EIGRP Protocol Analysis

DUAL-reasoning-driven analysis skill for Cisco EIGRP. Unlike link-state protocols that flood topology databases, EIGRP uses the Diffusing Update Algorithm (DUAL) to compute loop-free paths through a distributed query/reply process. Effective EIGRP diagnosis requires understanding successor selection, the feasibility condition, and stuck-in-active mechanics — not just reading command output.

Commands are labeled [IOS-XE] or [NX-OS] where syntax diverges. Unlabeled statements apply to both platforms.

When to Use

• EIGRP route missing from the routing table or suboptimal path selected
• Stuck-in-active (SIA) condition — routes locked in Active state, queries unanswered
• Neighbor adjacency not forming or flapping between up and down
• K-value mismatch suspected after configuration change or new device addition
• Post-change verification after EIGRP topology modifications, summarization changes, or stub configuration
• Redistribution loop suspected between EIGRP and another protocol (commonly OSPF)
• Named mode migration — validating behavior parity with classic mode

Prerequisites

• SSH or console access to Cisco IOS-XE or NX-OS device (read-only privilege sufficient)
• EIGRP process running — classic mode (router eigrp [AS]) or named mode (router eigrp [name])
• On NX-OS: feature eigrp must be enabled before any EIGRP configuration
• Knowledge of the EIGRP autonomous system number and expected neighbor topology
• Awareness of configured stub, summarization, and distribute-list settings that affect query scope

Procedure

Follow this diagnostic flow sequentially. Each step builds on data from prior steps, moving from broad inventory to targeted DUAL-level analysis.

Step 1: EIGRP Instance and Neighbor Inventory

Verify EIGRP is running and collect the neighbor table.

[IOS-XE]

show ip eigrp neighbors

[NX-OS]

show ip eigrp neighbors vrf all

Record each neighbor: interface, address, hold time, uptime (since), SRTT, queue counts. Compare against expected topology — every directly connected EIGRP router should appear. Key observations:

• Missing neighbor → interface misconfiguration, passive-interface, K-value mismatch, or AS number mismatch (proceed to Step 4)
• Low uptime → recent adjacency reset; correlate with change events
• High SRTT → slow neighbor responses; potential SIA risk
• Non-zero queue count (Q Cnt) → neighbor is congestion-limited; queries and updates may be delayed

Step 2: Topology Table Analysis

Examine DUAL's successor and feasible successor selection for key prefixes.

[IOS-XE]

show ip eigrp topology [prefix/len]

[NX-OS]

show ip eigrp topology [prefix/len] vrf default

For each route entry, interpret the DUAL state:

• Feasible Distance (FD): The best metric this router has ever known for this destination — used as the threshold for the feasibility condition.
• Reported Distance (RD): The metric the neighbor claims for this destination from its own perspective (the neighbor's computed distance).
• Successor: The neighbor whose path is currently installed in the routing table — lowest FD among all feasible paths.
• Feasible Successor (FS): A backup neighbor whose RD is strictly less than the current FD. This guarantees a loop-free alternate path.

Feasibility condition: RD of neighbor < FD of current successor. If a neighbor's reported distance is lower than the current feasible distance, DUAL guarantees that neighbor is not part of a routing loop and can serve as a backup without triggering a query.

If no feasible successor exists and the successor fails, DUAL must go Active and send queries — proceed to Step 3.

Step 3: Stuck-in-Active Diagnosis

Identify routes in Active state and diagnose query/reply failures.

[IOS-XE]

show ip eigrp topology active

[NX-OS]

show ip eigrp topology active vrf default

Routes in Active state are waiting for query replies from neighbors. The SIA timer (default 3 minutes) starts when a route goes Active. If a neighbor does not reply within half the SIA timer (90 seconds), a SIA-Query is sent. If still no reply at the full timer, the neighbor is reset.

Determine which neighbor is not responding:

• Check the topology entry — the "replies" counter shows outstanding queries
• Identify the unresponsive neighbor and investigate: is it reachable? Is its CPU overloaded? Is it waiting for its own downstream queries?

Query scope is the primary lever for SIA prevention. Broad query scope (queries propagating across the entire EIGRP domain) is the most common root cause. Mitigations:

• Stub configuration — stub routers do not propagate queries
• Summarization — summarized routes contain query scope at the summarization boundary
• Distribute-lists — filter scope but do not affect query propagation

Step 4: K-Value and Metric Validation

Verify metric parameters match across all neighbors — mismatched K-values prevent adjacency formation entirely.

[IOS-XE]

show ip protocols | section eigrp

[NX-OS]

show ip eigrp vrf default

Confirm K-values on each device: K1=1, K2=0, K3=1, K4=0, K5=0 (defaults). All neighbors in the same AS must use identical K-values or adjacency is refused.

Check metric mode: named EIGRP supports wide metrics (64-bit) using the rib-scale factor. Classic mode uses 32-bit metrics. If migrating from classic to named mode, verify metric values remain consistent — wide metrics produce different values that are scaled before RIB installation.

Validate interface-level delay and bandwidth on key links:

[IOS-XE]

show ip eigrp interfaces detail

[NX-OS]

show ip eigrp interfaces detail vrf default

Incorrect bandwidth or delay on an interface directly affects path selection. A common misconfiguration is leaving default bandwidth on serial or tunnel interfaces, causing EIGRP to compute incorrect metrics.

Step 5: Redistribution and Route Filtering

Check for redistribution loops and verify route filtering.

[IOS-XE]

show ip route eigrp | include EX

[NX-OS]

show ip route eigrp vrf default | include EX

External EIGRP routes (D EX) indicate redistribution. Common issues:

• Mutual redistribution between EIGRP and OSPF without proper route tagging creates routing loops — redistributed routes circle back and re-enter the original protocol with different metrics
• Missing distribute-list or route-map on redistribution points allows unintended routes to cross protocol boundaries
• Administrative distance — EIGRP external routes have AD 170, higher than OSPF (110). If the same prefix exists in both, OSPF wins — this may or may not be desired

Verify distribute-lists and route-maps are applied correctly at redistribution points. Check that route tags are used to prevent loops in mutual redistribution designs.

Threshold Tables

Operational parameter norms for EIGRP — protocol-level expectations, not device resource thresholds.

Parameter	LAN Default	WAN Default	Notes
Hello Interval	5s	60s	WAN = multipoint links < 1.544 Mbps
Hold Timer	15s	180s	3x hello by convention
Active Timer (SIA)	3 min	3 min	Configurable; half-time SIA-Query at 90s
Route Update Delay	Immediate	Immediate	No MRAI — updates sent as computed

Metric Defaults (Classic Mode):

K-Value	Default	Weight	Component
K1	1	Bandwidth	10^7 / min-bandwidth-kbps
K2	0	Load	Disabled by default
K3	1	Delay	Sum of delays in tens of µs
K4	0	Reliability	Disabled by default
K5	0	Reliability	Disabled by default

Operational Norms:

Metric	Healthy	Warning	Critical
Neighbor count	Matches design	± 1 from baseline	> 2 missing
SIA events / week	0	1–2	> 3
Active routes	0	1–5	> 5 or persistent
Topology table size	Stable ± 5%	Change > 10%	Change > 25%
SRTT (ms)	< 100	100–500	> 500

Decision Trees

Stuck-in-Active Triage

Route stuck in Active state (SIA timer running)
├── Check query scope
│   ├── Queries flooding entire domain?
│   │   ├── No stub routers configured → Add stub config to leaf/branch routers
│   │   ├── No summarization → Add summary routes at distribution boundaries
│   │   └── Large flat topology → Redesign with hierarchy (hub/stub or areas)
│   └── Query scope is bounded → Specific neighbor issue
│       ├── Unresponsive neighbor reachable?
│       │   ├── No → Interface or link failure
│       │   │   ├── Check interface status on both ends
│       │   │   └── Check Layer 2 connectivity (ARP, CDP/LLDP)
│       │   └── Yes → Neighbor processing delay
│       │       ├── CPU overloaded? → Check CPU utilization on neighbor
│       │       ├── Waiting for downstream replies? → SIA is cascading
│       │       │   └── Trace the query chain to the true bottleneck
│       │       └── SIA timer too short? → Extend active-time (if appropriate)
│       └── Multiple neighbors unresponsive?
│           └── Common upstream failure → Check shared infrastructure

Missing or Suboptimal Route

Expected EIGRP route missing or wrong path selected
├── Route in topology table?
│   ├── Yes — route known to DUAL
│   │   ├── In Active state? → Go to SIA triage tree above
│   │   ├── Successor installed but suboptimal?
│   │   │   ├── Check FD/RD of competing paths → Lowest FD wins
│   │   │   ├── Interface bandwidth/delay correct? → Misconfigured BW/delay
│   │   │   │   skews metric; verify with `show interfaces`
│   │   │   ├── Variance configured? → Unequal-cost load balancing may select
│   │   │   │   paths within variance multiplier × FD
│   │   │   └── Offset-list applied? → Offset-lists add to delay component
│   │   └── Feasible successor exists but not used?
│   │       └── Normal — FS is backup only, used when successor fails
│   │           (unless variance enables unequal-cost balancing)
│   └── No — route not in topology table
│       ├── Network statement missing? → Verify `network` command covers the prefix
│       ├── Passive-interface? → Check if the source interface is passive
│       ├── Distribute-list filtering? → Check inbound distribute-list or route-map
│       ├── Redistribution missing? → If external route expected, check redistribution config
│       └── Wrong AS number? → Verify AS matches across all routers in the domain

Report Template

EIGRP ANALYSIS REPORT
======================
Device: [hostname]
Platform: [IOS-XE | NX-OS]
EIGRP Mode: [Classic AS n | Named instance-name]
Check Time: [timestamp]
Performed By: [operator/agent]

NEIGHBOR STATUS:
- Expected neighbors: [n]
- Established: [n] | Missing: [n]
- Neighbors with high SRTT (>100ms): [list]

DUAL STATE:
- Routes in Passive state: [n] (normal)
- Routes in Active state: [n] (requires attention if > 0)
- Feasible successors available: [n] of [total] routes

FINDINGS:
1. [Severity] [Category] — [Description]
   Route: [prefix/len]
   Observed: [state, FD, successor]
   Expected: [normal state or path]
   Root Cause: [diagnosis from decision tree]
   Action: [recommended remediation]

METRIC VALIDATION:
- K-values consistent: [Yes/No — list mismatches]
- Metric mode: [Classic 32-bit | Wide 64-bit]

REDISTRIBUTION:
- External routes (D EX): [count]
- Route tags in use: [Yes/No]
- Mutual redistribution: [present/absent]

RECOMMENDATIONS:
- [Prioritized action list]

NEXT CHECK: [CRITICAL: 4hr, WARNING: 24hr, HEALTHY: 7d]

Troubleshooting

K-Value Mismatch

Neighbors with different K-values refuse to form adjacency — no error message appears in the neighbor table because the adjacency never establishes. Check show ip protocols on both devices and compare K1–K5 values. This is the most common silent EIGRP adjacency failure.

Stuck-in-Active Cascading

One unresponsive neighbor can cascade SIA across the domain: Router A queries Router B, which queries Router C, which is down. If C never replies, B cannot reply to A, and A resets B. Use eigrp stub on leaf routers to prevent query propagation beyond the distribution layer.

Redistribution Loops with OSPF

Mutual redistribution (EIGRP→OSPF and OSPF→EIGRP) without route tags creates loops where routes re-enter their original protocol with altered metrics. Use route tags at every redistribution point: tag EIGRP-originated routes and deny those tags on re-entry to EIGRP.

Named vs Classic Mode Confusion

Named mode uses wide metrics (64-bit) internally and scales them for the RIB. Mixing classic and named mode routers in the same AS is supported but metrics may appear different in show output. Verify with show eigrp address-family (named) vs show ip eigrp (classic) — both should compute the same successor.

Passive-Interface Misconfiguration

passive-interface default suppresses EIGRP on all interfaces. If new interfaces are added without no passive-interface, neighbors will not form. Check show ip protocols to see which interfaces are passive.