Archive for the ‘route’ tag
- How do you keep EIGRP from killing your WAN?
You can use the ip bandwidth-percent eigrp AS X command to limit the amount of bandwidth that EIGRP uses to update neighbors.
- How does EIGRP calculate how much bandwidth it can use for each frame relay PVC?
By default, EIGRP takes 50% of the (sub)interface’s configured bandwidth (with the bandwidth command) to use for updates on NBMA (non-broadcast mutliaccess) networks like frame relay. This value is divided equally among all the PVC configured on that interface.
- Why should you use delay instead of bandwidth to manipulate EIGRP?
There are other mechanisms, like QoS, that use bandwidth, so changing that value would affect those mechanisms. Only EIGRP uses delay.
- What’s the difference between the feasible distance (FD) and the reported (advertised) distance (RD)?
Feasible distance is the EIGRP metric value after the router has added it’s own information like bandwidth and delay to the formula. The reported distance is what a router calculates before it has added it’s own values. Essentially, the FD of one router is the RD of the next.
- What is an offset list?
An offset list is a way to artificially increment the FD and RD of a route or set of routes.
- You can add the load k-value into the metric calculation in EIGRP, but it’s not generally a good idea. Why?
The load is constantly changing as traffic changes on an interface. This would cause a constant stream of updates as traffic flows change.
- How often does a router send its full EIGRP topology table?
When new neighbors come up, the neighbors exchange their full tables, but, from that point forward, only updates are sent.
- When we talk about bandwidth in EIGRP, what are we actually talking about?
The bandwidth is actually the bandwidth of the slowest link between a router and the destination network. This is what’s used in the calculations.
- Assuming we’re using k1 and k3, what is the formula for calculating the metric?
metric = 256 * ( 10^7 / bandwidth [in kbps] + cumulative delay )
- You’ve decided to use k2 in your metric calculations, so you add that to a router. What happens to all the neighbors?
The neighbors all drop and start generating a “K-value mismatch” error.
- What is a successor? Feasible successor?
A successor is the EIGRP route for a particular network entry with the lowest metric. This is the route that EIGRP submits to the routing table for inclusion. A feasible successor (FS) is another EIGRP whose RD is lower than the successor’s FD; feasible successors can be used as an alternate path to a network if the successor goes away somehow.
- Where would you run into split horizon issues with EIGRP?
Split horizon says that you don’t advertise a route over the interface on which it was received. If you have a multipoint WAN link of some kind, routes from one spoke won’t be passed to another spoke through the hub.
- In what unit is the delay directive?
Tens of microseconds (10 * usec). That means that delay 1000 is 10,000 usec, or 10 ms.
- How does EIGRP do unequal cost path load balancing?
You can set the maximum-paths value under EIGRP to set the maximum number of equal paths that can be used. You also set the variance command there with a multiplier integer. The variance is multiplied by the successor’s FD, and any feasible successor whose metric is less than this new number is considered equal cost.
- What is an EIGRP stub router?
A stub router only receives routes via EIGRP and does not send them to other EIGRP neighbors. Since all the other routers know a router is a stub, they won’t send query messages to the stub router if they’re looking for a route. This will cut down on time waiting in active state.
- What is “stuck in active”?
If a successor for a network becomes unavailable and there are no FSes, a router will query each of its neighbors for a new routes to that network. If that router does not have a route, it will then ask its own neighbors, etc. In the meantime, the original router is still waiting for everyone to answer (that is, the route is in the active state) and will wait patiently until that happens. This could take a long time and result in a several-second outage to the queried network.
- By default, which types of routes are sent to EIGRP neighbors from a stub router?
Connected and summary
What Command Was That?
- …disables split horizon on an interface?
R1(config-if)#no ip split-horizon eigrp 1
- …sets the delay of an interface to 10ms?
R1(config-if)#delay 1000 (remember the tens of usec unit)
- …restricts the amount of bandwidth that EIGRP uses to 20% of the total bandwidth on an interface?
R1(config-if)#ip bandwidth-percent eigrp 1 20
- …apply an offset list to interface F0/0?
R1(config-router)#offset-list ACL in OFFSET F0/0
- …show the metrics of all the EIGRP routes a router has recieved for a network?
show ip eigrp topology 192.168.0.0/24
- …shows the successors and feasible successors for a network?
show ip eigrp topology 192.168.0.0/24
- …shows if a neighbor is a stub?
show ip eigrp neighbor detail
- …shows the maximum-paths and variance values?
show ip protocols
Or neighborships, as they call it in the book. What a terrible word.
