Академический Документы
Профессиональный Документы
Культура Документы
BRKRST-2336
Donnie Savage
Don Slice
Why EIGRP?
EIGRP is easy to design and support
Faster system design & deployment time
Easier learning curve for support personnel
Lower Operational Costs (OpEx)
BRKRST-2336
Cisco Public
2013
Open-EIGRP:
draft-savage-eigrp-00
Cisco Public
Feature Overview
IOS-Classic / IOS-XE
IOS-XR
NX-OS
BFD
Yes
Roadmap
Yes
IP Fast Reroute
3.7
Roadmap
Roadmap
Non-Stop Routing
3.9/3.10
Roadmap
Roadmap
UCMP
Yes
Yes
No
EIGRP add-path
3.8
Roadmap
Roadmap
VRF-Aware EIGRP
Yes
Yes
Yes
Yes
Yes
Yes
EIGRP 6PE/6VPE
3.9
Roadmap
Roadmap
Yes/3.7
No/No
Yes/No
Yes
No
Yes
EIGRP Multi-Instance
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Yes
Yes
Yes
BRKRST-2336
Cisco Public
Distribution:
Provides aggregation of traffic flows from multiple Access layers to the Core. Traffic filtering and
packet policies are typically implemented here. The distribution layer should be the blocking point
for Queries (more about this later)
Access:
Provide connectivity to user attachment points for servers, end stations, storage devices, and other
IP devices. Consider use of EIGRP STUBS (more about this later)
WAN Aggregation:
Provides connectivity to the internet and/or remote sites/offices.
BRKRST-2336
Cisco Public
Core
WAN Aggregation
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Core
Application
Acceleration
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 3
Building 2
Building 4
Regional Office
BRKRST-2336
Cisco Public
Address-Family Support
EIGRP Address Family Support for IPv4/IPv6
With the introduction of EIGRP support for Address Families (AFs),
EIGRP supports IPv4 and IPv6 under a single router instance
Reduced complexity
Helps enable IPv4 and IPv6 address families to be
supported on a single network infrastructure.
Can be phased in, or applied in green fields
EIGRP IPv4 and IPv6 can be run concurrently
Each address family has a separate topology tables
No Fate Sharing
Design deployment techniques are the same for IPv4
and IPv6
Minimal differences mean no lengthy training required
Configuration and Troubleshooting similar
Same Route Types (Internal, External, Summary)
BRKRST-2336
Cisco Public
Address-Family Support
Named Mode(multi-address family)
Can be phased in, or applied in green fields
Reduced complexity
EIGRP support for IPv6
Link local routing brings a concept of scalable routing
Uses IPv6 transport and uses link-local addresses as source address.
EIGRP IPv4 and IPv6 can be run concurrently
Cisco supports both
Each address family has a separate topology tables
No Fate Sharing
IPv4
Design deployment techniques are the same for IPv4 and IPv6
Minimal differences mean no lengthy training required
Configuration and Troubleshooting similar
Same Route Types (Internal, External, Summary)
BRKRST-2336
IPv6
IPv6
IPv4/IPv6
IPv6
Cisco Public
IPv4
IPv4
Address-Family Support
Behavior of autonomous-system command under VRFs has changed to address common
configurations errors.
router eigrp 1
address-family ipv4 vrf RED
autonomous-system 99
network 10.0.0.0
!
router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
network 10.0.0.0
!
router eigrp 1
address-family ipv4 vrf RED autonomous-system 99
autonomous-system 99
network 10.0.0.0
!
router eigrp cl013
address-family ipv4 vrf RED autonomous-system 99
network 10.0.0.0
Cisco Public
10
Classic mode:
Configuring router eigrp command with a number.
Named mode:
Configuring router eigrp command with the virtual-instance-name
Named mode supports both IPv4 and IPv6, and VRF (virtual routing and forwarding) instances
Named mode allows you to create a single Instance of EIGRP which can be used for all family types
Named mode supports multiple VRFs limited only by available system resources
Named mode does not enable EIGRP for IPV4 routing unless configured
BRKRST-2336
Cisco Public
11
exit-address-family
service-family <protocol> [vrf <name>] autonomous-system <#>
exit-service-family
BRKRST-2336
Cisco Public
12
exit-af-interface
af-interface <interface>
exit-af-interface
exit-address-family
EIGRP specific interface properties are configuration in the af-interface mode. for example;
authentication, timers, and bandwidth control
BRKRST-2336
Cisco Public
13
exit-topology
exit-address-family
default-metric
event-log-size
external-client
metric config
timers config
redistribution
BRKRST-2336
Cisco Public
14
nvgen behavior
auto-summary
'auto-summary'
: does not nvgen
'no auto-summary' : nvgens
auto-summary
'auto-summary'
: nvgens
'no auto-summary' : nvgens
no auto-summary
'auto-summary'
: nvgens
'no auto-summary' : does not nvgen
BRKRST-2336
Cisco Public
15
BRKRST-2336
ipv6 unicast-routing
!
interface TenGig0/0/0/1
ip address 192.168.1.1 255.255.255.0
ipv6 enable
!
router eigrp ROCKS
!
address-family ipv6 autonomous-system 1
af-interface Ethernet0/0
no shutdown
exit-af-interface
!
address-family ipv6 vrf cisco autonomous 6473
af-interface default
no shutdown
exit-af-interface
Cisco Public
16
ipv6 unicast-routing
!
interface Ethernet0/0
ipv6 address 2001:DB8::1/64
ipv6 enable
ipv6 eigrp 6473
!
interface Ethernet0/1
ipv6 enable
!
interface Ethernet0/1
ipv6 enable
ipv6 eigrp 6473
!
