[计算机硬件及网络]5 基于EIGRP协议的路由解决方案完.ppt

第5章 基于EIGRP的路由解决方案,网络方向师资培训,本章内容,EIGRP简介 部署和验证 EIGRP 配置高级 EIGRP 选项 EIGRP 认证 在企业网中应用EIGRP,Configuring EIGRP,1 EIGRP简介,Flexible network design Multicast and unicast instead of broadcast address Manual summarization at any point 100% loop-free classless routing Easy configuration for WANs and LANs Load balancing across equal- and unequal-cost pathways,Advanced distance vector Fast convergence Support for VLSM and discontiguous subnets Partial updates Support for multiple network-layer protocols,EIGRP 特征,EIGRP 关键技术,Neighbor discovery/recovery Uses hello packets between neighbors Reliable Transport Protocol (RTP) Guaranteed, ordered delivery of EIGRP packets to all neighbors DUAL finite-state machine Selects lowest-cost, loop free, paths to each destination Protocol-dependent modules (PDMs) EIGRP supports IP, AppleTalk, and Novell NetWare. Each protocol has its own EIGRP module and operates independently of any of the others that may be running.,EIGRP 邻居表,DUAL 算法,Selects lowest-cost, loop-free paths to each destination AD = cost between the next-hop router and the destination FD = cost from local router = AD of next-hop router + cost between the local router and the next-hop router Lowest-cost = lowest FD (Current) successor = next-hop router with lowest-cost, loop free path Feasible successor = backup router with loop-free path (AD of feasible successor must be less than FD of current successor route),EIGRP拓扑表,EIGRP IP路由表,示例: EIGRP Tables,Router C Tables:,EIGRP 包,Hello: Establish neighbor relationships. Update: Send routing updates. Query: Ask neighbors about routing information. Reply: Respond to query about routing information. ACK: Acknowledge a reliable packet.,初始路由发现,EIGRP 度量值,Same metric components as IGRP: Bandwidth Delay Reliability Loading MTU EIGRP metric is IGRP metric multiplied by 256.,EIGRP 度量值的计算,By default, EIGRP metric: Metric = bandwidth (slowest link) + delay (sum of delays) Delay = sum of the delays in the path, in tens of microseconds, multiplied by 256 Bandwidth = 107 / (minimum bandwidth link along the path, in kilobits per second) * 256 Formula with default K values (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0): Metric = K1 * BW + (K2 * BW) / (256 load) + K3 * delay If K5 not equal to 0: Metric = metric * K5 / (reliability + K4):,A B C D Least bandwidth 64 kbps Total delay 6,000 A X Y Z D Least bandwidth 256 kbps Total delay 8,000,Delay is the sum of all the delays of the links along the paths: Delay = delay in tens of microseconds x 256 Bandwidth is the lowest bandwidth of the links along the paths: Bandwidth = 10,000,000 / (bandwidth in kbps) x 256,EIGRP 度量值计算示例,Configuring EIGRP,2 部署和验证 EIGRP,router eigrp autonomous-system-number,Defines EIGRP as the IP routing protocol. All routers in the internetwork that must exchange EIGRP routing updates must have the same autonomous system number.,配置 EIGRP,network network-number wildcard-mask,Identifies attached networks participating in EIGRP. The wildcard-mask is an inverse mask used to determine how to interpret the address. The mask has wildcard bits, where 0 is a match and 1 is “dont care.”,Router(config)#,Router(config-router)#,bandwidth kilobits,Defines the interfaces bandwidth for the purposes of sending routing update traffic.,配置EIGRP (续),Router(config-if)#,Network 192.168.1.0 is not configured on router A, because it is not directly connected to router A.,配置 EIGRP for IP,使用反掩码,使用和配置 ip default-network 命令,EIGRP 配置示例,R2 EIGRP 配置, interface FastEthernet0/0 ip address 172.17.2.2 255.255.255.0 interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 router eigrp 100 network 172.17.2.0 0.0.0.255 network 192.168.1.0,验证EIGRP: show ip eigrp neighbors,R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.102 Se0/0/1 10 00:07:22 10 2280 0 5 R1#,验证 EIGRP: show ip route eigrp,R1#show ip route eigrp D 172.17.0.0/16 90/40514560 via 192.168.1.102, 00:07:01, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:13, Null0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks D 192.168.1.0/24 is a summary, 00:05:13, Null0 R1#show ip route Gateway of last resort is not set D 172.17.0.0/16 90/40514560 via 192.168.1.102, 00:06:55, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:05:07, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:05:07, Null0,验证 EIGRP: show ip protocols,R1#show ip protocols Routing Protocol is “eigrp 100“ Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s Maximum path: 4 Routing for Networks: 172.16.1.0/24 192.168.1.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:09:38 Gateway Distance Last Update 192.168.1.102 90 00:09:40 Distance: internal 90 external 170,验证 EIGRP: show ip eigrp interfaces,R1#show ip eigrp interfaces IP-EIGRP interfaces for process 100 Xmit Queue Mean Pacing Time Multicast Pending Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes Fa0/0 0 0/0 0 0/10 0 0 Se0/0/1 1 0/0 10 10/380 424 0,验证 EIGRP: show ip eigrp topology,R1#show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 192.168.1.96/27, 1 successors, FD is 40512000 via Connected, Serial0/0/1 P 192.168.1.0/24, 1 successors, FD is 40512000 via Summary (40512000/0), Null0 P 172.16.0.0/16, 1 successors, FD is 28160 via Summary (28160/0), Null0 P 172.16.1.0/24, 1 successors, FD is 28160 via Connected, FastEthernet0/0 P 172.17.0.0/16, 1 successors, FD is 40514560 via 192.168.1.102 (40514560/28160), Serial0/0/1,验证 EIGRP: show ip eigrp traffic,R1#show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 100 Hellos sent/received: 429/192 Updates sent/received: 4/4 Queries sent/received: 1/0 Replies sent/received: 0/1 Acks sent/received: 4/3 Input queue high water mark 1, 0 drops SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 113 PDM Process ID: 73,Configuring EIGRP,3 配置高级 EIGRP 选项,EIGRP 自动路由汇总,Purpose: Smaller routing tables, smaller updates Automatic summarization: On major network boundaries, subnetworks are summarized to a single classful (major) network. Automatic summarization occurs by default.,EIGRP 手动路由汇总,Manual summarization has the following characteristics: Summarization is configurable on a per-interface basis in any router within a network. When summarization is configured on an interface, the router immediately creates a route pointing to null0. Loop-prevention mechanism When the last specific route of the summary goes away, the summary is deleted. The minimum metric of the specific routes is used as the metric of the summary route.,no auto-summary,(config-router)#,Turns off automatic summarization for the EIGRP process,配置路由汇总,ip summary-address eigrp as-number address mask admin-distance,(config-if)#,Creates a summary address that this interface will generate,手动汇总 EIGRP 路由,Router C Routing Table,RouterC#show ip route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:00:04, Null0 D 172.16.1.0/24 90/156160 via 10.1.1.2, 00:00:04, FastEthernet0/0 D 172.16.2.0/24 90/20640000 via 10.2.2.2, 00:00:04, Serial0/0/1 C 192.168.4.0/24 is directly connected, Serial0/0/0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.2.2.0/24 is directly connected, Serial0/0/1 C 10.1.1.0/24 is directly connected, FastEthernet0/0 D 10.0.0.0/8 is a summary, 00:00:05, Null0 RouterC#,EIGRP 负载均衡,Routes with a metric equal to the minimum metric are installed in the routing table (equal-cost load balancing). There can be up to 6 entries in the routing table for the same destination: The number of entries is configurable. The default is 4. Set to 1 to disable load balancing.,EIGRP 非等值负载均衡,variance multiplier,Allows the router to include routes with a metric smaller than the multiplier value times the minimum metric route to that destination,Router(config-router)#,Router E chooses router C to get to network Z, because it has lowest FD of 20. With a variance of 2, router E chooses router B to get to network Z (20 + 10 = 30) 20).,平衡值示例,配置 WAN Links,EIGRP supports different WAN links: Point-to-point links NBMA Multipoint links Point-to-point links EIGRP uses up to 50% of bandwidth by default; this bandwidth utilization can be changed.,WAN 接口带宽利用,Bandwidth utilization over point-to-point subinterfaces using Frame Relay: Treats bandwidth as T1 by default Should manually configure bandwidth as the CIR of the PVC Bandwidth utilization over multipoint Frame Relay, ATM, and ISDN PRI: EIGRP uses the bandwidth on the physical interface divided by the number of neighbors on that interface to calculate the bandwidth attributed per neighbor.,WAN 接口带宽利用 (续),Each PVC can have a different CIR, creating an EIGRP packet-pacing problem. Multipoint interfaces: Convert these to point-to-point configuration or manually configure bandwidth by multiplying the lowest CIR by the number of PVCs.,EIGRP WAN 配置: FR Hub-and-Spoke 拓扑,Configure each virtual Circuit as point-to-point, specify bandwidth = 1/10 of link capacity Increase EIGRP utilization to 50% of actual VC capacity,Configure lowest CIR virtual circuit as point-to-point, specify bandwidth = CIR. Configure higher CIR virtual circuits as multipoint, combine CIRs.,EIGRP WAN 配置: 混合 Multipoint,Configuring EIGRP,4 EIGRP 认证,Router 认证,Many routing protocols support authentication such that a router authenticates the source of each routing update packet that it receives. Simple password authentication is supported by: IS-IS OSPF RIPv2 MD5 authentication is supported by: OSPF RIPv2 BGP EIGRP,简单密码 vs. MD5 认证,Simple password authentication: Router sends packet and key. Neighbor checks whether key matches its key. Process not secure. MD5 authentication: Configure a key (password) and key ID; router generates a message digest, or hash, of the key, key ID and message. Message digest is sent with packet; key is not sent. Process OS secure.,EIGRP MD5 认证,EIGRP supports MD5 authentication. Router generates and checks every EIGRP packet. Router authenticates the source of each routing update packet that it receives. Configure a key (password) and key ID; each participating neighbor must have same key configured.,MD5 认证,EIGRP MD5 authentication: Router generates a message digest, or hash, of the key, key ID, and message. EIGRP allows keys to be managed using key chains. Specify key ID (number), key, and lifetime of key. First valid activated key, in order of key numbers, is used.,配置 EIGRP MD5 认证 (续),key chain name-of-chain,Router(config)#,Enters configuration mode for the keychain,Router(config-keychain)#,key key-id,Identifies key and enters configuration mode for the keyid,配置 EIGRP MD5 认证 (续),Router(config-keychain-key)#,key-string text,Identifies key string (password),Router(config-keychain-key)#,accept-lifetime start-time infinite | end-time | duration seconds,Optional: Specifies when key will be accepted for received packets,Router(config-keychain-key)#,send-lifetime start-time infinite | end-time | duration seconds,Optional: Specifies when key can be used for sending packets,配置 EIGRP MD5 认证,ip authentication mode eigrp autonomous-system md5,Router(config-if)#,Specifies MD5 authentication for EIGRP packets,Router(config-if)#,ip authentication key-chain eigrp autonomous-system name-of-chain,Enables authentication of EIGRP packets using key in the keychain,配置 EIGRP MD5 认证示例,R1 配置 EIGRP MD5 认证, key chain R1chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006 key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite interface FastEthernet0/0 ip address 172.16.1.1 255.255.255.0 ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.101 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R1chain ! router eigrp 100 network 172.16.1.0 0.0.0.255 network 192.168.1.0 auto-summary,R2 配置 EIGRP MD5 认证, key chain R2chain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite interface FastEthernet0/0 ip address 172.17.2.2 255.255.255.0 ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 R2chain ! router eigrp 100 network 172.17.2.0 0.0.0.255 network 192.168.1.0 auto-summary,查看 MD5 认证,R1# *Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102 (Serial0/0/1) is up: new adjacency R1#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14 R1#show ip route Gateway of last resort is not set D 172.17.0.0/16 90/40514560 via 192.168.1.102, 00:02:22, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:31:31, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:31:31, Null0 R1#ping 172.17.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms,MD5 认证排错,R1#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1 *Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102 *Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0 R2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2 *Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101 *Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0,MD5 认证排错,R1(config-if)#key chain R1chain R1(config-keychain)#key 2 R1(config-keychain-key)#key-string wrongkey R2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) R2# *Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch *Jan 21 16:50:18.749: EIGRP: Serial0/0/1: ignored packet from 192.168.1.101, opc ode = 5 (invalid authentication) *Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication *Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/1 *Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101 (Serial0/0/1) is down: Auth failure R2#show ip eigrp neighbors IP-EIGRP neighbors for process 100 R2#,MD5 authentication on both R1 and R2, but R1 key 2 (that it uses when sending) changed,Configuring EIGRP,5 在企业网中应用EIGRP,影响EIGRP 可控性的因素,Quantity of routing information exchanged between peers; without proper route summarization, this can be excessive. Number of routers that must be involved when a topology change occurs. Depth of topology: the number of hops that information must travel to reach all routers. Number of alternate paths through the network.,EIGRP 查询过程,Queries are sent when a route is lost and no feasible successor is available. The lost route is now in active state. Queries are sent to all neighboring routers on all interfaces except the interface to the successor. If the neighbors do not have the lost-route information, queries are sent to their neighbors. If a router has an alternate route, it answers the query; this stops the query from spreading in that branch of the network.,在 Hub-and-Spoke 拓扑中的更新和查询,You do not want to use these paths!,EIGRP Stub,The EIGRP stub routing feature improves network stability, reduces resource utilization, and simplifies remote router (spoke) configuration. Stub routing is commonly us