Kali ini kita akan belajar EIGRP…versi CCNP alias lebih dalam kita ubek2 EIGRP ini

Kalau mau refreshing tentang EIGRP..nih link nya EIGRP

*psst…sory klo ga jelas….ini lebih ke catetan gw tentang CCNP-Route…mainly tentang EIGRP, hehe, klo lo ngerti sukur…ga ngerti ya sudah…yang penting gw ngerti 😛

EIGRP Overview (CCNA)

Cisco IOS menggunakan router eigrp asn command, dan 1 atau lebih network net-id wildcard-mask subcommands, untuk meng-enable EIGRPnya di router dan di interface yang mau dipasang EIGRPnya.

  1. Neighboring routers’ router eigrp asn commands harus di konfigur dengan
    Dengan ASN yang sama
    . (ASN = Autonomous System Number, musti sama dengan tetangganya)
  2. IOS hanya meng-enable EIGRP di interfaces yang match dengan EIGRP network command. When enabled, the router does the following:
    1. Attempts to discover EIGRP neighbors on that interface by sending multicast EIGRP Hello messages
    2. Advertises to other neighbors about the subnet connected to the interface (“woi…mo ke router X lewat gw aja…ada jalan nih..“)
  3. If no wildcard-mask is configured on the EIGRP network command, the command’s single parameter should be a classful network number (in other words, a class A, B, or C network number).
  4. (and then) If no wildcard-mask is configured on the EIGRP network command, the command enables EIGRP on all of that router’s interfaces directly connected to the configured classful network.
  5. If the network command includes a wildcard-mask, the router performs wildcard-mask logic when comparing the net-id configured in the network command with each interface’s IP address. (liat link OSPF tentang wildcard-mask)

Figure 1 Important EIGRP Verification

EIGRP follows three general steps to add routes to the IP routing table, as follows:

  • Step 1. Neighbor discovery: EIGRP routers send Hello messages to discover potential neighboring EIGRP routers and perform basic parameter checks to determine which routers should become neighbors.
  • Step 2. Topology Exchange: Neighbors exchange full topology updates when the neighbor relationship comes up, and then only partial updates as needed based on changes to the network topology.
  • Step 3. Choosing Routes: Each router analyzes their respective EIGRP topology

*Di CCNP kita bakal focus ke Point ke-2 dan ke-3

————————————————————————————————–

Exchanging Tolopogy Information

An EIGRP router builds IP routing table entries by processing the data in the topology table. Unlike OSPF, which uses a computationally complex SPF process, EIGRP uses a computationally simple process to determine which, if any, routes to add to the IP routing table for each unique prefix/length.

  • First, the EIGRP neighbor table lists the neighboring routers. (di listing dulu tetangga2nya..di bikin catetan di “otak”nya router)
  • Second, the EIGRP topologytable holds all the topology information learned from EIGRP neighbors. (baru bikin topologynya-canggih kan???)
  • Finally, EIGRP chooses the best IP routes and places those into the IP routing table (baru deh milih best route nya-ini fitur Cisco yang melebihkan mereka diatas vendor2 yang lain…gw objektif loh..ga subjektif..wkwkwk)

*partial update…klo ada topology berubah dari salah satu router…tinggal di kirim yang BERUBAH nya aja…ga perlu semua

———————————————————————————————————-

Calculating The Best Route

Gw sih males ngitung2 rumus kek gini….:lol:

topics related to EIGRP neighborship, specifically (yg CCNP bahas):

Manipulating EIGRP Hello and Hold Timers

Controlling whether routers become neighbors by using either passive interfaces or statically defined neighbors

Authenticating EIGRP neighbors

Examining configuration settings that can prevent EIGRP neighborships

————————————————————————————————————————————–

Manipulasi EIGRP Hello dan Hold Timers

Default Hello timer = 5s

Default Hold timer = 15s

Untuk mengoptimalkan konvergensi network, an engineer could simply reduce the Hello and Hold Timers, accepting insignificant additional overhead, in return for shorter convergence times. These settings can be made per interface/subinterface, and per EIGRP process.

EIGRP can also use the Bidirectional Forwarding Detection (BFD) feature that provides a means for subsecond detection of a failure in IP connectivity between two neighboring routers. (Ga dibahas di CCNP)

*BFD alias deteksi forwarding 2 arah…adadi IOS 12.2(18) keatas…harus meng-enable Cisco Parallel eXpress Forwarding (PXF) (secara default udah di enable)…ibaratnya “router A kirim paket ke B….si B ga jawab2…nah si B juga nunggu2 nih…koq si A ga kirim2 paket lagi ??? si B memutuskan untuk GANTIAN dia yang kirim paket“…sekali lagi…ga dibahas di CCNP

😆

Settingan Hello dan Hold TIDAK PERLU MATCH dalam konfigurasi EIGRP

The Hold Timer does not have to be three times the Hello timer, but the 3:1 ratio is a reasonable guideline (contoh hold timer 9 detik…helo timer 1 detik = 3:1 ratio)

Example dari setting Hello dan Hold timer di EIGRP

(setting2an awal EIGRP ga perlu dijelasin lagi)

Kita setting disini ASN nya adalah 9

The interesting point about these commands is that one parameter (the Hello interval) tells R1 what to do, whereas the other (the Hold Timer) actually tells the neighboring routers what to do. (ibaratnya: “cui…gw setting diri gw untuk kirim halo ke elu tiap 2 detik interval yah !!, nah ELO TUNGGU sampai 6 detik kalau gw ga ada kabar, baru lo ngeluarin gw dari routing table lo“)

Verifying Hello/Hold Timer

show ip eigrp interface type number detail

contoh: #show ip eigrp int fa0/0 | ?

*tanda Tanya “?” disini bisa dilihat optionnya

Contoh gambar jika masing2 router mengirimkan helo dalam waktu yang berbeda

On Cisco CLI


————————————————————————————————-

——————————————————————————————————-

Preventing unwanted neighbors using passive interface

Kasus EIGRP…klo router A punya network 10.0.0.0 dan B juga 20.0.0.0 dan C juga 30.0.0.0, A dan B ingin saling update EIGRP Packet, tapi A ke C atau B ke C ingin tidak kirim paket IEGRP….untuk itu diperlukan namanya passive interface(bukan passive state…beda ya…)

When an EIGRP network configuration sub-command matches an interface, EIGRP on that router does two things:

  1. Attempts to find potential EIGRP neighbors by sending Hellos to the 224.0.0.10 multicast address
  2. Advertises about the subnet connected to that interface

to advertise about the subnet, but disallow EIGRP neighborships on the interface—an engineer has two main configuration options to add to the implementation plan:

  1. Enable EIGRP on the interface using the EIGRP network command, but tell the router to not send any EIGRP messages on the interface by making the interface passive (using the passive-interface command).
  2. Do not enable EIGRP on the interface, and advertise about the connected route using route redistribution (and the redistribute connected configuration command).

Ketika sebuah interface menjadi passive-interface, EIGRP ga send EIGRP messages di interface itu – baik multicast maupun unicast – dan router ignores any EIGRP messages received on the interface. Tapi, EIGRP tetap meng-advertise about subnet2 yang terkoneksi di interface itu JIKA
match dengan EIGRP network command.
(klo match dengan network 10.0.0.0 bla bla bla…ketemu kasus begini…eigrp router tetep akan meng-advertise subnet2nya, selain itu…ya passive-interface…ga ngirim ga nerima). As a result, the first option in the preceding list directly meets all design requirements. It has the added advantage of being very secure in that no EIGRP neighborships are possible on the interface.

Konfigurasi passive interface

Gimana klo interface banyak….trus lo konfig satu-satu donk ????ada contoh buat lebih simple (simple ato engga tergantung elo..kadang router interfacenya ga kayak switch yang banyak ^_^ )

Passive-interface Default = semua port jadi passive interface, Kecuali yang di no passive-interface

Verify Passive Interface

  • show ip eigrp interfaces command omits passive interfaces, listing the non passive interfaces matched by a network command.
  • Alternatively, the show ip protocols command explicitly lists all passive interfaces.

————————————————————————————————————————

Authentication for EIGRP Packet

Buat apa EIGRP butuh Authentikasi ??

Karena ditujukan untuk prevent Denial of Service (DoS), koq bisa ???

Nih2….bahasa Cisco nya..(males jelasin lagi gw…wkwkkw)

From a design perspective, EIGRP authentication helps prevent denial of service (DoS) attacks, but it does not provide any privacy. The EIGRP messages can be read by the device that physically receives the bits. Note that on LANs, the updates flow to the 224.0.0.10 (LAN update alias lingkungan local computer pasti update2an pake IP ini) multicast IP address, so any attacker could join the 224.0.0.10 multicast group and read the packets. However, authentication prevents attackers from forming neighborships with legitimate routers, preventing the advertisement of incorrect routing information.

*di ulang dengan dibantu kata2 gw…wkwkkw = From a design perspective, EIGRP authentication helps prevent denial of service (DoS) attacks, but it does not provide any privacy. Device2 yang terhubung ke router EIGRP tetep dapet updateWALAUPUN dengan adanya authentikasi dia ga bisa jadi tetangga karena ga match “key” nya

The EIGRP authentication configuration process requires several commands, which are summarized as follows:

  1. Create an (authentication) key chain:
    1. Create the chain and give it a name with the key-chain name global command (also puts the user into key chain config mode). The name does not have to match on the neighboring routers.
    2. Create one or more key numbers using the key number command in keychain configuration mode. The key numbers do not have to match on the neighboring routers.
    3. Define the authentication key’s value using the key-string value command in key configuration mode. The key strings must match on the neighboring routers.(Optional) Define the lifetime (time period) for both sending and accepting each key string.
  2. Enable EIGRP MD5 authentication on an interface, for a particular EIGRP ASN, using the ip authentication mode eigrp asn md5 interface subcommand.
  3. Refer to the correct key chain to be used on an interface using the ip authentication key-chain eigrp asn name-of-chain interface subcommand

Ga ngerti ??ribet ???sama gw juga 😆

Gini2…untuk router A dan router B bisa saling tuker2an paket dibutuhkan authentikasi…caranya ??

A: “gw buat kunci

B: “gw juga buat kunci yah…” (kunci A dan B harus sama2 buat kunci)

A: “…gw namain kunci rumah_A

B: “gw namain kunci rumah_B” (kunci A dan B namanya boleh beda)

A: “bentuk kunci gw kek gini *gambar bentuk*

B:”oke…bentuk kunci gw JUGA kek gini *gambar bentuk*” (ini yang mesti sama….bentuk kuncinya harus sama, klo mau masuk ke rumah yang laen…kunci sama = bisa masuk rumah yang laen)

A:”kunci ini KALAU LO MAU…berlaku dari hari ini sampe besok yah…nanti ganti lagi kuncinya klo uda lewat waktunya

B:”ok” (define..lifetime period, “kunci ini kadaluarsa tanggal segini bulan segini“)

Note: konfigurasi dibawah dilakukan di global config mode ( router(config)#key-chain carkeys )

Koq “kunci” nya ada 2 ?? bisa lebih koq…itu namanya multiple chain concept…rante kunci yg isi kuncinya banyak…1 gagal ada yang laen, kek kunci rumah lo aja..1 ring isinya banyak kunci..cobain aja satu2 ke lobang kunci…sapa tau ada yg match…haha

The existence of multiple keys in a key chain, and the existence of valid lifetimes for each key, can cause some confusion about when the keys are used. The rules can be summarized as follows:

  • Sending EIGRP messages: Use the lowest key number among all currently valid keys. (contohnya adalah rante kunci diatas, berarti pake key nomor 1 – fred key)
  • Receiving EIGRP message: Check the MD5 digest using ALL currently valid keys. (di cek…yg bener yang mana…masa nerima kunci yang sala…berarti ??? ya cobain satu2..^_^ )

Untuk verifikasi keychain

——————————————————————————————————————–

Controlling Neighborships with static Configuration

Walaupun jarang dipakai…tapi cara ini (konfig manual) berguna untuk men-reduce overhead dari packet2 multicast EIGRP. Metode koneksi yang paling diuntungkan disini adalah Frame Relay WAN yang memang mensupport multicast dan broadcast over frame relay, yang mana router harus menduplikat sebuah frame dan ngirim kopiannya ke semua PVC yang terasosiasikan ke sebuah interface atau subinterface.

Contoh, jika sebuah multicast subinterface ada 10 PVC yang terasosiasikan dengan dirinya, tetapi hanya 2 remote router yang menggunakan EIGRP, artinya…10 PVC (termasuk yang bukan EIGRP) akan dikirim kopian dari EIGRP multicast hello paket. Kalau pake Static..ya Cuma 2 PVC yang pake EIGRP aja yang dikirim

Contoh gambar (PVC nya 3 aja..cape gila copas2,gambar2, etc):

  • Untuk membentuk neighbor, masing2 router (yg ingin tetanggaan) harus meng-configure neighbor ip-address outgoing-interface
    EIGRP router subcommand. IP Addressnya adalah IP address dari interface router
  • Also, the configured IP address must be from the SAME subnet connected to the interface listed in the neighbor command; otherwise, the command is rejected.
  • Also, note that the EIGRP configuration does not have to include a network command that matches the interface; EIGRP will still advertise about the subnet connected to the interface

IOS nya cisco men-disables all EIGRP multicast packet processing di sebuah interface ketika EIGRP neighbor command has been configured.

Termasuk juga ketika di suatu interface (contoh FastEthernet) yang tadinya dynamic EIGRP dipasang menjadi statis…akan menghilangkan neighbors2 yang ada dan akan menghilangkan “discovery” system nya

Configuring K-Values in EIGRP

K-value = simplenya…konfigur metric….konfigur seberapa jauh sih satu router kirim paket ke router lain

Ribet nya….tuh yang diatas…”Calculating the best route”

Note :Mismatched k-value settings prevent two routers from becoming neighbors

K itu apa ?? itu command yang dipakai diatas tadi…di #metric weight [ToS (Type of Service), belajar ginian di CCIP – QoS] [k1] [k2] [k3] [k4] [k5]

k1 = bandwidth (yg sering dipakai)
k2 = load (yg sering dipakai)
k3 = delay
k4 = reliability
k5 = MTU

klo untuk konfigur HANYA delay….

Masuk ke interface ->set delay nya

Router(config)#int fa0/0

Router(config-if)#do sh int fa0/0 //verify delaynya liat secara detail..apa aja yg ada di interface fa0/0 (termasuk delaynya)

Router(config-if)#delay [set berapa micro second]

—————————————————————————————————————————-

EIGRP Router-ID

EIGRP uses a concept of a representing each router with a router ID (RID). The EIGRP RID is a 32-bit number, represented in dotted decimal. Each router determines its RID when the EIGRP process starts, using the same general rules as does OSPF for determining the OSPF RID, as follows:

  1. Use the configured value (using the eigrp router-id a.b.c.d EIGRP subcommand). Contoh:
    1. router(config)#router eigrp 1
    2. router(config-router)#ei ro 10.10.10.10
  2. Use the highest IPv4 address on an up/up loopback interface.
  3. Use the highest IPv4 address on an up/up non-loopback interface.

Although EIGRP does require each router to have an RID, the actual value is of little practical importance. The EIGRP show commands seldom list the RID value, and unlike for the OSPF RID, engineers do not need to know each router’s EIGRP RID to interpret the EIGRP topology database. Additionally, although it is best to make EIGRP RIDs unique, duplicate RIDs do not prevent routers from becoming neighbors. The only time the value of EIGRP RIDs matters is when injecting external routes into EIGRP. In that case, the routers injecting the external routes must have unique RIDs to avoid confusion.

———————————————————————————————————————————–

EIGRP Neighborship over Frame Relay

  • Frame Relay provides a Layer 2 WAN service
  • Each router connects to the service using a physical serial link, called a Frame Relay access link. (konek ke ISP penyedia frame relay nya)
  • The provider then creates logical connection called permanent virtual circuits (PVCs)

Any pair of routers that connect to the ends of a Frame Relay PVC can send Frame Relay frames to each other, IP packets, and they can become EIGRP neighbors

(ga ada konfig nya…map sodara-sodara, tapi intinya ya EIGRP bisa di gunakan di Frame Relay)

Neighborship on MPLS

Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) create a WAN service that has some similarities but many differences when compared to Frame Relay. The customer routers connect to the service, biasanya pake serial links, tapi kadang pake Frame Relay PVCs ato mungkin pake Ethernet. The service itself is a Layer 3 service, forwarding IP packets through the cloud. As a result, no pre-defined PVCs need exist between the customer routers. Additionally, service ini (MPLS VPN) menggunakan router yang ada di edge of service provider cloud—generically called provider edge (PE) routers—and these routers are Layer 3 aware.

That Layer 3 awareness means that the customer edge (CE) routers form an EIGRP neighborship with the PE router on the other end of their local access link, as shown in Figure below

PE routers exchange their routes, typically using Multiprotocol BGP (MP-BGP), a topic outside the scope of this book. However, all the CE routers then learn routes from each other, although each CE router has only one EIGRP neighborship for each of its connections into the MPLS VPN cloud.

*a topic outside the scope of this book…MPLS itself is in CCIP & CCIE…not in CCNP

(no wonder gue don’t understand much…wkwkwk)

Neighborship on Metro Ethernet (MetroE)

Sebelumnya…apa sih metro Ethernet itu ??A Metro Ethernet is a computer network that covers a metropolitan area and that is based on the Ethernet standard (Wikipedia banget nih gw)

Untuk CCNP kita lebih focus di Metro Ethernet yang bernama Virtual Private Wire Service (VPWS) and the Virtual Private LAN Service (VPLS). Both technical specifications allow for connections using Ethernet links (kabel RJ-45 Ethernet, FastEthernet, GigaEthernet), with the service forwarding Ethernet frames.

  • VPWS focuses on point-to-point topologies
  • VPLS supports multipoint, approximating the concept of the entire WAN service acting like one large Ethernet switch

Because it is a Layer 2 service,MetroE does not have any Layer 3 awareness, and the customer routers (typically referenced as with the more general service provider term customer premise equipment, or CPE) see the MetroE service as a VLAN. Because the customer routers connect to the service as a VLAN, all the routers connected to the service can become EIGRP neighbors

Ada kasus….contoh gambar diatas

Anggaplah R2,R3,R4 SEMUANYA terhubung ke R5 (ga ada di gambar)

R1 -> R2 metric nya 10 (successor)

R1 -> R3 metric nya 10 (successor)

R1 -> R4 metric nya 30 (feasible successor)

Jika R1 mau ke R5…otomatis yang dipilih R2 dan R3 kan ? (metricnya paling kecil = 10) PLUS di load balancing (karena R2 & R3 metric sama…otomatis EIGRP kirim ke 2 router itu traffic nya, 50:50 -> load balancing)

Nah…gimana caranya kita pengen R4 PUN ikut dalam “successor”nya R1 (dengan alasan yang bervariasi tentunya)

Caranya adalah dengan metode variance

Contoh:

R1(config)#ro ei 1

R1(config-router)#variance 4

Gimana “cara kerjanya” ???

  • successor metric adalah 10…nah variance 4 ini memberitahu router R1 bahwa metric successor (HANYA successor) dikalikan ANGKA variance..yaitu 4…jadi 4*10 = 40 (metric successor sendiri ga berubah)
  • Nah angka 40 ini akan dilihat router dan diartikan…”YANG MENJADI SUCCESSOR SAYA ADALAH METRIC-METRIC yang berada di ANGKA 40 dan dibawahnya (>= 40)” (prioritas pasti metric yang lebih kecil kan?)
  • Jadi….R2 dan R3 sudah pasti masuk….karena metricnya menjadi 40…DANNNN R4 pun masuk menjadi successor juga, karena metricnya dibawah 40…yaitu 30….

Jadi di topology EIGRP R1 adalah seperti dibawah ini:

R1 -> R2 metric nya 10 (successor)

R1 -> R3metric nya 10 (successor)

R1 -> R4 metric nya 30 (successor)

Trus jika R1 -> R2 & R3 adalah FastEthernet

dan R1 -> R4 adalah Ethernet yang kecepatannya adalah 10Mbps (FastE kecepatannya adalah 100Mbps)

(apabila variance diterapkan) makanya R1 akan mengirimkan trafficnya ke R2,R3,R4 dengan kecepatan 10Mbps (ngikutin yang paling rendah…yaitu Ethernet…ga mungkin kan ngikutin FastE yang 100Mbps ???)

kasus diatas dengan Variance dan mengirimkan traffic di media/medium yang berbeda inilah yang disebut dengan UNEQUAL LOAD BALANCING