router eigrp CSCO
address-family ipv6 autonomous-system 6473
router-id 10.10.10.1
af-interface default
no shutdown
topology base
!
ipv6 router eigrp 6473
router-id 10.10.10.1
no shutdown
Cisco Public
17
IPv6 Primer
An IPv6 address is an extended 128-bit / 16 bytes address that gives
2128 possible addresses (3.4 x 1038)
IPv6 addresses
64 bits for the subnet ID, 64 bits for the interface ID
Separated into 8 * 16-bit Hexadecimal numbers
Each block is separated by a colon :
:: can replaced leading, trailing or consecutive zeros
:: can only appear once
EIGRP IPv6 Multicast transport
FF02:0:0:0:0:0:0:A or abbreviated to FF02::A
Examples:
2003:0000:130F:0000:0000:087C:876B:140B
2003:0:130F::87C:876B:140B
BRKRST-2336
Cisco Public
18
IPv6 packet forwarding and must be configured first under global configuration
They are auto assigned when you enable the interface
ipv6 unicast
interface Ethernet1/0
ipv6 enable
BRKRST-2336
Cisco Public
19
BRKRST-2336
Cisco Public
20
Cisco Public
21
BRKRST-2336
Cisco Public
22
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
00:52:47: EIGRP: Received HELLO on Ethernet1/0 nbr FE80::A8BB:CCFF:FE00:401
00:52:47: AS 6473, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
BRKRST-2336
Cisco Public
23
neighbor
Autonomous System
<cr>
BRKRST-2336
Cisco Public
24
Similar Concepts
INTERNAL_TYPE (0X0602),
EXTERNAL_TYPE (0X0603)
Same Metrics used by IPv6 and IPv4
IPv6 Link-local address are used to establish an adjacency (FF02::A (all EIGRP routers);
neighbors do not have to share the same global prefix (with exception of static neighbors
where traffic is unicasted)
Differences
Does not support the default-information command as there is no support in IPv6 for
the configuration of default networks other than ::/0
Does not support the auto-summary command
No split-horizon in the default for IPv6 (as IPv6 supports multiple prefixes per
interface)
BRKRST-2336
Cisco Public
25
BRKRST-2336
Cisco Public
26
BRKRST-2336
Cisco Public
27
BRKRST-2336
Cisco Public
28
IOS-XR
NX-OS
3.7
No
No
Yes
No
Yes
EIGRP Multi-Instance
Yes
No
Yes
Yes
No
No
Yes
Yes
Yes
Stubs/Stub Leaking
Yes/Yes
No/No
Yes/No
Summary/Summary Leaking
Yes/Yes
Yes/No
Yes/No
VRF-Lite
Yes
Yes
Yes
3.9/Yes
No/No
No/No
Yes
No
No
BFD
Yes
Planned
Roadmap
Performance Routing(PfR)
No
No
No
Yes
No
No
Non-Stop Routing(NSR)
Yes
No
No
BRKRST-2336
Cisco Public
29
Routing Basics
EIGRP only knows prefix and next-hop information
Topology information beyond the next hop is
I can reach
naturally hidden in distance vector protocols
10.1.1.0/24
B and C only advertise that they can reach
10.1.1.0/24, not that they are connected to D,
which is then connected to 10.1.1.0/24
I can reach
10.1.1.0/24
A
I can reach
10.1.1.0/24
I can reach
10.1.1.0/24
10.1.1.0/24
BRKRST-2336
Cisco Public
30
Routing Basics
Hiding topology information hides information
about changes in the topology
C advertises reachability to 10.1.1.0/24
Hide
topology
here
C can reach
10.1.1.0/24
F
2
10.1.3.0/24
10.1.2.0/24
10.1.1.0/24
BRKRST-2336
Cisco Public
31
Routing Basics
10.1.1.0/24
Local Knowledge of
an alternate path, So
Reply
D
No Knowledge of
Route, So Reply
Summary
Filter
No peers,
So Reply
E
G
F
No Knowledge of
Route, So Reply
BRKRST-2336
Cisco Public
32
Routing EnhancementsSNMP
Simple Network Management Protocol (SNMP)
EIGRP supports 68 MIB objects in 4 major tables
EIGRP Traffic Statistics
AS Number
Number of Hellos, Updates,
Queries, and Replies Sent/Received
Peer Count
Reliable/Unreliable Queues
Pending Routes
Hello Interval
Destination Net/Mask
Active State, Feasible Successors
Origin Type, Distance
Reported Distance
Cisco Public
33
Routing EnhancementsMANET
Mobile Ad-hoc Network (MANET)
Cisco supports RFC4938bis and Dynamic Cost Routing via using EIGRP
The fundamental requirement for MANET applications is effective integration of routing and radio technologies
Effective routing requires immediate recognition of topology changes, the ability to respond to radio link quality
fluctuations, and a means by which routers can receive and act upon feedback from a radio network
New Virtual Multipoint Interface (VMI) and L2L3 API connects Layer 2 RF network with layer 3
Mobile EIGRP
Router
Mobile Radio
PPPoE
BRKRST-2336
Mobile Radio
RF
PPP Sessions
Mobile EIGRP
Router
PPPoE
Cisco Public
34
Routing EnhancementsPfR
Performance Routing (PfR)
Cisco IOS Performance Routing (PfR) supports Route control using EIGRP
Monitors traffic performance for prefixes passively with NetFlow and/or actively using IP SLA probes
Chooses best performing path to a given destination
Delay, MOS
Load Balancing
For prefix, traffic-class and application
BRKRST-2336
Cisco Public
35
Core
WAN Aggregation
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2336
Cisco Public
36
Core
Hierarchical Designs
2 Layer
3 Layer
More
Reliability
Graceful Restart(GR)
Non-Stop Forwarding(NSF)
Non-Stop Routing(NSR)
BRKRST-2336
Cisco Public
37
Core
Distribution
Access
High Degree
of Density
Summarize
BRKRST-2336
Cisco Public
38
Hierarchical Design
BRKRST-2336
Cisco Public
10.2.3.0/24
10.2.1.0/24
10.1.3.0/24
Logical
boundary
points
10.1.1.0/24
10.2.2.0/24
10.2.0.0/24
10.1.2.0/24
10.1.0.0/24
No
No imposed limit on levels of hierarchy a key
summarization
design advantage.
