Design Principles
EIGRP Network Design
Proper EIGRP network design is crucial for scalability, performance, and maintainability. This section covers fundamental design principles and architectural best practices.
Core Design Principles
Hierarchical Design
Organize network into logical layers and boundaries
Summarization
Aggregate routes at appropriate boundaries
Redundancy
Provide multiple paths for fault tolerance
Scalability
Design for growth and future expansion
Hierarchical Network Design
Three-Tier Architecture
┌─────────────────────────────────────┐
│ Core Layer │
│ • High-speed switching/routing │
│ • Minimal processing │
│ • Route summarization │
└─────────────────────────────────────┘
│
┌─────────────────────────────────────┐
│ Distribution Layer │
│ • Policy enforcement │
│ • Route filtering │
│ • Redundancy │
│ • Aggregation │
└─────────────────────────────────────┘
│
┌─────────────────────────────────────┐
│ Access Layer │
│ • End-user connectivity │
│ • Basic services │
│ • Stub configurations │
└─────────────────────────────────────┘IP Addressing Strategy
Hierarchical Addressing Plan
Regional Office: 10.1.0.0/16
├── Core Network: 10.1.0.0/20
│ ├── Core Links: 10.1.0.0/24
│ └── Management: 10.1.1.0/24
├── Distribution: 10.1.16.0/20
│ ├── Dist Links: 10.1.16.0/24
│ └── Services: 10.1.17.0/24
└── Access Networks: 10.1.32.0/19
├── Branch 1: 10.1.32.0/24
├── Branch 2: 10.1.33.0/24
└── Branch 3: 10.1.34.0/24
Summary Routes:
- Branch → Distribution: 10.1.32.0/19
- Distribution → Core: 10.1.0.0/16
- Core → WAN: 10.1.0.0/16Summarization Strategy
Strategic Summarization Points
# Access layer to distribution
interface gigabitethernet0/0
ip summary-address eigrp 100 192.168.1.0 255.255.255.0
# Distribution to core
interface gigabitethernet0/1
ip summary-address eigrp 100 192.168.0.0 255.255.248.0
# Benefits:
# - Reduces routing table size
# - Improves convergence time
# - Provides stability
# - Reduces query scopeDesign Templates
Standard Configuration Template
# Core router template
router eigrp 100
eigrp router-id [x.x.x.x]
network [core-networks]
no auto-summary
maximum-paths 4
# Distribution router template
router eigrp 100
eigrp router-id [x.x.x.x]
network [distribution-networks]
no auto-summary
maximum-paths 4
interface [uplink-interface]
ip summary-address eigrp 100 [summary-route] [mask]
# Access router template
router eigrp 100
eigrp router-id [x.x.x.x]
eigrp stub connected summary
network [access-networks]
no auto-summary
passive-interface default
no passive-interface [uplink-interface]Scalability
EIGRP Scalability
EIGRP scalability depends on proper network design, summarization, and resource management. Understanding scaling limitations and optimization techniques is essential for large networks.
Scalability Factors
Network Size
Number of routers and routes in the network
Topology Table
Memory consumption for route storage
Convergence Time
Time to react to topology changes
Resource Usage
CPU and memory consumption
EIGRP Scaling Limits
| Parameter | Theoretical Limit | Practical Limit | Limiting Factor |
|---|---|---|---|
| Neighbors per Router | No hard limit | 50-100 | Memory and CPU |
| Routes per Router | No hard limit | 10,000-50,000 | Memory consumption |
| Network Diameter | 100 hops | 15-20 hops | Convergence time |
| AS Size | No limit | 200-500 routers | Query scope |
Summarization for Scalability
Hierarchical Summarization
# Without summarization (poor scalability)
# Each router knows about all 1000 branch networks
# Topology table: 1000 entries per router
# Query scope: entire network
# With summarization (good scalability)
interface serial0/0/0
ip summary-address eigrp 100 192.168.0.0 255.255.0.0
# Each router knows about 1 summary per region
# Topology table: 10 entries per router
# Query scope: limited to regionMonitoring Scalability
Scalability Metrics
# Monitor topology table size
show ip eigrp topology summary
# Check memory usage
show processes memory | include EIGRP
# Monitor CPU utilization
show processes cpu | include EIGRP
# Check convergence times
show ip eigrp events
# Monitor neighbor count
show ip eigrp neighbors summary
# Check query statistics
show ip eigrp trafficSecurity
EIGRP Security
EIGRP security involves authentication, access control, and monitoring to protect against unauthorized access and malicious routing attacks. Proper security implementation is essential for network integrity.
