Injecting (propagating) Default Route via EIGRP

Default Route: A route that matches the destination of all packets that are not matched by any other route in the IP routing table. It can also be called as the ultimate summary route 0.0.0.0/0 (all IPv4 addresses).

There are different methods to inject default route into EIGRP process:

  1.       Injecting static default route using redistribute command in EIGRP routing process or advertise the static default route.
  2.       Injecting static default route using default-network command.
  3.       Summarized the static default route (0.0.0.0/0)

In all these scenarios one must define the static default route first then you could advertise itredistribute it or create summary-address or make that static route as a default network.

To illustrate these methods I have set up a very simple topology.

image001

All these routers are routing the routes using EIGRP AS 100 except the network 30.1.1.0. This 30.1.1.0 network is emulating a remote network to which R1 and R2 are trying to reach. Hence the task of this lab is to inject default route into R1 and R2 so they can reach network 30.1.1.0.

Let’s check the routing table of each router.

R1:

Gateway of last resort is not set 

       1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

D       2.1.1.0 [90/307200] via 1.1.1.2, 00:13:47, FastEthernet0/0

     20.0.0.0/24 is subnetted, 1 subnets


D     20.1.1.0 [90/409600] via 1.1.1.2, 00:13:47, FastEthernet0/0

     10.0.0.0/24 is subnetted, 1 subnets

C       10.1.1.0 is directly connected, Loopback0

R2:Both the routers doesn’t contain 30.0.0.0 network. This is simply because R3 is not advertising it. So both the routers can’t reach it.

Gateway of last resort is not set 

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

C       2.1.1.0 is directly connected, FastEthernet0/1

     20.0.0.0/24 is subnetted, 1 subnets

C       20.1.1.0 is directly connected, Loopback0

     10.0.0.0/24 is subnetted, 1 subnets

D       10.1.1.0 [90/409600] via 1.1.1.1, 00:15:14, FastEthernet0/0

Redistributing Static Default route:

Let’s first try with injecting default route using redistribute command under EIGRP process. So, first we need
to define a static route on R2. Why R2 because it is directly connected to R3.

R2#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#ip route 0.0.0.0 0.0.0.0 f0/1 (0.0.0.0 means any route that is currently not in the routing table & will be forwarded to f0/1 interface)

R2(config)#router eigrp 100

R2(config-router)#redistribute static metric 1544 10 255 1 1500   

Now let’s check the routing table of R1:

Gateway of last resort is 1.1.1.2 to network 0.0.0.0 

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

D       2.1.1.0 [90/307200] via 1.1.1.2, 00:28:59,FastEthernet0/0

     20.0.0.0/24 is subnetted, 1 subnets

D       20.1.1.0 [90/409600] via 1.1.1.2, 00:28:59,FastEthernet0/0

     10.0.0.0/24 is subnetted, 1 subnets

C       10.1.1.0 is directly connected, Loopback0

D*EX 0.0.0.0/0 [170/1686016] via 1.1.1.2, 00:00:06, FastEthernet0/0

As you can see the default route has been successfully redistributed into R1.  D*EX means this route is a candidate default and it is redistributed via 1.1.1.2. Gateway of last resort is also the same interface for unknown network (0.0.0.0). Let’s try to ping 30.0.0.0 network from R1.

R1#ping 30.1.1.1

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/44/68 ms

Once could also configure more specific static route if the network is known clearly. Like in our example we have clear information about the destination network right? (30.1.1.0) So we can configure static route as:
ip route 30.1.1.0 255.255.255.0 f0/1
However, the caveat is this wouldn’t be a candidate default route! Let’s test configuration and check the routing table on R1.