No areas or other restrictions on dividing a
network
Topology information can be hidden at any hop
in the network anyway
In an EIGRP network, the hierarchy is created
through summarization, rather than through a
protocol defined boundary
Proper addressing is a must to insure you can
summarize
With the logical boundary point behind the
lower routers, based on the divisional structure, Sales
theres no place to summarize
Marketing
Logistics
Engineering
39
Hierarchical Design
The logical network structure no longer follows
the corporate departments
10.1.0.0/22
We now have a point at which we can
10.2.0.0/22
summarize routes!
Logical
boundary
point
Marketing
2013 Cisco and/or its affiliates. All rights reserved.
10.2.3.0/24
10.2.1.0/24
10.1.3.0/24
Logistics
Sales
BRKRST-2336
10.1.1.0/24
10.2.2.0/24
10.2.0.0/24
10.1.2.0/24
10.1.0.0/24
Cisco Public
Engineering
40
Hierarchical Design
Cisco Public
10.2.0.0/24
10.2.3.0/24
10.2.1.0/24
10.1.3.0/24
10.1.1.0/24
10.1.2.0/24
10.1.0.0/24
BRKRST-2336
10.2.2.0/24
Logical
boundary
point
41
Core
Policy
Access
Summary
BRKRST-2336
Cisco Public
42
Core
Summarize
Access
Policy
BRKRST-2336
Cisco Public
43
POP
Core
POP
POP
POP
Customers
BRKRST-2336
Cisco Public
44
Core
Distribution
Access
BRKRST-2336
Cisco Public
45
Traffic aggregation
Distribution
Access
BRKRST-2336
Cisco Public
46
Distribution
Access
Policy
Cisco Public
47
BRKRST-2336
Cisco Public
48
BRKRST-2336
1000 routes
1000 routes
4000+100 routes
400+100 routes
1000 routes
Cisco Public
1000 routes
49
Core
Hierarchical Designs
2 Layer
3 Layer
More
Reliability
Graceful Restart(GR)
Non-Stop Forwarding(NSF)
Non-Stop Routing(NSR)
BRKRST-2336
Cisco Public
50
no reset
A
Control
Data
Control
Data
The fundamental premise of GR/NSF is to route through temporary failures, rather than around them!
BRKRST-2336
Cisco Public
51
Data Center
WAN Aggregation
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2336
Cisco Public
52
Data Center
Fast(er) Convergence
Detection
Repair
IP FRR
Redundancy
Redundant Links
Controlling Redundancy
Full Mesh
BRKRST-2336
Cisco Public
53
Data Center
Data Centers are at the core of your business activity
Video, voice or other rich media traffic is placing ever-increasing demands on
the physical layer
The Core can be used as the data center core. Consider the following items
when determining the right core solution:
10GigE densityWill there be enough 10GigE ports on the core switch pair to support
both the campus distribution as well as the data center aggregation modules?
Administrative domains and policiesSeparate cores help to isolate campus
distribution layers from data center aggregation layers in terms of troubleshooting,
administration, and policies (QoS, ACLs, troubleshooting, and maintenance).
Future anticipationThe impact that can result from implementing a separate data
center core layer at a later date might make it worthwhile to install it at the beginning.
Cisco Public
54
BRKRST-2336
Cisco Public
55
5000
4000
3000
2000
Route
Generator
A
5000
4000
3000
2000
0
1000
1000
Routes
D
BRKRST-2336
Cisco Public
56
BRKRST-2336
Cisco Public
57
interface GigabitEthernet1/1
dampening
Additional information
There are reasons for not recommending this and also for us not offering such low values; for example, depending
on the number of interfaces, 1 sec rates can become CPU intensive and lead to spikes in processing/memory
requirements
BRKRST-2336
Cisco Public
58
BRKRST-2336
Cisco Public
59
But..
Protecting Node
Primary Next-Hop
B
Primary Path
Repair Path
Cisco Public
60
BRKRST-2336
Cisco Public
61
Data Center
Fast(er) Convergence
Detection
Repair
IP FRR
Redundancy
Redundant Links
Controlling Redundancy
Full Mesh
BRKRST-2336
Cisco Public
62
Redundancy
The simplest path to increased resiliency is adding
redundancy...
10.1.1.0/24
(show ip eigrp topology all vs. show ip protocol, look for maximum path)
BRKRST-2336
Cisco Public
63
Redundancy
Adding a third link almost always approaches
the point of diminishing returns, and adds
much more network complexity
When considering adding more redundancy,
always balance the increased resiliency
against the added complexity
Increased network convergence times
Increased management effort
Increased troubleshooting times
BRKRST-2336
Cisco Public
64
Redundancy
2.5
Seconds
Routes
10000
Feasible successor
Best path
fails
BRKRST-2336
Cisco Public
65
Redundancy
2.5
Seconds
Routes
10000
Best path
fails
BRKRST-2336
Cisco Public
66
Redundancy
High availability studies also show the impact
of adding the third link is not all that great
99.90
Reliability
100.00
BRKRST-2336
99.80
99.70
99.60
99.50
1 link
2 links
Cisco Public
3 links
4 links
67
Controlling Redundancy
Consider using Layer 2 interface bundling EtherChannel, MLPPP(Multilink PPP)
Increases redundancy
Increases bandwidth
Reduces Layer 3 complexity
BRKRST-2336
Link bundle
Cisco Public
68
Full Mesh
Is this sufficient redundancy, or excessive?
