Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary classless advance distance vector protocol. Classless means that it appends the network mask to its advertised prefix. Cisco published the informational RFC in February 2013 to open it to the public.
EIGRP relies on IP protocol 88.
EIGRP uses Diffusing Update Algorithm (DUAL). It determines the best loop-free path, the backup loop-free path and provides fast convergence. By default, EIGRP uses bandwidth and delay for metric calculation. EIGRP uses 3 steps to converge: establishes a neighbor relation, exchanges routes and runs DUAL over its routes in the topology table to populate its routing table.
For the first step it uses Hello packages, which may dynamically discover neighbors and serve as keep-alives between neighbors. To form a relationship, a few parameters should match: autonomous system (AS) number, K-values, MD5 authentication. By default, EIGRP uses multicast address 224.0.0.10. For static neighbors and P2P links unicast packets are sent. Connected interfaces must not be passive to use EIGRP. K-values are five numbers used in metric calculations. In a simple case of 0 and 1, they decide which parameters to use.
Metric = 256 * (K1 * bandwidth + (K2 * bandwidth) / (265 - load) + K3 * delay) * (K5 / (reliability + K4))
By default, K1 = K3 = 1, K2 = K4 = K5 = 0. To see the K values use:
Hello packets are sent every 5 sec. On slow networks (<T1) - every 60 sec. Hello interval is local for each router and can be modified for each member independently:
config# ip hello-interval eigrp <asn> <interval>
If Hello packets are not received within dead (or hold) interval, which is by default 3 x Hello intervals, the neighbor is considered dead and the relationship with him is terminated and all the its routes are flushed from the topology and routing tables. The hold interval is sent to the neighbor and can be modified locally:
config# ip hold-time eigrp <asn> <interval>
To stop sending Hello packets on a particular interface, make it passive. A passive interface will also ignore EIGRP packets.
config# router eigrp <asn> config-router# passive-interface <interface #> config-router# end
To enable EIGRP on an interface, use network command under the eigrp configuration mode.
config# ip routing config# key chain <key-chain-name> config-keychain# key <key-number> config-keychain-key# key-string <password> config-keychain-key# exit config-keychain# exit config# do show key chain config# interface <interface #> config-if# ip authentication mode eigrp <asn> md5 config-if# ip authentication key-chain eigrp <asn> <key-chain-name> config# router eigrp <asn> config# neighbor <ip-address> <-- optional command but preferred for security reasons. config-router# network <network-addr> <wildcard-mask> config-router# no auto-summary config-router# end
config# show ip eigrp neighbors config# show ip eigrp interfaces detail
“neighbor” command will shut down the multicast on the given interface!
EIGRP by default looks for its Router Id in loopback interfaces. If it find one that is up and running, it will use its IP address. If not, then it will use the highest IP address of configured interfaces. Routers with the same Router Id may still be neighbors but if one sends an external route, the other one will not accept it.
Administrative distance is used by DUAL before it takes into account the route metric. For internal routes it is 90, for external - 170. Command “redistribute connected” can be used instead of “network” but it will treat the routes as external.
After forming a relationship, the routers exchange their topology tables. Topology table has a prefix, prefix length, metric information and few other details. Before advertise a prefix, the router must write it in its own local topology table. The router does it in two cases:
There are five type of protocol messages: Hello, Update, ACK, Query, Reply. Update and Ack are used for topology exchange. Update and Ack messages use Reliable Transport Protocol (RTP) protocol. Update message contains the following: prefix, its length, metrics (bandwidth, delay, load, reliability), MTU and hop-count. When full topology table exchange is done, no more periodic re-flooding is performed. Only partial updates are sent when network changes affect a particular prefix. However, if the neighbor goes down and then comes back up, the full topology exchange takes place again. The same is true for any new member.
By default, EIGRP uses split-horizon, which prevents routes being advertised on one interface, to be re-advertised (or reflected) on the same interface by a different member. This is done to prevent route loops. Split horizon may cause problems when connected to a frame relay cloud. To disable it, use:
config-if# no ip split-horizon eigrp <asn>
DUAL uses two distances to make a decision about inclusion of a route into the routing table: feasible distance (FD) and reported distance (RD). They are also used to prevent route loops. They can be seen by:
FD is a metric value for a route from the local router perspective.
RD is the metric from the neighbor perspective. It is also called the advertised distance.
If RD > FD a routing loop is detected and the prefix is rejected. If FD for the same prefix is the lowest, the route is called the primary route (or a successor route) and is injected into the routing table. The same prefix with next lowest FD > RD is chosen as a backup route (or a feasible successor route). It will be activated immediately if the primary route goes down. If no feasible successor route exists, the router sends Query message to all its neighbors (except the one from which the primary route failed) asking if they have a route to the prefix of the failed route. This process is referred as the router becoming active. If the neighbor is passive on that prefix, it sends a Reply message. If not, it forwards the Query message to its downstream neighbors. Once all the replies are received from its neighbors, it replies to the first router. If the neighbor does not respond to Query message in 90 sec, stuck-in-active (SIA) query is sent. The neighbor should respond with SIA-Reply. If it doesn’t respond in 3 min (Active timer interval), the neighbor is considered SIA and the relationship with him is reset.
