EIGRP OTP (Over The Top)

This topic is to discuss the following lesson:

Hi Rene

The official documentation states the following:

However in your capture it shows 4343? Can you explain that one?

Hello Chris

Thanks for catching that, that’s great. Looking further into the issue, it is the case that UDP port 4342 is used by LISP, while 4343 is used by something called Unicall. I wasn’t able to find more information about Unitcall, however, there is extensive Cisco documentation that mentions that EIGRP OTP uses port 4343 and not 4342 for LISP. Extensive decodes and captures of exchange packets repeatedly indicate the use of 4343 in this related Cisco documentation concerning OTP architecture. (search for 4343). Additionally, unicall is mentioned as the use of 4343 in this documentation while also being indicated as the port for LISP. It seems these ports are somewhat related. Let’s see if @ReneMolenaar can shed any more light on it.

I hope this was helpful!

Laz

Like @lagapides, I tried to figure this out but I can’t find anything why they used UDP 4343. The official LISP ports that were assigned by IANA are 4341 and 4342. I guess they wanted to stay away from those two for EIGRP OTP, which is why they used 4343 instead.

Unicall seems to be an old protocol:

https://www.soft-switch.org/unicall/mfcr2/ch01.html

So there’s probably no harm using UDP 4343 instead.

Hello Team,
I try EIGRP OTP + IPSEC on a customer Network and it work well
Can I use EIGRP OTP instead of DMVPN ?

Cordially

Hello Fabrice,

This mostly depends on your transport network. If you use the Internet, you need to use something like DMVPN since you need to encapsulate your private traffic.

If you have a private network and routing works between your endpoints, you can use EIGRP OTP or GETVPN.

Rene

If you follow the lesson the configuration will not work. The lesson has you adding the loopback network in EIGRP but doesn’t mention the Ethernet network. Without the Ethernet network the LISP interface is not created and the configuration doesn’t work.

The full router configurations given at the end are correct, which is how I found the issue so easily.

Hi Bruce,

You are right, not sure why I had it in the final configs but not in the walkthrough. Just fixed it.

Rene

If anyone is interested in how LISP actually works, take a look at this lesson:

Rene

Hello,
is it possible to use EIGRP OTP instead of MPLS provided by service provider? also I wanted to ask if in case I wanted to give internet connectivity for each site I have to enter some particular command or just the default as well as the static?

Thanks

Hello Valerio

Yes, EIGRP OTP can be used instead of MPLS. From the point of view of the customer devices, the only prerequisite is to ensure that the EIGRP routers involved have connectivity between them, that is, that you can ping their public addresses from each other.

EIGRP OTP can be used to route traffic between your sites. There is no specialized ISP configuration necessary beyond simple (and reliable) Internet connectivity. For traffic that is destined for the Internet, once again, there is no specialized configuration. You simply configure EIGRP to route such traffic to the Internet (the next-hop router provided to you by your ISP) rather than to your other EIGRP OTP routers.

I hope this has been helpful!

Laz

Thanks, you answered the question perfectly as always, we are going to activate 5 fiber locations and each location must communicate with each my intent is use one router as RR in a datacenter and give them a default route in case they want to go in internet, is it possible to play with vrf? in case RR goes down what would be the effects?maybe it is not possible as I have not seen anything about it on cisco.com but I would like to know if it was possible to use an ASA firewall or similar such as Route Reflecto because I would also have to manage network security in case customers want to open some service like http to Internet.
The last question, which Cisco model do you recommend to use for? Thank you and have a good day.

Hello Valerio

Glad to hear I have been of help!! Now concerning your questions in your post, I’m not clear on your topology, so I may not be able to answer all your questions.

Concerning the RR, it is possible to configure a backup route reflector so that if one goes down, the other will be able to take over. You can do this by simply creating a second RR, and have BGP clients become neighbors with both RRs. Each one will have a different cluster-ID and will form relationships with its clients. Then you can connect the two RRs by simply making them iBGP peers, or by making them clients of each other.

You could use an ASA in this role as the ASA does support BGP. However, it may be that it doesn’t support the route reflector feature. For example, I have an ASA 5506 running 9.8(2) and it does run BGP but does not have the command to act as an RR. You’ll have to investigate which ASA does include that feature.

As for which model to recommend, I’d need a little more information about your topology and your network requirements including the role that this particular device will play as well as the services that will be running on your network.

If you can give us some more info about these topics, I’ll be able to respond more appropriately to the rest of your questions as well…

I hope this has been helpful!

Laz

Dear Sir,

Can we use switch instead of router R4 .

Hi All,

I did a lab test and it seems we just need a simple command instead of EIGRP OTP to form a WAN eigrp neighbor.

Below is the command and it is under Eigrp named mode
neighbor 192.168.16.2 Ethernet0/0 remote 100

But it seems only being used for control palne and traffic can not pass through without LISP.

Hello Heng

The remote-neighbors command is used to enable an EIGRP router to become remote neighbors by accepting inbound connections from any remote IP address. This command includes configuration parameters such as:

  • the use of multicast or unicast
  • can accept connections without manually configuring the remote neighbor IP address
  • can encapsulate neighbor route data within LISP
  • can specify from which remote IP addresses EIGRP neighborships will be accepted
  • can specify the maximum number of neighbors.

The command that you mention in your post is related but functions differently. The neighbor command must specify the IP address of the neighbor in question. You can use the remote keyword to indicate that the neighbor is not in the same subnet as the local interface.

The following two links show detailed information about both of these commands:

I hope this has been helpful!

Laz

Hello Osama

In the topology used in the lesson, if R4 was actually an L2 switch, then there would be no need for the use of EIGRP OTP. All three EIGRP routers would have interfaces on the same subnet, and they would be considered directly connected. EIGRP would surely function just fine, but would not use the OTP feature shown in the lesson.

I hope this has been helpful!

Laz