EIGRP SIA (Stuck-In-Active) through animations.


EIGRP SIA (Stuck-In-Active) process through animations:

“Active” = Actively looking for a route to a network (Successor)

Without SIA

Browse in separate page

With SIA

Browse in separate page

Advertisements

DMVPN animation


Here is an interactive animation of DMVPN (Dynamic Multipoint VPN), followed by a detailed offline lab (a snapshot of the topology under test with hopefully all commands needed for analysis and study).

Finally, check your understanding of the fundamental concepts by taking a small quiz.

Studied topology:

DMVPN animation

Animation

Offline Lab

You might consider the following key points for troubleshooting:

Routing protocols:

To avoid RPF failure, announce routing protocols only through tunnel interfaces.

EIGRP

  • Turn off “next-hop-self” to makes spokes speak directly. Without it traffic between spokes will always pass through the HUB and NHRP resolution will not occur.
  • Turn off “split-horizon” to allow eigrp to advertise a received route from one spoke to another spoke through the same interface.
  • Turn off sumarization
  • Pay attention to the bandwidth required for EIGRP communication. requires BW > tunnel default BW “bandwidth 1000”

OSPF

  • “ip ospf network point-to-multipoint”, allows only phase1 (Spokes Data plane communication through the HUB)
  • “ip ospf broadcast” on all routers allows Phase2 (Direct Spoke-to-spoke Data plane communication)
  • Set the ospf priority on the HUBs (DR/BDR) to be bigger than the priority on spokes (“ip ospf priority 0”).
  • Make sure OSPF timers match if spokes and the HUB use different OSPF types.
  • Because spokes are generally low-end devices, they probably can’t cope with LSA flooding generated within the OSPF domain. Therefore, it’s recommended to make areas Stubby (filter-in LSA5 from external areas) or totally stubby (neither LSA5 nor inter-area LSA3 are accepted)

Make sure appropriate MTU value matches between tunnel interfaces (“ip mtu 1400 / ip tcp mss-adjust 1360”)

Consider the OSPF scalability limitation (50 routers per area). OSPF requires much more tweekening for large scale deployments.

Layered approach:

DMVPN involves multiple layers of technologies (mGRE, routing, NHRP, IPSec), troubleshooting an issue can be very tricky.

To avoid cascading errors, test your configuration after each step and move forward only when the current step works fine. For example: IPSec encryption is not required to the functioning of DMVPN, so make sure your configuration works without it and only then you add it (set IPSEc parameters and just add “tunnel protection ipsec profile” to the tunnel interface).

Quiz

Read more of this post

Administrative Distance, prefix length, metric… Who is the winner?


  • The Concept
  • Procedural tasks
  • Result table
  • Conclusion

The concept

The idea of the lab is to test the RIB best route election criteria of a border router. To do so, four overlapping subnets are configured in different parts of the network and available to a border router through different routing protocols. One of them is directly connected.

All prefixes are made available and reachable in the same time to see who is going to be elected as best route, then remove the winner from the competition by making the corresponding path unavailable and iterate the selection process until the last path.

One directly connected segment and three routing protocols, so four administrative distances: directly connected (AD=0), RIP(AD=120),OSPF(AD=110) and EIGRP internal(AD=90).

Each protocol has two unequal paths (different metrics) to reach the same prefix.

Prefix masks are configured to be inversely proportional to routing protocol administrative distances.

Lab topology

6VPE MPLS

Procedural tasks

For each test case, the routing table is checked for the best route, a trace route to check the path and make the winner path unavailable.




Result table

Classification

Mask length

metric

AD

prefix

Path

Routing protocol

4

28

110

110

192.168.1.64

A

OSPF

3

74

192.168.1.64

B

1

29

1

120

192.168.1.64

C

RIP

2

2

192.168.1.64

D

6

27

32195456

90

192.168.1.64

E

EIGRP

5

2195456

192.168.1.64

F

7

26

0

0

192.168.1.64

G


Directly connected

RIB looks at the mask length first. The directly connected prefix with the shortest mask length is considered last as the longer the mask, the more accurate the prefix.

Conclusion

With the same prefix and different mask lengths, the border router considers the following criteria in order of preference:

  1. Longest mask among all routing protocols
  2. Lowest cost with the same routing protocol

IPv6 routing protocol redistribution


Though the transition period from IPv4 to IPv6 is going to last for a long time in which both protocols will coexist, we shouldn’t forget that the final goal of IPv6 is to completely replace IPv4.

The best way to gain more experience with the new intricacies and challenges of IPv6 is to test IPv6-based services in the presence of IPv4 as well in a pure IPv6 environment.

The purpose of this lab is to test redistribution between IPv6 routing protocols in an exclusively IPv6 environment.

So I am following exactly the same scenario as the previous post about IPv4 redistribution and I will point out some particularities related to IPv6.

I will start by the problematic design of redistribution from one routing domain into another with lower (better) administrative distance.

If you are not familiar with routing redistribution I strongly recommend you to take a look at the previous post.

Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination domain is OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


Lab content:

1- Redistribution
2- Test connectivity from the BR R1
3- Solutions to overcome suboptimal paths
   3.1- Control paths by controlling the redistribution at the border routers
   3.2- Change the AD per-prefixes
   3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list
   3.4- Prefix summarization
4- Troubleshooting notes5- Conclusion

1- Redistribution

– Redistribute 2001:DB8:123:3333::/64 (external domain/connected) into EIGRP at R3

The network 2001:DB8:123:3333::/64 can be administred with a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

Because EIGRP differentiates between internal and external prefixes by assigning different Administrative Distances, the prefix 2001:DB8:123:3333::/64 become (D EX) with AD=170.

ipv6 router eigrp 123
router-id 3.3.3.33
no shutdown
redistribute ospf 123 metric 1500 1 100 1 1500 route-map to-eigrp include-connected
!
ipv6 prefix-list ospf-pfx seq 5 permit 2001:DB8:123:3333::/64
!

!

route-map to-eigrp permit 10

match ipv6 address prefix-list ospf-pfx

set tag 3333

Picture 3: redistribution at R3:


– Mutual redistribution between EIGRP & OSPF at R2

For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2.

R2:

ipv6 router eigrp 123
router-id 2.2.2.2
no shutdown
redistribute ospf 124 metric 1500 1 100 1 1500 include-connected
!
ipv6 router ospf 124
router-id 2.2.2.22

log-adjacency-changes

redistribute eigrp 123 route-map from-eigrp include-connected

!

!ipv6 prefix-list eigrp-prfx seq 10 permit 2001:DB8:123:2222::/64

ipv6 prefix-list eigrp-prfx seq 20 permit 2001:DB8:123:1111::/64

ipv6 prefix-list eigrp-prfx seq 30 permit 2001:DB8:123:13::/126

ipv6 prefix-list eigrp-prfx seq 40 permit 2001:DB8:123:23::/126

!

ipv6 prefix-list ospf-prfx seq 10 permit 2001:DB8:124:14::/126

ipv6 prefix-list ospf-prfx seq 20 permit 2001:DB8:124:24::/126

ipv6 prefix-list ospf-prfx seq 30 permit 2001:DB8:124:4444::/64

!

!

route-map from-ospf permit 10

match ipv6 address prefix-list ospf-prfx

!

route-map from-eigrp permit 10

match ipv6 address prefix-list eigrp-prfx

!

route-map from-eigrp permit 20

match tag 3333

R1:

ipv6 router eigrp 123
router-id 1.1.1.11
no shutdown
!
ipv6 router ospf 124
router-id 1.1.1.1

Picture4: Mutual redistribution between EIGRP & OSPF at R2


2-Test connectivity from the BR R1

R1#sh ipv6 route
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1#

R1#sh ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS(123)/ID(1.1.1.11)

P 2001:DB8:123:3333::/64, 0 successors, FD is Inaccessible, tag is 3333

via FE80::C002:42FF:FED8:0 (1732352/1706752), FastEthernet0/1


R1#

R1#sh ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS(123)/ID(1.1.1.11)Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 2001:DB8:124:14::/126, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

P 2001:DB8:123:13::/126, 1 successors, FD is 281600

via Connected, FastEthernet0/1

P 2001:DB8:123:1111::/64, 1 successors, FD is 128256

via Connected, Loopback1

P 2001:DB8:123:3333::/64, 0 successors, FD is Inaccessible, tag is 3333

via FE80::C002:42FF:FED8:0 (1732352/1706752), FastEthernet0/1

P 2001:DB8:123:2222::/64, 1 successors, FD is 435200

via FE80::C002:42FF:FED8:0 (435200/409600), FastEthernet0/1

P 2001:DB8:124:24::/126, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

P 2001:DB8:123:23::/126, 1 successors, FD is 307200

via FE80::C002:42FF:FED8:0 (307200/281600), FastEthernet0/1

P 2001:DB8:124:4444::/64, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

R1#

R1#sh ipv6 route 2001:DB8:123:3333::3/64
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1#

0 Successor(s), FD is 4294967295 (Inaccessible)

Is seen in the EIGRP topology table (IPv4/IPv6). Remember that in a border router each protocol will separately calculate the route to a given destination and submit it to the RIB for the “competition”. The RIB will choose the best route to the prefix+mask and the unique winner protocol is the one with the lowest administrative distances.

Other protocols (losers) not happy with the decision of the RIB will mark their best route in their protocol table

  • EIGRP uses “0 Successor(s), FD is 4294967295 (Inaccessible)”
  • BGP uses “r> (RIB-failure)”

So EIGRP calculated a route to 2001:DB8:123:3333::3/64 directly through R3 and OSPF calculated a route to the same prefix 2001:DB8:123:3333::3/64 through R4.

The RIB will choose OSPF of course because it has better (smaller) administrative distance of 110 against 170 for EIGRP.

R1#ping ipv6 2001:DB8:123:3333::3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:123:3333::3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/68/84 ms

R1#

R1#traceroute ipv6 2001:DB8:123:3333::3

Type escape sequence to abort.

Tracing the route to 2001:DB8:123:3333::3

1 2001:DB8:124:14::2 32 msec 20 msec 20 msec

2 2001:DB8:124:24::1 48 msec 56 msec 40 msec

3 2001:DB8:123:3333::3 84 msec 32 msec 76 msec

R1#

Picture 5: primary path


The primary path to the prefix 2001:DB8:123:3333::3 is chosen through OSPF domain which is suboptimal because it is 1st redistributed into EIGRP123 then a second time into OSPF124.

We know that during redistribution between different protocols there is inevitable loss of homogeneity of routing information due to deformation of criteria: attributes for BGP, BW and delay for EIGRP, cost for OSPF and hop for RIP.

So what we can do at the border router to influence the choice of the best route to a given prefix?

3- Solutions

  • 3.1- Control paths by controlling the redistribution at the border routers:

    This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

  • 3.2- Change the AD per-prefixes:

    In case you need to guarantee route redundancy for internal traffic even through external domains.

  • 3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
  • 3.4- Perform summarization to shorter subnet mask on the source router (remove from the competition by transform)

    So at the destination router receiving the update the longest prefix is selected

3.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

3.2- Change the AD per-prefixes:

ipv6 router ospf 124
distance ospf external 180

R1(config-rtr)#do route6
IPv6 Routing Table – 14 entries

D 2001:DB8:123:23::/126 [90/307200]

via FE80::C002:42FF:FED8:0, FastEthernet0/1


D 2001:DB8:123:2222::/64 [90/435200]

via FE80::C002:42FF:FED8:0, FastEthernet0/1

EX 2001:DB8:123:3333::/64 [170/1732352], tag 3333

via FE80::C002:42FF:FED8:0, FastEthernet0/1


R1(config-rtr)#

Now prefixes originated from EIGRP, including the redistributed 2001:DB8:123:3333::/64, are reachable through EIGRP, because their OSPF EXT variants have worse administrative distance 180 against 170.

R1(config-rtr)#do sh ipv6 ospf data OSPFv3 Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States

ADV Router Age Seq# Prefix

2.2.2.22 970 0x80000006 2001:DB8:123:13::/126

2.2.2.22 970 0x80000006 2001:DB8:123:23::/126

2.2.2.22 970 0x80000006 2001:DB8:123:1111::/64

2.2.2.22 970 0x80000006 2001:DB8:123:2222::/64

2.2.2.22 970 0x80000006 2001:DB8:123:3333::/64

R1(config-rtr)#

Let’s simulate a failure in the link between R1 and R3:

R3(config)#int fa0/0
R3(config-if)#sh
R3(config-if)#
*Mar 1 04:26:19.938: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 123: Neighbor FE80::C000:42FF:FED8:1 (FastEthernet0/0) is down: interface down
*Mar 1 04:26:21.910: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 04:26:22.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R3(config-if)#

Now, EIGRP prefixes reachable through OSPF.

R1(config-rtr)#do sh ipv6 route
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:23::/126 [180/20]
via FE80::C003:42FF:FED8:0, FastEthernet0/0
OE2 2001:DB8:123:2222::/64 [180/20]
via FE80::C003:42FF:FED8:0, FastEthernet0/0

OE2 2001:DB8:123:3333::/64 [180/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1(config-rtr)#

3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333
via FE80::C003:42FF:FED8:0, FastEthernet0/0

R1#

R1:

R1(config)#ipv6 router ospf 124
R1(config-rtr)#distribute-list prefix-list 3333_prfx in
R1(config-rtr)#exit
R1(config)#ipv6 prefix-list 3333_prfx deny 2001:DB8:123:3333::/64
R1(config)#ipv6 prefix-list 3333_prfx seq 10 permit ::/0 le 128

Note the default route used in the prefix-list ::/0 le 128 is different from the one used in IPv6 default static route abd the routing table ::/0

R1(config)#do route6
IPv6 Routing Table – 14 entries

EX
2001:DB8:123:3333::/64 [170/1732352], tag 3333
via FE80::C002:42FF:FED8:0, FastEthernet0/1

R1(config)#

3.4- Prefix summarization:

Let’s perform summarization of the prefix 2001:DB8:123:3333::3 on R3 to a shorter mask length of /60 before announcing it to R4 then to R1.

R4 before summarization:

R4#route6
IPv6 Routing Table – 14 entries

via FE80::C001:42FF:FED8:0, FastEthernet0/1
OE2
2001:DB8:123:3333::/64 [110/20], tag 3333

R4#

R1 before summarization:

R1(config-rtr)#do route6
IPv6 Routing Table – 15 entries

EX
2001:DB8:123:3333::/64 [170/1732352], tag 3333
via FE80::C002:42FF:FED8:0, FastEthernet0/1

R1(config-rtr)#

To keep the routing information consistent inside OSPF area, summarization has to be done at the ABR or ASBR.

Summarization on R2 (ASBR router):

R2(config)#no router ospf 124
R2(config-rtr)#summary-prefix 2001:DB8:123:3333::3/60

Now let’s take a look again at the routing table of R1 and R4:

R4#route6
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3330::/60 [110/20]
via FE80::C001:42FF:FED8:0, FastEthernet0/1

R4#

R1(config-rtr)#do route6
IPv6 Routing Table – 16 entries

OE2 2001:DB8:123:3330::/60 [110/20]

via FE80::C003:42FF:FED8:0, FastEthernet0/0

EX 2001:DB8:123:3333::/64 [170/1732352], tag 3333

via FE80::C002:42FF:FED8:0, FastEthernet0/1


R1(config-rtr)#

R1 has received the summary address 2001:DB8:123:3330::/60 and consider it as different from 2001:DB8:123:3333::/64 received through EIGRP.

To forward traffic, RIB will chooses the longest match i.e. 2001:DB8:123:3333::3

R1#traceroute ipv6 2001:DB8:123:3333::3
 
Type escape sequence to abort.

Tracing the route to 2001:DB8:123:3333::3

1 2001:DB8:123:3333::3 60 msec 24 msec 60 msec

R1#

 

4-Troubleshooting notes

*) Redistribution doesn’t work :
– Check typing errors in route-maps and prefix-lists names because IOS will not alert you in case of the following errors during redistribution:
– Wrong route map name
– Wrong ACL/prefix-list name inside the route-map
– Default metric not configured (EIGRP/RIP/IS-IS)
– Check whether the prefix you want to redistribute exists in the RIB of the border router and belongs to the IGP source of the redistribution.
– IPv6 routing requires only link-local addresses (fe80::/10) to a establish the relationships within a segment, even if the mask or the subnet doesn’t match.

The discrepancies will emerge later. So make sure to carefully plan and deploy your address scheme.

