Options
RIP vs EIGRP - passive interfaces and neighbor statement
Ran into some strange stuff with EIGRP and RIP. Perhaps not but whatever 
Maybe I'm just overthinking this.
Scenario:
And 4 different tests - 2 with RIP and 2 with EIGRP:
############## RIP test 1 with passive-interface only on R6
R6#sh run | s router rip
router rip
timers basic 10 20 15 20
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
R6#sh ip route rip
R 192.168.2.0/24 [120/1] via 10.0.1.7, 00:00:08, Ethernet0/0
R7#sh run | s router rip
router rip
timers basic 10 20 15 20
network 10.0.0.0
network 192.168.2.0
R7#sh ip route rip
R7#
Pretty much expected behavior - R7 doesn't get the 192.168.1.0/24 network, because R6 doesn't send it.
################# RIP test 2 with neighbor and passive-interface cmd:
R6#sh run | s router rip
router rip
timers basic 10 20 15 20
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
neighbor 10.0.1.7
R6#sh ip route rip
R 192.168.2.0/24 [120/1] via 10.0.1.7, 00:00:09, Ethernet0/0
R6#
R7#sh run | s router rip
router rip
timers basic 10 20 15 20
network 10.0.0.0
network 192.168.2.0
R7#sh ip route rip
R 192.168.1.0/24 [120/1] via 10.0.1.6, 00:00:02, Ethernet0/0
R7#
Okay, so by using the Neighbor cmd(unicast) you circumvent the Passive-interface(unicasts allowed, but not multicast/broadcast)
###### EIGRP test 1 with passive-interface only on R6
R6#sh run | sec router eigrp
router eigrp 1
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
no auto-summary
R6#sh ip route eigrp
R6#
R7#sh run | sec router eigrp
router eigrp 1
network 10.0.0.0
network 192.168.2.0
no auto-summary
R7#sh ip route eigrp
R7#
Expected behavior - Passive-interface stops the sending of updates and Hellos so no neighbor relationship can exist
########## EIGRP test 2 with passive-interface on R6 and neighbor cmds on both for unicast behavior
R6#sh run | sec router eigrp
router eigrp 1
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
no auto-summary
neighbor 10.0.1.7 Ethernet0/0
R6#sh ip route eigrp
R6#
R7#sh run | sec router eigrp
router eigrp 1
network 10.0.0.0
network 192.168.2.0
no auto-summary
neighbor 10.0.1.6 Ethernet0/0
R7#sh ip route eigrp
R7#
Zip, nada, nothing.. So neighbor statements circumvents Passive-interface on RIP by sending updates as unicast but still blocks EIGRP Hello packets from being sent even though they're unicast packets?
This is actually a thing or do I misunderstand something? Perhaps useless observation but it got me wondering
Maybe I'm just overthinking this.
Scenario:
And 4 different tests - 2 with RIP and 2 with EIGRP:
############## RIP test 1 with passive-interface only on R6
R6#sh run | s router rip
router rip
timers basic 10 20 15 20
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
R6#sh ip route rip
R 192.168.2.0/24 [120/1] via 10.0.1.7, 00:00:08, Ethernet0/0
R7#sh run | s router rip
router rip
timers basic 10 20 15 20
network 10.0.0.0
network 192.168.2.0
R7#sh ip route rip
R7#
Pretty much expected behavior - R7 doesn't get the 192.168.1.0/24 network, because R6 doesn't send it.
################# RIP test 2 with neighbor and passive-interface cmd:
R6#sh run | s router rip
router rip
timers basic 10 20 15 20
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
neighbor 10.0.1.7
R6#sh ip route rip
R 192.168.2.0/24 [120/1] via 10.0.1.7, 00:00:09, Ethernet0/0
R6#
R7#sh run | s router rip
router rip
timers basic 10 20 15 20
network 10.0.0.0
network 192.168.2.0
R7#sh ip route rip
R 192.168.1.0/24 [120/1] via 10.0.1.6, 00:00:02, Ethernet0/0
R7#
Okay, so by using the Neighbor cmd(unicast) you circumvent the Passive-interface(unicasts allowed, but not multicast/broadcast)
###### EIGRP test 1 with passive-interface only on R6
R6#sh run | sec router eigrp
router eigrp 1
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
no auto-summary
R6#sh ip route eigrp
R6#
R7#sh run | sec router eigrp
router eigrp 1
network 10.0.0.0
network 192.168.2.0
no auto-summary
R7#sh ip route eigrp
R7#
Expected behavior - Passive-interface stops the sending of updates and Hellos so no neighbor relationship can exist
########## EIGRP test 2 with passive-interface on R6 and neighbor cmds on both for unicast behavior
R6#sh run | sec router eigrp
router eigrp 1
passive-interface Ethernet0/0
network 10.0.0.0
network 192.168.1.0
no auto-summary
neighbor 10.0.1.7 Ethernet0/0
R6#sh ip route eigrp
R6#
R7#sh run | sec router eigrp
router eigrp 1
network 10.0.0.0
network 192.168.2.0
no auto-summary
neighbor 10.0.1.6 Ethernet0/0
R7#sh ip route eigrp
R7#
Zip, nada, nothing.. So neighbor statements circumvents Passive-interface on RIP by sending updates as unicast but still blocks EIGRP Hello packets from being sent even though they're unicast packets?
This is actually a thing or do I misunderstand something? Perhaps useless observation but it got me wondering
Comments
-
Options
OfWolfAndMan
Member Posts: 923 ■■■■□□□□□□
The passive interface command with RIP is a little different. It won't send multicast updates but unicast is still fair game. Also, RIP will still listen to updates sent by other RIP routers.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
Options
Danman32
Member Posts: 1,243
I just looked up passive-interface on EIGRP, where I came up with a cisco doc on the issue.
Passive-interface suppresses hellos. No hellos, no neighbor relationship. No neighbor relationship, no route exchange in either direction.
Although EIGRP is considered a distance vector routing protocol, much of its characteristics is behavior much like a link-state in the sense a router has much of the routing information of the network.
RIP on the other hand just pushes route information, without much handshaking. -
Optionsjoetest
Member Posts: 99 ■■□□□□□□□□
That's pretty much what I wrote. It was the neighbor cmd that made me wonderI just looked up passive-interface on EIGRP, where I came up with a cisco doc on the issue.
Passive-interface suppresses hellos. No hellos, no neighbor relationship. No neighbor relationship, no route exchange in either direction.
Although EIGRP is considered a distance vector routing protocol, much of its characteristics is behavior much like a link-state in the sense a router has much of the routing information of the network.
RIP on the other hand just pushes route information, without much handshaking.
