1 / 37

路由协议 -EIGRP

Module 4-5. 路由协议 -EIGRP. EIGRP 特征. 高级的距离矢量路由协议 快速收敛 100% 无环路由协议 配置简单 触发更新 可以支持等价和不等价负载均衡. 灵活的网络的设计 组播或单播更新 支持 VLSM 、不连续子网 在网络中的任意节点手工汇总 支持多种网络层协议. EIGRP 表. 术语:. 可行距离: 邻居报告的度量值+报告此路由的邻居度量值 被报告距离值: 邻居报告到达远程网络度量 继任者: 到达远端网络最佳路由,用于转发业务的路由,存在路由表 可行继任者: 是一条路径,并且比可行距离差,认为是备份路由.

hieu
Download Presentation

路由协议 -EIGRP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 4-5 路由协议-EIGRP

  2. EIGRP 特征 • 高级的距离矢量路由协议 • 快速收敛 • 100% 无环路由协议 • 配置简单 • 触发更新 • 可以支持等价和不等价负载均衡 • 灵活的网络的设计 • 组播或单播更新 • 支持VLSM、不连续子网 • 在网络中的任意节点手工汇总 • 支持多种网络层协议

  3. EIGRP 表

  4. 术语: • 可行距离: • 邻居报告的度量值+报告此路由的邻居度量值 • 被报告距离值: • 邻居报告到达远程网络度量 • 继任者: • 到达远端网络最佳路由,用于转发业务的路由,存在路由表 • 可行继任者: • 是一条路径,并且比可行距离差,认为是备份路由

  5. 邻居发现、路由表建立 • EIGRP路由器彼此交换路由必须是邻居,建立邻居关系要满足一下三点: • 收到hello或ACK • 匹配AS号 • 相同度量 • 三表: • 邻居关系表:保存邻接邻居状态信息,端口地址,以建立的邻居关系 • 拓扑表:由协议独立模块生成,根据DUAL操作。包含所有邻接路由器的通告的目的地及保持中的每个目的地地址,以及通告这些目的地邻居的列表。互联网中每个路由器从每个邻居接受到的路由通告 • 路由表:当前使用的用于路由判断的路由 • 度量: • 带宽,延迟,负载,可靠性,最大传输单元

  6. 可靠传输协议 • 当EIGRP发送组播数据给邻居时,没有从某个邻居得到应答,则单播重发同样数据,16次后仍然没有应答,则宣告邻居消失,即可靠组播。 • 通过为每个数据包指定一个序列号,路由器可保持对所发信息的追踪。

  7. 弥散更新算法 • DUAL为EIGRP提供所有协议中尽可能快的路由汇聚时间。做到两点: • EIGRP路由器维持所有邻居的路由拷贝 • 若没有可替代路由,eigrp快速询问邻居查找

  8. EIGRP 路径计算

  9. EIGRP 配置 RouterX(config)# router eigrp autonomous-system RouterX(config-router)# network network-number

  10. 不连续子网 • EIGRP, 默认情况下不能宣告子网掩码, 因此不能支持不连续子网

  11. EIGRP 关闭自动汇总 no auto-summary • EIGRP 在使用 no auto-summary 可以支持不连续子网.

  12. 验证 the EIGRP 配置 RouterX# show ip route eigrp • 查看EIGRP路由表 RouterX# show ip protocols • 查看协议当前进程、状态 RouterX# show ip eigrp interfaces • 查看接口上配置EIGRP配置信息 RouterX# show ip eigrp interfaces IP EIGRP interfaces for process 109                     Xmit Queue    Mean   Pacing Time   Multicast   Pending Interface   Peers   Un/Reliable   SRTT   Un/Reliable   Flow Timer  Routes Di0           0         0/0          0      11/434          0          0 Et0           1         0/0        337       0/10           0          0 SE0:1.16      1         0/0         10       1/63         103          0 Tu0           1         0/0        330       0/16           0          0

  13. 验证 the EIGRP 配置 RouterX# show ip eigrp neighbors [detail] • 查看EIGRP邻居表 RouterX# show ip eigrp neighbors IP-EIGRP Neighbors for process 77 Address Interface Holdtime Uptime Q Seq SRTT RTO (secs) (h:m:s) Count Num (ms) (ms) 172.16.81.28 Ethernet1 13 0:00:41 0 11 4 20 172.16.80.28 Ethernet0 14 0:02:01 0 10 12 24 172.16.80.31 Ethernet0 12 0:02:02 0 4 5 20

  14. 验证 the EIGRP 配置 RouterX# show ip eigrp topology [all] • 查看EIGRP的拓扑表 RouterX# show ip eigrp topology IP-EIGRP Topology Table for process 77 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776 via 172.16.80.28 (46251776/46226176), Ethernet0 via 172.16.81.28 (46251776/46226176), Ethernet1 via 172.16.80.31 (46277376/46251776), Serial0 P 172.16.81.0 255.255.255.0, 2 successors, FD is 307200 via Connected, Ethernet1 via 172.16.81.28 (307200/281600), Ethernet1 via 172.16.80.28 (307200/281600), Ethernet0 via 172.16.80.31 (332800/307200), Serial0

  15. 验证 the EIGRP 配置 RouterX# show ip eigrp traffic • 查看路由器上EIGRP发送和接受数据包信息量 RouterX# show ip eigrp traffic IP-EIGRP Traffic Statistics for process 77 Hellos sent/received: 218/205 Updates sent/received: 7/23 Queries sent/received: 2/0 Replies sent/received: 0/2 Acks sent/received: 21/14

  16. debug ip eigrp RouterX# debug ip eigrp IP-EIGRP: Processing incoming UPDATE packet IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960 IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960 IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 – 256000 104960 IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200 IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480 IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400 IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080 IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1 • Note: EIGRP routes are exchanged only when a change in topology occurs.

  17. EIGRP Metric • EIGRP 计算 metric 的标准选项 : • Bandwidth • Delay • EIGRP 计算 metric的可选项: • Reliability • Load • Note:尽管在EIGRP在邻居之间传输数据包时包括MTU,单数MTU并没有被用来计算metric值

  18. EIGRP Metric • bandwidth=(10000000/(min)bandwidth)*256 • delay=(sum)delay*256 • 若k5=0,则 • metric=[k1*bandwidth+(k2*bandwidth)/(256-load)+k3*delay] • 若k5!=0,则计算 • metric=[k1*bandwidth+(k2*bandwidth)/(256-load)+k3*delay]+[k5/(reliability+k4)] • default k-values: • k1=1;k2=0;k3=1;k4=0;k5=0 • metric=((min)bandwidth+(sum)delay)*256

  19. EIGRP 负载均衡 • 默认情况下,EIGRP支持等价负载均衡: • 可以支持多达四条路径的等价负载均衡. • 最大可以支持16条路径的等价负载均衡: • 通过使用maximum-paths命令更改这个路径的值.

  20. EIGRP 非等价负载均衡 RouterX(config-router)# variance multiplier • 到达同一目的地的条目中metric值小于variance multiplier乘以最小metric值的条目才可以提供负载. • 默认的 variance 为 1, 这就意味着等价负载均衡.

  21. Variance 举例: • 路由器E选择C作为到达172.16.0.0网络的路径,因为这里的距离最小为20. • 配置 variance 为 2, router E 也会选择B作为到达172.16.0.0网络的路径 (20 + 10 = 30) < [2 * (FD) = 40]. • D不能作为可行继任者 (because 25 > 20).

  22. EIGRP MD5 验证 • EIGRP 支持 MD5 验证. • 路由器为每个自己发送出去的数据包加密. • 路由器会验证接收到来自任何远端的路由更新包. • 每一个最为该路由器邻居的路由器必须拥有相同的密钥.

  23. EIGRP MD5 Authentication 配置步骤 • 创建一个 keychain, 一组可能的密钥 (passwords). • 分配一个key ID 给每一个密钥. • 定义密钥. • (可选项) 指定密钥持续的时间. • 在接口上使能 MD5 验证. • 指定使用 keychain 的接口.

  24. 配置 EIGRP MD5 Authentication RouterX(config)# key chain name-of-chain • Enters the configuration mode for the keychain RouterX(config-keychain)# key key-id • Identifies the key and enters the configuration mode for the key ID

  25. 配置EIGRP MD5 Authentication (Cont.) RouterX(config-keychain-key)# key-string text • Identifies the key string (password) RouterX(config-keychain-key)# accept-lifetime start-time {infinite | end-time | duration seconds} • (Optional) Specifies when the key is accepted for received packets RouterX(config-keychain-key)# send-lifetime start-time {infinite | end-time | duration seconds} • (Optional) Specifies when the key can be used for sending packets

  26. 配置EIGRP MD5 Authentication (Cont.) RouterX(config-if)# ip authentication mode eigrp autonomous-system md5 • Specifies MD5 authentication for EIGRP packets RouterX(config-if)# ip authentication key-chain eigrp autonomous-system name-of-chain • Enables authentication of EIGRP packets using the key in the keychain

  27. Example EIGRP MD5 Authentication Configuration RouterX <output omitted> key chain RouterXchain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 04:01:00 Jan 1 2006 key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite <output omitted> ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.101 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 RouterXchain

  28. Example EIGRP MD5 Authentication Configuration (Cont.) RouterY <output omitted> key chain RouterYchain key 1 key-string firstkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite key 2 key-string secondkey accept-lifetime 04:00:00 Jan 1 2006 infinite send-lifetime 04:00:00 Jan 1 2006 infinite <output omitted> ! interface Serial0/0/1 bandwidth 64 ip address 192.168.1.102 255.255.255.224 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 RouterYchain

  29. 验证 MD5 Authentication RouterX# *Jan 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102 (Serial0/0/1) is up: new adjacency RouterX#show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.102 Se0/0/1 12 00:03:10 17 2280 0 14 RouterX#show ip route <output omitted> Gateway of last resort is not set D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:31:31, Null0 C 172.16.1.0/24 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.96/27 is directly connected, Serial0/0/1 D 192.168.1.0/24 is a summary, 00:31:31, Null0 RouterX#ping 172.17.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

  30. Visual Objective 5-1: Implementing EIGRP

  31. Summary • EIGRP 是一个无类、高级距离矢量路由协议,使用DUAL算法. • EIGRP 只有在AS号相同的路由器上才会同步路由信息. • EIGRP 能够支持等价或不等价的负载均衡. • EIGRP 支持MD5验证

  32. Components of Troubleshooting EIGRP

  33. Troubleshooting EIGRP Neighbor Issues

  34. Troubleshooting EIGRP Routing Tables

  35. Troubleshooting EIGRP Authentication A successful MD5 authentication between RouterX and RouterY RouterX# debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1 *Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.102 *Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0 RouterY# debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) RouterY# *Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2 *Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/1 nbr 192.168.1.101 *Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 pe erQ un/rely 0/0

  36. Troubleshooting EIGRP Authentication Problem Unsuccessful MD5 authentication between RouterX and RouterY when RouterX key 2 is changed RouterX(config-if)#key chain RouterXchain RouterX(config-keychain)#key 2 RouterX(config-keychain-key)#key-string wrongkey RouterY#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) RouterY# *Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch *Jan 21 16:50:18.749: EIGRP: Serial0/0/1: ignored packet from 192.168.1.101, opc ode = 5 (invalid authentication) *Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication *Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/1 *Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 *Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101 (Serial0/0/1) is down: Auth failure RouterY#show ip eigrp neighbors IP-EIGRP neighbors for process 100 RouterY#

More Related