Mar 13, 2013

Lesson 44 - EIGRP Fundamentals Part 2 - Implementation



In the previous post (lesson 43) I have laid the foundations related to EIGRP terminology. Without understanding those keywords and their meaning it is hard to implement and analyze the behavior of this routing protocol.

The basic implementation steps, like in case of other routing protocols we have learned so far, requires two major steps:

  1. Enable EIGRP process in the 'config' mode.
  2. Instruct EIGRP which interfaces should participate in the EIGRP domain.
The second step is accomplished with the 'network' statement in the EIGRP routing context. This statement instructs EIGRP routing process which interfaces EIGRP will run on. The consequences of enabling EIGRP on the interface are similar to what we saw in OSPF configuration:
  • EIGRP-enabled interface begins to send EIGRP 'hello' packets in order to discover the neighbors. The address used to advertise these 'hello' packets is well-known, reserved multicast address: 224.0.0.10.
  • EIGRP-enabled interface allow the EIGRP process to read the address and network mask configured on this interface and advertise this network or subnet out other EIGRP-enabled interfaces where the neighbor(s) has/have been discovered and the relationship has been formed with them.
The 'network' statement can take a form of classful (as per IP class A, B, C; without a wildcard mask) or classless (using wildcard mask similar to OSPF) entry.

Also, worth noting here is that the command that starts the EIGRP process is followed by a number which is the Autonomous System number. Unlike OSPF which is the process ID and has local significance, AS number in EIGRP is important as it must match between the neighbors. Example of enabling EIGRP:

router eigrp 1

Number '1' is the Autonomus system number (between 1-65535) which must be the same on all EIGRP speaking routers in the domain.

The following list of parameters must match between EIGRP neighbors in order to successfully establish neighbor relationships: 

  1. Autonomous System number.
  2. K-Values (look at the previous lesson).
  3. If authentication is used both: the key number, the password, and the date/time the password is valid must match.
  4. The neighbors must be on common subnet (all IGPs follow this rule).
Since the 'network' keyword uses either a classful statement or it can take a wildcard mask (inversed mask) as its argument, consider the following four examples which accomplish the SAME goal: all interfaces of R3 are going to be EIGRP-enabled.
Pic. 1 - R3's 
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Example 1

!
router eigrp 1
 network 172.31.0.0
!

Example 2 

!
router eigrp 1
 network 172.31.123.0 0.0.0.255
 network 172.31.3.0 0.0.0.15
 network 172.31.3.16 0.0.0.15
!

Example 3 

!
router eigrp 1
 network 172.31.123.0 0.0.0.255
 network 172.31.3.0 0.0.0.255
!

Example 4 

!
router eigrp 1
 network 172.31.123.3 0.0.0.0
 network 172.31.3.1 0.0.0.0
 network 172.31.3.17 0.0.0.0
!


They all achieve the same result: all interface become EIGRP-enabled.

EIGRP is partially a Distance Vector routing protocol. By default the automatic summarization to the class boundary takes place. The command that disables that behavior is: 'no auto-summary' used under EIGRP process.

EIGRP uses five different types of the packets to communicate. Three of them are reliable and must be acknowledged by the receiver. The EIGRP packets are as follows:

  1. Hello (unreliable).
  2. Updates (reliable).
  3. Queries (reliable).
  4. Replies (reliable).
  5. Acknowledgement (unreliable.

The last point I'd like to make relates to the ability of EIGRP to authenticate its packets. EIGRP currently (as of the time of writing this post) uses only one protocol which is MD5.

If you decide to configure authentication of EIGRP packets there are two major steps you must configure:

  1. Configure a key chain with the parameters such as the password(s) and the date/time they are valid.
  2. Apply authentication method and the key chain on per-interface basis.
Example of key chain configuration on R3 in Autonomous System 1. 
!
Key Chain Configuration
!
R3(config)#key chain EIGRP
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string S3cr3t!!!
!
Enabling authentication on F1/0 interface - EIGRP AS 1 here
!
R3(config-if)#ip authentication mode eigrp 1 md5
R3(config-if)#ip authentication key-chain eigrp 1 EIGRP
R3(config-if)#
!

  • 'EIGRP' - The name of the key chain in my configuration. It can be any name.
  • 'key 1' - Number '1' must match be used on the neighbor's interface connected to R3's F1/0 interface.
  • 'S3cr3t!!!' - is the password used as the key 1. Must match between neighbors.
  • mode eigrp 1key-chain eigrp 1 - EIGRP AS number configured in the 'config' mode.
There are two other commands available under 'key 1' which I did not used:
  1. Accept-lifetime - date/time in which EIGRP packets signed with the digest based on the key-string will be accepted by the receiving router.
  2. Send-lifetime - date/time in which EIGRP packets will be signed using the key-string specified. The digest will be attached to all EIGRP packet types.
Since I did not use these two options (NTP time synchronization is needed), the key 1, using the password (here: S3cr3t!!!) is valid forever.


In the next post, I'm going to use this lesson's theory and put it into practice.

No comments:

Post a Comment