Solution to Lab Challenge EIGRP

A bit late cause it took me more time then I thought it would but here we go with the first solution “guide”.

Please take into consideration that there are most of the time different ways to solve a task and some I did even not think about. I gonna show you the solutions I had in mind. If you think you got another or even better solution to a task, please feel free to comment about it or send me an e-mail.

lab_challenge_eigrp

Update 31.12.2008: I found an error in the configuration which did not allow R1 to ping R2’s Interfaces and vice versa, this is solved now by adding an additional frame-relay map statement on both interfaces. The configurations are now updated accordingly.

Unicast Neighborship

Task: Configure unicast neighborships between: R3 <-> R4 and R3<->R5. R4 and R5 should not form a neighborship. R4 and R5 should still have each others loopback interface in their routing table.

I updated this task a bit here and on the Lab itself since I wanted to have split-horizon disabled on R3s interface which I forgot to mention in the first version.

This is the configuration snippet for that Task:

R3:
interface FastEthernet0/1
ip address 116.1.54.3 255.255.255.0
no ip split-horizon eigrp 100
duplex auto
speed auto

router eigrp 100
network 0.0.0.0
no auto-summary
neighbor 116.1.54.4 FastEthernet0/1
neighbor 116.1.54.5 FastEthernet0/1

R4:
router eigrp 100
network 0.0.0.0
no auto-summary
neighbor 116.1.54.3 FastEthernet0/0

R5:
router eigrp 100
network 0.0.0.0
no auto-summary
neighbor 116.1.54.3 FastEthernet0/0

Its nothing special just use the neighbor command under the router eigrp and EIGRP is going to change the neighborship to those routers from multicast to unicast and will not automatically form an adjacency with all routers on the segment. The only thing here is that you have to disable split-horizon on R3s fa0/1, due to split-horizon rules R4 would never receive R5s loopback and vice-versa. Even though with the default route later on R4 would reach R5s loopback, the task states that both routers have to have each others loopback address in their routing table.

The following show commands show, that both R4 and R5 only have a neighborship to R3:

R3#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
4   116.1.123.1             Se1/0            152 00:02:13 1213  5000  0  19
3   116.1.123.2             Se1/0            162 00:02:13   13   200  0  7
2   116.1.13.1              Fa0/0             11 00:04:41   75   450  0  20
1   116.1.54.4              Fa0/1             11 00:04:41   83   498  0  10
0   116.1.54.5              Fa0/1             10 00:04:42   98   588  0  10

R4#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   116.1.54.3              Fa0/0             13 00:03:50  368  2208  0  36

R5#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   116.1.54.3              Fa0/0             12 00:04:19  691  4146  0  36

As you can see, both R4 and R5 have each others loopback address over R3 in their routing table:

R4#sh ip route 99.99.5.0
Routing entry for 99.99.5.0/24
  Known via "eigrp 100", distance 90, metric 158720, type internal
  Redistributing via eigrp 100
  Last update from 116.1.54.3 on FastEthernet0/0, 00:05:33 ago
  Routing Descriptor Blocks:
  * 116.1.54.3, from 116.1.54.3, 00:05:33 ago, via FastEthernet0/0
      Route metric is 158720, traffic share count is 1
      Total delay is 5200 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

R5#sh ip route 99.99.4.0
Routing entry for 99.99.4.0/24
  Known via "eigrp 100", distance 90, metric 158720, type internal
  Redistributing via eigrp 100
  Last update from 116.1.54.3 on FastEthernet0/0, 00:05:11 ago
  Routing Descriptor Blocks:
  * 116.1.54.3, from 116.1.54.3, 00:05:11 ago, via FastEthernet0/0
      Route metric is 158720, traffic share count is 1
      Total delay is 5200 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

Additionally the command show ip eigrp interface detail shows that R3 now uses unicast for that interface:

<pre>R3#sh ip eigrp interfaces detail fastEthernet 0/1
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Fa0/1              2        0/0        64       0/1          258           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/0  Un/reliable ucasts: 10/28
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 2
  Retransmissions sent: 0  Out-of-sequence rcvd: 2
  Authentication mode is not set
  Use unicast

Default Routing

Task: Configure Default Routing on R2, use an ip summary-address and assure that all routers in the domain have the default route to R2. Also be sure that every router still has R2s loopback 0 address in its routing table.

