Pages

Saturday, July 7, 2012

ccnp route eigrp 3

Implementing Advanced eigrp
Here router only knows what its neighbor tells it.
Eigrp over NBMA network

Configure eigrp using AS 25
HQ

router eigrp 25
network 10.1.0.0
network 172.16.0.0
no auto-summary

EAST
router eigrp 25
no auto
network 10.2.0.0 0.0.255.255
network 172.16.0.0
show ip route

WEST
router eigrp 25
no auto
network 10.3.0.0 0.0.255.255
network 172.16.0.0

show ip route

HQ
show ip route

EAST don't know about WEST router
split horizon issue

on this multi-point setup we need to disable split-horizon
HQ
int s0/0/1
no ip split-horizon eigrp 25

EAST
show ip route
Now you can see routes from west router

ping 10.2.2.1

Each office should generate an efficient EIGRP summary
HQ
int s0/0/1
ip summary-address eigrp 25 10.1.0.0 255.255.252.0

show ip route
EAST
show ip int br
ip summary-address eigrp 25 10.2.0.0 255.255.252.0

WEST
int s0/0.1
ip summary-address eigrp 25 10.3.0.0 255.255.252.0

show ip route

summary route always point to null0 but it never use null0 until there is some specific route

configure the HQ route to utilize up to 30% more of the allocated serial interface bandwidth than eigrp's default configuration

Eigrp limit itself to the 50% of the interface BW by default
if there are more interface let say 2 int, divide among two neighbor
then 50/2 == 25k each
which is very less so we increase BW percent

HQ
int s0/0.1
ip bandwidth-percent eigrp 25 80=== which 30 % more than allocated 50

Enable authentication
eigrp use key-chain ==which has specific keys
the router can automatically change these keys dynamically

NTP is always used in these routers to keep track of time

HQ
key chain EIGRP_KEYS
key 1
key-string cisco1
accept-lifetime 00:00:00 1 jan 2010 00:00:00 1 Feb 2010
send ------------
exit

key 2
key-string cisco2
accept-lifetime 00:00:00 28 Jan 2010 infinite
send-lifetime .....

show run | i section key chain

use the same config in both EAST and WEST

now do eirgp authentixcation
HQ
int s0/0.1
ip authentication mode eigrp 25 md5
eigrp only supports md5
ip authentication key-chain eigrp 25 EIGRP_kEYS

use same config in east and west router

HQ
debug eigrp packet
debug every packet that is sent
key id should be same in both the neighbors

Best practices and design
very simple to configure
eavesdropping on eigrp neighbors
debug eigrp packets
or debug eigrp packets query reply ==more specific

u all==to disable debugging

understanding the query process
the only router having backup route
if any of the interfaces of router goes down ..it will send a query to all the neighbors to see if any backup router is there to reach that particular network
if any connected router don't have information ..again it will send information all other neighbors and finally loop will occur ==there will be chaos
it will wait by default 3 min to hear from all the neighbors for the query(stuck in active) even though it receives a reply from any of the routers.
after 3 mins it will make all neighbor down.

making eigrp more efficient
Two ways to solve query problem

1. summary routes
2. stub configuration

a stub is network that doesn't have a way to go anywhere

stub config:
usually used in the hub and spoke
router eigrp 1
eigrp stub connected ==which is default

K values :
if k values are different, then the neighbor relationship won't form
k value is from 0-255
when there is a change in the process we will see goodbye message received

No comments:

Post a Comment