Category Archives: CCNP ROUTE – EIGRP

EIGRP: Named mode, a whole new type of EIGRP mode, with all new configurations and explanations including “address-family”s!

EIGRP_New_Topology

We will stick with the same old Topology to finish EIGRP review off, I have one more article after this, then I really need to double time some other topics before exam day to freshen up the ol’ steel trap!

Now a couple of things that separates “Original mode” from “Named mode” EIGRP is:

  • It is a newer flavor of EIGRP, created from what I can tell to keep all EIGRP configs in one spot, also with the idea of starting to use “instances” instead of right to the AS
  • It uses address families, which is a logical grouping of prefixes, which with EIGRP it is grouped actually by AS

So this new and improved “Named Mode” EIGRP from what I can tell is a step in the right direction for Routing Protocols, breaking EIGRP down into processes like OSPF so more than one can run concurrently on the same router, then the “address-family” command for EIGRP will define the AS # and this is where you add your networks and what I call your ‘Utility’ command like “no auto” and “variance” all under one Umbrella.

** One commonality I see about address families among all routing protocols (but not worked with just yet) is that they define a group of Prefixes under one logical Umbrella**

One thing it really does well other than prepare networking for the next step in virtual routing by separating not only routing with VRF, but now breaking up the other major Protocol into separate routing instances or processes, it now keeps ALL EIGRP configurations under one EIGRP config in the show run.

For example, setting authentication and summary-addresses in the EIGRP configuration rather than on the interface itself, however you do still need to define the interface within EIGRP.

That being said and saying how great it is, along with this address-family stuff, when working with IPv6 routing protocols will still be configured directly on the interface (for now) even though you will see an IPv6 option in there.

So I learned it better I think seeing it visually configured on live equipment, so here we go, I’ll see if I can neighbor up with my other non-Named Mode spokes R2 and R3:

R1(config)#router eigrp CCNP

R1(config-router)#address-family ?
  ipv4  Address family IPv4
  ipv6  Address family IPv6

R1(config-router)#address-family ipv4 ?
  autonomous-system  Specify Address-Family Autonomous System Number
  multicast          Address Family Multicast
  unicast            Address Family Unicast
  vrf                Specify a specific virtual routing/forwarding instance

R1(config-router)#address-family ipv4 autonomous-system ?
    Autonomous System

R1(config-router)#address-family ipv4 autonomous-system 100

So let’s start at the beginning, with the “router eigrp CCNP” command, I just want to clarify this is exactly like defining an OSPF process and just separates and allows for multiples AS’s to be running concurrently on a single router. *high five Cisco*

So the next line, is defining an Autonomous-System with the “address-family” command. I went ? by ? to show the modifiers, as said IPv6 will still make you configure EIGRP (and all routing protocols on the interface anyways), so I won’t be getting into that in this post.

Next you can see “autonomous-system / multicast / unicast / vrf” as modifiers after you pick your IP version, of course the autonomous-system drops you right into the network configuration portion of it, and as it’s default is “Unicast” you can but don’t have to define it whereas you can also define Multicast traffic which is beyond the scope of the CCNP exam.

Finally there is also a VRF option in there I wanted to touch on quick in configuration example:

R1(config-router)#address-family ipv4 vrf ?
  WORD  Virtual Routing/Forwarding instance name

R1(config-router)#address-family ipv4 vrf GREEN ?
  autonomous-system  Specify Address-Family Autonomous System Number

R1(config-router)#address-family ipv4 vrf GREEN au
R1(config-router)#address-family ipv4 vrf GREEN autonomous-system ?
    Autonomous System

R1(config-router)#address-family ipv4 vrf GREEN autonomous-system 150 ?
 

So you can also define which VRF instance is going to be attached to this address-family’s autonomous-system number, which I didn’t create but I wanted you to be aware of in case there is some sort of Easy Virtual Network (EVN) question which uses VRF and Address-Families for configuration – It is present in Named Mode!

Now, lets take a look at the “address-family” configuration prompt and our options:

R1(config-router-af)#?
Address Family configuration commands:
  af-interface         Enter Address Family interface configuration
  default              Set a command to its defaults
  eigrp                EIGRP Address Family specific commands
  exit-address-family  Exit Address Family configuration mode
  help                 Description of the interactive help system  
  maximum-prefix       Maximum number of prefixes acceptable in aggregate
  metric               Modify metrics and parameters for advertisement
  neighbor             Specify an IPv4 neighbor router
  network              Enable routing on an IP network
  no                   Negate a command or set its defaults
  shutdown             Shutdown address family
  timers               Adjust peering based timers
  topology             Topology configuration mode

R1(config-router-af)#network 172.12.123.0 0.0.0.255
R1(config-router-af)#
*May 16 04:29:45.439: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is up: new adjacency
*May 16 04:29:45.459: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is up: new adjacency

R1(config-router-af)#do sh ip eigrp nei
EIGRP-IPv4 VR(CCNP) Address-Family Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   172.12.123.2            Se0/0/0          168 00:00:14 1264  5000  0  7
0   172.12.123.3            Se0/0/0          168 00:00:14 1042  5000  0  8
R1(config-router-af)#

Before I get into my WTF is that highlighted in Green, I highlighted in red a few things we’d normally see in the configuration for EIGRP, and in blue are two sub-configuration modes within address-family we need to know about and are coming up here shortly.

First of all, I want to note this is where you through in your network statements for the AS, as you can see I put in the NBMA’s address (which spokes are using Original Mode) and the Adjacencies came right up showing it’s backward compatibility which is cool since I will not be configured Named Mode on my spoke routers because I am a slacker.

Now since when do we get a Help option in any modifier output EVER with Cisco?? I have to see what this looks like:

R1(config-router-af)#help ?
 

R1(config-router-af)#help
Help may be requested at any point in a command by entering
a question mark ‘?’.  If nothing matches, the help list will
be empty and you must backup until entering a ‘?’ shows the
available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
   command argument (e.g. ‘show ?’) and describes each possible
   argument.
2. Partial help is provided when an abbreviated argument is entered
   and you want to know what arguments match the input
   (e.g. ‘show pr?’.)

R1(config-router-af)#

That is just absolutely hilarious to me. EVERY student from back when I was a young punk studying for my CCNA up to now when I’m an old punk studying for my CCNP, that has always been used in both the context of seeing modifiers after a word but also during a word to observe auth? can mean authorization or authentication so keep typing that command for the router to understand what you’re getting at.

It just seems like an ancient command that should no longer be in the IOS, however the first time I noticed it is under address-family mode, that just cracked me up.

Moving on beyond what makes Cisco IT nerds laugh, notice that your general neighbor and network type statements are in the “address-family” configuration mode which can be identified by the little “-af” on the end of the prompt, as well as as timers – In fact lets bring that down again:

R1(config-router-af)#?
Address Family configuration commands:
  af-interface         Enter Address Family interface configuration
  default              Set a command to its defaults
  eigrp                EIGRP Address Family specific commands
  exit-address-family  Exit Address Family configuration mode
  help                 Description of the interactive help system  
  maximum-prefix       Maximum number of prefixes acceptable in aggregate
  metric               Modify metrics and parameters for advertisement
  neighbor             Specify an IPv4 neighbor router
  network              Enable routing on an IP network
  no                   Negate a command or set its defaults
  shutdown             Shutdown address family
  timers               Adjust peering based timers
  topology             Topology configuration mode

You can configure network statements here (which I did and immediately brought up my non-Named mode EIGRP neighbors), neighbor statements to configure static neighbors, adjust timers as well as a new command “shutdown” which actually would shut down this address family within the CCNP process we configured with “router eigrp CCNP” if we wanted a different one to run.

Now we have the commands in blue highlighted from the output, and these will be our sub-menus to configure. I think the top one is pretty self explanatory, that is where you can configure the commands that used to go on the interface within our EIGRP AF, whereas the Topology one is a bit less vague so lets take a look:

R1(config-router-af)#topology ?
  base  Base Topology

R1(config-router-af)#topology base ?
 

