cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
255
Views
0
Helpful
3
Replies

Best way to block EIGRP hellos on large # of interfaces

7tsommer
Level 1
Level 1

We have a core router with a couple hundred stores attached to it. These are all stub stores, and each one carries its own /24 from the 10.0.0.0 network. We also have some hub stores hanging off of these with redundant links that need to use a routing protocol. Our problem is that we need to hush the EIGRP hellos on most of our subinterfaces, while allowing them on a few others. Is the only option to do a "passive-interface" for each and every PVC? That would be hundreds! Is there an easier way? How does the "passive-interface default" command work? Can I disable all interfaces by default using this command and only allow the hellos out the few that need them? All of our stores, both stubs and hubs, utilize class C subnets from the same class A.

3 Replies 3

vcjones
Level 5
Level 5

I don't have an answer to your specific question because while I have designed large hub and spokes networks with EIGRP, I have never had a desire to disable EIGRP to the spokes. You are absolutely correct that it is undesireable for every store to have routes for every other store. But there are other ways to speed convergence, reduce spoke router resource consumption, and minimize SIAs.

I like to leave EIGRP turned on and filter the updates from the core router so that each store only receives a default route. That way, you do not have a maintenance nightmare in the form of gazilions of static routes which must be kept up to date every time a store moves or a new store is opened. It also makes it much easier to add redundant connections for higher availability.

Good luck and have fun!

Vincent C Jones

http://www.networkingunlimited.com

Thanks for your reply. The issue is that, from what I've read, Cisco recommends no more than 250 EIGRP adjacencies on any router. We'll have 500+ stores on one router. We will be filling up our IMA groups (they max out at 255 PVCs). All the stores are on 56k frame to ATM IMA, so we could easily flood the IMA group with unnecessary EIGRP hello messages. Not really any chance for redundant links in our future, either. Finally, our IP scheme follows our registered store number, so if we did close a store, the class C AND the vpi/vci would be retired, so that's not an issue.

Maintaining the static routes will be easy. When we build an IMA subinterface, we use the same number as the store for both the store's class C and the ATM/IMA subinterface number anyway, so the static route will be a no-brainer, and we'll only have to enter it once.

I did find the answer to my other question, too. If you use the "passive-interface default" command in the EIGRP configuration, you can "no passive-interface" for each individual PVC that you DO want participating in the routing. Unless there's a really compelling reason to do something else, I think this will suit our needs best.

Thanks again!

T.

"Cisco recommends no more than 250 EIGRP adjacencies on any router"

It really depends more on network design, etc. 500 neighbors on a single router would be a lot, I would tend to split it between two routers, but I have seen some networks with larger numbers than this (not many more, but a little more).

But there are other issues here that need to be thought out:

-- Since you are not dual homing the remotes, what real good is there in running a routing protocol out to them? If the store fails, and the link doesn't go down, what is the consequence? You're not going to be able to deliver traffic to the store in any case, because there's no backup link, so the only thing you will gain with dynamic routing is knowing about the store failure through SNMP traps/console logs/etc. (which might be important), and not having to configure static routes for each store (which could be very important in your network).

-- I prefer dynamic routing over static, since less human touching is involved. I know it seems simple enough to configure the static routes, until it's 2am, something breaks, and you have to call TAC. Then you're sitting there with bleary eyes trying to figure out if all those statics are right. Having worked in the TAC for a couple of years, I can tell you that one of my primary tests for network configurations is the 2AM with a TAC engineer test. If you are going to do statics, I would suggest using a spreadhseet or text file combined with a script to manage them, rather than trying to manage them manually.

-- EIGRP passive interface won't help here, since passive interface actually stops EIGRP from building a neighbor relationship. If you want to run EIGRP on this high neighbor count situation, then do this:

--- Make each neighbor a stub.

--- Filter the routes sent to the remotes so they only receive a default route. This is all they need anyway. In fact, you could configure static defaults on the remotes, and filter _all_ the routes being sent to the remotes, which would reduce the work on the hub router just a bit more.

Finally, in answer to your last specific question, passive-interface default passives all the interfaces on the box, and you can unpassive specific interfaces, causing EIGRP to run on those interfaces. Passive interfaces in EIGRP are an alternative to redistribute connected, though, rather than to filtering or running stubs.

For more information on stubs:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a00800ab721.html

Hope this helps.

:-)

Russ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco