IP CONNECTIVITY 3/6

How a router makes a forwarding decision

We all know when a packet reaches a router interface, the router will send the packet to the
destination. But how can a router determines which route is the best to use to send the packet? In
this tutorial we will learn more about how a router makes the forwarding decision.

To make the routing decision, the router must first build a table which contains all the best
routes. When the packets arrive, the router just needs to check this table to choose the best
match. This is called the routing table.

So what are stored in the routing table of a router? Let’s have a look with the “show ip route”
command which will display the routing table of the local router.

R1# show ip route

--output omitted--
D 192.168.20.0/26 [90/24513456] via 10.10.10.1
R 192.168.20.0/24 [120/5] via 10.10.10.2
O 192.168.0.0/19 [110/219414] via 10.10.10.13
D 192.168.20.0/27 [90/4123710] via 10.10.10.12
D 192.168.20.0/25 [90/14464211] via 10.10.10.11
S* 0.0.0.0/0 [1/0] via 10.10.10.14

There are some notes about this routing table:

1. We see many routes of 192.168.20.0 with different prefix lengths (subnet masks) in this
routing table. For example “/26”, “/24”, “/19″… This is normal because routes with
different prefix lengths are considered different routes.
2. The routes of 192.168.20.0 were learned via different routing protocols, which are
symbolized by different letters at the beginning of each entry. For example, letter “D”
means “EIGRP”; letter “O” means “OSPF”, letter “R” means “RIP”.
3. The next hop of each entry is the IP address after the word “via”. For example we have
next hops of 10.10.10.1, 10.10.10.2, 10.10.10.13…

Suppose R1 received a packet destined to 192.168.20.57. Which next hop will the router choose
for the packet?
 The router chooses the best path in the routing table based on this single rule:

Longest Prefix Matching Rule: The longest prefix that matches the route is preferred.

Let’s check from longest prefix down to shortest prefix:

+ 192.168.20.0/27 ranges from 192.168.20.0 – 192.168.31 so the IP address 192.168.20.57
does not belong to this prefix -> ignore.
+ 192.168.20.0/26 ranges from 192.168.20.0 – 192.168.20.63 so the IP address 192.168.20.57
belongs to this prefix -> router will choose this route to forward packets. We don’t need to check
other shorter prefixes like /25 or /19.

To find out the range of each prefix you need to do subnetting well. If you still cannot do
subnetting in your head then please read our Subnetting Tutorial – Subnetting Made Easy.

Wait, how about Administrative Distance and Metric values?

Maybe you will be surprised when we say “longest prefix match” is the only rule that the router
uses to choose the path. Yes, in fact it is correct for routes that were installed into the
routing table. The Administrative Distance (AD) and Metric values are only used to choose which
prefixes will be installed into the routing table.

Let’s learn more about how these two values are used before a route is chosen to install into the
routing table:

1. Lowest AD value: Same prefixes (which means same routes with same prefix lengths) use the
Administrative Distance to choose the route to install into the routing table. For example, our
router learns of the following networks via different routing protocols as follows:

• 192.168.1.0/24 using OSPF (AD = 110) with next hop IP of 10.1.1.1

• 192.168.1.0/24 using RIP (AD = 120) with next hop IP of 10.1.2.1
• 192.168.1.0/24 using EIGRP (AD = 90) with next hop IP of 10.1.3.1
Then the third route with EIGRP will be installed into the routing table as the AD of EIGRP is
smallest.

2. Lowest Metric value: This value is used as a tie-break when same prefixes have same AD.
The route with the lowest metric is preferred. Use the same example above but with metric
values:

• 192.168.1.0/24 using OSPF (AD = 110) with next hop IP of 10.1.1.1

• 192.168.1.0/24 using RIP (AD = 120) with next hop IP of 10.1.2.1
• 192.168.1.0/24 using EIGRP (AD = 90) with metric of 30000 and next hop IP of 10.1.3.1
• 192.168.1.0/24 using EIGRP (AD = 90) with metric of 25000 and next hop IP of 10.1.4.1
Then the fourth route (EIGRP with metric of 25000) will be chosen to install into the routing table
because of lowest AD and lowest metric.

With additional configuration then load balancing may take place as EIGRP supports this
feature. But load balancing is out of scope in this tutorial.

Conclusion

In summary, before a prefix is installed into the routing table, two values are compared in this
order:
1. Administrative Distance
2. Metric
After a prefix is installed into the routing table then only the longest prefix match rule is used to
choose the best route as the routing table is already filtered of all but the best routes, regardless
of AD or metric.

A prefix is a network address with a subnet mask. For example 192.68.20.0/26 is a prefix.

OSPF Tutorial
In this article we will learn about the OSPF Routing Protocol

Open-Shortest-Path-First (OSPF) is the most widely used interior gateway protocol routing protocol
on the world because it is a public (non-proprietary) routing protocol while its biggest rival, EIGRP,
is a Cisco proprietary protocol so other vendors can’t use it (edit: EIGRP has become a public
routing protocol since 2013). OSPF is a complex link-state routing protocol. Link-state routing
protocols generate routing updates only when a change occurs in the network topology. When a
link changes state, the device that detected the change creates a link-state advertisement (LSA)
concerning that link and sends to all neighboring devices using a special multicast address. Each
routing device takes a copy of the LSA, updates its link-state database (LSDB), and forwards the
LSA to all neighboring devices.

