A Deep Dive into Cisco’s Hybrid Routing Protocol
Concepts, Configuration, and Practical Scenarios
Introduction: What Is EIGRP?
If you have worked in a Cisco environment for any length of time, you have almost certainly encountered EIGRP. It is one of those protocols that sits quietly at the heart of many enterprise networks, doing its job reliably enough that people sometimes forget it is there. But understanding how it works, and more importantly why it works the way it does, is essential knowledge for any infrastructure professional.
EIGRP, the Enhanced Interior Gateway Routing Protocol, is classified as an advanced distance-vector protocol, though many engineers describe it as a hybrid because it borrows ideas from both distance-vector and link-state protocols. It was originally developed by Cisco as a proprietary protocol. In 2013, Cisco published an informational RFC (RFC 7868) that documented the protocol, making it partially open, though in practice EIGRP remains most widely deployed in Cisco-only networks.
EIGRP uses IP protocol number 88, not TCP or UDP, and communicates using multicast address 224.0.0.10. After an initial full routing table exchange with neighbors, EIGRP sends only incremental updates when changes occur. This is one of the key efficiency advantages over older distance-vector protocols like RIP, which periodically broadcast their entire routing tables.
How EIGRP Works: The DUAL Algorithm
At the core of EIGRP is the Diffusing Update Algorithm, or DUAL. This is the decision engine that selects the best path to every destination, ensures those paths are loop-free, and pre-calculates backup routes so that failover is nearly instantaneous.
DUAL operates on a simple but powerful principle: it tracks every route advertised by every neighbor, selects the best one (the successor), and identifies backup routes (feasible successors) that are mathematically guaranteed to be loop-free. If the successor fails and a feasible successor exists, EIGRP can switch to the backup without querying any other routers. This is why EIGRP converges so fast compared to protocols that must recalculate from scratch.
When no feasible successor is available, DUAL enters a diffusing computation. The router sends query packets to its neighbors asking for alternative paths. During this time, the route is marked as active. Once replies come back, the best new path is selected and the route returns to passive state. Routes that get stuck in active state for too long trigger a Stuck-In-Active (SIA) condition, which resets the neighbor relationship.
The Three Tables
EIGRP maintains three separate tables, each serving a distinct purpose:
| Table | Purpose |
| Neighbor Table | Lists all directly connected EIGRP neighbors. Built and maintained through Hello packets. Tracks the interface, hold time, uptime, and sequence numbers for each neighbor. |
| Topology Table | Stores all routes learned from all neighbors, not just the best ones. Contains both successors and feasible successors. This is where DUAL does its work. |
| Routing Table | Contains only the best routes (successors) selected from the topology table. These are the routes actually used for forwarding packets. EIGRP routes appear with a D prefix. |
EIGRP Vocabulary
Before going deeper into configuration, it is important to understand the terminology that EIGRP uses, because it is unique to this protocol and can be confusing at first.
| Term | Definition |
| Successor | The best route to a destination. This is the route that ends up in the routing table and is used for forwarding. |
| Feasible Successor | A backup route that meets the feasibility condition. Kept in the topology table and promoted instantly if the successor fails. |
| Feasible Distance (FD) | The total metric (cost) from the local router to the destination via the successor route. This is the best known distance. |
| Advertised/Reported Distance (AD/RD) | The metric reported by a neighbor for its own best path to the destination. Used to check the feasibility condition. |
| Feasibility Condition | A route qualifies as a feasible successor only if its advertised distance is strictly less than the current feasible distance. This mathematical check guarantees loop-free backup paths. |
| Administrative Distance | EIGRP internal routes have an AD of 90. External (redistributed) EIGRP routes have an AD of 170. Lower AD is preferred when comparing routes from different protocols. |
EIGRP Packet Types
EIGRP uses five distinct packet types for communication. Understanding these is crucial for troubleshooting neighbor relationships and convergence issues.
| Packet | Reliable? | Purpose |
| Hello | No | Neighbor discovery and keepalive. Sent every 5 seconds on Ethernet (60 seconds on slow links). The hold time is 3x the hello interval by default. |
| Update | Yes | Carries route information. Sent when a new neighbor is discovered (full table exchange) or when a route changes (partial update). |
| Query | Yes | Sent when a route is lost and no feasible successor exists. The router asks neighbors if they have an alternative path. |
| Reply | Yes | Response to a query packet. Contains the route information the querying router needs to complete its computation. |
| ACK | No | Acknowledges receipt of reliable packets (updates, queries, replies). A hello packet with no data. |
Metric Calculation
EIGRP calculates its composite metric using bandwidth and delay by default, though it can optionally include load and reliability. The K-values control which components are factored in. By default, K1 (bandwidth) and K3 (delay) are set to 1, while K2 (load), K4 (reliability), and K5 (MTU) are set to 0.
