Skip to main content

EIGRP - routing optimalization - part1

Today I would like to test EIGRP optimalization by using different features like summarization or stub to see what are the limitations we should be aware of.

We have 4 sites with one access router on every site. There are 5 subnets connected to every access device and every device can see all prefixes:
 



Below you can see routing table from R1, R3 and R5 as it will be the same logic on rest of them:


R1#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D        8.1.3.0/24 [90/30720] via 8.1.2.8, 00:43:50, FastEthernet1/0
D        8.1.4.0/24 [90/30720] via 8.1.1.2, 00:41:58, FastEthernet1/1
D        8.1.5.0/24 [90/33280] via 8.1.1.2, 00:33:09, FastEthernet1/1
D        8.1.7.0/24 [90/30720] via 8.1.6.3, 00:26:13, FastEthernet0/0
D        8.1.8.0/24 [90/30720] via 8.1.1.2, 00:41:58, FastEthernet1/1
D        8.1.9.0/24 [90/33280] via 8.1.1.2, 00:08:03, FastEthernet1/1
      10.0.0.0/24 is subnetted, 20 subnets
D        10.5.1.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.2.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.3.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.4.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.5.5.0 [90/158720] via 8.1.6.3, 00:11:06, FastEthernet0/0
D        10.6.1.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.2.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.3.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.4.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.6.5.0 [90/161280] via 8.1.1.2, 00:03:56, FastEthernet1/1
D        10.9.1.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.2.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.3.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.4.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.9.5.0 [90/158720] via 8.1.2.8, 00:38:35, FastEthernet1/0
D        10.10.1.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.2.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.3.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.4.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
D        10.10.5.0 [90/161280] via 8.1.1.2, 00:30:14, FastEthernet1/1
R1# 


R3#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D        8.1.1.0/24 [90/30720] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.2.0/24 [90/30720] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.3.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.4.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.5.0/24 [90/35840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.8.0/24 [90/33280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        8.1.9.0/24 [90/35840] via 8.1.6.1, 00:10:39, FastEthernet0/0
      10.0.0.0/24 is subnetted, 20 subnets
D        10.5.1.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.2.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.3.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.4.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.5.5.0 [90/156160] via 8.1.7.5, 00:13:42, FastEthernet1/0
D        10.6.1.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.2.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.3.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.4.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.6.5.0 [90/163840] via 8.1.6.1, 00:06:32, FastEthernet0/0
D        10.9.1.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.2.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.3.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.4.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.9.5.0 [90/161280] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.1.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.2.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.3.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.4.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
D        10.10.5.0 [90/163840] via 8.1.6.1, 00:28:40, FastEthernet0/0
R3# 


R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
D        8.1.1.0/24 [90/33280] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.2.0/24 [90/33280] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.3.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.4.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.5.0/24 [90/38400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.6.0/24 [90/30720] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.8.0/24 [90/35840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        8.1.9.0/24 [90/38400] via 8.1.7.3, 00:11:02, FastEthernet1/0
      10.0.0.0/8 is variably subnetted, 25 subnets, 2 masks
D        10.6.1.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.2.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.3.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.4.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.6.5.0/24 [90/166400] via 8.1.7.3, 00:06:55, FastEthernet1/0
D        10.9.1.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.2.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.3.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.4.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.9.5.0/24 [90/163840] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.1.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.2.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.3.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.4.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
D        10.10.5.0/24 [90/166400] via 8.1.7.3, 00:13:55, FastEthernet1/0
R5#


As you can see there is no summarization and every router can see all prefixes. It isn't optimal solution as with more devices the routing table size will grow.

 There are tools which we can use to make the solution more efficient. The first I would like to apply is summarization. We should look at the network as 2 or 3 tier design. In this case we have 3-tier network:


The core is the place where fast switching/routing should happen without any packet modification like summarization, inspection, etc. The aggregation layer is used to perform network summarization (look at the diagram and arrows next to R3, R4, R7 and R8).


