EIGRP Protocol Analysis
DUAL-reasoning-driven analysis skill for Cisco EIGRP. Unlike link-state
protocols that flood topology databases, EIGRP uses the Diffusing Update
Algorithm (DUAL) to compute loop-free paths through a distributed query/reply
process. Effective EIGRP diagnosis requires understanding successor selection,
the feasibility condition, and stuck-in-active mechanics — not just reading
command output.
Commands are labeled [IOS-XE] or [NX-OS] where syntax diverges.
Unlabeled statements apply to both platforms.
When to Use
- - EIGRP route missing from the routing table or suboptimal path selected
- Stuck-in-active (SIA) condition — routes locked in Active state, queries
unanswered
- - Neighbor adjacency not forming or flapping between up and down
- K-value mismatch suspected after configuration change or new device addition
- Post-change verification after EIGRP topology modifications, summarization
changes, or stub configuration
- - Redistribution loop suspected between EIGRP and another protocol (commonly
OSPF)
- - Named mode migration — validating behavior parity with classic mode
Prerequisites
- - SSH or console access to Cisco IOS-XE or NX-OS device (read-only privilege
sufficient)
- - EIGRP process running — classic mode (
router eigrp [AS]) or named mode
(
router eigrp [name])
- - On NX-OS:
feature eigrp must be enabled before any EIGRP configuration - Knowledge of the EIGRP autonomous system number and expected neighbor topology
- Awareness of configured stub, summarization, and distribute-list settings that
affect query scope
Procedure
Follow this diagnostic flow sequentially. Each step builds on data from prior
steps, moving from broad inventory to targeted DUAL-level analysis.
Step 1: EIGRP Instance and Neighbor Inventory
Verify EIGRP is running and collect the neighbor table.
[IOS-XE]
�CODEBLOCK0
[NX-OS]
�CODEBLOCK1
Record each neighbor: interface, address, hold time, uptime (since), SRTT,
queue counts. Compare against expected topology — every directly connected
EIGRP router should appear. Key observations:
- - Missing neighbor → interface misconfiguration, passive-interface, K-value
mismatch, or AS number mismatch (proceed to Step 4)
- - Low uptime → recent adjacency reset; correlate with change events
- High SRTT → slow neighbor responses; potential SIA risk
- Non-zero queue count (Q Cnt) → neighbor is congestion-limited; queries
and updates may be delayed
Step 2: Topology Table Analysis
Examine DUAL's successor and feasible successor selection for key prefixes.
[IOS-XE]
�CODEBLOCK2
[NX-OS]
�CODEBLOCK3
For each route entry, interpret the DUAL state:
- - Feasible Distance (FD): The best metric this router has ever known for
this destination — used as the threshold for the feasibility condition.
- - Reported Distance (RD): The metric the neighbor claims for this
destination from its own perspective (the neighbor's computed distance).
- - Successor: The neighbor whose path is currently installed in the routing
table — lowest FD among all feasible paths.
- - Feasible Successor (FS): A backup neighbor whose RD is strictly less than
the current FD. This guarantees a loop-free alternate path.
Feasibility condition: RD of neighbor < FD of current successor. If a
neighbor's reported distance is lower than the current feasible distance, DUAL
guarantees that neighbor is not part of a routing loop and can serve as a
backup without triggering a query.
If no feasible successor exists and the successor fails, DUAL must go Active
and send queries — proceed to Step 3.
Step 3: Stuck-in-Active Diagnosis
Identify routes in Active state and diagnose query/reply failures.
[IOS-XE]
�CODEBLOCK4
[NX-OS]
�CODEBLOCK5
Routes in Active state are waiting for query replies from neighbors. The SIA
timer (default 3 minutes) starts when a route goes Active. If a neighbor does
not reply within half the SIA timer (90 seconds), a SIA-Query is sent. If
still no reply at the full timer, the neighbor is reset.
Determine which neighbor is not responding:
- - Check the topology entry — the "replies" counter shows outstanding queries
- Identify the unresponsive neighbor and investigate: is it reachable? Is its
CPU overloaded? Is it waiting for its own downstream queries?