Security Threats
Unauthorized Access
Rogue routers joining the EIGRP domain
Route Injection
Malicious route advertisements
Man-in-the-Middle
Interception and modification of routing updates
Denial of Service
Overwhelming routers with malicious traffic
MD5 Authentication
MD5 Authentication Configuration
# Create key chain
key chain EIGRP_MD5
key 1
key-string MySecretKey123
accept-lifetime 00:00:00 Jan 1 2024 infinite
send-lifetime 00:00:00 Jan 1 2024 infinite
# Apply to interface
interface serial0/0/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP_MD5
# Verify authentication
show ip eigrp neighbors detailSHA-256 Authentication
SHA-256 Authentication Configuration
# Create key chain for SHA-256
key chain EIGRP_SHA256
key 1
key-string StrongPassword456
cryptographic-algorithm hmac-sha-256
accept-lifetime 00:00:00 Jan 1 2024 infinite
send-lifetime 00:00:00 Jan 1 2024 infinite
# Apply to interface
interface serial0/0/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP_SHA256
# SHA-256 provides stronger cryptographic protectionPassive Interface Security
Secure Default Configuration
router eigrp 100
# Make all interfaces passive by default
passive-interface default
# Enable EIGRP only on required interfaces
no passive-interface serial0/0/0
no passive-interface serial0/0/1
# Network statements
network 10.0.0.0 0.255.255.255
network 192.168.1.0 0.0.0.255
# Benefits:
# - Prevents unauthorized neighbor formation
# - Reduces attack surface
# - Simplifies troubleshootingSecurity Best Practices
Security Guidelines
- Enable Authentication: Use MD5 or SHA-256 authentication
- Implement Key Rotation: Regularly rotate authentication keys
- Use Passive Interfaces: Secure unused interfaces by default
- Monitor Security Events: Enable logging and monitoring
- Segment Networks: Use multiple AS for security isolation
Performance
EIGRP Performance Optimization
EIGRP performance optimization involves tuning timers, managing resources, and implementing efficient network design to achieve optimal convergence times and resource utilization.
Performance Metrics
Convergence Time
Time to adapt to topology changes
CPU Utilization
Processing overhead for EIGRP operations
Memory Usage
Memory consumption for topology table
Bandwidth Usage
Network overhead for EIGRP packets
Convergence Optimization
Timer Optimization
# Aggressive timer settings for fast convergence
interface serial0/0/0
ip hello-interval eigrp 100 1
ip hold-time eigrp 100 3
# Benefits:
# - Faster failure detection
# - Quicker convergence
# - Better user experience
# Considerations:
# - Increased CPU usage
# - More network overhead
# - Potential instability on slow linksBFD Integration
Bidirectional Forwarding Detection
# Enable BFD for subsecond failure detection
interface serial0/0/0
bfd interval 100 min_rx 100 multiplier 3
ip routing bfd
# Enable BFD for EIGRP
router eigrp 100
bfd all-interfaces
# Benefits:
# - Subsecond failure detection
# - Hardware-accelerated
# - Protocol-independent
# - Reduced convergence timePerformance Monitoring
Performance Metrics Collection
# Monitor CPU usage
show processes cpu | include EIGRP
# Check memory consumption
show processes memory | include EIGRP
# Monitor convergence times
show ip eigrp events
# Check interface utilization
show interfaces | include "rate"
# Monitor neighbor stability
show ip eigrp neighbors
# Track packet statistics
show ip eigrp trafficPerformance Best Practices
Performance Guidelines
- Design for Performance: Implement hierarchical design with summarization
- Monitor Continuously: Track performance metrics and trends
- Optimize Selectively: Focus on critical paths and bottlenecks
- Test Thoroughly: Validate performance improvements
- Plan for Growth: Size infrastructure for future requirements