*) EIGRP for IPv6 is by default shut down

*) Misconfiguration errors:

– Many IPv6 commands are the same as for IPv4, the keyword “ip” is replaced by “ipv6”. Nevertheless, what is easy to do can also be easy not to do. After a couple of hours with the contrast of the CLI, you will start glazing over J and you will notice that the device doesn’t react to your commands.

That’s a sign that something intrinsically wrong, like typing in the wrong router console, copy/past wrong fragments or typing “ip” instead of “ipv6.”

5- Conclusion

Following some techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


Routing Protocol Redistribution and Path optimization



Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
router ospf 123
redistribute connected route-map rmap-connnected subnets

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2
router eigrp 124
redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500
!router ospf 123
network 192.168.23.0 0.0.0.255 area 0
redistribute eigrp 124 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24
ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24

ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

!

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1

    Picture 5: primary path


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324
via 192.168.14.4 (1757952/1732352), FastEthernet0/0
P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

P 192.168.14.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/0

P 192.168.24.0/24, 1 successors, FD is 307200

via 192.168.14.4 (307200/281600), FastEthernet0/0

P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

R1#

R1#ping 33.33.33.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms
R1#trace 33.33.33.33

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.13.3 68 msec * 52 msec

R1#

  • Simulate a failure on R3 fa0/1

    A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1

R3(config-if)#sh

R3(config-if)#

*Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#

  • Test connectivity at R1

    Picture6: path redundancy

R1#route4

33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0

R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 192.168.14.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms

R1#

R1#
R1#trace 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Tracing the route to 33.33.33.33

1 192.168.14.4 112 msec 32 msec 44 msec
2 192.168.24.2 44 msec 36 msec 56 msec
3 192.168.23.3 64 msec * 88 msec

R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3

    The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

    Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123
redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2

    For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

    R2:

router eigrp 123
redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500
!
router ospf 124
redistribute eigrp 123 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24

ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24

ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24

ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24

!

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

R1:

router ospf 124
redistribute eigrp 123 subnets route-map to-ospf
!
ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24
!

route-map to-ospf permit 10

match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1
R1#route4

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0


R1#


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status
P 11.11.11.0/24, 1 successors, FD is 128256

via Connected, Loopback11

P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

P 192.168.13.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/1

R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms

R1#

R1#trace 33.33.33.33 source 11.11.11.11

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.14.4 96 msec 32 msec 0 msec

2 192.168.24.2 76 msec 36 msec 36 msec

3 192.168.23.3 32 msec * 176 msec

R1#


Picture 5: primary path


Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

  • Solutions :
    • 5.1- Control paths by controlling the redistribution on the border routers:

      This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

    • 5.2- Change the AD per-prefix:

      In case you need to guarantee route redundancy for internal traffic even through external domains.

    • 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
    • 5.4- Perform summarization to shorter subnet mask 

      So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124
distance 180 192.168.14.4 0.0.0.0 ACL33
!
ip access-list standard ACL33
permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0

R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag

11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0

33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100

192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100

192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100

R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh
R3(config-if)#
*Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down
*Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#


R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0

R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0

R1(config-router)#

R1:

router ospf 124
distribute-list ACL_NO_33 in FastEthernet0/0
!
ip access-list standard ACL_NO_33
deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1

R4#

R1 before summarization:

R1(config-router)#do s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0

R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)

via Connected, Loopback11
P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

….

R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4

33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0

D EX 33.33.33.0/24

[170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1


R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 192.168.13.3 48 msec * 24 msec
R1#



Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


EIGRP & RIPv2 IOS authentication


Though IOS routing protocol (EIGRP/RIPv2) authentication procedure is straightforward, it can cause confusion.

The purpose of this brief post is to enumerate and test all different cases related to this kind of authentication and demonstrate the following facts:

1- Key-chain is locally significant and not checked.

2- The router check key id’s in the ascending order, looking for the same couple as the received (key-id, key-string).

  • if the key id is missing, the result of the debug eigrp packet is key id =<id>, key not defined or not live
  • if the key ids match but not the key-strings, the result of the debug eigrp packet is authentication mismatch

Two back-to-back routers are largely enough for the test.


