2-R&S/Enhanced Interior Gateway Routing Protocol (EIGRP) Part 2.

Let’s continue the EIGRP operation that we start at the previous post 1-R&S/Enhanced Interior Gateway Routing Protocol (EIGRP) Part 1 , in this post i will talk about the remaining parts of the EIGRP operation, while i will talk about configuration and verification commands from CLI point of view in the next post.

In the previous post i mentioned the operation of how the EIGRP adjacency is completely formed between the two EIGRP-speaking routers, including exchanging the EIGRP hello message, as well the three way handshake concept handled by both EIGRP update and Ack messages. As well i mentioned the operation of how the EIGRP-speaking routers exchanged the EIGRP learned routes using the EIGRP update and Ack message.

When the EIGRP-speaking router need to advertise new subnet/network, it carry the information associated to this subnet/network inside the EIGRP update message and send it to its EIGRP neighbors out all the EIGRP-enabled interfaces, so assume that R1 has Loopback interface with the IP address (1.1.1.1/32) and it needs to advertise this subnet/network to its neighbor R2 out interface Eth0/0, the following figure represents the steps describe exchanging the EIGRP learned routes inside the EIGRP update message between the EIGRP-speaking routers:

eigrp2

6-R1 configured Loopback interface with an IP address (1.1.1.1/32) and it needs to advertise this subnet/network inside the EIGRP domain, so to advertise it, R1 carry this subnet/network and its information inside an EIGRP update message, the following figure represents the EIGRP update message sent by R1 to the multicast address 224.0.0.10 as seen on Wireshark:

eigrp-pak6

We can deduce the following from this figure:
1-OpCode = 1, which indicates it is an EIGRP update message that is used to carry the information about subnet/network needed to be advertised.
2-Flags = 0x00000000, which indicates that no flags are being used inside this update message.
3-Sequence = 2, which indicates that this is the second EIGRP message within this EIGRP neighborship sent by R1 that is needed to be reliably delivered.
4-Acknwoledge = 0, which indicates that this message is not used to acknowledge other EIGRP message.
5-Autonomous Number = 100.
6-Internal Route TLV, which indicates the information about the subnet/network (1.1.1.1/32) needed to be advertised, and it includes the following fields:
a-Type = 0x0602, which indicates that the the information carried inside this field is an internal route.
b-Length = 45, which indicates the length of the information carried inside this TLV field.
c-Topology = 0, which indicates that this internal route belongs to the topology ID 0, as mentioned before the new IOS versions support the Multi topology routing capability, that is used to run multiple topologies over the same physical network, so at this case, this subnet/network belong to the default topology.
d-AFI = 1, which indicates that the Address Family used for this advertisement is for IPv4.
e-Router ID = 1.1.1.1, this indicates that the Router ID for the EIGRP-speaking router originally advertised information about this subnet/network, and the Router ID is 1.1.1.1, and actually this value is used as a method to avoid routing loop as well.
f-Wide Metric, this filed is used to carry the EIGRP parameters (BW, Load, Delay, …) of the advertised subnet/network that are used for the EIGRP composite metric calculation for this route. The following figure shows the “Wide Metric” field:

eigrp-pak6.1

1-Offset = 0, this field is used to define the start of the subnet/network information, this means that it is used to tell if there is an information about extended attributes exist here or not, and value of 0 means that no extended attributes carried here for this subnet/network.
2-Priority = 0, this field is used to assign priority value to this subnet/network, this means that when the EIGRP-speaking router receive this subnet/network, it will process the subnet/network with high priority value before the other subnets/networks with lower priority value, and value of 0 means that no priority value assigned to this subnet/network.
3-Reliability = 255, this field indicates the reliability value for this route, and value of 255 indicates that this route is highly reliable.
4-Load = 1, this field indicates the load value for this route, and value of 1 indicates that this route has lowest load value, hence this value represents the best load value.
5-MTU = 1514, this field indicates the lowest Maximum Transmission Unit value for this route.
6-Hop count = 0, this field indicates the number of hops from the sender of this EIGRP update message to the mentioned subnet/network, and value of 0 means that this subnet/network is directly attached to this router.
7-Delay = 5000000000, this field indicates the delay value for this route and it is represented in terms of Picoseconds, so value of 5000000000 means it is 5000000000 Picoseconds.
8-Bandwidth = 8000000, this field indicates the BW value for this route and it is represented in terms of KiloBits, so value of 8000000 means it is 8000000 Kilobits.
9-Reserved = 0x0000, this filed is used for future purposes.
10-Flags = 0x0000, this field is used to include options regarding this route.

g-Next Hop = 0.0.0.0. this filed indicates the next hop router address, 0.0.0.0 means that the next hop router is the EIGRP-speaking router advertising this route.
h-Prefix Length = 32, which indicates the prefix length of the advertised subnet/network.
i-Destination = 1.1.1.1, which indicates the network ID of the actual subnet/network needed to be advertised.

