|
| ||||
 |
|
Home | Reviews | Tools | Forums | FAQs | Find Service | ISP News | Maps | About |
|
how-to block ads |
30.4 Routing Technology
»simple routing question  got feedback?by aryoba »Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship Let's say we have the following network
Let's say that there is broadcast network in use here for all networks within the organization. Within a broadcast network, hosts intra-communicate by using Layer 2 mechanism (switching). To interconnect hosts from one network to another (or to the Internet), there will be Layer 3 mechanism (routing). In routing technology, then there will be gateway within each network. Hosts within each network are considered "dumb device" that has no knowledge of routing. Hosts only have Layer-2 knowledge (switching) to intra-communicate with other hosts within the same network. Hosts then will rely on gateway to handle the routing. This is where the routers are needed in the organization to provide the routing, which is the network inter-communication and access to the Internet. Choosing Gateway for specific network When configuring host network info, you may wonder which device or which IP address to use as network gateway. Referring to the organization network design, here are gateways for each network.
You may wonder what consideration used to choose specific device as gateway of specific network. Following questions may arise. * Can we use Router 4 as the 1st network gateway? * Can we use Router 3 as the 2nd network gateway? * How about using the ISP device as Server Farm gateway? Earlier, we decided to have independent networks within the organization. With independent network, it means that you segment the organization to multiple smaller networks. Each network will have dedicated subnet. There is routing to interconnect smaller networks and to provide Internet access. The smaller networks are the 1st to 5th network, Server Farm, and Between Routers. Let's look at the 1st network. Note that hosts within this network are the "dumb device" (i.e. servers, workstations, printers). As mentioned, these dumb devices use switching to intra-communicate. To communicate with other hosts at different network or at the Internet, the 1st network hosts rely on gateway which then will do routing. Since the 1st network hosts are only capable of Layer-2 communication technique, the network gateway must be capable of doing the same in addition of routing capability. Keep in mind that the Layer-2 communication only takes place within the 1st broadcast network. Therefore the 1st network gateway must be within the same broadcast network with other 1st network hosts in order to perform the Layer-2 communication. Once there are traffic outbound from the 1st network to other network or vice versa (the inbound), the gateway will route traffic between the one network and others. Referring to the network design, Router 1 is within the same broadcast network with 1st network hosts. Therefore it is logical choice to use Router 1 as the 1st network gateway. Similar concept applies to 2nd to 5th networks. Choosing Gateway for the Between Routers network Now let's review the Between Router network. This network is also broadcast network. The network hosts are Router 1 to 4. Since they are all routers, they are all able to perform routing. Which router to choose as gateway then? Note that the gateway concept is to provide last resort of unknown or undefined network reachability. The objective of the organization routing design is to provide connectivity among hosts (dumb devices) within the organization and between hosts and Internet. Notice that 1st to 3rd networks are behind Router 1, Server Farm network is behind Router 2, and 4th to 5th networks are behind Router 3. The Internet (ISP) is in front of Router 4. Let's look at Router 1. From Router 1's perspective, it will use Router 2 to reach Server Farm. Router 1 will use Router 3 to reach 4th and 5th networks. Router 1 will use Router 4 to reach the Internet. Similar perspective occurs at Router 2. Router 2 will use Router 1 to reach 1st to 3rd networks. Router 2 will use Router 3 to reach 4th and 5th networks. Router 2 will use Router 4 to reach the Internet. In the organization, the defined or known networks are the 1st to 5th networks and Server Farm. Internet is considered undefined or "miscellaneous" networks from the organization's perspective. Therefore to reach the Internet, Between Routers network uses Router 4 as the network gateway. Choosing Gateway for the Internet There will be similar concept as the Between Routers network to apply to the Internet network. From Router 4's perspective, the Internet is in front of ISP device. From ISP perspective, the entire organization is behind the Router 4. For the entire organization to reach the Internet, Router 4 will use ISP device as the gateway. Similarly, ISP device will use Router 4 to reach the entire organization. Choosing the Gateway IP Address Let's say that the entire network is using 192.168.0.0/24 subnet to support connectivity. The ISP assigns specific subnet to provide the organization Internet connectivity. Let's say the followings are the subnet assignments
Between Routers Subnet: 192.168.0.248/29 Router 4 - ISP Device Subnet: 213.43.84.0/30 Within the organization, you as the network designer have full access to determine which IP addresses are for hosts and which are for gateways. Let's say you have the followings as the "dumb device" network gateways. 1st network: 192.168.0.1 2nd network: 192.168.0.33 3rd network: 192.168.0.65 4th network: 192.168.0.81 5th network: 192.168.0.89 Server Farm: 192.168.0.97 Let's say that Router 1 to Router 3 have four independent interfaces where Router 4 has two interfaces. These interfaces will handle the routing for each network and also serve as gateway for specific network. Followings are the interface IP address assignment. Router 1 1st interface: 192.168.0.1 2nd interface: 192.168.0.33 3rd interface: 192.168.0.65 4th interface: 192.168.0.249 Router 2 1st interface: 192.168.0.97 2nd interface: 192.168.0.250 Router 3 1st interface: 192.168.0.81 2nd interface: 192.168.0.89 3rd interface: 192.168.0.251 Router 4 1st interface: 192.168.0.252 Let's say the ISP decides to use 213.43.84.1 as their device that provide direct connection to the organization. Therefore you have the following IP address assignment. Router 4 2nd interface: 213.43.84.2 With these IP address assignments, following are the gateways for each respective network. Host network
Between Routers network
Router 4 - ISP Device
Some discussions »[CCNA] How to calculate the next hop »[HELP] ip route 0.0.0.0 0.0.0.0 Null0 255
got feedback?by aryoba When you talk about multiple broadcast domains and how traffic pass between the domains, you talk about routing functionality. Typically the network device in question that separates multiple broadcast domains is a router since by nature, router is to perform routing. However in reality the device could be a Layer-3 switch, firewall, or any device that understand Layer-3 routing. Now let's compare all the choices of Gateways, which are Default Gateway, Default Network and the Gateway of Last Resort. Just by reading the names one would think these are similar if not the same things. Answer is basically yes and no. Here is a quick basic breakdown of each and when you might use them. 1) Default Gateway (ip default-gateway x.x.x.x) This command serves non-routing network device that need to reach any network outside its own subnet or outside of its local network. The command is to function when the network device is not in routing mode. Typically the command exists in Layer-2 switches or switches that are in bridging mode only. In order for this command to function in a router, ip routing must be disabled. When the ip routing is disabled, the router becomes merely a host, similar to regular PC. To reach any network outside its own subnet or outside of its local network, the device needs to have a default-gateway. 2) Default Network (ip default-network a.b.c.d) This command establishes a default subnet or network for specific routing-speaking network device. Therefore the ip routing must be enabled on the device. With this command in place, your Layer-3 network device will actually route packets unlike the default-gateway command. Second this command does not specify the next hop address, it specifies a network to be considered as default. In order for this command to set a default network, you must already have a static route in your routing table. You can tell if this is working if from a sh ip route there is a "gateway of last resort" configured. 3) Gateway of Last Resort (ip route 0.0.0.0 0.0.0.0 next-hop-ip/exit-interface) This command also requires ip routing to be enabled. This command sets a default route for anything not in your routing table. After this command is entered it will show a "gateway of last resort" configured in your ip route table. Some discussions »[Config] a new vlan on router and switch
got feedback?by dpocoroba »Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship Some discussions »[HELP] Static Routing got feedback?by aryoba RIP version 2: Basic Convergence and Loop Prevention Configuration Definitions Preface RIP Routing Metric RIP uses a single routing metric (hop count) to measure the distance between the source and a destination network. Each hop in a path from source to destination is assigned a hop count value, which is typically 1. When a router receives a routing update that contains a new or changed destination network entry, the router adds 1 to the metric value indicated in the update and enters the network in the routing table. The IP address of the sender is used as the next hop. Routing Updates RIP sends routing-update messages in a form of RIP routing table (RIP routing database) at regular intervals and when the network topology changes. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send. RIP Stability Features RIP prevents routing loops from continuing indefinitely by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops in a path is 15. If a router receives a routing update that contains a new or changed entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the network destination is considered unreachable. The downside of this stability feature is that it limits the maximum diameter of a RIP network to less than 16 hops. RIP includes a number of other stability features that are common to many routing protocols. These features are designed to provide stability despite potentially rapid changes in a network's topology. For example, RIP implements the split horizon and holddown mechanisms to prevent incorrect routing information from being propagated. RIP Timers RIP uses numerous timers to regulate its performance. These include a routing-update timer, a route-timeout timer, and a route-flush timer. The routing-update timer clocks the interval between periodic routing updates. Generally, it is set to 30 seconds, with a small random amount of time added whenever the timer is reset. This is done to help prevent congestion, which could result from all routers simultaneously attempting to update their neighbors. Each routing table entry has a route-timeout timer associated with it. When the route-timeout timer expires, the route is marked invalid but is retained in the table until the route-flush timer expires. RIP Properties * UDP port 520 is used as either broadcast or multicast to send out routing tables as routing exchange mechanism. * When RIP v2 updates, it does it with the UDP port 520 on 224.0.0.9 multicast. RIP v1 used the UDP port 520 on 255.255.255.255 broadcast * There is no hello interval. RIP stays in touch by receiving full routing updates periodically. There is no formal neighbor relationship. * You may notice that by depending heavily on receiving and sending full routing updates every time, there is no concept of sending or receiving partial updates in RIP by default unlike EIGRP * Such dependency using broadcast can be bandwidth hog, hence the reason of implementing multicast on RIP v2 * Main metric is hop count. Maximum hop count in RIP is 15. Therefore, 16 hop count is considered to be an infinite number of hops away. * Update interval is every 30 seconds. * No partial updates as mentioned earlier. Full updates all the time, every time. For on-demand circuits, RFC 2091 allows RIP to send a full update the first time, but not say anything else until a change happens. * When routes change, this will trigger an update. * Supports up to 6 equal-cost routes in the routing table, with a default of 4. * You can authenticate both via MD5 or plaintext. * RIP v2 is classless, as it includes the subnet mask in route advertisements. Ergo, VLSM is supported. * Route tagging is supported (more on that later). * There’s a “next-hop” field so that the router can advertise routes other than itself as the next-hop. * RIP does not compute the metric for itself. Rather, RIP accepts the metric (hop count, remember?) that’s advertised to it. When the router advertises the route it’s learned, it will add 1 to the metric. How RIP manage network connectivity Some discussions »[HELP] Rip routing : How does it find it's destination
got feedback?by aryoba www.cciecandidate.com Basics Tables, Convergence and Going Active Configuration Definitions Cisco website Metric Computation Various EIGRP Topics Introduction to EIGRP White Paper of Enhanced Interior Gateway Routing Protocol Setting a Preferred Route by Influencing EIGRP Metrics Preface The Enhanced Interior Gateway Routing Protocol (EIGRP) represents an evolution from its predecessor IGRP. This evolution resulted from changes in networking and the demands of diverse, large-scale internetworks. EIGRP integrates the capabilities of link-state protocols into distance vector protocols. Additionally, EIGRP contains several important protocols that greatly increase its operational efficiency relative to other routing protocols. One of these protocols is the Diffusing update algorithm (DUAL) developed at SRI International by Dr. J.J. Garcia-Luna-Aceves. DUAL enables EIGRP routers to determine whether a path advertised by a neighbor is looped or loop-free, and allows a router running EIGRP to find alternate paths without waiting on updates from other routers. EIGRP provides compatibility and seamless interoperation with IGRP routers. An automatic-redistribution mechanism allows IGRP routes to be imported into EIGRP, and vice versa, so it is possible to add EIGRP gradually into an existing IGRP network. Because the metrics for both protocols are directly translatable, they are as easily comparable as if they were routes that originated in their own autonomous systems (ASs). In addition, EIGRP treats IGRP routes as external routes and provides a way for the network administrator to customize them. EIGRP Properties * EIGRP uses its own IP Protocol, which is Protocol 88 (refer to IANA Protocol Number List for details) * EIGRP metric is comprised of five elements (link bandwidth, link delay, link load, link reliability, and link MTU) where two elements (bandwidth and delay) are active by default and three elements (load, reliability, and MTU) are optional. * Unlike RIP, there is a concept of neighbor establishment and relationship where Hello packets are sent at certain Hello interval time (similar to Link-State Routing Protocols such as OSPF) * The hold timer is the timer used to determine when a neighbor has failed. This is based on the router not getting any hello or other messages during the timer period (similar feature as to Link-State Routing Protocols such as OSPF) * Similar to RIP, EIGRP send Routing Updates to other EIGRP-speaking routers by sending routing table * Similar to RIP version 2, the EIGRP Routing Updates are sent to the multicast address of 224.0.0.10 (refer to IANA IPv4 Multicast Address Space Registry for details). Retransmissions are Unicast unlike RIP though. * Similar to RIP, EIGRP can send full or partial routing updates. Full updates are sent when a new neighbor adjacency is formed. Partial updates are sent the rest of the time. Note that RIP can only send partial routing updates over WAN links (such as out of Serial interfaces) where EIGRP can send partial updates over both LAN (such as Ethernet) and WAN links. * MD5 authentication is the only type supported in terms of neighbor establishment unlike RIP or OSPF * Unlike IGRP, EIGRP supports Variable length subnet mask (classless) networks as subnet masks are included for all routes * Route Tags are supported for redistribution into EIGRP. * EIGRP Protocol 88 has next-hop field, so that a router can advertise routes with a next hop other than itself * Routes can be summarized by EIGRP anywhere in the network that you turn it on, unlike OSPF where you can only summarize at ABR or ASBR * EIGRP supports more than just IP. IPX is also supported, as is AppleTalk EIGRP vs. OSPF Similar to IGRP, EIGRP only runs on Cisco platforms such as Cisco routers, Cisco switches, and Cisco firewalls. In other words, EIGRP is Cisco proprietary routing protocol which do not run and is not supported on non-Cisco platforms. OSPF, as well as RIP, IS-IS, and BGP are RFC-based routing protocols, hence Cisco and non-Cisco platforms run and support. In most vendor implementation; OSPF, RIP, and BGP interoperability across vendors may work fine while IS-IS interoperability across vendors may not. Since EIGRP-speaking router relies on routing updates sent by its neighbors to have full visibility of network topology to build network database, EIGRP is still considered Distance-Vector routing protocol similar to RIP even though EIGRP has some advanced features that Link State routing protocol such as OSPF has. This condition allows certain EIGRP network setup/design that is never allowed in OSPF as Link State routing protocol such as advertise network summary at any EIGRP-speaking router within the same EIGRP routing domain and no concept of ABR (Area Border Router) or ASBR (Autonomous System Boundary Router) since there is no concept of Areas in EIGRP. From the routing protocol algorithm perspective, EIGRP as Distance-Vector routing protocol is based on a distributed form of Bellman-Ford algorithm to find shortest paths. This Bellman-Ford algorithm works by exchanging a vector of distances to all destinations known to each node. No further topological information is ever exchanged. Thus, each node knows about all destinations present in the network and it knows the resulting distance to each destination via every of the node's neighbors. However, the node does not have any idea of the actual network topology, nor does the node need it. OSPF as Link State routing protocol however is based on algorithms to find shortest paths in a graph, with Dijkstra's algorithm as basis algorithm. This Dijkstra's algorithm works by exchanging a description of each node and its exact connections to its neighbors. In essence, each node describes its adjacencies to neighboring nodes and this information is flooded throughout the network. Therefore, each node knows the exact network topology, i.e. it has a graph representation of the network. Using this graph, each node computes the shortest paths from itself to each available destination. With concept of Areas, the graph representations in OSPF are stored in database either in detail as presented in LSA (Link State Advertisement) Types 1 and 2 for routers within the same area, or in summary as presented in LSA Types 3, 4, and 5 for routers outside the area. No routes leaving an area without going through ABR and only through ABR network info from different areas are known. When router is stated as ABR of certain area, then the router possess significant roles that non-ABR do not have and all routers within the same routing domain respect/follow this condition. Even though there is no concept of Areas in EIGRP, you can set EIGRP-speaking router as stub router. Similar to OSPF stub router (not to be confused as OSPF stub area, ABR, or ASBR), stub router in EIGRP means a router that will never be as transit router of any networks. As you may see in later description, EIGRP stub router provides features that may resemble OSPF ABR and ASBR. Further, EIGRP by default summarize VLSM networks into its classful form which is typically unwanted. Since summarization only exists in either ABR or ASBR, OSPF by default does not summarize VLSM networks. With no concept of Areas, EIGRP is simpler than OSPF and yet has advanced features similar to OSPF. For network that is strictly Cisco based and has no need of full visibility of the entire network's graph representations, EIGRP might be a good routing protocol choice. For network that uses lots of network summarization, may not run only Cisco, or is considered outside/public network; OSPF might be your best bet. Hello Packets and Neighbor Adjacencies One reason IGRP/EIGRP as Distance-Vector routing protocol was designed to be "more advanced" than RIP was that IGRP/EIGRP had a concept of neighbor similar to Link-State protocol such as OSPF. The idea of having neighbor relationship is not just maintaining equivalent visibility of the entire IGRP/EIGRP network, but also to keep the relationship between IGRP/EIGRP speaking routers efficient. It was considered unnecessary to keep sending routing updates everytime to other IGRP/EIGRP speaking routers like RIP, since the routing updates should be the same as previous updates unless there was a network change (i.e. due to broken link or lost-power routers). EIGRP uses Hello packets to maintain relationship with its neighbors, similar to Link-State protocol such as OSPF. Following is a little description of how two EIGRP speaking routers find out about each other using Hello packets. * When an EIGRP router comes up on the network, he sends EIGRP hellos out all interfaces where EIGRP is running to 224.0.0.10 multicast address. * When two routers here each other say “Hello”, they become adjacent, assuming: 1. They authenticate to one another, if authentication has been configured on one or both. 2. The use the same AS number (you know, the “router eigrp xyz”, where xyz is your AS number) 3. The routers must be on the same subnet, or at least think that they are. The router will source his multicast hello from the primary IP address of his interface. The receiving router’s interface must fall into that same subnet. It’s plausible that the two routers could have different subnet masks on their interfaces, but still believe they are on the same subnet. 4. K values (the multipliers for each of the five potential elements that EIGRP can use to compute a route’s metric) must match. By default, the K values are 1 0 1 0 0…in effect, only the two values of bandwidth and delay multiplied by 1 will be used. The other three are multiplied by zero, their impact on the route metric computation negated. Cisco recommends that you do not change the K values. What else are hellos good for? Why, they are effective little keepalives. EIGRP hellos are sent at the “hello interval” time. If the adjacent router doesn’t hear a hello from the EIGRP neighbor within the “hold time”, then the neighbor is considered to have gone away, and the routes through that neighbor therefore to have failed. How sad. Now - it’s interesting to note that the hello and hold timers do not need to match for EIGRP to form a neighbor adjacency. However, the router will use the timers his neighbor sends him. “Hello there. When thinking warm EIGRP thoughts about me, please use these hello packets and hold timers. Thanks!” So now we’ve got 2 EIGRP neighbors. They’ve said hello, they’ve settled on timers, matched K values, MD5 authentication, subnets and AS numbers. So let’s get down to the business at hand: exchanging routes. * First go, all routes are sent - a full update, less split-horizon routes. * Similar to RIP, EIGRP also uses Split Horizon by default to avoid routing loop by not sending route update and query packets out of interfaces which the routes were originated from * Updates stop when all routes are exchanged. * When route metrics change, partial updates are sent just to update the metrics of existing routes. * If a neighbor dies, but comes back from the dead, it’s as if the routers never knew one another: full updates are sent. If a router forms a new neighbor adjacency, full updates are sent. With something as important as a routing table getting sent, you’d think EIGRP would use some sort of reliable transport, right? But EIGRP doesn’t use TCP, does it? No…EIGRP is his own animal, IP protocol 88. Included in IP/88 is RTP: reliable transport protocol. * RTP starts the RTO, or retransmission timeout. * RTP sends a multicast update to 224.0.0.10 (all neighbors on a segment). * RTP anticipates receiving a unicast ACK response from all neighbors, acknowledging receipt of the update. * If RTO expires for a particular neighbor, RTP will re-send the update as a unicast to the neighbor that didn’t ACK. * RTP uses a one-for-one message/ACK. There’s no sliding window concept here, as with TCP. We’re keeping it simple. The update is sent with a sequence number, and the ACK message contains that sequence number. (Different again from TCP.) How EIGRP Speaking Routers manage EIGRP network reachability As mentioned earlier, EIGRP uses K values that are determined by the five factors (link bandwidth, link delay, link reliabilty, link load, and link MTU) to determine routing metrics. These five factors in EIGRP term will show as Vector Metric. Since EIGRP is somewhat considering Hop Count similar to RIP, the Hop Count also shows in the Vector Metric. Note that this Hop Count "consideration" is one of the reason why EIGRP is still Distance-Vector routing protocol similar to RIP although EIGRP has some advanced feature that Link-State routing protocol such as OSPF has. The EIGRP K values are determined by two factors by default (bandwidth and delay) and additional three optional factors (load, reliability, and MTU). These five factors are coming off the router interfaces where such route come from. In EIGRP term, the routing metric determined by the K values is called Distance. Assuming the route's administrative distance is equal, the metric with lowest Distance is considered the best-computed metric which leads to be the best EIGRP route. In EIGRP, such best-computed metric is called Feasible Distance (FD) where such best EIGRP route is called Successor. As a note, the higher Distance is called Feasible Successor which may become Successor should the existing successor becomes unavailable or unreachable. Once the FD value has been established, EIGRP-speaking router advertises the FD to all EIGRP neighbors. This advertised FD is called Reported Distance (RD). The EIGRP-speaking router in addition maintain a two-tuple route reachability called Composite Metric in form of (Distance, Reported Distance) which such is stored in so-called EIGRP topology table. With any routing reachability, following is the consideration to determine which best route or path is to reach certain subnets or IP address. 1. Routes with lowest administrative distance wins 2. If there are multiple routes with equal administrative distance, then the routes with lowest metric wins This winning route then shows up in the router's routing table. If the router decides that the EIGRP route is the winning route for example, then the EIGRP route shows up in the router's routing table. If let's say the directly connected route or static route is the winning route, then such route shows up in the router's routing table. Now let's consider the following EIGRP AS 1 network diagram
EIGRP uses 3 tables: * The neighbor table shows you what’s going on with other routers seen as adjacent via “show ip eigrp neighbors” * The topology table contains EIGRP update messages, essentially all the prefixes, next hops, etc. that the EIGRP neighbors tell one another about. “show ip eigrp topology” * EIGRP routes installed in the IP routing table are based on the router’s metric calculation of each route from the topology table Specifically for Cisco IOS-based network devices such as routers and Layer-3 switches, there is one IOS command that shows in general how certain routing protocols (EIGRP or else) with their associated properties running on the router. This command is a show ip protocols. In regards of EIGRP, the show ip protocols display in general EIGRP AS domain ID, K values, timers, and all other basic EIGRP properties. Following is the illustration coming off R3 R3# show ip protocols
This command shows basic EIGRP properties that are currently active on the router R3 such as active K values, EIGRP maximum hop count, variance, and maximum path. In addition, the command shows which next hop router IP address that has route reachability info regarding specific networks with its associated administrative distance and route update last update received. Last not but not least, the command shows the EIGRP administrative distance which is 90 for internal routes and 170 for external routes (default values). You may note that only networks that are directly connected to the R3 that show in the command display. To see the whole EIGRP topology network as to which network is reachable via which EIGRP-speaking router and with what metric values, you need the show ip eigrp topology command as shown below. R3# show ip eigrp topology
For the illustration purposes, let's now focus on 10.1.3.0/24 network topology by reviewing the following show command display. R3# show ip eigrp topology 10.1.3.0 255.255.255.0
R3# show interface ethernet0/1
R3# show ip route
Following is some further description using 10.1.3.0/24 route or subnet as example. Referring to the above R3's show interface command, you can see the following * R3 Ethernet0/1 interface is a member of 10.1.3.0/24 subnet where the R3 Ethernet0/3 interface IP address is 10.1.3.3/24 * From R3 Ethernet0/1 interface perspective, the 10.1.3.0/24 subnet has link MTU of 1500 bytes, link bandwidth (BW) of 10000 Kbit, link delay (DLY) of 1000 usec, link reliability of 255/255 (100% reliable), txload 1/255, rxload 1/255 (makes link load of 1/255 which is 1% utilized or loaded link) * These five values forms so-called Vector Metric where each value presents in the EIGRP topology table as you may note later Referring to the above R3's show ip eigrp topology 10.1.3.0 255.255.255.0 command, you can see the following * R3 learns the 10.1.3.0/24 subnet from two different sources. One is coming from directly connected interface, which is R3's Ethernet0/1 as indicated as 0.0.0.0 (Ethernet0/1) from Connected. R3 also learns the same subnet from R3's Ethernet0/0 interface coming from R4 as indicated as 10.1.2.4 (Ethernet0/0) from 10.1.2.4. * With these two different sources, R3 performs EIGRP metric calculation to find out the best-computed metric for 10.1.3.0/24 route * You may note that the Vector Metric of Connected interface comes from the Connected (Ethernet0/1) interface as indicated in Minimum bandwidth is 10000 Kbit, Total delay is 1000 microseconds, Reliability is 255/255, Load is 1/255, and Minimum MTU is 1500 * Similar Vector Metric value shows up in the 10.1.2.4 (Ethernet0/0) where the five values comes from the R3's Ethernet0/0 interface * Since EIGRP is somewhat considering Hop Count similar to RIP, the Hop Count also shows in the Vector Metric where 0 Hop Count means the network is directly connected and 1 Hop Count means the network is one hop away * After the calculation, R3 decides that Distance coming from directly connected interface is 281600 as indicated in Composite metric is (281600/0) where the 281600 is the Distance and 0 is the Reported Distance. R3 also decides that Distance coming from R4 is 307200 as indicated in Composite metric is (307200/281600) where the 307200 is the Distance and 281600 is the Reported Distance. * Since Distance of directly connected interface is lower than R4's Distance, R3 decides that Feasible Distance is 281600, as indicated in FD is 281600 * There is only one route from R3's perspective that carries FD of 281600. Therefore R3 decides that there is only one Successor, as indicated in 1 Successor(s) * The R3's Ethernet0/1 interface becomes the interface that carries the successor route where the R3's Ethernet0/0 (pointing to R4) becomes the interface that carries the feasible successor route. In other words, the directly connected Ethernet0/1 should be the best path to reach 10.1.3.0/24 subnet from R3's perspective as you may see later. Note that this FD of 281600 will be the metric that is passed by R3 to all other EIGRP neighbors (which in this illustration; R2 and R4) as the best-computed metric to reach the 10.1.3.0/24 route. In other words, the 281600 FD will be RD from R3 to R2 and to R4. It would be up to the neighbor if this FD will be the FD of their perspective to reach such route. As example, R4 may (and should) have better (read: lower) Distance to reach the 10.1.3.0/24 route than the Distance R3 passes. However R2 may consider reaching the 10.1.3.0/24 route from either R3 or R4 since Reported Distance that both R3 and R4 pass are equal. Referring to the above R3's show ip route command, you can see the following * Directly connected networks are considered the routes having the lowest administrative distance to reach 10.1.2.0/24 and 10.1.3.0/24, hence such routes show in the R3's routing table * EIGRP is considered the routes having the lowest administrative distance to reach 10.1.1.0/24, hence such route shows in the R3's routing table * From R3 perspective, the 10.1.1.0/24 has administrative distance of 90 (default value of internal EIGRP routes), has routing metric of 20537600 (which is also the FD), and is reachable via EIGRP-speaking router that has IP address of 10.1.2.2 coming from R3's Ethernet0/0 interface at 00:16:14 time as indicated in D 10.1.1.0 [90/20537600] via 10.1.2.2, 00:16:14, Ethernet0/0 Now let's consider similar show command coming off R2 as follows R2# show ip protocols
R2# show ip eigrp topology 10.1.3.0 255.255.255.0
R2# show ip route
From the R2's EIGRP topology table as shown above, you may note the following * R2 receives Reported Distance value from R3 to reach 10.1.3.0/24 as 281600 (which is the R3's FD from previous description) as indicated in 10.1.2.3 (Ethernet0), from 10.1.2.3, Composite metric is (307200/281600) * The R2 Vector Metric interface where the R3 connects to shows its associated five factors which are Bandwidth, Delay, Reliability, Load, and MTU. The Vector Metric also shows the Hop Count value as well * Based on these five factors, R2 has the metric to reach R3's 10.1.3.0/24 subnet. R2 adds this metric with the Reported Distance that R2 receives from R3 (which is the 281600). The total metric is 307200 which makes the 281600 plus the metric R2 has to reach R3. This total metric is the Distance R2 comes up based on Reported Distance coming from R3 * Similarly, R2 receives Reported Distance value from R4 to reach 10.1.3.0/24 as 281600 as indicated in 10.1.2.4 (Ethernet0), from 10.1.2.4, Composite metric is (307200/281600) * The R2 Vector Metric interface where the R4 connects to shows its associated five factors which are Bandwidth, Delay, Reliability, Load, and MTU. The Vector Metric also shows the Hop Count value as well * Based on these five factors, R2 has the metric to reach R4's 10.1.3.0/24 subnet. R2 adds this metric with the Reported Distance that R2 receives from R4 (which is the 281600). The total metric is 307200 which makes the 281600 plus the metric R2 has to reach R4. This total metric is the Distance R2 comes up based on Reported Distance coming from R4 * Since there are only two sources to reach 10.1.3.0/24 from R2's perspective (either from R3 or R4), R2 will choose the FD based on such sources * The Reported Distance comes from R3 and R4 to reach 10.1.3.0/24 is the same 307200 as shown in Composite metric is (307200/281600) where the 281600 is the Reported Distance R2 receives from each source (R3 and R4) and the 307200 is the Distance R2 calculates to reach 10.1.3.0/24 as the total metric * R2 decides that 10.1.3.0/24 FD is 307200 * Since there are multiple sources that have FD of 307200, there are two equal EIGRP successors You may note from previous description on R3 where there are two Composite Metrics R3 comes up. One is the (281600/0) Connected and second one is the (307200/281600) R4 10.1.2.4 (Ethernet0/0). Let's review these two metrics. The Reported Distance 0 in (281600/0) Connected means that the R3 receives the 10.1.3.0/24 route from nowhere else but itself as directly connected network. R3 also calculates the metric to reach this directly connected network based on the five factors shown in the associated R3's Ethernet0/1 interface Vector Metrics. The total metric (the Distance) is 281600 which makes up 0 metric to reach the directly connected network and the 281600 metric that R3 calculates based on the the associated R3's Ethernet0/1 interface Vector Metrics, hence shows up as (281600/0). The Reported Distance 281600 in (307200/281600) 10.1.2.4 (Ethernet0/0) means that the R3 receives the 10.1.3.0/24 route from 10.1.2.4 (which is R4 IP address) via R3's Ethernet0/0 interface with announced R4 Reported Distance of 281600. R3 also calculates the metric to reach this R4 based on the five factors shown in the associated R3's Ethernet0/0 interface Vector Metrics. The total metric (the Distance) is 307200 which makes up 281600 metric to reach the R4 and the metric that R3 calculates based on the associated R3's Ethernet0/0 interface Vector Metrics, hence shows up as (307200/281600). From the R2's routing table as shown above, you may note the following * R2 decides that EIGRP route to reach 10.1.3.0/24 has the lowest administrative distance * R2 decides that there are two equal EIGRP successors to reach 10.1.3.0/24, which make two equal routes to reach such subnet * Based on these decisions, such routes show in the R2's routing table Now let's consider similar show command coming off R1 as follows R1# show ip protocols
R1# show ip eigrp topology 10.1.3.0 255.255.255.0
R1# show ip route
