EIGRP OTP (Over The Top)

EIGRP OTP (Over The Top)

EIGRP OTP (Over the Top) allows you to run EIGRP between routers that are not directly connected. It is a great feature to use when you want to run EIGRP between routers that are connected to a service provider network and you don’t want the hassle of other solutions like MPLS VPN and you don’t want the service provider’s involvement with your routing. With EIGRP OTP, you can configure everything on your own routers as long as you are able to reach the remote router(s).

EIGRP OTP uses an overlay VPN and thus uses tunneling, it is a bit similar to other solutions like DMVPN / multipoint GRE but it uses LISP (Locator/Identifier Separation Protocol) instead.

LISP is a technology where each end device has a separate “identity” and “location”, unlike IP where the IP address is both the identity and location of the end device. LISP is useful in scenarios where an end device should be able to retain its original IP address, even if it moves to another subnet. It is useful for VM motion where virtual machines are moved from one hypervisor to another but also for mobile devices that end up in another subnet after roaming.

There is a control plane and data plane for LISP. Learning all the details about the LISP control plane is quite a story. On the data plane, LISP uses UDP to encapsulate data and tunnel traffic. EIGRP OTP only uses LISP for the data plane, EIGRP is used for the control plane. This is convenient as you don’t really have to understand LISP to be able to understand EIGRP OTP.

In this lesson, I’ll show you how to configure EIGRP OTP.

Configuration

To demonstrate EIGRP OTP, I use the following topology:

Above we have four routers:

• R1, R2 and R3 are customer routers that want to use EIGRP to exchange routing information. These routers each have a loopback interface with an IP address that we will advertise in EIGRP.
• R4 is the service provider network. In a production network, this could be a large network but for simplicity reasons, I’m only using one router here.

The only requirement to run EIGRP OTP is that the customer routers have to be able to reach each other. I will use a couple of static routes so that R1, R2 and R3 are able to reach the IP addresses on their GigabitEthernet 0/1 interfaces:

R1(config)#ip route 192.168.24.2 255.255.255.255 192.168.14.4
R1(config)#ip route 192.168.34.3 255.255.255.255 192.168.14.4

R2(config)#ip route 192.168.14.1 255.255.255.255 192.168.24.4
R2(config)#ip route 192.168.34.3 255.255.255.255 192.168.24.4

R3(config)#ip route 192.168.14.1 255.255.255.255 192.168.34.4
R3(config)#ip route 192.168.24.2 255.255.255.255 192.168.34.4

Now we can configure EIGRP.

Route Reflector

EIGRP OTP is only supported in EIGRP named mode, you can’t configure it in classic mode. Neighbors have to be configured statically and we have two options here:

• We can configure a full-mesh of static EIGRP neighbors.
• We can configure one router as a route reflector which works similar to the BGP route reflector.

With three routers, a full mesh is no problem but if you have a lot of customer routers, a route reflector is an interesting option. I will configure R1 as the route reflector and R2/R3 will be its clients:

R1(config)#router eigrp OTP
R1(config-router)#address-family ipv4 autonomous-system 123
R1(config-router-af)#remote-neighbors source GigabitEthernet 0/1 unicast-listen lisp-encap 123 

The remote-neighbors command is all we need for EIGRP OTP. It tells R1 to use the GigabitEthernet 0/1 interface and listen for unicast packets. LISP uses different IDs, I’m going to use ID 123 on all routers. Optionally, this command allows you to set a maximum number of neighbors and/or use an access-list to permit only certain IP addresses to accept as EIGRP neighbors.

Let’s advertise the loopback interface and GigabitEthernet 0/1 on R1:

R1(config-router-af)#network 1.1.1.1 0.0.0.0
R1(config-router-af)#network 192.168.14.0 0.0.0.255

Last but not least, there are two more things we have to configure:

• Disable next-hop-self: If you don’t do this, R1 will set its own IP address as the next hop for everything it advertises to R2 and R3. If you don’t disable this, then whenever R2 or R3 want to reach each other’s loopback interface, they will send their traffic to R1. It works but it’s sub-optimal routing. If you disable this then R1 will leave the next hop IP address alone and R2/R3 are able to reach each other directly.
• Disable split horizon: R1 is using a single interface so if you don’t disable split horizon, R2 and R3 are unable to learn each others loopback interfaces.

Let’s disable next-hop-self and split horizon:

R1(config-router-af)#af-interface GigabitEthernet 0/1
R1(config-router-af-interface)#no next-hop-self 
R1(config-router-af-interface)#no split-horizon 

That’s all we have to do on the route reflector.

Spoke routers

Let’s configure R2 and R3. The only thing we have to do is configure R1 as a static remote neighbor and set the LISP encapsulation ID:

R2(config)#router eigrp OTP
R2(config-router)#address-family ipv4 autonomous-system 123
R2(config-router-af)#neighbor 192.168.14.1 GigabitEthernet 0/1 remote lisp-encap 123
R2(config-router-af)#network 2.2.2.2 0.0.0.0
R2(config-router-af)#network 192.168.24.0 0.0.0.255

R3(config)#router eigrp OTP
R3(config-router)#address-family ipv4 autonomous-system 123
R3(config-router-af)#neighbor 192.168.14.1 GigabitEthernet 0/1 remote lisp-encap 123
R3(config-router-af)#network 3.3.3.3 0.0.0.0
R3(config-router-af)#network 192.168.34.0 0.0.0.255

That’s all there is to it.