- What settings must match between two routers in order to become EIGRP neighbors?
Both routers must be in the same primary subnet
Both routers must be configured to use the same k-values
Both routers must in the same AS
Both routers must have the same authentication configuration (within reason)
The interfaces facing each other must not be passive
- What are the default hello and hold times in EIGRP?
On links with bandwidth > 1.544Mbps:
Hello: 5 sec
Hold: 15 sec
On links with bandwidth <= 1.544
Hello: 60 sec
Hold: 180 sec
- How do you change the hello and hold times?
You set these values at the interface.
R1(config-if)#ip hello-interval eigrp 1 X
R1(config-if)#ip hold-tim eigrp 1 X
- How do you keep an interface from being used for EIGRP discovery?
Don’t configure a network statement that includes that interface
Make the interface passive
Configure static neighbors for that interface
- Why might NTP be a good thing to use in regards to EIGRP?
EIGRP uses key chains for authentication. Key chains can be configured with a range of valid dates and times. If the time on two routers was off by even a few seconds, some keys would expire, causing neighbor relationships to drop.
- How do you configure EIGRP authentication?
In each interface participating in EIGRP, you configure the authentication mode and the key chain to use.
R1(config-if)#ip authentication mode eigrp 1 md5
R1(config-if)#ip authentication key-chain eigrp 1 KEYCHAIN1
- What are the k-values that EIGRP uses?
k1 = bandwidth
k2 = load
k3 = delay
k4 = reliability
k5 = MTU
- How does a router choose its router ID in EIGRP?
First, it looks for a configured router-id in the EIGRP configuration. If none exists, it uses the highest (largest) IP address configured on a loopback interface. If no loopbacks exist, it uses the highest IP configured on the other interfaces.
What Command Was That?
What command tells you…
- …whether a neighbor was discovered or statically configured?
show ip eigrp neighbor detail
- …what interfaces are involved in EIGRP?
show ip eigrp interfaces
- …what k-values your router is using?
show ip protocols
- …how long your router has been neighbored with another router?
show ip eigrp neighbors
- …what your router ID is?
show ip eigrp topology
show ip eigrp accounting
- …a summary of the configured network statements?
show ip protocols
- …the configured hello interval?
show ip eigrp interface detail
- …the configured hold time?
There’s isn’t a way to do it directly. You have to check your neighbors several times over the course of a few seconds to see where the hold timers drop to before resetting.
I’ve seen and used the command before, but I’ve never really seen any use of the show ip protocols command until tonight while reading up for my ROUTE test. There’s a lot of good information in the output, and, from the way the book is reading, this is a great candidate for use in a lab question.
To check it out a bit, I set up a small network with four routers connected only to a single Ethernet segment. I set up one router to run EIGRP, OSPF, and BGP to each one of the other routers just so I could see the output for the different routing protocols. Here’s what puked out after struggling with GNS for a few minutes.
R1#sh ip protocols Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 192.168.0.0 Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170 Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.0.101 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 192.168.0.0 0.0.0.255 area 0 Reference bandwidth unit is 100 mbps Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Routing Protocol is "bgp 65001" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set IGP synchronization is disabled Automatic route summarization is disabled Neighbor(s): Address FiltIn FiltOut DistIn DistOut Weight RouteMap 192.168.0.104 Maximum path: 1 Routing Information Sources: Gateway Distance Last Update Distance: external 20 internal 200 local 200
The EIGRP section shows some important details, including what k-values are used, networks configured, and administrative distance (AD) of the various route types (internal and external). The OSPF section shows the router ID, number of areas on the router, and number of area types (normal, stub, NSSA), as well as the networks configured and the AD. The section regarding BGP shows summarization status, neighbors (along with any filter lists, distribution lists, local weights, and route-maps if they were configured), and the ADs again.
That’s good stuff to know. I’ll have to put that command in usual repertoire.
Last time, we talked about a nifty little lab I set up for redistribution and how the OSPF ASBRs acted a little differently than I expected. This time, let’s look at how changing external OSPF routes to a metric-type of 1 (E1) affects the routing tables.
Here’s the network again.
The static routes are being redistributed into their respective IGPs, and EIGRP is being redistributed into OSPF. Let’s look at the routing table on R1.
Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks O 10.0.0.2/32 [110/11] via 192.168.0.102, 00:06:53, Ethernet0/0 O E2 10.0.0.3/32 [110/20] via 192.168.0.105, 00:06:53, Ethernet0/0 [110/20] via 192.168.0.102, 00:06:53, Ethernet0/0 S 10.10.10.0/24 is directly connected, Null0 C 10.0.0.1/32 is directly connected, Loopback0 O E2 10.0.0.4/32 [110/20] via 192.168.0.105, 00:06:53, Ethernet0/0 [110/20] via 192.168.0.102, 00:06:53, Ethernet0/0 O 10.0.0.5/32 [110/11] via 192.168.0.105, 00:06:53, Ethernet0/0 O E2 10.10.20.0/24 [110/20] via 192.168.0.105, 00:06:03, Ethernet0/0 C 192.168.0.0/24 is directly connected, Ethernet0/0 O E2 192.168.101.0/24 [110/20] via 192.168.0.105, 00:06:53, Ethernet0/0 [110/20] via 192.168.0.102, 00:06:53, Ethernet0/0
Notice that there are two routes to each of the networks discovered from EIGRP (the loopbacks of 10.0.0.3/32 and 10.0.0.4/32 as well as 192.168.101.0/24). There is nothing strange here; OSPF simply sees the exit paths through the ASBRs. How about if we change the metric-type on the routes from R2 and see what happens?
I know of at least two ways you can do it. First, you can set the metric-type in the redistribute command on the ASBR’s OSPF process.
redistribute eigrp 1 subnets metric-type 1
You can also use a route-map to set the metric-type and apply that to the redistribute command.
route-map TEST permit 10 set metric-type type-1 ! redistribute eigrp 1 route-map TEST subnets
Either way does the same thing. Now let’s check the route table on R1 again.
Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks O 10.0.0.2/32 [110/11] via 192.168.0.102, 00:18:30, Ethernet0/0 O E1 10.0.0.3/32 [110/30] via 192.168.0.102, 00:02:11, Ethernet0/0 S 10.10.10.0/24 is directly connected, Null0 C 10.0.0.1/32 is directly connected, Loopback0 O E1 10.0.0.4/32 [110/30] via 192.168.0.102, 00:02:11, Ethernet0/0 O 10.0.0.5/32 [110/11] via 192.168.0.105, 00:18:30, Ethernet0/0 O E2 10.10.20.0/24 [110/20] via 192.168.0.105, 00:17:40, Ethernet0/0 C 192.168.0.0/24 is directly connected, Ethernet0/0 O E1 192.168.101.0/24 [110/30] via 192.168.0.102, 00:02:11, Ethernet0/0
Only one route this time, and it’s the E1 route from R2. It seems that E1 routes are more preferred than E2 routes. Let’s look at the OSPF database for 192.168.101.0/24 on R1 to see if we can figure that out.
R1#sh ip ospf database external 192.168.101.0 OSPF Router with ID (10.0.0.1) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 467 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 192.168.101.0 (External Network Number ) Advertising Router: 10.0.0.2 LS Seq Number: 80000004 Checksum: 0xEA58 Length: 36 Network Mask: /24 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Routing Bit Set on this LSA LS age: 1497 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 192.168.101.0 (External Network Number ) Advertising Router: 10.0.0.5 LS Seq Number: 80000001 Checksum: 0x6260 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0
You can see that everything is the same except for the metric-type field, which is exactly what we expect. By definition, if an external OSPF route is E1, the internal OSPF cost is added to the total cost of the route. This is reflected in the “Comparable directly to link state metric” text next to the Metric Type value. In contrast, an E2 route does not have the cost incremented; the cost is simply passed down the line as “Larger than any link state path”. This means that E1 routes are considered more accurate and should be more preferred than E2 routes.
twitter updates questions my way.
I just got back from Global Knowledge’s ROUTE class, and I must say that it was a great class. John Barnes puts on quite the show and is the best instructor I’ve ever had. I digress, though.
One of the topics we covered was route redistribution, so I went back to the hotel one night and fired off this network in GNS3 to study a bit.
The object was to see how redistributing statics into OSPF and into EIGRP differ. It was also an opportunity to see how EIGRP redistributes into OSPF (and OSPF into EIGRP, but I didn’t make it that far). To do that, I redistributed 10.10.10.0/24 from R1 into OSPF and 10.10.20.0/24 from R4 into EIGRP. I then had R2 and R5 redistribute all EIGRP routes into OSPF. It’s a nice mix, but I saw some weirdness in the paths to 10.10.20.0/24.
Here’s the simple config from R4 that shows the redistribution. I’m just shoving the static routes into EIGRP without touching the K-values.
ip route 10.10.20.0 255.255.255.0 Null0 <SNIP> router eigrp 1 redistribute static network 10.0.0.4 0.0.0.0 network 192.168.101.0 no auto-summary
Nothing out of the ordinary going on there. I can see the route on R3 and R2 as a “D EX”.
D EX 10.10.20.0/24 [170/281600] via 192.168.101.104, 00:29:33, Ethernet0/0
It’s not the case for R5, though. Check this out.
O E2 10.10.20.0/24 [110/20] via 192.168.0.102, 00:34:52, Ethernet0/0
That, my friend, is an external OSPF route (Type-5 LSA for those scoring at home) going through R2. Why the heck does that happen? The physical path is shorter through R4, but it really comes down to administrative distance. EIGRP has an AD of 90, but external EIGRP routes (D EX) have an AD of 170. Since OSPF routes have an AD of 110, the OSPF route wins. Even though you may have a much “better” route through one protocol, simply having a route in another protocol with a lower AD will be enough to win.
I found another nuance with R1, as well, but that will have to wait until next time.
Android Twitter clients questions my way.
So, why didn’t R2 see the route via OSPF through R5? I experimented a bit by reloading each router to see what would happen. When I reload R2, R5 quickly picks up the EIGRP route, but, from there, things seem a little random to me. Sometimes, R5 picks the OSPF route through R2 again. Sometimes, R2 picks R5 as the best path and leaves R5 to route via EIGRP. The same happens when I reload R5; sometimes the route goes one way and sometimes it goes the other. Can one of you higher-ups shed any light on why this happens like it does?
Rofi at ITDualism is giving away a ROUTE cert kit to a random commenter. Swing by there and put your name in the hat.
We talked about running multiple data centers on a stick back in August, which is where you have multiple logical pairs of client and server VLANs on a single CSM for different tiers or functions. The big point of the article was that you had to do some fancy forwarding to get a server-initiated connection from one server VLAN to appear out the appropriate client VLAN. Well, we ran into an interesting issue with the given solution.
Let’s set up a scenario. Check the diagram for an overview. We have many pairs of client and server VLANs each with a firewall interface as the gateway into the DCOAS. Let’s just focus on just one, though — client VLAN 101 and server VLAN 102. In VLAN 101 is ServerA (not pictured) with an IP of 18.104.22.168; in VLAN 102 is our web farm that needs to connect to ServerA to drop off some data. We add a static route on ServerA pointing traffic for 22.214.171.124/24 back through the CSM.
When you try to connect from the web farm, though, it just times out. Why is that?
Remember that weird forwarding vserver that we had to use to get traffic to come out of the right client VLAN? Well, that’s stabbing you in the eye right now. When the web server initiates a connection, it sends traffic to the server VLAN IP of the CSM. The forwarding vserver grabs the new connection and load balances it to its only RIP, which is the IP of the firewall. What happens when any good firewall accepts traffic destined on an interface destined for a host out of the same interface? It drops the packet, and, eventually, the server times out.
What’s the fix, then? There are a few that come to mind. The first may be to just move ServerA to another network segment. Another may be to change the process around a bit by having ServerA pull the data instead of it being pushed since client-initiated connections will work like a champ.
A really outrageous one would be to set up another forwarding vserver that has only ServerA as it’s serverfarm. You would then add a static route in the web servers pointing to ServerA through that VIP, which would foward it over.
On the CSM, you’d do something like this.
serverfarm SERVERA-SF no nat server no nat client real 126.96.36.199 <--- ServerA inservice vserver SERVERA-VS virtual 188.8.131.52 any vlan 102 serverfarm SERVERA-SF inservice
On the server, you would add a static route to ServerA through 184.108.40.206. If you’re using some brand of Linux, you’d do this.
route add 220.127.116.11 gw 18.104.22.168
Don’t forget the static route on ServerA.
Send any Peeps questions my way.