What is keepalive on Router interfaces and why it is there?

What is a keepalive?

Keepalive is a way of determining the state (up or down) of an interface. There is a time interval associated with the keepalive configuration, default is 10 seconds. So the router sends a keepalive packet every 10 seconds, and if it fails to see three packets in a row than it is considered down.

Therefore, if there is cable connected to the interface then router will receive reply within 10 seconds and router knows that the interface is up. Otherwise it is considered down. However, if you configure keepalive as no keepalive or keepalive 0 than router will not send any packets and it will consider always up/up.

Hence, with no keepalive command on the interface, no matter what, the interface should remain up/up?  And this technique is helpful in simulation and testing purpose.

Lets check it out!

Default interface settings of f0/0

R1#sh int f0/0

FastEthernet0/0 is administratively down, line protocol is down

Hardware is Gt96k FE, address is c200.1868.0000 (bia c200.1868.0000)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Half-duplex, 10Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

 

After keepalive is turned off the interface show up/up

R1(config)#int f0/0

R1(config-if)#no shut

R1(config-if)#no kee

R1(config-if)#no keepalive

R1(config-if)#end

R1#sh int f0/0

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is c200.1868.0000 (bia c200.1868.0000)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Half-duplex, 10Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Advertisements

Preventing unwanted EIGRP neighbors!

There are two ways to prevent unwanted EIGRP neighbors, one is using passive interface command and other is enabling EIGRP authentication method. However, there may be some other ways also, which I don’t at the moment!! But if the EIGRP k values are not same on the routers than neighbor ship is not possible as well.

1. (The passive interface command)

With EIGRP the passive interface command will neither send or nor receive any route updates. The door is absolute closed!!

When we configure EIGRP routing protocol on the interfaces with the network command, the network command does two things:

  1. Attempt to find potential neighbors by sending Hello to the 224.0.0.10 multicast address
  2. Advertises about the knows subnet connected to that interface

Hence, we enable passive interface on the interfaces where no legitimate EIGRP neighbors exist or from security point of view. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. Otherwise, with most routing protocols, the passive-interface command restricts outgoing.

Configuration:

|R1(config)#router eigrp 1

|R1(config-router)#passive-interface s0/1

|R1(config-router)#end

When the passive-interface command is used in EIGRP, the router cannot form neighbor adjacencies on the interface, or send or receive routing updates. But, if you want the outgoing routing updates alone be suppressed but the inbound updates continue to be received (and the routers still continue to be neighbors), then use the distribute-list command:

Configuration:

|R1(config)#access-list 20 deny any

|R1(config)#router eigrp 1

|R1(config-router)#no passive-interface serial 0/1

|R1(config-router)#distribute-list 20 out serial 0/1


 

2. EIGRP authentication method

EIGRP authentication causes routers to authenticate every EIGRP messages. The mechanism is:

  • EIGRP routers should use the same PSK (per shared key), generating an MD5 digest for each EIGRP message based on that PSK
  • If a router configured for EIGRP authentication receives an EIGRP message and the message’s MD5 digest doesn’t pass the authentication checking based on the local copy of the key, the router discards the message
  • As a result, when authentication fails two routers cannot become neighbors.

 EIGRP authentication configuration steps:

1. Key Chain:- Create key chain and give it a name. The name do not have to match on the neighboring routers.

R1(config)#key chain name

2. Key number:- Create one or more key numbers, the numbers do not have to match on the neighboring routers.

R1(config)#key  number

3. Key-String:- Define authentication key’s value. The key-string must match on all neighboring routers. Key-string is like a password!

R1(config)#key-sting  sting

4. Enable EIGRP MD5 authentication on an interface, for a particular AS number.

|R1(config)# int s0/0

|R1(config-if)# ip authentication mode eigrp 1 md5

|R1(config-if)# ip authentication key-chain eigrp 1 chain_name

 

Controlling EIGRP behavior by configuring Hello and Hold Timer for faster convergence

When we talk about route convergence, EIGRP converges very fast even with the default settings. One of the slower components of the EIGRP convergence process relates to the timers the EIGRP neighbors use to recognize that the neighbor ship has failed. If the interface over which the neighbor is reachable fails, IOS changes the interface state to anything other than “up/up”, then the router immediately knows that the neighbor ship should fail.

However, in some cases, the interface state may stay “up/up” during times when the link may not be operational. In such scenario EIGRP convergence relies on the Hold Timers to expire, which by default on LAN means a 15 sec wait and on T1 and slower with encapsulation of Frame Relay is 60 sec. Therefore, to optimize the convergence time, engineer can simply reduce the Hello and Hold Timers to 2 and 6 respectively.

Example:

 interface fastethernet 0/1

Ip hello-interval eigrp 100 2

Ip hold-time eigrp 100 6

EIGRP route selection process

EIGRP follows three general steps to select best routes:

  1. Neighbor Discovery
  2. Topology Exchange
  3. Choosing Routes

 

  1. Neighbor Discovery:

Neighbor discovery is done by sending multicast message using multicast address 224.0.0.10 called Hello Messages. This hello message contains EIGRP parameters such as the K-value, Hold Time and AS numbers. These are checked by the router receiving the hello message before forming neighbor ship. The hello message are send out every 5 seconds by default on a high bandwidth and every 60 seconds on a low bandwidth links. Hello message sent by stub routers also have “stub” parameters like connection, summary, redistributions, receiving-only and static. Hello message are multicast by default but if neighbors are configured statically on a NBMA network such as Frame Relay they are unicast. After analyzing the Hello Message if the parameters are matching with the receiving router, then the neighbor ship is formed.