R3(config-if)#int fa0/0
R3(config-if)#ip summary-address eigrp 100 10.5.0.0 255.255.0.0
R3(config-if)#
 
R4(config-if)#int fa0/0
R4(config-if)#ip summary-address eigrp 100 10.6.0.0 255.255.0.0
R4(config-if)#
 
R7(config-if)#int fa1/0
R7(config-if)#ip summary-address eigrp 100 10.10.0.0 255.255.0.0
R7(config-if)#

R8(config-if)#int fa1/0
R8(config-if)#ip summary-address eigrp 100 10.9.0.0 255.255.0.0
R8(config-if)#

The effect of above summarization on R1, R3 and R5:

R1#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
D        8.1.3.0/24 [90/30720] via 8.1.2.8, 01:14:13, FastEthernet1/0
D        8.1.4.0/24 [90/30720] via 8.1.1.2, 01:12:21, FastEthernet1/1
D        8.1.5.0/24 [90/33280] via 8.1.1.2, 01:03:32, FastEthernet1/1
D        8.1.7.0/24 [90/30720] via 8.1.6.3, 00:56:36, FastEthernet0/0
D        8.1.8.0/24 [90/30720] via 8.1.1.2, 01:12:21, FastEthernet1/1
D        8.1.9.0/24 [90/33280] via 8.1.1.2, 00:38:26, FastEthernet1/1
      10.0.0.0/16 is subnetted, 4 subnets
D        10.5.0.0 [90/158720] via 8.1.6.3, 00:03:12, FastEthernet0/0
D        10.6.0.0 [90/161280] via 8.1.1.2, 00:02:12, FastEthernet1/1
D        10.9.0.0 [90/158720] via 8.1.2.8, 00:05:20, FastEthernet1/0
D        10.10.0.0 [90/161280] via 8.1.1.2, 00:01:28, FastEthernet1/1
R1#


R3#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D        8.1.1.0/24 [90/30720] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.2.0/24 [90/30720] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.3.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.4.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.5.0/24 [90/35840] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.8.0/24 [90/33280] via 8.1.6.1, 00:56:54, FastEthernet0/0
D        8.1.9.0/24 [90/35840] via 8.1.6.1, 00:38:53, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
D        10.5.0.0/16 is a summary, 00:03:39, Null0
D        10.5.1.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.2.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.3.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.4.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.5.5.0/24 [90/156160] via 8.1.7.5, 00:41:56, FastEthernet1/0
D        10.6.0.0/16 [90/163840] via 8.1.6.1, 00:02:39, FastEthernet0/0
D        10.9.0.0/16 [90/161280] via 8.1.6.1, 00:05:47, FastEthernet0/0
D        10.10.0.0/16 [90/163840] via 8.1.6.1, 00:01:55, FastEthernet0/0
R3#
 

R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      8.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
D        8.1.1.0/24 [90/33280] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.2.0/24 [90/33280] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.3.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.4.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.5.0/24 [90/38400] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.6.0/24 [90/30720] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.8.0/24 [90/35840] via 8.1.7.3, 00:42:20, FastEthernet1/0
D        8.1.9.0/24 [90/38400] via 8.1.7.3, 00:39:27, FastEthernet1/0
      10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
D        10.6.0.0/16 [90/166400] via 8.1.7.3, 00:03:13, FastEthernet1/0
D        10.9.0.0/16 [90/163840] via 8.1.7.3, 00:06:21, FastEthernet1/0
D        10.10.0.0/16 [90/166400] via 8.1.7.3, 00:02:29, FastEthernet1/0
R5# 

As you can see the core has knowledge about aggregated prefixes only, without any details. The aggregation router is aware about all prefixes it announces as aggregated entry and summaries of rest three sites. We can optimize what the access router sees as default route would be enough. Let's do it:




R3(config-if)#int fa1/0
R3(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0
R3(config-if)#
 
This is what the R5 sees now:

R5#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 8.1.7.3 to network 0.0.0.0

D*    0.0.0.0/0 [90/30720] via 8.1.7.3, 00:00:37, FastEthernet1/0
R5#
 
This is the best option if we have low end device with one exit point. It doesn't matter where it sends packets, all needs to go via R3.

There are still some challenges to deal with, like query scope. Suppose that 10.5.2.0/24 network is down. What R3 and R1 do with that information? Let's check it:

R3#sh ip route 10.5.2.0
Routing entry for 10.5.2.0/24
  Known via "eigrp 100", distance 90, metric 156160, type internal
  Redistributing via eigrp 100
  Last update from 8.1.7.5 on FastEthernet1/0, 00:08:55 ago
  Routing Descriptor Blocks:
  * 8.1.7.5, from 8.1.7.5, 00:08:55 ago, via FastEthernet1/0
      Route metric is 156160, traffic share count is 1
      Total delay is 5100 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
R3# 

From R3 to 10.5.2.0/24 there is no alternative path. I shut down Loop2, which represents this LAN. Let's see what happened:

R3#
*Feb 19 22:37:55.239: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.7.5 metric 72057594037927935/72057594037927935, RD is 156160 for tid 0
*Feb 19 22:37:55.239: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 156160, RD is 156160 on tid 0
*Feb 19 22:37:55.243: EIGRP-IPv4(100):  8.1.7.5 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:37:55.247: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:37:55.251: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:37:55.251: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:37:55.251: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:37:55.251: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:37:55.315: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:37:55.315: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.6.1 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:37:55.319: EIGRP-IPv4(100): reply c
R3#ount is 1
*Feb 19 22:37:55.319: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:37:55.319: DUAL: AS(100) Freeing reply status table
*Feb 19 22:37:55.319: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:37:55.319: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.7.5 for tid 0
*Feb 19 22:37:55.323: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.1
*Feb 19 22:37:55.323: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:37:55.327: EIGRP-IPv4(100): rcvupdate: 0.0.0.0/0 via Summary metric 28160/0 on tid 0
*Feb 19 22:37:55.327: EIGRP-IPv4(100): Find FS for dest 0.0.0.0/0. FD is 28160, RD is 28160 on tid 0
*Feb 19 22:37:55.327: EIGRP-IPv4(100):  0.0.0.0 metric 28160/0 found Dmin is 28160
*Feb 19 22:37:55.327: DUAL: AS(100) RT installed 0.0.0.0/0 via 0.0.0.0
*Feb 19 22:37:55.327: DUAL: AS(100) Send update about 0.0.0.0/0. Reason: rt now ext2 on tid 0
*Feb 19 22:37:55.363: DUAL: AS(1
R3#00) Removing dest 10.5.2.0/24, nexthop 8.1.7.5
*Feb 19 22:37:55.363: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R3# 

The query was sent by R3 to R1:

R1#debug eigrp fsm
EIGRP Finite State Machine debugging is on
R1#
*Feb 19 22:36:15.791: EIGRP-IPv4(100): dest(10.5.2.0/24) not active
*Feb 19 22:36:15.795: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.6.3 metric 72057594037927935/72057594037927935, RD is 72057594037927935 for tid 0
*Feb 19 22:36:15.795: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.6.3 for tid 0
*Feb 19 22:36:15.827: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.3
*Feb 19 22:36:15.827: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R1#  

R1 didn't forward this query as its scope is 1 hop more from device where summarization is done.

 In our design, with summarization in place, the query scope is under control.

Let's do one more test without summarization in place. I remove it from R3 and R8 to see what is the query range:

R3:
 
R3#
*Feb 19 22:52:37.199: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.7.5 metric 72057594037927935/72057594037927935, RD is 156160 for tid 0
*Feb 19 22:52:37.199: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 156160, RD is 156160 on tid 0
*Feb 19 22:52:37.203: EIGRP-IPv4(100):  8.1.7.5 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:37.207: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:52:37.211: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:52:37.211: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:52:37.215: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:52:37.215: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:52:37.523: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:52:37.523: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.6.1 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:52:37.523: EIGRP-IPv4(100): reply c
R3#ount is 1
*Feb 19 22:52:37.523: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:52:37.523: DUAL: AS(100) Freeing reply status table
*Feb 19 22:52:37.523: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:52:37.523: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.7.5 for tid 0
*Feb 19 22:52:37.527: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.1
*Feb 19 22:52:37.527: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:52:37.551: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.7.5
*Feb 19 22:52:37.551: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R3#
 