From the R1's EIGRP topology table as shown above, you may note the following * R1 receives Reported Distance value from R2 to reach 10.1.3.0/24 as 307200 (which is the R2's FD from previous description) as indicated in 10.1.1.2 (Serial0.201), from 10.1.1.2, Composite metric is (2221056/307200) * The R1 Vector Metric interface where the R2 connects to shows its associated five factors which are Bandwidth, Delay, Reliability, Load, and MTU. The Vector Metric also shows the Hop Count value as well * Based on these five factors, R1 has the metric to reach R2's 10.1.3.0/24 subnet. R1 adds this metric with the Reported Distance that R2 receives from R2 (which is the 307200). The total metric is 2221056 which makes the 307200 plus the metric R1 has to reach R2. This total metric is the Distance R1 comes up based on Reported Distance coming from R2. * The R1's (2221056/307200) indicates that the 307200 is the Reported Distance R1 receives from R2 and the 2221056 is the total metric (Distance) to reach 10.1.3.0/24 which makes the 307200 plus the metric R1 has to reach R2 * Since there is only one source to reach 10.1.3.0/24, R1 decides that FD of 10.1.3.0/24 is 2221056 * Since there is only one source to reach 10.1.3.0/24, R1 decides that there is also only one Successor From the R1's routing table as shown above, you may note the following * R1 decides that EIGRP route to reach 10.1.3.0/24 has the lowest administrative distance * R1 decides that there is only one EIGRP successor to reach 10.1.3.0/24 * Based on these decisions, such route show in the R1's routing table as single route to reach 10.1.3.0/24 with administrative distance of 90 and with routing metric of 2221056 Tables, Convergence, and Going Active EIGRP computes the route metric based on several things, by default only bandwidth (in bits per second) and delay (in tens of microseconds). If you use the “metric weights” commands in your router eigrp paragraph, you can also have EIGRP include link load, reliability and MTU in the metric calculation - although this is not recommended by Cisco because it can introduce route instability. Link load and reliability can be fluctuating values causing a higher than usual number of convergence events. So, assuming we’re using the default K values (ergo, we’re only going to compute the EIGRP metric based on bandwidth and delay), what does the EIGRP metric computations process look like? * A neighbor (let’s call him R3 as shown at previous illustration) advertises a route with bandwidth and delay. * R2 receives this route and computes the “reported distance” (RD) of the route. RD is the neighbor’s route metric. * R2 puts this route into his topology table, adding his own delay and bandwidth as appropriate. Delay is aggregate of all hops, whereas the bandwidth only uses the lowest bandwidth link. * When R2 advertises this route, it will include the new computed delay and bandwidth. * The default K values EIGRP metric computation formula is pretty easy: EIGRP metric = 256*(10,000,000/bandwidth) + 256*delay. The topology table will show you a few other good things to know in regards to feasible condition: * The feasible distance (FD) is the router’s best-computed metric when compared to all the possible ways to get to a certain network. * The FD is then the “successor route”, and is the one installed in the IP routing table. The successor route’s metric in EIGRP-speak is the FD of a route, and therefore this is the metric you’ll see attached to the route when you do a “show ip route”. * You’ll also see “feasible successors” in the topology table, or routes that EIGRP knows can be used, but don’t have a metric as good as the FD. Feasible successors then are routes that might be installed in the routing table at some point, but only if the successor route fails. On previous illustration, the EIGRP topology table showed that the route status was passive as stated in State is Passive of each router's topology table (the show ip eigrp topology 10.1.3.0 255.255.255.0). Such passive state means that the router either did not detect network change or the router had completed the route reachability computation. Now, in any network of size, routes will change. Links go up and down, routers become unavailable, etc. When there’s a change to the EIGRP topology, EIGRP neighbors send each other updates about the change. This change is known in EIGRP-speak as an “input event”. When an EIGRP router receives an “input event”, it performs a “local computation” to determine whether the input event is something he needs to do something about or not. * If the input event indicates that the successor route is no longer available, the routers will install a feasible successor, and then update his neighbors about the change. * If there is no feasible successor, then the router “goes active” for the route, in essence asking neighbors for a path to his dead successor. * This Active state will then show as State is Active on the router's topology table When a router “goes active” on a route, he sends multicast query messages to his neighbors asking for a way to get to the network he just lost a path to. Each of those routers will send unicast back a reply message. If the querying router gets a valid path or paths back to the network, he’ll perform normal computations on the routes, and update his topology table and IP route table appropriately. If there’s no path back to the network, then that route simply doesn’t get placed back in the routing table. Now, when a router receives a query message from another router about an active route, that router can do a few different things: * If the router has no topology table entry, then the reply message states that the router has no route. * If the router has a successor or feasible successor, then those details are sent back in the reply message. * But if there is an entry in the topology table, but yet no successor or feasible successor (a route with recent changes where the route is in limbo), then the queried router itself will go active for this route. Illustration of EIGRP-speaking router interaction and network management process Now let's recap on how R1, R2, and R3 from previous illustration as EIGRP-speaking routers interact and manage EIGRP network All routers (R1, R2, and R3) have EIGRP configuration in place. When all necessary EIGRP properties are in place on each router, each individual router tries to find neighbor by sending the multicast IP address of 224.0.0.10 and see if there is any other EIGRP-speaking router that has matched EIGRP property configuration. The router then begins the Active state. The show ip protocols command reveals the following * All three routers (R1, R2, R3) have the same EIGRP AS domain which is AS 1 * All three routers have the same active K values (in this case, the default) * All three routers have the same internal and external administrative distances * Each interconnected interface (i.e. R1 Serial0.201 and R2 Serial0.101 interfaces; R2 Ethernet0, R3 Ethernet0/0, and R4 Ethernet0/0 interfaces) has the same network ID and subnet mask In addition, the show interface and the show ip eigrp topology commands reveal that each interconnected interface has the identical MTU. With all of these conditions, following occurs * R3 and R4 become neighbors via 10.1.3.0/24 network * R2, R3, and R4 become neighbors via 10.1.2.0/24 network * R1 and R2 become neighbors via 10.1.1.0/24 network Once the routers become neighbors, each router starts to gather Vector Metric and Composite Metric for each network within the EIGRP AS domain. From the show interface and the show ip eigrp topology commands, you can see how each interconnected interface show associated Vector Metric to reach 10.1.3.0/24 network via certain next-hop IP address. The Vector Metric reveals the FD (Feasible Distance) of each network (in this case, the show ip eigrp topology command shows the 10.1.3.0/24 network FD). Each router picks successor based on the FD, where the successor becomes Reported Distance (RD) for the neighbors and becomes Distance to establish the Composite Metric. All of these info (successor, FD, interface, Composite Metric, EIGRP routes, EIGRP AS domain, among other things) make up the EIGRP topology that show how one EIGRP-speaking router can reach specific EIGRP network as shown in the show ip eigrp topology command. Once a router knows how to reach specific EIGRP network, the router stops the Active state for that network reachability and begins the Passive state. This Passive state means that the router is at convergence state for that specific network reachability. When EIGRP administrative distance route is the lowest, the distance value appears in the router's routing table. In addition, the EIGRP Distance value appears in the router's routing table as metric. Stuck-In-Active Condition Now a router will keep a route in the active state until he hears a unicast reply from every neighbor. So if that third condition above applies (i.e. the queried router goes active), then that means it’s going to take that much longer for the queried router to reply - because now the queried router has to wait for all of HIS neighbors to reply to his query before he can reply to the initial query about the route. So if you think of this happening, several routers deep in a large enterprise network, you can end up in a condition where a route is considered to be “stuck-in-active”. If all queried routers do not respond before the “active timer” expires, then that route is “stuck-in-active”. Active Timer An interesting side-effect of the active timer is that a router will consider his neighbor to have gone down if he doesn’t respond before the active timer expires. If you want to disable that function on the chance that the neighbor is actually good, just not responding quickly enough, you can use the “timers active-time disabled” function in the “router eigrp” paragraph. You can also handle this situation by limiting the scope of the query. You can reduce the number of neighbors that receive the active route query, and also how many hops away the active query can go. You accomplish this more through design than a magic command. * Route summarization can keep queries brief. If a router has gone active for 10.1.2.0/24, and sends a query to a neighbor with a 10.0.0.0/8 summary route, the queried neighbor will immediately reply that he does NOT have a route for 10.1.2.0/24. (Remember that he would be advertising the 10.0.0.0/8 route still.) * Another design element you can use is that of a stub router. EIGRP stub routers sit logically at the edge of your EIGRP autonomous system. They are routers that participate in EIGRP, but are not expected to be used as transit routers. Non-stub routers do not send queries to stub routers, on the general principle that they are supposed to be topology end points, not transit paths. Some Key Points and Definitions >> How EIGRP stores data The data EIGRP collects is stored in three tables: * Neighbor Table: Stores data about the neighboring routers, i.e. those directly accessible through directly connected interfaces. * Topology Table: Confusingly named, this table does not store an overview of the complete network topology; rather, it effectively contains only the aggregation of the routing tables gathered from all directly connected neighbors. This table contains a list of destination networks in the EIGRP-routed network together with their respective metrics. Also for every destination, a successor and a feasible successor are identified and stored in the table if they exist. Every destination in the topology table can be marked either as "Passive", which is the state when the routing has stabilized and the router knows the route to the destination, or "Active" when the topology has changed and the router is in the process of (actively) updating its route to that destination. * Routing table: Stores the actual routes to all destinations; the routing table is populated from the topology table with every destination network that has its successor and optionally feasible successor identified (if unequal-cost load-balancing is enabled using the variance command). The successors and feasible successors serve as the next hop routers for these destinations. >> The K Values There are five (5) K values used in the Composite metric calculation - K1 through K5. The K values only act as multipliers or modifiers in the composite metric calculation. K1 is not equal to Bandwidth, etc. By default, only total delay and minimum bandwidth are considered when EIGRP is started on a router, but an administrator can enable or disable all the K values as needed to consider the other Vector metrics. For the purposes of comparing routes, these are combined together in a weighted formula to produce a single overall metric: [(K1 * Bandwidth + K2 * Bandwidth / (256 - Load) + K3 * Delay) * K5 / (K4 + Reliability)] * 256 where the various constants (K1 through K5) can be set by the user to produce varying behaviors. An important and totally non-obvious fact is that if K5 is set to zero, the term K5 / (K4 + Reliability) is not used (i.e. taken as 1). The default is for K1 and K3 to be set to 1, and the rest to zero, effectively reducing the above formula to (Bandwidth + Delay) * 256 >> EIGRP Composite and Vector metrics EIGRP associates six (6) different vector metrics with each route and considers only four (4) of the vector metrics in computing the Composite metric. They are the following. Bandwidth Minimum Bandwidth (in kilobits per second) along the path from router to destination network Load Load (number in range 1 to 255; 255 being saturated) Delay Total Delay (in 10s of microseconds) along the path from router to destination network Reliability Reliability (number in range 1 to 255; 255 being the most reliable) MTU Minimum path Maximum Transmission Unit (MTU) which