eigrp design and deployment - ciscolive.com filerouter eigrp 1 network 10.1.1.0 distribute-list...
TRANSCRIPT
BRKRST-2330
EIGRP Design and Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 2
Agenda
Design Goals
Simplicity
Resiliency
Separation
Q and A
Design Goals
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 4
Design Goals
How do we address packet delivery?
How do we address network failures?
How do we address business change?
Built on foundation of:
Simplicity
Resiliency
Separation High Availability Scaling
Reduced Downtime
Fast TroubleshootingFast Recovery
Deliver
Packets
Adjust to Real World Changes
Device Failure Business Change
Simplicity
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 11
Simplicity
How do we accomplish simplicity?
Informational Simplicity
Configuration Simplicity
Operational Simplicity
BRKRST-2331: The Care and Feeding of EIGRP
BRKARC-2002: Network Diagnosis: Prevent, Prepare, Repair
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 12
Hiding Topology
C
A
B
10.1.1.0/24
D
A is connected to BA is connected to CB is connected to DC is connected to DD is connected to10.1.1.0/24
C is connected to 10.1.3.0/24
B is connected to10.1.2.0/24
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 13
Hiding Topology
C
A B
10.1.1.0/24
G
D
E F
C can reach
10.1.1.0/24
Hide
topology
here
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 14
Hiding Topology
C
A
B
10.1.1.0/24
DI can reach
10.1.1.0/24I can reach
10.1.1.0/24
I can reach
10.1.1.0/24
I can reach
10.1.1.0/24
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 19
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
A
B
C
D
192.168.0.0/22
Hiding Reachability
Summary doesn’t
change!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 21
1000 routes
1000 routes
1000 routes
1000 routes
4000+100 routes
400+100 routes
Hiding ReachabilityAssessing the Impact
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 22
Not Hiding Reachability:Impact of Poor Summarization
A
B
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 27
The Active Process
10.1.1.0/24
A B
C
D
E
F
G
Local
Knowledge of
an Alternate
Path, So Reply
Filte
r
No Knowledge
of Route,
So Reply
Su
mm
ary
No Knowledge
of Route,
So Reply
No Neighbors,
So Reply
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 29
Method to Hide Information
Distribute-lists
Access-lists
Prefix-lists
Summaries
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 30
Methods to Hide Reachability Information
Access-lists
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.0.0/22
1 network
1024 addresses
3 networks
255 addresses each
Router A
Router A#
!
interface POS 1/0
ip address 10.1.1.2 255.255.255.0
!
router eigrp 1
network 10.1.1.0
distribute-list 1 out POS 1/0
redistribute static
!
ip route 192.168.0.0 255.255.252.0 null 0
!
access-list 1 deny 192.168.1.0 0.0.0.255
access-list 1 deny 192.168.2.0 0.0.0.255
access-list 1 deny 192.168.3.0 0.0.0.255
!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 31
Methods to Hide Reachability Information
Prefix-lists
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.0.0/22
1 network
1024 addresses
3 networks
255 addresses each
Router A
Router A#
!
interface POS 1/0
ip address 10.1.1.2 255.255.255.0
!
router eigrp 1
network 10.1.1.0
distribute-list prefix FILTER out POS 1/0
redistribute static
!
ip route 192.168.0.0 255.255.252.0 null 0
!
ip prefix-list FILTER deny 192.168.1.0/24
ip prefix-list FILTER deny 192.168.2.0/24
ip prefix-list FILTER deny 192.168.3.0/24
!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 32
Methods to Hide Reachability Information
Summaries
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.0.0/22
1 network
1024 addresses
3 networks
255 addresses each
Router ARouter A#
!
interface POS 1/0
ip address 10.1.1.2 255.255.255.0
ip summary-address eigrp <AS> …
192.168.0.0 255.255.252.0 5
Addressing and Aggregation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 50
Summary Metrics
A
BC
10
.1.0
.0/2
4
Co
st 3
0
10
.1.1
.0/2
4
Co
st 2
0
10
.2.0
.0/2
4
Co
st 3
0
10
.2.1
.0/2
4
Co
st 2
0
10.1.0.0/23
Cost 20
10.2.0.0/23
Cost 20
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 51
10.1.0.0/23
Cost 20
10.2.0.0/23
Cost 20
Summary Metrics
A
BC
10
.1.0
.0/2
4
Co
st 3
0
10
.1.1
.0/2
4
Co
st 2
0
10
.2.0
.0/2
4
Co
st 3
0
10
.2.1
.0/2
4
Co
st 2
0
10.1.0.0/23
Cost 30
10.2.0.0/23
Cost 20
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 52
Summary Metrics
A
B
10
.1.0
.0/2
4
Co
st 1
0
10
.1.1
.0/2
4
Co
st 2
0
10.1.0.0/23
Cost 10
loopback 0
ip address 10.1.1.1 255.255.255.255
delay 1
10.1.0.0/23
10
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 53
Summary Metrics
In the latest EIGRP code, the summary metric may be hard coded, contributing significantly to overall stability and performance.
