Enhanced Interior Gateway Routing Protocol (EIGRP)
Published: 01/10/2010
Reference trace files:
cisco_2600_eigrp_router01_enable.cap
cisco_2600_eigrp_router02_enable.cap
cisco_2600_eigrp_router03_enable.cap
cisco_2600_eigrp_subnet_offline.cap
cisco_2600_eigrp_subnet_back_online.cap
A routing protocol that's proprietary to Cisco and revised from an earlier version (Interior Gateway Routing Protocol), infrastructures that use all Cisco-branded routers have EIGRP as a viable option. It converges fast, offers unequal load-balancing, uses bandwidth and delay as the default routing metrics, and only sends routing updates when there are changes detected in the network.
In this example, we have a network that looks like this:
Configuring the first router
MyRouter01 has FastEthernet 0/0 set up as 172.16.0.1. It also has four Ethernet interfaces, each with 10.0.x.1 addresses. The second router on the other side has the network 192.168.1.0 /24 behind it and uses 172.16.0.2 which faces the first router. The third router has the network 192.168.2.0 /24 behind it and uses 172.16.0.3 which faces the other two routers. The 192.168.1.0 /24, 192.168.2.0 /24, and 10.0.x.0 /24 networks need to talk to each other. The router gods have declared that EIGRP must be used (no static routes allowed).
On the first router, the following configuration is entered:
router eigrp 11 network 10.0.0.0 network 172.16.0.0 no auto-summary |
The first packet trace file shows that MyRouter01 starts continuously sending EIGRP Hello packets every 5 seconds to the multicast address of 224.0.0.10:
Cisco EIGRP
Version = 2
Opcode = 5 (Hello)
Checksum = 0xeec1
Flags = 0x00000000
Sequence = 0
Acknowledge = 0
Autonomous System : 11
EIGRP Parameters
Type = 0x0001 (EIGRP Parameters)
Size = 12 bytes
K1 = 1
K2 = 0
K3 = 1
K4 = 0
K5 = 0
Reserved
Hold Time = 15
Software Version: IOS=12.4, EIGRP=1.2
Type = 0x0004 (Software Version)
Size = 8 bytes
IOS release version = 12.4
EIGRP release version = 1.2
|
Within these small packets, the configured Autonomous System (AS) number (11), router IOS version (12.4), and EIGRP metrics (K values) are shown. The first K value represents the bandwidth while the third represents delay. Other values such as reliability, load, and MTU are not used by default.
Configuring the second router
Now the second router is configured with similar EIGRP configuration reflecting the networks it's connected to. The second packet trace file shows the first and second routers interacting with each other to exchange routes after they've both verified that they're configured for the same AS and use the same set of K values.
The first packet in the trace shows the second router sending out a standard EIGRP Hello using the same AS number (11). It also shows that the running IOS version (12.3) is not as recent as the first router's (12.4).
Cisco EIGRP
Version = 2
Opcode = 5 (Hello)
Checksum = 0xeec2
Flags = 0x00000000
Sequence = 0
Acknowledge = 0
Autonomous System : 11
EIGRP Parameters
Type = 0x0001 (EIGRP Parameters)
Size = 12 bytes
K1 = 1
K2 = 0
K3 = 1
K4 = 0
K5 = 0
Reserved
Hold Time = 15
Software Version: IOS=12.3, EIGRP=1.2
Type = 0x0004 (Software Version)
Size = 8 bytes
IOS release version = 12.3
EIGRP release version = 1.2
|
By the third packet, the first router recognizes the presence of another EIGRP-capable router on the wire using the same AS number and sends an EIGRP Update packet directly to the IP address of the second router. This triggers an exchange-start dialog between the two routers and uses a numerical sequence / acknowledgement combination, similar to TCP.
By the fifth packet, the first router sends another Hello packet to the multicast address with the next proposed sequence value (9 in this example) and the IP address of the second router. This is followed-up with an multicast Update packet containing the networks the router advertises (10.0.x.0 /24) through the interface facing this network. Then it sends a duplicate Update packet, only this time directly to the IP address of the second router.
Cisco EIGRP
Version = 2
Opcode = 1 (Update)
Checksum = 0xfd09
Flags = 0x0000000a
Sequence = 9
Acknowledge = 0
Autonomous System : 11
IP internal route = 10.0.0.0/24
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 25600
Bandwidth = 256000
MTU = 1500
Hop Count = 0
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.0.0
IP internal route = 10.0.1.0/24
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 25600
Bandwidth = 256000
MTU = 1500
Hop Count = 0
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.1.0
IP internal route = 10.0.2.0/24
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 25600
Bandwidth = 256000
MTU = 1500
Hop Count = 0
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.2.0
IP internal route = 10.0.3.0/24
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 25600
Bandwidth = 256000
MTU = 1500
Hop Count = 0
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.3.0
|
In packet 8, the first router follows up with an EIGRP Ackowledge packet directly to the second router.
The second router now sends an Update packet to the multicast address which shows the networks being advertised by router 1. Notice that the Hop Count value is now 1 and the Delay values are upped.
Cisco EIGRP
Version = 2
Opcode = 1 (Update)
Checksum = 0x8d18
Flags = 0x00000000
Sequence = 2
Acknowledge = 0
Autonomous System : 11
IP internal route = 10.0.0.0/24 - Destination unreachable
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 4294967295
Bandwidth = 256000
MTU = 1500
Hop Count = 1
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.0.0
IP internal route = 10.0.1.0/24 - Destination unreachable
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 4294967295
Bandwidth = 256000
MTU = 1500
Hop Count = 1
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.1.0
IP internal route = 10.0.2.0/24 - Destination unreachable
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 4294967295
Bandwidth = 256000
MTU = 1500
Hop Count = 1
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.2.0
IP internal route = 10.0.3.0/24 - Destination unreachable
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 4294967295
Bandwidth = 256000
MTU = 1500
Hop Count = 1
Reliability = 255
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.3.0
|
In packet 10, the first router sends an EIGRP Acknowledge, then twice sends an identical Update as it did previously as the second router acknowledges these.