is never used in the metric calculation as shown in the above K formula. Although MTU is not used in the metric calculation, EIGRP-speaking router cannot perform adjacency with other EIGRP-speaking router over the connecting interface. Note that matched MTU on both side of routers over the connecting interface applies not only in routing protocol (such as EIGRP and OSPF), but also applies in any basic IP network connectivity. Hop Count Number of routers a packet passes through when routing to a remote network, used to limit the EIGRP AS which 100 Hop Count is considered the maximum Hop Count. Any routes with Hop Count over than 100 is considered unreachable. >> Successor A successor for a particular destination is a next hop router to reach such destination subnet or route that satisfies these two conditions: * it provides the least distance to that destination * it is guaranteed not to be a part of some routing loop The first condition can be satisfied by comparing metrics from all neighboring routers that advertise that particular destination, increasing the metrics by the cost of the link to that respective neighbor, and selecting the neighbor that yields the least total distance. The second condition can be satisfied by testing a so-called Feasibility Condition for every neighbor advertising that destination. There can be multiple successors for a destination, depending on the actual topology. The successors for a destination are recorded in the topology table and afterwards they are used to populate the routing table as next-hops for that destination >> Feasible Successor A feasible successor for a particular destination is a next hop router to reach such destination or subnet that satisfies this condition: * it is guaranteed not to be a part of some routing loop This condition is also verified by testing the Feasibility Condition. Thus, every successor is also a feasible successor. However, in most references about EIGRP the term "feasible successor" is used to denote only those routers which provide a loop-free path but which are not successors (i.e. they do not provide the least distance). From this point of view, for a reachable destination there is always at least one successor, however, there might not be any feasible successors. A feasible successor provides a working route to the same destination, although with a higher distance. At any time, a router can send a packet to a destination marked "Passive" through any of its successors or feasible successors without alerting them in the first place, and this packet will be delivered properly. Feasible successors are also recorded in the topology table. The feasible successor effectively provides a backup route in the case that existing successors die. Also, when performing unequal-cost load-balancing (balancing the network traffic in inverse proportion to the cost of the routes), the feasible successors are used as next hops in the routing table for the load-balanced destination. By default, the total count of successors and feasible successors for a destination stored in the routing table is limited to four. This limit can be changed in the range from 1 to 6. In more recent versions of Cisco IOS (e.g. 12.4), this range is between 1 and 16. >> Active and Passive State A destination in the topology table can be marked either as Passive or Active. A Passive state is a state when the router has identified the successor(s) for the destination. The destination changes to Active state when current successor no longer satisfies the Feasibility Condition and there are no feasible successors identified for that destination (i.e. no backup routes are available). The destination changes back from Active to Passive when the router received replies to all queries it has sent to its neighbors. Notice that if a successor stops satisfying the Feasibility Condition but there is at least one feasible successor available, the router will promote a feasible successor with the lowest total distance (the distance as reported by the feasible successor plus the cost of the link to this neighbor) to a new successor and the destination remains in the Passive state. >> Reported Distance and Feasible Distance Reported Distance (RD) is the total metric along a path to a destination network as advertised by an upstream neighbor.[1] This distance is sometimes also called a Advertised Distance (AD) and is equal to the current lowest total distance through a successor for a neighboring router. A Feasible Distance (FD) is the lowest known distance from a router to a particular destination. This is the Reported Distance (RD) + the cost to reach the neighboring router from which the RD was sent[1]. It is important to note that this metric represents the last time the route went from Active to Passive state. It can be expressed in other words as a historically lowest known distance to a particular destination. While a route remains in Passive state, the FD is updated only if the actual distance to the destination decreases, otherwise it stays at its present value. On the other hand, if a router needs to enter Active state for that destination, the FD will be updated with a new value after the router transitions back from Active to Passive state. This is the only case when the FD can be increased. The transition from Active to Passive state in effect marks the start of a new history for that route. For example, if the route to a newly discovered destination X went from Active to Passive state with a total distance of 10, the router sets the RD and FD to 10. Later this distance decreases from 10 to 8. The distance remains in the Passive state (because distance decrease never violates the Feasibility Condition) and the router updates the RD and FD to 8. Even later, the distance increases to 12 but in such a way that there is still a valid successor or feasible successor available. In this case, the RD gets updated to 12, however, the FD will remain at the value of 8. Therefore, the values of RD and FD can be different. Finally, the actual successor fails and no other feasible successor is currently identified. Therefore, the router has to transition to Active state and ask its neighbors for a new route to the destination X. Assuming that the newly found path to that destination has a total distance of 100, the router will transition back to Passive state and update both its RD and FD to the new shortest path length, in this case, 100. >> Feasibility Condition The feasibility condition is a sufficient condition for loop freedom in EIGRP-routed network. It is used to select the successors and feasible successors that are guaranteed to be on a loop-free route to a destination. Its simplified formulation is strikingly simple: If, for a destination, a neighbor router advertises a distance that is strictly lower than our feasible distance, then this neighbor lies on a loop-free route to this destination. or in other words, If, for a destination, a neighbor router tells us that it is closer to the destination than we have ever been, then this neighbor lies on a loop-free route to this destination. In exact terms, every neighbor that satisfies the relation RD < FD for a particular destination is on a loop-free route to that destination. This condition is also called the Source Node Condition and is one of more equivalent conditions that were proposed and proven by Dr. J. J. Garcia-Luna-Aceves at SRI. The paper proposing the Source Node Condition and the Diffusing Update Algorithm algorithm itself can be found here. It is important to realize that this condition is a sufficient, not a necessary condition. That means that neighbors which satisfy this condition are guaranteed to be on a loop-free path to some destination, however, there may be also other neighbors on a loop-free path which do not satisfy this condition. However, such neighbors do not provide the shortest path to a destination, therefore, not using them does not present any significant impairment of the network functionality. These neighbors will be re-evaluated for possible usage if the router transitions to Active state for that destination. >> EIGRP classification as a distance-vector EIGRP exchanges a vector of distances to each known destination network without full knowledge of the network topology, as shown in each EIGRP-speaking router topology table where only show the five factors (bandwidth, delay, load, reliability, and MTU) of the path to each destination as known by the advertising router without further topological information. In other words, there is no concept in EIGRP of graph representation of the EIGRP network describing each EIGRP routers within the EIGRP AS domain and its exact connections to its neighbors. >> Other Details EIGRP supports Classless Inter-Domain Routing (CIDR), allowing the use of variable-length subnet masks which is one of the protocol's improvements over its predecessor IGRP. EIGRP is not usable in applications where routers need to know the exact network topology (for example, traffic engineering in MPLS). EIGRP can run separate routing processes for Internet Protocol (IP), IPv6, IPX and AppleTalk through the use of protocol-dependent modules (PDMs). However, this does not facilitate translation between protocols. Configurations There are a number of commands used to configure EIGRP. Many of these were discussed in the previous EIGRP posts, but here’s a more complete review. A “router eigrp x” starts up an EIGRP process, where “x” is the autonomous system. Configuration under this router eigrp x as follows. * “network 172.16.0.0 0.0.1.255″ would enable EIGRP on all interfaces with IP addresses falling within the range of 172.16.0.0 - 172.16.1.255. * “metric weights” allows you to tweak the K values used in EIGRP metric computation. * “passive-interface” prevents EIGRP hellos from being sent on a particular interface. In effect, inbound hellos are ignored as well. * “eigrp stub” makes the router a stub router. Stub routers announce themselves as such to neighbors. There are options of: o connected - advertise connected routes with matching network statements. o summary - advertise auto-summarized routes or statically configured summary routes. o static - advertise static routes, assuming you’re redistributing static routes into EIGRP. o redistributed - advertise redistributed routes, assuming you’re redistributing. o receive-only - don’t advertise any routes. This one has to be used by itself. * “variance” allows you to install 2 routes to the same destination into the routing table, as long as their computed metric is “pretty close” as defined by the variance command. * “maximum-paths” allows you to define how many equal-cost routes can be installed in the routing table, up to 6 with a default of 4. * “traffic-share balanced” balances across the multiple routes, giving more packets to lower-metric routes. * “traffic-share min” sends traffic only to the lowest-metric route, despite multiple routes being in the routing table. * “traffic-share balanced across-interfaces” will cause the router will forward via different physical interfaces if possible, for better load balancing. If there is no “traffic-share” command you’ve configured, EIGRP will balance evenly across the routes in the routing table, with no regard for the specific EIGRP metric. In the “interface” paragraph, there are a number commands impacting EIGRP similar to Link-State protocol such as OSPF as follows. * “bandwidth” will be used in the metric computation. * “ip bandwidth-percent eigrp” limits the amount of bandwidth EIGRP traffic an utilize. That computation is based on defined bandwidth, so if you’ve artificially lowered the bandwidth as a way of tweaking the route metric, you can define that percentage over 100%. * “ip hello-interval eigrp” defines how many seconds in between hellos on this interface. This is an advertised value. EIGRP neighbors know to expect this interval. * “ip hold-time eigrp” defines how long to wait for contact from a neighbor before considering the neighbor dead, 3x the hello-interval by default. It’s also good to note that like RIP and other protocols not yet discussed in the OECG, you can perform MD5 authentication (although not plain text, which RIP does support), route filtering with distribute lists, offset-lists to tweak metrics, auto-summarization which can be disabled with “no auto-summary”, and disablement of split-horizon with “no ip split-horizon eigrp”. You can also force eigrp to clear everything in his topology table with “clear ip eigrp neighbor”. Route Summarization The “ip summary-address eigrp 1 172.16.0.0 255.240.0.0″ placed within an interface paragraph would cause EIGRP to advertise 172.16.0.0/12 as a summary route to any neighbors connected on that particular interface. If you want, you could also tag an administrative distance on the tail-end of that statement…although it’s not used for what you might think. You might think that the AD would be advertised with the summary to neighbors - not so. Rather the AD is used by the summarizing EIGRP router to determine whether or not it should place the summary route pointing to Null0 in his table or not. BTW, the EIGRP AD for summary routes defaults to 5. Default Routes The default route is listed as the “gateway of last resort”. You can advertise this default route in five different ways as follows. 1. Normal route redistribution from one protocol to another is one way, but not the chief method we’re interested in at the moment, since route redistribution was discussed earlier. 2. You can use a static route to 0.0.0.0/0, with the “redistribute static” command. Works for RIP & EIGRP. o The static default route and redistribute static command have to be on the same router. (Duh. Can you redistribute a static route on a *different* router?) o There’s a metric for this route, just like any other. You can set it, or allow it to default. o You can determine to redistribute this via a route-map if you like. o As with any redistribution, EIGRP will consider this an external route with an AD of 170. o You can’t do this with OSPF. 3. You can use the “default-information originate” command. Works for RIP & OSPF. o This is really an OSPF-targetted command; it doesn’t work with EIGRP. o This command will redistribute any default route in the routing table, whether it’s static or learned via some other protocol. o You can add the keyword “always” to the end of the command, which means OSPF will advertise a 0.0.0.0/0 route from that router, whether there’s one to redistribute or not. o With RIP, this command behaves similarly, with the notable difference that if there’s a static 0.0.0.0/0 route in the local routing table, RIP won’t advertise this via the default-information originate. Rather, RIP wants you to “redistribute static”. 4. You can use the “ip default-network” command. Works for RIP & EIGRP. This command allows you to inject default routes under the following conditions and remembering these considerations: o The syntax is “ip default-network net-number”, where “net-number” is some classful network number. o The classful network must be in the router’s local routing table, the specific method not of concern. o If using EIGRP, the classful network must be advertised from that router into the EIGRP AS, however you like. o You can’t use this command with OSPF. o RIP will inject a 0.0.0.0/0 route. o Contrary to what you might expect, EIGRP will not inject a 0.0.0.0/0 route. Rather, EIGRP will flag a route to the classful network as a “candidate default” route. You don’t actually see 0.0.0.0/0 in the remote routing table. Rather you see a classful route with an * next to it, because it’s considered a candidate to act as the default route. 5. You can use a summary route (the biggest summary of all). Works for EIGRP. o NOT recommended by Cisco. Remember that when you summarize routes, the summarizing router will create a local route that points the summary to Null0 - the place where packets go to die. o You can make it work, but you need to pay attention to your administrative distances. Setting Preferred Routes By Influencing Metrics EIGRP updates contain five metrics: minimum bandwidth, delay, load, reliability, and maximum transmission unit (MTU). Of these five metrics, by default, only minimum bandwidth and delay are used to compute best path. Unlike most metrics, minimum bandwidth is set to the minimum bandwidth of the entire path, and it does not reflect how many hops or low bandwidth links are in the path. Delay is a cumulative value, which increases by the delay value of each segment in the path. Possible Configurations Change the Interface Delay Parameter at R4 Use an offset-list on R4 to Modify the Composite Metric at R2 Change the Administrative Distance at R2 Change the Bandwidth at R2 Interface Delay R4# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R4(config)# interface ethernet0/1 R4(config-if)# delay 120 !--- Delay is entered in tens of microseconds. R4(config-if)# end R4# Offset-List Command to Add Composite Metric R4# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R4(config)# access-list 99 permit 10.1.3.0 0.0.0.255 R4(config)# router eigrp 1 R4(config-router)# offset-list 99 out 20 e0/0 R4(config-router)# end R4# Change the Administrative Distance R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# access-list 99 permit 10.1.3.0 0.0.0.255 R2(config)# router eigrp 1 R2(config-router)# distance 91 10.1.2.4 0.0.0.0 99 R2(config-router)# end R2# Change the Bandwidth R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# interface ethernet0 R2(config-if)# bandwidth 5000 R2(config-if)# end R2# Some Discussions »[CCNA] Distance vector Vs Link State Vs Hybrid
got feedback?by aryoba 1. Foundation Basic Database Exchange Designated Routers in LAN Designated Routers in WAN Design, LSA Types, and Stubby Areas OSPF Database Filter, OSPF ISPF (Incremental SPF), Advertising Routes to HSRP Virtual IP, neighbor local-as, neighbor disable-connected-check Few things to remember about OSPF Random OSPF Notes Brain Teaser 2 Bonus round! How I made close, yet still appropriate, friends with OSPF SPF Calculation & Steady-State Operation 2. Enforcing What You Should Know Configuration Equal-Cost OSPF E2s Tiebreaker Is Cost to ASBR Connect 2 Separate OSPF Backbone Areas Via Redistribution, RIP v2 Without “version 2″ Command, Multilink PPP over FR (MLPoFR) OSPF Summarization To A Specific Neighbor Using An Alternate Process ID OSPF Multicast Addresses, ISPF, OSPF Virtual-Link Authentication, match interface, EIGRP Stub, distance ospf, neighbor fallover, bgp fast-external-fallover, bgp dampening, Bidirectional PIM with BSR Frame Relay Inverse ARP IP DLCI number, area nssa translate type7 suppress-fa, IPv6 Redistribution Using include-connected, Stateful NAT, QoS drop, Login Block OSPF NSSA 7-to-5 Election and BGP Dual-AS General OSPF Comments and Making Things Harder Than They Are OSPF ABR Type 3 LSA Filtering Frame Relay Inverse ARP, IRB, OSPF Virtual Links, Unicast RIP, Router Auto-Install Frame Relay Inverse ARP, DHCP Manual Bindings, OSPF Point-to-Multipoint IP OSPF LLS disable, max lsa, redistribute maximum-prefix, Native IPv6 Tunneling, variance, set community no-advertise, ip mobile, Use Sane Bandwidth Statements OSPF Point-To-Multipoint, OSPF Priorities, RIP timers-basic, EIGRP stub receive-only, EIGRP Route Filtering By Source Protocol OSPF TTL=1, OSPF Tunneling in P-to-MP FR, Load-Sharing vs. Equal Cost Load-Balancing, “ip telnet quiet”, “service compress-config”, BGP Martians, Role-Based CLI Access, MVR IRB, OSPF Flood Reduction, BGP Maximum-Prefix, NTP Broadcast, VRRP 3. Recap Definitions Redistribution: RIP, EIGRP, OSPF Route Summarization: RIP, EIGRP, OSPF Default Routes: RIP, EIGRP, OSPF www.netcraftsmen.net/resources/ Introducing OSPF OSPF and Route Summarization OSPF - Part III Cisco website Why Are Some OSPF Routes in the Database but Not in the Routing Table? OSPF Incremental SPF - ispf Some discussions »[Config] OSPF - how did it get this metric? »[HELP] OSPF and EIGRP Metrics »[Config] OSPF Cost issue on redundant links »RIP vs OSPF »[Config] OSPF Limit routes in/out of an area? »[HELP] OSPF help »OSPF Migration
got feedback?by aryoba Cisco documentations Practical BGP BGP Best Path Selection Algorithm Part 2 www.cciecandidate.com Neighbors Building BGP Table Advertising BGP Routes BGP Synchronizations Building IP Routes Definitions Route Filtering and Summarization Path Attributes and Decision Process Policies and Best Path AS Path Prepend BGP Conditional Advertisements BGP Community BGP Well-Known Communities Routing Policies - Definitions Route Reflectors BGP Confederation Part 3 www.cciecandidate.com MPLS, Frame-Mode Convergence, PHP, and BGP Interaction Discussions »[Config] BGP Blackhole
got feedback?by aryoba »Broadcasting.... TCP or UDP »Multicasting in FOG »multicast help on a catos - 2948G? »[HELP] LLDP Multicast storm »dot11radio, vlans and bridging »[HELP] Limiting Multicast and Half Duplex Collisions »OSPF over a non-multicast link? »[Config] HSRP Config Issue »Odd HSRP multicast traffic »Multicast groups »[HELP] testing a CDN »Boarderware Mail Firewall and PIX configuration »CGMP used by Cisco LAN switches »[Config] Multicast configuration Question »multicast addresses »Forwarding multicast packets »Multicast packets being dropped between cisco rout »Invalid source address error Documentations www.netcraftsmen.net/welcher The Protocols of IP Multicast PIM Dense Mode PIM Sparse Mode IP Multicast and PIM Rendezvous Points Troubleshooting Too Much Multicast IP Multicast, Best Practices and Control www.cciecandidate.com Introduction to Multicasting - Basics Introduction to Multicasting - Addressing IGMP version 1 IGMP version 2 IGMP version 1 and 2 Interoperability and Timers IGMP version 3 and Multicast Listener Discovery Protocol (MLD) CGMP IGMP Snooping RGMP Multicasting - Definitions IP Multicast Routing - Basics Multicast RPF Check IP Multicast Routing - PIM DM Issues of multiple PIM-speaking routers on same subnet: Prune Override, Assert Message, Multicast Designated Router (DR) Distance Vector Multicast Routing Protocol (DVMRP) and Multicast Open Shortest Path First (MOSPF) IP Multicast Routing - PIM SM Part 1 of 2 IP Multicast Routing - PIM SM Part 2 of 2 PIM Sparse: Shared Root = RP RP Discovery and Discovery; Bidirectional PIM IP Multicast Routing - Definitions Multicast Static RP Multicast Redundant RP with MSDP Cisco website Introduction IP Multicast Technical Overview IP Multicast Deployment Fundamentals Guidelines for Enterprise IP Multicast Address Allocation IP Multicast Best Practices for Enterprise Customers PIM Configuring IP Multicast Routing IP Multicast Load Splitting - Equal Cost Multipath (ECMP) Using S, G and Next Hop PIM Dense Mode State Refresh PIM Version 2 PIM Sparse: Configuring RP (Rendezvous Point) Configuring RP and related topics PIM Sparse: Switching from Shared Tree (from RP to receiver) to Source Tree or Shortest-Path Tree (from Source directly to receiver) once the threshold in Kbps reaches Bidirectional PIM Anycast RP and Multicast Source Discovery Protocol (MSDP) IGMP, CGMP, and RGMP Customizing IGMP Multicast in a Campus Network: CGMP and IGMP Snooping IGMP State Limit Using RGMP: Basics and Case Study Quick References Configuring IP Multicast Routing Configuration Examples and TechNotes Multicast in a Campus Network: CGMP and IGMP Snooping IP Multicast Configuration Guide Cisco IOS IP Multicast Command Reference Multicast Quick-Start Configuration Guide Cisco Multicast Support Matrix Basic Multicast Troubleshooting Tools no ip mroute-cache command in an interface configuration to be sure that you see multicast packets when doing a debug ip mpacket troubleshooting IP Multicast Troubleshooting Guide Tips and Tricks Constraining Multicast Traffic with Source and Receivers on the Same VLAN on Catalyst Switches Running Catalyst OS Using IP Multicast Over Frame Relay Networks Using MSDP to Interconnect Multiple PIM-SM Domains Multicast Source Discovery Protocol SA Filter Recommendations Multicast Support for MPLS VPNs Configuration Example PIM RPF Vector Sample Configurations Scenario 1: There are two redundant routers act as edge routers receiving multicast feed from external network over DS-3 circuits. Router #1 version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! card type t3 1 logging buffered 32000 debugging enable secret 5 ******* ! no aaa new-model ! resource policy ! ip subnet-zero no ip source-route ip cef ! ! no ip dhcp use vrf connected ! ! ip ftp username ****** ip ftp password 7 ******* no ip domain lookup ip domain name yourdomain.com ip multicast-routing ip scp server enable no ftp-server write-enable voice-card 0 no dspfarm ! username Manager privilege 15 secret 5 ****** username User privilege 5 secret 5 ***** ! ! controller T3 1/0 ! ! interface Loopback0 ip address 11.65.64.1 255.255.255.255 ! interface GigabitEthernet0/0 ip address 172.18.18.12 255.255.0.0 ip access-group cust-firewall-in in no ip redirects no ip unreachables ip pim sparse-mode ip nat inside ip igmp version 3 no ip mroute-cache duplex auto speed auto media-type rj45 negotiation auto ntp disable no cdp enable standby 137 ip 172.18.18.11 standby 137 priority 110 standby 137 preempt standby 137 track Serial1/0 ! interface GigabitEthernet0/1 ip address 192.168.239.34 255.255.255.252 ip pim sparse-mode ip nat inside ip igmp version 3 duplex auto speed auto media-type rj45 negotiation auto no cdp enable ! interface Serial1/0 mtu 1950 ip address 128.11.65.66 255.255.255.248 ip pim sparse-mode ip nat outside encapsulation ppp no peer neighbor-route dsu bandwidth 44210 no cdp enable ! router rip version 2 timers basic 30 90 90 120 redistribute connected redistribute static offset-list any out 2 GigabitEthernet0/0 network 11.0.0.0 network 128.11.0.0 network 172.18.0.0 network 192.168.239.0 maximum-paths 3 distribute-list rip-cust-out out GigabitEthernet0/0 distribute-list rip-cust-in in GigabitEthernet0/0 distribute-list rip-peer-out out GigabitEthernet0/1 distribute-list rip-bfin-out out Serial1/0 no auto-summary ! ip classless no ip forward-protocol nd ip route 10.0.0.0 255.0.0.0 172.18.0.1 ip route 11.65.64.0 255.255.248.0 Null0 ip route 172.16.0.0 255.240.0.0 172.18.0.1 ! ! no ip http server no ip http secure-server ip nat translation timeout 3600 ip nat pool customer-nat 11.65.64.2 11.65.71.245 prefix-length 8 ip nat inside source route-map 1-dyna-nat-policy pool customer-nat reversible ! ip access-list standard any permit any ip access-list standard area-mgmt permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 ip access-list standard bfin-mgmt permit 160.43.3.0 0.0.0.255 permit 160.43.4.0 0.0.0.255 ip access-list standard bfin-registered permit 69.184.0.0 0.7.