Pages

Showing posts with label default route. Show all posts
Showing posts with label default route. Show all posts

Sunday, September 26, 2010

EIGRP route summarization, default gateway, variance and passive-interface

this lab will cover route summarization, default gateway using network-default command, variance and EIGRP passive-interface concept

R1

interface Loopback11
 ip address 172.16.1.1 255.255.255.0
!
interface Loopback12
 ip address 172.16.2.1 255.255.255.0
!
interface Loopback13
 ip address 172.16.3.1 255.255.255.0
!
interface Loopback14
 ip address 172.16.4.1 255.255.255.0
!
interface Loopback15
 ip address 172.16.5.1 255.255.255.0

interface Serial0/0
 ip address 30.30.12.1 255.255.255.252
 clock rate 56000

interface Serial0/1
 ip address 30.30.13.1 255.255.255.252
 clock rate 56000

router eigrp 1
 network 30.0.0.0
 network 172.16.0.0
 no auto-summary

R2
interface FastEthernet0/0
 ip address 30.30.23.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 30.30.12.2 255.255.255.252
 clock rate 2000000

router eigrp 1
 network 30.0.0.0
 no auto-summary

R3
interface FastEthernet0/0
 ip address 30.30.23.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 30.30.13.2 255.255.255.252
 clock rate 2000000
router eigrp 1
 network 30.0.0.0
 no auto-summary

Route Summarization 

show ip route on R2 and R3 will show all the route for prefixes 172.16.x.x, what if you have thousands of prefixes? your routing table gonna be a mess. to reduce this, we can summarize it

R2>sh ip rou
..
     172.16.0.0/24 is subnetted, 5 subnets
D       172.16.4.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.5.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.1.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.2.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.3.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
..

so we have 172.16.1.0 - 172.16.5.0, the best range to contain all the above prefixes is 172.16.0.0/21 or mask 255.255.248.0.. 172.16.0.0 - 172.16.7.255

summarization is applied on the interface, lets apply this R1 Ser 0/0

interface Serial0/0
 ip address 30.30.12.1 255.255.255.252
 ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5
 clock rate 56000
end


check R2 routing table

R2>sh ip rou
....

     172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
D       172.16.4.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.5.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.0.0/21 [90/2297856] via 30.30.12.1, 00:02:51, Serial0/0
D       172.16.1.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.2.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.3.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0

you see that (in yellow), route to 172.16.x.x summarize into /21 subnet.. but why there's still storing the un-summarize (green)? notice that it is learned via 30.30.12.2 (R3).. and we didn't summarize route from R1 - R3.

*one more thing we need to remember, above Administrative Distance, the highest priority always the smallest prefix.. even it's learned from RIP, it's still the preferred route compare to EIGRP, OSPF... 

ok, now let's summarize those network on R1 Ser0/1 (connected to R3)

ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5

check routing table on both R2 and R3


R2>sh ip rou
...
     172.16.0.0/21 is subnetted, 1 subnets
D       172.16.0.0 [90/2297856] via 30.30.12.1, 00:00:41, Serial0/0

now looks good :)

Default Route

let's assume 192.168.99.0/24 is gateway to outside network, and it's connected to R1

create a static route to this gateway on R1 and point it to NULL 0

ip route 192.168.99.0 255.255.255.0 Null0

and advertise it in EIGRP 1

router eigrp 1
 network 30.0.0.0
 network 172.16.0.0
 network 192.168.99.0
 no auto-summary

and make it default gateway for R2 and R3

ip default-network 192.168.99.0

show routing table on R2 and R3

R3>sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 30.30.13.1 to network 192.168.99.0

     172.16.0.0/21 is subnetted, 1 subnets
D       172.16.0.0 [90/2297856] via 30.30.13.1, 00:15:21, Serial0/0
D*   192.168.99.0/24 [90/2169856] via 30.30.13.1, 1d06h, Serial0/0
     30.0.0.0/8 is variably subnetted ....

yes.. that's correct :)

un-equal load balance using Variance

show R1 routing table

R1#sh ip rou
...
D       30.30.23.0/24 [90/2195456] via 30.30.13.2, 02:05:56, Serial0/1
                      [90/2195456] via 30.30.12.2, 02:05:56, Serial0/0
1

there's two route with same metric from R1 to network 30.30.23.0/24.. let's change this to simulate un-equal load balance

up the bandwith on R1 Ser0/1 to make the preferred path is via R3

interface Serial0/1
 bandwidth 256
 ip address 30.30.13.1 255.255.255.252
 ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5
 clock rate 56000
end

and make R1 Ser0/0 to have half of Ser0/1 bandwidth
.. 
 bandwidth 256
..

show routing table again now and you should only see on path

R1#sh ip rou
..
D       30.30.23.0/24 [90/2195456] via 30.30.12.2, 00:01:47, Serial0/0

now check metric to 30.30.23.0/24 on EIGRP topology table

R1#sh ip ei top
..
P 30.30.23.0/24, 1 successors, FD is 2195456
        via 30.30.13.2 (10537472/281600), Serial0/1
        via 30.30.12.2 (20537600/281600), Serial0/0

now you see the thru R3 has the lower metric.. and value is almost two times

now apply this line

router eigrp 1
 variance 2
 network 30.0.0.0
 network 172.16.0.0
..