R2#config

Configuring from terminal, memory, or network [terminal]? t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

R2(config)#ip route 30.1.1.0 255.255.255.0 f0/1

R2(config)#

R1#sh ip route

Gateway of last resort is not set 

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

D       2.1.1.0 [90/307200] via 1.1.1.2, 00:12:49, FastEthernet0/0

     20.0.0.0/24 is subnetted, 1 subnets

D       20.1.1.0 [90/409600] via 1.1.1.2, 00:12:54, FastEthernet0/0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.41.41.0 is directly connected, Serial0/0

C       10.1.1.0 is directly connected, Loopback0

     30.0.0.0/24 is subnetted, 1 subnets

D EX    30.1.1.0 [170/1686016] via 1.1.1.2, 00:05:16, FastEthernet0/0 

If you carefully analyze the routing table then you would observe that the route is no more candidate default it is just an external route and gateway of last resort is also not set. Because * is not there in between D EX. * means candidate default. Let’s try to ping this network.

R1#ping 30.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max =24/53/84 ms

Good! We are able to get there, the only concern is, it is not a candidate default. 

Advertising Static Default route:

Now let’s play with one more variation. In this we will use the same static route but instead of redistributing it we will advertise this into EIGRP process. We will use static route of all zeros 0.0.0.0/0 and advertise it. And when we advertise the static route it will be internal EIGRP route to the neighbor router. 

R2#config t

R2(config)#no ip route 30.1.1.0 255.255.255.0 f0/1

R2(config)#ip route 0.0.0.0 0.0.0.0 f0/1

R2(config)#router eigrp 100

R2(config-router)#no redistribute static metric 1544 10 255 1 1500

R2(config-router)#network 0.0.0.0

Let’s check the routing table of R1

Gateway of last resort is 1.1.1.2 to network 0.0.0.0

      1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

D       2.1.1.0 [90/307200] via 1.1.1.2, 00:34:47, FastEthernet0/0

     20.0.0.0/24 is subnetted, 1 subnets

D       20.1.1.0 [90/409600] via 1.1.1.2, 00:34:52, FastEthernet0/0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.41.41.0 is directly connected, Serial0/0

C       10.1.1.0 is directly connected, Loopback0

D*   0.0.0.0/0 [90/307200] via 1.1.1.2, 00:01:43, FastEthernet0/0

As you can see we have successfully advertised the default route here. Here is the route is indicated as D this means this is a normal EIGRP route and it is a candidate default. Similarly, one could also use the following method:

R2(config)#ip route 30.1.1.0 255.255.255.0 f0/1

R2(config)#router eigrp 100

R2(router)#network 30.0.0.0

The second method will not create candidate default!

Summarizing the Static Default
route:

We will use the same default route (0.0.0.0/0)

Configuration snapped:

R2(config)#ip route 0.0.0.0 0.0.0.0 f0/1

R2(config)#interface f0/0

R2(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0

Alright, now let’s try with Default-Network command and track how it goes.  

With the default-network command we can advertise a non-zero network number as the default network. To do so following two conditions must be always TRUE:

  1. The network number must be a class full network number (Class A, B or C).
  2. And the network must be in the routing table of the originating router.

Keeping these two conditions in mind we have to change the IP addressing scheme in our topology.

Notice: The network between R2 and R3 is change to class A. And IP addresses on both the interfaces have changed accordingly. I have also added one more router, R4 to see how the default network propagates in the network.

Since R2 is originating the default-network it should have this route in its routing table right? Let’s go and check it:

R2#sh ip route

Gateway of last resort is not set

      1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

C    2.0.0.0/8 is directly connected, FastEthernet0/1

     20.0.0.0/24 is subnetted, 1 subnets

C       20.1.1.0 is directly connected, Loopback0

     10.0.0.0/24 is subnetted, 2 subnets

D       10.41.41.0 [90/2195456] via 1.1.1.1, 00:30:47, FastEthernet0/0

D       10.1.1.0 [90/409600] via 1.1.1.1, 00:30:47, FastEthernet0/0

     30.0.0.0/24 is subnetted, 1 subnets

R2 does have the network: C 2.0.0.0/8 is directly connected, FastEthernet0/1

Alright so both the conditions are TRUE so we are all set to go!