The simplified default formula is:
Metric = [ 10⁷ / minimum bandwidth (kbps) + cumulative delay (µs / 10) ] × 256Two important principles govern how these values are computed along a path:
- Bandwidth: EIGRP uses the worst (lowest) bandwidth encountered along the entire path. Each router reports the minimum bandwidth it has seen, and the next router compares that with its own interface bandwidth, keeping whichever is lower.
- Delay: EIGRP sums the delay values of every link along the path. Each router adds its own interface delay to the cumulative delay received from its neighbor before advertising onward.
All K-values must match between EIGRP neighbors or the adjacency will not form. This is a common troubleshooting item.
Neighbor Adjacency Requirements
EIGRP routers will not form a neighbor relationship unless all of the following conditions are met:
- The routers must be on the same subnet and reachable via a directly connected interface.
- The autonomous system (AS) number must match on both routers.
- The K-values must be identical on both sides.
- Authentication credentials must match (if authentication is configured).
- Hello packets must be received within the hold time window.
Practical Scenario: Three-Site EIGRP Deployment
Consider a typical enterprise with a headquarters, a branch office, and a data center, all connected by WAN links. We want full reachability between all three sites using EIGRP.
Network Topology
+——————-+ +——————-+
| HEADQUARTERS | | BRANCH |
| HQ-RTR (R1) | | BR-RTR (R2) |
| Gi0/0: 10.1.0.0/24 (LAN) | Gi0/0: 10.2.0.0/24 (LAN)
| Se0/0/0: 172.16.12.1/30 |—| Se0/0/0: 172.16.12.2/30
+——————-+ +——————-+
|
Se0/0/1: 172.16.13.1/30
|
+——————-+
| DATA CENTER |
| DC-RTR (R3) |
| Gi0/0: 10.3.0.0/24 (LAN)
| Se0/0/0: 172.16.13.2/30
+——————-+
Step 1: Configure Interfaces
R1 (Headquarters)
R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip address 10.1.0.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface Serial0/0/0
R1(config-if)# ip address 172.16.12.1 255.255.255.252
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface Serial0/0/1
R1(config-if)# ip address 172.16.13.1 255.255.255.252
R1(config-if)# no shutdown
R2 (Branch)
R2(config)# interface GigabitEthernet0/0
R2(config-if)# ip address 10.2.0.1 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
R2(config)# interface Serial0/0/0
R2(config-if)# ip address 172.16.12.2 255.255.255.252
R2(config-if)# no shutdown
R3 (Data Center)
R3(config)# interface GigabitEthernet0/0
R3(config-if)# ip address 10.3.0.1 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface Serial0/0/0
R3(config-if)# ip address 172.16.13.2 255.255.255.252
R3(config-if)# no shutdownStep 2: Enable EIGRP
The AS number must be identical on all three routers. We use AS 100 here. The network statements tell EIGRP which interfaces to activate and which networks to advertise. Using wildcard masks gives precise control.
R1 (Headquarters)
R1(config)# router eigrp 100
R1(config-router)# network 10.1.0.0 0.0.0.255
R1(config-router)# network 172.16.12.0 0.0.0.3
R1(config-router)# network 172.16.13.0 0.0.0.3
R1(config-router)# no auto-summary
R2 (Branch)
R2(config)# router eigrp 100
R2(config-router)# network 10.2.0.0 0.0.0.255
R2(config-router)# network 172.16.12.0 0.0.0.3
R2(config-router)# no auto-summary
R3 (Data Center)
R3(config)# router eigrp 100
R3(config-router)# network 10.3.0.0 0.0.0.255
R3(config-router)# network 172.16.13.0 0.0.0.3
R3(config-router)# no auto-summary
Once configured, you should see neighbor adjacency messages on the console:
Console Output
%DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.12.2
(Serial0/0/0) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.13.2
(Serial0/0/1) is up: new adjacencyStep 3: Secure with Passive Interfaces
LAN interfaces should not send EIGRP hello packets to end devices. Use the passive-interface command to suppress hellos on LAN-facing interfaces while still advertising those networks.
R1 (Headquarters)
R1(config)# router eigrp 100
R1(config-router)# passive-interface GigabitEthernet0/0
Alternatively, make all interfaces passive by default and selectively enable the ones that need to form neighbor adjacencies:
Alternative Approach
R1(config-router)# passive-interface default
R1(config-router)# no passive-interface Serial0/0/0
R1(config-router)# no passive-interface Serial0/0/1
Step 4: Configure Authentication
MD5 authentication ensures that only authorized routers can form EIGRP adjacencies. This is critical in production environments to prevent rogue routers from injecting false routing information.
Key Chain Configuration (all routers)
R1(config)# key chain EIGRP-KEY
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string S3cur3Pa$$
R1(config-keychain-key)# exit
R1(config-keychain)# exit
Apply to Interfaces (R1 example)
R1(config)# interface Serial0/0/0
R1(config-if)# ip authentication mode eigrp 100 md5
R1(config-if)# ip authentication key-chain eigrp 100 EIGRP-KEY
R1(config)# interface Serial0/0/1
R1(config-if)# ip authentication mode eigrp 100 md5
R1(config-if)# ip authentication key-chain eigrp 100 EIGRP-KEY
Verification Commands
After configuration, verifying that EIGRP is working correctly is essential. These are the commands you will use daily.
| Command | What It Shows |
| show ip eigrp neighbors | Lists all EIGRP neighbors, their IP addresses, the interface they were learned on, hold time, uptime, and queue counts. |
| show ip eigrp topology | Displays the topology table with all successors and feasible successors, their feasible distances, and reported distances. |
| show ip route eigrp | Shows only EIGRP-learned routes in the routing table, marked with D. Displays the metric and next-hop for each route. |
| show ip protocols | Confirms EIGRP is running, shows the AS number, K-values, networks being advertised, and administrative distances. |
| show ip eigrp interfaces | Lists interfaces participating in EIGRP, the number of peers on each, and queue statistics. |
| show ip eigrp traffic | Displays packet counters for hellos, updates, queries, replies, and ACKs. Useful for spotting communication problems. |
Sample: show ip eigrp neighbors
R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.12.2 Se0/0/0 12 01:15:30 40 1000 0 15
1 172.16.13.2 Se0/0/1 13 01:14:22 35 800 0 12
Sample: show ip route eigrp
R1# show ip route eigrp
10.0.0.0/24 is subnetted, 3 subnets
D 10.2.0.0 [90/2172416] via 172.16.12.2, 01:15:30, Serial0/0/0
D 10.3.0.0 [90/2172416] via 172.16.13.2, 01:14:22, Serial0/0/1
Sample: show ip eigrp topology
R1# show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(100)/ID(10.1.0.1)
Codes: P – Passive, A – Active, U – Update, Q – Query
P 10.2.0.0/24, 1 successors, FD is 2172416
via 172.16.12.2 (2172416/28160), Serial0/0/0
P 10.3.0.0/24, 1 successors, FD is 2172416
via 172.16.13.2 (2172416/28160), Serial0/0/1
Route Summarization
Route summarization reduces the size of routing tables and limits the scope of query packets, both of which improve EIGRP scalability. By default, EIGRP historically performed auto-summarization at classful boundaries, but this was disabled by default starting in IOS 15. In modern configurations, you should always use no auto-summary and configure manual summaries where they make sense.
Manual summary routes are configured on the interface facing the direction where you want the summary advertised:
Manual Route Summarization
R1(config)# interface Serial0/0/0
R1(config-if)# ip summary-address eigrp 100 10.1.0.0 255.255.0.0
This command tells R1 to advertise a single 10.1.0.0/16 summary to its neighbor through Serial0/0/0 instead of advertising individual /24 subnets. The practical benefit: if a subnet within the summary flaps, the flap is contained locally and does not trigger queries or updates across the wider network.
EIGRP Stub Routing
Branch office routers typically should not serve as transit routers. EIGRP stub routing prevents branch routers from being queried for routes they should not be providing, which dramatically reduces convergence time in large networks and prevents SIA conditions.
Stub Configuration on Branch Router
R2(config)# router eigrp 100
R2(config-router)# eigrp stub connected summary
The connected and summary keywords specify that the stub router will only advertise its directly connected networks and any configured summary routes. Other options include static, redistributed, and receive-only.
Load Balancing
EIGRP supports both equal-cost and unequal-cost load balancing, which is one of its unique advantages over OSPF.