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 208.134.161.0 0.0.0.255 ip access-list standard bfin-server permit 69.184.0.0 0.0.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 permit 208.134.161.0 0.0.0.255 ip access-list standard bfin-snmp-mgrs permit 160.43.3.171 permit 160.43.4.171 permit 160.43.3.0 0.0.0.255 permit 160.43.4.0 0.0.0.255 permit 160.43.94.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 permit 160.43.6.0 0.0.0.255 permit 160.43.162.0 0.0.0.255 ip access-list standard corp-mgmt permit 160.43.6.0 0.0.0.255 permit 160.43.162.0 0.0.0.255 ip access-list standard corp-range permit 10.100.0.0 0.0.63.255 permit 10.100.64.0 0.0.63.255 permit 10.100.128.0 0.0.63.255 permit 10.102.0.0 0.0.255.255 permit 10.103.0.0 0.0.255.255 permit 10.104.0.0 0.0.255.255 permit 10.105.0.0 0.0.255.255 permit 10.106.0.0 0.0.255.255 permit 10.107.0.0 0.0.255.255 ip access-list standard cust-natable-range deny 69.184.0.0 0.7.255.255 deny 224.0.0.0 31.255.255.255 permit any ip access-list standard default permit 0.0.0.0 ip access-list standard deny-all deny any ip access-list standard dest-natable-range permit 208.134.161.0 0.0.0.255 permit 199.105.184.0 0.0.1.255 ip access-list standard feed-fe permit 160.43.13.0 0.0.0.255 permit 160.43.14.0 0.0.1.255 permit 160.43.16.0 0.0.1.255 permit 160.43.24.0 0.0.0.255 permit 160.43.90.0 0.0.1.255 permit 160.43.92.0 0.0.3.255 permit 160.43.96.0 0.0.1.255 permit 160.43.98.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 permit 160.43.172.0 0.0.3.255 ip access-list standard feed-mgmt permit 160.43.94.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 ip access-list standard lo0-local permit 11.65.64.1 ip access-list standard peer-local permit 11.209.0.1 ip access-list standard private permit 10.0.0.0 0.255.255.255 permit 172.16.0.0 0.15.255.255 permit 192.168.0.0 0.0.255.255 ip access-list standard rip-bfin-in permit any ip access-list standard rip-bfin-out deny 0.0.0.0 permit 11.65.64.0 permit 11.65.64.1 permit 11.209.0.1 deny 69.184.0.0 0.0.255.255 deny 160.43.0.0 0.0.255.255 deny 199.105.176.0 0.0.7.255 deny 199.105.184.0 0.0.1.255 deny 205.183.246.0 0.0.0.255 deny 208.134.161.0 0.0.0.255 deny any ip access-list standard rip-cust-in deny 69.184.0.0 0.0.255.255 deny 160.43.0.0 0.0.255.255 deny 199.105.176.0 0.0.7.255 deny 199.105.184.0 0.0.1.255 deny 205.183.246.0 0.0.0.255 deny 208.134.161.0 0.0.0.255 permit any ip access-list standard rip-cust-out deny 160.43.3.0 0.0.0.255 deny 160.43.4.0 0.0.0.255 permit 69.184.0.0 0.0.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 permit 208.134.161.0 0.0.0.255 deny any ip access-list standard rip-peer-in permit any ip access-list standard rip-peer-out permit any ip access-list standard shared-nat-local ip access-list standard unshared-nat-local permit 11.65.64.0 ! ip access-list extended cust-firewall-in deny ip any 160.43.3.0 0.0.0.255 deny ip any 160.43.4.0 0.0.0.255 deny udp any any eq tftp permit ip any any ip access-list extended source-dest-nat deny ip 128.11.65.64 0.0.0.7 any deny ip host 11.65.64.1 any deny ip 11.65.64.0 0.0.7.255 any deny ip 128.11.209.0 0.0.0.7 any deny ip host 11.209.0.1 any permit ip any any ! logging 160.43.3.171 logging 160.43.4.171 snmp-server community ***** RW bfin-snmp-mgrs snmp-server location ***** snmp-server contact Your Network Administrator snmp-server enable traps tty no cdp run route-map rip-bfin-out deny 10 match ip address default ! route-map rip-bfin-out deny 20 match ip address bfin-server ! route-map rip-bfin-out permit 30 match ip address peer-local ! route-map rip-bfin-out permit 40 match ip address lo0-local ! route-map rip-bfin-out permit 55 match ip address unshared-nat-local ! route-map rip-bfin-out deny 200 match ip address any ! route-map rip-peer-out permit 10 match ip address any ! route-map rip-cust-out deny 10 match ip address bfin-mgmt ! route-map rip-cust-out permit 20 match ip address bfin-server ! route-map rip-cust-out deny 100 match ip address any ! route-map rip-peer-in permit 10 match ip address any ! route-map rip-bfin-in permit 10 match ip address any ! route-map 1-dyna-nat-policy permit 20 match ip address source-dest-nat ! route-map 1-dyna-nat-policy deny 30 ! route-map 2-stat-nat-policy permit 20 match ip address source-dest-nat ! route-map 2-stat-nat-policy deny 30 ! route-map rip-cust-in deny 10 match ip address bfin-server ! route-map rip-cust-in permit 100 match ip address any ! control-plane ! line con 0 exec-timeout 0 0 password 7 ***** login stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 7 ****** logging synchronous login ! scheduler allocate 20000 1000 ! end Router #2 version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! card type t3 1 logging buffered 32000 debugging enable secret 5 ***** ! no aaa new-model ! resource policy ! ip subnet-zero no ip source-route ip cef ! ! no ip dhcp use vrf connected ! ! ip ftp username **** ip ftp password 7 ***** no ip domain lookup ip domain name yourdomain.com ip multicast-routing ip scp server enable no ftp-server write-enable voice-card 0 no dspfarm ! username Manager privilege 15 secret 5 ***** username User privilege 5 secret 5 ***** ! ! controller T3 1/0 ! interface Loopback0 ip address 11.65.64.1 255.255.255.255 ! interface GigabitEthernet0/0 ip address 172.18.18.13 255.255.0.0 ip access-group cust-firewall-in in no ip redirects no ip unreachables ip pim sparse-mode ip nat inside ip igmp version 3 no ip mroute-cache duplex auto speed auto media-type rj45 negotiation auto ntp disable no cdp enable standby 137 ip 172.18.18.11 standby 137 priority 105 standby 137 preempt standby 137 track Serial1/0 ! interface GigabitEthernet0/1 ip address 192.168.239.34 255.255.255.252 ip pim sparse-mode ip nat inside ip igmp version 3 duplex auto speed auto media-type rj45 negotiation auto no cdp enable ! interface Serial1/0 mtu 1950 ip address 128.11.65.66 255.255.255.248 ip pim sparse-mode ip nat outside encapsulation ppp no peer neighbor-route dsu bandwidth 44210 no cdp enable ! router rip version 2 timers basic 30 90 90 120 redistribute connected redistribute static offset-list any out 2 GigabitEthernet0/0 network 11.0.0.0 network 128.11.0.0 network 172.18.0.0 network 192.168.239.0 maximum-paths 3 distribute-list rip-cust-out out GigabitEthernet0/0 distribute-list rip-cust-in in GigabitEthernet0/0 distribute-list rip-peer-out out GigabitEthernet0/1 distribute-list rip-bfin-out out Serial1/0 no auto-summary ! ip classless no ip forward-protocol nd ip route 10.0.0.0 255.0.0.0 172.18.0.1 ip route 11.65.64.0 255.255.248.0 Null0 ip route 172.16.0.0 255.240.0.0 172.18.0.1 ! ! no ip http server no ip http secure-server ip nat translation timeout 3600 ip nat pool customer-nat 11.65.64.2 11.65.71.245 prefix-length 8 ip nat inside source route-map 1-dyna-nat-policy pool customer-nat reversible ! ip access-list standard any permit any ip access-list standard area-mgmt permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 ip access-list standard bfin-mgmt permit 160.43.3.0 0.0.0.255 permit 160.43.4.0 0.0.0.255 ip access-list standard bfin-registered permit 69.184.0.0 0.7.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 208.134.161.0 0.0.0.255 ip access-list standard bfin-server permit 69.184.0.0 0.0.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 permit 208.134.161.0 0.0.0.255 ip access-list standard bfin-snmp-mgrs permit 160.43.3.171 permit 160.43.4.171 permit 160.43.3.0 0.0.0.255 permit 160.43.4.0 0.0.0.255 permit 160.43.94.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 permit 160.43.6.0 0.0.0.255 permit 160.43.162.0 0.0.0.255 ip access-list standard corp-mgmt permit 160.43.6.0 0.0.0.255 permit 160.43.162.0 0.0.0.255 ip access-list standard corp-range permit 10.100.0.0 0.0.63.255 permit 10.100.64.0 0.0.63.255 permit 10.100.128.0 0.0.63.255 permit 10.102.0.0 0.0.255.255 permit 10.103.0.0 0.0.255.255 permit 10.104.0.0 0.0.255.255 permit 10.105.0.0 0.0.255.255 permit 10.106.0.0 0.0.255.255 permit 10.107.0.0 0.0.255.255 ip access-list standard cust-natable-range deny 69.184.0.0 0.7.255.255 deny 224.0.0.0 31.255.255.255 permit any ip access-list standard default permit 0.0.0.0 ip access-list standard deny-all deny any ip access-list standard dest-natable-range permit 208.134.161.0 0.0.0.255 permit 199.105.184.0 0.0.1.255 ip access-list standard feed-fe permit 160.43.13.0 0.0.0.255 permit 160.43.14.0 0.0.1.255 permit 160.43.16.0 0.0.1.255 permit 160.43.24.0 0.0.0.255 permit 160.43.90.0 0.0.1.255 permit 160.43.92.0 0.0.3.255 permit 160.43.96.0 0.0.1.255 permit 160.43.98.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 permit 160.43.172.0 0.0.3.255 ip access-list standard feed-mgmt permit 160.43.94.0 0.0.0.255 permit 160.43.166.0 0.0.0.255 ip access-list standard lo0-local permit 11.65.64.1 ip access-list standard peer-local permit 11.209.0.1 ip access-list standard private permit 10.0.0.0 0.255.255.255 permit 172.16.0.0 0.15.255.255 permit 192.168.0.0 0.0.255.255 ip access-list standard rip-bfin-in permit any ip access-list standard rip-bfin-out deny 0.0.0.0 permit 11.65.64.0 permit 11.65.64.1 permit 11.209.0.1 deny 69.184.0.0 0.0.255.255 deny 160.43.0.0 0.0.255.255 deny 199.105.176.0 0.0.7.255 deny 199.105.184.0 0.0.1.255 deny 205.183.246.0 0.0.0.255 deny 208.134.161.0 0.0.0.255 deny any ip access-list standard rip-cust-in deny 69.184.0.0 0.0.255.255 deny 160.43.0.0 0.0.255.255 deny 199.105.176.0 0.0.7.255 deny 199.105.184.0 0.0.1.255 deny 205.183.246.0 0.0.0.255 deny 208.134.161.0 0.0.0.255 permit any ip access-list standard rip-cust-out deny 160.43.3.0 0.0.0.255 deny 160.43.4.0 0.0.0.255 permit 69.184.0.0 0.0.255.255 permit 160.43.0.0 0.0.255.255 permit 199.105.176.0 0.0.7.255 permit 199.105.184.0 0.0.1.255 permit 205.183.246.0 0.0.0.255 permit 208.134.161.0 0.0.0.255 deny any ip access-list standard rip-peer-in permit any ip access-list standard rip-peer-out permit any ip access-list standard shared-nat-local ip access-list standard unshared-nat-local permit 11.65.64.0 ! ip access-list extended cust-firewall-in deny ip any 160.43.3.0 0.0.0.255 deny ip any 160.43.4.0 0.0.0.255 deny udp any any eq tftp permit ip any any ip access-list extended source-dest-nat deny ip 128.11.65.64 0.0.0.7 any deny ip host 11.65.64.1 any deny ip 11.65.64.0 0.0.7.255 any deny ip 128.11.209.0 0.0.0.7 any deny ip host 11.209.0.1 any permit ip any any ! logging 160.43.3.171 logging 160.43.4.171 snmp-server community **** RW bfin-snmp-mgrs snmp-server location ***** snmp-server contact Your Network Administrator snmp-server enable traps tty no cdp run route-map rip-bfin-out deny 10 match ip address default ! route-map rip-bfin-out deny 20 match ip address bfin-server ! route-map rip-bfin-out permit 30 match ip address peer-local ! route-map rip-bfin-out permit 40 match ip address lo0-local ! route-map rip-bfin-out permit 55 match ip address unshared-nat-local ! route-map rip-bfin-out deny 200 match ip address any ! route-map rip-peer-out permit 10 match ip address any ! route-map rip-cust-out deny 10 match ip address bfin-mgmt ! route-map rip-cust-out permit 20 match ip address bfin-server ! route-map rip-cust-out deny 100 match ip address any ! route-map rip-peer-in permit 10 match ip address any ! route-map rip-bfin-in permit 10 match ip address any ! route-map 1-dyna-nat-policy permit 20 match ip address source-dest-nat ! route-map 1-dyna-nat-policy deny 30 ! route-map 2-stat-nat-policy permit 20 match ip address source-dest-nat ! route-map 2-stat-nat-policy deny 30 ! route-map rip-cust-in deny 10 match ip address bfin-server ! route-map rip-cust-in permit 100 match ip address any ! control-plane ! line con 0 exec-timeout 0 0 password 7 ***** login stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 7 ******* logging synchronous login ! scheduler allocate 20000 1000 ! end Scenario 2: Sample configuration on Catalyst 4500 series switch, act as MDF; contribution of mplex  .Note: Anyone using this should be aware that multicast is not configured for redundancy at the MDF level here, and you need to make sure your primary HSRP router has a higher PIM DR priority than default to avoid flooding. version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service compress-config
!
hostname ...mdf
!
boot-start-marker
boot-end-marker
!
logging buffered 32768 debugging
no logging console
no logging monitor
enable secret 5 ...