Keep in mind that since the beginning of the entire capture after MyRouter02 was configured for EIGRP, less than one second has passed, so all this has happened rather quickly.
At packet 15, the second router now advertises its routes via the multicast address. In this case, it's for the network 192.168.1.0 /24 and 172.16.0.0 /16. The first router sends an Acknowledge packet directly back to the second router.
Over the next several seconds, both routers send basic EIGRP Hello packets to the multicast address, although in one of these from the second router has the K values all set to 255. By packet 21, MyRouter02 sends another Update advertising the 192.168.1.0 /24 network, which leads to more identical routing exchanges and confirmations from the other side over the next several seconds.
By the time we finally reach packet 36 (about 15 seconds since the beginning of the network trace), both routers are back to sending regularly-scheduled EIGRP Hello packets every five seconds. The two routers have converged and their neighbor, topology, and routing tables are appropriately populated.
Display show ip route
Display show ip protocols
Display show ip eigrp topology
Display show ip eigrp neighbors
Configuring the third router
Just to make it a bit more interesting, let's add a third router (MyRouter03) into the network which interfaces into the 172.16.0.0 /24 network with a .3 address. Behind it is the 192.168.2.0 /24 network which it will eventually advertise. After configuring EIGRP similar to the other two routers, the three routers essentially go through the same process as before when the second router came online. Each sends their routes, updates each other which networks that aren't reachable through them, etc.. This is all demonstrated in the third packet trace file.
Everything eventually converges roughly six seconds later and everyone goes back to sending standard EIGRP Hello greetings to the multicast address every five seconds.
Display show ip protocols
Display show ip route
Display show ip eigrp topology
Display show ip eigrp neighbors
Proving to the bean counters that the network doesn't run itself
Being in IT is brutal. If everything is running fine, you've done your job but no one notices. If something is wrong, you possibly screwed up and everyone notices. It's not fair. Such is life. Murphy's Law states that if everything is going great, you deserve punishment because you need character-building moments. Someone has to come by and spill coffee onto the floor of the server room, slip on it, and accidentally knock a cable out of a port. These things happen, and if you haven't experienced it, you haven't been in the field long enough.
So let's say the Ghost of Christmas Past decides to pay you a visit and hasn't been appreciating your recent grinch-like behavior. Oh whoops, how did that cable come out of the router port? That just happened to be the connection for the 10.0.3.0 /24 network. Now the routers have a sequence of events that unfold which is shown in the fourth trace file.
MyRouter01 multicasts out an announcement that 10.0.3.0 /24 is no longer reachable. The Delay metric is set to the highest value.
Cisco EIGRP
Version = 2
Opcode = 3 (Query)
Checksum = 0x08a6
Flags = 0x00000000
Sequence = 23
Acknowledge = 0
Autonomous System : 11
IP internal route = 10.0.3.0/24 - Destination unreachable
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 4294967295
Bandwidth = 0
MTU = 1500
Hop Count = 0
Reliability = 0
Load = 0
Reserved
Prefix Length = 24
Destination = 10.0.3.0
|
The second and third routers send a series of EIGRP Acknowledge and Reply packets directly to the unicast address of the first router confirming that the route to 10.0.3.0 /24 is indeed down. All of this takes less than a second to complete.
By packet 12, all routers go back to sending out their usual low-intensity EIGRP Hellos every five seconds.
Have no fear, EIGRP is here
Now the alarms are going off. Everyone in the building knows that the something's wrong. People are screaming, "The Internet is down!" eBay is lost, online banking is impossible, and corporate spies can no longer send out confidential company information to outsiders. All hell has gone loose.
But thank goodness your SNMP system has notified you that port 38 on switch 468A over on rack 11 in building 3 has gone link-down. You also log into the third router and notice that there's no reference to the 10.0.3.0 /24 network anymore.
Display show ip route
Display show ip eigrp topology
So in correlating the immediate past events, you realize that there's a bad cable, a bad port, an electrical gremlin, or Santa Clause was nice to give you a lump of coal for Christmas ... again.
You immediately get a technician in that building to plug the cable back in. The fifth trace file shows the interaction between the three routers when this happens. As soon as the link starts negotiating with the port (even though the switchport is still performing Spanning Tree calculations), the router directly connected to the 10.0.3.0 /24 network sends out an EIGRP Update message:
Cisco EIGRP
Version = 2
Opcode = 1 (Update)
Checksum = 0xdca3
Flags = 0x00000000
Sequence = 25
Acknowledge = 0
Autonomous System : 11
IP internal route = 10.0.3.0/24
Type = 0x0102 (IP internal route)
Size = 28 bytes
Next Hop = 0.0.0.0
Delay = 25600
Bandwidth = 256000
MTU = 1500
Hop Count = 0
Reliability = 224
Load = 1
Reserved
Prefix Length = 24
Destination = 10.0.3.0
|
The other two routers quickly aknowledge this and send their own EIGRP Update packets indicating that 10.0.3.0 /24 is not reachable through them. A second later, everyone is back to sending out EIGRP Hellos again like Borg drones. That was fast. Since you're still logged onto MyRouter03, you decide to verify that the route is now visible.
Display show ip route
Display show ip eigrp topology
The folks on the temporarily-disconnected Sales network can now go back to sipping their Frappuccinos with the green straws and surf Amazon.com for business-related "market research" right before Christmas vacation.
Go back to the main articles list.