7-R2 received this EIGRP update message from R1, then it need to acknowledge the reception of the update message, so it sent the EIGRP Ack message, the following figure represents the EIGRP Ack message sent by R2 to the unicast IP address of R1 as seen on Wireshark:

eigrp-pak7

8-R2 need to perform split horizon with poison reverse (this concept is called by “Route Poisoning”) as it is used as a way to avoid routing loop, so to do this, it will send an EIGRP update message with the same routing information but it set the Delay attribute to “Infinity”, which means that the subnet/network in this update message is unreachable through it. The following figure represents the EIGRP update message sent by R2 to the multicast address 224.0.0.10 as seen on Wireshark:

eigrp-pak8

We can deduce the following from this figure:
1-OpCode = 1, which indicates it is an EIGRP update message that is used to carry the information about subnet/network needed to be advertised.
2-Flags = 0x00000000, which indicates that no flags are being used inside this update message.
3-Sequence = 3, which indicates that this is the third EIGRP message within this EIGRP neighborship sent by R2 that is needed to be reliably delivered.
4-Acknwoledge = 0, which indicates that this message is not used to acknowledge other EIGRP message.
5-Autonomous Number = 100.
6-Internal Route TLV, which indicates the information about the subnet/network (1.1.1.1/32) needed to be advertised, and it includes the following fields:
a-Type = 0x0602, which indicates that the the information carried inside this field is an internal route.
b-Length = 45, which indicates the length of the information carried inside this TLV field.
c-Topology = 0, which indicates that this internal route belongs to the topology ID 0, as mentioned before the new IOS versions support the Multi topology routing capability, that is used to run multiple topologies over the same physical network, so at this case, this subnet/network belong to the default topology.
d-AFI = 1, which indicates that the Address Family used for this advertisement is for IPv4.
e-Router ID = 1.1.1.1, this indicates that the Router ID for the EIGRP-speaking router originally advertised information about this subnet/network, and the Router ID is 1.1.1.1, and actually this value is used as a method to avoid routing loop as well.
f-Wide Metric, this filed is used to carry the EIGRP parameters (BW, Load, Delay, …) of the advertised subnet/network that are used for the EIGRP composite metric calculation for this route. The following figure shows the Delay attribute value inside the Wide Metric field, at which the value is “Infinity” as mentioned before:

eigrp-pak9

9-R1 received this EIGRP update message from R2, then it need to acknowledge the reception of the update message, so it sent the EIGRP Ack message, the following figure represents the EIGRP Ack message sent by R1 to the unicast IP address of R2 as seen on Wireshark:

eigrp-pak10

We can deduce the following from this figure:
1-OpCode = 5, which indicates it is an EIGRP hello message, as mentioned before the EIGRP Ack message is carried inside an EIGRP hello message
2-Flags = 0x00000000, which indicates that no flags are being used inside this Ack message.
3-Sequence = 0.
4-Acknwoledge = 3, which indicates that it is acknowledging the EIGRP message (EIGRP update message) with Seq no. = 3 that it received from its neighbor that is needed to be reliably delivered.
5-Autonomous Number = 100.

After i mentioned the steps describe exchanging the EIGRP learned routes in a simple way, let’s see how the EIGRP-speaking router determine the best route to reach certain subnet/network.

The EIGRP-speaking router for sure can receive multiple routes from multiple neighbors advertising information about same subnets/networks, for this reason the EIGRP-speaking router should has a method to determine which one of these routes is the best so that it can use this route and install it inside its IP routing table, hence it can use this entry for routing/forwarding purpose. EIGRP depends on Diffusing Update Algorithm (DUAL) to make route calculations and to select best route for each subnet/network. DUAL is considered as a convergence algorithm that is used for multiple purposes:

  1. make route calculations based on certain events that occurred at the network and these events are detected by the EIGRP-speaking router, hence the EIGRP-speaking router make the calculations and computations for the routes that are affected by those events.
  2. It is used to select the best route for each subnet/network  among multiple routes it received from its neighbors, but as well it must make sure that the selected route (or routes in case of load balancing) is via loop-free path, as it is too important to install route in the routing table that never results in routing loop to avoid network outages.

DUAL use certain method or criteria to avoid selecting routes that can cause routing loop in the network, but before discuss this method, let’s talk first about an example discussing how the metric is calculated. The following figure represents the topology that we use to explain how the metric is calculated:

eigrp4

Here we have three EIGRP-speaking routers (R1, R2 and R3), at which the EIGRP adjacency is completely formed between (R1 and R2) and (R2 and R3), and R3 advertised the subnet/network 3.3.3.3/32 to R2 and carry its routing information inside the EIGRP update message that include the attributes used by the EIGRP to compute its composite metric: Reliability, Load, Delay and Bandwidth and other parameters as well:  MTU and Hop count,  As shown in the figure, i mentioned the 4 attributes used in the EIGRP composite metric calculation equation for each interface so that i can use these values in the equation.

1-When R3 advertise the subnet/network 3.3.3.3/32 to R2, it include the 4 attributes in addition to other parameters in the EIGRP update message as the following:
1-Reliability = 255
2-Load = 1
3-MTU = 1514
4-Hop Count = 0
5-Delay = 5000 in tens of Microseconds
6-BW = 8000000 Kbps

2-Once R2 received the EIGRP update message on interface Eth0/1, it use the 4 attributes (Reliability, Load, Delay and BW) seen on the EIGRP update message to calculate the EIGRP composite metric for this subnet/network, but it will use as well the attributes of the interface where the EIGRP update message is received, this means that when the EIGRP-speaking router receive an update message, it will use the attributes seen on the message as well the attributes  of the interface receiving the EIGRP update message to calculate the EIGRP composite metric for the routes, interface Eth0/1 of R2 has the following attributes:
1-Reliability = 255
2-Load = 1
3-Delay = 1000 in tens of Microseconds
4-BW = 10000 Kbps

So R2 need to use these attributes to calculate the EIGRP composite metric, and as we already know from the previous post that there is a certain equation used for the EIGRP composite metric calculation as the following:

CM1

This equation is used in case of classic mode, and as we already know that Cisco use only Delay and BW attributes in the EIGRP composite metric calculation equation as its default behavior, as well the default “K” values are K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0

As we know, the Delay value used in the equation represents the summation of the delay values for the interfaces along the path from the local router that needs to calculate the EIGRP composite metric (which is R2) till the destination itself, and here we have two delay values:
1-1000, which represents the Delay value of the interface Eth0/1 of R2.
2-5000, which represents the Delay value of the interface Loopback0 of R3
This means that the Delay value = (1000 + 5000) = 6000 in tens of Microseconds.

While the BW value represents the lowest BW value for an interface along the path from the local router that needs to calculate the EIGRP composite metric (which is R2) till the destination itself, and here we have two BW values:
1-10000, which represents the BW value of the interface Eth0/1 of R2.
2-8000000, which represents the BW value of the interface Loopback0 of R3.
From these two values, we can deduce that the lowest BW for an interface along the path is 10000 Kbps, this means that the BW value that will be used in the equation = 10000 Kbps

Hence if we substitute with the attributes values (Delay and BW) in the equation, this results in:

EIGRP CM = [1x(10000000/10000) + 1x(6000/10)] x 256 = [1000 + 600] x 256 = 1600 x 256 = 409600, hence EIGRP CM = 409600, so R2 can reach the subnet/network 3.3.3.3/32 with metric 409600. The previously calculated metric has certain terminology from EIGRP process point of view, which is the Feasible Distance (FD), this means that if this resulting metric is the lowest metric calculated by the EIGRP-speaking router for that subnet/networrk, so this metric is called Feasible Distance (FD), hence the FD represents the best metric for the subnet/network. Actually the EIGRP-speaking router not only calculate the FD, but as well it calculate another metric which is called by “Advertised” or “Reported Distance” (AD or RD) and this value represents the metric calculated at the neighbor that send the route to this EIGRP-speaking router, this means that the AD or RD represents the FD from the neighbor point of view, but in reality as i mentioned in the EIGRP update message that the neighbor send the attributes of the route not the FD itself, so that the EIGRP-speaking router make its own calculations based on the attributes it received from the neighbor and the attributes it has.

The following represents a summary about what i mentioned regarding the metric calculations:
1-Once the EIGRP-speaking router receive an EIGRP update message from the neighbor, it calculate the AD or RD value based on the attributes it received from its neighbor as the following:

AD/RD = [1x(10000000/8000000) + 1x(5000/10)] x 256 = [1.25 + 500] x 256 = [1 + 500] x 256 = 128256
2-The EIGRP-speaking router calculate the metric based on the attributes it received from its neighbor as well the attributes of the interface received the EIGRP update message as the following:

EIGRP CM = [1x(10000000/10000) + 1x(6000/10)] x 256 = [1000 + 600] x 256 = 1600 x 256 = 409600, and as this is the only route we have for the subnet/network 3.3.3.3/32, so this metric will be the FD value as it is the only one, so it will be the best metric as well.

So the “FD” represents the best/lowest metric/distance from the local router computing the EIGRP composite metric till the subnet/network, while the “AD” or “RD” represents the  best/lowest metric/distance from the neighbor sending the EIGRP update message till the subnet/network as mentioned in the following figure:

eigrp6

Note: You can can use the same concept in case of running EIGRP named mode that support the EIGRP wide metric, so all you have to do is to use the other equation used for calculating the EIGRP Wide composite metric i mentioned at the previous post and the following is the final equation:

Wide CM

Now, let’s talk about the method or the criteria used by the DUAL to avoid the routing loop, so let’s see the new topology:

eigrp5

The attributes for all interfaces are the same as the previous topology except for the interface (Eth0/0) of (R4) it has Delay value = 2500 in terms of 10s of Microseconds, while all the other interfaces have Delay value = 1000 in terms of 10s of Microseconds.

Now i will mention the metric calculations done on R1 regarding the subnet/network (3.3.3.3/32):

1-R1 received the EIGRP update message from both R2 and R4 respectively and carrying the routing information about the subnet/network (3.3.3.3/32) and they have the following attributes:

From (R2):
1-Reliability = 255
2-Load = 1
3-Delay = 6000 in tens of Microseconds
4-Minimum BW = 10000 Kbps

So R1 will calculate two values, Metric value and AD or RD value for the route received from R2 as the following:
1-Metric Value = 435200
2-AD or RD = 409600

From (R4):
1-Reliability = 255
2-Load = 1
3-Delay = 7500 in tens of Microseconds
4-Minimum BW = 10000 Kbps

So R1 will calculate two values, Metric value and AD or RD value for the route received from R4 as the following:
1-Metric Value = 448000
2-AD or RD = 473600

Once the EIGRP-speaking router receive these routes, it will install all these routes inside certain table that is responsible for carrying all the EIGRP routes received from all the neighbors, this table is called  by “EIGRP Topology database”, then it needs to calculate all the metric values for all the available routes, then it needs to choose which route has the lowest metric, so that its metric will be the FD, hence this route become the best route for the subnet/network 3.3.3.3/32, the best route has certain terminology from EIGRP point of view, which is the “Successor route” and the “Successor” represents the neighbor through which the best route is reachable, this means that the EIGRP successor route represents the best route for the subnet/network and the “Successor” represents the best next hop router through which the subnet/network is reachable, and if there are multiple routes having the same best/lowest metric, all of these routes become successor routes, this means that the subnet/network may have multiple successors in case of load balancing. If we  have only one successor, the EIGRP-speaking router will check the other routes to check if they are eligible to be backup routes (i.e routes with the next best metric), but how the EIGRP-speaking router knows this ?? 🙂 this is the point, and here the DUAL start playing 🙂 As i mentioned before that the DUAL has certain method to determine  whether the route is via loop-free path or not, simply this can be achieved using certain condition, this condition is called by “Feasibility Condition” , simply this condition is used by DUAL to make sure that the routes it choose for backup purpose should be via loop-free path to avoid  routing loops and network outages. The Feasibility condition works based on comparison operation, but before the comparison, it should know first who is the successor route, and as i mentioned above the successor route is the best route that has the best/lowest metric to reach the subnet/network, and as well its metric is the FD, so once the EIGRP-speaking router know the FD, it will compare the AD or RD of the other non-successor routes  with the FD, if the AD or RD of the route is lower than the FD, this means that this route is eligible to be backup route in the future, and the backup route has certain terminology from EIGRP point of view, which is the “Feasbible Successor route”, this means that the Feasible Successor route is a backup route that can be used in the future in case the Successor failed for any possible reason to provide fast convergence. If the AD or RD of the route is higher than the FD, this means that this route is not eligible to be backup route in the future, as this can result in routing loop, for this reason this route is neither successor not feasible successor route, hence the DUAL can’t use this route for fast convergence in the future in case the successor route failed for any possible reason.

