRP Address Family specific commands
exit-address-family Exit Address Family configuration mode
help Description of the interactive help system
maximum-prefix Maximum number of prefixes acceptable in aggregate
metric Modify metrics and parameters for address advertisement
neighbor Specify an IPv4 neighbor router
network Enable routing on an IP network
no Negate a command or set its defaults
shutdown Shutdown address family
timers Adjust peering based timers
topology Topology configuration mode

Back1-Stub(config-router-af)#eigrp ?
default-route-tag Default Route Tag for the Internal Routes
log-neighbor-changes Enable/Disable EIGRP neighbor logging
log-neighbor-warnings Enable/Disable EIGRP neighbor warnings
router-id router id for this EIGRP process
stub Set address-family in stubbed mode

A quick look at the impact of configuring a Stub Router on the network

Configuring the Stub router as a “Stub” :

Back1Stub CLI

Back1-Stub(config-router-af)#eigrp stub
Back1-Stub(config-router-af)#
*Dec 19 21:34:59.939: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (FastEthernet5/0) is down: peer info changed
Back1-Stub(config-router-af)#
*Dec 19 21:35:02.035: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (FastEthernet5/0) is up: new adjacency
Back1-Stub(config-router-af)#

BackSite1 Console Output

Back-Site1>
*Dec 19 21:39:50.039: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.2 (FastEthernet5/0) is down: Interface PEER-TERMINATION received
Back-Site1>
*Dec 19 21:39:52.203: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.2 (FastEthernet5/0) is up: new adjacency
Back-Site1>

I will spare the Wireshark screen snips, but it essentially “Back1Stub” send a Hello with new “Stub” parameters in the Hello Packet, which then forces the Adjacency to be torn down, then reformed with the exchange of routes like a normal Adjacency:

Stub_WS1

Pack #12 suddenly contains the Stub parameters, they re-negotiate their Adjacency, and then Hellos resume as normal between the now Stub router and normal EIGRP Router.

Nothing really Earth shattering, but figured the output was worth displaying.

Back to the other (soon to be configured) Stub, does it see any new networks?

Back2-Stub#sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.20.1, 00:18:25, FastEthernet5/0
D 192.168.1.0/24 [90/256000] via 192.168.20.1, 00:18:20, FastEthernet5/0
D 192.168.2.0/24 [90/153600] via 192.168.20.1, 00:18:26, FastEthernet5/0
D 192.168.10.0/24 [90/256000] via 192.168.20.1, 00:18:20, FastEthernet5/0
D 192.168.100.0/24 [90/256000] via 192.168.20.1, 00:18:20, FastEthernet5/0
D 192.168.112.0/24 [90/204800] via 192.168.20.1, 00:18:25, FastEthernet5/0
D 192.168.122.0/24 [90/204800] via 192.168.20.1, 00:18:25, FastEthernet5/0
D 192.168.200.0/24 [90/153600] via 192.168.20.1, 00:18:26, FastEthernet5/0
D 192.168.211.0/24 [90/153600] via 192.168.20.1, 00:18:26, FastEthernet5/0
D 192.168.221.0/24 [90/153600] via 192.168.20.1, 00:18:26, FastEthernet5/0
Back2-Stub#

Not a single one, because though the default is to advertise Connected and Summary Routes, they have to be configured in EIGRP to be advertised by EIGRP (or redistributed)!

Adding Loopbacks to EIGRP

Back1-Stub(config-router-af)#network 192.168.11.0
Back1-Stub(config-router-af)#network 192.168.12.0
Back1-Stub(config-router-af)#network 192.168.13.0
Back1-Stub(config-router-af)#network 192.168.14.0
Back1-Stub(config-router-af)#network 192.168.15.0
Back1-Stub(config-router-af)#

Aaaaaand on Stub2 now

Back2-Stub#sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.20.1, 00:22:47, FastEthernet5/0
D 192.168.1.0/24 [90/256000] via 192.168.20.1, 00:22:42, FastEthernet5/0
D 192.168.2.0/24 [90/153600] via 192.168.20.1, 00:22:48, FastEthernet5/0
D 192.168.10.0/24 [90/256000] via 192.168.20.1, 00:22:42, FastEthernet5/0
D 192.168.11.0/24 [90/256640] via 192.168.20.1, 00:01:00, FastEthernet5/0
D 192.168.12.0/24 [90/256640] via 192.168.20.1, 00:01:00, FastEthernet5/0
D 192.168.13.0/24 [90/256640] via 192.168.20.1, 00:00:57, FastEthernet5/0
D 192.168.14.0/24 [90/256640] via 192.168.20.1, 00:00:56, FastEthernet5/0
D 192.168.15.0/24 [90/256640] via 192.168.20.1, 00:00:51, FastEthernet5/0
D 192.168.100.0/24 [90/256000] via 192.168.20.1, 00:22:42, FastEthernet5/0
D 192.168.112.0/24 [90/204800] via 192.168.20.1, 00:22:47, FastEthernet5/0
D 192.168.122.0/24 [90/204800] via 192.168.20.1, 00:22:47, FastEthernet5/0
D 192.168.200.0/24 [90/153600] via 192.168.20.1, 00:22:48, FastEthernet5/0
D 192.168.211.0/24 [90/153600] via 192.168.20.1, 00:22:48, FastEthernet5/0
D 192.168.221.0/24 [90/153600] via 192.168.20.1, 00:22:48, FastEthernet5/0
Back2-Stub#