There are potentially 64 paths between
these two hosts, 26
2 routers == 1 link
3 routers == 3 links
4 routers == 6 links
5 routers == 10 links
6 routers == 15 links
...
adjacencies = nodes(nodes-1)/2
Not just physical links, VPLS also creates this
scenario
BRKRST-2336
Cisco Public
69
Full Mesh
Routes must be advertised between every pair of
peers in the mesh so each router has the correct
next hop and routing information
Address the links so they can be summarized
Single advertisement at the edge is best
Address the links so the link information can be
filtered out at the edge
Summarize
BRKRST-2336
Cisco Public
70
Full Mesh
Consider High Availability ring topologies, such as
SRP, SONET rings, and others as an alternative
to full mesh high speed networks in POPs and
other enclosed networks
This can provide resiliency against a single failure
in the network, and simplify the topology from the
perspective of routing dramatically
BRKRST-2336
Cisco Public
71
Ring Topologies
If the A->C link fails, A must query B to find the
alternate path
1 Hop Query
If the B->C link fails, no queries will be
transmitted to converge
The maximum query range is one hop
5
B
5
5
No Query
BRKRST-2336
Cisco Public
72
Ring Topologies
If the A->C link fails
A must query B to find the alternate path
B must query D to find the alternate path
5
B
A
2 Hop Query
BRKRST-2336
Cisco Public
73
Ring Topologies
If the A->C link fails
A must query B to find the alternate path
B must query E to find the alternate path
E must query D to find the alternate path
5
B
A
3 Hop Query
5
5
The maximum query range will always be the size of the ring
minus one
Average is ring size divided by 2
BRKRST-2336
Cisco Public
74
Data Center
Fast(er) Convergence
Detection
Repair
IP FRR
Redundancy
Redundant Links
Controlling Redundancy
Full Mesh
BRKRST-2336
Cisco Public
75
1000K
56K
56K
BRKRST-2336
Cisco Public
76
56K
2000ms
D through B
1000K
10ms
Distance: 1069568
Reported Distance: 557568
B
56K
2000ms
D
BRKRST-2336
Cisco Public
77
Metric
560128
BRKRST-2336
Cisco Public
78
Metric
1069568
B
BRKRST-2336
Metric
560128
C
Cisco Public
79
B: 10,000,000
D: 10
B: 10,000,000
D: 10
B: 1,000,000
D: 10
B: 1,000,000
D: 10
10 7
metric =
+ delays * 256
min ( bandwidth)
BRKRST-2336
10.1.1.0/24
B: 100,000
D: 100
Cisco Public
80
[ (K
bandwidth
+
K2 bandwidth
256 Load
K5
+ (K3 Delay))
K4 + Reliability
] 256
BRKRST-2336
Cisco Public
81
1.1.1.0/24
BW: 1000
Delay: 100
Router B
BW: 100
Delay: 1000
Router C
BW: 100
Delay: 1100
BW: 56
Delay: 3100
BW: 56
Delay: 2000
Minimum
Added Together
10 7
+
delays
* 256
(
)
min
bandwidth
BRKRST-2336
Cisco Public
82
10 7
+ delays * 256
min (bandwidth )
10 7
+
3100
* 256 = 46507885
56
10 7
=
178571
56
?
BRKRST-2336
Cisco Public
83
1013
6
latency =
delay
*10
OR
bandwidth
6.5536 *1011
throughput =
bandwidth
metric =
min ( throughput ) + latency
BRKRST-2336
B: 10,000,000
D: 10
B: 10,000,000
D: 10
B: 1,000,000
D: 10
B: 1,000,000
D: 10
10.1.1.0/24
B: 100,000
D: 100
Cisco Public
84
[(K Throughput + {
1
K2 Throughput
256 - Load
}) + (K
K5
K4 + Reliability
BRKRST-2336
Cisco Public
85
Max-Throughput = K1
EIGRP_BANDWIDTH EIGRP_WIDE_SCALE
Bandwidth
[Max-Throughput + (
K2 Max-Throughput
256 - Load
)]
This inversion of bandwidth value results in a larger number (more time), ultimately generating a
worse metric.
The inverted value is used only by the local router, the original bandwidth value is send to its
neighbors
BRKRST-2336
Cisco Public
86
EIGRP_DELAY_PICO
For IOS interfaces that do not exceed 1 gigabit, this value will be derived from the reported
interface delay, converted to picoseconds
Interface Delay EIGRP_DELAY_PICO
Delay =
For IOS interfaces beyond 1 gigabit, IOS does not report delays properly, therefore a computed
delay value will be used
Delay =
BRKRST-2336
EIGRP_BANDWIDTH EIGRP_DELAY_PICO
Interface Bandwidth
Cisco Public
87
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2336
Cisco Public
88
Summarization
Summary Metrics
Summary Leak-maps
Filtering
Passive interfaces
Scaling
Enhancements
Leak-maps
BRKRST-2336
Cisco Public
89
Route Summarization
Route Summarization
EIGRP supports summarization at any point in the network
EIGRP chooses the metric of the lowest
A
cost component route as the summary metric
What happens if the summary metric changes?
If the component the metric was taken from
changes, the summary changes as well!