!
username ... password 7 ...
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default local group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 3 default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 6 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 8 default start-stop group tacacs+
aaa accounting commands 9 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 11 default start-stop group tacacs+
aaa accounting commands 12 default start-stop group tacacs+
aaa accounting commands 13 default start-stop group tacacs+
aaa accounting commands 14 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
clock timezone EST -5
clock summer-time EST recurring
qos
qos dbl exceed-action ecn
qos dbl
qos map dscp 0 to tx-queue 2
qos map dscp 16 18 20 22 24 25 26 32 to tx-queue 4
qos map dscp 34 36 38 to tx-queue 4
qos map dscp policed 0 24 32 34 40 46 48 to dscp 8
qos map cos 5 6 to dscp 46
ip subnet-zero
ip domain-name ....com
ip name-server ....
ip name-server ....
!
ip dhcp snooping vlan 1-1005
no ip dhcp snooping information option
no ip dhcp snooping verify mac-address
ip dhcp snooping
ip multicast-routing
ip ssh version 2
!
!
!
errdisable recovery cause bpduguard
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause unicast-flood
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 1800
power redundancy-mode redundant
!
macro name access
no macro description
no switchport mode trunk
no switchport trunk all vlan 1-1005
no switchport trunk enc dot1q
no qos trust dscp
no ip dhcp snooping trust
no storm-control broadcast level 0.10
no tx-queue 1
no tx-queue 2
no tx-queue 3
no tx-queue 4
no service-policy output DBL
no ip dhcp snooping trust
switchport mode access
switchport host
storm-control broadcast level 0.10
ip dhcp snooping limit rate 5
service-policy input ACCESS-LAYER-QOS
qos trust cos
@
macro name uplink
no macro description
no switchport mode access
no switchport access vlan
no switchport voice vlan
no spanning-tree portfast
no service-policy input ACCESS-LAYER-QOS
no storm-control broadcast level 0.10
no ip dhcp snooping limit rate 5
no qos trust cos
ip dhcp snooping trust
qos trust dscp
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
service-policy output DBL
switchport trunk enc dot1q
switchport mode trunk
switchport trunk allowed vlan 1-1005
@
macro name downlink
no macro description
no switchport mode access
no switchport access vlan
no switchport voice vlan
no spanning-tree portfast
no service-policy input ACCESS-LAYER-QOS
no storm-control broadcast level 0.10
no ip dhcp snooping limit rate 5
no ip dhcp snooping trust
no qos trust cos
qos trust dscp
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
service-policy output DBL
switchport trunk enc dot1q
switchport mode trunk
switchport trunk allowed vlan 1-1005
@
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 200 priority 4096
spanning-tree vlan 400 priority 20480
!
vlan internal allocation policy ascending
!
vlan 2200
name core1
!
vlan 3200
name core2
!
class-map match-any H323-VIDEO
match access-group name H323-VIDEO
class-map match-all VOIP-PHONE
match access-group name VOIP-PHONE
!
!
policy-map ACCESS-LAYER-QOS
class VOIP-PHONE
police 128000 bps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
class H323-VIDEO
police 20000000 bps 8000 byte conform-action transmit exceed-action policed-dscp-transmit
policy-map DBL
class class-default
dbl
!
!
interface Loopback0
ip address .... 255.255.255.255
!
interface GigabitEthernet1/1
description [core1]
switchport trunk encapsulation dot1q
switchport trunk native vlan 2200
switchport trunk allowed vlan 34,2200
switchport mode trunk
qos trust dscp
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
service-policy output DBL
ip dhcp snooping trust
!
interface GigabitEthernet1/2
description [core2]
switchport trunk encapsulation dot1q
switchport trunk native vlan 3200
switchport trunk allowed vlan 34,3200
switchport mode trunk
qos trust dscp
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
service-policy output DBL
ip dhcp snooping trust
!
interface GigabitEthernet2/1
description [Sample Trunk Port]
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-1005
switchport mode trunk
qos trust dscp
tx-queue 1
bandwidth percent 5
tx-queue 2
bandwidth percent 25
tx-queue 3
bandwidth percent 30
priority high
shape percent 30
tx-queue 4
bandwidth percent 40
service-policy output DBL
!
interface GigabitEthernet4/1
description [Sample Access Port]
switchport access vlan 200
switchport mode access
switchport voice vlan 400
no snmp trap link-status
storm-control broadcast level 0.10
storm-control broadcast level 0.10
spanning-tree portfast
service-policy input ACCESS-LAYER-QOS
ip dhcp snooping limit rate 5
!
interface Vlan1
ip address ..200.1 255.255.255.0
no ip redirects
no ip proxy-arp
!
interface Vlan200
description [-Access]
ip address ..200.51 255.255.255.0
ip helper-address ....
ip helper-address ....
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
standby 200 ip ....
standby 200 timers 1 3
standby 200 priority 190
standby 200 preempt delay minimum 30
!
interface Vlan400
description [-Access-VOICE]
ip address .... 255.255.255.0
ip helper-address ....
ip helper-address ....
no ip redirects
no ip proxy-arp
standby 200 ip ....
standby 200 priority 150
standby 200 preempt delay minimum 30
!
interface Vlan2200
description [core1]
ip address ..200.11 255.255.255.254
ip pim sparse-dense-mode
ip ospf network point-to-point
!
interface Vlan3200
description [core2]
ip address ..200.21 255.255.255.254
ip pim sparse-dense-mode
ip ospf network point-to-point
!
router ospf 100
log-adjacency-changes
timers throttle spf 5 1000 60000
passive-interface default
no passive-interface Vlan2200
no passive-interface Vlan3200
network .... 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip ospf name-lookup
!
ip access-list extended H323-VIDEO
permit ip any any dscp cs3
permit ip any any dscp cs4
permit ip any any dscp cs5
permit ip any any dscp af31
permit ip any any dscp af41
permit ip any host 128.23.1.59
ip access-list extended VOIP-PHONE
permit ip any any dscp ef
permit ip any any dscp cs5
!
ip access-list extended MANAGEMENT-NETS
permit ip .... 0.0.0.255 any
!
logging facility local2
logging source-interface Loopback0
logging ....
tacacs-server host ....
tacacs-server directed-request
tacacs-server key 7 ....
radius-server source-ports 1645-1646
!
alias configure sh do sh
alias exec ps show proc cpu | excl 0.00%__0.00%__0.00%
alias exec acl sh ip access-lists
alias exec mem sh proc mem
alias exec rates sh int | include (protocol|rate)
alias exec stp sh spanning-tree detail | i changes|exec
!
line con 0
exec-timeout 15 0
password 7 ....
logging synchronous
transport preferred none
escape-character 3
stopbits 1
line vty 0 4
access-class MANAGEMENT-NETS in
exec-timeout 15 0
password 7 ....
logging synchronous
transport preferred none
escape-character 3
line vty 5 15
access-class MANAGEMENT-NETS in
exec-timeout 15 0
password 7 ....
logging synchronous
transport preferred none
escape-character 3
!
ntp server ....
ntp server ....
end
Scenario 3: Network Diagram
ASA/PIX Firewall multicast-routing ! interface GigabitEthernet0/0 description LAN/STATE Failover Interface speed 100 duplex full ! interface GigabitEthernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 10.32.1.245 255.255.255.0 standby 10.32.1.244 igmp limit 10 igmp forward interface market_trade ! interface GigabitEthernet0/2 speed 100 duplex full nameif market_trade security-level 3 ip address 10.32.8.252 255.255.255.0 standby 10.32.8.251 igmp limit 10 igmp join-group 224.1.0.0 igmp join-group 224.1.0.1 ! interface GigabitEthernet0/3 speed 100 duplex full nameif market_data security-level 5 ip address 10.32.9.252 255.255.255.0 standby 10.32.9.251 ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! interface GigabitEthernet1/0 speed 100 duplex full nameif thompson security-level 0 ip address 10.32.10.10 255.255.255.240 standby 10.32.10.11 ! interface GigabitEthernet1/1 speed 100 duplex full nameif market_services security-level 10 ip address 172.21.39.250 255.255.255.0 standby 172.21.39.251 igmp limit 10 igmp forward interface market_trade ! route inside 0.0.0.0 0.0.0.0 10.32.1.250 Router 1 ip multicast-routing ! interface Loopback0 description Loopback for Multicast ip address 10.32.0.10 255.255.255.255 ip pim sparse-mode ! interface Loopback1 description Loopback for SNMP, logging, OSPF ID, BGP ID and MSDP multicast peering ip address 10.32.0.11 255.255.255.255 ! interface FastEthernet0/0 description Facing ASA/Firewall ip address 10.32.1.251 255.255.255.0 no ip redirects ip pim sparse-mode ip igmp join-group 224.1.0.0 ip igmp join-group 224.1.0.1 standby 101 ip 10.32.1.250 standby 101 priority 105 standby 101 preempt ! interface FastEthernet0/1 description LAN ip address 10.32.151.251 255.255.252.0 ip helper-address 10.32.2.1 ip helper-address 10.32.3.13 ip helper-address 10.123.1.71 ip helper-address 10.123.1.72 ip helper-address 10.32.2.65 ip helper-address 10.32.2.3 ip helper-address 10.32.36.22 ip helper-address 10.32.36.30 no ip redirects ip pim sparse-mode ip igmp static-group 224.1.0.0 standby 151 ip 10.32.151.250 standby 151 priority 105 standby 151 preempt ! ip route 0.0.0.0 0.0.0.0 10.32.1.245 ! ip pim rp-address 10.32.0.10 ip msdp peer 10.32.0.12 connect-source Loopback1 ip msdp cache-sa-state ip msdp originator-id Loopback1 Router 2 ip multicast-routing ! interface Loopback0 description Loopback for Multicast ip address 10.32.0.10 255.255.255.255 ip pim sparse-mode ! interface Loopback1 description Loopback for SNMP, logging, OSPF ID, BGP ID and MSDP multicast peering ip address 10.32.0.12 255.255.255.255 ! interface FastEthernet0/0 description Facing ASA/PIX Firewall ip address 10.32.1.252 255.255.255.0 no ip redirects ip pim sparse-mode ip igmp join-group 224.1.0.0 ip igmp join-group 224.1.0.1 standby 101 ip 10.32.1.250 ! interface FastEthernet0/1 description LAN ip address 10.32.151.251 255.255.252.0 ip helper-address 10.32.2.1 ip helper-address 10.32.3.13 ip helper-address 10.123.1.71 ip helper-address 10.123.1.72 ip helper-address 10.32.2.65 ip helper-address 10.32.2.3 ip helper-address 10.32.36.22 ip helper-address 10.32.36.30 no ip redirects ip pim sparse-mode ip rip advertise 5 ip igmp static-group 224.1.0.0 standby 151 ip 10.32.151.250 ! ip route 0.0.0.0 0.0.0.0 10.32.1.245 ! ip pim rp-address 10.32.0.10 ip msdp peer 10.32.0.11 connect-source Loopback1 ip msdp cache-sa-state ip msdp originator-id Loopback1
got feedback?by aryoba got feedback?by aryoba | |||||||||||||
| Wednesday, 23-May 18:26:08 | Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo over 12.5 years online © 1999-2012 dslreports.com. |
