Skip to main content

EIGRP - routing optimalization - part1

Today I would like to test EIGRP optimalization by using different features like summarization or stub to see what are the limitations we should be aware of.

We have 4 sites with one access router on every site. There are 5 subnets connected to every access device and every device can see all prefixes:
 



Below you can see routing table from R1, R3 and R5 as it will be the same logic on rest of them:


R1#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D        8.1.3.0/24 [90/30720] via 8.1.2.8, 00:43:50, FastEthernet1/0
D        8.1.4.0/24 [90/30720] via 8.1.1.2, 00:41:58, FastEthernet1/1
D        8.1.5.0/24 [90/33280] via 8.1.1.2, 00:33:09, FastEthernet1/1
D        8.1.7.0/24 [90/30720] via 8.1.6.3, 00:26:13, FastEthernet0/0
D        8.1.8.0/24 [90/30720] via 8.1.1.2, 00:41:58, FastEthernet1/1
D        8.1.9.0/24 [90/33280] via 8.1.1.2, 00:08:03, FastEthernet1/1
      10.0.0.0/24 is subnetted, 20 subnets
D        10.5.1.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.2.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.3.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.4.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.5.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.6.1.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.2.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.3.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.4.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.5.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.9.1.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.2.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.3.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.4.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.5.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.10.1.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.2.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.3.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.4.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.5.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
R1# 


R3#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D        8.1.1.0/24 [90/30720] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.2.0/24 [90/30720] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.3.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.4.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.5.0/24 [90/35840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.8.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.9.0/24 [90/35840] via 8.1.6.1, 00:10:39, FastEthernet0/0
      10.0.0.0/24 is subnetted, 20 subnets
D        10.5.1.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.2.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.3.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.4.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.5.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.6.1.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.2.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.3.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.4.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.5.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.9.1.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.2.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.3.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.4.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.5.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.1.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.2.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.3.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.4.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.5.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
R3# 


R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
D        8.1.1.0/24 [90/33280] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.2.0/24 [90/33280] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.3.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.4.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.5.0/24 [90/38400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.6.0/24 [90/30720] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.8.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.9.0/24 [90/38400] via 8.1.7.3, 00:11:02, FastEthernet1/0
      10.0.0.0/8 is variably subnetted, 25 subnets, 2 masks
D        10.6.1.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.2.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.3.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.4.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.5.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.9.1.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.2.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.3.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.4.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.5.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.1.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.2.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.3.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.4.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.5.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
R5#


As you can see there is no summarization and every router can see all prefixes. It isn't optimal solution as with more devices the routing table size will grow.

 There are tools which we can use to make the solution more efficient. The first I would like to apply is summarization. We should look at the network as 2 or 3 tier design. In this case we have 3-tier network:


The core is the place where fast switching/routing should happen without any packet modification like summarization, inspection, etc. The aggregation layer is used to perform network summarization (look at the diagram and arrows next to R3, R4, R7 and R8).


R3(config-if)#int fa0/0
R3(config-if)#ip summary-address eigrp 100 10.5.0.0 255.255.0.0
R3(config-if)#
 
R4(config-if)#int fa0/0
R4(config-if)#ip summary-address eigrp 100 10.6.0.0 255.255.0.0
R4(config-if)#
 
R7(config-if)#int fa1/0
R7(config-if)#ip summary-address eigrp 100 10.10.0.0 255.255.0.0
R7(config-if)#

R8(config-if)#int fa1/0
R8(config-if)#ip summary-address eigrp 100 10.9.0.0 255.255.0.0
R8(config-if)#

The effect of above summarization on R1, R3 and R5:

R1#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D        8.1.3.0/24 [90/30720] via 8.1.2.8, 01:14:13, FastEthernet1/0
D        8.1.4.0/24 [90/30720] via 8.1.1.2, 01:12:21, FastEthernet1/1
D        8.1.5.0/24 [90/33280] via 8.1.1.2, 01:03:32, FastEthernet1/1
D        8.1.7.0/24 [90/30720] via 8.1.6.3, 00:56:36, FastEthernet0/0
D        8.1.8.0/24 [90/30720] via 8.1.1.2, 01:12:21, FastEthernet1/1
D        8.1.9.0/24 [90/33280] via 8.1.1.2, 00:38:26, FastEthernet1/1
      10.0.0.0/16 is subnetted, 4 subnets
D        10.5.0.0 [90/158720] via 8.1.6.3, 00:03:12, FastEthernet0/0
D        10.6.0.0 [90/161280] via 8.1.1.2, 00:02:12, FastEthernet1/1
D        10.9.0.0 [90/158720] via 8.1.2.8, 00:05:20, FastEthernet1/0
D        10.10.0.0 [90/161280] via 8.1.1.2, 00:01:28, FastEthernet1/1
R1#