Youre using the summary to hide reachability B
information, but its passing metric information
through
Routers beyond the summary are still working
to keep up with the changes
10.1.0.0/23
Metric 10
30
10.2.0.0/23
Metric 20
10.1.0.0/24
Metric 30
10.1.1.0/24
Metric 10
10.2.0.0/24
Metric 30
10.2.1.0/24
Metric 20
BRKRST-2336
Cisco Public
90
Route Summarization
10.1.0.0/23
Metric 1
10.1.0.0/23
10.1.0.0/24
Metric 10
10.1.1.0/24
Metric 20
loopback 0
ip address 10.1.1.1 255.255.255.255
delay 1
BRKRST-2336
Cisco Public
91
Summary Metrics
Route Summary Static Metrics
EIGRP summarization efficiency is greatly improved by predefining a summarys metric
Could use a loopback interface or define a static route to null0
Metric will be constant, eliminating update
EIGRP still scans component routes for changes
EIGRP will never withdraw summary
10.1.0.0/23
Metric 1
BRKRST-2336
10.1.0.0/
24
Metric
10
10.1.1.0/
24
Metric
20
Cisco Public
92
Overlapping Summaries
10.1.0.0/16
10.1.1.0/24
10.1.2.0/24
10.1.0.0/16
10.1.1.0/24
10.1.2.0/24
10.1.0.0/16
BRKRST-2336
Cisco Public
93
Overlapping Summaries
If two routing protocols provide a route to the
same destination, how do we choose
between them?
The EIGRP
route wins
distance 90
The static
route wins
distance 1
distance 200
BRKRST-2336
Cisco Public
94
Overlapping Summaries
EIGRP can leak more specific routes through a summary
10.1.0.0/16
10.1.1.0/24
10.1.2.0/24
A
10.1.0.0/16
10.1.1.0/24
Cisco Public
10.1.2.0/24
10.1.0.0/16
95
Overlapping Summaries
Avoid creating summary black holes
Solution: have a link between the summarizing routers
across which they share full routing information
10.1.0.0/16
10.1.1.0/24
10.1.2.0/24
BRKRST-2336
Cisco Public
10.1.0.0/16
10.1.0.0/16
96
10.1.0.0/16
BRKRST-2336
C
Cisco Public
10.1.0.0/16
A
10.1.0.0/16
10.1.2.0/24
97
Route-Map Support
EIGRP Route-Map Support
EIGRP supports Enhanced Route-Maps
Enhanced support of route maps allows EIGRP to use a route map to prefer one path over another
Route-maps can now be applied on the distribute-list in/out statement
Filters can be applied even before the prefix hits the topology table
route-map setmetric permit 10
match interface serial 0/0
set metric 1000 1 255 1 1500
route-map setmetric permit 20
match interface serial 0/1
set metric 2000 1 255 1 1500
....
router eigrp ROCKS
address-family ipv4 auto 4453
topology base
distribute-list route-map setmetric in
BRKRST-2336
Cisco Public
98
BRKRST-2336
Cisco Public
99
Summarization
Summary Metrics
Summary Leak-maps
Filtering
Passive interfaces
Scaling
Enhancements
Leak-maps
BRKRST-2336
Cisco Public
100
BRKRST-2336
Cisco Public
101
1.1.1.0/24
Cisco Public
102
-or-
Cisco Public
103
10.1.1.0/24
Cisco Public
104
10.1.1.0/24
router#config t
router(config)#router eigrp 100
router(config-router)#eigrp stub connected
router(config-router)#
BRKRST-2336
Cisco Public
105
10.2.2.2/31
10.1.3.0/24
10.1.2.0/24
ip route 10.1.4.0 255.255.255.0 10.1.1.10
!
interface serial 0
ip summary-address eigrp 10.1.2.0 255.255.254.0 5
!
router eigrp 100
redistribute static metric 1000 1 255 1 1500
network 10.2.2.2 0.0.0.1
network 10.1.2.0 0.0.0.255
eigrp stub connected
Cisco Public
106
10.2.2.2/31
B
10.1.3.0/24
10.1.2.0/24
ip route 10.1.4.0 255.255.255.0 10.1.1.10
!
interface serial 0
ip summary-address eigrp 10.1.2.0 255.255.254.0
!
router eigrp 100
redistribute static 1000 1 255 1 1500
network 10.2.2.2 0.0.0.1
network 10.1.2.0 0.0.0.255
eigrp stub static
eigrp stub receive-only
BRKRST-2336
Cisco Public
107
10.2.2.2/31
B
10.1.3.0/24
10.1.2.0/24
ip route 10.1.4.0 255.255.255.0 10.1.1.10
!
interface serial 0
ip summary-address eigrp 10.1.2.0 255.255.254.0
!
router eigrp 100
redistribute static 1000 1 255 1 1500
network 10.2.2.2 0.0.0.1
network 10.1.2.0 0.0.0.255
eigrp stub redistributed
BRKRST-2336
Cisco Public
108
10.2.2.2/31
B
10.1.3.0/24
10.1.2.0/24
BRKRST-2336
Cisco Public
109
10.2.2.2/31
B
10.1.3.0/24
10.1.2.0/24
router-b#show ip protocols
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
EIGRP stub, connected
Redistributing: static, eigrp 100
.
.
