Adjacencies
Peering
General information on “EIGRP Peering”:
- EIGRP Peering with IPv4:
- The network statement defines an IP range and enables EIGRP on all interfaces belonging to it
- The interfaces will then advertise the connected networks with the “real” subnet mask
- Example: network 10.0.0.0 0.255.255.255 is configured and eth0/0 has 10.0.0.1/24 assigned to it. EIGRP will be active on the interface and advertise the route 10.0.0.0/24 to its neighbors.
- Important: Even if the interface is configured as passive, the connected network will still be advertised, it just won’t form an adjacency with the connected neighbor!
- EIGRP Peering with IPv6:
- The network statement is eliminated in EIGRPv6
- Instead, EIGRPv6 is activated on a per-interface basis
- The interface needs a link-local IPv6 address only in order to form a neighbor adjacency
- The no shutdown command needs to be applied to the EIGRPv6 routing process in order for it to work
- If there’s no IPv4 address on any interface configured, the EIGRPv6 router-id must be set explicitly
- Valid for EIGRP IPv4 and IPv6:
- The “Q count” in the output of the show [ip | ipv6] eigrp neighbors command must be 0 when an adjacency is properly formed because >0 means that there are packets enqueued which are not acknowledged by the neighbor:
- Route in PASSIVE state = converged
- Route in ACTIVE state = convergence in progress
- The “Q count” in the output of the show [ip | ipv6] eigrp neighbors command must be 0 when an adjacency is properly formed because >0 means that there are packets enqueued which are not acknowledged by the neighbor:
“EIGRP Peering” CLI configuration commands:
## Configuring basic EIGRP (classic mode)
Router(config)# router eigrp <asn>
Router(config-router)# network <network> <wildcard-mask>
## Configuring basic EIGRPv6 (classic mode)
Router(config)# ipv6 unicast-routing
Router(config)# ipv6 router eigrp <as>
Router(config)# interface <if>
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 eigrp <as>
“EIGRP Peering” CLI show commands:
## Showing the EIGRP topology table (successor and feasible successor routes)
Router# show [ip | ipv6] eigrp topology
## Showing all links of the EIGRP topology table (successor, feasible successor and non-feasible successor routes)
Router# show [ip | ipv6] eigrp topology all-links
## Showing all EIGRP neighbors
Router# show [ip | ipv6] eigrp neighbors
## Showing all enabled routing protocols and their parameters
Router# show [ip | ipv6] protocols
Multicast
General information on “EIGRP Multicast”:
- EIGRP sends out multicast packets to 224.0.0.10 (IPv4) or FF02::A (IPv6) over ip/88 for peering with neighbors
- After peering with neighbors is established, the packets will be unicast between them
Unicast
General information on “EIGRP Unicast”:
- When multicast can’t be used, neighbors can be specified manually
- Once unicast is enabled on an interface, multicast will be completely disabled on it
“EIGRP unicast peering” CLI configuration commands:
## Configuring a static EIGRP neighbor (classic mode)
Router(config)# router eigrp <asn>
Router(config-router)# neighbor <ip> <interface>
## Configuring a static EIGRPv6 neighbor (classic mode)
Router(config)# ipv6 router eigrp <asn>
Router(config-router)# neighbor <ipv6> <interface>
## Configuring a static EIGRP neighbor (named mode)
Router(config-router-af)# neighbor <ip> <interface>
Authentication
General information on “EIGRP Authentication”:
- No authentication configured by default
- MD5 (classic and named mode) or HMAC-SHA-256 (named mode only) can be used if authentication is required
- Keychain must be configured and applied to the interface (MD5 only)
- Keychain details must match on both sides (key number and hashing algorithm)
- Key must match on both sides
- Each keychain key can be optionally configured with a accept/send lifetime
- Default keychain key lifetime is “always valid” (infinite)
- Only the key hash will be exchanged and compared against each other, not the key itself
- Important: Authentication != Encryption. The packet content is still readable in clear text.
“EIGRP Authentication” CLI configuration commands:
## Configuring a key chain (applies to MD5 authentication in classic and named mode)
Router(config)# key chain <name>
Router(config-keychain)# key <number>
Router(config-keychain-key)# key-string <string>
## Configuring EIGRP authentication (classic mode)
Router(config)# interface <if>
Router(config-if)# [ip | ipv6] authentication mode eigrp <asn> md5
Router(config-if)# [ip | ipv6] authentication key-chain eigrp <asn> <keychain-name>
## Configuring EIGRP authentication using MD5 (named mode)
Router(config-router-af)# af-interface <if>
Router(config-router-af-interface)# authentication mode md5
Router(config-router-af-interface)# authentication key-chain <keychain-name>
## Configuring EIGRP authentication using HMAC SHA-256 (named mode)
Router(config-router-af)# af-interface <if>
Router(config-router-af-interface)# authentication mode hmac-sha-256 <password>
Summarization
General information on “EIGRP Summarization”:
- Auto Summarization disabled by default since IOS v15
- Best practice is to use manual summarization
- Configured on a per-interface basis
- Default AD of EIGRP summary routes is 5 (on originating router) or 90 (on all neighbors)
- A discard-route (null0 route) is created for each summary-address on the summary originating router
- This can lead to unwanted behavior/blackholing if summarizing to a default route (0.0.0.0/0) when the local default route is not statically configured but received via another routing protocol (eg. BGP, OSPF, …)
- The RIB must have a subordinate prefix falling under the summary address range in order to get advertised
- The metric of the summarized route is the lowest metric of all routes in the summary address range
- EIGRP summarization automatically suppresses the advertisement of the summarized subnets
- A leak-map can be used to send out more specific prefixes in addition to the summary route
“EIGRP Summarization” CLI configuration commands:
## Configuring EIGRP summarization (classic mode)
Router(config)# interface <if>
Router(config-if)# [ip | ipv6] summary-address eigrp <asn> <network>/<mask> leak-map [NAME]
## Configuring a EIGRP summary metric (classic mode)
Router(config-router)# summary-metric <network>/<mask> <bandwidth> <delay> <reliability> <load> <mtu> distance <ad>
## Configuring EIGRP summarization (named mode)
Router(config-router-af)# af-interface <if>
Router(config-router-af-interface)# summary-address <network>/<mask> leak-map [NAME]
## Configuring a EIGRP summary metric (named mode)
Router(config-router-af)# topology base
Router(config-router-af-interface)# summary-metric <network>/<mask> <bandwidth> <delay> <reliability> <load> <mtu> distance <ad>