EIGRP Stub Routing, Leak-Maps
EIGRP Lab Diagram
Before configuration, let's go over what stub routing is. A stub router or "stub network" is a router or routing-enabled device that has no downstream routing neighbors to share routes with. A stub router only has one path for destination traffic, and that is to its ONE upstream neighbor. This configuration is typical with small offices connected to an HQ (HUB), or in a Hub-and-spoke topology. So why designate a router as a "stub"?
- To understand why we use a stub configuration, we must first go over the EIGRP query message. If we take a look at our network diagram above, the ISP network has a lot of prefixes being advertised. If one of the prefixes, 18.104.22.168/24, goes down, and let's say that the network lives on R5, R5 will first send an EIGRP Query message to all its neighbors. The query message will go from R5-->R4, R5-->R3, and R5-->R2. Each router will reply with an EIGRP Reply packet saying they do not have an alternative path to 22.214.171.124/24, EXCEPT R2. R2 will send a query downstream, and then R1 will send an EIGRP reply back, then R2 will send an EIGRP reply back to R5 stating there is no alternative path. So no big deal, right?
- In a well-tuned and well-engineered network, we want to try and eliminate any additional stress or burden on the router's physical resources. So, in a large EIGRP domain, you can see how all these query messages can be quite intensive. EIGRP will not be fully converged and active until a router receives a reply to the query. So what can we do to suppress the queries? Create a stub network.
- Once the stub command has been configured, we will see the queries being suppressed. We will configure R1 as a stub, and then from R2; we will do a debug and check to see if the queries are not getting sent to its downstream stub neighbor, R1. We will shutdown loopback address 126.96.36.199 on R5 to cause a topology change so we can see EIGRP queries being sent.
EIGRP Lab Diagram
R1(config-router-af)#eigrp stub connected summary # This command will
set R1 as an EIGRP stub router.
show ip eigrp neighbors detail
debug eigrp packets query reply commands
shutdown loopback3 on R5 to make a topology change
debug output from R2, notice a query was not sent to the downstream stub neighbor R1.
wireshark capture from R1 to R2. R1 is a stub and there was a query in the domain that stopped at R2.
EIGRP Lab Diagram
- Our organization has decided to set up another offsite on our campus to service a server farm, let's say, a mile away. So we add a Cisco 9000series Catalyst Distribution switch. And we want this network to become a part of our routing domain while also keeping our stub configuration. If we do this, will routers R2 - R5 know about this edition of our routing domain? Let's see. We have configured the DSW and R1 to be neighbors; they are advertising networks between them. If we take a look at the DSW's routing table and R5's routing table, will we have complete convergence?
R5 not seeing the downstream neighbor networks of the EIGRP stub router R1.
DSW routing table, not learning anything beyond the Stub router; R1
- We can fix this by advertising a default route from R1 ---> DSW. This lets all the DSW users and networks use R1 as the default route out. To have full reachability, we will need to create a "leak-map" on R1 that will advertise the Distro Switches networks to its neighbors and still suppress query messages by remaining a stub router.
R1(config-router-af)#af-interface 0/2# This command will allow us to configure the eth0/2 interface under our EIGRP named mode
R1(config-router-af-interface)#summary-address 0.0.0.0 0.0.0.0# This command will advertise a default route out of the interface via EIGRP
Distro switch DSW routing table
Summary address command sent to DSW from R1
Distro Switch after receiving default route.
R5 Routing table still missing the distro switches networks.
R1(config)#ip prefix-list TO_R2 permit 172.16.10.0/24# This command will identify the prefix-length to advertise
R1(config)#ip prefix-list TO_R2 permit 172.16.20.0/24# This command will identify the prefix-length to advertise
R1(config)#route-map TO_R2# This command creates a route-map. Its default is to permit traffic.
R1(config-route-map)#match ip address prefix-list TO_R2# This command will identify the prefix-list to be matched.
R1(config-route-map)#permit 20# This extra permit command will make sure the rest of the traffic does not get denied.
R1(config-router-af)#eigrp stub leak-map LEAK_MAP_R2# This command will advertise routes upstream to R1 that are a part of the downstream routes network that wouldn't normally be advertised under regular stub routing.
Prefix-list and route-map configuration
applying the route-map to our upstream neighbor
The network is now fully converged.