Pages

Sunday, September 26, 2010

EIGRP route summarization, default gateway, variance and passive-interface

this lab will cover route summarization, default gateway using network-default command, variance and EIGRP passive-interface concept

R1

interface Loopback11
 ip address 172.16.1.1 255.255.255.0
!
interface Loopback12
 ip address 172.16.2.1 255.255.255.0
!
interface Loopback13
 ip address 172.16.3.1 255.255.255.0
!
interface Loopback14
 ip address 172.16.4.1 255.255.255.0
!
interface Loopback15
 ip address 172.16.5.1 255.255.255.0

interface Serial0/0
 ip address 30.30.12.1 255.255.255.252
 clock rate 56000

interface Serial0/1
 ip address 30.30.13.1 255.255.255.252
 clock rate 56000

router eigrp 1
 network 30.0.0.0
 network 172.16.0.0
 no auto-summary

R2
interface FastEthernet0/0
 ip address 30.30.23.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 30.30.12.2 255.255.255.252
 clock rate 2000000

router eigrp 1
 network 30.0.0.0
 no auto-summary

R3
interface FastEthernet0/0
 ip address 30.30.23.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 30.30.13.2 255.255.255.252
 clock rate 2000000
router eigrp 1
 network 30.0.0.0
 no auto-summary

Route Summarization 

show ip route on R2 and R3 will show all the route for prefixes 172.16.x.x, what if you have thousands of prefixes? your routing table gonna be a mess. to reduce this, we can summarize it

R2>sh ip rou
..
     172.16.0.0/24 is subnetted, 5 subnets
D       172.16.4.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.5.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.1.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.2.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
D       172.16.3.0 [90/2297856] via 30.30.12.1, 00:42:12, Serial0/0
..

so we have 172.16.1.0 - 172.16.5.0, the best range to contain all the above prefixes is 172.16.0.0/21 or mask 255.255.248.0.. 172.16.0.0 - 172.16.7.255

summarization is applied on the interface, lets apply this R1 Ser 0/0

interface Serial0/0
 ip address 30.30.12.1 255.255.255.252
 ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5
 clock rate 56000
end


check R2 routing table

R2>sh ip rou
....

     172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
D       172.16.4.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.5.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.0.0/21 [90/2297856] via 30.30.12.1, 00:02:51, Serial0/0
D       172.16.1.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.2.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0
D       172.16.3.0/24 [90/2323456] via 30.30.23.2, 00:02:51, FastEthernet0/0

you see that (in yellow), route to 172.16.x.x summarize into /21 subnet.. but why there's still storing the un-summarize (green)? notice that it is learned via 30.30.12.2 (R3).. and we didn't summarize route from R1 - R3.

*one more thing we need to remember, above Administrative Distance, the highest priority always the smallest prefix.. even it's learned from RIP, it's still the preferred route compare to EIGRP, OSPF... 

ok, now let's summarize those network on R1 Ser0/1 (connected to R3)

ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5

check routing table on both R2 and R3


R2>sh ip rou
...
     172.16.0.0/21 is subnetted, 1 subnets
D       172.16.0.0 [90/2297856] via 30.30.12.1, 00:00:41, Serial0/0

now looks good :)

Default Route

let's assume 192.168.99.0/24 is gateway to outside network, and it's connected to R1

create a static route to this gateway on R1 and point it to NULL 0

ip route 192.168.99.0 255.255.255.0 Null0

and advertise it in EIGRP 1

router eigrp 1
 network 30.0.0.0
 network 172.16.0.0
 network 192.168.99.0
 no auto-summary

and make it default gateway for R2 and R3

ip default-network 192.168.99.0

show routing table on R2 and R3

R3>sh ip rou
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 30.30.13.1 to network 192.168.99.0

     172.16.0.0/21 is subnetted, 1 subnets
D       172.16.0.0 [90/2297856] via 30.30.13.1, 00:15:21, Serial0/0
D*   192.168.99.0/24 [90/2169856] via 30.30.13.1, 1d06h, Serial0/0
     30.0.0.0/8 is variably subnetted ....

yes.. that's correct :)

un-equal load balance using Variance

show R1 routing table

R1#sh ip rou
...
D       30.30.23.0/24 [90/2195456] via 30.30.13.2, 02:05:56, Serial0/1
                      [90/2195456] via 30.30.12.2, 02:05:56, Serial0/0
1

there's two route with same metric from R1 to network 30.30.23.0/24.. let's change this to simulate un-equal load balance

up the bandwith on R1 Ser0/1 to make the preferred path is via R3

interface Serial0/1
 bandwidth 256
 ip address 30.30.13.1 255.255.255.252
 ip summary-address eigrp 1 172.16.0.0 255.255.248.0 5
 clock rate 56000
end

and make R1 Ser0/0 to have half of Ser0/1 bandwidth
.. 
 bandwidth 256
..

show routing table again now and you should only see on path

R1#sh ip rou
..
D       30.30.23.0/24 [90/2195456] via 30.30.12.2, 00:01:47, Serial0/0

now check metric to 30.30.23.0/24 on EIGRP topology table

R1#sh ip ei top
..
P 30.30.23.0/24, 1 successors, FD is 2195456
        via 30.30.13.2 (10537472/281600), Serial0/1
        via 30.30.12.2 (20537600/281600), Serial0/0

now you see the thru R3 has the lower metric.. and value is almost two times

now apply this line

router eigrp 1
 variance 2
 network 30.0.0.0
 network 172.16.0.0
..

this line actually saying that, for every backup path.. where the primary link has twice metric value compare to it, will be load balanced

show routing table should see both path again now.. with un-equal load balance

R1#sh ip route
..
D       30.30.23.0/24 [90/10537472] via 30.30.13.2, 00:06:07, Serial0/1
                      [90/20537600] via 30.30.12.2, 00:06:07, Serial0/0

see... that's cool isn't it :)

passive-interface

check your EIGRP configuration on R1

router eigrp 1
 variance 2
 network 30.0.0.0
 network 172.16.0.0
 network 192.168.99.0
 no auto-summary

the line in yellow saying that
-send hello packet to all this network
-advertise all this network

actually it is a security hole to have all interface to be able to send hello packet, any time bad guy can plug in to it and form a neighbor and they can manipulate your network .. 

the best practice is to make all the interface passive (not send hello but still being advertised) and only open for the interface that connected to your other EIGRP router

do this on R1

router eigrp 1
 variance 2
 passive-interface default
 network 30.0.0.0

now you will loose all neighbor... now open again for R1 Ser0/0 and Ser0/1

router eigrp 1
 no passive-interface Serial0/0
 no passive-interface Serial0/1

do the same for R2 and R3, now your router a lot more safer :) happy routing !
Labels: , , , , , , ,

3 comments:

Subscribe to: Post Comments (Atom)