The following represents a summary about what i mentioned regarding the Feasibility Condition:
Successor: This represents the best next hop router (EIGRP neighbor) through which the subnet/network is reachable, at which it is the router with the best metric to reach the subnet/network from the point of view of the EIGRP-speaking router doing the composite metric calculations.
Feasible successor: This represents the second best next hop router (EIGRP neighbor) through which the subnet/network will be reachable in the future in case the successor failed for any possible reason, at which it is the router with the second best metric to reach subnet/network from the point of view of the EIGRP-speaking router doing the composite metric calculations.
1-Once the EIGRP-speaking router receive the EIGRP update message from the neighbors, it will store all the routes inside the EIGRP topology database.
2-The EIGPR-speaking router know which route is the successor route by calculating the EIGRP composite metric for all the received routes, then determine the FD value.
3-The EIGRP-speaking router compare the AD or RD of the other non-successor routes with the FD.
4-If the AD or RD of the non-successor route is lower than the FD, this means that this route is eligible to be backup route, hence become Feasible Successor route and can be used in the future to provide the fast convergence in case the successor failed for any possible reason.
5-If the AD or RD of the non-successor route is higher than the FD, hence this route is not eligible to be backup route and can’t be used in the future to provide the fast convergence as this could results in routing loop and it will be neither successor nor feasible successor route.

DUAL Finite State Machine (FSM):

DUAL FSM represents the part responsible for all the calculations done by the EIGRP-speaking router, as well it is responsible for knowing when exactly it needs to make new calculations for the different subnet/network, and this happened when certain events happened that caused the FSM to make its operation, the events can be one of the following:
1-Change in the cost, i.e change in one of the attributes (Delay , BW, reliability and Load) of any of the EIGRP-enabled interfaces of the local EIGRP-speaking router.
2-Change in the status of any of the EIGRP-enabled interfaces of the local EIGRP-speaking router.
3-The EIGRP-speaking router receive an EIGRP update message from the neighbor(s).
4-The EIGRP-speaking router receive an EIGRP Query message from the neighbor(s).
5-The EIGRP-speaking router receive an EIGRP reply message from the neighbor(s).

When the EIGRP domain is stable, i mean when the network is stable and no changes and no events happened that cause the DUAL FSM to do its work, so all the EIGRP routes become stable, and stability from the DUAL FSM point of view means that the EIGRP route is in passive state which means that no local computations or calculations are required for this EIGRP route, which means that this EIGRP route is stable/converged from DUAL FSM point of view, while in case the EIGRP route is not stable/converged and the EIGRP-speaking router failed to find Feasible successor route in the EIGRP toplogy table this means that the route become in active state which means that the DUAL FSM is doing its calculations to determine the EIGRP successor and feasible successor routes for that subnet/network that was unstable.

Now i will give an example for the five events that can happen and cause the DUAL FSM to do its operation. The following figure shows the topology that we will use to explain the different examples:

eigrp5
First Event:

Change in the cost, i.e change in one of the attributes (Delay , BW, reliability and Load) of any of the EIGRP-enabled interfaces of the local EIGRP-speaking router.

In this example R1 can reach the subnet/network (3.3.3.3/32) via two paths, one via Eth0/0 and the other via Eth0/1 because of load balancing as all the attributes of all the EIGRP-enabled interfaces are the same, so this results in two successor routes, one known via (192.168.12.2) and the other via (192.168.14.4), so the two routes will be installed at the Routing Table as the following:

show-eigrp1

Now we need to change the cost of any of the EIGRP-enabled interfaces, so at this case i will change the Delay value of the interface (Eth0/1) on (R1) so that we check the DUAL FSM operation on (R1)  by using “debug” to know what happened, so i will change the Delay value of interface (Eth0/1) to be 101, which is 1010 in terms of 10s of Microseconds as the following:
R1(config)#interface Ethernet0/1
R1(config-if)#delay 101
Then i made “debug eigrp fsm” on R1 to see the debug messages related only to the subnet/network (3.3.3.3/32) that will results once i changed the delay value of the interface as the following:

debug-eigrp1

1-Once i changed the Delay value of the interface (Eth0/1), the DUAL FSM received an internal update about the route for the subnet/network (3.3.3.3/32) that is known via the neighbor (192.168.14.4) and it has AD/RD = 409600 and FD = 435456 on the EIGRP topology table for the topology with TID (Topology ID) = 0.
2-The DUAL FSM find two Feasible successor routes (seen at points 3 and 4):
3-First route via (192.168.12.2) with AD/RD = 409600 and FD = 435200
4-Second route via (192.168.14.4) with AD/RD = 409600 and FD = 435456, but the router found the minimum Distance (Dmin) for the subnet/network is 435200 (that represents the FD value for the first route) and if we compare both the AD/RD of this route with the FD of the first route, we can deduce that this second route achieve the Feasibility condition, hence it become the feasible successor route.
5-The DUAL FSM caused the router to install the first feasible successor route that is known via (192.168.12.2) in the IP Routing Table as it become the successor route as it has the lowest/minimum Distance.
6-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R4), and the reason for this is it lost the interface (Eth0/1) on the EIGRP topology table for the topology with TID = 0 as the route previously known via the interface (Eth0/1) was successor route, while after the changes i made, this route become feasible successor route.

Second Event:

Change in the status of any of the EIGRP-enabled interfaces of the local EIGRP-speaking router.

In this example R1 can reach the subnet/network (3.3.3.3/32) via two paths, one via Eth0/0 and the other via Eth0/1 because of load balancing as all the attributes of all the EIGRP-enabled interfaces are the same, so this results in two successor routes, one known via (192.168.12.2) and the other via (192.168.14.4), so the two routes will be installed at the Routing Table as mentioned in the previous example.

Now we need to change the status of any of the EIGRP-enabled interfaces, so at this case i will shutdown the interface (Eth0/1) on (R1) so that we check the DUAL FSM operation on (R1)  by using “debug” to know what happened, so i will shutdown the interface (Eth0/1) as the following:
R1(config)#interface Ethernet0/1
R1(config-if)#shutdown
Then i made “debug eigrp fsm” on R1 to see the debug messages related only to the subnet/network (3.3.3.3/32) that will results once i changed the delay value of the interface as the following:

debug-eigrp2

1-Once i shutdown the interface (Eth0/1), the DUAL FSM is checking  the subnet/network (3.3.3.3/32) that was installed on the EIGRP topology table for the topology with TID (Topology ID) = 0.
2-The DUAL FSM find two Feasible successor routes (seen at points 3 and 4):
3-First route via (192.168.12.2) with AD/RD = 409600 and FD = 435200
4-Second route via (192.168.14.4) with AD/RD = 72057594037927935 and FD = 72057594037927935, and from the EIGRP wide metric point of view, this value is considered to be “Infinity” which means that this route is considered to be unreachable, as well the router found the minimum Distance (Dmin) for the subnet/network is 435200 (that represents the FD value for the first route) and this second route is considered to be unreachable, hence it will never be the feasible successor route.
5-The DUAL FSM is removing this second route for the subnet/network (3.3.3.3/32) that is known via (192.168.14.4) as it has infinity metric.
6-The DUAL FSM caused the router to install the first and only feasible successor route that is known via (192.168.12.2) in the IP Routing Table as it become the successor route as it has the lowest/minimum Distance.
7-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R4), and the reason for this is it lost the interface (Eth0/1) on the EIGRP topology table for the topology with TID = 0 as the route previously known via the interface (Eth0/1) was successor route, while after the changes i made, it will be totally removed from the EIGRP topology table as the metric is infinity.

Third Event:

The EIGRP-speaking router receive an EIGRP update message from the neighbor(s)

In this example R1 can reach the subnet/network (3.3.3.3/32) via only one path, via Eth0/0 from the neighbor (192.168.12.2), so the route via (192.168.12.2) is installed at the Routing Table as mentioned as the following:

show-eigrp2

Now (R4) advertise the subnet/network (3.3.3.3/32) to (R1) by sending an EIGRP update message over the EIGRP-enabled interface (Eth0/1). The following represents the EIGRP update message as seen on Wireshark:

eigrp-pak11

Then i made “debug eigrp fsm” on R1 to see the debug messages related only to the subnet/network (3.3.3.3/32) that will results once (R4) send the EIGRP update message to (R1) as the following:

debug-eigrp3

1-Once R1 received the EIGRP update message from R4, it checked the EIGRP topology table and found that the subnet/network (3.3.3.3/32) is in passive not active state as it already has successor route installed in the EIGRP topology table that is known via (Eth0/0) from the neighbor (192.168.12.2).
2-The DUAL FSM received an internal update about the route for the subnet/network (3.3.3.3/32) that is known via the neighbor (192.168.14.4) and it has AD/RD = 409600 and FD = 435456 on the EIGRP topology table for the topology with TID (Topology ID) = 0.
3-The DUAL FSM find two Feasible successor routes (seen at points 4 and 5):
4-First route via (192.168.12.2) with AD/RD = 409600 and FD = 435200
5-Second route via (192.168.14.4) with AD/RD = 409600 and FD = 435200, and the router found the minimum Distance (Dmin) for the subnet/network is 435200 (that represents the FD value for the first route) and if we compare both the AD/RD of this route with the FD of the first route, we can deduce that this second route achieve the Feasibility condition and its AD/RD equal the FD, hence it become successor route as well.
6-The DUAL FSM caused the router to install the first feasible successor route that is known via (192.168.12.2) in the IP Routing Table as it is the first successor route.
7-The DUAL FSM caused the router to install the second feasible successor route that is known via (192.168.14.4) in the IP Routing Table as it is the second successor route.
8-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R4), and the reason for this is adding new interface which is (Eth0/1) on the EIGRP topology table for the topology with TID = 0 as this newly added route is the second successor route for the subnet/network (3.3.3.3/32).

