eigrp design and deployment - ciscolive.com filerouter eigrp 1 network 10.1.1.0 distribute-list...

BRKRST-2330

EIGRP Design and Deployment

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST2330 2

Agenda

Design Goals

Simplicity

Resiliency

Separation

Q and A

Design Goals


Design Goals

How do we address packet delivery?

How do we address network failures?

How do we address business change?

Built on foundation of:

Simplicity

Resiliency

Separation High Availability Scaling

Reduced Downtime

Fast TroubleshootingFast Recovery

Deliver

Packets

Adjust to Real World Changes

Device Failure Business Change

Simplicity


Simplicity

How do we accomplish simplicity?

Informational Simplicity

Configuration Simplicity

Operational Simplicity

BRKRST-2331: The Care and Feeding of EIGRP

BRKARC-2002: Network Diagnosis: Prevent, Prepare, Repair


Hiding Topology

C

A

B

10.1.1.0/24

D

A is connected to BA is connected to CB is connected to DC is connected to DD is connected to10.1.1.0/24

C is connected to 10.1.3.0/24

B is connected to10.1.2.0/24


Hiding Topology

C

A B

10.1.1.0/24

G

D

E F

C can reach

10.1.1.0/24

Hide

topology

here


Hiding Topology

C

A

B

10.1.1.0/24

DI can reach

10.1.1.0/24I can reach

10.1.1.0/24

I can reach

10.1.1.0/24

I can reach

10.1.1.0/24


192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

A

B

C

D

192.168.0.0/22

Hiding Reachability

Summary doesn’t

change!


1000 routes

1000 routes

1000 routes

1000 routes

4000+100 routes

400+100 routes

Hiding ReachabilityAssessing the Impact


Not Hiding Reachability:Impact of Poor Summarization

A

B


The Active Process

10.1.1.0/24

A B

C

D

E

F

G

Local

Knowledge of

an Alternate

Path, So Reply

Filte

r

No Knowledge

of Route,

So Reply

Su

mm

ary

No Knowledge

of Route,

So Reply

No Neighbors,

So Reply


Method to Hide Information

Distribute-lists

Access-lists

Prefix-lists

Summaries


Methods to Hide Reachability Information

Access-lists

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.0.0/22

1 network

1024 addresses

3 networks

255 addresses each

Router A

Router A#

!

interface POS 1/0

ip address 10.1.1.2 255.255.255.0

!

router eigrp 1

network 10.1.1.0

distribute-list 1 out POS 1/0

redistribute static

!

ip route 192.168.0.0 255.255.252.0 null 0

!

access-list 1 deny 192.168.1.0 0.0.0.255

access-list 1 deny 192.168.2.0 0.0.0.255

access-list 1 deny 192.168.3.0 0.0.0.255

!



Prefix-lists

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.0.0/22

1 network

1024 addresses

3 networks

255 addresses each

Router A

Router A#

!

interface POS 1/0

ip address 10.1.1.2 255.255.255.0

!

router eigrp 1

network 10.1.1.0

distribute-list prefix FILTER out POS 1/0

redistribute static

!

ip route 192.168.0.0 255.255.252.0 null 0

!

ip prefix-list FILTER deny 192.168.1.0/24



!



Summaries

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.0.0/22

1 network

1024 addresses

3 networks

255 addresses each

Router ARouter A#

!

interface POS 1/0

ip address 10.1.1.2 255.255.255.0

ip summary-address eigrp <AS> …

192.168.0.0 255.255.252.0 5

Addressing and Aggregation


Summary Metrics

A

BC

10

.1.0

.0/2

4

Co

st 3

0

10

.1.1

.0/2

4

Co

st 2

0

10

.2.0

.0/2

4

Co

st 3

0

10

.2.1

.0/2

4

Co

st 2

0

10.1.0.0/23

Cost 20

10.2.0.0/23

Cost 20


10.1.0.0/23

Cost 20

10.2.0.0/23

Cost 20

Summary Metrics

A

BC

10

.1.0

.0/2

4

Co

st 3

0

10

.1.1

.0/2

4

Co

st 2

0

10

.2.0

.0/2

4

Co

st 3

0

10

.2.1

.0/2

4

Co

st 2

0

10.1.0.0/23

Cost 30

10.2.0.0/23

Cost 20


Summary Metrics

A

B

10

.1.0

.0/2

4

Co

st 1

0

10

.1.1

.0/2

4

Co

st 2

0

10.1.0.0/23

Cost 10

loopback 0

ip address 10.1.1.1 255.255.255.255

delay 1

10.1.0.0/23

10


Summary Metrics

In the latest EIGRP code, the summary metric may be hard coded, contributing significantly to overall stability and performance.

Is removed when components go away – more efficient

summary-metric 192.168.0.0/22 1000

10000 255 1 1500

* Full Sample configuration in Appendix

*

Resiliency


Resiliency

Resiliency is a measure of the network’s ability to adjust to changing conditions

What is it?

Packets in Packets out


Resiliency

A

10.1.1.0/24

B

Redundancy


Controlling Excessive Redundancy

There Are Several Reasons for Redundancy in a Network…



Routing Protocol

Transit

Paths

HSRP Peers

Server Farm Example


router eigrp 100

passive-interface fastethernet 0/0




...

router eigrp 100

passive-interface default

no passive-interface fastethernet 1/0

...

-or-

Controlling Excessive RedundancyServer Farm Example



Single high

availability device



Backup path

Optimal routing

Additional bandwidth


2.5

0 10000

Se

co

nds

Routes

Feasible successor


Best path

fails

1.3 seconds



2.5

0 10000

Se

co

nds

Routes

Best path

fails

2 seconds

2.25 seconds

1.3 seconds



99.50

99.60

99.70

99.80

99.90

100.00

1 link 2 links 3 links 4 links

Relia

bili

ty



Summary

Summary



Link bundle

Other Approaches to Resiliency


EIGRP Fast Convergence

Already a standard part of EIGRP

Customers have been using EIGRP to achieve sub-second convergence for years

Proper network design is a must

Design to use address summarization to limit query scope

Design to provide at least one feasible successor


+ IS-IS Default Timers

OSPF Default Timers

EIGRP without FS

IS-IS Tuned Timers

OSPF Tuned Timers

EIGRP with FS

EIGRP Fast ConvergenceCombined Results

*

Worst

Best


Fast Hellos/BFD and Graceful Restart/NSF Fundamentals

Fast Hellos is a way of detecting failures fast and routing around them (BFD is preferred)

Fast Hellos or BFD are at cross purposes with HA/NSF!

Graceful Restart (GR) is a way to rebuild forwarding information in routing protocols when the control plane has recovered from a failure

Nonstop Forwarding (NSF) is a way to continue forwarding packets while the control plane is recovering from a failure

The fundamental premise of GR/NSF is to route throughtemporary failures, rather than around them!


Resiliency Summary

Balance between complexity and resiliency

Hide the additional complexity created by redundant links where possible

Passive-Interfaces*

Summarization

Link bundling

Consider High Availability techniques to reduce heavy redundancy for resiliency

* Used on common access links (eg: server farms) you want treated as non-transit

Separation


What is Separation?

Allows us another method to hide information

Allows us to break the network into multiple failure domains

Basic Types:

Virtualized

Functional


Virtualization

Virtualization is placing two apparently separate resources on top of a single resource

If every application stream over every IP pair over every logical subnet had its own physical path, there would be no virtualization

Virtualization is an extremely powerful tool

It allows multiple logical topologies to reside on a single underlying topology or network

DWDM

802.1q VLANs

Virtual Topologies


Virtualization

Virtualization always introduces fate sharing

If an underlying topology, or network, fails, all overlaying topologies fail as well

Fate sharing makes virtualization complex to design and troubleshoot

The more “global” the virtualization, the more added complexity

DWDM

Virtual Topologies

802.1q VLANs


Functional Separation

Core

Access

Core

AggregationDistribution


Summary

EIGRP network design that contributes to an elegant, scalable, resilient and hassle-free network is based on the following principles:

Simplicity

Informational, Configuration, Operational

Resiliency

Non-Excessive Redundancy, Summarization, Fast Convergence, High Availability, Stub Routing

Separation

Virtualization, Hierarchical Separation


Recommended Reading

Continue your Cisco Live learning experience with further reading from Cisco Press®

Check the Recommended Reading flyer for suggested books

Visit the Cisco Store for Related Titles – theciscostores.com

ASIN: 1578701651 ISBN: 0201657732

ISBN 1587051877 ISBN 1587202832


9

Receive 25 Cisco Preferred Access points for each session evaluation you complete.

Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd.

Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.

Complete Your Online Session Evaluation

http://www.ciscolivevirtual.com/


Thank you.

Appendix: Bonus Material

Appendix: Configuration Examples


Named Mode Examples—BFD

router eigrp x

!

address-family ipv4 unicast autonomous-system 1

!

af-interface Serial5/0

bfd

exit-af-interface

!

topology base

no auto-summary

exit-af-topology

network 10.1.1.0 0.0.0.255

network 10.1.2.0 0.0.0.255

network 10.1.3.0 0.0.0.255

exit-address-family

!

address-family ipv4 unicast vrf v autonomous-system 22

!

af-interface Ethernet1/0

bfd

exit-af-interface

!

topology base

no auto-summary

exit-af-topology

network 172.16.0.0

exit-address-family


Named Mode Examples—Router-ID

router eigrp callebaut

!


!

topology base

no auto-summary

exit-af-topology

eigrp router-id 4.3.2.1

exit-address-family

!


!

topology base

exit-af-topology

eigrp router-id 2.3.4.5

exit-address-family

!


Named Mode Examples—Summary

router eigrp VR1

!


!

af-interface Ethernet1/0

summary-address 10.1.0.0 255.255.0.0

summary-address 44.0.0.0 255.0.0.0

summary-address 100.0.0.0 255.0.0.0

exit-af-interface

!

topology base

no auto-summary

summary-metric 100.0.0.0/8 1000 10000 255 1 1500

summary-metric 44.0.0.0/8 14444 25555 66 88 7777

exit-af-topology

network 10.0.0.0

network 44.1.1.0 0.0.0.255

network 100.0.0.0 0.0.255.255

network 172.16.0.0

exit-address-family


Named Mode Examples—Redistributerouter eigrp bob

!


!

topology base

no auto-summary

redistribute maximum-prefix 98

redistribute connected metric 7 6 5 4 3

redistribute static

redistribute rip

redistribute ospf 78

redistribute isis level-2

exit-af-topology

!

topology COCO tid 9

no auto-summary

redistribute maximum-prefix 87

redistribute static metric 1 2 3 4 5

exit-af-topology

exit-address-family

!

address-family ipv4 unicast vrf v autonomous-system 48

!

topology base

no auto-summary

redistribute ospf 5 vrf v match external 2 metric 5 4 3 2 1 route-map z

exit-af-topology

exit-address-family

!


!

topology base

redistribute connected metric 7 6 5 4 3

redistribute static



redistribute isis level-2

exit-af-topology

exit-address-family


Named Mode Examples—Event-Logging

router eigrp 1

!

address-family ipv4 vrf VEE autonomous-system 8

no auto-summary

eigrp log-event-type dual xmit transport

eigrp event-logging

eigrp event-log-size 1008

exit-address-family

no auto-summary

router eigrp bob

!


!

topology base


eigrp event-logging


no auto-summary

exit-af-topology

!

topology coco tid 314


eigrp event-logging


no auto-summary

exit-af-topology

exit-address-family

!


!

topology base


eigrp event-logging


exit-af-topology

exit-address-family

!

service-family ipv4 autonomous-system 24

no eigrp log-neighbor-changes

eigrp log-neighbor-warnings 1000

!

topology base


eigrp event-logging


exit-sf-topology

exit-service-family


Stub Enhancements

CSCec80943

Assume We Have a Single Remote Site with Two Routers, and We Want to Mark the Entire Site as a Stub

We could mark both C and D as stub

A and B advertise only a default to C and D

C and D, since they are both stub routers, don’t advertise learned routes to each other

BA

10.1.1.0/24

C

D

Remote Site

0.0.0.0/0 0.0.0.0/0

No A

dvert

isem

ents

Stub Leaking


BA

10.1.1.0/24

C

D

Stub Enhancements

If the B to D link fails─

10.1.1.0/24 cannot be reached from A

C isn’t advertising 10.1.1.0/24 to A, since C is a stub

D cannot reach A, or anything behind A

C is not advertising the default route to D, since C is a stub

Stub Leaking


Stub Enhancements

The solution is for C and D to advertise a subset of their learned routes, even though they are both stubs

This is exactly what stub leaking does

router eigrp 100

eigrp stub leak-map LeakList

route-map LeakList permit 10

match ip address 1

match interface e0/0


match ip address 2

match interface e1/0

access-list 1 permit 10.1.1.0

access-list 2 permit 0.0.0.0e

0/0

Stub Leaking

BA

10.1.1.0/24

C

D


BA

10.1.1.0/24

C

D

Stub Enhancements

If the B to D link fails─

D is advertising 10.1.1.0/24 to C, and C to A, so 10.1.1.0/24 is still reachable

C is leaking the default route to D, so D can still reach the rest of the network through C

A and B will still not query towards the remote site, since C and D are stubs

Stub leaking is available in 12.3(10.02)T

Leak 10.1.1.0/24 and 0/0

Stub Leaking


Summary Leaking

We would like C to be able to receive as few routes as possible

We still optimally route to 10.1.1.0/24 and 10.1.2.0/24 dynamically

We could use a combination of static routes and route filters to advertise both 10.1.0.0/16 and the more specific to C

This is complicated, and difficult to maintain

10.1.1.0/24 10.1.2.0/24

10.1.0.0/16

10

.1.0

.0/1

6

10

.1.0

.0/1

6

A B

C


Summary Leaking

router eigrp 100

redistribute static route-map aggroutes

default-metric 1000 1 255 1 1500

distribute-list 20 out serial0/0

!

ip route 10.1.0.0 255.255.0.0 null0

!

route-map agg-routes permit 10

match ip address 10

match interface serial 0/0

!

access-list 10 permit 10.1.0.0 0.0.255.255


router eigrp 100

redistribute static route-map aggroutes

default-metric 1000 1 255 1 1500

distribute-list 20 out serial0/0

!

ip route 10.1.0.0 255.255.0.0 null0

!

route-map agg-routes permit 10

match ip address 10

match interface serial 0/0

!



10.1.1.0/24 10.1.2.0/24

10.1.0.0/16

10

.1.0

.0/1

6

10

.1.0

.0/1

6

A B

C

10

.1.1

.0/2

4

10

.1.2

.0/2

4


Summary Leaking

The simplest way to handle this is to configure a leak list on the summary route

CSCed01736

Leak lists for summaries are available in 12.3(11.01)T


match ip address 1

!

access-list 1 permit 10.1.1.0

!

interface Serial0/0

ip summary-address eigrp 1 10.1.0.0 255.255.0.0 leak-map LeakList

10.1.1.0/24 10.1.2.0/24

10.1.0.0/16

10

.1.0

.0/1

6

10

.1.0

.0/1

6

A B

C

10

.1.1

.0/2

4


Customer Sites in the Same EIGRP AS

AS CE-Sites are in the same-AS, the routes will be learned with normal EIGRP attributes

MP-BGP running on the PEs will carry the EIGRP attributes natively

EIGRP AS #, EIGRP Metrics

As part of the BGP update

Customer sites will see the remote sites as part of their normal EIGRP domain – INTERNAL Prefixes

PE1 PE2

CE1 CE2

MPLS VPN

Cloud

Site 2

EIGRP

AS 1

Site 1

EIGRP

AS 1

Customer sites belonging

to same EIGRP AS


Customer Sites in Different EIGRP AS

Customer sites are in different EIGRP AS

CE Sites will learn the remote-CE-site routes as EXTERNAL routes

This is normal behavior due to the different EIGRP AS

MP-BGP on the PE routers will carry the EIGRP routes with their normal attributes

PE1 PE2

CE1 CE2

MPLS VPN

Cloud

Site 2

EIGRP

AS 2

Site 1

EIGRP

AS 1

Customer sites belonging

to different EIGRP AS


Customer Sites with Backdoor Links

Customer wants to use the MPLS-VPN core for the Sites connectivity

Use the Back-door links in case of a failure (they usually are low-speed links)

Use EIGRP attributes on the backdoor link for the Sites Connectivity (for example: delay)

Everything should work as expected in case of a loss of connectivity through the MPLS-VPN Core

SoO – Site of Origin are EIGRP PE-CE tags that help prevent routing issues

PE1 PE2

CE1

MPLS VPN

Cloud

Site 2

EIGRP

AS 1

Site 1

EIGRP

AS 1C3

C4

CE2

Customer Sites with

Backdoor Links

eigrp design and deployment - ciscolive.com filerouter eigrp 1 network 10.1.1.0 distribute-list...

Documents