It is possible to limit the query message scope by using stub routers and route summarization. Stub router is the one that should not forward traffic between two remote EIRGP-learned subnets. It does not advertise routes learned from one neighbor to another. Non-stub routers do not forward Query message to stub routers. By default, stub routers only advertise connected routes and summary routes. To configure a router as a stub router:
config-router# eigrp stub
A stub router can be configured to advertised static and redistributed routes.
By default, EIGRP installs all the routes with the same cost/metric into the routing table. Cisco Express Forwarding (CEF) engine can use them for load balancing. The maximum number of the same cost/metric routes can be configured by:
maximum-path <number>
Unequal metric load balancing is achieved via variance. It allows EIGRP to consider additional paths as long as their metric is similar to the successor route. Similarity is defined by variance. By default, it is set to 1. To change it:
config-router# variance <multiplier>
Multiplier is a number from 1 to 128. Feasible successor route is considered if:
variance * successor router's FD > evaluated RD
ACL are used for filtering. ACL use the concept of wildcard, which is opposite the netmask. ACL can be numbered or named, standard or extended. ACL use sequence number for different entries (ACEs). There is a implicit “deny any” at the end of ACL. To view ACL use:
IP prefix-list can examine prefix and its length as well as the range of prefixes and the range of prefix lengths. It uses the same permit and deny clauses. Prefix-lists use the concept of a unique name for a single prefix-list with multiple entries with sequence numbers. Therefore, the prefix-list is similar to named ACL. Permit clause means that a route is matched, deny - the opposite. There is an implicit deny at the end. Here is the command:
| permit prefix/prefix-length [ge <ge-value>] [le <le-value>] |
For deny prefix-list as well as access-list, to allow everything else, the implicit deny clause at the end should be overwritten, for example:
Route-map provides if-then-else logic. It contains one or more entries. Each map has underlying matching parameters configured with the match command. To match all, omit the match command. For example:
config# route-map <name> permit <entry_number> config-route-map# exit
When a match is found, the processing is stopped even though there are more entries.
A route-map can call ACL or prefix-list. They match the route. The map tells what to do with it: permit or deny. Permit or deny in ACL or prefix-list referenced by the route-map does not mean that the route itself is being filtered. It just means that it is or isn’t matched. Matched ip address command in route-map refering ACL or prefix-list would use the route-map action if the ACL/prefix-list permits or move to the next route-map entry if ACL/prefix-list denies.
EIGRP enables route filtering via:
distribute-list {ACL | prefix-list | route-map} in|out [<interface #>]For distribute-list “permit” clause in ACL means accept or advertise route, “deny” means the opposite, of course. To verify the filtering use:
Summarization aggregates multiple prefixes into a less specific prefix. Queries are stopped on the routers that are one hop from the point of summarization. Summarization helps reduce the routing table size. It maybe configured for any prefix:
config-if# ip summary-address eigrp <asn> <prefix> <mask>
This one like most other configuration change commands, brings the router relationship with its members down. The router doing summarization also adds the summarized route to the routing table with an outgoing interface of null0.
Auto-summarization is also supported and even might be enabled by default. For auto-summary to work, the network must be local to the router and the network must be advertised using network command (not redistributed). EIGRP does not support discontiguous networks, i.e. behaves like a classful routing protocol. Contiguous network means a single classful network end to end, discontiguous means multiple classful networks end to end.
There are three ways to advertise the default route with EIGRP:
config# ip route 0.0.0.0 0.0.0.0 [next-hop-ip] [outgoing-interface] config-router# network 0.0.0.0 0.0.0.0 or config-router# redistribute static
On the router to which all traffic should be directed, first identify a classful network that can be advertised into EIGRP, and then ensure that it is being advertised. Then that network should be configured as a default network using the following command:
config# ip default-network <network number>
On the router that will advertise the default route identify the specific interface for outgoing default route, then configure summary-address command as following:
config-if# ip summary-address eigrp <asn> 0.0.0.0 0.0.0.0
Metric can be manipulated using offset-list, which refers a standard access-list (ACL).
config# access-list <acl #> permit <prefix> <wildcard>
config-router# offset-list <acl #> {in | out} <offset>Path can also be manipulated because calculated best path may not be the ideal one. Moreover, if multiple paths exist, it may benefit to load balance these paths. Besides metric tuning, route filtering and summarization could be used for that.
With route filtering a certain prefix is filtered from being learned on a link, so the other link is the only path available. The drawback here is that there is no backup or redundancy in case of link failure. Summarization does not have this drawback as the backup route is always available via the summary route, if more specific route will fail.