Fourth Event:

The EIGRP-speaking router receive an EIGRP Query message from the neighbor(s)

In this example R4 is unable to reach the subnet/network (3.3.3.3/32)  via Eth0/0 from the neighbor (192.168.34.3), so at this moment it has no feasible successor route in the EIGRP topology table, for this reason it will send  an EIGRP query message out Eth0/1 to know if this neighbor (R1) has valid route for the subnet/network (3.3.3.3/32) or not. The following represents the EIGRP query message as seen on Wireshark:

eigrp-pak12

Then i made “debug eigrp fsm” on R1 to see the debug messages related only to the subnet/network (3.3.3.3/32) that will results once (R4) send the EIGRP query message to (R1) as the following:

debug-eigrp4

1-R1 received the EIGRP query message from R4 regarding the subnet/network (3.3.3.3/32) which is via (192.168.14.4) with AD/RD = 72057594037927935 and FD = 72057594037927935 which represents infinity metric and this query message is related to the topology with TID (Topology ID) = 0.
2-The DUAL FSM find two Feasible successor routes (seen at points 4 and 5):
3-First route via (192.168.12.2) with AD/RD = 409600 and FD = 435200
4-Second route via (192.168.14.4) with AD/RD = 72057594037927935 and FD = 72057594037927935, and the router found the minimum Distance (Dmin) for the subnet/network is 435200 (that represents the FD value for the first route) and if we compare both the AD/RD of this route with the FD of the first route, we can deduce that this second route will never achieve the Feasibility condition as the AD/RD and FD are infinity.
5-R1 send the EIGRP reply message regarding the subnet/network (3.3.3.3/32) to (192.168.14.4) which is R4 as a response for the EIGRP query message R1 received from R4.
6-The DUAL FSM caused the router to install the first and only feasible successor route that is known via (192.168.12.2) in the IP Routing Table as it become the successor route as it has the lowest/minimum Distance.
7-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R4), and the reason for this is it lost the interface (Eth0/1) on the EIGRP topology table for the topology with TID = 0 as the route previously known via the interface (Eth0/1) was successor route, while after sending the EIGRP reply message, it will be totally removed from the EIGRP topology table as the metric is infinity.
8-The DUAL FSM is removing this second route for the subnet/network (3.3.3.3/32) that is known via (192.168.14.4) as it has infinity metric.

Fifth Event:

The EIGRP-speaking router receive an EIGRP Reply message from the neighbor(s)

In this example R4 is unable to reach the subnet/network (3.3.3.3/32)  via Eth0/0 from the neighbor (192.168.34.3), so at this moment it has no feasible successor route in the EIGRP topology table, for this reason it sent an EIGRP query message out Eth0/1 to know if this neighbor (R1) has valid route for the subnet/network (3.3.3.3/32) or not, then it received an EIGRP reply message from its neighbor (R1). The following represents the EIGRP reply message as seen on Wireshark:

eigrp-pak13

Then i made “debug eigrp fsm” on R4 to see the debug messages related only to the subnet/network (3.3.3.3/32) that will results once (R1) send the EIGRP reply message to (R4) as the following:

debug-eigrp5

1-Once R4 send the EIGRP query message to R1, it set the state of the subnet/network (3.3.3.3/32) to be “active” as R4 has no valid EIGRP route in the EIGRP topology table, which means that it has no feasible successor route.
2-R4 received the EIGRP reply message from R1 which is via (192.168.14.1) as a response to the EIGRP query message previously sent by R4 to R1, and it has AD/RD = 435200and FD = 460800.
3-The DUAL FSM set the reply count value to be 1 as it received one reply from the neighbor, and at this case R4 sent only one EIGRP query message out Eth0/1 toward R1 as it has only an EIGRP adjacency only with R1 at the moment as it lost its EIGRP adjacency with R3.
4-The DUAL FSM cleared the internal handle flag as at the moment it received all the replies for all the queries it have sent before, and as mentioned it sent only one query toward R1, and once it received the reply from R1, this means that it received reply for the only query it have sent, so it cleared the count again to 0 for this subnet/network (3.3.3.3/32).
5-The DUAL FSM freed the reply status table, which means that the router received all the replies for all the queries it have sent before.
6-The DUAL FSM found Feasible successor route in the EIGRP topology table with AD/RD = 72057594037927935 and FD = 72057594037927935 and those metric values are infinity.
7-The DUAL FSM is removing the route for the subnet/network (3.3.3.3/32) that is known via (192.168.34.3) as it has infinity metric.
8-The DUAL FSM caused the router to install the route that is known via (192.168.14.1) in the IP Routing Table as it become the successor route as it has the lowest/minimum Distance.
9-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R1), and the reason for this is the metric changed on the EIGRP topology table for the topology with TID = 0 as the route previously known via the interface (Eth0/0) has infinity metric.
10-The DUAL FSM caused the router to send an EIGRP update message about the subnet/network (3.3.3.3/32) out the interface (Eth0/1) toward (R1), and the reason for this is adding new interface which is (Eth0/1) on the EIGRP topology table for the topology with TID = 0 as this newly added route is the only successor route for the subnet/network (3.3.3.3/32) that is newly learned from R1.

Query and Reply operation:

As mentioned in the previous sections, when the EIGRP-speaking router lost its successor route for certain subnet/network in the EIGRP topology table and as well it has no feasible successor route for that subnet/network, it will change the state of that subnet/network to be “Active” which means that the DUAL FSM needs to make some computations and calculations regarding such subnet/netwok, so it needs to query from its EIGRP neighbors routing information about such subnet/network, hence it will send an EIGRP query message out all the EIGRP-enabled interfaces toward all the EIGRP neighbors trying to get routing information about such subnet/network. Once the EIGRP neighbors received the EIGRP query message, it will search  in the EIGRP topology table for the queried subnet/network, if it found successor or feasible successor route for such subnet/network, it will immediately send an EIGRP reply message with the FD of this successor/feasible successor route, while if it has neither successor nor feasible successor route, it will send an EIGRP query message out all the EIGRP-enabled interfaces except for the interface that received the first query from, so that the query is flooded till the neighbors received reply for all the query they sent. The following represents the topology that we use to explain the query and reply operation:

eigrp7

On this topology, all the EIGRP-enabled interfaces having the same EIGRP attributes:
1-Delay = 1000 in tens of Microseconds
2-BW = 10000 Kbps
Here we will not mention the other attributes (Load and Reliability) as by default they are not used in the EIGRP composite metric calculation equation.

R2 calculates the EIGRP composite metric for the three routes it have (from R1, R3 and R5), then it get the following:
1-The AD/RD of the route received from R1 = 435200, and Composite metric = 460800
2-The AD/RD of the route received from R3 = 528256, and Composite metric = 809600
3-The AD/RD of the route received from R5 = 809600, and Composite metric = 835200
Based on these calculations, we can deduce the following:
1-The first route known via (R1) has the best metric, hence it become the successor route, then it needs to compare the AD/RD of the other two routes with the FD of that successor route.
2-The AD/RD of the route known via (R3) is higher than FD of the successor router, hence this route is neither successor not feasible successor, so it will not be installed in the EIGRP topology table.
3-The AD/RD of the route known via (R5) is higher than FD of the successor router, hence this route is neither successor not feasible successor, so it will not be installed in the EIGRP topology table.
For this reason it will install only the first route known via (R1) in the EIGRP topology table and will be installed as well in the IP Routing table.

Now let’s see the topology and steps describing an example about the Query and Reply operation: regarding the subnet/network (3.3.3.3/32)

eigrp8

1-The EIGRP-enabled interface (Eth0/0) on R4 failed, for this reason this represents the second event that caused the DUAL FSM to do its work.
2-Once the EIGRP-enabled interface (Eth0/0) on R4 failed, it found that it has no feasible successor route in the EIGRP topology table for the subnet/network (3.3.3.3/32), for this reason it set the state of this subnet/network to be “Active”.
3-Once the subnet/network is marked as “Active”, R4 need to know routing information about this subnet/network, for this reason it will send an EIGRP query message out all the EIGRP-enabled interfaces to all the EIGRP neighbors, so it send the EIGRP query message out (Eth0/1) to R1 as well it will set the reply status flag (r) to be 1 for this neighbor (R1) and it use this flag to keep track of each query it sent, so it has to receive an EIGRP reply for all the queries it sent. The following figure represents the EIGRP query message sent by R4 to the multicast address 224.0.0.10 out Eth0/1 as seen on Wireshark:

eigrp-pak14

4-As mentioned before in the previous post 1-R&S/Enhanced Interior Gateway Routing Protocol (EIGRP) Part 1 , there are multiple types of EIGRP messages that should be reliability delivered by the RTP, the EIGRP query is one of them, hence once R1 received the EIGRP query message, it will respond with an EIGRP Ack message. The following figure represents the EIGRP Ack message sent by R1 to the unicast address of R4 out Eth0/1 as seen on Wireshark:

eigrp-pak15

5-Once R1 received the EIGRP query message from R4, it search in the EIGRP topology table for feasible successor router for the subnet/network (3.3.3.3/32), but unfortunately it didn’t find feasible successor route for such subnet/network, so it will mark it as “Active”,  as well R1 need to know routing information about this subnet/network, for this reason it will send an EIGRP query message out all the EIGRP-enabled interfaces to all the EIGRP neighbors, so it send the EIGRP query message out (Eth0/0) to R2 as well it will set the reply status flag (r) to be 1 for this neighbor (R1) and as mentioned before it use this flag to keep track of each query it sent, so it has to receive an EIGRP reply for all the queries it sent.
6-Once R2 received the EIGRP query message, it will respond with an EIGRP Ack message.
7-Once R2 received the EIGRP query message from R1, it search in the EIGRP topology table for feasible successor router for the subnet/network (3.3.3.3/32), but unfortunately it didn’t find feasible successor route for such subnet/network, so it will mark it as “Active”,  as well R2 need to know routing information about this subnet/network, for this reason it will send an EIGRP query message out all the EIGRP-enabled interfaces to all the EIGRP neighbors, so it send the EIGRP query message out (Eth0/1) to R3 and out (Eth0/2) to R5 as well it will set the reply status flag (r) to be 1 for the neighbors (R3) and (R5) and as mentioned before it use this flag to keep track of each query it sent, so it has to receive an EIGRP reply for all the queries it sent.
8-Once R3 and R4 received the EIGRP query message, they will respond with an EIGRP Ack message.
9-Once R3 and R5 received the EIGRP query message from R2, they search in the EIGRP topology table for feasible successor router for the subnet/network (3.3.3.3/32), and they  found feasible successor route for such subnet/network, so they will not mark it as “Active” and still “passive” so they will respond back by sending an EIGRP reply message out the EIGRP-enabled interfaces from where the EIGRP query message was received, so R3 will send the EIGRP reply message out (Eth0/1) to R2 and R5 will send the EIGRP reply message (Eth0/2) to R2. The following figure represents the EIGRP reply message sent by R3 and R4 to the unicast address of R2 out Eth0/1 and Eth0/2 respectively as seen on Wireshark:

eigrp-pak16

eigrp-pak17

10-As mentioned before in the previous post 1-R&S/Enhanced Interior Gateway Routing Protocol (EIGRP) Part 1 , there are multiple types of EIGRP messages that should be reliability delivered by the RTP, the EIGRP reply is one of them, hence once R2 received the EIGRP query message, it will respond with an EIGRP Ack message to both R3 and R5.
11-Once R2 received the EIGRP reply message from the two neighbors (R3) and (R5) that previously set the reply status flag (r) to be 1 for, right now it will clear this flag as it received the EIGRP reply message for all the sent EIGRP query messages, it will set the state of the route of this subnet/network to be “passive”, as well it will send an EIGRP reply message out (Eth0/0) to R1.
12-Once R1 received the EIGRP reply message, it will respond with an EIGRP Ack message to R2.
13-Once R1 received the EIGRP reply message from the neighbor (R2) that previously set the reply status flag (r) to be 1 for, right now it will clear this flag as it received the EIGRP reply message for all the sent EIGRP query messages, it will set the state of the route of this subnet/network to be “passive”, as well it will send an EIGRP reply message out (Eth0/1) to R4.
14-Once R4 received the EIGRP reply message, it will respond with an EIGRP Ack message to R2, previously it set the reply status flag (r) to be 1 for R1, right now it will clear this flag as it received the EIGRP reply message for all the sent EIGRP query messages, right now the route for the subnet/network become “passive” as it has feasible successor route for such subnet/network as the DUAL FSM completed its computations and claculations.

From the previous part we can deduce that when the EIGRP-speaking router send an EIGRP query message out certain EIGRP-enabled interface, then it should receive an EIGRP reply message from the neighbor(s) connected to that EIGRP-enabled interface. But what happened when the EIGRP-speaking router didn’t receive the EIGRP reply message ?? At this case the EIGRP-speaking router will wait for certain amount time to wait for the EIGRP reply message before declaring that the EIGRP neighbor that didn’t send the EIGRP reply message to be dead, this means that if it didn’t receive the EIGRP reply message from certain neighbor after this time expired, it will consider that neighbor to be dead, and this time is called by “Active Timer” and by default this timer is 180 seconds, as well the DUAL FSM  will change the state of the route to be “Stuck in Active” (SIA), which means that EIGRP-speaking router didn’t receive all the expected EIGRP replies that it should receive from the EIGRP neighbors it sent the EIGRP query before. When the EIGRP-speaking router didn’t receive the EIGRP reply message from certain neighbor, this means that it declare that neighbor to be dead, as well it consider that the neighbor responded with EIGRP reply message with “Infinity” metric to avoid still in (SIA) state, as SIA state can cause multiple issues, it can results in flapping the EIGRP adjacency with neighbor that failed to respond with EIGRP reply because of high utilization on the EIGRP-enabled links. To avoid SIA state, there should be an enhancement to the SIA operation to reduce the occurrence of SIA, and this is happened by introducing two new EIGRP messages (EIGRP SIAQuery) and (EIGRP SIAReply), at which the two new messages are used to avoid declaring the EIGRP neighbor that failed to respond with EIGRP reply message to be dead, once the EIGRP-speaking router send an EIGRP query message to neighbor, this neighbor itself has no feasible route for such queried subnet/network, for this reason it can’t send the EIGRP reply message immediately as it is still waiting for the EIGRP reply message to be received from the neighbor’s neighbors, for this reason the local EIGRP-speaking router can’t declare its neighbor to be dead as it didn’t receive the EIGRP reply message within the Active timer, for this reason the local EIGRP-speaking router can use the EIGRP SIAQuery message and send it to its neighbor as a method to verify that the neighbor is still alive and it is still waiting for the EIGRP reply message to be received from its own neighbors, then the neighbor will respond by sending the EIGRP SIAReply message, so once the local EIGRP-speaking router received the EIGRP SIAReply message, it doesn’t declare the neighbor to be dead and will wait for the normal EIGRP reply message to be received from this neighbor.

At the previous post i mentioned the RTP and how it works, RTP use the concept of Sequence/Acknowledge mechanism and it is a little bit similar to the mechanism used by TCP to provide the reliable delivery, this means that the EIGRP message must contain two fields, Sequence and Acknowledge fields that are used to provide the Sequence/Acknowledge mechanism, so when the EIGRP-speaking router send one of the EIGRP messages that require reliable delivery, it will include Sequence number in these messages, then it is expecting to receive an EIGRP Ack message from its neighbors with Acknowledge number equal to the Sequence number carried inside this EIGRP message.

But what happend if the EIGRP neighbors didn’t send an EIGRP Ack message ??

If the EIGRP-speaking router didn’t receive an EIGRP Ack message from its neighbor in case it sent an EIGRP message that is needed to be reliably delievered, it will do the following:

1-At the first the EIGRP-speaking router sent the EIGRP message that is needed to be reliably delievered to the multicast destination address “224.0.0.10”.
2-It will wait for certain time to wait for the EIGRP Ack message before retransmitting the EIGRP message again, this time is called by “Multicacst Flow Timer”.
3-Once the Multicast Flow Timer expired, it will retransmit the EIGRP message as unicast to the EIGRP neighbor that didn’t respond with the EIGRP Ack message.
4-Once the the EIGRP-speaking router sent the unicast EIGRP message, it will wait for certain time to wait for the EIGRP Ack message before retransmitting  the unicast EIGRP message again, this time is called b “Retransmssion TimeOut” (RTO).
5-If the EIGRP-speaking router didn’t receive an EIGRP Ack message after 16 unicast retransmission, it will declare the EIGRP neighbor that didn’t send the EIGRP Ack message to be dead, hence the EIGRP adjacency with that neighbor become down.

Note: The Multicast Flow timer and Retransmssion TimeOut (RTO) values are calculated based on certain time value called by “Smooth Round Trip Time” (SRTT), and this value is calculated by the EIGRP-speaking router for every EIGRP neighbor it form an adjacency with, and this value represents the average round trip time between the router transmit an EIGRP message and receive the Ack message from the neighbor, actually the equations used to calculate SRTT, Multicast Flow Timer and RTO values are not mentioned by Cisco.

 

In the next post i will talk about the EIGRP configuration and verification commands from CLI point of view.

Hope that the post is helpful.

Regards

Mostafa Hamza

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s