R3#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D        8.1.1.0/24 [90/30720] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.2.0/24 [90/30720] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.3.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.4.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.5.0/24 [90/35840] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.8.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.9.0/24 [90/35840] via 8.1.6.1, 00:38:53, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
D        10.5.0.0/16 is a summary, 00:03:39, Null0
D        10.5.1.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.2.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.3.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.4.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.5.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.6.0.0/16 [90/163840] via 8.1.6.1, 00:02:39, FastEthernet0/0
D        10.9.0.0/16 [90/161280] via 8.1.6.1, 00:05:47, FastEthernet0/0
D        10.10.0.0/16 [90/163840] via 8.1.6.1, 00:01:55, FastEthernet0/0
R3#
 

R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
D        8.1.1.0/24 [90/33280] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.2.0/24 [90/33280] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.3.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.4.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.5.0/24 [90/38400] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.6.0/24 [90/30720] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.8.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.9.0/24 [90/38400] via 8.1.7.3, 00:39:27, FastEthernet1/0
      10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
D        10.6.0.0/16 [90/166400] via 8.1.7.3, 00:03:13, FastEthernet1/0
D        10.9.0.0/16 [90/163840] via 8.1.7.3, 00:06:21, FastEthernet1/0
D        10.10.0.0/16 [90/166400] via 8.1.7.3, 00:02:29, FastEthernet1/0
R5# 

As you can see the core has knowledge about aggregated prefixes only, without any details. The aggregation router is aware about all prefixes it announces as aggregated entry and summaries of rest three sites. We can optimize what the access router sees as default route would be enough. Let's do it:




R3(config-if)#int fa1/0
R3(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0
R3(config-if)#
 
This is what the R5 sees now:

R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 8.1.7.3 to network 0.0.0.0

D*    0.0.0.0/0 [90/30720] via 8.1.7.3, 00:00:37, FastEthernet1/0
R5#
 
This is the best option if we have low end device with one exit point. It doesn't matter where it sends packets, all needs to go via R3.

There are still some challenges to deal with, like query scope. Suppose that 10.5.2.0/24 network is down. What R3 and R1 do with that information? Let's check it:

R3#sh ip route 10.5.2.0
Routing entry for 10.5.2.0/24
  Known via "eigrp 100", distance 90, metric 156160, type internal
  Redistributing via eigrp 100
  Last update from 8.1.7.5 on FastEthernet1/0, 00:08:55 ago
  Routing Descriptor Blocks:
  * 8.1.7.5, from 8.1.7.5, 00:08:55 ago, via FastEthernet1/0
      Route metric is 156160, traffic share count is 1
      Total delay is 5100 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
R3# 

From R3 to 10.5.2.0/24 there is no alternative path. I shut down Loop2, which represents this LAN. Let's see what happened:

R3#
*Feb 19 22:37:55.239: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.7.5 metric 72057594037927935/72057594037927935, RD is 156160 for tid 0
*Feb 19 22:37:55.239: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 156160, RD is 156160 on tid 0
*Feb 19 22:37:55.243: EIGRP-IPv4(100):  8.1.7.5 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:37:55.247: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:37:55.251: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:37:55.251: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:37:55.251: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:37:55.251: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:37:55.315: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:37:55.315: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.6.1 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:37:55.319: EIGRP-IPv4(100): reply c
R3#ount is 1
*Feb 19 22:37:55.319: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:37:55.319: DUAL: AS(100) Freeing reply status table
*Feb 19 22:37:55.319: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:37:55.319: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.7.5 for tid 0
*Feb 19 22:37:55.323: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.1
*Feb 19 22:37:55.323: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:37:55.327: EIGRP-IPv4(100): rcvupdate: 0.0.0.0/0 via Summary metric 28160/0 on tid 0
*Feb 19 22:37:55.327: EIGRP-IPv4(100): Find FS for dest 0.0.0.0/0. FD is 28160, RD is 28160 on tid 0
*Feb 19 22:37:55.327: EIGRP-IPv4(100):  0.0.0.0 metric 28160/0 found Dmin is 28160
*Feb 19 22:37:55.327: DUAL: AS(100) RT installed 0.0.0.0/0 via 0.0.0.0
*Feb 19 22:37:55.327: DUAL: AS(100) Send update about 0.0.0.0/0. Reason: rt now ext2 on tid 0
*Feb 19 22:37:55.363: DUAL: AS(1
R3#00) Removing dest 10.5.2.0/24, nexthop 8.1.7.5
*Feb 19 22:37:55.363: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R3# 