Again we need to define one static route to 30.1.1.0 network via
2.1.1.2 on R3

Ip route 30.1.1.0 255.255.255.0 2.1.1.2

Now let’s define the default network:

Ip default-network 2.0.0.0

Configuration snapped:

R2#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#ip route 30.1.1.0 255.255.255.0 2.1.1.2

R2(config)#ip default-network 2.0.0.0

R2(config)#end

 

Let’s check its routing table.

R2#sh ip routeAs you can see we have candidate default (C*) and static routes (S) both.

Gateway of last resort is not set 

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, FastEthernet0/0

C*   2.0.0.0/8 is directly connected, FastEthernet0/1

     20.0.0.0/24 is subnetted, 1 subnets

C       20.1.1.0 is directly connected, Loopback0

     10.0.0.0/24 is subnetted, 2 subnets

D       10.41.41.0 [90/2195456] via 1.1.1.1, 00:38:27,FastEthernet0/0

D       10.1.1.0 [90/409600] via 1.1.1.1, 00:38:27,FastEthernet0/0

     30.0.0.0/24 is subnetted, 1 subnets

S       30.1.1.0 [1/0] via 2.1.1.2

R2#

Let’s ping the remote network address 30.1.1.1

R2#ping 30.1.1.1 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max =
28/35/48 ms

R2#

Let’s check the routing table of R4:

R4#sh ip route

Gateway of last resort is 10.41.41.1 to network 2.0.0.0

 

      1.0.0.0/24 is subnetted, 1 subnetsSure enough, we do have the candidate default (D*) via EIGRP and we are able to ping the remote network as well. And this method is effective for advertising connection to the Internet.

D       1.1.1.0 [90/2195456] via 10.41.41.1, 05:34:00, Serial0/0

D*   2.0.0.0/8 [90/2221056] via 10.41.41.1, 00:04:19, Serial0/0

     20.0.0.0/24 is subnetted, 1 subnets

D       20.1.1.0 [90/2323456] via 10.41.41.1, 02:28:07, Serial0/0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.41.41.0 is directly connected, Serial0/0

D       10.1.1.0 [90/2297856] via 10.41.41.1, 05:34:00, Serial0/0

R4#ping 30.1.1.1 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max =60/65/68 ms

R4#

 

 

Advertisements

Preventing unwanted EIGRP neighbors!

There are two ways to prevent unwanted EIGRP neighbors, one is using passive interface command and other is enabling EIGRP authentication method. However, there may be some other ways also, which I don’t at the moment!! But if the EIGRP k values are not same on the routers than neighbor ship is not possible as well.

1. (The passive interface command)

With EIGRP the passive interface command will neither send or nor receive any route updates. The door is absolute closed!!

When we configure EIGRP routing protocol on the interfaces with the network command, the network command does two things:

  1. Attempt to find potential neighbors by sending Hello to the 224.0.0.10 multicast address
  2. Advertises about the knows subnet connected to that interface

Hence, we enable passive interface on the interfaces where no legitimate EIGRP neighbors exist or from security point of view. This stops not only routing updates from being advertised, but it also suppresses incoming routing updates. Otherwise, with most routing protocols, the passive-interface command restricts outgoing.

Configuration:

|R1(config)#router eigrp 1

|R1(config-router)#passive-interface s0/1

|R1(config-router)#end

When the passive-interface command is used in EIGRP, the router cannot form neighbor adjacencies on the interface, or send or receive routing updates. But, if you want the outgoing routing updates alone be suppressed but the inbound updates continue to be received (and the routers still continue to be neighbors), then use the distribute-list command:

Configuration:

|R1(config)#access-list 20 deny any

|R1(config)#router eigrp 1

|R1(config-router)#no passive-interface serial 0/1

|R1(config-router)#distribute-list 20 out serial 0/1


 

2. EIGRP authentication method

EIGRP authentication causes routers to authenticate every EIGRP messages. The mechanism is:

  • EIGRP routers should use the same PSK (per shared key), generating an MD5 digest for each EIGRP message based on that PSK
  • If a router configured for EIGRP authentication receives an EIGRP message and the message’s MD5 digest doesn’t pass the authentication checking based on the local copy of the key, the router discards the message
  • As a result, when authentication fails two routers cannot become neighbors.