Verification

Let’s verify our work. The first thing you notice once you configure OTP is that the routers create a new LISP interface:

R1, R2 & R3#
%LINEPROTO-5-UPDOWN: Line protocol on Interface LISP123, changed state to up

We can see it here:

R1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol  
GigabitEthernet0/1         192.168.14.1    YES NVRAM  up                    up      
LISP123                    1.1.1.1         YES unset  up                    up      
Loopback0                  1.1.1.1         YES NVRAM  up                    up

Let’s see if we have EIGRP neighbors:

R1#show ip eigrp neighbors 
EIGRP-IPv4 VR(OTP) Address-Family Neighbors for AS(123)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   192.168.24.2            Gi0/1                    14 00:02:42  476  2856  0  3
0   192.168.34.3            Gi0/1                    14 00:02:49  296  1776  0  4

R2#show ip eigrp neighbors 
EIGRP-IPv4 VR(OTP) Address-Family Neighbors for AS(123)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.14.1            Gi0/1                    13 00:02:54  211  1266  0  6

R3#show ip eigrp neighbors 
EIGRP-IPv4 VR(OTP) Address-Family Neighbors for AS(123)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.14.1            Gi0/1                    14 00:03:08  214  1284  0  6

R1 has established neighbor adjacencies with both R2 and R3. Let’s check the routing tables:

R1#show ip route eigrp 
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/93994331] via 192.168.24.2, 00:03:33, LISP123
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/93994331] via 192.168.34.3, 00:03:38, LISP123

R2#show ip route eigrp 
      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/93994331] via 192.168.14.1, 00:03:50, LISP123
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/93994331] via 192.168.34.3, 00:03:50, LISP123

R3#show ip route eigrp 
      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/93994331] via 192.168.14.1, 00:00:06, LISP123
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/93994331] via 192.168.24.2, 00:00:06, LISP123

Above you can see that all routers have learned about the loopback interfaces. Note that we are using the LISP123 interface. Because we disabled next-hop-self, R2 and R3 have the correct next hop IP addresses which allow them to reach each other directly.

If you look in the CEF table, you can see how the routers figure out how to reach each other:

R1#show ip cef 2.2.2.2 internal 
2.2.2.2/32, epoch 0, RIB[I], refcnt 5, per-destination sharing
  sources: RIB 
  feature space:
    IPRM: 0x00028000
  ifnums:
    LISP123(8): 192.168.24.2
  path list 0EBF8D04, 3 locks, per-destination, flags 0x49 [shble, rif, hwcn]
    path 0EBF9254, share 1/1, type attached nexthop, for IPv4
      nexthop 192.168.24.2 LISP123, IP midchain out of LISP123, addr 192.168.24.2 0E0ACE08
  output chain:
    IP midchain out of LISP123, addr 192.168.24.2 0E0ACE08
    IP adj out of GigabitEthernet0/1, addr 192.168.14.4 0D800840

Above we see that R1 uses the LISP123 interface to reach 2.2.2.2 which uses 192.168.24.2 (R2) as the next hop. When R1 tries to send something to 2.2.2.2, it will use LISP encapsulation which I will show you in a bit.

First, let’s see if we have connectivity:

R2#ping 1.1.1.1 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/10 ms

R2 is able to reach R1, let’s see if it can reach R3:

R2#ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/15 ms

That’s also no problem. If you enable a packet capture, you can see that EIGRP control plane traffic like hello packets or updates are sent as regular IP packets. This is possible since we use EIGRP unicast traffic:

Traffic on the data plane, like our pings from one loopback interface to another are encapsulated with LISP. Here’s a capture:

Above you can see that the packet is sent between 192.168.14.1 (R1) and 192.168.24.2 (R2). The actual ICMP traffic however is encapsulated with LISP in UDP using destination port 4342.

 

Table of Content

Unit 1: Introduction to EIGRP

• Introduction to EIGRP
• Basic EIGRP configuration
• EIGRP over frame-relay

Unit 2: EIGRP Neighbor Adjacency

• EIGRP Packets
• EIGRP Neighbor Adjacency
• EIGRP Neighbor and Topology Table
• EIGRP Hold Time and Hello Packets
• EIGRP Unequal Load Balancing
• EIGRP Variance Command Example
• EIGRP K Values
• EIGRP K Values Configuration
• EIGRP Static Neighbor
• EIGRP Passive Interface
• EIGRP Authentication
• EIGRP Authentication per Neighbor
• Troubleshooting EIGRP Neighbor Adjacency
• EIGRP OTP (Over the Top)
• EIGRP Graceful Shutdown

Unit 3: EIGRP Filtering

• EIGRP distribute-list filtering
• EIGRP prefix-list filtering
• EIGRP route-map filtering

Unit 4: EIGRP Advanced Features

• EIGRP Stuck in Active
• EIGRP DUAL FSM
• EIGRP Stub
• EIGRP Stub Leak Map
• EIGRP Default Network
• EIGRP Router ID
• EIGRP Summarization
• EIGRP Summary Leak Map
• EIGRP Auto-summary
• EIGRP Named Mode
• EIGRP Add Path Support
• EIGRP Loop-Free Alternate (LFA) Fast Reroute (FRR)
• EIGRP Wide Metrics
• EIGRP IP Bandwidth-percent
• EIGRP TTL=2 explained
• Troubleshooting EIGRP Route Advertisement
• EIGRP External Route Path Selection