Note:

+ OSPF routers use LSA (Link State Advertisement)to describe its link state. LSDB stores all LSAs.

+ A router uses Router LSA to describe its interface IP addresses.

+ After OSPF is started on a router, it creates LSDB that contains one entry: this router’s Router
LSA.

There are five types of OSPF Link-State Packets (LSPs).

+ Hello: are used to establish and maintain adjacency with other OSPF routers. They are also
used to elect the Designated Router (DR) and Backup Designated Router (BDR) on multiaccess
networks (like Ethernet or Frame Relay).

+ Database Description (DBD or DD): contains an abbreviated list of the sending router’s link-
state database and is used by receiving routers to check against the local link-state database
+ Link-State Request (LSR): used by receiving routers to request more information about any
entry in the DBD

+ Link-State Update (LSU): used to reply to LSRs as well as to announce new information. LSUs
contain seven different types of Link-State Advertisements (LSAs)

+ Link-State Acknowledgement (LSAck): sent to confirm receipt of an LSU message

Key points
+ Is a public (non-proprietary) routing protocol.
+ Is the only link-state routing protocol you learn in CCNA
+ This works by using the Dijkstra algorithm
+ Information about its neighbors (local connectivity) is sent to the entire network using
multicasting
+ Routing information is shared through Link-state updates (LSAs)
+ HELLO messages are used to maintain adjacent neighbors. By default, OSPF routers
send Hello packets every 10 seconds on multiaccess and point-to-point segments and
every 30 seconds on non-broadcast multiaccess (NBMA) segments (like Frame Relay,
X.25, ATM).
+ Is a classless routing protocol because it does not assume the default subnet masks are
used. It sends the subnet mask in the routing update.
+ Supports VLSM and route summarization
+ Uses COST as a metric which CISCO defines as the inverse of the bandwidth
+ Uses AREAs to subdivide large networks, providing a hierarchical structure and limit
the multicast LSAs within routers of the same area — Area 0 is called backbone area and
all other areas connect directly to it. All OSPF networks must have a backbone area
+ Only support IP but it’s not bad as we are all using IP, right? :)

Area Border Routers (ABR) are any routers that have one interface in one area and another
interface in another area

Let’s see an example of OSPF

Suppose OSPF has just been enabled on R1 & R2. Both R1 and R2 are very eager to discover if
they have any neighbors nearby but before sending Hello messages they must first choose an
OSPF router identifier (router-id) to tell their neighbors who they are. The Router ID (RID) is an IP
address used to identify the router and is chosen using the following sequence:

+ The highest IP address assigned to a loopback (logical) interface.

+ If a loopback interface is not defined, the highest IP address of all active router’s physical
interfaces will be chosen.

+ The router ID can be manually assigned

In this example, suppose R1 has 2 loopback interfaces & 2 physical interfaces:

+ Loopback 0: 10.0.0.1

+ Loopback 1: 12.0.0.1
+ Fa0/0: 192.168.1.1

+ Fa0/1: 200.200.200.1

As said above, the loopback interfaces are preferred to physical interfaces (because they are never
down) so the highest IP address of the loopback interfaces is chosen as the router-id -> Loopback
1 IP address is chosen as the router-id.

Suppose R1 doesn’t have any loopback interfaces but it has 2 physical interfaces:

+ Fa0/0: 210.0.0.1 but it is shut down

+ Fa0/1: 192.168.1.2 (is active)

Although Fa0/0 has higher IP address but it is shutdown so R1 will choose Fa0/1 as its router-id.

Now both the routers have the router-id so they will send Hello packets on all OSPF-enabled
interfaces to determine if there are any neighbors on those links. The information in the OSPF
Hello includes the OSPF Router ID of the router sending the Hello packet.

OSPF Tutorial
For example, R1 wants to find out if it has any neighbor running OSPF it sends a Hello message to
the multicast address 224.0.0.5. This is the multicast address for all OSPF routers and all routers
running OSPF will proceed this message.
If an OSPF router receives an OSPF Hello packet that satisfied all its requirement then it will
establish adjacency with the router that sent the Hello packet. In this example, if R1 meet R2’s
requirements, meaning it has the same Hello interval, Dead interval and AREA number, R2
will add R1 to its neighbor table.

+ Hello interval: indicates how often it sends Hello packets. By default, OSPF routers send Hello
packets every 10 seconds on multiaccess and point-to-point segments and every 30 seconds on
non-broadcast multiaccess (NBMA) segments (like Frame Relay, X.25, ATM)

+ Dead interval: number of seconds this router should wait between receiving hello packets from
a neighbor before declaring the adjacency to that neighbor down

+ AREA number: the area it belongs to

Now R1 and R2 are neighbors but they don’t exchange LSAs immediately. Instead, they sends
Database Description (DD or DBD) packets which contain an abbreviated list of the sending
router’s link-state database.