Equal-cost load balancing happens automatically when multiple paths to the same destination have identical metrics. By default, EIGRP can load-balance across up to four equal-cost paths. This can be increased to 32 using the maximum-paths command.
Unequal-cost load balancing is enabled using the variance command. The variance is a multiplier applied to the feasible distance of the successor. Any feasible successor whose metric is within the variance threshold will also be used for forwarding.
Unequal-Cost Load Balancing
R1(config)# router eigrp 100
R1(config-router)# variance 2
R1(config-router)# maximum-paths 4
With a variance of 2, any feasible successor with a metric up to 2x the successor metric will be included in load balancing. Traffic is distributed proportionally based on the metric of each path.
EIGRP vs. OSPF: When to Use Which
| Feature | EIGRP | OSPF |
| Type | Advanced distance-vector (hybrid) | Link-state |
| Standard | Cisco-developed (RFC 7868) | Open standard (RFC 2328) |
| Convergence | Faster (feasible successors) | Fast (SPF recalculation) |
| Load Balancing | Equal and unequal cost | Equal cost only |
| Scalability | Good with stub/summarization | Excellent with areas |
| Configuration | Simpler | More complex (areas, DRs) |
| Multi-vendor | Primarily Cisco | Any vendor |
| Admin Distance | 90 (internal) / 170 (external) | 110 |
In practice, EIGRP tends to be the right choice for Cisco-only environments where simplicity and fast convergence are priorities. OSPF is preferred when multi-vendor interoperability is needed or when the network is large enough to benefit from a hierarchical area design.
Named Mode Configuration
Modern Cisco IOS supports a newer configuration syntax called EIGRP named mode, which consolidates all EIGRP settings under a single configuration hierarchy rather than splitting them between the router process and individual interfaces. Named mode also supports features like SHA-256 authentication and wide metrics for interfaces faster than 10 Gbps.
Named Mode Example
R1(config)# router eigrp CAMPUS-NET
R1(config-router)# address-family ipv4 unicast autonomous-system 100
R1(config-router-af)# network 10.1.0.0 0.0.0.255
R1(config-router-af)# network 172.16.12.0 0.0.0.3
R1(config-router-af)# af-interface default
R1(config-router-af-interface)# passive-interface
R1(config-router-af-interface)# exit-af-interface
R1(config-router-af)# af-interface Serial0/0/0
R1(config-router-af-interface)# no passive-interface
R1(config-router-af-interface)# exit-af-interface
R1(config-router-af)# topology base
R1(config-router-af-topology)# variance 2
R1(config-router-af-topology)# exit-af-topology
Named mode is the recommended approach for new deployments. It provides better organization, supports IPv4 and IPv6 in the same configuration hierarchy, and makes troubleshooting easier because all EIGRP settings are visible in one place.
Troubleshooting Checklist
When EIGRP neighbors are not forming or routes are not appearing as expected, work through these checks systematically:
- Verify Layer 1 and Layer 2 connectivity first. Can you ping the neighbor?
- Confirm the AS number matches on both routers using show ip protocols.
- Check that K-values match. Mismatched K-values are a silent killer.
- Verify the network statements include the correct interfaces. Use show ip eigrp interfaces to confirm.
- Check for passive interfaces that should not be passive.
- If using authentication, confirm the key chain name, key number, and key-string match on both sides.
- Look for ACL or firewall rules blocking protocol 88 or multicast 224.0.0.10.
- Check for SIA conditions in the logs, which indicate query scope problems. Consider stub routing or summarization.
Useful Debug Commands
R1# debug eigrp packets hello
R1# debug eigrp neighbors
R1# debug ip eigrp
Use debug commands sparingly in production. They generate significant CPU load and console output. Always set a terminal monitor and be ready to disable them quickly.
Conclusion
EIGRP is a protocol that rewards understanding. On the surface, it is simple to configure. A few network statements, an AS number, and you have routing. But the depth is in the details: how DUAL selects and validates backup paths, how metric calculation works across variable-bandwidth paths, how stub routing and summarization contain query scope in large networks, and how unequal-cost load balancing distributes traffic intelligently.
For IT infrastructure professionals working in Cisco environments, EIGRP is not just a protocol to configure and forget. It is a system that, when examined carefully, teaches you something about how good design works in general: maintain awareness of your neighbors, keep backup plans ready, only send updates when something actually changes, and always verify that your path is loop-free before you commit to it.
Not bad advice for routing. Not bad advice for anything, really.
Leave a Reply