Query scope is the primary lever for SIA prevention. Broad query scope
(queries propagating across the entire EIGRP domain) is the most common root
cause. Mitigations:
- - Stub configuration — stub routers do not propagate queries
- Summarization — summarized routes contain query scope at the summarization
boundary
- - Distribute-lists — filter scope but do not affect query propagation
Step 4: K-Value and Metric Validation
Verify metric parameters match across all neighbors — mismatched K-values
prevent adjacency formation entirely.
[IOS-XE]
�CODEBLOCK6
[NX-OS]
�CODEBLOCK7
Confirm K-values on each device: K1=1, K2=0, K3=1, K4=0, K5=0 (defaults). All
neighbors in the same AS must use identical K-values or adjacency is refused.
Check metric mode: named EIGRP supports wide metrics (64-bit) using the
rib-scale factor. Classic mode uses 32-bit metrics. If migrating from classic
to named mode, verify metric values remain consistent — wide metrics produce
different values that are scaled before RIB installation.
Validate interface-level delay and bandwidth on key links:
[IOS-XE]
�CODEBLOCK8
[NX-OS]
�CODEBLOCK9
Incorrect bandwidth or delay on an interface directly affects path selection.
A common misconfiguration is leaving default bandwidth on serial or tunnel
interfaces, causing EIGRP to compute incorrect metrics.
Step 5: Redistribution and Route Filtering
Check for redistribution loops and verify route filtering.
[IOS-XE]
�CODEBLOCK10
[NX-OS]
�CODEBLOCK11
External EIGRP routes (D EX) indicate redistribution. Common issues:
- - Mutual redistribution between EIGRP and OSPF without proper route tagging
creates routing loops — redistributed routes circle back and re-enter the
original protocol with different metrics
- - Missing distribute-list or route-map on redistribution points allows
unintended routes to cross protocol boundaries
- - Administrative distance — EIGRP external routes have AD 170, higher than
OSPF (110). If the same prefix exists in both, OSPF wins — this may or may
not be desired
Verify distribute-lists and route-maps are applied correctly at redistribution
points. Check that route tags are used to prevent loops in mutual redistribution
designs.
Threshold Tables
Operational parameter norms for EIGRP — protocol-level expectations, not device
resource thresholds.
| Parameter | LAN Default | WAN Default | Notes |
|---|
| Hello Interval | 5s | 60s | WAN = multipoint links < 1.544 Mbps |
| Hold Timer |
15s | 180s | 3x hello by convention |
| Active Timer (SIA) | 3 min | 3 min | Configurable; half-time SIA-Query at 90s |
| Route Update Delay | Immediate | Immediate | No MRAI — updates sent as computed |
Metric Defaults (Classic Mode):
| K-Value | Default | Weight | Component |
|---|
| K1 | 1 | Bandwidth | 10^7 / min-bandwidth-kbps |
| K2 |
0 | Load | Disabled by default |
| K3 | 1 | Delay | Sum of delays in tens of µs |
| K4 | 0 | Reliability | Disabled by default |
| K5 | 0 | Reliability | Disabled by default |
Operational Norms:
| Metric | Healthy | Warning | Critical |
|---|
| Neighbor count | Matches design | ± 1 from baseline | > 2 missing |
| SIA events / week |
0 | 1–2 | > 3 |
| Active routes | 0 | 1–5 | > 5 or persistent |
| Topology table size | Stable ± 5% | Change > 10% | Change > 25% |
| SRTT (ms) | < 100 | 100–500 | > 500 |
Decision Trees
Stuck-in-Active Triage
CODEBLOCK12
Missing or Suboptimal Route
CODEBLOCK13
Report Template
CODEBLOCK14
Troubleshooting
K-Value Mismatch
Neighbors with different K-values refuse to form adjacency — no error message
appears in the neighbor table because the adjacency never establishes. Check
show ip protocols on both devices and compare K1–K5 values. This is the most
common silent EIGRP adjacency failure.
Stuck-in-Active Cascading
One unresponsive neighbor can cascade SIA across the domain: Router A queries
Router B, which queries Router C, which is down. If C never replies, B cannot
reply to A, and A resets B. Use eigrp stub on leaf routers to prevent query
propagation beyond the distribution layer.
Redistribution Loops with OSPF
Mutual redistribution (EIGRP→OSPF and OSPF→EIGRP) without route tags creates
loops where routes re-enter their original protocol with altered metrics. Use
route tags at every redistribution point: tag EIGRP-originated routes and deny
those tags on re-entry to EIGRP.
Named vs Classic Mode Confusion
Named mode uses wide metrics (64-bit) internally and scales them for the RIB.
Mixing classic and named mode routers in the same AS is supported but metrics
may appear different in show output. Verify with show eigrp address-family
(named) vs show ip eigrp (classic) — both should compute the same successor.
Passive-Interface Misconfiguration
INLINECODE9� suppresses EIGRP on all interfaces. If new
interfaces are added without no passive-interface, neighbors will not form.
Check show ip protocols to see which interfaces are passive.
EIGRP协议分析
基于DUAL推理驱动的Cisco EIGRP分析技能。与泛洪拓扑数据库的链路状态协议不同,EIGRP使用扩散更新算法(DUAL)通过分布式查询/回复过程计算无环路径。有效的EIGRP诊断需要理解后继选择、可行性条件和卡在活跃状态机制——而不仅仅是读取命令输出。
命令在语法差异处标注为[IOS-XE]或[NX-OS]。未标注的语句适用于两个平台。
使用时机
- - EIGRP路由从路由表中丢失或选择了次优路径
- 卡在活跃状态(SIA)条件——路由锁定在Active状态,查询未得到回复
- 邻居邻接未建立或在Up和Down之间抖动
- 配置变更或新增设备后怀疑K值不匹配
- EIGRP拓扑修改、汇总变更或末梢配置后的变更验证
- 怀疑EIGRP与另一种协议(通常是OSPF)之间存在重分发环路
- 命名模式迁移——验证与经典模式的行为一致性
前提条件
- - 通过SSH或控制台访问Cisco IOS-XE或NX-OS设备(只读权限足够)
- EIGRP进程正在运行——经典模式(router eigrp [AS])或命名模式(router eigrp [name])
- 在NX-OS上:必须先启用feature eigrp才能进行任何EIGRP配置
- 了解EIGRP自治系统号和预期的邻居拓扑
- 了解已配置的末梢、汇总和分发列表设置,这些设置会影响查询范围
操作步骤
按顺序执行此诊断流程。每一步都基于前一步的数据,从广泛清单逐步深入到目标DUAL级别分析。
第1步:EIGRP实例和邻居清单
验证EIGRP正在运行并收集邻居表。
[IOS-XE]
show ip eigrp neighbors
[NX-OS]
show ip eigrp neighbors vrf all
记录每个邻居:接口、地址、保持时间、运行时间(自)、SRTT、队列计数。与预期拓扑进行比较——每个直连的EIGRP路由器都应出现。关键观察:
- - 缺少邻居 → 接口配置错误、被动接口、K值不匹配或AS号不匹配(转到第4步)
- 运行时间短 → 最近邻接重置;与变更事件关联
- 高SRTT → 邻居响应慢;潜在的SIA风险
- 非零队列计数(Q Cnt) → 邻居受拥塞限制;查询和更新可能延迟
第2步:拓扑表分析
检查DUAL对关键前缀的后继和可行后继选择。
[IOS-XE]
show ip eigrp topology [prefix/len]
[NX-OS]
show ip eigrp topology [prefix/len] vrf default
对于每个路由条目,解释DUAL状态:
- - 可行距离(FD): 此路由器曾经知道的到达此目的地的最佳度量——用作可行性条件的阈值。
- 报告距离(RD): 邻居从自身角度声称的到达此目的地的度量(邻居计算的距离)。
- 后继: 当前安装在路由表中的邻居路径——所有可行路径中最低的FD。
- 可行后继(FS): RD严格小于当前FD的备份邻居。这保证了一条无环备用路径。
可行性条件: 邻居的RD < 当前后继的FD。如果邻居的报告距离低于当前可行距离,DUAL保证该邻居不是路由环路的一部分,并且可以在不触发查询的情况下作为备份。
如果没有可行后继且后继失败,DUAL必须进入Active状态并发送查询——转到第3步。
第3步:卡在活跃状态诊断
识别处于Active状态的路由并诊断查询/回复失败。
[IOS-XE]
show ip eigrp topology active
[NX-OS]
show ip eigrp topology active vrf default
处于Active状态的路由正在等待邻居的查询回复。SIA计时器(默认3分钟)在路由进入Active状态时启动。如果邻居在SIA计时器的一半时间(90秒)内未回复,则发送SIA查询。如果在完整计时器内仍未回复,则重置邻居。
确定哪个邻居未响应:
- - 检查拓扑条目——replies计数器显示未完成的查询
- 识别无响应的邻居并进行调查:它是否可达?其CPU是否过载?它是否在等待自己的下游查询?
