151 IPExpert EIGRP Neighbor Formation and ntenance

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] we are now going to take a look at each european neighbor formation and maintenance it's a quick reminder we remember that EAP supports automatic discovery of neighbors using periodic hellos we can also configure manual discovery using neighbor statements and also we can prevent the neighbors from forming now to examine how the neighbor ship works and how its formed in EIGRP I think the best approach is to actually take a look at it from a practical perspective so I'm just going to be talking about it I'm going to be doing it and I'm going to show you how the neighbors are formed to do that effectively I'm going to need a test network and I'm going to start by building very very simple test Network I'm going to start with just two devices I'm going to start with routers r1 and r2 that are going to be directly connected and this direct connection between them is going to be on the network 192 168 123 0/24 I will have dot two on this side dot one on this side and in both cases this is simply going to be gigabit interface 1 on both sides so what I want to do here is one more thing I'm going to add loopback interfaces to my r1 and r2 just so I can have some route down the road to exchange and all of my loopback interfaces that I will be using in these examples are going to be in the following format so it's going to be 102 168 0 X / 24 where X is simply a router number so 2 in this case or 1 in this case here next thing that I'm going to do here is I'm simply going to enable aig RP in let's say is 100 so we are going to be configuring eher pas 100 and to make things a little bit more fun I'm going to configure our one using the old numbered method and I'm going to configure my r2 using the new or named method of configuring the ARP so let's head to our terminal and configure this to begin with so here I am on my r1 but before I start configuring anything I need to make sure that my connection between r1 and r2 is operational the best place to start verifying this is to run show IP route connected which IP route connected what I'm looking for here is the connected route for the subnet that I will be using 192 168 1 23 0 and I can see I do have it connected on gigabit interface 1 I can repeat the same command on r2 and I'm looking for pretty much the same output I'm just going to be pinging between them so ping 192 168 1 23 - and what I'm looking for here are the responses so I want to be able to ping between these two routers and let's ping from r2 to r1 because the last thing that you want to do is when you start configuring your routing protocols and start verifying them or troubleshooting them the last thing that you want to be dealing with is an underlying layer 2 problem so I have my layer 2 pre-configured here I want to focus just on ERP configuration so let's go back to r1 and the first thing that I'm going to do here is I'm going to type router eh RP 100 so I'm going to go into AI GRP mode now depending on the version of the iOS that you are going to be using a certain EA GRP feature called Auto summarization that summarizes the advertised networks on classful network boundaries may be enabled or may be disabled starting with iOS 15 that is actually turned off and I am using version of iris here that is slightly newer than iOS 15 but nevertheless it's a good idea that unless you actually want to use this feature it's a good idea to turn it off the next thing that I'm going to do is I'm to configure the network statement for the network that I will be using to interconnect between r1 and r2 now I can press ENTER here because remember the network's taken in Eid RP can be either classful or classless this doesn't affect how these routes will actually be advertised in EIGRP just which interfaces are going to be enabled for EIG RP since 192 168 subnets are class fold / 24 sublet I don't really need to enter wildcard bits so I'm just going to be using Network statement like this here but I also want to advertise my loopback and let's say that in a case of a loopback I want to make sure that I'm advertising only a particular IP address associated with my own loopback so in this case I am going to be using the wildcard mask so right now what I do have is on r1 I do have a EIGRP turned on then enabled I have not done anything on r2 yet but at this moment my r1 is already sending hellos let's take a look at them what I want to do now is I want to go to my Wireshark here and I'm going to start capturing just ERG RP packets the time might be receiving and I'm going to start capturing traffic that comes on interface between 1 & 2 routers 1 & 2 and here it is here is my hello so let's dig a little bit deeper into this packet now the first thing that we can see here is that this packet was sent from the source IP address of an interface of our r1 and we can see that the destination is 2 - 4 0 0 10 this is exactly what we expected to see but one thing further that I would like to show you is the protocol header so this is the IP protocol that we are looking at and we can see that ERP is using a specific protocol number protocol 88 let's take a look at what's in the actual hello packet and as we can see here the packets are still arriving there send every five seconds but you're just