R1(config-router-af)#topology base
R1(config-router-af-topology)#

Well that didn’t give much option or modifiers… I like it! As can be seen it drops us into the next sub-menu down in the configuration, “… -af-topology#” in the address-family configuration, and this is where I say the ‘Utility’ commands for EIGRP are entered (probably a better name to describe them that is escaping me). Lets take a look:

R1(config-router-af-topology)#?
Address Family Topology configuration commands:
  auto-summary         Enable automatic network number summarization
  default              Set a command to its defaults
  default-information  Control distribution of default information
  default-metric       Set metric of redistributed routes
  distance             Define an administrative distance
  distribute-list      Filter entries in eigrp updates
  eigrp                EIGRP specific commands
  exit-af-topology     Exit from Address Family Topology configuration mode
  maximum-paths        Forward packets over multiple paths
  metric               Modify metrics and parameters for advertisement
  no                   Negate a command or set its defaults
  offset-list          Add or subtract offset from EIGRP metrics
  redistribute         Redistribute IPv4 routes from another routing protocol
  snmp                 Modify snmp parameters
  summary-metric       Specify summary to apply metric/filtering
  timers               Adjust topology specific timers
  traffic-share        How to compute traffic share over alternate paths
  variance             Control load balancing variance

I won’t name them but highlighted in red what I call the ‘Utility’ commands for EIGRP, anything that changes its behaviors on the local router (and beyond), however there is another segment I’ve highlight in a nice pretty pink through the configuration to exit the address family mode whether its “exit-address-family” in that mode or “exit-af-topology” that you are supposed to use to exit the mode.

I’ve seen just regular exits done and it works all the same, but on exam day, got with the IOS and use the exit-address-family / etc commands to back out to Named Mode main configuration prompt.

So you can see from the above list we have offset-list to add Metric weight, our Redistribution is done here (and setting default Metrics for redistributed routes), our distribute-list for Route Filtering, Variance for Unequal Cost load balancing, Max Paths to increase or disable load sharing, distance to change the local AD’s of EIGRP routes, etc.

So that is that. Now, lets check out the other more obvious mode I had highlighted in blue, interface configuration mode in address family:

R1(config-router-af)#af-interface s0/0/0 ?
  <cr>

R1(config-router-af)#af-interface s0/0/0
R1(config-router-af-interface)#

I spared the output of a ? after af-interface because it just listed all possible interfaces, however once you enter one the command stops there.

So lets look at what we have available here in this sub-configuration mode of AF:

R1(config-router-af-interface)#?
Address Family Interfaces configuration commands:
  authentication      authentication subcommands
  bandwidth-percent   Set percentage of bandwidth percentage limit
  bfd                 Enable Bidirectional Forwarding Detection
  dampening-change    Percent interface metric must change to cause update
  dampening-interval  Time in seconds to check interface metrics
  default             Set a command to its defaults
  exit-af-interface   Exit from Address Family Interface configuration mode
  hello-interval      Configures hello interval
  hold-time           Configures hold time
  next-hop-self       Configures EIGRP next-hop-self
  no                  Negate a command or set its defaults
  passive-interface   Suppress address updates on an interface
  shutdown            Disable Address-Family on interface
  split-horizon       Perform split horizon
  summary-address     Perform address summarization

R1(config-router-af-interface)#

So everything we would expect to see on EIGRP configuration on the interface, however it hiding one ‘Utility’ command that has always been configured in EIGRP router config, that is now hiding in AF-interface configuration mode – “passive-interface”.

I find it hard to believe Cisco would make admins do passive-interface by passive-interface and take our default command away, so we can passive them all and no passive the ones we don’t need to suppress EIGRP traffic on.

So lets take a look at this passive-interface command and see if we still have “default” :

R1(config-router-af-interface)#passive-interface ?
  <cr>

R1(config-router-af-interface)#passive-interface

Now I get this configuration behavior due to interfaces probably being in different address-family configurations or VRF instances, however this should be a major consideration when deploying Named EIGRP on something like a 48-Port switch or 3 of them stacked giving you 146 ports, which you may only need a few interfaces not being suppressed.

So keep that in mind, not only that passive-interface is now in the “af-interface” configuration sub-menu, but that with Named EIGRP you are doing it interface by interface, both very important details for exam day!

One thing I want to check out quick with EIGRP is the Authentication command, and what it includes, because in “Original Mode” you configure a key chain in global configuration, but then turn authentication on and define the key-string on the interface:

R1(config-router-af-interface)#authentication ?
  key-chain  key-chain
  mode       authentication mode

R1(config-router-af-interface)#authentication key-chain ?
  WORD  name of key-chain

R1(config-router-af-interface)#authentication key-chain Test
R1(config-router-af-interface)#authentication mode ?
  md5  Keyed message digest

R1(config-router-af-interface)#authentication mode md5 ?
  <cr>

R1(config-router-af-interface)#authentication mode md5
R1(config-router-af-interface)#
*May 16 06:12:45.915: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is down: authentication mode changed
*May 16 06:12:45.915: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is down: authentication mode changed
R1(config-router-af-interface)#

Well, it dropped our Adjacency again immediately NOT after defining the key-chain, but after turning on authentication, so lets go to R2 and R3 to turn it on AFTER defining that Key Chain called Test it is calling out.

I do like that it’s so simple to turn on, authentication mode md5 and your done, that is pretty sweet, even though I wish they would have added key chain config in here as well but we will probably see that some day.

***Before we segway into a trip down Authentication Lane, I wanted to post the verification command for IP EIGRP Named Mode and where to find the name***

R1#sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is “eigrp 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  Redistributing: eigrp 100
  EIGRP-IPv4 VR(CCNP) Address-Family Protocol for AS(100)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
    NSF-aware route hold timer is 240
    Router-ID: 100.100.100.2

Shows the IP Version #, the Process Name configured for that Address-Family that is configured to AS100, everything can be verified from that one command as seen.

WARNING: We are getting into a quick EIGRP Authentication Review now (quickly)!

So lets gets to it:

R1

R1(config-router-af-interface)#exit-af-interface
R1(config-router-af)#exit-address-family
R1(config-router)#exit
R1(config)#key chain Test
R1(config-keychain)#key 1
R1(config-keychain-key)#?
Key-chain key configuration commands:
accept-lifetime  Set accept lifetime of key
default          Set a command to its defaults
exit             Exit from key-chain key configuration mode
key-string       Set key string
no               Negate a command or set its defaults
send-lifetime    Set send lifetime of key

R1(config-keychain-key)#key-string CCIE
R1(config-keychain-key)#^Z
R1#wr
Building configuration…

*May 16 06:18:11.115: %SYS-5-CONFIG_I: Configured from console by console[OK]
R1#
R1#

R2

R2(config)#key chain Test
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CCIE
R2(config-keychain-key)#int s0/0
R2(config-if)#ip eigrp authen
R2(config-if)#ip eigrp authent
R2(config-if)#eigrp authen
R2(config-if)#eigrp authent
R2(config-if)#ip eigrp ?
% Unrecognized command
R2(config-if)#eigrp ?
% Unrecognized command
R2(config-if)#ip authentication ?
key-chain  key-chain
mode       mode

R2(config-if)#ip authentication mode ?
eigrp  Enhanced Interior Gateway Routing Protocol (EIGRP)

R2(config-if)#ip authentication mode eigrp ?
<1-65535>  Autonomous system number

R2(config-if)#ip authentication mode eigrp 100 ?
md5  Keyed message digest

R2(config-if)#ip authentication mode eigrp 100 md5 ?
<cr>

R2(config-if)#ip authentication mode eigrp 100 md5
R2(config-if)#ip authentication key-chain ?
eigrp  Enhanced Interior Gateway Routing Protocol (EIGRP)

R2(config-if)#ip authentication key-chain eigrp 100 ?
WORD  name of key-chain

R2(config-if)#ip authentication key-chain eigrp 100 Test ?
<cr>

R2(config-if)#ip authentication key-chain eigrp 100 Test
R2(config-if)#
*Mar 31 02:18:53.817: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/0) is up: new adjacency
R2(config-if)#

I left all my previous derps in there to illustrate, IT DOES NOT START WITH “eigrp” OR “ip eigrp …” ON THE INTERFACE! It is “ip authentication …” in fact, here is a break down of each command bull point style for reference:

  • Below are in Global Configuration:
  • key chain (word) – Case Sensitive
  • key # – Can be several keys or just 1
  • key-string (word) – Case Sensitive
  • Below are in Interface Configuration:
  • ip authentication mode eigrp (AS #) md5
  • ip authentication key-chain eigrp (AS #) (word) – Key Chain name (first command)

A couple things to note with this, beginning with the two references to key chain / key-chain from the global config level to the interface level, in global configuration it DOES NOT have a hyphen, but when referencing on the interface it DOES have a hyphen.