 EIGRP authentication configuration steps:

1. Key Chain:- Create key chain and give it a name. The name do not have to match on the neighboring routers.

R1(config)#key chain name

2. Key number:- Create one or more key numbers, the numbers do not have to match on the neighboring routers.

R1(config)#key  number

3. Key-String:- Define authentication key’s value. The key-string must match on all neighboring routers. Key-string is like a password!

R1(config)#key-sting  sting

4. Enable EIGRP MD5 authentication on an interface, for a particular AS number.

|R1(config)# int s0/0

|R1(config-if)# ip authentication mode eigrp 1 md5

|R1(config-if)# ip authentication key-chain eigrp 1 chain_name

 

Controlling EIGRP behavior by configuring Hello and Hold Timer for faster convergence

When we talk about route convergence, EIGRP converges very fast even with the default settings. One of the slower components of the EIGRP convergence process relates to the timers the EIGRP neighbors use to recognize that the neighbor ship has failed. If the interface over which the neighbor is reachable fails, IOS changes the interface state to anything other than “up/up”, then the router immediately knows that the neighbor ship should fail.

However, in some cases, the interface state may stay “up/up” during times when the link may not be operational. In such scenario EIGRP convergence relies on the Hold Timers to expire, which by default on LAN means a 15 sec wait and on T1 and slower with encapsulation of Frame Relay is 60 sec. Therefore, to optimize the convergence time, engineer can simply reduce the Hello and Hold Timers to 2 and 6 respectively.

Example:

 interface fastethernet 0/1

Ip hello-interval eigrp 100 2

Ip hold-time eigrp 100 6

EIGRP route selection process

EIGRP follows three general steps to select best routes:

  1. Neighbor Discovery
  2. Topology Exchange
  3. Choosing Routes

 

  1. Neighbor Discovery:

Neighbor discovery is done by sending multicast message using multicast address 224.0.0.10 called Hello Messages. This hello message contains EIGRP parameters such as the K-value, Hold Time and AS numbers. These are checked by the router receiving the hello message before forming neighbor ship. The hello message are send out every 5 seconds by default on a high bandwidth and every 60 seconds on a low bandwidth links. Hello message sent by stub routers also have “stub” parameters like connection, summary, redistributions, receiving-only and static. Hello message are multicast by default but if neighbors are configured statically on a NBMA network such as Frame Relay they are unicast. After analyzing the Hello Message if the parameters are matching with the receiving router, then the neighbor ship is formed.

  1. Topology Exchange:

Once the neighbors are formed on the basis of Hello Messages, the adjacent routers start exchanging topology table reliably by using RTP (Reliable Transport Protocol). This table contains all the possible routes to other EIGRP subnets having same EIGRP AS number. The routes are either marking as FD (Feasible Distance) or FS (Feasible Successor) on the basis of EIGRP composite matric calculation. The command to see the content of topology table is Show ip eigrp topology

 

R1#sh ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(192.168.70.1)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status

 

P 192.168.10.0/24, 1 successors, FD is 11151872

        via 172.1.34.2 (11151872/2297856), Serial0/0

        via 172.1.36.1 (20640000/128256), Serial0/1

P 192.168.1.0/24, 1 successors, FD is 10639872

        via 172.1.34.2 (10639872/128256), Serial0/0

        via 172.1.36.1 (21152000/2297856), Serial0/1

  1. Choosing Routes

After exchanging the topology tables the routers will analyze it and choose the lowest-matric route to reach each subnet. The lowest-matric routes are then kept in the routing table. If you analyze the above output the routes that goes in the routing table are marked with FD these are 11151872 and 10639872. The other routes with the matric 20640000 and 21152000 are called as Feasible successor and these are backup routes to the same destinations and will remain in the topology table until any things happens with the primary routes.  Should anything happens with the primary routes, these feasible successor will take the place and will be in the routing table. The command to see the content the of routing table is sh ip route