Well that task is a bit of (how we call it) feature fu**ing but I thought it might be a good idea to provide the command to use (ip summar-address) and let you find your way through the Cisco documentation. There you’ll find the keyword leak-map which just doing what I wanted with that task. Leaking one or more more specific routes from a summary into the routing. Without the leak-map R2 will only propagate the default route. So what has to be done is:

R2
interface Serial1/0
 ip address 116.1.123.2 255.255.255.0
 encapsulation frame-relay
 ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5 leak-map LEAK
 serial restart-delay 0
 frame-relay map ip 116.1.123.3 203 broadcast
 frame-relay map ip 116.1.123.1 203
 no frame-relay inverse-arp
!
ip prefix-list R2-Lo0 seq 5 permit 99.99.2.0/24
!
route-map LEAK permit 10
 match ip address prefix-list R2-Lo0

R2 will now begin to advertise a default route to itself and will still advertise its own Loopback address. All Routers do have now a default route to R2 and a more specific route to R2’s loopback:

R1#sh ip route eigrp
     116.0.0.0/24 is subnetted, 3 subnets
D       116.1.54.0 [90/30720] via 116.1.13.3, 00:00:15, FastEthernet0/0
     99.0.0.0/24 is subnetted, 5 subnets
D       99.99.2.0 [90/2300416] via 116.1.13.3, 00:00:15, FastEthernet0/0
D       99.99.3.0 [90/156160] via 116.1.13.3, 00:00:15, FastEthernet0/0
D       99.99.4.0 [90/158720] via 116.1.13.3, 00:00:15, FastEthernet0/0
D       99.99.5.0 [90/158720] via 116.1.13.3, 00:00:15, FastEthernet0/0
D*   0.0.0.0/0 [90/2300416] via 116.1.13.3, 00:00:15, FastEthernet0/0

R3#sh ip route eigrp
     99.0.0.0/24 is subnetted, 5 subnets
D       99.99.1.0 [90/156160] via 116.1.13.1, 00:00:39, FastEthernet0/0
D       99.99.2.0 [90/2297856] via 116.1.123.2, 00:00:39, Serial1/0
D       99.99.4.0 [90/156160] via 116.1.54.4, 00:00:39, FastEthernet0/1
D       99.99.5.0 [90/156160] via 116.1.54.5, 00:00:39, FastEthernet0/1
D*   0.0.0.0/0 [90/2297856] via 116.1.123.2, 00:00:39, Serial1/0

R4#sh ip route eigrp
     116.0.0.0/24 is subnetted, 3 subnets
D       116.1.123.0 [90/2172416] via 116.1.54.3, 00:02:24, FastEthernet0/0
D       116.1.13.0 [90/30720] via 116.1.54.3, 00:03:22, FastEthernet0/0
     99.0.0.0/24 is subnetted, 5 subnets
D       99.99.1.0 [90/158720] via 116.1.54.3, 00:03:20, FastEthernet0/0
D       99.99.2.0 [90/2300416] via 116.1.54.3, 00:00:59, FastEthernet0/0
D       99.99.3.0 [90/156160] via 116.1.54.3, 00:03:22, FastEthernet0/0
D       99.99.5.0 [90/158720] via 116.1.54.3, 00:03:22, FastEthernet0/0
D*   0.0.0.0/0 [90/2300416] via 116.1.54.3, 00:00:59, FastEthernet0/0

R5#sh ip route eigrp
     116.0.0.0/24 is subnetted, 3 subnets
D       116.1.123.0 [90/2172416] via 116.1.54.3, 00:02:41, FastEthernet0/0
D       116.1.13.0 [90/30720] via 116.1.54.3, 00:03:38, FastEthernet0/0
     99.0.0.0/24 is subnetted, 5 subnets
D       99.99.1.0 [90/158720] via 116.1.54.3, 00:03:36, FastEthernet0/0
D       99.99.2.0 [90/2300416] via 116.1.54.3, 00:01:16, FastEthernet0/0
D       99.99.3.0 [90/156160] via 116.1.54.3, 00:03:38, FastEthernet0/0
D       99.99.4.0 [90/158720] via 116.1.54.3, 00:03:38, FastEthernet0/0
D*   0.0.0.0/0 [90/2300416] via 116.1.54.3, 00:01:16, FastEthernet0/0

Load Sharing

Task: Configure R1 so that it uses a 3:1 load sharing for R2s loopback network 99.99.2.0/24 over its two interfaces to R3. Do not use the bandwidth command.

The load sharing value of 1:3 got changed to 3:1 which fits the actual load sharing of the links better.

As you pretty sure know EIGRP can use 4 values to calculate its metric but per default it only uses 2, bandwidth and delay. Since there is quite a good chance that a QoS configuration might use the bandwidth configuration it does make more sense to change the delay instead of the bandwidth.

The way I usually use to get to an exact load sharing ( in this case 3:1) is to take the better paths metric and multiply it by 3.