It’s kind of a weird little gotcha, but with odd syntax like that to setup authentication which a CCNP should know, its just begging for a Gotcha question!

Also, notice that EIGRP DOES NOT support clear text, or anything outside of MD5 actually.

Another gotcha for exam day, so don’t let that catch you off guard, EIGRP only supports MD5 Authentication, which can be configured in different ways and still work between neighbors just like OSPF authentication can be turned on in OSPF config then key defined on the interface, where another router both can be configured on the interface and they will still Authenticate if they are in the same Area.

One last dad lecture note, EIGRP Authentication should always be turned on, so if someone with a packet sniffer hits the network or plugs in a rogue EIGRP device they can not form a neighbor relationship with our network to goof it up.

 

EIGRP Path Manipulation Methods

 

I know its been a long post, it’s almost 1am, and I’m getting mentally exhausted – Fortunately Path Manipulation is pretty easy as it uses the mechanisms we already learned like distribute-list’s and such.

Lets assume behind R2 and R3 spoke routers is 100 routes, and R2 from the Topology above is a slow Serial-Link, and R3 is a FastEthernet link that is MUCH faster.

In fact lets bring that image down here:

EIGRP_New_Topology

A couple of things we can do is create a Prefix-List that captures a smaller chunk of that address space that R1 will know about via a distribute-list using the prefix-list “le # gr #” which I would configure on the spoke routers EIGRP configuration with the direction “out” as R1 will have both of these Routers coming in on S0/0/0.

Another method is to use a Summary-Address on both spoke routers, with the slower link advertising a Summary-Address for a smaller chunk of all Summary addresses with the faster link taking the larger chunk of the networks via a Summary-Address.

I am too fried at this point to go into examples of this, but I wanted to get this juices flowing of IF you are asked to perform Path manipulation from being doing, what can we use that we already know to help us accomplish the task?

And that is it for EIGRP – Lets move onto another CCNP Topic shall we! 🙂

 

 

EIGRP: How EIGRP forms relationships over different types of WAN’s (We are getting close to done with EIGRP review)!

EIGRP_L3_WAN

Have a few more deep dive sort of Material / Review for EIGRP, and one of them I wanted to be clear on for the exam and out in the wild, is how EIGRP forms relationships over the WAN and why it’s important to know what type of WAN is connecting the neighbors.

EIGRP over a Layer 3 WAN (as pictured above)

When configured EIGRP over the NBMA, I never had to think about where my neighbors truly are, because it’s a Layer 2 type Media that allowed me to ping between R1/R2/R3 without routers or Protocols cause they all showed as Directly Connected routes.

Now this is going to way beyond the scope of CCNP, but to explain the difference between MPLS and VPLS:

  • MPLS is a Layer 2 service provided by ISP’s for customers to directly connect LAN’s
  • VPLS is a Layer 3 service that uses MPLS but also uses VPN Technology at Layer 3

That is as far as I will go with that explanation, but for someone saying “MPLS” isn’t Layer 3, we are talking about VPLS (MPLS VPN) services provided by ISP’s.

Now in the VRF-Lite post I discussed that the scope of VRF in it’s full version is used by ISP’s, this is what I meant, they use different VRF instances to route customer traffic so even if they are using overlapping networks they don’t share any sort of routing information between the different instances – This allows MPLS and VPLS to work.

However in the context of EIGRP over this type of WAN, I wanted to illustrate how doing EIGRP over a WAN is possible, as I was a bit mind boggled when I saw this on the job.

It is possible by forming neighbor relationships with the ISP’s router on the Service Providers Edge routers, and the routes are sent through the WAN separated by VRF instances to the other side, where another Neighbor relationship is formed between the Customer router and the ISP Edge.

So to be noted, the two customer routers do NOT form the EIGRP relationship, the two routers form relationships to the ISP routers, and the ISP transports the routes.

EIGRP over Metro Ethernet

This for EIGRP is the equivalent of building Neighbor Relationships over a LAN, as they do form neighbor relationships with each other, rather than with ISP Edge routers.

Metro Ethernet is considered an Ethernet hand-off to a Multi-Access LAN, and does not peer your network edge to the ISP’s network edge.

EIGRP over Frame Relay

This is about the equivalent to Metro Ethernet, it is a Layer 2 WAN service, where EIGRP neighbors can be discovered dynamically without “neighbor x.x.x.x” statements (with most FR WAN setups), as has been the case with my Frame Switch in the middle of my lab.

Frame-Relay also gives you the option of a Point-to-Point connection or Point-to-Multipoint connection with sub-interfaces, but there is also some drawbacks like Split-Horizon (nothing some “no ip split” can’t handle on the Serial interface). One note is that

Now one major difference between the two is that Ethernet is a Layer 2 “Shared Bus” type Media, so if you put out a single large update, by virtue of the media type it should undoubtedly be received and acknowledged by all other routers on the medium.

However, Frame-Relay does not operate this way, its actually not possible to.

Frame-Relay uses DLCI mappings to traverse the Frame Cloud to its peer routers, so when sending out a large routing update to it’s Neigbors it will have to replicate the update for each Neighbor to send across that Neighbors DLCI, which if you start scaling high enough in router count can begin to become a Hardware Resource killer as well as pegging the Bandwidth – Which makes it less ideal so is only used in my experience in low bandwidth multi-spoke customer deployments like perhaps ATM’s for bank branches.

Although for my lab it works pretty good, however there are such good alternatives in todays networks you probably won’t see this much except for in a lab environment.

With that, I have a few topics left to completely cover review EIGRP cause I didn’t really dig into that as much as I should have the first round, this protocol will probably get the most attention aside from possibly BGP review out of the lot of them.

With that, the next topic will NOT be review, I need a breather from recovering topics!

 

 

 

EIGRP: Static Neighbors discussion and configuration, then some discussion and configuration of the EIGRP RID (and what its used for) !

EIGRP_New_Topology

Static neighbor discussion, configuration, and why you may not want to deploy this

 

Static neighbors have been used in every one of my OSPF labs that include the NBMA, for the same reason you might use configure static EIGRP neighbors, and that’s because the Layer 2 Media doesn’t allow the Adjacencies to form without the statements. However, EIGRP and my NBMA seem to play nice together, it hasn’t been needed but it segways into the discussion of configuring static EIGRP neighbors.

You may want to configure static neighbors if you have some Layer 2 Media type that is not Broadcast or Multicast tolerant, or perhaps as a safety feature to make sure you are only neighbors with routers you define specifically.

I had to perform this recently on the job to piggy back off the non-Broadcast / Multicast tolerant media, configuring static neighbor relationships instead of Multicast discovery, to prove whether the ISP was dropping Multicast traffic because the neighbor command forces EIGRP to use Unicast transmissions between the neighbors when both configured this way.

On the flip side for the security portion, this protects from unknown or possibly malicious devices intercepting the multicast EIGRP packets from your network.

So I configured this over my NBMA, and found it DOES require you to specify an interface as well, which I thought wasn’t going to play nice going out my hub to two different source, but here it is:

R1(config-router)#neighbor 172.12.123.2 s0/0/0 ?
  <cr>

R1(config-router)#neighbor 172.12.123.2 s0/0/0
R1(config-router)#
*May 12 04:15:43.735: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is down: Static peer configured
*May 12 04:15:43.735: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is down: Static peer configured
R1(config-router)#neighbor 172.12.123.3 s0/0/0
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

Uh oh, better get to R2 to send a R1 an EIGRP love letter back their way:

*Mar 31 00:06:11.100: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/0) is down: Interface Goodbye received
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router eigrp 100
R2(config-router)#neighbor 172.12.123.1 s0/0
R2(config-router)#
*Mar 31 00:07:03.446: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/0) is up: new adjacency
R2(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]

And finally the same for R3:

*Mar 31 21:02:48.793: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/2) is down: Interface Goodbye received
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router eigrp 100
R3(config-router)#neighbor 172.12.123.1 s0/2
R3(config-router)#
*Mar 31 21:04:24.386: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.123.1 (Serial0/2) is up: new adjacency
R3(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

Now to check R1 to see if we are all good:

*May 12 04:16:36.111: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is up: new adjacency
R1(config-router)#
*May 12 04:17:19.363: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is up: new adjacency
R1(config-router)#do sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   172.12.123.3            Se0/0/0          167 00:00:14   39   234  0  8
0   172.12.123.2            Se0/0/0          178 00:00:58   63   378  0  7
R1(config-router)#

It appears not to be having any issues so far, I ran a debug and we are still getting Hello’s, however instead of them being Multi-cast to 224.0.0.10 they are Unicast between Neighbors.

The down side as you can see, is that BOTH neighbors have to be configured with this, whereas with OSPF only the DR can be configured with static neighbor statements to its minion routers (DROthers) without them having a say in it.

It will also drop the Adjacencies as seen until both sides are configured, and now an even bigger issue is that all neighbors off of the specified interface will need to be configured with a neighbor statement as well and to prove this I will bring in R4 which is connected to R3 via FastEthernet:

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#router eigrp 100
R4(config-router)#no auto
R4(config-router)#network 172.12.34.0 0.0.0.255
R4(config-router)#do sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  administratively down down
FastEthernet0/1            172.12.34.4     YES NVRAM  up                    down
Loopback4                  4.4.4.4         YES NVRAM  up                    up
R4(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]

R3(config-router)#int fa0/1
R3(config-if)#no shut
R3(config-if)#
*Mar 31 21:19:52.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 31 21:19:52.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 31 21:19:52.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.23.2 (FastEthernet0/0) is down: interface down
R3(config-if)#
ASR#4
[Resuming connection 4 to r4 … ]

*May 12 03:24:19.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R4(config-router)#do sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
R4(config-router)#

As you can see, I had a cable missing issue, but as soon as I popped that sucker into the lab the Adjacency immediately went splat and over on R4 it shows it is not seeing a thing from the rest of our AS 100 so lets give it a neighbor statement and see if R1 will befriend it as well here:

R4(config-router)#neighbor 172.12.123.1 fa0/1
R4(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router eigrp 100
R1(config-router)#neighbor 172.12.34.4 s0/0/0
R1(config-router)#

Interesting, I stuck around to see if the Adjacency was taking some extra time, but no dice. I am guessing I need to form the relationship not through neighbors but to the next hop neighbor, so lets try that again here on R4, leaving the statement on R1 also:

Oooooooh I got it, I’ll spare you the output, I forgot to add 172.12.34.0/24 in EIGRP on R3 because it wasn’t in use in the last labs, after throwing it on there without altering any of what was configured above:

R3(config-router)#network 172.12.34.0 0.0.0.255
R3(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

R1(config-router)#do sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   172.12.123.3            Se0/0/0          155 00:25:36   46   276  0  10
0   172.12.123.2            Se0/0/0          143 00:26:19   58   348  0  8
R1(config-router)#

You ungrateful routing protocol! So first I tried simply removing all statements to and from R4 thinking that it’s Fa0/1 link to R3 has not been comprised by this setup, but guess again – No Adjacency is forming.

Ok lets put some neighbor statements on the Fa0/1 interfaces between R3 and R4 to see if that is what is needed, as you can see this is beginning to look like a LOT of administrative overhead:

R1(config-router)# neighbor 172.12.34.4 s0/0/0
R1(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]

R3(config-router)#nei 172.12.34.4 fa0/1
EIGRP: Static nbr 172.12.34.4 already in AS 100 FastEthernet0/1
R3(config-router)#
ASR#4
[Resuming connection 4 to r4 … ]

R4(config-router)#nei 172.12.34.3 fa0/1
R4(config-router)#
*May 12 03:39:06.795: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.34.3 (FastEthernet0/1) is up: new adjacency
R4(config-router)#

I highlighted one line in red, because it gave me this error when trying to remove the neighbor statement from R3, which is how I caught it wasn’t entered in the EIGRP config in the first place:

R3(config-router)#no neighbor 172.12.34.4 fa0/1
EIGRP: AS 100 not running on FastEthernet0/1, can’t delete static nbr

So it apparently held onto that configuration, even though it the interface was not EIGRP enabled, and the show run to confirm there was no config:

router eigrp 100
 network 3.3.3.3 0.0.0.0
 network 172.12.23.0 0.0.0.255
 network 172.12.123.0 0.0.0.255
 no auto-summary
 neighbor 172.12.123.1 Serial0/2

So that is just kind of odd.

Anyways, so I took a look at R2 just to confirm this overhead, and sure enough he doesn’t know about R4 either because now this router is missing a static neighbor command, and its just turning into a mess.

So this was a good learning experience, but I am removing all this static neighbor stuff from my routers, as this is good if necessary and for security but not something you want to deploy across a large number of routers as that leaves a lot of room for misconfiguration then finding the source – No thanks.

However, between maybe a couple of neighbors between sites, that don’t attach to a lot of other neighbors it can be useful to statically point between your couple of EIGRP routers.

One more point to touch on, to verify static neighbor relationships, “sh ip eigrp nei” doesn’t show static neighbor information, you need to use “sh ip eigrp nei det”, however I already removed the configs just remember that (along with everything else, of course).

 

The EIGRP RID

 

The EIGRP Router ID comes up with it’s RID exactly how OSPF does, first it looks for the highest logical (loopback) interface, and if none, it will use the highest physical interface IP address in IPv4 format.

There are a few points here about EIGRP RID and External points that I’ll bullet point style this one and explain further down:

  • EIGRP RID used to prevent External routing loops
  • Routers injecting external EIGRP routes also knows it’s RID as the “Originator”
  • If two neighbors have the same RID they can still form neighbor relationships
  • Routers will not accept External updates that have the same RID

That is a lot of External talk, so let us explain here, and actually lets lab this one up. I’ll configure R2 and R3 with the same RID manually, and see first what happens on R1:

R2(config-router)#eigrp router-id 23.23.23.23
R2(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router eigrp 100
R3(config-router)#eigrp
*Mar 31 22:12:23.208: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.23.2 (FastEthernet0/0) is down: Interface Goodbye received
R3(config-router)#eigrp routeri
*Mar 31 22:12:26.462: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.23.2 (FastEthernet0/0) is up: new adjacency
R3(config-router)#eigrp router-id 23.23.23.23
R3(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

*May 12 05:25:18.799: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is down: Interface PEER-TERMINATION received
R1#
*May 12 05:25:40.599: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is down: Interface PEER-TERMINATION received
R1#
*May 12 05:26:02.835: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is up: new adjacency
*May 12 05:26:02.843: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is up: new adjacency
R1#

I feel like I am running through an exploding building configuring the RID’s, however all adjacencies came back up and everything looks good thus far:

R1#sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   172.12.123.3            Se0/0/0          130 00:01:44 1279  5000  0  39
0   172.12.123.2            Se0/0/0          128 00:01:44 1049  5000  0  22

R1#sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.34.0/24, 1 successors, FD is 2172416
        via 172.12.123.3 (2172416/28160), Serial0/0/0
        via 172.12.123.2 (2174976/30720), Serial0/0/0
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856
        via 172.12.123.3 (2297856/128256), Serial0/0/0
        via 172.12.123.2 (2300416/156160), Serial0/0/0

So on R1 everything seems good to go, but what about R2 and R3:

R2#sh ip eigrp nei
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   172.12.123.1            Se0/0            159 00:03:10  120   720  0  32
0   172.12.23.3             Fa0/0             14 00:03:27    5   300  0  36
R2#sh ip eigrp top
IP-EIGRP Topology Table for AS(100)/ID(23.23.23.23)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 3.3.3.3/32, 1 successors, FD is 156160
        via 172.12.23.3 (156160/128256), FastEthernet0/0
P 2.2.2.2/32, 1 successors, FD is 128256
        via Connected, Loopback2
P 172.12.34.0/24, 1 successors, FD is 30720
        via 172.12.23.3 (30720/28160), FastEthernet0/0
P 172.12.23.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0
R2#

So to get something going here, I will add a loopback to R3, and redistribute it into EIGRP, and see if R2 is able to see it:

R3(config-router)#redistribute connected metric 1544 10 255 1 1500
R3(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

R1#sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.34.0/24, 1 successors, FD is 2172416
        via 172.12.123.3 (2172416/28160), Serial0/0/0
        via 172.12.123.2 (2174976/30720), Serial0/0/0
P 33.33.33.33/32, 1 successors, FD is 2172416
        via 172.12.123.3 (2172416/1660416), Serial0/0/0
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856
        via 172.12.123.3 (2297856/128256), Serial0/0/0
        via 172.12.123.2 (2300416/156160), Serial0/0/0

R1#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip eigrp top
IP-EIGRP Topology Table for AS(100)/ID(23.23.23.23)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 3.3.3.3/32, 1 successors, FD is 156160
        via 172.12.23.3 (156160/128256), FastEthernet0/0
P 2.2.2.2/32, 1 successors, FD is 128256
        via Connected, Loopback2
P 172.12.34.0/24, 1 successors, FD is 30720
        via 172.12.23.3 (30720/28160), FastEthernet0/0
P 172.12.23.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0
R2#

There is the proof in the pudding, R1 will accept the external route, but R2 with a matching RID will not as routing loop mechanism for External routes.

On a side note that I don’t really care to perform as I am hitting my burnout point, if two routers are directly connected, they will actually discard both Internal and External routes from each other if they have the same RID, however if you stick a router between the two then they are back to dropping only external routes.

That is it for this post on the RID and Static neighbors, it seems to have a lot less use in EIGRP as honestly I am still not quite clear on how it prevents routing loops via the RID.

However, I will take the knowledge that if two routers have the same RID, they will drop External routes as a route loop prevention mechanism, and if directly connected they may drop internal routes as well.

Until next time!

EIGRP: Convergence refresher: Hello’s, Query’s, Active and SIA Route states, and limiting the scope of Query’s! FUN STUFF!

No diagram for this one, just wanted to post some refresher notes on EIGRP, as its been awhile since I’ve looked at some fundamentals, and I felt it’d be good to post some refresher on EIGRP network convergence and other things to think about for exam day that aren’t technical configurations but just protocol behaviors.

So this will be like my “in a can” posts without just bullet point after bullet point.

Basic Stuff

If two routes to the same network are learned from a redistributed route with a Feasible Distance of 500, and the other a neighbor with the network entered via the “network” command with an FD of 1000, which route is the Successor?

The FD 1000, because the Redistributed route by default will have an AD of 170, while the other will be 90 (and that is the first determining factor in choosing the best route).

Metric and Distance are used interchangeably because they are the same thing quite literally, a combination (by default) of the Delay and Bandwidth to a destination as reported by routers along the path.

CEF determines packet forward and load balancing – Not the protocol itself.

To solve equal cost load balancing, you can create at offset-list to slightly add weight to one of the routes, to make it a Feasible Successor.

In the Topology table, Successor routes are always the top line if there are also Feasible Successors underneath it as well.

Any routes not in the Topology table will not be used, even though you can see them with the “all-links” added to “sh ip eigrp top”, they do not meet the feasibility condition and therefor are not considered loop-free so they will not be used.

Convergence Stuff

If a route goes Active, a “Query” is sent to all EIGRP neighbors (Except Stubs).

Once this Query sending is triggered, the “Active Timer” starts (3 minutes by default) in which the router waits to get a “Reply” from a neighbor. The Active Timer can be changed in router configuration mode with the command “timers active x” where x is in minutes (or can be set to disabled).

After half the time of the Active Timer (90 seconds by default), a SIA-Query is sent to the upstream router to confirm it is Alive, if so it will send back an SIA-Reply. If another 90 seconds goes by the route is officially Stuck in Active.

A little router output from a debug from how it Queries, SIA-Queries, and finally declares a route SIA:

R1#show ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(11.11.11.11)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0/0
P 172.12.23.0/24, 1 successors, FD is 2173416
via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
via 172.12.123.2 (2297856/128256), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856
        via 172.12.123.3 (2297856/128256), Serial0/0/0

I did a “debug eigrp pack” on R1 and “shut” on R3’s NBMA link (172.12.123.3), and here is some of the notable output, I won’t drown the screen with all of it:

*May 12 00:26:38.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 5, RTO 5000 tid 0
*May 12 00:26:38.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 28-28
R1#
*May 12 00:26:43.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 6, RTO 5000 tid 0
*May 12 00:26:43.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 28-28
R1#
*May 12 00:26:48.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 7, RTO 5000 tid 0
*May 12 00:26:48.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 28-28
*May 12 00:26:48.295: EIGRP: Enqueueing SIAQUERY on Serial0/0/0 nbr 172.12.123.3 tid 0 iidbQ un/rely 0/1 peerQ un/rely 0/1 serno 30-30
*May 12 00:26:48.299: EIGRP: Requeued unicast on Serial0/0/0
R1#
*May 12 00:26:53.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 8, RTO 5000 tid 0
*May 12 00:26:53.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/2 serno 28-28
R1#
*May 12 00:26:58.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 9, RTO 5000 tid 0
*May 12 00:26:58.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/2 serno 28-28

I forgot to mention I set the Timer to 1 minute, so SIAQUERY shows 30/30, stating it has begun its final countdown *Queue the music*. Note Query’s are sent every 5 seconds.

So lets see the this route laid to rest via debug output:

*May 12 00:27:13.283: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.3, retry 12, RTO 5000 tid 0
*May 12 00:27:13.283:   AS 100, Flags 0x0:(NULL), Seq 21/12 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/2 serno 28-28
R1#
*May 12 00:27:18.283: %DUAL-3-SIA: Route 11.11.11.11/32 stuck-in-active state in base 100.  Cleaning up
*May 12 00:27:18.283: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is down: stuck in active
*May 12 00:27:18.283: EIGRP: Lost Version2 Peer (2 Peers, 1 V2 Peers)
*May 12 00:27:18.283: EIGRP: Enqueueing QUERY on Serial0/0/0 tid 0 iidbQ un/rely 0/1 serno 31-32
*May 12 00:27:18.287: EIGRP: Enqueueing QUERY on Serial0/0/0 nbr 172.12.123.2 tid 0 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 31-32
*May 12 00:27:18.287: EIGRP: Sending QUERY on Serial0/0/0 nbr 172.12.123.2 tid 0
*May 12 00:27:18.287:   AS 100, Flags 0x0:(NULL), Seq 24/13 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 31-32
*May 12 00:27:18.287: EIGRP: Build goodbye tlv for 172.12.123.3

So what does the Topology table look like now:

R1#sh ip eigrp top all-links
EIGRP-IPv4 Topology Table for AS(100)/ID(11.11.11.11)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.123.0/24, 1 successors, FD is 2169856, serno 3
        via Connected, Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856, serno 12
        via 172.12.123.2 (2297856/128256), Serial0/0/0

R1#

It’s gone like that last line of debug output said, bye bye to 172.12.123.3. I believe if I manipulated the router to respond to the SIAQUERY it’d still be in the Topology table with and s for SIA, but I’m not getting too elaborate here.

So with a 1 minute Active Timer, 1 minute elapses and that route is outta here, however the route will remain in the IP route table during that 1 minute and traffic will still be routed to this “Active” EIGRP route.

2 way to limit the scope of Query’s sent across the Network (And some Stub Stuff)

Stub Routers, and Route Summarization.

Stub routers set a flag in their Hello packet (that can be viewed in wireshark analysis) that indicates its a stub router, so the neighbor will not forward Query’s from other routers or its own to this Stub Router.

Stub Routers do not advertise routes learned from one neighbor to other neighbors, and in fact only advertise connected or Summary routes.

To configure a stub router, in router configuration mode, “eigrp stub”

There are some modifiers that can be added to the end, as you can redistribute into a stub network from other IGP’s or connected routes, but it must be done with the “eigrp stub redistribute …” command.

In fact, here are those modifier, bare in mind by default the stub network already does advertise static and summary routes:

R1(config-router)#eigrp stub ?
  connected      Do advertise connected routes
  leak-map       Allow dynamic prefixes based on the leak-map
  receive-only   Set receive only neighbor
  redistributed  Do advertise redistributed routes
  static         Do advertise static routes
  summary        Do advertise summary routes
  <cr>

“receive-only” is a rather profound statement, as it negates any kind of advertising of routes at all, it will ONLY receive updates with this modifier configured.

Summarization stops Query’s almost immediately in their tracks (at the next hop router), because a Query is looking for a specific prefix/length, while a Summary Route being advertised is a collection or Summary of those specific Prefixes.

So routers up stream of the Summary Route will not even forward the Query, but rather Reply back that it does not have the Prefix/Length and knows nothing of it, because it has the Summarized route – So Query’s will only make it one hop beyond a router summarizing it’s EIGRP routes (or at least the ones being Query’d).

I won’t get into route summarization for EIGRP here, I just wanted to get some review in the air, as exam date grows closer its time to cover all the bases. That is all for now!

One cool thing I did notice reviewing the debug output – The retry # of the Query sent matched exactly what we’d expect for 60 seconds as the Active Timer, as they are sent every 5 seconds, and 5 x 12 = 60. So after Retry 12 you see the demolition of our neighbor 172.12.123.3 – I thought this was pretty cool you can tell the Active Timer by how many Retries it takes to demolish the neighbor adjacency.

Again, that is all, until next time (probably tonight)!

EIGRP: DEEP Dive into Route Filtering with Distribute-Lists using ACL’s – Important notes on using Extended ACL’s for exam day!

EIGRP_New_Topology

Only the NBMA and Ethernet segments will be used for quick demonstrations and clarity, unless R4 or R5 is needed for demonstration.

The first mechanism specifically for EIGRP to filter EIGRP learned routes is by distribute lists, which have a similar syntax structure and function in ways as an offset-list, in the ways that:

  • It requires an ACL, Prefix-List, or Route-Map to be referenced by the distribute-list
  • The distribute-list is configured in EIGRP router configuration mode
  • It is configured with “in” and “out” options for directional route filtering
  • An interface is a optional on distribute-list’s just like with offset-lists
  • Can use both Extended and Standard ACL’s as demonstrated below

Now with OSPF the directional options are a bit tricky, however with EIGRP distribute-list’s it is either filtering “in”coming routing updates before placing them in the routing table, or filtering “out”going routing updates.

Also as mentioned and bears repeating, you can specify an interface in the distribute-list command, if no interface is specified it is applied to routes coming in or going out any interface.

When using an Access-List to be called out in the distribute-list, Permit statements allow routes to be accepted / sent out, and Deny statements block routes from being accepted or sent out from the specified ACL.

***Random piece of information from lesson, each line of an ACL is called an ACE (Access Control Entry), I did not know that before so thought it should be mentioned***

Here is a demonstration of how to configure a distribute-list using an ACL:

R1#sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856

        via 172.12.123.3 (2297856/128256), Serial0/0/0

        via 172.12.123.2 (2300416/156160), Serial0/0/0

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#access-list 3 deny 3.3.3.3
R1(config)#access-list 3 permit any
R1(config)#router eigrp 100
R1(config-router)#distribute-list 3 in
R1(config-router)#
*May 11 02:03:58.759: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is resync: route configuration changed
*May 11 02:03:58.759: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is resync: route configuration changed
R1(config-router)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0

R1(config-router)#

Now route 3.3.3.3 is being filtered, and as you will notice like an offset-list, it resets your adjacencies with your EIGRP neighbors, so it’s pretty straight forward.

To verify if any filtering is being done by EIGRP on your local router, use the command “sh ip proto” and it will display in the output:

R1(config-router)#do sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is “eigrp 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is 3

  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  Redistributing: eigrp 100
  EIGRP-IPv4 Protocol for AS(100)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
    NSF-aware route hold timer is 240
    Router-ID: 1.1.1.1

Now if we want to filter outbound, it works the same way:

R1(config-router)#int lo11
R1(config-if)#ip add
*May 11 02:20:03.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback11, changed state to up
R1(config-if)#ip add 11.11.11.11 255.255.255.255
R1(config-if)#exit
R1(config)#access-list 11 deny 11.11.11.11
R1(config)#access-list 11 permit any
R1(config)#router eigrp 100
R1(config-router)#network 11.11.11.11 0.0.0.0
R1(config-router)#distribute-list 11 out
R1(config-router)#
*May 11 02:21:37.599: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is resync: route configuration changed
*May 11 02:21:37.599: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is resync: route configuration changed

And to verify:

R1(config-router)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
        via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0

R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip eigrp top
IP-EIGRP Topology Table for AS(100)/ID(2.2.2.2)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 3.3.3.3/32, 1 successors, FD is 156160
        via 172.12.23.3 (156160/128256), FastEthernet0/0
P 2.2.2.2/32, 1 successors, FD is 128256
        via Connected, Loopback2
P 172.12.15.0/24, 1 successors, FD is 2172416
        via 172.12.123.1 (2172416/28160), Serial0/0
P 172.12.23.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0
R2#

No 11.11.11.11/32 route being Advertised by R1, however what if we want to add more than one distribute list to EIGRP? That is a good question to lab:

R1(config-router)#exit
R1(config)#access-list 2 deny 2.2.2.2
R1(config)#access-list 2 permit any
R1(config)#router eigrp 100
R1(config-router)#distribute-list 2 in
R1(config-router)#
*May 11 02:28:35.003: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is resync: route configuration changed
*May 11 02:28:35.003: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is resync: route configuration changed
R1(config-router)#do sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is “eigrp 100”
  Outgoing update filter list for all interfaces is 11
  Incoming update filter list for all interfaces is 2

So as demonstrated here, you can have multiple ACE’s to filter routes in a single ACL, however you cannot use multiple distribute-list’s on a given direction, I’ll spare the output but route 3.3.3.3/32 is once again in the Topology table and 2.2.2.2/32 is gone.

***Another random but important note, the command “show ip eigrp top all-links” will show all learned EIGRP routes, specifically including the ones that do NOT meet the Feasibility condition to become a Feasible Successor in the Topology table***

The feasibility condition states if a routes Reported Distance is greater than the Successor routes Feasible Distance, it is not put into the Topology table, but it is still learned and can be seen using the “sh ip eigrp top all-links” command.

Another good note more geared for TSHOOT but could show up on ROUTE, if a route you are expecting to be in the Topology table is not there and the “… all-links” command does show it was learned, it may have a Bandwidth or Delay configuration on the interface that needs to be removed that is altering the Metric.

So if you are expecting a route, or are just asked how you see all routes in the Topology table, use “all-links” in the show command.

NOW, FOR AN IMPORTANT LOOK AT HOW EXTENDED ACCESS-LISTS WORK WITH EIGRP DISTRIBUTE-LISTS, VERY IMPORTANT BEHAVIOR TO UNDERSTAND!

If using an Extended ACL rather than a standard to just block any incoming or outgoing routes, you can use an extended ACL not to filter by a source its coming from and a destination its going to, but to filter routes only from a particular source.

This is done by actually reversing how the router looks at the ACL, how it normally views it by source and destination, the “source” portion will identify the router advertising the route and the “destination” portion will define the route being advertised.