The neighbors also determine who will be the master and who will be the slave. The router which
higher router-id will become master and initiates the database exchange. The receiver
acknowledges a received DD packet by sending an identical DD packet back to the sender. Each
DD packet has a sequence number and only the master can increment sequence numbers.
R1 or R2 can send Request to get missing LSA from its neighbors
R2 sends back an LSAck packet to acknowledge the packet

OSPF Tutorial
There are 3 type of tables

+ Neighbor

+ Topology

+ Routing

Neighbor table

+ Contain information about the neighbors

+ Neighbor is a router which shares a link on same network

+ Another relationship is adjacency

+ Not necessarily all neighbors

+ LSA updates are only when adjacency is established

Topology table

+ Contain information about all network and path to reach any network

+ All LSA’s are entered into the topology table

+ When topology changes LSA’s are generated and send new LSA’s
+ On topology table an algorithm is run to create a shortest path, this algorithm is known as SPF
or dijkstra algorithm

Routing Table

+ Also knows as forwarding database

+ Generated when an algorithm is run on the topology database

+ Routing table for each router is unique

D: Exchange LSDB’s list

Neighbors use DD (Data Description) to exchange their LSDB catalogs. In this scenario, R1 sends
DD to R2 first. It says: I have a Route LSA from R1. R2 also sends DD to R1: I have a Route LSA
from R2.

Note: DD works like table fo content. It lists what LSDB has, but not details. By reading DD, the
receiving router can determine what it is missing and them ask the sender to transmit required
LSAs..

R1 Request, R2 Update

R1 has learned that R2 has a R2 Router LSA that it does not have.

R1 sends a LS Request to R2. When R2 receives this request, it sends an Update to transmit this
LSA to R1.

R2 Request, R1 Update

R2 also sends request to R1. R1 replies an Update. Upon receiving Update, R2 adds R1 Router LSA
to its LSDB, calculates its routes, and add a new entry (192.168.1.0, S1/0) to its routing tabe.

Note: OSPF works distributely. After routers have synchronized their LSDB, they use the same
data (LSDB) to calculate shortest paths, and updates their routing tables independently.

Ack update : LSAs are received

In order to assure reliable transmission, when a router receives an Update, it sends an Ack to the
Update sender. If the sender does not receivie Ack within a specific peried, it times out and
retransmits Update.

Note: OSPF uses Update-Ack to implemnet relaible transmission. It does not use TCP.

H1 ping H2: succeeded.

Each OSPF router creates a Router LSA to describe its interfaces’ IP addresses and floods its
Router LSA to its neighbors. After a few rounds of flooding, all OSPF routers have the same set of
Router LSAs in their LSDBs. Now routers can use the same LSDB to calculate routes and update
routing tables.

From LSDB, a router learns the entire topology: the number of routers being connected. Router
interfaces and their IP addresses, interface link costs (OSPF metric). With such detail information,
routers are able to calculate routing paths to reach all destinations found in LSDB. For example, in
the OSPF basic simulation (see External links), R1’s LSDB contains two Router LSAs: – A Router
LSA from R1. R1 has two links. Their IP addresses are 192.168.1.0/24,192.168.3.0/30. – A Router
LSA from R2. R2 has two links. Their IP addresses are 192.168.2.0/24,192.168.3.0/30. From
these LSA, R1 can calculate the routing path to reach remote destination 192.11.68.2.2 and adds
an entry (192.168.2.0/24, S1/0) to its routing table.
EIGRP Tutorial
In this article we will mention about the EIGRP protocol.

In the past, Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing
protocol but from March-2013 Cisco opens up EIGRP as an open standard in order to help
companies operate in a multi-vendor environment. EIGRP is a classless routing protocol, meaning
that it sends the subnet mask of its interfaces in routing updates, which use a complex metric
based on bandwidth and delay.

EIGRP is referred to as a hybrid routing protocol because it has the characteristics of both
distance-vector and link-state protocols but now Cisco refers it as an advanced distance vector
protocol.

Notice: the term “hybrid” is misleading because EIGRP is not a hybrid between distance vector and
link-state routing protocols. It is a distance vector routing protocol with enhanced features.

EIGRP is a powerful routing protocol and it is really standout from its ancestor IGRP. The main
features are listed below:

+ Support VLSM and discontiguous networks

+ Use Reliable Transport Protocol (RTP) to delivery and reception of EIGRP packets
+ Use the best path selection Diffusing Update Algorithm (DUAL), guaranteeing loop-free
paths and backup paths throughout the routing domain
+ Discover neighboring devices using periodic Hello messages to discover and monitor
connection status with its neighbors
+ Exchange the full routing table at startup and send partial* triggered updates thereafter (not
full updates like distance-vector protocols) and the triggered updates are only sent to routers that
need the information. This behavior is different from the link-state protocol in which an update will
be sent to all the link-state routers within that area. For example, EIGRP will send updates when a
new link comes up or a link becoming unavailable
+ Supports multiple protocols: EIGRP can exchange routes for IPv4, IPv6, AppleTalk and
IPX/SPX networks
+ Load balancing: EIGRP supports unequal metric load balancing, which allows administrators to
better distribute traffic flow in their networks.

* Notice: The term “partial” means that the update only includes information about the route
changes.

EIGRP use metrics composed of bandwidth, delay, reliability, and load. By default, EIGRP uses only
bandwidth and delay.

EIGRP use five types of packets to communicate:

+ Hello: used to identify neighbors. They are sent as periodic multicasts

+ Update: used to advertise routes, only sent as multicasts when something is changed
+ Ack: acknowledges receipt of an update. In fact, Ack is Hello packet without data. It is always
unicast and uses UDP.
+ Query: used to find alternate paths when all paths to a destination have failed
+ Reply: is sent in response to query packets to instruct the originator not to recompute the route
because feasible successors exist. Reply packets are always unicast to the originator of the query

EIGRP sends every Query and Reply message using RTP, so every message is acknowledged using
an EIGRP ACK message.

EIGRP Route Discovery

Suppose that our network has 2 routers and they are configured to use EIGRP. Let’s see what will
happen when they are turned on.

Firstly, the router will try to establish a neighboring relationships by sending “Hello” packets to
others running EIGRP. The destination IP address is 224.0.0.10 which is the multicast address of
EIGRP. By this way, other routers running EIGRP will receive and proceed these multicast packets.
These packets are sent over TCP.

After hearing “Hello” from R1, R2 will respond with another “Hello” packet.

R2 will also send its routing table to R1 by “Update” packets. Remember that R2 will send its
complete routing table for the first time.
R1 confirms it has received the Update packet by an “ACK” message.

R1 will also send to R2 all of its routing table for the first time

R2 sends a message saying it has received R1’s routing table.

Now both R1 & R2 learn all the paths of the neighbor and the network is converged. But there
are some notices you should know:
+ After the network converged, “Hello” messages will still be sent to indicate that the it is still
alive.
+ When something in the network changes, routers will only send partial updates to routers which
need that information.
+ Hellos are sent as periodic multicasts and are not acknowledged directly.
+ The first hellos are used to build a list of neighbors; thereafter, hellos indicate that the neighbor
is still alive

To become a neighbor, the following conditions must be met:

+ The router must hear a Hello packet from a neighbor.
+ The EIGRP autonomous system must be the same.
+ K-values must be the same.

EIGRP builds and maintains three tables:

+ Neighbor table: lists directly connected routers running EIGRP with which this router has an
adjacency
+ Topology table: lists all routes learned from each EIGRP neighbor
+ Routing table: lists all best routes from the EIGRP topology table and other routing processes

Configuring EIGRP

Router(config)#router eigrp 1 Syntax: router eigrp <AS number>

Turn on the EIGRP process
1 is the Autonomous System (AS) number. It can be
from 1 to 65535.
All routers in the same network must use the same
AS number.

Router(config-router)#network Router will turn on EIGRP 1 process on all the

192.168.1.0 interfaces belonging to 192.168.1.0/24 network.

In the next part we will learn about the Feasible Distance & Administrative Distance of EIGRP

EIGRP Tutorial

Feasible Distance (FD) and Advertised Distance (AD)

In the next part, we will define these terms and take an example to make them clear.

Advertised distance (AD): the cost from the neighbor to the destination.
Feasible distance (FD): The sum of the AD plus the cost between the local router and the next-
hop router
Successor: The primary route used to reach a destination. The successor route is kept in the
routing table. Notice that successor is the best route to that destination.
Feasible successor: The backup route. To be a feasible successor, the route must have an AD
less than the FD of the current successor route

Maybe it’s a bit confused with these terms so below is an example to make it clear.
Suppose you are in NEVADA and want to go to IOWA. From NEVADA you need to specify the best
path (smallest cost) to IOWA.

In this topology, suppose router A & B are exchanging their routing tables for the first time. Router
B says “Hey, the best metric (cost) from me to IOWA is 50 and the metric from you to IOWA is 90”
and advertises it to router A. Router A considers the first metric (50) as the Advertised distance.
The second metric (90), which is from NEVADA to IOWA (through IDAHO), is called the Feasible
distance.

NEVADA also receives the cost path from NEVADA -> OKLAHOMA -> IOWA advertised by router C
with the Advertised distance of 70 and Feasible distance of 130.

All of these routes are placed in the topology table of router A:

Route Advertised distance Feasible distance

NEVADA -> IDAHO -> IOWA 50 90

NEVADA -> OKLAHOMA -> IOWA 70 130

Router A will select the route to IOWA via IDAHO as it has the lowest Feasible distance and put it
into the routing table.

The last thing we need to consider is if the route NEVADA -> OKLAHOMA -> IOWA will be
considered as a feasible successor. To achieve this, it must satisfy the feasibility condition:

“To qualify as a feasible successor, a router must have an AD less than the FD of the
current successor route“

Maybe you will ask “why do we need this feasibility condition?” Well, the answer is because it
guarantees a loop-free path to the destination; in other words, it must not loop back to the current
successor.

If the route via the successor becomes invalid (because of a topology change) or if a neighbor
changes the metric, DUAL checks for feasible successors to the destination route. If one is found,
DUAL uses it, avoiding the need to recompute the route as the re-computation can be processor-
intensive. If no suitable feasible successor exists, a re-computation must occur to determine the
new successor.

EIGRP calls these alternative, immediately usable, loop-free routes feasible successor routes,
because they can feasibly be used as a new successor route when the current successor route
fails. The next-hop router of such a route is called the feasible successor.
In this case, the route NEVADA -> OKLAHOMA -> IOWA has an AD (70) less than the FD of the
successor route (90) so it becomes the feasible successor route.

Of course in some cases the feasibility condition will wrongly drop loop-free paths. For example, if
the metric between OKLAHOMA and IOWA is greater than 90 then the route NEVADA ->
OKLAHOMA -> IOWA will not be considered as a feasible successor route although it is loop-free.
But this condition is necessary because it can guarantee the feasible successor routes are loop-
free.

