While trying my hand at an INE question, I was triggered to figure out how EIGRP summary addresses work. What happens if we summarise a network to the exact same prefix? How can we play with the results?
To try this out, I built a small topology. R1 represents the provider, who advertises only a default route through BGP. R2 and R3 will advertise the EIGRP networks to R1 and redistribute BGP into EIGRP. Later, R2 and R3 will summarise this default network. R1’s loopback (1.1.1.1) will represent the outside networks.
The setup on R3:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
router eigrp SUMMARYLAB ! address-family ipv4 unicast autonomous-system 1 ! topology base redistribute bgp 65000 metric 1000 1 255 1 1500 exit-af-topology network 3.3.3.3 0.0.0.0 network 10.0.35.0 0.0.0.255 exit-address-family router bgp 65000 bgp log-neighbor-changes redistribute eigrp 1 neighbor 10.0.13.1 remote-as 1 |
Everything works, both R4 and R5 will take the shortest path out:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
R4#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.24.2 6 msec 0 msec 1 msec 2 10.0.12.1 0 msec * 1 msec R5#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.35.3 2 msec 1 msec 0 msec 2 10.0.13.1 0 msec * 1 msec |
Now, let’s see what happens when we summarise the default network to the same prefix. Only on R3 first:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
R3(config)#router eigrp SUMMARYLAB R3(config-router)#address-family ipv4 unicast autonomous-system 1 R3(config-router-af)#af-interface e1/1 R3(config-router-af-interface)# summary-address 0.0.0.0/0 R4#show ip route | include 0.0.0.0 Gateway of last resort is 10.0.45.5 to network 0.0.0.0 D* 0.0.0.0/0 [90/1536640] via 10.0.45.5, 00:03:39, Ethernet1/0 R5#show ip route | include 0.0.0.0 Gateway of last resort is 10.0.35.3 to network 0.0.0.0 D* 0.0.0.0/0 [90/1024640] via 10.0.35.3, 00:03:33, Ethernet1/1 |
So, both R4 and R5 still have a default route. Howerver, R4 now wants to go through R5 and R3. At first I thought this was because I am redistributing the BGP route with a BW of 1Gbit and the summary is being advertised with a BW of 10Gbit. Later I figured out the real reason: The summarised route is advertised as EIGRP internal and the redistributed route is advertised as EIGRP external. EIGRP defaults to preferring internal routes, so the summarised route wins:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
R4#show ip eigrp 1 topology 0.0.0.0/0 EIGRP-IPv4 VR(SUMMARYLAB) Topology Entry for AS(1)/ID(4.4.4.4) for 0.0.0.0/0 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 196689920, RIB is 1536640 Descriptor Blocks: 10.0.45.5 (Ethernet1/0), from 10.0.45.5, Send flag is 0x0 Composite metric is (196689920/131153920), <strong>route is Internal</strong> Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 2001250000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Originating router is 3.3.3.3 Exterior flag is set 10.0.24.2 (Ethernet0/0), from 10.0.24.2, Send flag is 0x0 Composite metric is (721551360/656015360), <strong>route is External</strong> Vector metric: Minimum bandwidth is 1000 Kbit Total delay is 1010000000 picoseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 2.2.2.2 External data: AS number of route is 65000 External protocol is BGP, external metric is 0 Administrator tag is 1 (0x00000001) Exterior flag is set |
A trace should still work, right? R3 gets the default route from BGP. R4 and R5 know a default route towards R3. Let’s try this out:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
R4#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.45.5 3 msec 5 msec 0 msec 2 10.0.35.3 0 msec 0 msec 0 msec 3 10.0.35.3 !H * !H R5#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.35.3 7 msec 0 msec 0 msec 2 10.0.35.3 !H * * |
Wait! We are getting unreachables. Why? Let’s check R3, because it is the router generating the unreachables:
|
1 2 3 4 5 6 |
R3#show ip route | i 0.0.0.0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 D* 0.0.0.0/0 is a summary, 00:10:48, Null0 |
The EIGRP summary route wins from the BGP route, because it has an AD of 5, which is better than eBGP’s 20. The router doesn’t care if the route points to Null0, or not. A route is a route. Let’s fix this, and let’s do all the same summarisation at R2 as well (not shown):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
R3(config)#router eigrp SUMMARYLAB R3(config-router)#address-family ipv4 unicast autonomous-system 1 R3(config-router-af)#topology base R3(config-router-af-topology)#summary-metric 0.0.0.0/0 distance 25 !After clearing EIGRP: R3#show ip route | include 0.0.0.0 Gateway of last resort is 10.0.13.1 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 10.0.13.1, 00:00:27 R5#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.35.3 3 msec 0 msec 0 msec 2 10.0.13.1 0 msec * 1 msec R5#show ip route | include 0.0.0.0 Gateway of last resort is 10.0.35.3 to network 0.0.0.0 D*EX 0.0.0.0/0 [170/5637120] via 10.0.35.3, 00:02:35, Ethernet1/1 |
That is better. But, to be honest, we are not getting the summary route, we are getting the redistributed BGP route, as you can see from the D*EX. Does this even summarise any networks? Let’s have R1 advertise it’s loopback address and see what happens:
|
1 2 3 4 5 6 7 8 |
R3#show ip route | i 1.1.1.1 B 1.1.1.1 [20/0] via 10.0.13.1, 00:03:04 R5#show ip route 1.1.1.1 % Network not in table |
So, the summary does not get advertised, but it does suppress all other advertisements. Now, how can we break this further? Let’s kill the BGP connecting between R3 and R1, and see what happens:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
R3(config)#router bgp 65000 R3(config-router)#neighbor 10.0.13.1 shutdown R3#show ip route | i 0.0.0.0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 D* 0.0.0.0/0 is a summary, 00:00:52, Null0 R5#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.35.3 7 msec 0 msec 0 msec 2 10.0.35.3 !H * !H |
We have the same problem as before, R3 is installing the Null0 route. R5 will not be able to connect to R1. Even worse, R4 will prefer the R3 route, because it is EIGRP internal instead of EIGRP external, and so is preferred:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
R4#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.45.5 3 msec 0 msec 0 msec 2 10.0.35.3 0 msec 1 msec 0 msec 3 10.0.35.3 !H * !H R4#show ip eigrp topology 0.0.0.0 | i Ethernet|[In|Ex]ternal 10.0.45.5 (Ethernet1/0), from 10.0.45.5, Send flag is 0x0 Composite metric is (197263360/131727360), route is Internal 10.0.24.2 (Ethernet0/0), from 10.0.24.2, Send flag is 0x0 Composite metric is (721551360/656015360), route is External External data: External protocol is BGP, external metric is 0 |
Can we fix this? Yes, we can! Through the magic of an unreachable AD.
|
1 2 3 4 5 6 7 8 9 10 |
R3(config)#router eigrp SUMMARYLAB R3(config-router)#address-family ipv4 unicast autonomous-system 1 R3(config-router-af)#topology base R3(config-router-af-topology)#summary-metric 0.0.0.0/0 distance 255 R3#show ip route | i 0.0.0.0 Gateway of last resort is 10.0.35.5 to network 0.0.0.0 D*EX 0.0.0.0/0 [170/6661120] via 10.0.35.5, 00:00:58, Ethernet1/1 |
Now even R3 has a backup route and everyone can ping happily ever after.
|
1 2 3 4 5 6 7 8 9 10 |
R3#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.35.5 7 msec 1 msec 0 msec 2 10.0.45.4 0 msec 0 msec 0 msec 3 10.0.24.2 0 msec 0 msec 0 msec 4 10.0.12.1 0 msec * 0 msec |
So, in short, this is what I learned:
- EIGRP summary routes will overwrite existing routes of inferior AD,
- EIGRP will prefer internal routes over external routes, regardless of metric,
- You can use an infinite AD on a summary to filter out more specific routes,