We have exactly 4 more EIGRP Route Entries than we need from a Stub Area, as these can and should be summarized, so EIGRP routers can know how to get ALL networks behind that stub (unless we maybe want one to…. leak through).

Time to pick up my pace, and configure Summary Addresses for our Stubs!

Summary-Addresses are used in Stub networks to make EIGRP Route Tables more concise for the EIGRP Peers, and really there is no reason for all networks behind the Stub to be advertised as separate networks, and we have mechanisms to allow individual routes to be advertised if necessary.

So lets take a look here!

Summary-Address for Back1Stub

According to my Summary-Addressing skills of that third common octect, we have the following common binary bits from 192.168.11.0-15.0:

00001011
00001100
00001101
00001110
00001111

The Summary Address being 192.168.8.0/21 for the Summary-Address to be configured:

Back1-Stub(config-router-af-interface)#summary-address ?
A.B.C.D Summary network address
A.B.C.D/nn Summary <network>/<length>, e.g. 192.168.0.0/16

Back1-Stub(config-router-af-interface)#summary-address 192.168.8.0 ?
A.B.C.D Summary network mask

Back1-Stub(config-router-af-interface)#$ress 192.168.8.0 255.255.248.0 ?
leak-map Allow dynamic prefixes based on the leak-map
<cr>

Back1-Stub(config-router-af-interface)#$ress 192.168.8.0 255.255.248.0
Back1-Stub(config-router-af-interface)#
*Dec 19 22:07:12.951: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (FastEthernet5/0) is resync: summary configured
Back1-Stub(config-router-af-interface)#

Now back on Stub2 the EIGRP Route Table

Back2-Stub(config-router-af)#do sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.1.0/24 [90/256000] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.2.0/24 [90/153600] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.8.0/21 [90/256640] via 192.168.20.1, 00:00:46, FastEthernet5/0
D 192.168.10.0/24 [90/256000] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.100.0/24 [90/256000] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.112.0/24 [90/204800] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.122.0/24 [90/204800] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.200.0/24 [90/153600] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.211.0/24 [90/153600] via 192.168.20.1, 00:11:37, FastEthernet5/0
D 192.168.221.0/24 [90/153600] via 192.168.20.1, 00:11:37, FastEthernet5/0
Back2-Stub(config-router-af)#

Note that it does not pull the 192.168.10.0/24 network into this Summary-Address from Stub1, it remains its own separate network! Now lets do it the other way around for 192.168.21.0 – 192.168.25.0:

00010101
00010110
00010111
00011000
00011001

Making the Summary-Address 192.168.16.0 /20 for Stub2 Loopback interfaces:

Back2-Stub(config-router-af)#eigrp stub
Back2-Stub(config-router-af)#
*Dec 19 22:09:35.727: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.20.1 (FastEthernet5/0) is down: peer info changed
Back2-Stub(config-router-af)#
*Dec 19 22:09:40.187: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.20.1 (FastEthernet5/0) is up: new adjacency
Back2-Stub(config-router-af)#af-int fa5/0
Back2-Stub(config-router-af-interface)#$ress 192.168.16.0 255.255.240.0
Back2-Stub(config-router-af-interface)#
*Dec 19 22:16:13.039: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.20.1 (FastEthernet5/0) is resync: summary configured
Back2-Stub(config-router-af-interface)#

And the new EIGRP Route Table on Stub1 for Stub2’s Summary-Address:

Back1-Stub(config-router-af-interface)#do sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.1.0/24 [90/153600] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.2.0/24 [90/256000] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.8.0/21 is a summary, 00:15:00, Null0
D 192.168.16.0/20 [90/256640] via 192.168.10.1, 00:01:22, FastEthernet5/0
D 192.168.20.0/24 [90/256000] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.100.0/24 [90/153600] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.112.0/24 [90/153600] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.122.0/24 [90/153600] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.200.0/24 [90/256000] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.211.0/24 [90/204800] via 192.168.10.1, 00:47:11, FastEthernet5/0
D 192.168.221.0/24 [90/204800] via 192.168.10.1, 00:47:11, FastEthernet5/0
Back1-Stub(config-router-af-interface)#

A few observations here:

  • The EIGRP Summary-Address for the local Stub router leads to Null0 because they are Directly Connected in the IP Route table
  • The Summary-Address for Stub2 is now seen for all subnets, and does not overlap its 192.168.20.0/24 network with its EIGRP Neighbor

So lets do some ping testing to confirm all of this is working!