查询范围是预防SIA的主要手段。广泛的查询范围(查询传播到整个EIGRP域)是最常见的根本原因。缓解措施:
- - 末梢配置 — 末梢路由器不传播查询
- 汇总 — 汇总路由在汇总边界限制查询范围
- 分发列表 — 过滤范围但不影响查询传播
第4步:K值和度量验证
验证所有邻居的度量参数是否匹配——K值不匹配会完全阻止邻接建立。
[IOS-XE]
show ip protocols | section eigrp
[NX-OS]
show ip eigrp vrf default
确认每台设备上的K值:K1=1,K2=0,K3=1,K4=0,K5=0(默认值)。同一AS中的所有邻居必须使用相同的K值,否则邻接将被拒绝。
检查度量模式:命名EIGRP支持使用rib-scale因子的宽度量(64位)。经典模式使用32位度量。如果从经典模式迁移到命名模式,请验证度量值保持一致——宽度量会产生不同的值,这些值在RIB安装前会被缩放。
验证关键链路上的接口级延迟和带宽:
[IOS-XE]
show ip eigrp interfaces detail
[NX-OS]
show ip eigrp interfaces detail vrf default
接口上不正确的带宽或延迟直接影响路径选择。一个常见的配置错误是在串行或隧道接口上保留默认带宽,导致EIGRP计算不正确的度量。
第5步:重分发和路由过滤
检查重分发环路并验证路由过滤。
[IOS-XE]
show ip route eigrp | include EX
[NX-OS]
show ip route eigrp vrf default | include EX
外部EIGRP路由(D EX)表示重分发。常见问题:
- - EIGRP和OSPF之间的相互重分发没有正确的路由标记会创建路由环路——重分发的路由会循环回来并以不同的度量重新进入原始协议
- 重分发点上缺少分发列表或路由映射允许意外路由跨越协议边界
- 管理距离 — EIGRP外部路由的AD为170,高于OSPF(110)。如果同一前缀同时存在于两者中,OSPF胜出——这可能是也可能不是期望的结果
验证分发列表和路由映射在重分发点上是否正确应用。检查是否使用路由标记来防止相互重分发设计中的环路。
阈值表
EIGRP的操作参数规范——协议级别的预期值,而非设备资源阈值。
| 参数 | LAN默认值 | WAN默认值 | 说明 |
|---|
| Hello间隔 | 5秒 | 60秒 | WAN = 多点链路 < 1.544 Mbps |
| 保持计时器 |
15秒 | 180秒 | 惯例为hello的3倍 |
| Active计时器(SIA) | 3分钟 | 3分钟 | 可配置;半程SIA查询在90秒 |
| 路由更新延迟 | 立即 | 立即 | 无MRAI — 更新在计算后立即发送 |
度量默认值(经典模式):
| K值 | 默认值 | 权重 | 组件 |
|---|
| K1 | 1 | 带宽 | 10^7 / 最小带宽kbps |
| K2 |
0 | 负载 | 默认禁用 |
| K3 | 1 | 延迟 | 以十微秒为单位的延迟总和 |
| K4 | 0 | 可靠性 | 默认禁用 |
| K5 | 0 | 可靠性 | 默认禁用 |
操作规范:
| 度量 | 健康 | 警告 | 严重 |
|---|
| 邻居数量 | 符合设计 | 与基线相差±1 | 缺少>2个 |
| 每周SIA事件 |
0 | 1–2 | > 3 |
| Active路由 | 0 | 1–5 | > 5或持续存在 |
| 拓扑表大小 | 稳定±5% | 变化>10% | 变化>25% |
| SRTT(毫秒) | < 100 | 100–500 | > 500 |
决策树
卡在活跃状态分类
路由卡在Active状态(SIA计时器运行中)
├── 检查查询范围
│ ├── 查询泛洪整个域?
│ │ ├── 未配置末梢路由器 → 在叶子/分支路由器上添加末梢配置
│ │ ├── 无汇总 → 在分发边界添加汇总路由
│ │ └── 大型扁平拓扑 → 重新设计为层次结构(中心