BRKRST-2336
Cisco Public
110
BRKRST-2336
Cisco Public
111
BRKRST-2336
Cisco Public
112
Non-Stub
EIGRP Stub
5
500
1000
1500
Number of Neighbors
BRKRST-2336
Cisco Public
113
60
Non-Stub
15
1
0
0
EIGRP Stub
200
400
600
800
1000
1200
1400
1600
Number of Neighbors
BRKRST-2336
Cisco Public
114
Stub Enhancements
Multipoint interface Enhancements
EIGRP Enhances Multi-point interface stability
Hub
Multipoint
tunnel
interface
BRKRST-2336
Spoke-2
Cisco Public
Spoke-n
115
Stub Enhancements
Hub and spoke networks are often built over
interface s0/0
point-to-multipoint networks
ip address 10.1.1.1 255.255.255.0
If the hub is configured to treat the entire point-tomultipoint network as a single interface,
it can transmit multicast and broadcast packets which
are received by all spoke routers
Packets transmitted
here are received
Layer 3 on the hub router will not notice a single circuit
by all spokes
failure
Packets transmitted
here are received
only by the hub router
BRKRST-2336
Cisco Public
116
Stub Enhancements
The hub router can also be configured to treat each
spokes circuit as an individual point-to-point circuit on
a sub-interface
If end-to-end signaling is in use, a failed circuit will
cause the sub-interface to fail
Packets transmitted
here are received
by one spoke
BRKRST-2336
Packets transmitted
here are received
only by the hub router
Cisco Public
117
Stub Enhancements
Interface type may appear to EIGRP to be a shared interface but
underlying network may not match up with the bandwidth
defined on the interface.
The minimum packet pacing interval can be lowered to a
minimum value of 1 ms by using the bandwidth or bandwidth
percentage commands
router(config-if)#ip bandwidth-percent eigrp 4453...
Cisco Public
118
match ip address 1
match interface e0/0
route-map LeakList permit 20
match ip address 2
match interface e1/0
!
access-list 1 permit 10.1.1.0
access-list 2 permit 0.0.0.0
!
router eigrp ROCKS
address-family ipv4 autonomous-system 100
eigrp stub leak-map LeakList
BRKRST-2336
A
0.0.0.0/0
B
No Advertisements
0.0.0.0/0
D
Remote Site
Cisco Public
10.1.1.0/24
119
C
D
Remote Site
BRKRST-2336
Cisco Public
10.1.1.0/24
120
e0/0
C
router eigrp 100
eigrp stub leak-map LeakList
route-map LeakList permit 10
match ip address 1
match interface e0/0
route-map LeakList permit 20
match ip address 2
match interface e1/0
D
Remote Site
10.1.1.0/24
Cisco Public
121
C
D
Remote Site
10.1.1.0/24
Cisco Public
122
Summary only
192.168.1.0/24
192.168.3.0/24
192.168.2.0/24
BRKRST-2336
Cisco Public
123
Summary only
0.0.0.0/0
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
BRKRST-2336
Cisco Public
124
Single multipoint or
several point-to-points
Summary
only
0.0.0.0/0
BRKRST-2336
192.168.1.0/24
192.168.2.0/24
192.168.2.0/24
Cisco Public
125
10.2.1.0/24
A
B
10.1.2.1
10.0.0.0/8
10.1.0.0/16
10.1.1.0/24
ip summary-address eigrp 1 10.1.0.0 255.255.0.0
BRKRST-2336
Cisco Public
126
WAN Aggregation
Data Center
Core
WAN Aggregation
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Core
Application
Acceleration
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2336
Cisco Public
127
WAN Aggregation
Security Enhancements
DMVPN
Dual Home
Scaling
Enhancements
PE-CE
Backdoor Links w/SoO
BRKRST-2336
Cisco Public
128
Security Enhancements
Adaptive Security Appliances (ASA) Firewall
The Cisco ASA 5500 series offers EIGRP support
Common portable EIGRP core code with a platform dependent OS-shim
Supports EIGRP stub and other key features
Newer platforms supported
BRKRST-2336
Cisco Public
129
WAN Aggregation
Security Enhancements
DMVPN
Dual Home
Scaling
Enhancements
PE-CE
Backdoor Links w/SoO
BRKRST-2336
Cisco Public
130
DMVPN
Domain 1
SP 1
Hub 2
DMVPN
Domain 2
SP 2
BRKRST-2336
Cisco Public
Site2
131
EIGRP DMVPN
Single DMVPN Hub
Single mGRE tunnel on all nodes
192.168.0.0/24
.2
Physical: 172.17.0.5
Tunnel0:
10.0.0.2
Physical: (Dynamic)
Tunnel0: 10.0.0.12
Spoke B
Physical: (Dynamic)
Tunnel0: 10.0.0.11
.............
.1
.1
192.168.12.0/24
.37
Web
Spoke A
.25
192.168.11.0/24
PC
BRKRST-2336
Cisco Public
132
EIGRP DMVPN
Dual DMVPN Hub
Single mGRE tunnel on all nodes
192.168.0.0/24
.2
.1
Physical: 172.17.0.5
Tunnel0:
10.0.0.2
Physical: (Dynamic)
Tunnel0: 10.0.0.12
Spoke B
Physical: (Dynamic)
Tunnel0: 10.0.0.11
.............