focusing on one of them now the important thing to see here is that this identifies opcode identifies that we are dealing with the hello packets there are multiple ERP packets as we are going to see later on but this identifies that we are dealing with the hello packet now in many of these fields here we don't really care what it says but important information is the autonomous system number the autonomous system number is Kelly carried in hello messages and if the autonomous system number doesn't match on two sides we are not going to have a successful neighbor ship form now furthermore here in the parameters field and another couple of things are very important the first thing that we are going to notice is that the K values the constant modifiers for the metric calculation are going to be communicated and traditionally only K values from one to five have been used K six is a relatively recent addition to the iOS and to the EIGRP but with the K values here we can see the default values of K 1 and K 3 set to 1 are being carried and all other K values are set to 0 again I'm going to talk in greater detail about the K values a little bit later on and last but not the least what we are seeing here is that the whole down timer the whole timer is being communicated so the neighbor is telling us how long we should wait before we declare him as dead I'm going to talk about even this a little bit more later on when we start modifying these values and examine them so now we can see that there is this yellow packet that has been communicated but obviously we don't have any neighbors formed because I have not done any communication any configuration on our two side so let's head to r2 and configure our to you of course remember that I said that I will be configuring our two using the new configuration mode the named configuration mode so let's start doing that so on our the first thing that I'm going to do is I'm going to enable router ei GRP let's call it Cisco for example so this now puts me in the main configuration mode then I'm going to go under the address family ipv4 and I'm going to specify that I will be using the autonomous system number 100 this is exactly what I want to do the next thing that I'm going to do here is I'm simply going to say network 102 168 123 0 and that's in this case specified the wildcard mask and I'm going to say network and before I proceed actually to advertise the loopback we can almost immediately see that our neighbor ship has already been formed so we can see here that the numbered configuration and the named configuration that we had before can perfectly coexist fine so they are not mutually exclusive this is a local to the router the configuration mode it's not something that is communicated in the hello messages or anything so we can see that our neighbor ship has been successfully formed but let's advertise our loopback here so I'm just going to say network 1 2 2 1 6800 and actually 0 2 and I'm going to make sure that I'm advertising the correct loopback or I should say that I am going to be enabling only this particular IP address only the interface with this particular IP address for AI GRP so at this point we should have our neighbors formed but before we take a look at the neighbors let's get back to the Wireshark very quickly to see if we can see any differences between hello packets sent by r1 and r2 I should say that I expect to see zero differences here but let's take a look so here is the one of the hello packets that has been sent or that is being sent by r2 what we can see here are the parameters that we are expecting to see her that we have examined just before so let's take a look at one of the packets that were sent by r2 so here it is and if I quickly switch so I'm going to switch now between two packets I'm going to switch to one and two we can see that nothing changes in the output below so this is fairly good indicator that these packets are carrying pretty much the same information here obviously we are going to see the change in the source and destination MAC address and we are going to see the change in the source IP address but the contents of the hello packets are the same so this is important thing there are certain parameters that need to match before the neighbors can form these parameters are K values the autonomous system and the authentication settings we have not configured any authentication yet in this configuration we see that our hello packets are the same we see the log message above telling us that the neighbor ship has formed so let's use now iOS to tell us a little bit more about this relationship so I'm going to head back to our one for no particular reason and I'm going to run one of the very very fundamental verification commands show IP EA GRP interfaces now show IP IG IP interfaces is a very very useful command the first thing that it's going to tell me is all EA GRP processes that I might be running on this router are going to be identified with their own AAS number so if I have multiple ERP processes I'm going to see this output pretty much repeated here for all the other processes of this output here is going to be repeated the next thing that is very important in this output is the list of interfaces that are enabled for this particular AI GRP process the next important information and this is