The query was sent by R3 to R1:

R1#debug eigrp fsm
EIGRP Finite State Machine debugging is on
R1#
*Feb 19 22:36:15.791: EIGRP-IPv4(100): dest(10.5.2.0/24) not active
*Feb 19 22:36:15.795: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.6.3 metric 72057594037927935/72057594037927935, RD is 72057594037927935 for tid 0
*Feb 19 22:36:15.795: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.6.3 for tid 0
*Feb 19 22:36:15.827: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.3
*Feb 19 22:36:15.827: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R1#  

R1 didn't forward this query as its scope is 1 hop more from device where summarization is done.

 In our design, with summarization in place, the query scope is under control.

Let's do one more test without summarization in place. I remove it from R3 and R8 to see what is the query range:

R3:
 
R3#
*Feb 19 22:52:37.199: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.7.5 metric 72057594037927935/72057594037927935, RD is 156160 for tid 0
*Feb 19 22:52:37.199: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 156160, RD is 156160 on tid 0
*Feb 19 22:52:37.203: EIGRP-IPv4(100):  8.1.7.5 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:37.207: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:52:37.211: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:52:37.211: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:52:37.215: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:52:37.215: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:52:37.523: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:52:37.523: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.6.1 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:52:37.523: EIGRP-IPv4(100): reply c
R3#ount is 1
*Feb 19 22:52:37.523: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:52:37.523: DUAL: AS(100) Freeing reply status table
*Feb 19 22:52:37.523: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:52:37.523: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.7.5 for tid 0
*Feb 19 22:52:37.527: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.1
*Feb 19 22:52:37.527: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:52:37.551: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.7.5
*Feb 19 22:52:37.551: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R3#
 
R1:


R1#
*Feb 19 22:50:57.743: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.6.3 metric 72057594037927935/72057594037927935, RD is 158720 for tid 0
*Feb 19 22:50:57.747: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 158720, RD is 158720 on tid 0
*Feb 19 22:50:57.747: EIGRP-IPv4(100):  8.1.6.3 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:50:57.751: DUAL: AS(100) Peer total 3 stub 0 template 3 for tid 0
*Feb 19 22:50:57.755: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:50:57.755: EIGRP-IPv4(100): Set reply-status table. Count is 2.
*Feb 19 22:50:57.759: EIGRP-IPv4(100): Doing split horizon on FastEthernet0/0
*Feb 19 22:50:57.763: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:50:57.951: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:50:57.951: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.2.8 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:50:57.951: EIGRP-IPv4(100): reply c
R1#ount is 2
*Feb 19 22:50:57.951: DUAL: AS(100) Clearing handle 1, count now 1
*Feb 19 22:50:57.951: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.2.8
*Feb 19 22:50:57.971: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:50:57.975: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.1.2 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:50:57.975: EIGRP-IPv4(100): reply count is 1
*Feb 19 22:50:57.979: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:50:57.979: DUAL: AS(100) Freeing reply status table
*Feb 19 22:50:57.979: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:50:57.979: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.6.3 for tid 0
*Feb 19 22:50:57.979: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.1.2
*Feb 19 22:50:57.979: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:50:58.035: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.3
*Feb
R1#19 22:50:58.039: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R1#

R8:

R8#
*Feb 19 22:52:27.951: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.2.1 metric 72057594037927935/72057594037927935, RD is 161280 for tid 0*Feb 19 22:52:27.951: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 161280, RD is 161280 on tid 0
*Feb 19 22:52:27.955: EIGRP-IPv4(100):  8.1.2.1 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:27.959: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:52:27.959: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:52:27.959: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:52:27.959: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:52:27.959: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:52:28.043: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:52:28.047: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.3.9 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:52:28.047: EIGRP-IPv4(100): reply c
R8#ount is 1
*Feb 19 22:52:28.047: DUAL: AS(100) Clearing handle 1, count now 0
*Feb 19 22:52:28.047: DUAL: AS(100) Freeing reply status table
*Feb 19 22:52:28.047: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:52:28.047: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.2.1 for tid 0
*Feb 19 22:52:28.051: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.3.9
*Feb 19 22:52:28.051: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:52:28.139: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.2.1
*Feb 19 22:52:28.139: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R8# 

R9:

R9#
*Feb 19 22:52:38.019: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.3.8 metric 72057594037927935/72057594037927935, RD is 163840 for tid 0*Feb 19 22:52:38.019: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 163840, RD is 163840 on tid 0
*Feb 19 22:52:38.023: EIGRP-IPv4(100):  8.1.3.8 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:38.027: DUAL: AS(100) Peer total 1 stub 0 template 1 for tid 0
*Feb 19 22:52:38.027: DUAL: AS(100) Dest 10.5.2.0/24 (Split Horizon) not entering active state for tid 0.
*Feb 19 22:52:38.031: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.3.8 for tid 0
R9#
*Feb 19 22:52:38.083: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.3.8
*Feb 19 22:52:38.087: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R9#
 




There is a huge difference in query range without summarization. As you can see R9 was queried about 10.5.2.0/24. This is pointless, as the LAN can be accessed only via R5. So, we can definitely say that this method is very effective.

There is another method we can use here: stub. I will describe it in a next post:  'EIGRP - routing optimalization - part2'.
       
Labels:

Comments

Post a Comment

Popular posts from this blog

What should you know about HA 'override enabled' setting on Fortigate?

High availability is mandatory in most of today's network designs. Only very small companies or branches can run their business without redundancy. When you have Fortigate firewall in your network you have many options to increase network availability. You can use Fortigate Clustering Protocol ( FGCP ) or Virtual Router Redundancy Protocol ( VRRP ). FGCP has two modes: 'override' disabled (default) and 'override' enabled . I'm not going to explain how to set up HA as you can find many resources on Fortinet websites: https://cookbook.fortinet.com/high-availability-two-fortigates-56/ https://cookbook.fortinet.com/high-availability-with-fgcp-56/ Let's recap what is the main difference between them. The default HA setting is 'override' disabled and this is an order of selection an active unit: 1) number of monitored interfaces - when both units have the same number of working (up) interfaces check next parameter 2) HA uptime - an
8 comments
Read more

MAC Authentication Bypass

One of the method to control your network is using MAB feature. It is helpful in case you have devices without dot1x functionality. Today I will try to implement basic configuration and analyze log messages. There is only one switch SW1 and one device attached to port Fa1/0/2.   ! aaa new - model aaa authentication dot1x default group radius ! ! int Fas1 / 0 / 2 authentication host - mode single - host authentication port - control auto mab ! I haven’t configured ACS yet but let’s see what error message I receive:   SW1 ( config - if ) # mab - ev ( Fa1 / 0 / 2 ): Received MAB context create from AuthMgr mab - ev ( Fa1 / 0 / 2 ): Created MAB client context 0x1100000F mab : initial state mab_initialize has enter mab - ev ( Fa1 / 0 / 2 ): Sending create new context event to EAP from MAB for 0x1100000F ( 0000.0000 . 0000 ) mab - sm ( Fa1 / 0 / 2 ): Received event 'MAB_START' on handle 0x1100000F mab : during state mab_initia
Post a Comment
Read more

Inpection of asymmetric sessions on FortiGate

There is one feature available on FortiGate, and I think you should know it, as it modifies a bit what we know about stateful firewalls. In past every packet was treated individually and you had to create policies in both directions. With stateful firewalls we can track connections, and by checking couple of attributes, we can treat them as part of the same session. For example when you initiate connection from a host1 to host2, the returning connection from host2 to host1 will be treated as part of the same connection (session). They have to have the same source/destination and destination/source IPs, port numbers and interfaces.There is an exception from this rule and FortiGate in some specific cases can accept connections on port which was not used in the initial connection. Let me explain how it works on the below example:      The host1 has a default gateway on R1 (10.0.1.2), but you may notice that it is not the optimal path to host2 subnet. When we analyze the packet flo
1 comment
Read more