.1
.1
192.168.12.0/24
.37
Web
Spoke A
.25
192.168.11.0/24
PC
BRKRST-2336
Cisco Public
133
EIGRP DMVPN
900
800
Time (seconds)
700
Convergence
600
500
400
300
200
100
0
100
1000
5000
8000
10000
344
100
400
20000
175
311
368
645
805
500
600
541
863
Cisco Public
134
EIGRP DMVPN
Routes
Convergence
(seconds)
BRKRST-2336
600 Peers
500 Peers
400 Peers
300 Peers
200 Peers
100 Peers
Convergence Time
40000
20000
15000
10000
8000
5000
613
622
778
652
650
549
Cisco Public
135
33 min
30
Convergence Time
25
20
15
11 min
10
3 min
5
Phase 0
BRKRST-2336
Phase I
Cisco Public
Phase II
136
BRKRST-2336
Cisco Public
137
Study performed to analyze the impact of increasing Prefix count and compare that to
increasing Peer counts to find
the bottlenecks
Data for Single Hub and Dual Hub essentially equivalent
Peers were fixed at 500, prefixes were increased from 020k
Prefixes were fixed at 5k, peers were increased from 100700
BRKRST-2336
Cisco Public
138
Time (sec)
1200
1000
800
600
400
200
0
0
BRKRST-2336
2000
4000
6000
8000
10000
Prefixes
12000
14000
16000
Cisco Public
18000
20000
139
Time (sec)
2500
2000
1500
1000
500
0
100
BRKRST-2336
200
300
400
Peer Count
500
600
Cisco Public
700
140
BRKRST-2336
Cisco Public
141
A
.3
EIGRP
OSPF
.1
C
10.1.1.0/24
....
P 10.1.1.0/24, 1 successors
via 10.1.2.1
BRKRST-2336
Cisco Public
142
Hub 2
DMVPN
Domain
Add-path (15.3(1)S)
Spoke site has multiple DMVPN spoke routers and want to be able to
load-balance spoke-spoke tunnels going into this spoke site
SP 1
SP 2
Site1
BRKRST-2336
Cisco Public
Site2
143
WAN Aggregation
Security Enhancements
DMVPN
Dual Home
Scaling
Enhancements
PE-CE
Backdoor Links w/SoO
BRKRST-2336
Cisco Public
144
PE-CE Goals
PE1
MPLS VPN
Cloud
PE2
Site 1
CE1
Site 2
CE2
Cisco Public
145
PE-CE: Operation
CE runs EIGRP as before where as PE runs EIGRP-VRF process per VRF/AS
EIGRP routes are distributed to sites customer via MP-iBGP on the MPLS-VPN
backbone
There are no EIGRP adjacencies or EIGRP updates in MPLS/VPN backbone
EIGRP information is carried across MPLS/VPN backbone by MP-BGP in new extended
communities (set and used by PEs)
BRKRST-2336
Cisco Public
146
Usage
Value
8800
Flags + Tag
8801
AS + Delay
8802
Reliability + Hop + BW
8803
8804
Remote AS + Remote ID
8805
BRKRST-2336
Cisco Public
147
BRKRST-2336
Cisco Public
148
Cisco Public
149
MPLS VPN
Cloud
PE2
CE1
Site 1
EIGRP
AS 1
CE2
Site 2
EIGRP
AS 1
AS CE-Sites are in the same-AS, routes will be learned with normal EIGRP attributes
MP-BGP will carry the EIGRP attributes natively as part of the BGP update (EIGRP AS
#, EIGRP Metrics)
Customer sites will see remote sites as part of their normal EIGRP domain
BRKRST-2336
Cisco Public
150
BRKRST-2336
Cisco Public
151
Cisco Public
152
PE 1
ip vrf EIGRP-Same-AS
rd 12:1
route-target export 1:1
route-target import 1:1
!
router eigrp 100
address-family ipv4 vrf EIGRP-Same-AS
redistribute bgp 65000 metric 10000 1 255 1 1500
network 140.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router bgp 65000
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 11.11.11.11 remote-as 65000
neighbor 11.11.11.11 update-source Loopback0
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family
!
address-family ipv4 vrf EIGRP-Same-AS
redistribute eigrp 1
no synchronization
exit-address-family
Cisco Public
PE 2
153
MPLS VPN
Cloud
PE2
CE1
Site 1
EIGRP
AS 1
CE2
Site 2
EIGRP
AS 2
BRKRST-2336
Cisco Public
154
Remote Site routes are being on the Local PE routers with External EIGRP Admin
Distance of 170 and with Hop Count of 1
BRKRST-2336
Cisco Public
155
Cisco Public
156
BRKRST-2336
PE 1
ip vrf EIGRP-Diff-AS
rd 12:1
route-target export 1:1
route-target import 1:1
!
router eigrp 100
address-family ipv4 vrf EIGRP-Diff-AS
redistribute bgp 65000 metric 10000 1 255 1 1500
network 140.0.0.0
autonomous-system 2
exit-address-family
!
router bgp 65000
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 11.11.11.11 remote-as 65000
neighbor 11.11.11.11 update-source Loopback0
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family
!
address-family ipv4 vrf EIGRP-Diff-AS
redistribute eigrp 2
no synchronization
exit-address-family
Cisco Public
PE 2
157
MPLS VPN
Cloud
PE2
C3
CE1
CE2
CE2
CE1
Site 1
EIGRP
AS 1
Site 2
EIGRP
AS 1
C4
Customer wants to use the MPLS-VPN core for the Sites connectivity
Use the Back-door links in case of a failure (they usually are low-speed links)
Use EIGRP attributes on backdoor links for the Sites Connectivity (example: delay)
Everything should work as expected in case of a loss of connectivity through
the MPLS-VPN Core
BRKRST-2336
Cisco Public
158
WAN Aggregation
Security Enhancements
DMVPN
Dual Home
Scaling
Enhancements
PE-CE
Backdoor Links w/SoO
BRKRST-2336
Cisco Public
159
OTP Overview
BGP
EIGRP
Complexity
Simplicity
Carrier
Independence
PE/CE
EIGRP
OTP
Private &
Secure
Public &
Unsecure
BRKRST-2336
Zero
Redistribution
Cisco Public
160
OTP Overview
EIGRP Support for WAN Transparency
EIGRP offers OTP support for Transparent CE to CE Routing
Allow customers to segment their network using MPLS
VPN backbone, or public network
Impose NO special requirement on ISP
Site
Cisco Public
Site
161
OTP CE to CE
interface Ethernet0/2
ip address 172.1.1.1 255.255.255.0
!
