ADVANCES IN EIGRP RST-3220 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Agenda • Scaling Enhancements • Neighbor Enhancements • EIGRP PE/CE • Routing Enhancements • Summary RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed NOTE WELL • The features in this presentation fall into three categories Past enhancements Enhancements that have already been developed, and are available in some release of Cisco IOS® software on Cisco online Current enhancements Enhancements currently being developed, or planned for development in the near future Future enhancements Enhancements that are being considered, but may not be planned or developed for some time • We have marked each of these categories as clearly as possible at relevant points throughout the presentation RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed SCALING ENHANCEMENTS RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Scaling Enhancements • Stub review • Stub leaking • Mixed stub mode • Stub on Ethernet • Summary leaking • Summary only • Single neighbor • Interface submode RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed • If A loses its connection to 10.1.1.0/24, it must build and transmit five queries: one query to each remote, and one query to B 10.1.1.0/24 Stub Review A B • Each of the remote sites will also build a query towards B • B receives five queries which it must process and answer RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed • If these spokes are remotes sites, they typically have two connections for redundancy, not so they can transit traffic between A and B • A should never use the spokes as a path to anything reachable through B, so there’s no reason to learn about, or query for, routes through these spokes RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 10.1.1.0/24 Stub Review A B These Are Not Designed to Transit Traffic! To Signal A and B That the Paths Through the Spokes Should Not Be Used for Transit Traffic, the Spoke Routers Can Be Configured as Stubs 10.1.1.0/24 Stub Review A B router#config t# router(config)#router eigrp 100 router(config-router)#eigrp stub router(config-router)# RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed • Marking the spokes as stubs allows them to signal A and B that they are not transit paths • A will not query stubs, reducing the total number of queries in this example to • Marking the remotes as stubs also reduces the complexity of this topology; B now believes it only has path to 10.1.1.0/24, rather than RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 10.1.1.0/24 Stub Review A B M d e k ar as St s b u Stubs Stub Routers Can Be Defined to Advertise Different Types of Local Routes routerA#conf t Enter configuration commands, one per line End with CNTL/Z routerA(config)#router eigrp routerA(config-router)#eigrp stub ? connected Do advertise connected routes receive-only Set IP-EIGRP as receive only neighbor redistributed Do advertise redistributed routes static Do advertise static routes summary Do advertise summary routes RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 10 Stub Review • Any combination of the route types can be specified on the eigrp stub statement, except receive-only, which cannot be used with any other option • For example: eigrp stub connected summary redistributed • If eigrp stub is specified without any options, it will send connected and summary routes RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 11 Stub Review At A, You Can Tell B is a Stub Using show ip eigrp neighbor detail 10.2.2.2/31 B 10.1.3.0/24 A 10.1.2.0/24 router-a#show ip eigrp neighbor detail IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT (sec) (ms) 10.2.2.3 Et1/2 10 00:00:50 320 Version 12.2/1.2, Retrans: 0, Retries: Stub Peer Advertising ( CONNECTED ) Routes RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed RTO Q Seq Type Cnt Num 1920 12 Stub Leaking Assume We Have a Single Remote Site with Two Routers, and We Want to Mark the Entire Site as a Stub • A and B advertise only a default to C and D • C and D, since they are both stub routers, don’t advertise anything to each other B No Advertisements • We could mark both C and D as stub A 0.0.0.0/ 0.0.0.0/0 D C Remote Site 10.1.1.0/24 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 13 Stub Leaking • If the B to D link fails… • 10.1.1.0/24 cannot be reached from A A B D isn’t advertising 10.1.1.0/24 to C, since D is a stub • D cannot reach A, or anything behind A C is not advertising the default route to D, since C is a stub D C Remote Site 10.1.1.0/24 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 14 Stub Leaking • The