R1:


R1#
*Feb 19 22:50:57.743: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.6.3 metric 72057594037927935/72057594037927935, RD is 158720 for tid 0
*Feb 19 22:50:57.747: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 158720, RD is 158720 on tid 0
*Feb 19 22:50:57.747: EIGRP-IPv4(100):  8.1.6.3 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:50:57.751: DUAL: AS(100) Peer total 3 stub 0 template 3 for tid 0
*Feb 19 22:50:57.755: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:50:57.755: EIGRP-IPv4(100): Set reply-status table. Count is 2.
*Feb 19 22:50:57.759: EIGRP-IPv4(100): Doing split horizon on FastEthernet0/0
*Feb 19 22:50:57.763: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:50:57.951: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:50:57.951: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.2.8 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:50:57.951: EIGRP-IPv4(100): reply c
R1#ount is 2
*Feb 19 22:50:57.951: DUAL: AS(100) Clearing handle 1, count now 1
*Feb 19 22:50:57.951: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.2.8
*Feb 19 22:50:57.971: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:50:57.975: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.1.2 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:50:57.975: EIGRP-IPv4(100): reply count is 1
*Feb 19 22:50:57.979: DUAL: AS(100) Clearing handle 0, count now 0
*Feb 19 22:50:57.979: DUAL: AS(100) Freeing reply status table
*Feb 19 22:50:57.979: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:50:57.979: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.6.3 for tid 0
*Feb 19 22:50:57.979: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.1.2
*Feb 19 22:50:57.979: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:50:58.035: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.6.3
*Feb
R1#19 22:50:58.039: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R1#

R8:

R8#
*Feb 19 22:52:27.951: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.2.1 metric 72057594037927935/72057594037927935, RD is 161280 for tid 0*Feb 19 22:52:27.951: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 161280, RD is 161280 on tid 0
*Feb 19 22:52:27.955: EIGRP-IPv4(100):  8.1.2.1 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:27.959: DUAL: AS(100) Peer total 2 stub 0 template 2 for tid 0
*Feb 19 22:52:27.959: DUAL: AS(100) Dest 10.5.2.0/24 entering active state for tid 0.
*Feb 19 22:52:27.959: EIGRP-IPv4(100): Set reply-status table. Count is 1.
*Feb 19 22:52:27.959: EIGRP-IPv4(100): Doing split horizon on FastEthernet1/0
*Feb 19 22:52:27.959: DUAL: AS(100) Going from state 1 to state 3
*Feb 19 22:52:28.043: EIGRP-IPv4(100): dest(10.5.2.0/24) active
*Feb 19 22:52:28.047: EIGRP-IPv4(100): rcvreply: 10.5.2.0/24 via 8.1.3.9 metric 72057594037927935/72057594037927935 for tid 0
*Feb 19 22:52:28.047: EIGRP-IPv4(100): reply c
R8#ount is 1
*Feb 19 22:52:28.047: DUAL: AS(100) Clearing handle 1, count now 0
*Feb 19 22:52:28.047: DUAL: AS(100) Freeing reply status table
*Feb 19 22:52:28.047: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 72057594037927935, RD is 72057594037927935 on tid 0found
*Feb 19 22:52:28.047: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.2.1 for tid 0
*Feb 19 22:52:28.051: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.3.9
*Feb 19 22:52:28.051: DUAL: AS(100) Going from state 3 to state 1
*Feb 19 22:52:28.139: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.2.1
*Feb 19 22:52:28.139: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R8# 

R9:

R9#
*Feb 19 22:52:38.019: DUAL: AS(100) rcvquery: 10.5.2.0/24 via 8.1.3.8 metric 72057594037927935/72057594037927935, RD is 163840 for tid 0*Feb 19 22:52:38.019: EIGRP-IPv4(100): Find FS for dest 10.5.2.0/24. FD is 163840, RD is 163840 on tid 0
*Feb 19 22:52:38.023: EIGRP-IPv4(100):  8.1.3.8 metric 72057594037927935/72057594037927935 not found Dmin is 72057594037927935
*Feb 19 22:52:38.027: DUAL: AS(100) Peer total 1 stub 0 template 1 for tid 0
*Feb 19 22:52:38.027: DUAL: AS(100) Dest 10.5.2.0/24 (Split Horizon) not entering active state for tid 0.
*Feb 19 22:52:38.031: DUAL: AS(100) Send REPLY(r1/n1) about 10.5.2.0/24 to 8.1.3.8 for tid 0
R9#
*Feb 19 22:52:38.083: DUAL: AS(100) Removing dest 10.5.2.0/24, nexthop 8.1.3.8
*Feb 19 22:52:38.087: DUAL: AS(100) No routes.  Flushing dest 10.5.2.0/24
R9#
 




There is a huge difference in query range without summarization. As you can see R9 was queried about 10.5.2.0/24. This is pointless, as the LAN can be accessed only via R5. So, we can definitely say that this method is very effective.

There is another method we can use here: stub. I will describe it in a next post:  'EIGRP - routing optimalization - part2'.
       
Labels:

Comments

Post a Comment

Popular posts from this blog

What should you know about HA 'override enabled' setting on Fortigate?

High availability is mandatory in most of today's network designs. Only very small companies or branches can run their business without redundancy. When you have Fortigate firewall in your network you have many options to increase network availability. You can use Fortigate Clustering Protocol ( FGCP ) or Virtual Router Redundancy Protocol ( VRRP ). FGCP has two modes: 'override' disabled (default) and 'override' enabled . I'm not going to explain how to set up HA as you can find many resources on Fortinet websites: https://cookbook.fortinet.com/high-availability-two-fortigates-56/ https://cookbook.fortinet.com/high-availability-with-fgcp-56/ Let's recap what is the main difference between them. The default HA setting is 'override' disabled and this is an order of selection an active unit: 1) number of monitored interfaces - when both units have the same number of working (up) interfaces check next parameter 2) HA uptime - an ...
8 comments
Read more

FortiGate and GRE tunnel

Recently I worked on one project where a client requested to re-route web traffic to the GRE tunnel to perform traffic inspection. I would like to share with you what is required if you configure it on FortiGate. We need a new GRE interface and policy base routing (PBR) to change the route for specific source IPs. Of course you need firewall policies to permit the traffic. Let's start with GRE interface. Unfortunately you can't configure it using the GUI, only CLI is the option: config system gre-tunnel edit "gre1" set interface "port1" set local-gw 55.55.55.55 set remote-gw 44.44.44.44 next end When the end peer is Cisco router, you need to set the IP for the GRE interface: config system interface edit gre1 set ip 192.168.10.10 255.255.255.255 set remote-ip192.168.10.20 end In next step we need to fix routing. We need the alternate path via GRE but to keep the route in the active routing table you need to set the same AD (adminis...
Post a Comment
Read more

Data Leak Prevention (DLP) on Fortigate

Today I would like to present one interesting feature you may find on your Fortigate - Data Leak Prevention. I know there are much better, dedicated solutions on the market but in certain situations the DLP feature available on FortiOS is good enough. Why you should use it? This is very important to say: the DLP in such deployment (on Fortigate) can't protect your data against every data leak. Users in your network with his/her mobile can easily take a photo of any document. Why we should still consider it? It is a good (and easy to deploy) method to prevent users' mistakes. It happened hundreds of time when a user attached a wrong file. Sound familiar? Using the DLP you can create policies which stop such leak. Let me show you how you can configure it. Step #1 First, you have to check if DLP is enabled in a "Feature Visibility" and "Security Features" section: When you do not see the feature, make sure your Fortigate works in a proxy-ba...
Post a Comment
Read more