Is removed when components go away – more efficient
summary-metric 192.168.0.0/22 1000
10000 255 1 1500
* Full Sample configuration in Appendix
*
Resiliency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 56
Resiliency
Resiliency is a measure of the network’s ability to adjust to changing conditions
What is it?
Packets in Packets out
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 59
Resiliency
A
10.1.1.0/24
B
Redundancy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 61
Controlling Excessive Redundancy
There Are Several Reasons for Redundancy in a Network…
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 62
Controlling Excessive Redundancy
Routing Protocol
Transit
Paths
HSRP Peers
Server Farm Example
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 63
router eigrp 100
passive-interface fastethernet 0/0
passive-interface fastethernet 0/1
passive-interface fastethernet 0/2
passive-interface fastethernet 0/3
...
router eigrp 100
passive-interface default
no passive-interface fastethernet 1/0
...
-or-
Controlling Excessive RedundancyServer Farm Example
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 64
Controlling Excessive Redundancy
Single high
availability device
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 65
Controlling Excessive Redundancy
Backup path
Optimal routing
Additional bandwidth
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 66
Controlling Excessive Redundancy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 67
2.5
0 10000
Se
co
nds
Routes
Feasible successor
Controlling Excessive Redundancy
Best path
fails
1.3 seconds
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 68
Controlling Excessive Redundancy
2.5
0 10000
Se
co
nds
Routes
Best path
fails
2 seconds
2.25 seconds
1.3 seconds
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 69
Controlling Excessive Redundancy
99.50
99.60
99.70
99.80
99.90
100.00
1 link 2 links 3 links 4 links
Relia
bili
ty
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 70
Controlling Excessive Redundancy
Summary
Summary
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 71
Controlling Excessive Redundancy
Link bundle
Other Approaches to Resiliency
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 73
EIGRP Fast Convergence
Already a standard part of EIGRP
Customers have been using EIGRP to achieve sub-second convergence for years
Proper network design is a must
Design to use address summarization to limit query scope
Design to provide at least one feasible successor
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 74
+ IS-IS Default Timers
OSPF Default Timers
EIGRP without FS
IS-IS Tuned Timers
OSPF Tuned Timers
EIGRP with FS
EIGRP Fast ConvergenceCombined Results
*
Worst
Best
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 75
Fast Hellos/BFD and Graceful Restart/NSF Fundamentals
Fast Hellos is a way of detecting failures fast and routing around them (BFD is preferred)
Fast Hellos or BFD are at cross purposes with HA/NSF!
Graceful Restart (GR) is a way to rebuild forwarding information in routing protocols when the control plane has recovered from a failure
Nonstop Forwarding (NSF) is a way to continue forwarding packets while the control plane is recovering from a failure
The fundamental premise of GR/NSF is to route throughtemporary failures, rather than around them!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 76
Resiliency Summary
Balance between complexity and resiliency
Hide the additional complexity created by redundant links where possible
Passive-Interfaces*
Summarization
Link bundling
Consider High Availability techniques to reduce heavy redundancy for resiliency
* Used on common access links (eg: server farms) you want treated as non-transit
Separation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 91
What is Separation?
Allows us another method to hide information
Allows us to break the network into multiple failure domains
Basic Types:
Virtualized
Functional
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 94
Virtualization
Virtualization is placing two apparently separate resources on top of a single resource
If every application stream over every IP pair over every logical subnet had its own physical path, there would be no virtualization
Virtualization is an extremely powerful tool
It allows multiple logical topologies to reside on a single underlying topology or network
DWDM
802.1q VLANs
Virtual Topologies
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 95
Virtualization
Virtualization always introduces fate sharing
If an underlying topology, or network, fails, all overlaying topologies fail as well
Fate sharing makes virtualization complex to design and troubleshoot
The more “global” the virtualization, the more added complexity
DWDM
Virtual Topologies
802.1q VLANs
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 97
Functional Separation
Core
Access
Core
AggregationDistribution
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 194
Summary
EIGRP network design that contributes to an elegant, scalable, resilient and hassle-free network is based on the following principles:
Simplicity
Informational, Configuration, Operational
Resiliency
Non-Excessive Redundancy, Summarization, Fast Convergence, High Availability, Stub Routing
Separation
Virtualization, Hierarchical Separation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 195
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press®
Check the Recommended Reading flyer for suggested books
Visit the Cisco Store for Related Titles – theciscostores.com
ASIN: 1578701651 ISBN: 0201657732
ISBN 1587051877 ISBN 1587202832
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 1961
9
Receive 25 Cisco Preferred Access points for each session evaluation you complete.
Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
Complete Your Online Session Evaluation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 197
Thank you.
Appendix: Bonus Material
Appendix: Configuration Examples
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 200
Named Mode Examples—BFD
router eigrp x
!
address-family ipv4 unicast autonomous-system 1
!
af-interface Serial5/0
bfd
exit-af-interface
!
topology base
no auto-summary
exit-af-topology
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
exit-address-family
!
address-family ipv4 unicast vrf v autonomous-system 22
!
af-interface Ethernet1/0
bfd
exit-af-interface
!
topology base
no auto-summary
exit-af-topology
network 172.16.0.0
exit-address-family
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 201
Named Mode Examples—Router-ID
router eigrp callebaut
!
address-family ipv4 unicast autonomous-system 10
!
topology base
no auto-summary
exit-af-topology
eigrp router-id 4.3.2.1
exit-address-family
!
address-family ipv6 unicast autonomous-system 11
!
topology base
exit-af-topology
eigrp router-id 2.3.4.5
exit-address-family
!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 202
Named Mode Examples—Summary
router eigrp VR1
!
address-family ipv4 unicast autonomous-system 1
!
af-interface Ethernet1/0
summary-address 10.1.0.0 255.255.0.0
summary-address 44.0.0.0 255.0.0.0
summary-address 100.0.0.0 255.0.0.0
exit-af-interface
!
topology base
no auto-summary
summary-metric 100.0.0.0/8 1000 10000 255 1 1500
summary-metric 44.0.0.0/8 14444 25555 66 88 7777
exit-af-topology
network 10.0.0.0
network 44.1.1.0 0.0.0.255
network 100.0.0.0 0.0.255.255
network 172.16.0.0
exit-address-family
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 203
Named Mode Examples—Redistributerouter eigrp bob
!
address-family ipv4 unicast autonomous-system 42
!
topology base
no auto-summary
redistribute maximum-prefix 98
redistribute connected metric 7 6 5 4 3
redistribute static
redistribute rip
redistribute ospf 78
redistribute isis level-2
exit-af-topology
!
topology COCO tid 9
no auto-summary
redistribute maximum-prefix 87
redistribute static metric 1 2 3 4 5
exit-af-topology
exit-address-family
!
address-family ipv4 unicast vrf v autonomous-system 48
!
topology base
no auto-summary
redistribute ospf 5 vrf v match external 2 metric 5 4 3 2 1 route-map z
exit-af-topology
exit-address-family
!
address-family ipv6 unicast autonomous-system 42
!
topology base
redistribute connected metric 7 6 5 4 3
redistribute static
redistribute ospf 78
redistribute ospf 79
redistribute isis level-2
exit-af-topology
exit-address-family
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 204
Named Mode Examples—Event-Logging
router eigrp 1
!
address-family ipv4 vrf VEE autonomous-system 8
no auto-summary
eigrp log-event-type dual xmit transport
eigrp event-logging
eigrp event-log-size 1008
exit-address-family
no auto-summary
router eigrp bob
!
address-family ipv4 unicast autonomous-system 12
!
topology base
eigrp log-event-type dual xmit transport
eigrp event-logging
eigrp event-log-size 12
no auto-summary
exit-af-topology
!
topology coco tid 314
eigrp log-event-type dual xmit transport
eigrp event-logging
eigrp event-log-size 314
no auto-summary
exit-af-topology
exit-address-family
!
address-family ipv6 unicast autonomous-system 16
!
topology base
eigrp log-event-type dual xmit transport
eigrp event-logging
eigrp event-log-size 16
exit-af-topology
exit-address-family
!
service-family ipv4 autonomous-system 24
no eigrp log-neighbor-changes
eigrp log-neighbor-warnings 1000
!
topology base
eigrp log-event-type dual xmit transport
eigrp event-logging
eigrp event-log-size 20
exit-sf-topology
exit-service-family
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 205
Stub Enhancements
CSCec80943
Assume We Have a Single Remote Site with Two Routers, and We Want to Mark the Entire Site as a Stub
We could mark both C and D as stub
A and B advertise only a default to C and D
C and D, since they are both stub routers, don’t advertise learned routes to each other
BA
10.1.1.0/24
C
D
Remote Site
0.0.0.0/0 0.0.0.0/0
No A
dvert
isem
ents
Stub Leaking
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 206
BA
10.1.1.0/24
C
D
Stub Enhancements
If the B to D link fails─
10.1.1.0/24 cannot be reached from A
C isn’t advertising 10.1.1.0/24 to A, since C is a stub
D cannot reach A, or anything behind A
C is not advertising the default route to D, since C is a stub
Stub Leaking
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 207
Stub Enhancements
The solution is for C and D to advertise a subset of their learned routes, even though they are both stubs
This is exactly what stub leaking does
router eigrp 100
eigrp stub leak-map LeakList
route-map LeakList permit 10
match ip address 1
match interface e0/0
route-map LeakList permit 20
match ip address 2
match interface e1/0
access-list 1 permit 10.1.1.0
access-list 2 permit 0.0.0.0e
0/0
Stub Leaking
BA
10.1.1.0/24
C
D
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 208
BA
10.1.1.0/24
C
D
Stub Enhancements
If the B to D link fails─
D is advertising 10.1.1.0/24 to C, and C to A, so 10.1.1.0/24 is still reachable
C is leaking the default route to D, so D can still reach the rest of the network through C
A and B will still not query towards the remote site, since C and D are stubs
Stub leaking is available in 12.3(10.02)T
Leak 10.1.1.0/24 and 0/0
Stub Leaking
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 209
Summary Leaking
We would like C to be able to receive as few routes as possible
We still optimally route to 10.1.1.0/24 and 10.1.2.0/24 dynamically
We could use a combination of static routes and route filters to advertise both 10.1.0.0/16 and the more specific to C
This is complicated, and difficult to maintain
10.1.1.0/24 10.1.2.0/24
10.1.0.0/16
10
.1.0
.0/1
6
10
.1.0
.0/1
6
A B
C
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 210
Summary Leaking
router eigrp 100
redistribute static route-map aggroutes
default-metric 1000 1 255 1 1500
distribute-list 20 out serial0/0
!
ip route 10.1.0.0 255.255.0.0 null0
!
route-map agg-routes permit 10
match ip address 10
match interface serial 0/0
!
access-list 10 permit 10.1.0.0 0.0.255.255
access-list 20 permit 10.1.1.0 0.0.255.255
router eigrp 100
redistribute static route-map aggroutes
default-metric 1000 1 255 1 1500
distribute-list 20 out serial0/0
!
ip route 10.1.0.0 255.255.0.0 null0
!
route-map agg-routes permit 10
match ip address 10
match interface serial 0/0
!
access-list 10 permit 10.1.0.0 0.0.255.255
access-list 20 permit 10.1.2.0 0.0.255.255
10.1.1.0/24 10.1.2.0/24
10.1.0.0/16
10
.1.0
.0/1
6
10
.1.0
.0/1
6
A B
C
10
.1.1
.0/2
4
10
.1.2
.0/2
4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 211
Summary Leaking
The simplest way to handle this is to configure a leak list on the summary route
CSCed01736
Leak lists for summaries are available in 12.3(11.01)T
route-map LeakList permit 10
match ip address 1
!
access-list 1 permit 10.1.1.0
!
interface Serial0/0
ip summary-address eigrp 1 10.1.0.0 255.255.0.0 leak-map LeakList
10.1.1.0/24 10.1.2.0/24
10.1.0.0/16
10
.1.0
.0/1
6
10
.1.0
.0/1
6
A B
C
10
.1.1
.0/2
4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 218
Customer Sites in the Same EIGRP AS
AS CE-Sites are in the same-AS, the routes will be learned with normal EIGRP attributes
MP-BGP running on the PEs will carry the EIGRP attributes natively
EIGRP AS #, EIGRP Metrics
As part of the BGP update
Customer sites will see the remote sites as part of their normal EIGRP domain – INTERNAL Prefixes
PE1 PE2
CE1 CE2
MPLS VPN
Cloud
Site 2
EIGRP
AS 1
Site 1
EIGRP
AS 1
Customer sites belonging
to same EIGRP AS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 222
Customer Sites in Different EIGRP AS
Customer sites are in different EIGRP AS
CE Sites will learn the remote-CE-site routes as EXTERNAL routes
This is normal behavior due to the different EIGRP AS
MP-BGP on the PE routers will carry the EIGRP routes with their normal attributes
PE1 PE2
CE1 CE2
MPLS VPN
Cloud
Site 2
EIGRP
AS 2
Site 1
EIGRP
AS 1
Customer sites belonging
to different EIGRP AS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 226
Customer Sites with Backdoor Links
Customer wants to use the MPLS-VPN core for the Sites connectivity
Use the Back-door links in case of a failure (they usually are low-speed links)
Use EIGRP attributes on the backdoor link for the Sites Connectivity (for example: delay)
Everything should work as expected in case of a loss of connectivity through the MPLS-VPN Core
SoO – Site of Origin are EIGRP PE-CE tags that help prevent routing issues
PE1 PE2
CE1
MPLS VPN
Cloud
Site 2
EIGRP
AS 1
Site 1
EIGRP
AS 1C3
C4
CE2
Customer Sites with
Backdoor Links