And the following table resumes all results:


For the sake of succinctness, I attached the following file containing the complete configurations and results for all cases : http://hpnouri.free.fr/tmp/EIGRP-authentication-testing.txt

IPv6 EIGRP


IPv6 EIGRP and IPV4 EIGRP are very similar in concept except for the following differences:

  • IPv6 is configured on interface basis (like OSPFv3 and RIPng) and networks are advertised based on interface command.
  • When configured on interface, IPv6 EIGRP is initially placed in “shutdown” state.
  • As with OSPFv3, IPv6 EIGRP require a router-id in IPv4 format.
  • Passive interfaces can only be configured in the routing process mode.
  • Need for extra memory resources and supported in IOS 12.4(6)T and later.
R1#sh ver | i Version

Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(6)T, RELEASE SOFTWARE (fc1)

BOOTLDR: 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(6)T, RELEASE SOFTWARE (fc1)

6 slot VXR midplane, Version 2.1

R1#

  • No split horizon in IPv6 because it is possible to get multiple prefixes per interface.
  • No concept of classful routing in IPv6 EIGRP consequently no automatic summary.

Figure1 depicts the Lab topology used for IPv6 EIGRP deployment, R1, R2 and R3 are connected to each other through a Frame Relay cloud and R2, R3 and R4 are connected to each other through LAN.

Each router protect its own set of local networks.

This lab covers the following topics related to the deployment of IPv6 EIGRP

  • IPV6 addressing
  • Frame Relay configuration
  • IPv6 routing configuration
  • IPv6 route manipulation 

Figure1 IPv6 EIGRP topology:


I) DEPLOYMENT

  1. IPV6 addressing: 

First unicat IPv6 and link local addresses are configured.

Link local addresses are statically configured to make their manipulation easier.

R1(config)#int s1/0

R1(config-if)#ipv6 address 2001:1:1:210::1/60

R1(config-if)#ipv6 address FE80::210:1 link-local

R1(config-if)#no sh 

 

R2(config-if)#int s1/0

R2(config-if)#ipv6 address 2001:1:1:210::2/60

R2(config-if)#ipv6 address FE80::210:2 link-local

R2(config-if)#no sh

 

R2(config)#int fa 0/0

R2(config-if)#ipv6 address 2001:1:1:410::2/60

R2(config-if)#ipv6 address FE80::410:2 link-local

R2(config-if)#no sh 

 

R3(config-if)#int s1/0

R3(config-if)#ipv6 address 2001:1:1:210::3/60

R3(config-if)#ipv6 address FE80::210:3 link-local

R3(config-if)#no sh

 

R3(config-if)#int fa 0/0

R3(config-if)#ipv6 address 2001:1:1:410::3/60

R3(config-if)#ipv6 address FE80::410:3 link-local

R3(config-if)#no sh

 

R4(config-if)#int fa 0/0

R4(config-if)#ipv6 address 2001:1:1:410::4/60

R4(config-if)#ipv6 address FE80::410:4 link-local

R4(config-if)#no sh

  1. FR Configuration:

For each interface connected to the Frame relay cloud FR encapsulation is set, Inverse ARP disabled and Static mapping is performed using next-hop unicat ipv6 as well as next-hop link local ipv6.

R1(config-if)#int s1/0

R1(config-if)#encapsulation frame-relay

R1(config-if)#frame-relay map ipv6 2001:1:1:210::2 102 broadcast

R1(config-if)#frame-relay map ipv6 FE80::210:2 102

R1(config-if)#frame-relay map ipv6 2001:1:1:210::3 103 broadcast

R1(config-if)#frame-relay map ipv6 FE80::210:3 103

 

R2(config)#int s1/0

R2(config-if)#encapsulation frame-relay

R2(config-if)#frame-relay map ipv6 2001:1:1:210::1 201 broadcast

R2(config-if)#frame-relay map ipv6 FE80::210:1 201

R2(config-if)#frame-relay map ipv6 2001:1:1:210::3 203 broadcast

R2(config-if)#frame-relay map ipv6 FE80::210:3 203

 

R3(config)#int s1/0

R3(config-if)#encapsulation frame-relay

R3(config-if)#frame-relay map ipv6 2001:1:1:210::1 301 broadcast

R3(config-if)#frame-relay map ipv6 FE80::210:1 301

R3(config-if)#frame-relay map ipv6 2001:1:1:210::2 302 broadcast

R3(config-if)#frame-relay map ipv6 FE80::210:2 302

Before continuing further, it is recommended to check connectivity:

Frame Relay cloud:

unicast:

R1#ping ipv6 2001:1:1:210::2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:1:1:210::2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/73/88 ms

 

R1#ping ipv6 2001:1:1:210::3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:1:1:210::3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/73/88 ms

R1#

Link-local:

R1#ping ipv6 FE80::210:2

Output Interface: Serial1/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::210:2, timeout is 2 seconds:

Packet sent with a source address of FE80::210:1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/60/80 ms

R1#

 

R1#ping ipv6 FE80::210:3

Output Interface: Serial1/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::210:3, timeout is 2 seconds:

Packet sent with a source address of FE80::210:1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/54/92 ms

R1#

Ethernet :
Unicast:

R2#ping ipv6 2001:1:1:410::3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:1:1:410::3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/79/116 ms

R2#ping ipv6 2001:1:1:410::4

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:1:1:410::4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/74/96 ms

R2#

 Link-local:

R2#ping ipv6 FE80::410:3

Output Interface: FastEthernet0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::410:3, timeout is 2 seconds:

Packet sent with a source address of FE80::410:2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/76/92 ms

R2#ping ipv6 FE80::410:4

Output Interface: FastEthernet0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::410:4, timeout is 2 seconds:

Packet sent with a source address of FE80::410:2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/71/96 ms

R2#

Routing Configuration:

 Steps:
Now let’s proceed with IPv6 EIGRP:

  • Enable unicast IPV6 routing globally.
  • enable IPV6 on FR interface.
  • enable IPv6 EIGRP per interface-basis.
  • manually set IPv6 EIGRP router-id in IPv4 format.
  • no shutdown EIGRP process.
R1(config)#ipv6 unicast-routing

R1(config)#int s1/0

R1(config-if)#ipv6 enable

R1(config-if)#ipv6 eigrp 10

R1(config-if)#exit

R1(config)#ipv6 router eigrp 10

R1(config-rtr)#router-id 1.1.1.1

R1(config-rtr)#no sh

 Verify the IPv6 EIGRP protocol:

R1(config)#do sh ipv6 protocols

IPv6 Routing Protocol is “connected”

IPv6 Routing Protocol is “static”

IPv6 Routing Protocol is “eigrp 10”

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Interfaces:


Serial1/0

Redistribution:

None

Maximum path: 16

Distance: internal 90 external 170

 

R1(config)#

 Repeat previous steps for R2 and R3 and make sure that IPV6 eigrp PROCESS id match.

R2(config)#ipv6 unicast-routing

R2(config)#int s1/0

R2(config-if)#ipv6 enable

R2(config-if)#ipv6 eigrp 10

R2(config-if)#exit

R2(config)#ipv6 router eigrp 10

R2(config-rtr)#router-id 2.2.2.2

R2(config-rtr)#no sh

 

R2(config-rtr)#int fa 0/0

R2(config-if)#ipv6 enable

R2(config-if)#ipv6 eigrp 10

R2(config-if)#exit

R2(config)#

 

R3(config)#ipv6 unicast-routing

R3(config-if)#int s1/0

R3(config-if)#ipv6 enable

R3(config-if)#ipv6 eigrp 10

R3(config-if)#exit

R3(config)#ipv6 router eigrp 10

R3(config-rtr)#router-id 3.3.3.3

R3(config-rtr)#no sh

 

R3(config-rtr)#int fa 0/0

R3(config-if)#ipv6 enable

R3(config-if)#ipv6 eigrp 10

R3(config-if)#exit

R3(config)#

 

R4(config)#ipv6 unicast-routing

R4(config-rtr)#int fa 0/0

R4(config-if)#ipv6 enable

R4(config-if)#ipv6 eigrp 10

R4(config-if)#exit

R4(config)#

 Let’s check neighbor relationships and IPv6 routing table on R1 for example:

R1(config)#do sh ipv6 eigrp neigh

IPv6-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

1 Link-local address: Se1/0 154 00:01:16 32 200 0 5


FE80::210:3

0 Link-local address: Se1/0 163 00:04:56 48 288 0 3


FE80::210:2

R1(config)#sh ipv6 eigrp neighbor

IPv6-EIGRP interfaces for process 10

 

Xmit Queue Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes

Se1/0 2 0/0 40 0/15 175 0

R1(config)#

 You can note that as in OSPFv3, IPv6 EIGRP use link-local addresses to establish neighbor relationships with its neighbors.

