Ticker

6/recent/ticker-posts

EIGRP Packet Format

EIGRP has 5 Packets Types (Hello, Update, Query, Reply, ACK). Each of these packets has a common header fields of which are shown below.

EIGRP Packet Header
  • Version:  This field specifies different versions of EIGRP. Version 2 of EIGRP was implemented beginning with Cisco IOS Software Releases 10.3(11), 11.0(8), and 11.1(3). EIGRP Version 2 is the most recent version that contains many enhancements to improve the stability and scalability of EIGRP.
  • OPCode: This field specifies the types of EIGRP packet contained. OPCode 1 is the Update packet, OPCode  3 is the Query packet, OPCode 4 is the Reply Packet, and OPCode 5 is the EIGRP Hello packet and ACK Packet.
  • Checksum: This field is used as the regular IP checksum, calculated based on the entire EIGRP packet, excluding the IP header.
  • Flags: This field involves only two flags now. The flag indicates either an init for new neighbor relationship or the conditional receive for EIGRP RTP.
  • Sequence: Specifies the sequence number used by the EIGRP RTP.
  • Acknowledgment: Used to acknowledge the receipt of an EIGRP reliable packet.
  • Autonomous System Number: AS Number field specifies the number for the identification of EIGRP domain.
EIGRP packets might also contain some TLVs (Type, Length, Value). These TLVs are placed after the AS number Field in EIGRP header. The TLV Triplets carry route entries, as well as provide the fields for DUAL process management. Some of common TLVs are listed below:
  • a TLV to carry K parameters (seen in Hello packet)
  • a TLV to carry IP internal routes (seen in Update packet)
  • a TLV to carry IP External routes (seen in Update packet)
EIGRP Parameters TLV:

EIGRP Parameters TLV Format

Wireshark Capture of Parameters TLV:

EIGRP TLVs

EIGRP IP Internal Route TLV:

EIGRP Internal Route TLV

  • Next hop: This field specifies the IP address of the next hop to which packets should be forwarded.
  • Delay:  This field specifies the Delay parameter of the route metric. The delay value is the sum of all the delay parameters on the interface across the path to the destination network.
  • Bandwidth: This field specifies the Bandwidth parameter of the route metric. The bandwidth is obtained from the interface, and it is the lowest bandwidth on the interface across the path to the destination network.
  • MTU: This field specifies the interface MTU parameter of the route metric.
  • Hop count: This field specifies the number of hops to the destination network.
  • Reliability: This field specifies the reliability of the interface, out of a possible range of 1 to 255. A reliability of 1 indicates that the reliability is 1/255, whereas a reliability of 255 indicates that the interface is 100 percent reliable.
  • Load: This field specifies the load of the interface, out of a possible range of 1 to 255. A load value of 1 indicates that the interface has a very light load, while a load value of 255 indicates that the interface is highly saturated.
  • Prefix length: This field specifies the subnet mask of the destination network.
  • Originating router: This field specifies the router ID of the router that originates the external EIGRP routes.
  • Originating autonomous system number: This field specifies the EIGRP autonomous system number of the routes before getting redistributed into this EIGRP autonomous number.
  • External protocol metric: This field specifies the metric of the routes before getting redistributed into EIGRP.
  • External protocol ID: This field specifies the type of routing protocol that originates the routes that were redistributed into EIGRP. The routing protocol type can be BGP, OSPF, RIP, IGRP, and so forth.
Wireshark Capture of EIGRP IP Internal Route TLV:

Post a comment

0 Comments