Saturday, January 10, 2015

Cisco CCNP - 300-101 - Advanced EIGRP

So it's that time again for me to renew my Cisco Certifications. As a result, this post is based on my preparation for the CCNP Route Exam (300-101).

In this post I will be focusing on Advanced EIGRP topics

- Advanced Distance Vector
- Fast Convergence
- Loop Free
- Uses multicast NOT broadcast

EIGRP uses 3 branches of logic
    - Neighbor relationship which are listed in the neighbor table
    - Topology information is exchange with neighbors in the table
    - Use the topology table to find the best route
EIGRP Topology Table
    - Basic information used - prefix, prefix length, metric information, other details
    - Learned topology information is stored in the topology table
    - Topology table is analyzed to determine the best route
    - Topology data must exist before it can be sent to the neighbor
    - The local EIGRP process adds networks to its local topology via:
        - locally connected interfaces with EIGRP enabled
        - interfaces referenced in the "neighbor" command
        - redistribution of routes into EIGRP
    - Information is first added to the local topology table before being sent to neighbors
    - Hop count of "0" means the route is locally connected

5 EIGRP Packets
    - Hello
        - Update neighbor relationships
        - sends every 5 seconds by default on broadcast links, ethernet, etc.
        - sends every 60 seconds by default on Frame Relay, etc
        - Sourced from the primary interface
        - does not require acknowledgement
    - Update
        - Used as part of the data exchange process
        - Send routing updates
        - contains topology information
        - contains:
            prefix length
            metric components (bandwidth, delay, reliability and load)
            non metric components: MTU and hop count
        - requires acknowledgement
    - Query
        - used when moving a route from passive to active
        - Ask neighbor about routing information
        - Requires acknowledgement
        - Sent out all interfaces except the interface of the successor
        - if the neighbour does not have the lost routes, it then sends out queries to its neighbors

    - Reply
        - Reply to query about routing information
        - Requires acknowledgement
    - Ack
        - Used as part of the data exchange process
        - Acknowledges the update packet
        - Ensures reliability
        - does not require acknowledgement

- The "delay" command uses units of tens-of-microseconds.
- "show ip eigrp" and "show interfaces" command uses microseconds

EIGRP update process
    - Topology information is exchange via the update packets
    - future updates are only sent as a result of some type of change in the network or the EIGRP topology, etc
    - if neighbor fail and recover, full adjacencies are formed
    - uses split horizon by default, limiting the prefixes advertised out an interface
    - uses Reliable Transport Protocol (RTP) to send updates and confirm receipt
    - On LAN updates are sent via multicast ( ACK via unicast

Concerns for EIGRP and WAN - Frame Relay
    - Neigbors must be reachable via Layer 2 before Hello messages can be exchanged
    - Split-horizon must be disable on the interface (no ip split-horizon eigrp 10)

EIGRP - Controlling WAN Bandwidth
    - By default only 50% of the bandwidth assigned to the interface is used with the bandwdith command
    - Bandwdith can be changed by using "ip bandwidth-percent eigrp 10"
    - Messages are queued in memory
    - default bandwidth on serial links is 1544 kbps
    - Bandwidth must be set on both physcal interfaces and sub-interfaces
    - Set the bandwidth on point-to-point links the same as the Committed Information Rate (CIR)
Getting the best route
    - Metric is calculated from the perspective ofo both the local router and its neighbor
    - Feasible Distance (FD) - Used by local router to determine the best route from its perspective
      - Best route based on lowest metric (FD), minimum distance
      - Successor router is the next hop router
    - Reported Distance (RD) - Metric from the neighbor's perspective. Used by local router when converging
      - Reported by upstream neighbor
      - Advertised Distance is the same as Reported Distance
      - Used when falling back to an alternative route
      - used to determine if a feasible successor is loop free
    - Successor route is placed in the routing table
      - Has the least cost to a destination
      - next hop for forwarding packets
      - load balancing allows multiple successors
    - Feasible Successor
        - backup/alternative routes
        - if no feasible successor is exist, reccompute new successor
        - becomes a feasible successor if the reported distance is lower than the feasible distance
    - Metric calculation grows as the bandwidth decreases. Slower bandwdith results in worse metric
Some methods of Tuning EIGRP
    - Setting bandwidth
        - uses kilobits per second (kbps)
        - Can affect other metrics
        - if having to choose between bandwidth and delay, choose delay
        - Bandwdith command is used for other tasks on the router (SNMP, etc), delay is not as much
        - On LAN interfaces bandwdith and delay default to the speed of the interface
    - setting interface delay
        - uses tens-of-microseconds
    - changing metric calculation - K-values
        - can be modified as needed
        - valid values are 0-255
        - by default K1 = K3 = K1, others default to 0
          K1 = 1, K2 = 0, K3 = 1, K4 = K5 = 0
        - K-values must match before routers can become neighbor
        - Cisco recommends not to use K2, K4 or K5. Non zero value causes the devices to use load and reliability
        - Load and reliability contribute to route flapping
    - offset lists
        - allows the additions of values to the calculated metric of a route
        - first create an EIGRP offset list that define the value to add
        - uses IP ACL to permit traffic
        - Match direction of update messages
        - match interface for received or sent update
        - set interger metric for FD and RD   
        - Two important parts are ACL and offset-list
        #access-list 15 permit
        #router eigrp 10
        #offset-list 15 in 10 fa2/0