this line actually saying that, for every backup path.. where the primary link has twice metric value compare to it, will be load balanced

show routing table should see both path again now.. with un-equal load balance

R1#sh ip route
..
D       30.30.23.0/24 [90/10537472] via 30.30.13.2, 00:06:07, Serial0/1
                      [90/20537600] via 30.30.12.2, 00:06:07, Serial0/0

see... that's cool isn't it :)

passive-interface

check your EIGRP configuration on R1

router eigrp 1
 variance 2
 network 30.0.0.0
 network 172.16.0.0
 network 192.168.99.0
 no auto-summary

the line in yellow saying that
-send hello packet to all this network
-advertise all this network

actually it is a security hole to have all interface to be able to send hello packet, any time bad guy can plug in to it and form a neighbor and they can manipulate your network .. 

the best practice is to make all the interface passive (not send hello but still being advertised) and only open for the interface that connected to your other EIGRP router

do this on R1

router eigrp 1
 variance 2
 passive-interface default
 network 30.0.0.0

now you will loose all neighbor... now open again for R1 Ser0/0 and Ser0/1

router eigrp 1
 no passive-interface Serial0/0
 no passive-interface Serial0/1

do the same for R2 and R3, now your router a lot more safer :) happy routing !
3 comments:
Labels: , , , , , , ,

Wednesday, December 9, 2009

EIGRP, backup and default gateway


EIGRP configuration




go to cyb n png, type this command on both router

Cyb(config)#router eigrp 1

Cyb(config-router)#network 10.0.0.0

Cyb(config-router)#no auto-summary

# router eigrp 1 : You can choose any number for eigrp from 1-65535, router with the same eigrp AS number will exchange routing information each others.

# network 10.0.0.0 : all the interface with this address will be advertised to all router with eigrp 1

#no auto-summary : if you are using classless IP address in your network, this command should be apply, if not, router gonna summarize all the network and only advertise it as a single network. It may cause looping problem. Classfull network not gonna effected

After eigrp is set on the 2nd router, you’ll notice there’s a message as picture above, this mean that both router are learning each other, they both advertise the network 10.x.x.x as defined in the command.

Type #show ip eigrp interface to know which interface is advertise, in this case, all the interface with address 10.x.x.x


Now we’ll configure eigrp on Aus router, but this time one by one, mean I’ll do on specific interface or subnet. Previously we did it by take the full class of 10.x.x.x IP address. We gonna start advertise subnet 10.1.37.x to eigrp 1, follow by other subnet.

Aus(config)#router eigrp 1

Aus(config-router)#network 10.1.37.0 0.0.0.255


The message show only 10.1.37.x subnet as new learned network, this example just to show how to choose any specific subnet to advertise. So now we’ll proceed to add the rest of the subnet.

Aus(config-router)#network 10.1.47.0 0.0.0.255

Aus(config-router)#network 192.168.0.0 0.0.255.255

So we added all the network that we want eigrp to learn already, now let’s check from Cyb router, type

Cyb#show ip route


from the result, we can see there are two directly connected subnet (line start with c, d is eigrp). Ok, now we know that cyb already learn about 192.168.x.x network that connected to Aus.

Simulate the backup link when the primary is down

From the topology, there are two links from Aus to reach 10.1.10.0/24, and vice versa. Let’s assume Aus – Cyb is 2xT1 line, Aus – Png is T1. How to this? Just manually set the interface bandwidth.

Aus(config)#int ser 0/0 (to Cyb)

Aus(config-if)#bandwidth 3088 (format is in kilobits)

Aus(config)#int ser 0/1 (to Png)

Aus(config-if)#bandwidth 1544 (format is in kilobits)

Type show ip route

But there’s only one route to 10.1.10.x, what happen to Aus-Png? Actually eigrp only advertise the best route. Show ip route only show routing table, so to see all the learned network table(topology table), type show ip eigrp topology

There’s a lot of information we can get from here. In red,

FD is feasible distance; cost between here(Aus) – 10.1.10.x.

AD is advertise distance; cost from neighbor to 10.1.10.x; Cyb to 10.1.10.x

codes p – passive mean the routing for this route is in idle because the link is up.

Codes A – active mean not ok; the link maybe down or not avaible, so routing protocol is actively looking for a backup or another link to this network

if you notice, AD for both router to 10.1.10.x is same, this is because both are having the same cost(bandwidth) to reach 10.1.10.x, fd is not same because the WAN link not same, Cyb use 2xT1 and Png use T1. So eigrp will choose the lowest FD as successor(primary link).

Ok, now let’s shutdown the successor, int ser 0/0 on Aus, and show ip route

Now route to 10.1.10.x is thru Png, 10.1.47.1

Default route (usually for internet)

Now let’s simulate a default route or route to the internet, let’s assume link to the internet is using loopback 0, 192.168.0.0/24 on Aus.

Aus(config)#ip route 0.0.0.0 0.0.0.0 lo 0 //this will route ‘any’ address to’ any’ address thru loopback 0

Aus(config)#router eigrp 1

Aus(config-router)#net 0.0.0.0 //advertise ‘any’ network to eigrp 1

To try this, try traceroute to 4.2.2.2, one of the internet DNS from any router(just for example) better try from Cyb or Png to make sure eigrp advertise this route to all the router within the same AS number


All the packet to the destination unknown or any or (internet) will be routed to 10.1.47.2 which is Aus. So this should be enough to prove the concept J happy routing!

1 comment:
Labels: , , , , ,
Subscribe to: Posts (Atom)