router eigrp ROCKS
address-family ipv4 unicast auto 4453
neighbor 172.2.2.2 Ethernet0/2 remote 10 lisp-encap
network 10.0.0.0
interface Ethernet0/2
ip address 172.2.2.2 255.255.255.0
!
router eigrp ROCKS
address-family ipv4 unicast auto 4453
neighbor 172.1.1.1 Ethernet0/2 remote 10 lisp-encap
network 10.0.0.0
Service Provider
MPLS VPN
CE1
EIGRP
AS 4453
CE2 EIGRP
AS 4453
= DP
= CP
CE-1 and CE-2 form peering and exchange route updates using unicast packets
CE-1 sends unicast packet to CE-2 public address (172.2.2.2)
CE-2 sends unicast packet to CE-1 public address (172.1.1.1)
Cisco Public
162
EIGRP
AS 4453
BRKRST-2336
RR
= DP
= CP
EIGRP
AS 4453
EIGRP
AS 4453
Cisco Public
163
CE1
CE2
EIGRP
AS 4453
Backdoor Link
All prefixes appear are native EIGRP routes (Internals show up in other site as Internals)
Normal EIGRP metric selection and costing will influence path selection
Convergence events in Customer site
- does not depend on MPLS convergence
- does not impact MPLS Core
Everything works as expected in case of a loss of connectivity through the MPLS-VPN Core
BRKRST-2336
Cisco Public
164
OTP Multi-Provider
OTP supports Dual-Providers
Select EIGRP-RR for each provider
Normal EIGRP metric selection and costing will influence path selection
Internet
= DP
RR
= CP
EIGRP
AS 4453
EIGRP
AS 4453
EIGRP
AS 4453
RR
MPLS L3 VPN
BRKRST-2336
Cisco Public
165
BRKRST-2336
GETVPN Configuration
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 2
lifetime 1200
crypto isakmp key c1sco123 address 64.4.128.151
crypto isakmp key c1sco123 address 64.4.129.152
!
crypto gdoi group GETVPN-PUBLIC
identity number 65511
server address ipv4 64.4.128.151
server address ipv4 64.4.129.152
!
crypto map GETVPN-MAP 10 gdoi
set group GETVPN-PUBLIC
!
interface Ethernet0/1
ip address 64.73.10.1 255.255.255.0
crypto map GETVPN-MAP
!
interface Ethernet0/2
ip address 74.73.10.1 255.255.255.0
crypto map GETVPN-MAP
Cisco Public
166
BRKRST-2336
ip vrf INET-PUBLIC-2
rd 65512:2
!
crypto keyring DMVPN-KEYRING-2 vrf INET-PUBLIC-2
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp profile FVRF-ISAKMP-INET-PUBLIC-2
keyring DMVPN-KEYRING-2
match identity address 0.0.0.0 INET-PUBLIC-2
!
crypto ipsec transform-set AES256/SHA/TRANSPORT-2 esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-PROFILE-2
set security-association lifetime seconds 7200
set transform-set AES256/SHA/TRANSPORT-2
set isakmp-profile FVRF-ISAKMP-INET-PUBLIC-2
!
interface Ethernet0/2
ip vrf forwarding INET-PUBLIC-2
ip address 74.73.10.1 255.255.255.0
!
interface Tunnel20
ip address 10.4.133.201 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco123
ip nhrp map multicast 172.16.130.2
ip nhrp map 10.4.133.1 172.16.130.2
ip nhrp network-id 102
ip nhrp holdtime 600
ip nhrp nhs 10.4.133.1
ip nhrp shortcut
tunnel source Ethernet0/2
tunnel mode gre multipoint
tunnel vrf INET-PUBLIC-2
tunnel protection ipsec profile DMVPN-PROFILE-2
!
router EIGRP 200
network 10.4.133.0 0.0.0.255
ip route vrf INET-PUBLIC-2 0.0.0.0 0.0.0.0 74.73.10.2
Cisco Public
167
DMVPN / Internet
MPLS VPN
MPLS+DMVPN
Control Plane
EIGRP
IGP/BGP + NHRP;
LAN IGP
eBGP/iBGP;
LAN IGP
IGP/BGP + NHRP;
eBGP; LAN IGP
Data Plane
LISP
mGRE
IP
IP + mGRE
Privacy
GETVPN
GETVPN
GETVPN + DMVPN
Routing Policies
EIGRP Stub
EIGRP Stub,
Redistribution, filtering,
Multiple AS
Network Virtualization
Convergence
Branch/Hub
Branch Fast;
Hub Fast
Branch Fast;
Hub - Fast
Multicast Support
Planned
PIM Hub-n-Spoke
PIM MVPN
Provider Dependence
No
No
Yes
Yes/No
BRKRST-2336
Cisco Public
168
BRKRST-2336
Cisco Public
169
Cisco Public
170
Open-EIGRP:
draft-savage-eigrp-00
ASIN: 1578701651
BRKRST-2336
ISBN 1587051877
ISBN:
0201657732
Cisco Public
171
Cisco Public
172
Final Thoughts
Get hands-on experience with the Walk-in Labs located in World of Solutions,
booth 1042
Come see demos of many key solutions and products in the main Cisco booth
2924
Visit www.ciscoLive365.com after the event for updated PDFs, on-demand
session videos, networking, and more!
Follow Cisco Live! using social media:
Facebook: https://www.facebook.com/ciscoliveus
Twitter: https://twitter.com/#!/CiscoLive
LinkedIn Group: http://linkd.in/CiscoLI
BRKRST-2336
Cisco Public
173