Networking

Quit wasting bandwidth by controlling Cisco routing protocol updates

It's becoming increasingly more important to manage network bandwidth, and admins need to guard against the inefficient use of both network bandwidth and a router's resources. In this edition of Cisco Routers and Switches, David Davis explains how you can better control this by using the <i>passive-interface</i> command.

Managing network bandwidth is becoming more and more critical. There's no sense in routing broadcasts going out on network interfaces on networks that have no other routers. It's an inefficient use of both network bandwidth and your router's resources. Let's examine how to better control this by taking advantage of the passive-interface command.

When it comes to properly configuring routing protocols, the passive-interface command is one you need to know. However, if you aren't using dynamic routing protocols (such as OSPF, EIGRP, or RIP), you don't need this command.

The passive-interface command only works in Router Configuration Mode. You can tell when you're in this mode because the prompt looks like this:

Router(config-router)#

You can use the passive-interface command to tell the dynamic routing protocol not to send network advertisements through an interface. This command works on all IP routing protocols except BGP.

However, the command works a little differently on OSPF and IS-IS. With OSPF, the network interface that's designated passive appears as a stub, and it doesn't send or receive any routing updates. With RIP, IGRP, and EIGRP, it doesn't send out any routes, but it can still receive them. Also, it will still advertise the network to all interfaces that aren't passive.

There are two ways to use the passive-interface command.

  • Specify a certain interface that will be passive, which means it won't send out routing updates.
  • Make all interfaces passive first. Then use the no passive-interface command on interfaces that you want to send routing updates.

Let's look at an example of each method. Note: Each example assumes that you have already added the network that's on the passive interfaces to the routing protocol (using the network command).

To make an interface passive, just specify the interface. Here's an example:

Router(config)# router rip
Router(config-router)# passive-interface Ethernet 0/0

To make all interfaces passive and then make a single interface active, just use the passive-interface and no passive-interface default commands (introduced in IOS 12.0). Here's an example:

Router(config)# router rip
Router(config-router)# passive-interface default
Router(config-router)# no passive-interface Serial 0/0

Let's look at a simple networking scenario to further demonstrate the use of this command. Let's say that you have two routers connected via a T1 circuit, and the routers are running RIP. Each router has a LAN with PCs connected to an Ethernet interface.

You need each router to know about the other router's LAN network, right? That's the whole purpose of using the dynamic routing protocol .But there are no other routers on the LAN with which these routers can exchange routing updates.

If that's the case, why would you want to broadcast routing updates every 30 seconds on the LAN interface forever? The answer is that you don't. It's a waste of LAN bandwidth and a waste of your router's CPU time. While it isn't really causing a problem because it's a small update, there's no need to send unwanted traffic if you can avoid it.

So how can you eliminate this unnecessary traffic? On each router, go into RIP Configuration mode, and use the passive-interface command to stop sending routing updates on the LAN interface. Here's an example:

Router(config)# router RIP
Router(config-router)# passive-interface Ethernet 0/0

This, of course, assumes that you've already configured the networks that you want to advertise using the network command. Here's an example:

Router(config-router)# network 1.0.0..0 (the Serial network)
Router(config-router)# network 2.0.0.0 (the Ethernet network)

Keep in mind that this means the system will advertise both networks you've configured via the serial interface to the other router. However, this doesn't prevent your router from receiving routing updates on the LAN interface (with RIP). If another router happens to be on the LAN and does send updates to your router, it will still receive the updates.

For more information on the passive-interface command, check out Cisco's Preventing Routing Updates Through an Interface documentation as well as Cisco's documentation for the passive-interface command. Do you have a routing tip to share? What other switch topics would you like to see covered in this column? Share your thoughts in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

11 comments
a.kopbayev
a.kopbayev

For EIGRP (maybe also for IGRP) passive-interface feature works in little bit different way. The passive-interface will not setup neighbor relations and will not even receive any routing updates.

sabiodun
sabiodun

Hi David, thanks for this wonderful article it came just at the right time. i have been struggling to keep up with bandwidth control and this would really go a long way in winning that battle. keep them coming, your write-ups have been very helpful over time. Regards Abiodun

simon
simon

Right. EIGRP do not send hello packets on a passive interface and therefore will not form neighbor relations on that interface.

EEnglish34
EEnglish34

I never would have guessed routing protocols could be such bandwidth hogs. Thanks for the great insight.

ddavis
ddavis

Hi Abiodun, Thanks for your post. I am glad that you found it helpful! Thanks for reading TechRepublic! -David

hammermustfall
hammermustfall

Just took the CCNP routing test so that is how I know these guys are right - EIGRP must be able to exchange Hellos or no routing updates can flow in either direction.

sterling_barlow
sterling_barlow

I recently had to do some extensive sniffing with Ethereal into where our bandwidth was going and was surprised at the amount of traffic devoted to this kind of "overhead." It is good to learn how to eliminate this "hog."

bpate
bpate

I agree with Rich, because if you are that squeezed for bandwidth that one packet every thirty seconds makes a huge impact you should address this issue with QoS. I have by default turned on passive-interface on parts of the network I knew didn't have other routers. This was not really to save bandwidth as these areas were typically ethernet links and would not be the choke point of the network. Passive-interface is also a good security measure to use as your network list is not needlessly advertised to people who might wish to do harm on the network. One other thing you can do to limit the size of the routing updates is use route summarization and ACL's to limit what routes are advertised. If you have a hub and spoke environment there is no sense in advertising the route for the leg between the hub and spoke. This type of filtering can significantly reduce the size of updates. I also prefer OSPF over EIGRP for how you can tune it. EIGRP is great because it is simple...you turn it on and it works. However in an MPLS or Frame-Relay environment OSPF can out perform EIGRP even though it is more difficult to setup. However this falls under ounce of prevention pound of cure heading...

richmitch
richmitch

I'm sorry, but I don't think 1 small packet (your words) every 30 seconds is going to save much bandwidth. It may be more useful to discuss queueing strategies or QOS if you want to talk about optimising bandwidth. Thanks getting my brain ticking again though.

Editor's Picks