R1#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

       E1 – OSPF external type 1, E2 – OSPF external type 2

       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

       ia – IS-IS inter area, * – candidate default, U – per-user static route

       o – ODR, P – periodic downloaded static route

 

Gateway of last resort is not set

 

D    192.168.30.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

C    192.168.60.0/24 is directly connected, Loopback1

D    192.168.10.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

D    192.168.20.0/24 [90/11151872] via 172.1.34.2, 00:46:24, Serial0/0

C    192.168.50.0/24 is directly connected, Loopback0

D    192.168.1.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

D    192.168.2.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

C    192.168.70.0/24 is directly connected, Loopback2

D    192.168.3.0/24 [90/10639872] via 172.1.34.2, 00:46:25, Serial0/0

R1#

Obtaining Network ID, Broadcast address and usable IP addresses from a given IP address

Let’s say you have been give an IP address and asked you to find out its Network ID, Broadcast and all usable IP addresses. How can you do it?
Well there are different ways to do it, but I will discuss two ways and I am particularly very interested to discuss the one that is easy and faster!
First Way: let’s assume that the given IP address is 5.88.192.50/29
Step 1: The /29 means 29 bits are turned on, i.e. 11111111.11111111.11111111.11111000 from this we get the subnet 255.255.255.248
Step 2: Now subtract the last octet of subnet mask from 256 to get the block size. 256 – 248 = 8 (block)
Step 3: Now increment the block by block starting from zero until it get more than the last octet of the given IP address (50), i.e. 0,8,16,24,32,40,48,56………
Step 4: Now one can see that the last octet of IP address 50 falls between block size 48 and 56, hence we get that:
Network ID is: 5.88.192.48
Broadcast address is: Last bock size 56 – 1 = 55 (5.88.192.55)
Usable IP range: 6
Usable IP addresses:
5.88.192.49
5.88.192.50
5.88.192.51
5.88.192.52
5.88.192.53
5.88.192.54

Second Way: We will consider the same IP address 5.88.192.50/29
Step 1: Get the subnet mask, which is 255.255.255.248
Step 2: Get the block size 256 -248 = 8 (block)
Step 3: Divide the last octet of IP address i.e. 50 by the block size i.e. 8 (50 / 8 = 6.25)
Step 4: Now truncate the decimal portion of the value 6.25 and multiply it by block size 8 (6 * 8 = 48)
Hence 48 is the network ID of the given IP address. 5.88.192.48

Note: This second way is little tricky sometimes. Because one might get a block size greater than the value in the octet to be divided. For example consider this IP address: 10.218.15.163 255.255.240.0  OR /20. The block size of this network is 16 and value in the octet is 15 hence we can’t divide this further. So the solution is one can follow the binary AND operation mentioned below or simply replace the octet and subsequent octet with zero.

Therefore, according to this rule the answer to this question:

Which subnet does host 10.218.15.163 255.255.240.0 belong to?

Subnet: 10.218.0.0

Broadcast: 10.128.15.255

Third Way: We will consider the same IP address 5.88.192.50/29
Using bit wise AND operation and this is what exactly computers get the information.

Here the IP address and the subnet mask is converted into binary numbers and after performing bit wise AND operation, one will get the network address.
5.88.192.50 (ip address)
10100000.01011000.11000000.00110010
255.255.255.248 (mask)
11111111.11111111.11111111.11111000
===========================================
10100000.01011000.11000000.00110000 Result of AND operation.
===========================================

5.88.192.48 (network address)