solution for C and D to advertise a subset of their learned routes, even though they are both stubs A B • This is exactly what stub leaking does router eigrp 100 eigrp stub leak-map LeakList route-map LeakList permit 10 match ip address match interface e0/0 route-map LeakList permit 20 match ip address match interface e1/0 RST-3220 112195_2005_c1 access-list permit 10.1.1.0 access-list Allpermit © 2005 Cisco Sy stems, Inc rights reserv ed 0.0.0.0 D C Remote site 10.1.1.0/24 Available Feature 15 Stub Leaking • If the B to D link fails… • D is advertising 10.1.1.0/24 to C, and C to A, so 10.1.1.0/24 is still reachable A B • C is leaking the default route to D, so D can still reach the rest of the network through D • A and B will still not query towards the remote site, since C and D are stubs • Stub leaking is available in 12.3 (10.02)T D C Remote Site 10.1.1.0/24 Leak 10.1.1.0/24 and 0/0 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 16 Mixed Stub Mode • Suppose A has two neighbors, B, and C, on the same multipoint interface A • Today, queries and updates are transmitted to a multicast address, so A cannot send a query to C without also sending it to B Multicast Query • We are currently looking at techniques to resolve this issue, and allow stub and non-stub neighbors on the same interface RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed B C Stub CSCdx74716 Not Stub Future Feature 17 Stub on Ethernet • When B sends a hello packet, C will learn about this new neighbor • B and C learning about each other breaks stub functionality • We are currently working on techniques to allow B and C to be declared stub routers across a shared Ethernet or other segment RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed A EIGRP Hello B Stub CSCdz18850 C Stub Future Feature 18 Summary Leaking • We would like C to be able to receive as few routes as possible • This is complicated, and difficult to maintain 10.1.2.0/24 A B 10.1.0.0/16 • We could use a combination of static routes and route filters to advertise both 10.1.0.0/16 and the more specific to C 10.1.1.0/24 10.1.0.0/16 • We still optimally route to 10.1.1.0/24 and 10.1.2.0/24 dynamically 10.1.0.0/16 C RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 19 Summary Leaking RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 10.1.1.0/24 10.1.2.0/24 A B 10.1.0.0/16 router eigrp 100 redistribute static route-map aggroutes default-metric 1000 255 1500 distribute-list 20 out serial0/0 ! ip route 10.1.0.0 255.255.0.0 null0 ! route-map agg-routes permit 10 match ip address 10 match interface serial 0/0 ! access-list 10 permit 10.1.0.0 0.0.255.255 access-list 20 permit 10.1.2.0 0.0.255.255 10.1.0.0/16 10.1.0.0/16 router eigrp 100 redistribute static route-map aggroutes default-metric 1000 255 1500 distribute-list 20 out serial0/0 ! ip route 10.1.0.0 255.255.0.0 null0 ! route-map agg-routes permit 10 match ip address 10 match interface serial 0/0 ! access-list 10 permit 10.1.0.0 0.0.255.255 access-list 20 permit 10.1.1.0 0.0.255.255 C Available Feature 20 Summary Leaking • You can also use a pair of summaries RST-3220 112195_2005_c1 10.1.2.0/24 A B interface serial 0/0 ip summary-address 10.1.0.0 255.255.0.0 ip summary-address 10.1.1.0 255.255.255.0 200 © 2005 Cisco Sy stems, Inc All rights reserv ed 10.1.0.0/16 • This could remove the dynamic nature of the longer prefix optimal route advertisements 10.1.1.0/24 10.1.0.0/16 • You need to “float” the 10.1.1.0/24 and 10.1.2.0/24 summaries 10.1.0.0/16 C Available Feature 21 Summary Leaking • The simplest way to handle this is to configure a leak list on the summary route 10.1.2.0/24 A B route-map LeakList permit 10 match ip address ! access-list permit 10.1.1.0 ! interface Serial0/0 ip summary-address eigrp 10.1.0.0 255.255.0.0 leak-map LeakList RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 10.1.0.0/16 10.1.1.0/24 10.1.0.0/16 • Leak lists for summaries are available in 12.3(11.01) T 10.1.0.0/16 C Available Feature 22 Summary Only • We would like to advertise a single summary for networks with servers attached to them from A and B to C (in the range 10.1.0.0/16) 192.168.1.2/31 192.168.1.0/31 B 10.1.0.0/16 • We could this with a summary and a route filter, but this can become complicated, and hard to maintain A 10.1.0.0/16 • We don’t want to advertise infrastructure links to C (in the range 192.168.0.0/16) 10.1.1.0/24 C RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCec10166 Future Feature 23 Summary Only 192.168.1.0/31 192.168.1.2/31 10.1.1.0/24 router eigrp 100 distribute-list 10 out serial 0/0 ! access-list 10 permit 10.1.0.0 0.0.255.255 ! interface