R1# sh ip route 99.99.2.0
Routing entry for 99.99.2.0/24
  Known via "eigrp 100", distance 90, metric 2300416, type internal
  Redistributing via eigrp 100
  Last update from 116.1.123.3 on Serial1/0, 00:04:44 ago
  Routing Descriptor Blocks:
    116.1.13.3, from 116.1.13.3, 00:04:44 ago, via FastEthernet0/0
      Route metric is 2300416, traffic share count is 3
      Total delay is 25100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

The metric over the Ethernet path is 2300416 so to multilied by 3 I get a target metric of 6901248. If we get the second path to that metric, R1 will have an exact 3:1 load sharing.

The formula for EIGRPs metric calculation is:

metric = [k1 * bandwidth + (k2 * bandwidth)/(256 – load) + k3 * delay]*256

while the default definition for the K values is:

tos: 0
k1: 1
k2: 0
k3: 1
k4: 0
k5: 0

K4 and K5 are not used as long as the K5 is set to 0.
So since 0 divided by something (256 – load) still gives 0 we can cut that part and have the following equation (with numbers now):

[1*bandwidth + 1*delay]*256

Bandwith is calculated with this formula:

(10^7/Bandwidth in kbps)

While the delay is used in of 10 microseconds. The range of delay is from 10 microseconds to 168 seconds. A delay of all ones indicates that the network is unreachable. The total sum of the delay for a given path is used within the equation. With the command show interface you’ll see the default delay value for each interface.

Take care the output shows the delay in microseconds while the formula uses 10 of microseconds!

Within my GNS3 environment the smalles bandwidth link (R1 <-> R3 and R2 <->R2 are the same) has a value of 1544 kbps. Calculating the Bandwidth results in a value of:

10^7/1544 = 6476 (I’ve cut the numbers after the comma)

So we got the bandwidth value we do not want to change but need for the calculation. Now we need to calculate the total delay for the worse path:

Based on our Target metric of 6901248 we can use a “reverse” calculation to get the needed delay:

[ 6476 + x]*256 = 6901248

6476 + x = 6901248/256

x = [6901248/256] – 6476

so our target total delay is 20482. I only want to specify one different delay on one interface (R1s se1/0) so we can subtract R2s Lo0 (500) and R3s se1/0 (2000):

x = 20482 – (500 + 2000)

And then we got the delay of 17982 which needs to be configured on R1s se1/0 to get a 3:1 load sharing. Hope its somehow clear 🙂

And heres the config for that task:

R3
interface FastEthernet0/0
 ip address 116.1.13.3 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 116.1.123.3 255.255.255.0
 encapsulation frame-relay
 no ip split-horizon eigrp 100
 serial restart-delay 0
 frame-relay map ip 116.1.123.1 301 broadcast
 frame-relay map ip 116.1.123.2 302 broadcast
 no frame-relay inverse-arp
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
 neighbor 116.1.54.4 FastEthernet0/1
 neighbor 116.1.54.5 FastEthernet0/1

R1
interface FastEthernet0/0
 ip address 116.1.13.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 116.1.123.1 255.255.255.0
 encapsulation frame-relay
 delay 17982
 serial restart-delay 0
 frame-relay map ip 116.1.123.3 103 broadcast
 frame-relay map ip 116.1.123.2 103
 no frame-relay inverse-arp
!
router eigrp 100
 variance 3
 network 0.0.0.0
 no auto-summary

First to get R3 to advertise R2s lo0 over its serial interface to R1 the split-horizon rule has to be disabled on the interface, otherwise R1 will never see two routes to R2.
Second the variance command has to be used on R1s EIGRP configuration to force EIGRP to use unequal paths with a metric three times higher then the best route.
The last output shows that R1 is using a 3:1 load sharing for its two routes to R2s lo0.

R1# sh ip route 99.99.2.0
Routing entry for 99.99.2.0/24
  Known via "eigrp 100", distance 90, metric 2300416, type internal
  Redistributing via eigrp 100
  Last update from 116.1.123.3 on Serial1/0, 00:04:44 ago
  Routing Descriptor Blocks:
    116.1.123.3, from 116.1.123.3, 00:04:44 ago, via Serial1/0
      Route metric is 6901248, traffic share count is 1
      Total delay is 204820 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2
  * 116.1.13.3, from 116.1.13.3, 00:04:44 ago, via FastEthernet0/0
      Route metric is 2300416, traffic share count is 3
      Total delay is 25100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

Authentication

Task: Configure an adjacency authentication between R1 and R3 on their Ethernet connection.

Adjacency authentication for EIGRP uses key-chains to define the key and the ip authentication command at the interface level.

R1:
key chain To-R3
 key 1
   key-string cisco
!
interface FastEthernet0/0
 ip address 116.1.13.1 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 To-R3

R3:
key chain To-R1
 key 1
   key-string cisco
!
interface FastEthernet0/0
 ip address 116.1.13.3 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 To-R1

To check if your adjacencies are up and authenticated you can use the show ip eigrp neighbors and show ip eigrp interface detail commands.