  1. Topology Exchange:

Once the neighbors are formed on the basis of Hello Messages, the adjacent routers start exchanging topology table reliably by using RTP (Reliable Transport Protocol). This table contains all the possible routes to other EIGRP subnets having same EIGRP AS number. The routes are either marking as FD (Feasible Distance) or FS (Feasible Successor) on the basis of EIGRP composite matric calculation. The command to see the content of topology table is Show ip eigrp topology

 

R1#sh ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(192.168.70.1)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status

 

P 192.168.10.0/24, 1 successors, FD is 11151872

        via 172.1.34.2 (11151872/2297856), Serial0/0

        via 172.1.36.1 (20640000/128256), Serial0/1

P 192.168.1.0/24, 1 successors, FD is 10639872

        via 172.1.34.2 (10639872/128256), Serial0/0

        via 172.1.36.1 (21152000/2297856), Serial0/1

  1. Choosing Routes

After exchanging the topology tables the routers will analyze it and choose the lowest-matric route to reach each subnet. The lowest-matric routes are then kept in the routing table. If you analyze the above output the routes that goes in the routing table are marked with FD these are 11151872 and 10639872. The other routes with the matric 20640000 and 21152000 are called as Feasible successor and these are backup routes to the same destinations and will remain in the topology table until any things happens with the primary routes.  Should anything happens with the primary routes, these feasible successor will take the place and will be in the routing table. The command to see the content the of routing table is sh ip route

R1#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

       E1 – OSPF external type 1, E2 – OSPF external type 2

       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

       ia – IS-IS inter area, * – candidate default, U – per-user static route

       o – ODR, P – periodic downloaded static route

 

Gateway of last resort is not set

 

D    192.168.30.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

C    192.168.60.0/24 is directly connected, Loopback1

D    192.168.10.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

D    192.168.20.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

C    192.168.50.0/24 is directly connected, Loopback0

D    192.168.1.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

D    192.168.2.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

C    192.168.70.0/24 is directly connected, Loopback2

D    192.168.3.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

R1#

Obtaining Network ID, Broadcast address and usable IP addresses from a given IP address

Let’s say you have been give an IP address and asked you to find out its Network ID, Broadcast and all usable IP addresses. How can you do it?
Well there are different ways to do it, but I will discuss two ways and I am particularly very interested to discuss the one that is easy and faster!
First Way: let’s assume that the given IP address is 5.88.192.50/29
Step 1: The /29 means 29 bits are turned on, i.e. 11111111.11111111.11111111.11111000 from this we get the subnet 255.255.255.248
Step 2: Now subtract the last octet of subnet mask from 256 to get the block size. 256 – 248 = 8 (block)
Step 3: Now increment the block by block starting from zero until it get more than the last octet of the given IP address (50), i.e. 0,8,16,24,32,40,48,56………
Step 4: Now one can see that the last octet of IP address 50 falls between block size 48 and 56, hence we get that:
Network ID is: 5.88.192.48
Broadcast address is: Last bock size 56 – 1 = 55 (5.88.192.55)
Usable IP range: 6
Usable IP addresses:
5.88.192.49
5.88.192.50
5.88.192.51
5.88.192.52
5.88.192.53
5.88.192.54

Second Way: We will consider the same IP address 5.88.192.50/29
Step 1: Get the subnet mask, which is 255.255.255.248
Step 2: Get the block size 256 -248 = 8 (block)
Step 3: Divide the last octet of IP address i.e. 50 by the block size i.e. 8 (50 / 8 = 6.25)
Step 4: Now truncate the decimal portion of the value 6.25 and multiply it by block size 8 (6 * 8 = 48)
Hence 48 is the network ID of the given IP address. 5.88.192.48

Note: This second way is little tricky sometimes. Because one might get a block size greater than the value in the octet to be divided. For example consider this IP address: 10.218.15.163 255.255.240.0  OR /20. The block size of this network is 16 and value in the octet is 15 hence we can’t divide this further. So the solution is one can follow the binary AND operation mentioned below or simply replace the octet and subsequent octet with zero.

Therefore, according to this rule the answer to this question:

Which subnet does host 10.218.15.163 255.255.240.0 belong to?

Subnet: 10.218.0.0

Broadcast: 10.128.15.255

Third Way: We will consider the same IP address 5.88.192.50/29
Using bit wise AND operation and this is what exactly computers get the information.

Here the IP address and the subnet mask is converted into binary numbers and after performing bit wise AND operation, one will get the network address.
5.88.192.50 (ip address)
10100000.01011000.11000000.00110010
255.255.255.248 (mask)
11111111.11111111.11111111.11111000
===========================================
10100000.01011000.11000000.00110000 Result of AND operation.
===========================================

5.88.192.48 (network address)