serial 0/0 ip summary-address eigrp 100 10.1.0.0 255.255.0.0 10.1.0.0/16 B 10.1.0.0/16 A C RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCec10166 Future Feature 24 Summary Only 192.168.1.2/31 10.1.1.0/24 192.168.1.0/31 An Easier Way Would Be to Be Able to Define a Summary That Automatically Blocks All Routes Which Are Not a Component of the Summary 10.1.0.0/16 Interface serial 0/0 ip eigrp 100 summary-address 10.1.0.0 255.255.0.0 summary-only B 10.1.0.0/16 A C RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCec10166 Future Feature 25 Single Peering EIGRP Currently Peers Over Every Link Between a Pair of Routers • Each route learned at A will be advertised to B over every neighbor relationship New Route A • Each route placed in the active state will cause a query through every neighbor relationship B RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCsa95820 Future Feature 26 Single Peering Slows Down Network Convergence • EIGRP only split horizons on routes actually installed in the routing table Paths Installed in B’s Routing Table Paths Not Installed in B’s Routing Table A • If there are more paths than the maximum paths EIGRP can install in the routing table… • The routers end up querying each other, which can cause major problems in network convergence times RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Queries Due to Lost Route CSCsa95820 B Queries Because Split Horizon Is Disabled on These Links Future Feature 27 Single Peering • EIGRP will eventually peer based on router IDs rather than interface addresses Only one neighbor relationship no matter how many links between the routers Single Relationshi p A • Reduces routing traffic • Increases convergence speed B • Decreases active times throughout the network RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCsa95820 Future Feature 28 Interface Sub-Mode • With the growth in routers with hundreds to thousands of interfaces, existing interface-based commands are burdensome Ip summary-address eigrp Ip hold-time eigrp Etc • Interface sub-mode will allow the definition of common interface commands under the “router eigrp” command, and use ‘eigrp interface-range’ statements to group the commands RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Future Feature 29 NEIGHBOR ENHANCEMENTS RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 30 Neighbor Enhancements • Dynamic Resycnhronization • EIGRP GTSM • Bidirectional Forwarding Detection • Multiaccess Reachability Protocol • Graceful Shutdown RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 31 Dynamic Resynchronization • Configuring any of these resets the neighbor relationship between two EIGRP routers: Router#config-t router-config#router eigrp 100 router-config(eigrp)#distribute-list 10 out A Outbound filter changes clear ip eigrp neighbors Others… • These neighbor resets introduce instability in the network RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed B 1d01h: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor (Ethernet1/1) is down: peer restarted Available Feature 32 Dynamic Resynchronization • Dynamic peer resychronization uses graceful restart to resynchronize neighbor relationships, rather than restarting them • Adds a new command, clear ip eigrp neighbor soft, to reset a neighbor relationship through graceful restart • Available in 12.3(12.06)T RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 33 Dynamic Synchronization B does not support GR or peer resynchronization router-a#clear ip eigrp neighbor soft %DUAL-5-NBRCHANGE: Neighbor is resync: manually cleared %DUAL-5-NBRCHANGE: Neighbor is down: peer restarted %DUAL-5-NBRCHANGE: Neighbor is up: new adjacency A router-b# %DUAL-5-NBRCHANGE: Neighbor is down: peer restarted %DUAL-5-NBRCHANGE: Neighbor is up: new adjacency B supports GR router-a#clear ip eigrp neighbor soft %DUAL-5-NBRCHANGE: Neighbor is resync: manually cleared router-b# %DUAL-5-NBRCHANGE: Neighbor is resync: peer nsf-restarted B B supports GR and peer resynchronization router-a#clear ip eigrp neighbor soft %DUAL-5-NBRCHANGE: Neighbor is resync: manually cleared router-b# %DUAL-5-NBRCHANGE: Neighbor is resync: peer graceful restart RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 34 Generalized TTL Security Mechanism • The Generalized TTL Security Mechanism (GTSM) is a mechanism which protects routers from distant (multihop) attacks • Routers transmit RP traffic with a TTL of TTL B TTL Is Greater Than or Equal to 0; Accept the Packet and Process It TTL A A sends RP packets with a TTL of B decrements the TTL to B accepts the packet, since it’s destined to B itself Attacker RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCea59358 Future Feature 35 Generalized TTL Security Mechanism • An Attacker can send a packet to A with B’s destination address TTL 253 B TTL Is Greater Than 0; Accept the Packet and Process It • A decrements the TTL by one, and forwards the packet to B • A examines the TTL, finds it’s still greater than 0, so it accepts the packet, and processes it TTL 254 A • This allows attackers to attack routers from multiple hops away TTL 255 Attacker RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCea59358 Future Feature 36 Generalized TTL Security Mechanism • However, the TTL is just a number; we can change the assumptions a bit TTL 254 B Filter All Routing Packets with TTL < 254 • A transmits all packets with a TTL of 255 • B filters all routing protocol packets with a TTL less than 254 TTL 255 A Attacker RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCea59358 Future Feature 37 Generalized TTL Security Mechanism • The Attacker sends a packet to A with B’s destination address TTL 253 B TTL Is Less Than 254; Discard It • A decrements the TTL by one, and forwards the packet to B • When B receives the packet, the TTL is less than 254 • The Attacker can no longer reach B to launch an attack against it! TTL 254 A TTL 255 Attacker RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCea59358 Future Feature 38 BFD Support • Bidirectional Forwarding Detection (BFD) is a fast hello at Layer 2.5 Described in draft-ietf-bfd-base-02.txt Less overhead and much faster detection time than just decreasing EIGRP Hello Interval • Uses underlying BFD facilities which send extremely fast keep-alives between routers (default interval—50 mSec!) • Available in 12.2(18)SXE RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 39 MultiAccess Reachability Protocol • Routers connected to an Ethernet switch cannot see their neighbor’s state at Layer 2; if a neighbor fails, they must wait until the Layer dead timer expires • To the switch, however, the Ethernet is a set of point-topoint links • MARP can take advantage of this property with the switch’s cooperation RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCdy18579 Future Feature 40 MultiAccess Reachability Protocol • A examines its tables of Layer neighbors, and then examines its ARP cache to determine what Layer addresses correspond to those neighbors • A then sends out a MARP update containing these Layer addresses • The switch examines its tables, and determines which ports these Layer addresses are reachable on router-a#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address 208.0.6.10 router-a#show ip arp Protocol Address Hardware Addr Internet 208.0.6.10 0003.e348.64a0 Internet 208.0.6.11 0003.e348.6600 I’m Interested in B and C B Is Reachable on FA0/1 C Is Reachable on FA0/2 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCdy18579 Future Feature 41 MultiAccess Reachability Protocol • The switch then examines these ports to determine if they are running spanning tree • If they are not, the switch creates a data structure noting the interesting Layer addresses reachable through each port • When the port fails, the switch uses these data structures to build a MARP notification that C is no longer reachable RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed router-a#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address 208.0.6.10 router-a#show ip arp Protocol Address Hardware Addr Internet 208.0.6.10 0003.e348.64a0 Internet 208.0.6.11 0003.e348.6600 C Is No Longer Reachable CSCdy18579 Future Feature 42 Graceful Shutdown • Normally, if A detects the peer relationship has failed, it quietly removes B B would still wait hold time before resetting A • Unidirectional link failure • Unicast failure • User reload A Goodbye The hold time could be long on slow speed link or the timer could be reset if there’s any EIGRP traffic This contributes to traffic loss, SIA, and slow convergence B • Goodbye is sent to terminate the peer relationship quickly RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 43 Graceful Shutdown • Before the Goodbye enhancement, when router B is brought down for maintenance, A and D wait hold time before switching traffic to C C D RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Feasible Successor • It’s better to get A and D to route around B while B can still forward traffic, so it happens gracefully B Successor • During the hold time, the packets on the wire will be lost when B is taken off line—and this could be a lot of packets, if these are high speed links A Available Feature 44 Graceful Shutdown • Goodbye message is sent in a hello packet A • EIGRP sends an interface goodbye message when taking down all peers on an interface Interface Goodbye • Interface goodbye has all K values set to 255 B C Old Code Resets Neighbor Due to K Value Mismatch When Receiving an Interface Goodbye RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 45 Graceful Shutdown • EIGRP sends a peer goodbye message when talking down a subset of peers on an interface • Peer goodbye has the peer address in the goodbye TLV • Available in 12.2(26.04)S 12.3 (07)XI 12.3(02.03)B 12.3(01.04)T 012.003(001.004) RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed A Peer Goodby e B C Available Feature 46 EIGRP PE/CE RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 47 EIGRP PE/CE • EIGRP PE/CE Review • Backdoor Links • PE Route Preference • Route Count Limit RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 48 EIGRP PE/CE Review • PE: Provider Edge router Service Provider • CE: Customer Edge router VPN • VPN: Virtual Private Network • VRF: Virtual Routing and Forwarding instance (routing table) • Backdoor link: link between sites which doesn’t use VPN PE PE CE EIGRP Site CE Backdoor Link EIGRP Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 49 EIGRP PE/CE Review Before PE/CE: Service Provider • EIGRP is redistributed into BGP at B • BGP route are redistributed back into EIGRP at C • The routes are external routes at site • We want them to be internal routes at site BGP B C Internal A EIGRP Site D External EIGRP Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 50 EIGRP PE/CE Review • With EIGRP PE/CE Service Provider Routes are redistributed into BGP on PE B Extended communities containing the EIGRP attributes are attached to them • Routes are redistributed back into EIGRP at PE C Extended communities are used to reconstruct the routes as internals VPN B PE C PE CE A Internal EIGRP Site D CE Internal EIGRP Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 51 EIGRP PE/CE Review ip vrf VRF-RED rd 172.16.0.1:20 exit router eigrp address-family ipv4 vrf VRF-RED autonomous-system 101 network 172.16.0.0 255.255.0.0 redistribute BGP 101 metric 10000 100 255 1500 exit-address-family Service Provider VPN B PE C PE CE A Internal router-c#show ip eigrp vrf VRF-RED topology IP-EIGRP Topology Table for AS(1)/ID(192.168.10.1) Routing Table:VRF-RED P 10.17.17.0/24, successors, FD is 409600 via 50.10.10.2 (409600/128256), Ethernet3/0 P 172.16.19.0/24, successors, FD is 409600 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed EIGRP Site D CE Internal EIGRP Site 52 Backdoor Links If There are Backdoor Links Between EIGRP Sites, It’s Possible to Have a Count-to-Infinity Issue When a Route Goes Down in One of the Sites VPN B C A • Site advertises a route through the back door to site • If that route goes down in site 1, it can be advertised from site into BGP and reintroduced into site Service Provider Site D • It takes a bit of time for the network to converge on the disappearance of the route Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 53 Backdoor Links • The solution is to automatically tag all the routes with a site of origin (SoO) Service Provider VPN • The SoO is defined on the PE router’s interfaces connecting to the CEs • EIGRP on the PE will reject routes redistributed from BGP if they contain that site’s SoO value (would be a loop through back door) B C A Site D route-map SoOrigin permit 10 set extcommunity soo 100:1 interface FastEthernet 0/0 ip vrf sitemap SoOrigin RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Site Available Feature 54 Backdoor Links • If the SoO is also defined on the backdoor link, the backdoor routers will reject routes received from the other backdoor router containing this site’s SoO value Service Provider VPN B • You can then set the metric on the backdoor link so the path through the VPN is preferred over the backdoor link • Available in 12.2(18)SXE 12.0(26) SZ 12.0(26.01)S 12.0(27)SV C A Site D route-map SoOrigin permit 10 set extcommunity soo 100:1 interface FastEthernet 0/0 ip vrf sitemap SoOrigin RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Site Available Feature 55 PE Route Preference • Router D receives 10.1.1.0/24 through the backdoor link, and advertises the route to C Service Provider VPN • 10.1.1.0/24 is advertised by A into the BGP cloud, and reaches C • Which route will C prefer? B C A 10.1.1.0/24 Site D Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 56 PE Route Preference C Will Prefer the Route Through D, Site Service Provider • BGP always prefers locally originated routes over learned routes • Since C learns the route through EIGRP first, it has a locally originated route already in its table before it receives the learned route from B VPN B C A 10.1.1.0/24 Site D Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 57 PE Route Preference Reflector • This type of problem also crops up with BGP route reflectors in the SP network • A advertises 10.1.1.0/24 to B, who then advertises it to its route reflector, C • E advertises 10.1.1.0/24 to D, who then advertises it to its route reflector, C • Which route does C choose? C B D SP A E 10.1.1.0/24 Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Site Available Feature 58 PE Route Preference Reflector • C will choose based on BGP metrics C Oldest path Multiple exit discriminator B D IGP metric to B and D SP • If C chooses the path through D RST-3220 112195_2005_c1 C reflects D’s route to B A B may choose the route from D, or the locally originated route from A 10.1.1.0/24 © 2005 Cisco Sy stems, Inc All rights reserv ed E Site Site Available Feature 59 PE Route Preference • To resolve both of these situations, we need BGP to be aware of EIGRP’s metrics EIGRP’s metrics are contained in communities BGP doesn’t use for its best path calculation We need to be override the locally preferred rule in BGP • The solution: draft-retana-bgp-custom-decision Allows customization of the BGP decision algorithm Implemented by Cisco in 12.0(24)S, 12.3(2)T, 12.2(18)S RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 60 PE Route Preference • The SP configures a route map to set the cost community on EIGRP routes imported in from each site The customer must tell the SP what the cost should be set to for each site • Using the keyword pre-bestpath in the route map causes the insertion point of the cost community to be before Local Preference in the BGP bestpath algorithm • This provides absolute control over BGP’s bestpath for the VPN customer • Available in 12.0(27)S, 12.3(8)T, and 12.2(25)S RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 61 PE Route Preference address-family ipv4 vrf vrzn redistribute eigrp 100 neighbor 10.2.1.1 remote-as 65000 neighbor 10.2.1.1 activate neighbor 10.2.1.1 send-community both neighbor 10.2.1.1 route-map COST1 in exit-address-family ! route-map COST1 permit 10 set extcommunity cost pre-bestpath 100 address-family ipv4 vrf vrzn redistribute eigrp 100 neighbor 10.2.1.1 remote-as 65000 neighbor 10.2.1.1 activate neighbor 10.2.1.1 send-community both neighbor 10.2.1.1 route-map COST1 in exit-address-family ! route-map COST1 permit 10 set extcommunity cost pre-bestpath 50 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Reflector C B D SP A E 10.1.1.0/24 Site Site Available Feature 62 Route Count Limit • When redistributing between an SP and an EIGRP site: Configuration mistakes on the SP side could redistribute the full BGP table into EIGRP Configuration mistakes on the EIGRP side could overflow the SP BGP edge router (PE) • How can we protect both sides? Mistake from This Side Overruns EIGRP SP Mistake from This Side Overruns SP PE Router A B C EIGRP Site RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 63 Route Count Limit • Configure a BGP maximum prefix limit on A • Configure an EIGRP maximum prefix limit on B and C • Available in 12.0(28.01)S and 12.3(14)T SP router eigrp 20 ! address-family ipv4 vrf RED redistribute maximum-prefix 1000 exit-address-family RST-3220 112195_2005_c1 router eigrp 20 ! address-family ipv4 vrf RED neighbor maximum-prefix 1000 exit-address-family © 2005 Cisco Sy stems, Inc All rights reserv ed A B C EIGRP Site Available Feature 64 Route Count Limit warning-only When the maximum number of routes is reached, a syslog message is printed to the console, but no other action is taken The amount of time EIGRP will wait after the maximum number of prefixes has been reached restart before accepting routes from the RIB again (redistribution) or building a neighbor relationship again (neighbor) The maximum number of times redistribution will be restart-count attempted, or a neighbor relationship will be formed, before failing these actions permanently reset-time dampened RST-3220 112195_2005_c1 The amount of time (in seconds) after the last failed attempt before the restart counter will be cleared Applies an exponential decay interval to the restart time © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 65 ROUTING ENHANCEMENTS RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 66 Routing Enhancements • EIGRP IPv6 • EIGRP Third Party Next Hop • Dynamic Metrics • Bundled Metrics • Default Information Originate • Default Network RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 67 EIGRP IPv6 • Initially, EIGRP IPv6 will Run EIGRP over an IPv6 multicast address Add additional TLVs to the EIGRP packets to carry IPv6 addresses Interface based configuration • In the future, all configuration will be moved under the EIGRP process Interfaces grouped by range, rather than network statements IPv4 configuration will follow the IPv6 configuration style RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Per-interface configuration router#conf t Enter configuration commands, one per line End with CNTL/Z router(config)#ipv6 unicast router(config)#int fastEthernet 0/0 router(config-if)#ipv6 eigrp router(config-if)#ipv6 enable router(config-if)#exit Assign router-id and no shutdown router(config)#! router(config)#ipv6 router eigrp router(config-rtr)#router-id 1.1.1.1 router(config-rtr)#no shutdown router(config-rtr)#end router# Current Feature 68 • When B receives this route, it sets the next hop to 10.1.3.1 • If B is receiving packets for 10.1.1.1, it will need to forward them through A, even though it has a direct connection to C RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed A EIGRP Neighbors • C advertises 10.1.1.0/24 to A, which it readvertises it to B, and sets the next hop to 0.0.0.0 EIGRP Neighbors EIGRP Third Party Next Hop B 10.1.3.1 10.1.3.2 C No EIGRP Running 10.1.1.0/24 IP-EIGRP Topology Table for AS(100) P 10.1.1.0/24, successors via 10.1.3.1 Available Feature 69 EIGRP Third Party Next Hop EIGRP • B can then use the direct link between B and C to forward traffic to 10.1.1.0/24, even though EIGRP isn’t running between the two routers A 10.1.3.1 EIGRP • EIGRP third party next hop allows A to leave the next hop at 10.1.3.2 interface Serial no ip next-hop-self eigrp 100 10.1.3.2 C B No EIGRP Running 10.1.1.0/24 IP-EIGRP Topology Table for AS(100) P 10.1.1.0/24, successors via 10.1.3.2 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 70 EIGRP Third Party Next Hop router eigrp 100 redistribute rip metric interface Ethernet no ip next-hop-self eigrp • Here A, B, and C are all connected to the same broadcast segment, 10.1.1.0/24 A A is redistributing RIP into EIGRP B isn’t running RIP C isn’t running EIGRP • For the redistributed RIP routes, B would normally show A as the next hop, rather than C, although it can reach C directly • With EIGRP no next hop self on the Ethernet, A will send its updates to B with C as the next hop RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed EIGRP B RIP C 10.1.1.0/24 IP-EIGRP Topology Table for AS(100) P 10.1.1.0/24, successors via 10.1.2.1 Available Feature 71 EIGRP Third Party Next Hop • Applications for third party next hop: Dynamic Multipoint Virtual Private Networks http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/prod Preserving the next hop in redistribution from broadcast networks • Available in 12.3(07)XI 12.2(23.01)S 12.3(02.03)B 12.3(01.02)T 012.003(001.003) RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 72 Dynamic Metrics • EIGRP uses manually configured bandwidth and delay metrics • EIGRP only “reads” the load and reliability metrics off an interface When the neighbor relationship comes up When the bandwidth or delay are manually changed When the a route is relearned through the interface • Makes enabling the k-values for load and reliability pretty useless • Why can’t we make these dynamic? RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Future Feature 73 10.1.1.0/24 • What we don’t want is constant churn based on shifting load! As traffic is shifted to 10.1.1.0/24, the load increases This drives traffic back to 10.1.2.0/24, increasing its load, decreasing 10.1.2.0/24’s load This, in turn, drives traffic back to 10.1.1.0/24, increasing its load, and decreasing 10.1.2.0/24’s load • Cisco has a patented mechanism to allow the shifting of load without the churn, which will be used in the dynamic metrics feature RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Load 10 10.1.2.0/24 Dynamic Metrics Load 20 Shift Traffic Here Load 20 Load 10 Shift Traffic Here Load 10 Load 20 Shift Traffic Here Future Feature 74 Bundled Metrics • If there are multiple links used for load sharing, only a single link’s bandwidth and delay will be advertised to neighbors A will get a more true picture of the paths available to 10.1.1.0/24 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed BW: 2000 D:500 BW: 1000 D: 500 BW: 1000 D: 500 C BW: 1000 D: 500 • EIGRP will be able to bundle the metrics of the equal cost links between C and D B BW: 1000 D: 500 C actually has more bandwidth available to reach 10.1.1.0/24 BW: 1000 D: 500 In this network, B and C advertise the same metrics to 10.1.1.0/24 A D 10.1.1.0/24 Future Feature 75 Default Information Originate • To generate a default route (0/0) in EIGRP today… • Redistribution You can create a default route to NULL0, and redistribute it This is an EIGRP external, which isn’t always desirable You can configure the static so it only exists if a specific next hop is reachable, conditioning the origination of the default to some degree • Summary ip summary-address 0.0.0.0 0.0.0.0 This can cause problems in some areas of the network, especially if you’re learning a default route, as well RST-3220 112195_2005_c1 You can’t condition the origination of the default route CSCdr75703 Future Feature © 2005 Cisco Sy stems, Inc All rights reserv ed 76 Default Information Originate default-information originate The new command would generate a default route conditioned on the route map match ip address: only generate a default if the next hop listed is reachable match tag: only generate a default if a route with the indicated tag exists in the table set metric: set the default’s metric based on the conditions listed in the route map Etc RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed CSCdr75703 Future Feature 77 Default Network • ip default-network is being removed • How is this a feature? ip default-network was never designed to support any protocol other than IGRP The default network was supported in EIGRP for transition purposes only, but IGRP is now gone The default network will be close to impossible to support in MTR environments The forwarding code is optimized for the default route (0/0), so the default network converges more slowly RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 78 SUMMARY RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 79 Summary • Contrary to popular belief, EIGRP is not dead! • Ten major features in the last year • Four major infrastructure changes in preparation for future features MTR EIGRP on the PIXđ Others RST-3220 112195_2005_c1 â 2005 Cisco Sy stems, Inc All rights reserv ed 80 Other Future Enhancements • Full community support To support injection of routes into VRFs based on communities, and other future features • Unidirectional link routing support • Conditional injection of routes • EIGRP support for link bandwidths over 2GB RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 81 Other Future Enhancements • EIGRP stub default only Automatically filter to default only for stub routers • Multihop neighbor relationships For passing EIGRP routes through firewalls and encryption devices • Stub only images for wiring closets • Mobility enhancements RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 82 Further Reading ASIN: 1578701651 RST-3220 112195_2005_c1 ISBN: 0201657732 © 2005 Cisco Sy stems, Inc All rights reserv ed ISBN 1587051877 83 Complete Your Online Session Evaluation! • Win fabulous prizes! Give us your feedback! • Receive 10 Passport Points for each session evaluation you fill out • Go to the Internet stations located throughout the Convention Center • Winners will be posted on the Internet stations and digital plasma screens • Drawings will be held in the World of Solutions Monday, June 20 at 8:45 p.m Tuesday, June 21 at 8:15 p.m Wednesday, June 22 at 8:15 p.m Thursday, June 23 at 1:30 p.m RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 84 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 85 Black Hole Summary Routes Distribution Routers • This network implements manual summarization from the distribution routers toward the core Black Hole Time! • It normally doesn’t matter whether A or B is used to reach a remote • But what if a link goes down? d : es t G R • Second link between A and E summarization B without • Workaround: or • GRE tunnel between A and B without summarization 1.1 1 X Remote Sites X C 10.1.1.0/24 A X D 10.1.2.0/24 B E 10.1.3.0/24 ip summary-address eigrp 10.1.0.0 255.255.0.0 RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 86 OTHER NEW FEATURES RST-3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed 87 ... at relevant points throughout the presentation RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed SCALING ENHANCEMENTS RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc... and 10.1.2.0/24 dynamically 10.1.0.0/16 C RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Available Feature 19 Summary Leaking RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems,... interface-range’ statements to group the commands RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems, Inc All rights reserv ed Future Feature 29 NEIGHBOR ENHANCEMENTS RST- 3220 112195_2005_c1 © 2005 Cisco Sy stems,