R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   116.1.13.3              Fa0/0             13 00:00:34 1029  5000  0  50
1   116.1.123.3             Se1/0            179 00:26:25  891  5000  0  49

R1#sh ip eigrp interfaces detail fastEthernet 0/0
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Fa0/0              1        0/0      1029       0/1         6392           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/8  Un/reliable ucasts: 11/10
  Mcast exceptions: 3  CR packets: 3  ACKs suppressed: 2
  Retransmissions sent: 2  Out-of-sequence rcvd: 1
  Authentication mode is md5,  key-chain is "To-R3"
  Use multicast

R3#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   116.1.13.1              Fa0/0             11 00:03:11   24   200  0  25
4   116.1.123.2             Se1/0            176 00:29:02  932  5000  0  7
1   116.1.123.1             Se1/0            166 00:29:03  121   726  0  26
3   116.1.54.4              Fa0/1             10 00:31:29   73   438  0  12
2   116.1.54.5              Fa0/1             12 00:31:29   56   336  0  13

R3#sh ip eigrp interfaces detail fastEthernet 0/0
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Fa0/0              1        0/0        24       0/1          112           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/12  Un/reliable ucasts: 12/13
  Mcast exceptions: 4  CR packets: 4  ACKs suppressed: 1
  Retransmissions sent: 5  Out-of-sequence rcvd: 0
  Authentication mode is md5,  key-chain is "To-R1"
  Use multicast

Based on that output R1 and R3 have a working adjacency over their Ethernet link and they use MD5 authentication with the corresponding key-chain.

Full Configuration

Following is the “full” (sanitized) configuration of every router for the lab.

R1

R1#sh run
hostname R1
!
key chain To-R3
 key 1
   key-string cisco
!
interface Loopback0
 ip address 99.99.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 116.1.13.1 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 To-R3
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 116.1.123.1 255.255.255.0
 encapsulation frame-relay
 delay 17982
 serial restart-delay 0
 frame-relay map ip 116.1.123.3 103 broadcast
 frame-relay map ip 116.1.123.2 103
 no frame-relay inverse-arp
!
router eigrp 100
 variance 3
 network 0.0.0.0
 no auto-summary

R2

R2#sh run
hostname R2
!
interface Loopback0
 ip address 99.99.2.2 255.255.255.0
!
interface Serial1/0
 ip address 116.1.123.2 255.255.255.0
 encapsulation frame-relay
 ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5 leak-map LEAK
 serial restart-delay 0
 frame-relay map ip 116.1.123.3 203 broadcast
 frame-relay map ip 116.1.123.1 203
 no frame-relay inverse-arp
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip prefix-list R2-Lo0 seq 5 permit 99.99.2.0/24
!
route-map LEAK permit 10
 match ip address prefix-list R2-Lo0

R3

R3#sh run
hostname R3
!
key chain To-R1
 key 1
   key-string cisco
!
interface Loopback0
 ip address 99.99.3.3 255.255.255.0
!
interface FastEthernet0/0
 ip address 116.1.13.3 255.255.255.0
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 To-R1
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 116.1.54.3 255.255.255.0
 no ip split-horizon eigrp 100
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 116.1.123.3 255.255.255.0
 encapsulation frame-relay
 no ip split-horizon eigrp 100
 serial restart-delay 0
 frame-relay map ip 116.1.123.1 301 broadcast
 frame-relay map ip 116.1.123.2 302 broadcast
 no frame-relay inverse-arp
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
 neighbor 116.1.54.5 FastEthernet0/1
 neighbor 116.1.54.4 FastEthernet0/1

R4

R4#sh run
hostname R4
!
interface Loopback0
 ip address 99.99.4.4 255.255.255.0
!
interface FastEthernet0/0
 ip address 116.1.54.4 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
 neighbor 116.1.54.3 FastEthernet0/0

R5

R5#sh run
hostname R5
!
interface Loopback0
 ip address 99.99.5.5 255.255.255.0
!
interface FastEthernet0/0
 ip address 116.1.54.5 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
 neighbor 116.1.54.3 FastEthernet0/0

Advertisements

3 comments

  1. Pingback: Lab Challenge EIGRP « Just another CCIE
  2. US-ROSE

    hey man, Can I ask u this question? I read your scenario, but I don’t understand. How do you configuration network inside EIGRP R3 and R4 over Frame Relay to R1 and R2 (dont via Fas0/0). How does network inside R1, R2 see network inside R3, R4 together..

  3. pashtuk

    Hi US-Rose
    I kinda guess you got problems with EIGRPs split-horizon rule?
    Check R3s full configuration, there you’ll see that I disabled split-horizon for the FR-Link to R1 and R2 and the FA-Link to R4 and R5.

    Hope it helps

    best regards

    Michel

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s