EIGRP Stub Routing, Leak-Maps

Description
In this guide, we will go over stub routing and configuration. We will also configure a "leak-map" to allow stub routers to advertise specific routes to their upstream neighbor.
EIGRP Lab Diagram
Stub Overview
Before configuration, let's go over what stub routing is. A stub router or "stub network" is a router or routing-enabled device that has no downstream routing neighbors to share routes with. A stub router only has one path for destination traffic, and that is to its ONE upstream neighbor. This configuration is typical with small offices connected to an HQ (HUB), or in a Hub-and-spoke topology. So why designate a router as a "stub"?
EIGRP Query Messages
- To understand why we use a stub configuration, we must first go over the EIGRP query message. If we take a look at our network diagram above, the ISP network has a lot of prefixes being advertised. If one of the prefixes, 3.3.0.0/24, goes down, and let's say that the network lives on R5, R5 will first send an EIGRP Query message to all its neighbors. The query message will go from R5-->R4, R5-->R3, and R5-->R2. Each router will reply with an EIGRP Reply packet saying they do not have an alternative path to 3.3.0.0/24, EXCEPT R2. R2 will send a query downstream, and then R1 will send an EIGRP reply back, then R2 will send an EIGRP reply back to R5 stating there is no alternative path. So no big deal, right?
- In a well-tuned and well-engineered network, we want to try and eliminate any additional stress or burden on the router's physical resources. So, in a large EIGRP domain, you can see how all these query messages can be quite intensive. EIGRP will not be fully converged and active until a router receives a reply to the query. So what can we do to suppress the queries? Create a stub network.
To make a router a stub, it only takes one command. But there are a couple of options.
stub connected -- This configuration will only let the stub router advertise its connected routes to its neighbors. Just the networks physically connected to the router.
stub connected summary -- This configuration will also advertise a summary route.
stub connected static -- This allows the redistribution of static routes to be propagated.
- Once the stub command has been configured, we will see the queries being suppressed. We will configure R1 as a stub, and then from R2; we will do a debug and check to see if the queries are not getting sent to its downstream stub neighbor, R1. We will shutdown loopback address 3.3.3.1 on R5 to cause a topology change so we can see EIGRP queries being sent.
EIGRP Lab Diagram
R1(config-router-af)#eigrp stub connected summary # This command will
set R1 as an EIGRP stub router.
show ip eigrp neighbors detail
- This command shows us that we are suppressing query messages to our downstream neighbor R1
debug eigrp packets query reply commands
- These debugs will show us where the queries are being sent and the replies.
shutdown loopback3 on R5 to make a topology change
- Shutting down this loopback will cause a topology change and query messages to be sent.
debug output from R2, notice a query was not sent to the downstream stub neighbor R1.
- As we can see here, there was no EIGRP Query message sent to the downstream neighbor R1.
wireshark capture from R1 to R2. R1 is a stub and there was a query in the domain that stopped at R2.
- As you can see from this capture, there are truly no queries being sent to our downstream neighbor R1.
The downside?
- So, what is the downside of configuring a stub network? Once we decide to make R1 a stub router, we no longer can advertise any routes that are not directly connected to us to our neighbor. So let's take a look at our diagram.
EIGRP Lab Diagram
- Our organization has decided to set up another offsite on our campus to service a server farm, let's say, a mile away. So we add a Cisco 9000series Catalyst Distribution switch. And we want this network to become a part of our routing domain while also keeping our stub configuration. If we do this, will routers R2 - R5 know about this edition of our routing domain? Let's see. We have configured the DSW and R1 to be neighbors; they are advertising networks between them. If we take a look at the DSW's routing table and R5's routing table, will we have complete convergence?
R5 not seeing the downstream neighbor networks of the EIGRP stub router R1.
- As we can see here, R5 is not learning about the networks residing on the DSW.
DSW routing table, not learning anything beyond the Stub router; R1
- Our DSW also does not know how to route to any networks besides the connected networks on R1.
- We can fix this by advertising a default route from R1 ---> DSW. This lets all the DSW users and networks use R1 as the default route out. To have full reachability, we will need to create a "leak-map" on R1 that will advertise the Distro Switches networks to its neighbors and still suppress query messages by remaining a stub router.
Leak-Map Configuration
All the configuration we need to do to have complete network convergence for our stub router R1 is done on R1.
- First, we will need to create a default route out to the Distro Switch.
R1(config-router-af)#af-interface 0/2 # This command will allow us to configure the eth0/2 interface under our EIGRP named mode
R1(config-router-af-interface)#summary-address 0.0.0.0 0.0.0.0 # This command will advertise a default route out of the interface via EIGRP
- Let's take a look at this full configuration and the effects as we go.
Distro switch DSW routing table
Summary address command sent to DSW from R1
- Now, after this summary address is sent out to DSW, let's recheck the routing table on DSW
Distro Switch after receiving default route.
- Now that the DSW has connectivity to everywhere via the default route let's make sure that the rest of the EIGRP routing domain knows about the routes on DSW.
R5 Routing table still missing the distro switches networks.
- As we can see we R5 does not know how to reach the 172.16.10.0/172.16.20.0 networks. So we need to create a prefix-list and route-map to identify those networks and leak them out to the upstream neighbor from R1
R1(config)#ip prefix-list TO_R2 permit 172.16.10.0/24 # This command will identify the prefix-length to advertise
R1(config)#ip prefix-list TO_R2 permit 172.16.20.0/24 # This command will identify the prefix-length to advertise
R1(config)#route-map TO_R2 # This command creates a route-map. Its default is to permit traffic.
R1(config-route-map)#match ip address prefix-list TO_R2 # This command will identify the prefix-list to be matched.
R1(config-route-map)#permit 20 # This extra permit command will make sure the rest of the traffic does not get denied.
R1(config-router-af)#eigrp stub leak-map LEAK_MAP_R2 # This command will advertise routes upstream to R1 that are a part of the downstream routes network that wouldn't normally be advertised under regular stub routing.
Prefix-list and route-map configuration
applying the route-map to our upstream neighbor
- Now we see full convergence on our network, and all prefixes and networks can now reach each other. We can be sure of this by pinging 3.3.2.1 via the DSW sourced from the 172.16.10.0 network.
The network is now fully converged.
EIGRP Authentication, Passive-Interface, Summarization
Last modified 1mo ago