Stub1

Back1-Stub(config-router-af-interface)#do traceroute 192.168.23.1
Type escape sequence to abort.
Tracing the route to 192.168.23.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.1 56 msec 52 msec 48 msec
2 192.168.122.2 76 msec 44 msec 48 msec
3 192.168.221.1 64 msec 44 msec 52 msec
4 192.168.20.2 72 msec * 60 msec
Back1-Stub(config-router-af-interface)#

Stub2

Back2-Stub(config-router-af-interface)#do traceroute 192.168.11.1
Type escape sequence to abort.
Tracing the route to 192.168.11.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.20.1 44 msec 48 msec 48 msec
2 192.168.221.2 44 msec 52 msec 48 msec
3 192.168.122.1 72 msec 100 msec 72 msec
4 192.168.10.2 72 msec * 56 msec
Back2-Stub(config-router-af-interface)#

From all indications, we have successfully created both Stubs in Named / Address Family mode, with Summary-Addresses reachable across the EIGRP Network!

However what if we want sites to be aware of one of the Summarized Addresses?

Leak-Maps are a good tool to make singular networks of a Summary-Address visible for the purpose of just knowing the route is there, or for filtering or path manipulation, so its about AS important to know as configuring a Summary-Address itself.

So lets take a look at the simple process to allow a route to leak!

First we need an ACL and Route-Map for the Leak-Map:

Back1-Stub(config)#ip access-list standard LEAK
Back1-Stub(config-std-nacl)#permit 192.168.13.0 0.0.0.255
Back1-Stub(config-std-nacl)#exit
Back1-Stub(config)#route-map LEAK-MAP permit 10
Back1-Stub(config-route-map)#match ip add LEAK
Back1-Stub(config-route-map)#exit

Then re-applying the Summary-Address statement to include the Leak-Map:

Back1-Stub(config-router-af)#af-int fa5/0
Back1-Stub(config-router-af-interface)#no summary-address 192.168.8.0 255.255.$
Back1-Stub(config-router-af-interface)#
*Dec 19 22:32:46.703: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (FastEthernet5/0) is resync: summary configured
Back1-Stub(config-router-af-interface)#$ress 192.168.8.0 255.255.248.0 ?
leak-map Allow dynamic prefixes based on the leak-map
<cr>

Back1-Stub(config-router-af-interface)#$68.8.0 255.255.248.0 leak-map ?
WORD leak-map name

Back1-Stub(config-router-af-interface)#$.255.248.0 leak-map LEAK-MAP
Back1-Stub(config-router-af-interface)#
*Dec 19 22:33:15.307: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 192.168.10.1 (FastEthernet5/0) is resync: summary configured
Back1-Stub(config-router-af-interface)#

To verify back on Stub2 EIGRP Route Table

Back2-Stub(config-router-af-interface)#do sh ip route eigrp

Gateway of last resort is not set

D 192.168.0.0/24 [90/204800] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.1.0/24 [90/256000] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.2.0/24 [90/153600] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.8.0/21 [90/256640] via 192.168.20.1, 00:03:19, FastEthernet5/0
D 192.168.10.0/24 [90/256000] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.13.0/24 [90/256640] via 192.168.20.1, 00:03:42, FastEthernet5/0
D 192.168.16.0/20 is a summary, 00:15:41, Null0
D 192.168.100.0/24 [90/256000] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.112.0/24 [90/204800] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.122.0/24 [90/204800] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.200.0/24 [90/153600] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.211.0/24 [90/153600] via 192.168.20.1, 00:22:12, FastEthernet5/0
D 192.168.221.0/24 [90/153600] via 192.168.20.1, 00:22:12, FastEthernet5/0
Back2-Stub(config-router-af-interface)#

So easy a caveman can do it!

Last but not least verification commands / how to spot a Stub in the network!

You can always look at the show run of course on the local machine, but say for example in the exam room you can’t use that command, one way to find it locally is with this:

“sh ip proto” on the local Stub

Back1-Stub(config)#do sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is “eigrp 100”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 VR(Back1Stub) Address-Family Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 K6=0
Metric rib-scale 128
Metric version 64bit
NSF-aware route hold timer is 240
Router-ID: 192.168.15.1
Stub, connected, summary
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 18
Total Redist Count: 0

Actually a lot of good information in this command, but here we can see not only that its a Stub, but what kind of stub it is (advertising Connected / Summary).

If your on a remote router, here is a good command to ID a Stub EIGRP Router:

“sh ip eigrp nei det”

stub_nei

Again the formatting is just terrible so grabbed a quick screen snip and highlighted that the neighbor itself will even show what kind of ads it is receiving from its Stub neighbor!

That will conclude my look at EIGRP Stub routers for now!

I am sure they will come  back into the labbing here at some point, but for now I think I’ve hit the topic hard enough that this is a good natural stopping point, until next time!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s