Load sharing
    - convergence from successor to feasable successor should occur within a second
    - multiple routes can be placed into a routing table for a specific network
    - routes are then balanced by destinations (default)
    - convergence occurs faster
    - uses "maximum-paths" or "variance" command

- "Show IP EIGRP topology" only shows successor and feasibile successor
- "Show IP EIGRP topology all-links" list ALL routes

Going Active
    - Process of discovering loop free alternatives when there are no feasible successor
    - routes move from passive to active when their is no feasible successor
    - Sends Query Messages to each neighbor except the neighbor in the failed route
    - if the neighbor has a passive route for the network in question, it is considered loop free
    - neighbor send Reply
    - Passive routes have successor information
      Passive routes are good routes
    - Active routes have lost their successor. No feasible successor is available. The router is actively looking for new routes.
      Active Routes are bad routes

    - Routers may wait a while before getting a Reply messages
    - active timer (3 minutes default) is used to determine how long a router must wait for a Reply Messages
    - When a router does not receive a Reply within the active timer, it is considered stuck-in-active
    - Stuck-in-active is not the state you would like your router to be in


Stub Routers
    - Stub routers should not forward traffic between two remote EIGRP learned subnets
    - uses "eigrp stub" command (default and uses connected and summary routes)
    - eigrp stub options [ connected, summary, static, leak-map, redistributed, receive-only ]
    - stub routers do not advertise routes learned from one neighbor to another
    - non-stub routers keeps track of stub routers
    - non-stub routers do no send query messages to none stub routers
    - will form neighborship even in "receive-only" mode
    - Queries are suppressed on neighbors

Router Filtering
    - Uses ACLs
          access-list 3 deny
          router eigrp 10
          distribute-list 3 out
    - Or prefix-list
        - Allows matching of prefix length
        - uses a tree structure
        - matches route prefix and route subnet
        - "ip prefix-list" command
          ip prefix-list SecurityNik seq 5 deny
          router eigrp 10
          distribute-list prefix SecurityNik out
    - Route maps
        - uses "distribute-list"
        - a route map command uses one ore more route map
        - commands are processed in sequential numbers
          access-list 3 deny
          route-map SecurityNik deny 10
          match ip address 3
          router eigrp 10
          distribute-list route-map SecurityNik out

        - match command can use ACL or prefix-list
        - use "show route-map" to validate config
Route Summarisation
    - used to keep routing tables small and manageable
    - conserves memory
    - can be done on any router
    - Reduces Query Scope
    - sub-optimal routing is possible
    - uses "ip summary-address eigrp asn prefix subnet-mask"
      causes route to go down then backup
    - Local summary route uses an administrative distance (AD) of 5
    - manual route sumarisation or auto summarisation
    - routers can auto-summarised
    - summary is created for each classful network
    - classful protocols like RIPv1 and IGRP) cannot support VLSM
    - Default route can be considered the best summary route
    - Auto summarisation is on by default
EIGRP Authentication
    - Used to authenticate every EIGRP messages
    - uses pre-shared key
    - a MD5 digest is generated for each message based on the pre-shared key
    - Messages are silently discarded if the digest does not match
    - Authentication must be successful before neighborship can be established
    - helps to prevent DOS
    - does not provide privacy
    - First create key chain
        (config)#key chain SecurityNik
        (config-keychain)#key 1
        (config-keychain-key)#key-string EIGRP-Auth
        (config-if)#ip authentication mode eigrp 10 md5
        (config-if)#ip authentication key-chain eigrp 10 SecurityNik
    - enable MD5 authenticate on the interface
    - use the key chain previously created on the interface
CCNP official Cert Guide - CCNP Routing and Switching - Route 300-101

No comments:

Post a Comment