So for example, I only want to know about the Ethernet segment 172.12.23.0/24 from R3, and I only want to know of 3.3.3.3/32 from R2. Lets step through this, starting with verification that we can see all routes initially on R1:

R1

R1(config)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
        via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856
        via 172.12.123.3 (2297856/128256), Serial0/0/0
        via 172.12.123.2 (2300416/156160), Serial0/0/0

R1(config)#

We have selected our routes to be filtered in red. Now lets right an Extended ACL where the source defines the router advertising the route, and the destination defining the route being advertised:

R1(config)#access-list 123 deny ip host 172.12.123.2 172.12.23.0 0.0.0.255
R1(config)#access-list 123 deny ip host 172.12.123.3 host 3.3.3.3
R1(config)#access-list 123 permit ip any any
R1(config)#router eigrp 100
R1(config-router)#distribute-list 123 in
R1(config-router)#
*May 11 03:10:57.967: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is resync: route configuration changed
*May 11 03:10:57.967: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is resync: route configuration changed
R1(config-router)#

So we should now see our path to the network 3.3.3.3/32 is through 172.12.123.2, and that our Ethernet segment 172.12.23.0/24 is only available via R3 (hopefully):

R1(config-router)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
        via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 1 successors, FD is 2173416

        via 172.12.123.3 (2173416/29160), Serial0/0/0

P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 3.3.3.3/32, 1 successors, FD is 2297856

        via 172.12.123.2 (2300416/156160), Serial0/0/0

R1(config-router)#

Beautiful, works exactly how it should, you just need to keep in mind for EIGRP ACL Distribute-Lists that the source is the advertising router and the destination is the route to be filtered!

I will stop this here because this about covers all bases for EIGRP Distribute-List / route filtering using Distribute-Lists and Access-Lists, and will make a separate post regarding the use of Prefix-Lists and why we would bother to use them over this method.

EIGRP – IMPORTANT INFO FOR EXAM DAY on K weights and Redistribution, and using an offset-list for Metric tuning!

EIGRP_New_Topology

Only the NBMA and Ethernet segments will be used for quick demonstrations and clarity, unless R4 or R5 is needed for demonstration.

There are two different ways to change the Metric for EIGRP, one of those is by changing the “bandwidth” or “delay” on the interface, or by using an offset list.

Changing the Metric values of bandwidth or delay on an interface:

R4(config-if)#bandwidth ?
<1-10000000>   Bandwidth in kilobits
inherit        Specify how bandwidth is inherited
qos-reference  Reference bandwidth for QOS test
receive        Specify receive-side bandwidth

R4(config-if)#delay ?
<1-16777215>  Throughput delay (tens of microseconds)

R4(config-if)#do sh int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 001b.5336.f2cd (bia 001b.5336.f2cd)
Internet address is 172.12.34.4/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set

So “Delay” should be your first change if required to change either, as many things rely on “Bandwidth” such as QoS and other protocols, as well as changing the Feasible Distance to upstream routers.

However I’ve highlighted the odd Delay difference in configuration on the interface, and how it is displayed. It is displayed in Microseconds, but when configured is shown to be changed in units of “tens of microseconds” so to put this interfaces default delay of 100 on it the command would be “delay 10” on the interface.

Watch this Cisco gotcha on exam day, because that little oddity is begging for a question.

Speaking of oddities, I want to quickly demonstrate the curiosity of this is when you do “sh ip proto” by default you will see K1 and K3 on:

R4(config-router)#do sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is “eigrp 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP-IPv4 Protocol for AS(100)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0

Being that EIGRP Metric by default is determined by Bandwidth and Delay, when setting the metric for redistributing routes into EIGRP that it should be the first and third value according to “sh ip proto”, but that is not the case as shown redistributing RIP into EIGRP:

R4(config-router)#redistribute rip metric ?
  <1-4294967295>  Bandwidth metric in Kbits per second

R4(config-router)#redistribute rip metric 1 ?
  <0-4294967295>  EIGRP delay metric, in 10 microsecond units

R4(config-router)#redistribute rip metric 1 2 ?
  <0-255>  EIGRP reliability metric where 255 is 100% reliable

R4(config-router)#redistribute rip metric 1 2 3 ?
  <1-255>  EIGRP Effective bandwidth metric (Loading) where 255 is 100% loaded

R4(config-router)#redistribute rip metric 1 2 3 4 ?
  <1-65535>  EIGRP MTU of the path

So if you are being asked to redistribute into EIGRP this is a huge red flag as to whether you know this difference, the attributes go in this order:

  • Bandwidth
  • Delay
  • Reliability
  • Load
  • MTU

So on exam day when it asks you to change the Bandwidth or Delay in Redistribution, you will know that it is first Bandwidth, then Delay, then all the other stuff that you really shouldn’t touch because we have offset-lists that work much better than changing parts of the EIGRP Metric Formula.

You can also use “metric weight 0 k1 k2 k3 k4 k5” in router configuration mode, however the formula is so complex it might make my brain collapse in on itself right now, so we will move on to the most feasible of all our options!

 

OFFSET-LISTS!

 

An offset-list is a way for EIGRP to come up with its own Metric, but having the local router add value to that Metric to adjust it, without changing any values in EIGRP itself calculates (seen below). This uses an access-list to define the traffic you want the offset-list to effect.

This allows you to modify the Distance for specific routes without effecting all of them like you would if you changed Bandwidth or Delay on an interface, in fact you don’t need to even specify an interface that the network is learned on.

Some very important notes regarding offset-lists before we get into configuration:

  • Must use a ‘permit’ on the ACL for the offset-list to work, deny is invalid for offset-lists, so if you see this it is incorrect
  • Offset value is added to both Feasible Distance and Reported Distance of Networks defined in the Access-List
  • ONLY STANDARD ACL’S CAN BE USED – NO EXTENDED ACL’S FOR OFFSET-LISTS!
  • Direction is also specified, whether you want incoming or outgoing routes to have their metric offset
  • Offset-Lists can only be used to increase the Metric, they CANNOT be used to decrease it

So lets look at the configuration of this in EIGRP:

We will use 172.12.23.0/24 for this offset-list config, note its FD

R1#sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2172416
        via 172.12.123.2 (2172416/28160), Serial0/0/0
        via 172.12.123.3 (2172416/28160), Serial0/0/0

Now we create the access-list, and apply it to our offset-list

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#access-list 23 permit 172.12.23.0 0.0.0.255
R1(config)#router eigrp 100
R1(config-router)#offset-list ?
  <1-99>       Access list of networks to apply offset (standard range)
  <1300-1999>  Access list of networks to apply offset (extended range)
  WORD         Access-list name

R1(config-router)#offset-list 23 ?
  in   Perform offset on incoming updates
  out  Perform offset on outgoing updates

R1(config-router)#offset-list 23 in ?
  <0-2147483647>  Offset

R1(config-router)#offset-list 23 in 1000

Now lets take another look at the FD for our paths to 172.12.23.0/24

R1(config-router)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2172416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0

Notice that the original / actual EIGRP Metric shows in the Topology Tables Successor entry for the route, however the offset FD is what will be shown in the IP Route Table:

R1(config-router)#do sh ip route eigrp

Gateway of last resort is not set

      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/2297856] via 172.12.123.2, 00:50:34, Serial0/0/0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/2297856] via 172.12.123.3, 00:50:34, Serial0/0/0
      172.12.0.0/16 is variably subnetted, 5 subnets, 2 masks
D        172.12.23.0/24 [90/2173416] via 172.12.123.3, 00:09:57, Serial0/0/0
                        [90/2173416] via 172.12.123.2, 00:09:57, Serial0/0/0
R1(config-router)#

Also, the offset Feasible Distance is what will be advertised to downstream routers, not the actual EIGRP Metric calculated by the router (for the networks defined in the ACL).

Another good thing to note, offset-lists cause Adjacencies to bounce, so applying them will cause that quick reset in neighbor relationships.

The off-set list is configured the same going “out” rather than in, except it will not take effect on the local router, but will change the Metric when advertising the network(s) outbound to other EIGRP routers.

One final note about offset-lists and I will be done with this post

Configuration of EIGRP in IPv6, output examples and differences from v4, and some old IOS code derps!

IPv6_EIGRP

I sometimes wonder how much it makes network engineers cringe when they look at a blog post (if any engineers do), and see my barely put together Topology not made in Visio as my diagram 🙂

Anyways this should be pretty quick, so far I have only configured the loopback and FastEthernet0/0 interfaces for the Ethernet segment, and configured EIGRP RID’s on all of them the exact same way as OSPF:

R3(config)#ipv6 router eigrp 100
R3(config-rtr)#router-id 3.3.3.3

Only of course I did that for R2, R3, and R4 because I am a nice guy like that. For the Fa0/0 interfaces I have no shut them and assigned only IP addresses shown in the Topology, so for the sake of testing we should be able to ping around quick from R2 to R3 and R4 as their on a shared Ethernet Segment of 2001::0/64:

R2(config-if)#do ping 2001::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms
R2(config-if)#do ping 2001::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::4, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R2(config-if)#

@_@. Already? Ahhh, no worries, cabling mis-hap in my semi-awake state, lets try again:

R2(config-if)#do ping 2001::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms
R2(config-if)#

There we go. So I have already enabled EIGRP AS 100 on all 3 routers, however I need to configure it interface by interface like OSPFv3:

R2(config-if)#ipv6 eigrp 100
R2(config-if)#
ASR>3
[Resuming connection 3 to r3 … ]

R3(config-if)#ipv6 eigrp 100
R3(config-if)#
ASR>4
[Resuming connection 4 to r4 … ]

R4(config-if)#ipv6 eigrp 100
R4(config-if)#

Simple enough, so at this point we aren’t going to see any EIGRP routes because we’re all already connected to eachother, but why have no adjacencies formed between the 3 routers? So the investigation begins, confirming first across all 3 routers with “sh ipv6 eigrp nei” that noone has a neighbor.

So I was on R2 reviewing the show run when I saw this oddity:

!
ipv6 router eigrp 100
 router-id 2.2.2.2
 shutdown
!
!

What? Routing process is shut down? Well lets no shut like an interface and see what happens I suppose:

R2(config-if)#exit
R2(config)#ipv6 router eigrp 100
R2(config-rtr)#no shut
R2(config-rtr)#
*Mar  1 22:52:33.402: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::21B:53FF:FE36:F2CC (FastEthernet0/0) is up: new adjacency
R2(config-rtr)#
R2(config-rtr)#do sh ipv6 eigrp nei
IPv6-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
(sec)         (ms)       Cnt Num
0   Link-local address:     Fa0/0             11 00:02:17    6   200  0  2
FE80::21B:53FF:FE36:F2CC

You have to be kitten me. This wasn’t on the training video course I am going with, so this was like turning over a rock, and finding IPv6 EIGRP gold my CCNP candidate friends.

So lesson # 1, in IPv6 if your neighbors aren’t forming adjacencies… no shut the ipv6 router eigrp # I guess.

That is really weird. Anyways, I wanted to know who it formed an Adjacency with as I hadn’t “no shut” any other routers, went to R3 and look at this:

R3(config-if)#
R3(config-if)#do sh ipv6 eigrp nei
IPv6-EIGRP neighbors for process 100
% EIGRP 100 is in SHUTDOWN
R3(config-if)#


So after going across all 3 routers, it wasn’t in that video because on code 15.x IOS, it doesn’t require the “no shut” in the router process, so maybe keep it in the back of your head for troubleshooting but my old crusty gear needs that extra kick to work.

^ This will be demonstrated below as I “no shut” the other R3 and R4:

R3(config)#ipv6 router eigrp 100
R3(config-rtr)#no shut
R3(config-rtr)#
*Mar  2 07:36:40.370: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::20E:D7FF:FE10:6C60 (FastEthernet0/0) is up: new adjacency
*Mar  2 07:36:40.370: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::21B:53FF:FE36:F2CC (FastEthernet0/0) is up: new adjacency
R3(config-rtr)#
ASR>4
[Resuming connection 4 to r4 … ]

*Mar  8 04:45:38.655: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor FE80::20E:D7FF:FE10:6C60 (FastEthernet0/0) is up: new adjacency
R4(config-if)#
*Mar  8 04:52:06.939: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor FE80::20F:23FF:FE09:B180 (FastEthernet0/0) is up: new adjacency
R4(config-if)#exit
R4(config)#ipv6 router eigrp 100
R4(config-rtr)#no shut

I kind of already knew something was up, because when I flipped to R4 via the access-server there I had the console messages for DUAL changes waiting for me, so with 15.x IOS code in the lab room ignore the “no shut” non-sense.

Now, back onto the lab, lets confirm all the neighbors are friends and saying Hellos to each other and being good neighbors:

R4(config)#do sh ipv6 eigrp nei
EIGRP-IPv6 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   Link-local address:     Fa0/0             13 00:05:31    9   200  0  4
    FE80::20F:23FF:FE09:B180
0   Link-local address:     Fa0/0             12 00:11:59    5   200  0  2
    FE80::20E:D7FF:FE10:6C60
R4(config)#

Ok, the link-local address is pretty irritating because that doesn’t show me which neighbor is actually there unless I run the command in detail, I would imagine:

R4(config)#do sh ipv6 eigrp nei det
EIGRP-IPv6 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   Link-local address:     Fa0/0             12 00:07:00    9   200  0  4
    FE80::20F:23FF:FE09:B180
   Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
   Topology-ids from peer – 0
0   Link-local address:     Fa0/0             13 00:13:28    5   200  0  2
    FE80::20E:D7FF:FE10:6C60
   Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
   Topology-ids from peer – 0
R4(config)#

Nope, no actual assigned IP addresses here, just that link-local address. I could see it using the RID here, but the link-local address that is only known by the remote router? Gah!

So at this point we have neighbors, but no routes for EIGRP in the IPv6 route table as we haven’t added any loopbacks, so lets get to that:

R4(config)#int lo4
R4(config-if)#ipv6 eigrp 100
R4(config-if)#
ASR>3
[Resuming connection 3 to r3 … ]

R3(config-rtr)#int lo3
R3(config-if)#ipv6 eigrp 100
R3(config-if)#
ASR>2
[Resuming connection 2 to r2 … ]

*Mar  1 22:59:01.626: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::20F:23FF:FE09:B180 (FastEthernet0/0) is up: new adjacency
R2(config-rtr)#
R2(config-rtr)#do sh ipv6 route eigrp
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
D   2003::/64 [90/156160]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
D   2004::/64 [90/156160]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
R2(config-rtr)#do ping 2003::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/4/16 ms
R2(config-rtr)#do ping 2004::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R2(config-rtr)#

So that looks the same, however I want to get a bit of redistribution in here, and actually I want to get it on R4 to demonstrate some things not available on 12.x code.

And to note, most behavior issues on these older IOS images is IPv6, so my posts are valid for this exam and the information in them – Just to give myself some credibility… yeah.

So couple of things I want to point out when configuring your redistribution, as we know from IPv4 EIGRP has no seed metric so it must be added either on the Redistribution statement or by “default-metric # # # # #” in router configuration mode:

R4(config-if)#exit
R4(config)#ipv6 router eigrp 100
R4(config-rtr)#default-metric 1544 10 100 1 1500
R4(config-rtr)#redistribute connected ?
metric     Metric for redistributed routes
route-map  Route map reference
<cr>


R4(config-rtr)#redistribute connected
R4(config-rtr)#

So you can see there is still a metric and route-map available after redistribute command is going, but no subnets again because IPv6 don’t have time for none of that subnet business.

So lets look at R2’s route table:

R2(config-if)#do sh ipv6 route eigrp
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
D   2003::/64 [90/156160]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
EX  2004::/64 [170/1662976]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0

R2(config-if)#do ping 2004::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
R2(config-if)#

You can see still the same AD values for Internal and External, nothing fancy, basically the same as IPv4 with the small 12.x IOS caveat I stumbled upon.

So for redistributed routes, the difference from IPv4 to IPv6 is v4 will show D EX in it’s route table where IPv6 will just show EX in it’s route table for an EIGRP external route.

And that is it, I am going to enjoy the little bit of night I have left, next up will be RIPing!