Notice that the feasible successors are placed in the topology table, not in the routing table.

Now router A has 3 complete tables as follows (we only consider route to IOWA network)

Now you have a basic concept of EIGRP, in the next part we will dig into the 3 tables of EIGRP –
the neighbor, topology & routing tables as understanding them is a requirement for a CCNA-taker
and learn how to calculate the metric of EIGRP.

EIGRP Tutorial

Calculate EIGRP metric

In this part we will continue to learn about the EIGRP Routing Protocol

I built the topology with Packet Tracer to illustrate what will be mentioned. You can download the
lab file here: https://www.9tut.com/download/EIGRP_CCNA_self_study.zip (please unzip & use at
least Packet Tracer v5.3 to open it)
Check the neighbor table of Router0 with the show ip eigrp neighbors command

Let’s analyze these columns:

+ H: lists the neighbors in the order this router was learned

+ Address: the IP address of the neighbors
+ Interface: the interface of the local router on which this Hello packet was received
+ Hold (sec): the amount of time left before neighbor is considered in “down” status
+ Uptime: amount of time since the adjacency was established
+ SRTT (Smooth Round Trip Timer): the average time in milliseconds between the transmission of
a packet to a neighbor and the receipt of an acknowledgement.
+ RTO (Retransmission Timeout): if a multicast has failed, then a unicast is sent to that particular
router, the RTO is the time in milliseconds that the router waits for an acknowledgement of that
unicast.
+ Queue count (Q Cnt): shows the number of queued EIGRP packets. It is usually 0.
+ Sequence Number (Seq Num): the sequence number of the last update EIGRP packet
received. Each update message is given a sequence number, and the received ACK should have
the same sequence number. The next update message to that neighbor will use Seq Num + 1.

As CCNA level, we only care about 4 columns: Address, Interface, Hold & Uptime. Other columns
will be discussed in CCNP so you don’t need to remember them now!

Notice that you can see a line “IP-EIGRP neighbors for process 100”. “Process 100” here means
“AS 100”.

Next we will analyze the EIGRP topology with the show ip eigrp topology command. The output of
Router0 is shown below
The letter “P” as the left margin of each route entry stands for “Passive”. Passive state indicates
that the route is in quiescent mode, implying that the route is known to be good and that no
activities are taking place with respect to the route.

Each route shows the number of the successor it has. For example, the network 192.168.2.0,
192.168.1.0,192.168.3.0 & 192.168.4.0 have only 1 successor (and no feasible successor). Only
network 192.168.5.0 has 2 successors.

We notice that there are 2 numbers inside the brackets (30720/28160). The first one is the metric
from Router0 to the destination, the second is the AD of this route, advertised by the neighbor. For
example, the third route entry has:

Let’s see how to calculate them!

First you should learn the formula to calculate the metric. It’s a bit complex conditional formula, I
think :)

metric = [K1 * bandwidth + (K2 * bandwidth)/(256 – load) + K3 * delay] * [K5/(reliability + K4)]

if K5 > 0
metric = [K1 * bandwidth + (K2 * bandwidth)/(256 – load) + K3 * delay] if K5 = 0

Note: you can check these K values with the “show ip protocols” command. Below is an example of
this command on Router0.

To change these values, use the “metric weights tos k1 k2 k3 k4 k5” in the EIGRP router mode.

By default, K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0 which means that the default values use only

bandwidth & delay parameters while others are ignored. The metric formula is now reduced:

metric = bandwidth + delay

But the bandwidth here is defined as the slowest bandwidth in the route to the destination & delay
is the sum of the delays of each link. Here is how to calculate the EIGRP metric in detail:

EIGRP uses the slowest bandwidth of the outgoing interfaces of the route to calculate the
metric. In this case we need to find out the bandwidth of Fa0/0 of Router0 & Fa0/1 of Router1 as
the destination network is 192.168.3.0/24.

Find the bandwidth

We can find the bandwidth of each interface by the “show interfaces “. Below is an output of the
“show interfaces fa0/0” on Router0.
All the interfaces in this topology have the bandwidth of 100,000 Kbps so we will get the same
result on interface Fa0/1 of Router1 -> The slowest bandwidth here is 100,000 Kbps. Now we can
calculate the first portion of the formula:

Notice that if the result is not an integer then the result will be rounded down. For example,
10,000,000 divided by 1024 (the speed of T1) equals 9765.625. The result will be rounded down
to 9765.

Find the delay

EIGRP also used the delay of the outgoing interfaces and it can also be found with the “show
interfaces “, the delay lies next to the bandwidth value (for example, DLY 100usec). In this case,
the delay value of both Fa0/0 of Router0 & Fa0/1 of Router1 is 100 usec (microsecond) so the sum
of delay is 100 + 100 = 200 usec. The second portion of the formula is:

Note: “usec” here means microsecond (which is 1/1000 miliseconds). According to this
link: http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml
#eigrpmetrics: “The delay as shown in the show ip eigrp topology or show
interface commands is in microseconds”. We have to divide by 10 to get the “ten of microsecond”
unit used in the metric formula above.

Get the metric

Now just sum up two portions of the formula and multiplied by 256 to get the result:

The result is 30720 and it matches the value shown in the topology table of the route to
192.168.3.0/24
Using the formula above, we can easily calculate the AD of that route (with slowest bandwidth =
100,000Kpbs; sum of delay = 10)

metric = (100 + 10) * 256 = 28160

This metric matches with the second parameter of the above route.

Note: The output of “show ip eigrp topology” command shows only feasible successors while the
output of “show ip eigrp topology all-links” shows all neighbors, whether feasible successors or
not. To learn more about the “show ip eigrp topology all-links” please
read http://www.digitaltut.com/route-eigrp-simlet. Although it belongs to CCNP exam but CCNA
level can read it too.

EIGRP Routing table

The last table we will discuss is the routing table. This is the most used table to check the
operation of EIGRP. Here is the output of the show ip route command on Router0:

The routing table has two parameters [90/30720] but the first one is the administrative distance of
EIGRP. EIGRP has a default administrative distance of 90 for internal routes and it is often the
most preferred routing protocol because it has the lowest administrative distance.

Administrative distance is the measure used by Cisco routers to select the best path when there
are two or more different routes to the same destination from two different routing protocols.

Below is the administrative distances of the most popular routing protocols used nowadays. Notice
that the smaller is the better.

So, if a network running two routing protocols at the same time, for example EIGRP and OSPF,
which routing protocol will the router choose? Well, the answer is EIGRP as it has lower
Administrative Distance than OSPF ( 90 < 110).
The second parameter, as you can guess, is the metric of that route as we discussed above.

“no auto-summary” with EIGRP

One of the features of EIGRP is “support VLSM and discontiguous networks”. Discontiguous
networks are networks that have subnets of a major network separated by a different major
network. Below is an example of discontiguous networks where subnets 10.10.1.0/24 and
10.10.2.0/24 are separated by a 2.0.0.0/8 network.

Now let’s see what will happen when we turn on EIGRP on both of the routers. To turn on EIGRP
you will use these commands:

R1(config)#router eigrp 1
R1(config-router)#network 2.0.0.0
R1(config-router)#network 10.10.1.0 (or network 10.0.0.0)

R2(config)#router eigrp 1
R2(config-router)#network 2.0.0.0
R2(config-router)#network 10.10.2.0 (or network 10.0.0.0)

You can try to use the more specific “network 10.10.1.0” instead of “network 10.0.0.0”, hoping
that EIGRP will understand it is a sub-network. But if we check the configuration with the “show
running-config” command we will notice that EIGRP has auto-summarized our network.

R1#show running-config

-> Network 10.10.1.0 has been summarized to network 10.0.0.0 because it knows 10.x.x.x
network belongs to class A.

The same thing happens for R2. Now we should check the routing table of R1 with the “show ip
route” command

R1#show ip route

From the output above we learn that R1 only knows about the directly connected 10.10.1.0/24
network but it doesn’t have any information about the far-away 10.10.2.0/24 network and a ping
to 10.10.2.1 cannot be successful (but notice that we can ping to that directly connected network,
10.10.1.2, for example).

So we can conclude that if a router receives the same route with what it is advertising then it will
not learn that route. In the above example, the “collision” occurs because both of the routers
summarize into network 10.0.0.0/8 and advertise it to other router. The neighboring router
realizes that it is also advertising this network so it drops this network information.

Now if we use the “no auto-summary” command on both routers then the problem will surely be
solved but first let’s try to use that command only on R1 router.

R1(config)#router eigrp 1
R1(config-router)#no auto-summary

R1#show ip route

-> Nothing changes!

R2#show ip route

-> R2 has just learned about the new “10.10.1.0/24” network which is advertised from R1 so R2
can ping this network

In conclusion when we enable “no auto-summary” on R1 then R1 will advertise its network with
their subnet mask so R2 can learn them correctly.

Note: Hello timers, hold timers do not need to match between two EIGRP routers to establish
neighbor relationship.

Hot Standby Router Protocol HSRP Tutorial

Go to comments
In this tutorial we will learn what is HSRP and the need of HSRP in a network.

Most of the company in the world has a connection to the Internet. The picture below shows a
most simple topology of such a company:
To make above topology work we need to:

+ Configure IP addresses on two interfaces of the Router. Suppose the IP address of Fa0/0
interface (the interface connecting to the switch) is 192.168.1.1.
+ Assign the IP addresses, default gateways and DNS servers on all PCs. In this case we have to
set the default gateways to Fa0/0 interface (with the IP address 192.168.1.1) of the router. This
can be done manually or automatically via DHCP.

After some time, your boss wants to implement some redundant methods so that even the Router
fails, all PCs can still access the Internet without any manual configuration at that time. So we
need one more router to connect to the Internet as the topology below:

But now we have a problem: There is only one default gateway on each host, so if Router1 is down
and we want to access the Internet via Router2, we have to change the default gateway (to
192.168.1.2). Also, when Router1 comes back we have to manually change back to the IP address
on Router1. And no one can access to the Internet in the time of changing the default gateway.
HSRP can solve all these problems!

HSRP Operation
With HSRP, two routers Router1 and Router2 in this case will be seen as only one router. HSRP
uses a virtual MAC and IP address for the two routers to represent with hosts as a single default
gateway. For example, the virtual IP address is 192.168.1.254 and the virtual MAC is
0000.0c07.AC0A. All the hosts will point their default gateway to this IP address.

One router, through the election process, is designated as active router while the other router is
designated as standby router. Both active and standby router listen but only the active router
proceeds and forwards packets. Standby router is backup when active router fails by monitoring
periodic hellos sent by the active router (multicast to 224.0.0.2, UDP port 1985) to detect a failure
of the active router.

When a failure on the active router detected, the

standby router assumes the role of the forwarding router. Because the new forwarding router uses
the same (virtual) IP and MAC addresses, the hosts see no disruption in communication. A new
standby router is also elected at that time (in the case of there are more than two routers in a
HSRP group).

Note: All routers in a HSRP group send hello packets. By default, the hello timer is set to 3
seconds and the dead timer is set to 10 seconds. It means that a hello packet is sent between the
HSRP standby group devices every 3 seconds, and the standby device becomes active when a
hello packet has not been received for 10 seconds
Note: The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP
group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses
the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of
0000.0C9F.FXXX (XXX: HSRP group in hexadecimal). But please notice that the virtual MAC
address can be configured manually.

HSRP version 1 hello packets are sent to multicast address 224.0.0.2 while HSRP version 2 hello
packets are sent to multicast address 224.0.0.102. Currently HSRPv1 is the default version when
running HSRP on Cisco devices.

HSRP States

HSRP consists of 6 states:

State Description

Initial This is the beginning state. It indicates HSRP is not running. It happens when
the configuration changes or the interface is first turned on

Learn The router has not determined the virtual IP address and has not yet seen an
authenticated hello message from the active router. In this state, the router still
waits to hear from the active router.

Listen The router knows both IP and MAC address of the virtual router but it is not
the active or standby router. For example, if there are 3 routers in HSRP group,
the router which is not in active or standby state will remain in listen state.

Speak The router sends periodic HSRP hellos and participates in the election of the
active or standby router.

Standby In this state, the router monitors hellos from the active router and it will take
the active state when the current active router fails (no packets heard from
active router)
 Active The router forwards packets that are sent to the HSRP group. The router also
sends periodic hello messages

Please notice that not all routers in a HSRP group go through all states above. In a HSRP group,
only one router reaches active state and one router reaches standby state. Other routers will stop
at listen state.

Now let’s take an example of a router passing through these states. Suppose there are 2 routers A
and B in the network; router A is turned on first. It enters the initial state. Then it moves
to listen state in which it tries to hear if there are already active or standby routers for this
group. After learning no one take the active or standby state, it determines to take part in the
election by moving to speak state. Now it starts sending hello messages containing its priority.
These messages are sent to the multicast address 224.0.0.2 (which can be heard by all members
in that group). When it does not hear a hello message with a higher priority it assumes the role of
active router and moves to active state. In this state, it continues sending out periodic hello
messages.

Now router B is turned on. It also goes through initial and listen state. In listen state, it learns
that router A has been already the active router and no other router is taking standby role so it
enters speak state to compete for the standby router -> it promotes itself as standby router.

Suppose router A is in active state while router B is in standby state. If router B does not hear
hello messages from router A within the holdtime (10 seconds by default), router B goes into
speak state to announce its priority to all HSRP members and compete for the active state. But if
at some time it receives a message from the active router that has a lower priority than its priority
(because the administrator change the priority in either router), it can take over the active role by
sending out a hello packet with parameters indicating it wants to take over the active router. This
is called a coup hello message.

Quick summarization:

+ HSRP is Cisco proprietary which allows several routers or multilayer switches to appear as a
single gateway IP address.
+ HSRP has 6 states: Initial, learn, listen, speak, standby and active.
+ HSRP allows multiple routers to share a virtual IP and MAC address so that the end-user hosts
do not realize when a failure occurs.
+ The active (or Master) router uses the virtual IP and MAC addresses.
+ Standby routers listen for Hellos from the Active router. A hello packet is sent every 3 seconds
by default. The hold time (dead interval) is 10 seconds.
+ HSRP version 1 uses the MAC address range 0000.0C07.ACxx while HSRP version 2 uses the
MAC address range 0000.0C9F.Fxxx , where xxx is the hexadecimal number of HSRP group.
+ The group numbers of HSRP version 1 range from 0 to 255. HSRP does support group number of
0 (we do check it and in fact, it is the default group number if you don’t enter group number in the
configuration) so HSRP version 1 supports up to 256 group numbers. HSRP version 2 supports
4096 group numbers.

Gateway Load Balancing Protocol GLBP Tutorial

in ENCOR KnowledgeGo to comments
The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active
gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway
Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to
HSRP and VRRP but it supports load balancing among members in a GLBP group. In this tutorial,
we will learn how GLBP works.
 Note: Although we can partially configure load balancing via HSRP or VRRP using
multiple groups but we have to assign different default gateways on the hosts. If one
group fails, we must reconfigure the default gateways on the hosts, which results in extra
administrative burden.

GLBP Election

When the routers are configured to a GLBP group, they first elect one gateway to be the Active
Virtual Gateway (AVG) for that group. The election is based on the priority of each gateway
(highest priority wins). If all of them have the same priority then the gateway with the highest real
IP address becomes the AVG. The AVG, in turn, assigns a virtual MAC address to each member of
the GLBP group. Each gateway which is assigned a virtual MAC address is called Active Virtual
Forwarder (AVF). A GLBP group only has a maximum of four AVFs. If there are more than 4
gateways in a GLBP group then the rest will become Standby Virtual Forwarder (SVF) which will
take the place of a AVF in case of failure. The virtual MAC address in GLBP is 0007.b400.xxyy
where xx is the GLBP group number and yy is the different number of each gateway (01, 02,
03…).

Note:
+ In this tutorial, the words “gateway” and “router” are use interchangeable. In fact,
GLBP can run on both router and switch so the word “gateway”, which can represent for
both router and switch, is better to describe GLBP.
+ For switch, GLBP is supported only on Cisco 4500 and 6500 series.

The gateway with the highest priority among the remaining ones is elected the Standby AVG
(SVG) which will take the role of the AVG in the case it is down.

For example in the topology above suppose all of the gateways have the same priority and GLBP is
turned on at the same time on all gateways (or they are configured with the preempt feature), R4
will be elected AVG because of its highest IP address 10.10.10.4. R3 will be elected SVG because
of its second highest IP address (10.10.10.3). The AVFs are elected based on the weight so the
four highest weight values would win for the four AVFs. In this case we only have four gateways so
surely they are all elected AVFs. With GLBP, there is still one virtual IP address which is assigned
by the administrator via the “glbp ip …” command (for example glbp 1 ip 10.10.10.100).

How GLBP works

After the election ends, R4 is both the AVG and AVF; R3 is SVG and AVF; R2 & R1 are pure AVFs.
R4 assigned the MAC addresses of 0007.b4000101, 0007.b4000102, 0007.b4000103,
0007.b4000104 to R1, R2, R3, R4 respectively; we will abbreviate the MAC addresses as 01, 02,
03 and 04. Let’s see how GLBP works!

The default gateway of PC1, PC2 and PC3 were set to 10.10.10.100 so if they want to send traffic
outside they have to send ARP Request first to their default gateway. They broadcast an ARP
Request to ask “Hey, I need to know the MAC address of the guy 10.10.10.100!”. R4, which is the
AVG, is responsible for answering the ARP Request. But the trick here is it does not always give
the same answer to that question:

For PC1, R4 will answer “The MAC address of the guy 10.10.10.100 is 01!”.
For PC2, R4 will answer “The MAC address of the guy 10.10.10.100 is 02!”.
For PC3, R4 will answer “The MAC address of the guy 10.10.10.100 is 03!”.
For PC4, R4 will answer “The MAC address of the guy 10.10.10.100 is 04!”.

As the result of this, PC1 will send the traffic to R1; PC2 will send traffic to R2; PC3 will send traffic
to R3 and PC4 will send traffic to R4! And load balancing is achieved!

When AVG fails

Everything is working smoothly then suddenly R4 (AVG) is down. What will happen now?

As we know R3 was chosen as SVG because of its second highest priority so when R4 is down, R3
becomes the new AVG and is responsible for forwarding traffic sent to the virtual MAC address of
R4. In other words, R3 is now responsible for traffic from PC3 & PC4 with two MAC addresses 03,
04. Communication between R4 continues without disruption or change at the host side.
Wait! Maybe you have a question to ask here. So how about the Switch? How can the switch
forward the frames to the new SVG on another port? Remember that Switch saved the MAC 04 for
the port connecting to R4. Well, the answer here is when the standby becomes the active it will
send a gratuitous ARP reply to flush the CAM tables of the switches and the ARP cache of the
hosts. So the switch will learn the new port for MAC 04.

Each AVF listens to others, if one AVF can no more forward traffic, all listening AVFs will compete
to take the responsibility of the failed AVF vMAC along with its own (AVF with higher weighting
wins).

To detect a gateway failure, GLBP members communicate between each other through hello
messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol
(UDP) port 3222.

GLBP supports up to 1024 virtual routers (GLBP groups) per physical interface of a router.

Load balancing algorithm

GLBP load sharing is done in one of three ways:

Round-robin load-balancing algorithm: Each router MAC is used sequentially to respond to

ARP requests. This is the default load balancing mode in GLBP and is suitable for any number of
end hosts.
Weighted load-balancing algorithm: Traffic is balanced proportional to a configured weight.
Each GLBP router in the group will advertise its weighting and assignment; the AVG will act based
on that value. For example, if there are two routers in a group and R1 has double the forwarding
capacity of router B, the weighting value of router A should be configured to be double the amount
of R2.
Host-dependent load-balancing algorithm: A given host always uses the same router.

Interface Tracking

Like HSRP, GLBP can be configured to track interfaces. For example, if the WAN link from Router
R4 is lost, GLBP detects the failure and decrements the router priority (when a tracked interface
fails). The second router then becomes primary. This transition is transparent for the hosts.
GLBP Authentication

GLBP has three authentication types:

+ No authentication
+ MD5 authentication
+ Plain text authentication

MD5 is the most security method so far. With this method, the same keys are configured on both
ends. One end will send the encrypted key (called hash, using MD5) to the other. At the other
side, the same key is also encrypted and compared with the receiving encrypted key. If the two
encrypted keys are the same then authentication is approved. The advantage of this method is
only the encrypted key is sent through the link. The key for the MD5 hash can either be given
directly in the configuration using a key string or supplied indirectly through a key chain.