R1(config)#do sh ipv6 route eigrp

IPv6 Routing Table – 35 entries

Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP

U – Per-user Static route

I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary

O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2

ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2

D – EIGRP, EX – EIGRP external

D 2001:1:1:410::/60 [90/2172416]


via FE80::210:2, Serial1/0


via FE80::210:3, Serial1/0

R1(config)#

 R1 has learnt the LAN network 2001:1:1:410::/60 from both R2 and R3 and it is perfectly reachable:

R1(config)#do ping ipv6 2001:1:1:410::4

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:1:1:410::4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 116/136/164 ms

R1(config)#

R1#traceroute ipv6 2001:1:1:410::4

Type escape sequence to abort.

Tracing the route to 2001:1:1:410::4

 

1 2001:1:1:210::2 80 msec


2001:1:1:210::3 120 msec


2001:1:1:210::2 68 msec

2 2001:1:1:410::4 144 msec 120 msec 144 msec

R1#

 R1 load-balanced ICMP packets between the two paths through R2 and R3.

  1. Route manipulation:

To practice IPv6 route summarization, loopback interfaces are created to simulated local networks for each router (figure1) and ipV6 EIGRP is enabled on each interface.
The result is as follow:

R4:

R4# sh ipv6 route eigrp

IPv6 Routing Table – 22 entries

Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP

U – Per-user Static route

I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary

O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2

ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2

D – EIGRP, EX – EIGRP external

D 2001:1:1:110::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:120::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:130::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:140::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:150::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:160::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:170::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:180::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:190::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1A0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1B0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1C0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1D0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1E0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:1F0::/60 [90/2300416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

D 2001:1:1:210::/60 [90/2172416]

via FE80::410:3, FastEthernet0/0

via FE80::410:2, FastEthernet0/0

R4#

 22 entries, only routes to FR network routes and R1 fifteen local networks, you just imagine if we add R2 and R3 local networks, or even worse in a production network with hundreds of site and thousands of routes!

Here is where summarization comes, to lessen the complexity of handling routes individually.

As in IPv4 EIGRP after configuring the summarization command the router drops IPv6 EIGRP relationships to reestablish them again, this renew input events and make neighbors rebuild their topology tables and perform DUAL algorithm local computation again using the new advertisements from the router who reconfigured summarization.

The summarization command is performed on interface-basis, so make sure than it is executed on all EIGRP interfaces through which you want to spread summary route.

R1:

R1(config-if)#int s1/0

R1(config-if)#ipv6 summary-address eigrp 10 2001:1:1:1::/56

*Jun 13 10:36:44.871: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::210:3 (Serial1/0) is down: summary configured

*Jun 13 10:36:44.927: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::210:2 (Serial1/0) is down: summary configured

R1(config-if)#

*Jun 13 10:37:01.919: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::210:3 (Serial1/0) is up: new adjacency

*Jun 13 10:37:02.019: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::210:2 (Serial1/0) is up: new adjacency

R1(config-if)#

 Now let’s take a look at R4 routing table:

R4# sh ipv6 route eigrp

IPv6 Routing Table – 10 entries

Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP

U – Per-user Static route

I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary

O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2

ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2

D – EIGRP, EX – EIGRP external

D 2001:1:1:100::/56 [90/2300416]

via FE80::410:2, FastEthernet0/0

via FE80::410:3, FastEthernet0/0

D 2001:1:1:210::/60 [90/2172416]

via FE80::410:2, FastEthernet0/0

via FE80::410:3, FastEthernet0/0

D 2001:1:1:300::/56 [90/156160]

via FE80::410:3, FastEthernet0/0

D 2001:1:1:600::/56 [90/156160]

via FE80::410:2, FastEthernet0/0

R4#

 The routing table is reduced to 10 entries with only summary routes to R1, R2 and R3 local networks.

II) CONCLUSION

As with other IPv6 routing protocols there is practically nothing to do if you grasp the concept of the IPv4 version of the protocol as well as IPV6 addressing.

%d bloggers like this: