Enterprise Network Data Communication Solution Practice - EIGRP

Practical objectives:

Through practical application, master the working principle and practical operation ability of EIGRP.

Case requirements and business deployment planning:

The company has two offices, the headquarters and the branch;

It was decided that the entire network would use EIGRP as the dynamic routing protocol, with the autonomous system number being 666;

The two devices R1 and R3 at the headquarters and branches are interconnected through the Layer 2 ××× provided by the operator to achieve communication between the headquarters and branches. Unicast is used to establish EIGRP neighbors and deploy HMAC authentication with customized keys.

R2 and R5 are stub routers, connected by a low-speed link as a backup for Layer 2 ×××. They use unicast to establish EIGRP neighbors and deploy MD5 authentication with custom keys.

The business traffic between the headquarters and branches is forwarded through the Layer 2 ×××. However, when the Layer 2 ××× fails, the backup link must assume all forwarding responsibilities and implement data forwarding control of the primary and backup links through route summarization;

A small amount of special business traffic needs to be communicated between Server1 and Server2 every day through a low-speed backup link. A secondary address is set in the subnet where the two servers are located to serve the special business traffic.

R3 and R4 are the Internet gateways of the entire enterprise, responsible for all the enterprise's Internet access traffic, with R3 as a high-speed link and R4 as a low-speed link. Port NAT is deployed to provide Internet services within the enterprise.

To avoid wasting link resources and ensure reasonable link forwarding load, R3 and R4 set different metrics when introducing the default route to the Internet into EIGRP, and implement non-equal-cost load balancing of service traffic to the Internet on R5;

Considering factors such as business scalability, all network devices deploy named EIGRP configuration mode; define the named EIGRP instance name as QYT;

To ensure stable operation of the protocol, configure router-id for each device. For example: R1 router-id is 10.0.0.1, R2 router-id is 10.0.0.2;

The practice topology of this case on the simulator can be built according to the following structure:

Here is a case configuration solution:

1. Configure IP address (omitted for display)

The device interface address is the network address.Y, where Y is the device number. For example, the IP address of R1's E0/3 interface is: 10.12.13.1/24

PC and Server are simulated by the loopback port of the router

 R2#show run interface loopback 0
 interface Loopback0
  IP address 10.2.201.100 255.255.255.0 secondary
  IP address 10.2.100.100 255.255.255.0 secondary
  IP address 10.2.200.100 255.255.255.0 
 
 
 R5#show run interface loopback 0
 interface Loopback0
  IP address 10.1.201.100 255.255.255.0 secondary
  IP address 10.1.100.100 255.255.255.0 secondary
  IP address 10.1.200.100 255.255.255.0

After the IP address is configured, be sure to test whether the direct connection is OK.

2. Deploy EIGRP on the entire network

 R1#show run | s r e
 router eigrp QYT
 !
  address-family ipv4 unicast autonomous-system 666
 !
 topology base
 exit-af-topology
 network 10.0.0.0
 eigrp router-id 10.0.0.1 //The configurations of each device are the same except for this part. //
 exit-address-family

After configuration is complete, please check the EIGRP neighbor status and routing entries to ensure that the configuration is correct;

Check command:

 show ip eigrp neighbors  
 show ip route eigrp | begin Gateway

3. Configuring Unicast Neighbors and Authentication on the Headquarters and Branch Interconnection Devices

R1:

 router eigrp QYT
 address-family ipv4 unicast autonomous-system 666 
 
 neighbor 10.12.13.3 Ethernet0/3
 af-interface e0/3
 authentication mode hmac-sha-256 CCNP

R3:

 router eigrp QYT
 address-family ipv4 unicast autonomous-system 666 
 
 neighbor 10.12.13.1 Ethernet0/3
 af-interface e0/3
 authentication mode hmac-sha-256 CCNP

R2:

 key chain CISCO
 key 1
 key-string CCNP 
 
 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666 
 
  neighbor 10.12.25.5 Serial1/1
 af-interface Serial1/1
 authentication mode md5
    authentication key-chain CISCO

R5:

 key chain CISCO
 key 1
 key-string CCNP 
 
 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666 
 
  neighbor 10.12.25.2 Serial1/1
 af-interface Serial1/1
 authentication mode md5
    authentication key-chain CISCO

4. Deploy stub routers

R2 and R5:

 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 eigrp stub

5. Realize the master-slave relationship between Layer 2 ××× and low-speed backup link

The routes in the local area are summarized on R2 and R5 to implement traffic forwarding control of the primary and backup links based on the longest match principle;

R2:

 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 af-interface Serial1/1
    summary-address 10.2.0.0 255.255.0.0

R5:

 router eigrp QYT
 address-family ipv4 unicast autonomous-system 666
 af-interface Serial1/1
    summary-address 10.1.0.0 255.255.0.0

verify:

 R2#traceroute 10.1.100.100 source 10.2.100.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.1.100.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.2.12.1 9 msec 9 msec 9 msec
   2 10.12.13.3 9 msec 9 msec 10 msec
   3 10.1.35.5 9 msec * 6 msec 
 
 
 R5#traceroute 10.2.100.100 source 10.1.100.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.2.100.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.1.35.3 1 msec 0 msec 1 msec
   2 10.12.13.1 1 msec 0 msec 1 msec
   3 10.2.12.2 9 msec * 10 msec

Disconnect the link between R1 and R3 to verify whether the backup link can forward traffic normally;

 R1#configure terminal 
 
 R1(config)#interface e0/3
 R1(config-if)#shutdown 
 
 
 R2#traceroute 10.1.100.100 source 10.2.100.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.1.100.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.12.25.5 9 msec * 9 msec 
 
 
 R5#traceroute 10.2.100.100 source 10.1.100.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.2.100.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.12.25.2 8 msec * 9 msec

After the test is completed, please do not forget to restore the link.

6. Realizing the need for special services to use low-speed links

There is more than one application scenario for leak-map in EIGRP. The following describes how to use it in conjunction with the summary command.

The stub router feature is enabled above. By default, only the local direct routes and summary routes are advertised.

Then a summary was made, which suppressed the details;

Now, leak-map is used to allow specific directly connected routes to be advertised to neighbors in the summarization direction after summarization;

Configuration:

R2:

 access-list 2 permit 10.2.201.0 0.0.0.255 
 
 route-map LEAK permit 10
 match ip address 2 
 
 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 af-interface Serial1/1
    summary-address 10.2.0.0 255.255.0.0 leak-map LEAK

R5:

 access-list 2 permit 10.1.201.0 0.0.0.255 
 
 route-map LEAK permit 10
 match ip address 1 
 
 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 af-interface Serial1/1
    summary-address 10.2.0.0 255.255.0.0 leak-map LEAK

verify:

 R2#show ip eigrp topology 10.1.201.0/24 | include from
   10.12.25.5 (Serial1/1), from 10.12.25.5, Send flag is 0x0
   10.2.12.1 (Serial1/0), from 10.2.12.1, Send flag is 0x0 
 
 
 R5#show ip eigrp topology 10.2.201.0/24 | include from
   10.12.25.2 (Serial1/1), from 10.12.25.2, Send flag is 0x0

test:

 R2#traceroute 10.1.201.100 source 10.2.201.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.1.201.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.12.25.5 9 msec * 9 msec 
 
 
 R5#traceroute 10.2.201.100 source 10.1.201.100 numeric
 Type escape sequence to abort.
 Tracing the route to 10.2.201.100
 VRF info: (vrf in name/id, vrf out name/id)
   1 10.12.25.2 9 msec * 9 msec

7. Configure NAT

This part is not the focus of this case study, and the configuration part is only used as an example

 R3(config)#int e0/2
 R3(config-if)#ip nat outside 
 
 R3(config)#int e0/3
 R3(config-if)#ip nat inside 
 
 access-list 1 permit 10.0.0.0 0.0.0.255 
 
 ip nat inside source list 1 interface [XXX] overload

8. Reasonable allocation of uplink resources between R3 and R4

Configure static default routes on R3 and R4 and introduce EIGRP with different metrics to reflect the actual situation of the network uplink as much as possible.

 R3(config)#ip route 0.0.0.0 0.0.0.0 36.1.1.6  
 R4(config)#ip route 0.0.0.0 0.0.0.0 s1/0

R3:

 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 topology base
    redistribute static metric 10000 100 255 1 1500

R4:

 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 topology base
    redistribute static metric 1544 2000 255 1 1500

IX. Implementing non-equal-cost load balancing of service traffic to the Internet on R5

Check the topology table and find that there is only one successor and no feasible successor is found, which means that either only one path is received or there are other paths but they do not meet the feasible conditions;

 R5#show ip eigrp topology 
 
 P 0.0.0.0/0, 1 successors, FD is 196608000
         via 10.1.35.3 (196608000/131072000), Ethernet0/1

View the topology table details:

 R5#show ip eigrp topology detail-links 
 
 P 0.0.0.0/0, 1 successors, FD is 196608000, serno 83
         via 10.1.35.3 (196608000/131072000), Ethernet0/1
         via 10.1.45.4 (1800711958/1735175958), Ethernet0/2

The metric of the default route received from R4 is 1735175958, which is much larger than the current feasible distance of 196608000.

To perform non-equal-cost load balancing, a feasible successor is essential. By increasing the metric value for the relevant prefix received from R5 through the offset list, the default prefix received from R4 can meet the feasibility condition, thus making R4 a feasible successor.

1735175958 - 196608000 = 1538567958 We increase the metric for the prefix received from R3 by a little more than 1538567958.

R5:

 access-list 5 permit 0.0.0.0 
 
 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 topology base
    offset-list 5 in 1538570000 Ethernet0/1

verify:

 R5#show ip eigrp topology 
 
 P 0.0.0.0/0, 1 successors, FD is 1735178000
         via 10.1.35.3 (1735178000/1669642000), Ethernet0/1
         via 10.1.45.4 (1800711958/1735175958), Ethernet0/2

Now, we calculate the non-equal-cost load balancing variant based on the advertised distance and the current feasible distance:

Feasible distance on the feasible successor path / current feasible distance and round up

 1800711958 / 1735178000 = 2  

R5:

 router eigrp QYT
  address-family ipv4 unicast autonomous-system 666
 topology base
 variance 2

verify:

 R5#show ip route eigrp | begin Gateway
 Gateway of last resort is 10.1.45.4 to network 0.0.0.0 
 
 D*EX 0.0.0.0/0 [170/14068062] via 10.1.45.4, 00:00:54, Ethernet0/2
                              [170/13556078] via 10.1.35.3, 00:00:54, Ethernet0/1

Summary: This is a practical case study specifically examining the application of EIGRP. I hope it will be helpful to everyone and we can discuss and learn together.