fundamental is this column here I can see on which interface how many neighbors how many peers I am seeing so here on gigabit interface one we are seeing one peer and that's exactly what we expected to see because you remember we have our one connected to our two so we are expecting to see on this interface on gigabit one on our one we are expecting to see our two and we are going to pretty much expect to see the same output of this command on our two the rest of information here is really not that important at this stage of verification but another output another little more detailed output of show IPR GRP interfaces might be something that you need to remember so I'm going to say show IP EIGRP interfaces gigabit one or actually I should say show IP EIGRP interfaces detail gigabit one so with this output here I'm going to get the summarized information that I have already seen so this output I have already seen for this gigabit interface but this output here gives me a lot more detail about how this interface is configured for AI GRP most importantly it is going to tell me what is the hello interval that is configured on this interface and it's going to tell me what is the hold down time configured on this particular interface now keep in mind that this hold down time here is not the time that we have received from the neighbor this is our own local setting this is what we are going to be sending in our own hellos and that the neighbors are going to be using when they're maintaining their relationship with us and the rest of the output as I say is not so important at this stage but the important output is this thing at the end here that says that authentication mode is not set so indicate that your troubleshooting relationship with EI GRP these are the things that you need to look at do you have any peers what is the setting of hello and the whole timer and also what is the authentication mode that has been configured on the interface several times so far I'm the whole timer and that the local is it's not locally significant but it's actually communicated in hello messages which is something that we have seen in the hello messages themselves so let me elaborate on that a little bit so when we have two neighbors that are directly connected just like in it in the case of our r1 and r2 what we are going to have is locally configured hello time that may or may not be the same on two sides now each of these routers is in these hello intervals whatever they are they're going to be sending independently of each other they're going to be sending hellos but in these hellos here they're going to include information after how long time of not hearing from that router should the other router declare it as unreachable so let's say for example that our one here was setting dead time or the hold time to 15 seconds now this information will be communicated in each and every one of these hello messages which means that our two here is going to be using this information received in hello messages to determine whether our one is alive or not alive on this segment if our two does not receive any hello messages from our one in fifteen seconds our two is going to declare this relationship as broken as non-operational but for example at the same time on the same link we could have our two here saying that you know what use the whole timer of 20 seconds so this information will be included in every single hello message here which means that our one here is going to be using this information here to determine whether our two is reachable or not so in this case here are two main declare our one is unreachable after 15 seconds of Unruh bility of fifteen minutes since receipt of the last Hello message but our one may need to wait five more seconds after our two has declared this neighbor ship is dead before it declares it as dead so let's see this in action let's see how this thing may play out in the configuration there's an exercise let's first change our hello and hold intervals on both r1 and r2 so let's for example cept hello interval to be say four seconds and let's say that our hold interval now is going to be twelve seconds there's no particular reason why I have chosen these particular numbers other than it's not the default in their low enough to be useful so that we can actually see some of this behavior so let's first do it on r1 now remember r1 is configured using the traditional number DHCP configuration mode and we can see that configuration if you take a look at the router ERP process if you want to modify the hello or the the whole intervals for this router we would have to do it on the interface itself so I'm going to go to my interface gigabit one and I'm going to say IP hello interval and here I have to specify the process number ERP 100 and I'm going to specify what is going to be the interval between my hellos so my hello interval is going to be 4 seconds then I'm going to say IP whole time ei GRP 100 and I'm going to set this to be 12 seconds so if I take a look at my interface show interface gigabit to 1 sorry show interface detail gigabit 1 show IP e IG RP interface detail gigabit 1 here I can see what is my configured hello interval and I can see what is Mike figured hold time and I can see that my locally configured hold time there is displayed on the other hand if I go to r2 and if I do show IP be a GOP neighbors and if I do show IP a GOP neighbor detail if I take a look at any of these any of these outputs I'm not going to be able to see what is r1 telling me the only way that I can figure out what is the yellow interval is if I repeat this command multiple times and kind of try to guess based on the current hold value here and I can see here that the maximum value that I have observed was something around 10 seconds or if I'm really really quick it's going to be 11 seconds so this tell me that my hold interval configured on the neighbor here is either 11 seconds or 12 seconds it's not much above that so there is no really show command that will show me what is the neighbors configured hold interval this is something that I have to deduce that I have to actually guess now let's do the same thing on our - now remember r2 is configured using more modern named configuration mode and here it's configured differently so what I'm going to do here is I'm going to go into router ei GRP Cisco so I'm going into the mine named configuration I'm going to say address family ipv4 and autonomous system 100 so this is what I'm configured configuring and I'm going to say AF interface gigabit 1 and here I'm going to say hello interval 4 seconds and I'm going to say hold time 12 seconds now remember with this new configuration mode with the AF interface I could have easily said default here and this would apply to all the interfaces but I'm just focusing myself on a same the interface right now so if I do show IP e IG RP interface detail gigabit 1 I can see now that my configuration has been applied I can see that the hello interval is 4 seconds and the whole time is actually 12 seconds let's break this a little bit I'm now going to do something that you should never try in real life and that quite frankly the edge RP shouldn't allow me to do what I'm going to do next is I'm going to configure the hold interval the whole time to be actually lower than the hello time on my r1 so I'm going to go to r1 here and I'm already in the interface configuration mode and I already know that my whole time has been configured as 12 seconds and I know that my hello interval has been configured as 4 seconds so what I'm going to do now is I'm going to configure my hello interval to be 24 seconds so 2 times the whole time so if I take a look at this output take a look this is quite frankly nonsense this is a broken configuration but what I'm trying to do now is to cause exactly this I want to show you how this is going to play out so what is now going to be happening is the neighbors are obviously going to disengage we are going to have a problem and then the neighbors are going to reestablish because there is nothing wrong with sending hello messages except that they are arriving too slowly but slowly for whom who is making this decision that test needs to break well the key point or the cue there is in this log message we can see here peer termination received it is r2 who is actually making this decision and if we take a look at r2 we can see here information that the holding time has expired why did the whole time expire well let's see what is happening what is happening here is that our one is sending hello and it is saying in this hello if you don't hear from me in the next 12 seconds declare me as dead and then the next hello is do 24 seconds after this first hello here has been sent about halfway through there what's going to happen r2 is going to say hey look 12 seconds have elapsed but I have not heard from you so I'm going to send you the termination your whole timer has expired and r1 now says oh okay so we have we need to terminate our relationship so the relationship terminates here but you know what I'm going to send you another hello saying hi I'm here and the neighbor ship reestablishes itself and this repeats forever and ever and we can see that that it is repeating forever and ever because we have very very unstable ERP right now so let's fix it so what I'm going to do now I'm just going to return my hello interval back to four seconds which is going to improve things somewhat I would now like to expand our network just a little bit so remember we have at this moment we have r1 and r2 what I would like to add is r3 on the exact same network segment that r1 and r2 are already connected so what I'm going to do now is I'm going to configure our three here and it's going to have IP address dot three and it's also going to be gigabit interface one so this is gigabit one this is gigabit one and remember the IP addressing scheme is 100 to 168 123 0/24 dot one here dot two here and dot three on r3 so what I want to do now is I want to add our three to this mix and I'm going to also be using named configuration there because I tend to like this new named configuration I'm going to be using the named configuration here I'm going to add our three and I'm going to modify all the timers just as they are right now in our network on r1 and r2 just like before before I do anything I'm going to make sure that our three can actually communicate with any other devices so I'm going to say well let's first to show I throughout connected and seeing here that I have 123 Network configured so I'm going to say ping one and two 168 123 one there's going to be arf wait and let's ping - we are waiting for ARP and there we have the response so let's configure our AI GRP so I'm going to say router AI GRP Cisco address family ipv4 a unicast autonomous system 100 I'm going to say here now F interface default so what I want to do here for all the interfaces I want to declare them as passive so I'm declaring all the interfaces as passive by default so I don't want to send hellos on any interfaces unless I explicitly enable them then the next thing I'm going to say here is I'm going to say that my hello interval for all the interfaces is 4 seconds and that my whole time is 12 seconds for all the interfaces now I want my AF interface gigabit 1 to be not passive so I'm going to do no passive interface under that configuration mode and then I'm going to say network 102 168 123 0 and I'm going to enable this on my loopback as well so now I can see already that I do have two neighbors that have formed the relationship I already have that log message but before we proceed with this example with this third router that I have added let's see how this configuration looks so I'm just going to say show run section router ei GRP and what I'm seeing here is what I just configured I can see that for all the interfaces by default all the all the interfaces in this particular address family I can see that my hello timer has been configured the whole time has been configured and that they are all passive but this more specific definition here for gigabit one actually takes precedence so no passive interface takes precedence but what about hello interval and the whole down timer what happens in this case since I have configured this will this interface gigabit one be using the configuration from the default or what this interface be using the default predefined configurations let's find out I'm going to say show IP eag ARP interface detail one gigabit one and I can see actually that as I expected the information from the AF interface default has been taken over by our more specific interface definition so I can see here that the hello interval is actually four seconds and the hold-down time or the whole timer is 12 seconds as the last example I want to add one more device to my network and this is going to be r4 and r4 will be connected directly to r1 and in this case I will be using gigabit interfaces - for this network and the network that I will be using here will be 192 168 14 0/24 and I want dot one here and dot 4 on this side but what I want to do in this particular configuration I don't want to send my multicast discovery packets what I want to do here is I want to send unicast hellos so let's get to our configuration and configure this now as in previous examples are for here we'll be using the main configuration mode and our one remember is using the traditional numbered configuration mode for ERP so I will show you how this is configured in both cases just as before before I start doing any configuration on R 1 or R 4 I'm going to make sure that I actually do have an operational connectivity between them so on our one I'm going to say show IP route connected and what I'm looking for here is that I actually do have the connected route in my routing table and I seem to have it and on our for show IP route connecting I can see my 192 168 14 0/24 in the routing table so let's try to ping across and from our 4 I can paint our 1 and let's try to ping from r1 to r4 and I seem to have the connectivity there now before I proceed and configure eh ERP here to send only unicast hellos between these two neighbors I'm going to head over to my Wireshark and I'm going to start capturing here on my Ethernet to interface and I'm interested only in getting AI GRP packets so I want to capture these hello so I want to see how these packets look like and I want to confirm the time indeed sending only unicast hellos so I'm going to start with our 1 and remember our 1 is the one that is configured using the traditional configuration mode so I'm going to go here and say router ear GRP 100 and I'm going to say neighbor wanted to 168 14 for now if I press ENTER here it's going to give me an information that this is an incomplete command why is it an incomplete command because I need to tell it on which interface am i configuring this neighbor and in my case this is going to be a gigabit - now did this help am I getting any hello messages here I don't seem to be getting anything here I'm not getting anything because I still need to make this interface operational in ERP so it's not enough to just say okay I'm going to have that particular neighbor active and I'm going to be sending unicast hellos to that neighbor but I also need to use the network statement so I'm going to say network 192 168 14-0 actually let's do it this way so I want to activate only this one IP address here so right now if I go back to my Wireshark I can see that my hellos are already being sent and I can see here based on the destination IP address which is 102 168 14 for I can see that they are indeed unicast I can confirm that even if I take a look here at my destination MAC address so going back to our for I want to configure our for for pretty much the same thing but I want to figure it using the new named configuration mode so I'm going to repeat what I have been doing all day long so router ei GRP going to say a name Cisco address family ipv4 a unicast autonomous system 100 and here I'm going to say for example neighbor 102 168 14 1 gigabit - I'm going to say network 1 let's do one 6814 0 255 like so and I want to activate my loopback as well and I can already see that I have new adjacency up and running so let's get back to our Wireshark here and let's see what kind of hellos are being sent I'm getting a lot of traffic here so what I'm going to say here is I want to specify the particular source IP address so just the hello sent by our four in this case and I can see that even they are actually sent let me expand this a little bit so we can see here that even they are sent as unicast we can see that the source is 100 to 160 at 14 4 and we can see that the destination is the unicast one so you can see that the configuration in the named and the numbered configuration mode for EIG RP for static neighbors for configuring unicast hellos between our neighbors is pretty much the same while we are added while we are configuring all these adjacencies let's do some authentication as well and to do authentication I'm going to use the app the simplest setup that I have so I'm going to configure it between r1 and r4 and the authentication requirements are going to be that I'm going to be using perpetual ki and let's say that the password is going to be Cisco and I want to use key identifier number one and I will simply configure r1 and r4 to use this authentication method so let's go ahead and do it so I'm going to start with r1 and remember we are starting by defining keychain so one can call it whatever I want to call it so let's call it my chain I'm going to define key number one I'm going to say key string Cisco here so if I do show keychain I can see here that the key number one with text Cisco as the key string so here text information is actually what I entered as my key string and I can see that except lifetime and send lifetime are always valid and it also tells me here in the output that these keys are valid right now so I should define the key now let's go ahead and configure this on an interface so I have to go to the interface facing my are four which is gigabit two and here I'm going to say IP authentication mode II I GRP 100 md5 so I'm going to enable the authentication md5 here and I can see that my neighbor immediately went down because it is not responding to the authentication but here I'm going to say IP authentication keychain and I'm going to specify the name Oh actually I have to say AIG RP 100 and here I'm going to specify the name of my keychain which is my chain so if I do take a look at the configuration of my gigabit - I can see that my authentication mode and my keychain have been configured yeah let's do same thing on our 4 so I'm going to say keychain and let's call it somehow else here let's call it e IG RP chain here I'm going to define key number one key string key string 0 Cisco so here I'm explicitly telling it that whatever follows is going to be unencrypted but you know what I actually don't like having unencrypted passwords so I'm going to enable password encryption so if I do show run section keychain what I'm going to be seeing now is type 7 encrypted password here but if I do show keychain what I'm going to see here is decoded key so even though this is here showing me the encrypted password if I do show keychain command I'm going to see unencrypted password shown it's very very useful thing I'll show you how much security you have with type 7 passwords but it is what it is and here I can again see what is the except lifetime in the send lifetime of this particular key and I can see that this key is actually valid right now so let's go ahead and configure our authentication so I'm going to go to router elj up in Cisco address family ipv4 unicast autonomous system 100 you know what I want to use this key chain on all of my interfaces so here I'm going to say af interface default and I'm going to say the authentication mode md5 authentication key chain and I'm going to use whatever name of keychain that was so yeah ARP keychain so I have now configured and as I can see my neighbor ship immediately came up if I take a look at my ear GRP configuration here this is how AIG RP authentication configuration looks for the main configuration if you ask me this is much much more scalable than what we had before cisco introduced named configurations
Info
Channel: CCIEORDIE.COM
Views: 504
Rating: undefined out of 5
Keywords:
Id: xKHVyxxTT_0
Channel Id: undefined
Length: 40min 52sec (2452 seconds)
Published: Thu Feb 08 2018
Related Videos
IxNetwork TrueViewConvergence - failover and convergence measurement
Ixia Training TV
648
VLaunch ( Vpad ) Website is live !!!
In Good Fortune
145 IPExpert Multiple Spanning Tree MST
CCIEORDIE.COM
8.3K
144 IPExpert Rapid And Rapid Per VLAN Spanning Tree Converge
CCIEORDIE.COM
1K
83 IPExpert Supplemental Strategy Part 1
CCIEORDIE.COM
861
CCIE Topic: 1.3f EIGRP Optimization, Convergence and Scalability
Charles Judd
942
137 IPExpert Advance Spanning Tree Features PortFast
CCIEORDIE.COM
794
136 IPExpert Advance Spanning Tree Features BackboneFast
CCIEORDIE.COM
1.2K
16. Configuring EIGRP Hello Hold Timers
System Engineer
1.4K
115 IPExpert MPLS Troubleshooting L3VPN Examples
CCIEORDIE.COM
7.9K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.