EIGRP OTP (Over The Top)

EIGRP OTP (Over the Top) allows you to run EIGRP between routers that are not directly connected. It is a great feature to use when you want to run EIGRP between routers that are connected to a service provider network and you don’t want the hassle of other solutions like MPLS VPN and you don’t want the service provider’s involvement with your routing. With EIGRP OTP, you can configure everything on your own routers as long as you are able to reach the remote router(s).

EIGRP OTP uses an overlay VPN and thus uses tunneling, it is a bit similar to other solutions like DMVPN / multipoint GRE but it uses LISP (Locator/Identifier Separation Protocol) instead.

LISP is a technology where each end device has a separate “identity” and “location”, unlike IP where the IP address is both the identity and location of the end device. LISP is useful in scenarios where an end device should be able to retain its original IP address, even if it moves to another subnet. It is useful for VM motion where virtual machines are moved from one hypervisor to another but also for mobile devices that end up in another subnet after roaming.

There is a control plane and data plane for LISP. Learning all the details about the LISP control plane is quite a story. On the data plane, LISP uses UDP to encapsulate data and tunnel traffic. EIGRP OTP only uses LISP for the data planeEIGRP is used for the control plane. This is convenient as you don’t really have to understand LISP to be able to understand EIGRP OTP.

In this lesson, I’ll show you how to configure EIGRP OTP.


EIGRP OTP (Over the Top) allows you to run EIGRP between routers that are not directly connected. It is a great feature to use when you want to run EIGRP between routers that are connected to a service provider network and you don't want the hassle of other solutions like MPLS VPN and you don't want

To demonstrate EIGRP OTP, I use the following topology:

eigrp otp demo topology

Above we have four routers:

  • R1, R2 and R3 are customer routers that want to use EIGRP to exchange routing information. These routers each have a loopback interface with an IP address that we will advertise in EIGRP.
  • R4 is the service provider network. In a production network, this could be a large network but for simplicity reasons, I’m only using one router here.

The only requirement to run EIGRP OTP is that the customer routers have to be able to reach each other. I will use a couple of static routes so that R1, R2 and R3 are able to reach the IP addresses on their GigabitEthernet 0/1 interfaces:

R1(config)#ip route
R1(config)#ip route
R2(config)#ip route
R2(config)#ip route
R3(config)#ip route
R3(config)#ip route

Now we can configure EIGRP.

Route Reflector

EIGRP OTP is only supported in EIGRP named mode, you can’t configure it in classic mode. Neighbors have to be configured statically and we have two options here:

  • We can configure a full-mesh of static EIGRP neighbors.
  • We can configure one router as a route reflector which works similar to the BGP route reflector.

With three routers, a full mesh is no problem but if you have a lot of customer routers, a route reflector is an interesting option. I will configure R1 as the route reflector and R2/R3 will be its clients:

R1(config)#router eigrp OTP
R1(config-router)#address-family ipv4 autonomous-system 123
R1(config-router-af)#remote-neighbors source GigabitEthernet 0/1 unicast-listen lisp-encap 123 

The remote-neighbors command is all we need for EIGRP OTP. It tells R1 to use the GigabitEthernet 0/1 interface and listen for unicast packets. LISP uses different IDs, I’m going to use ID 123 on all routers. Optionally, this command allows you to set a maximum number of neighbors and/or use an access-list to permit only certain IP addresses to accept as EIGRP neighbors.

Let’s advertise the loopback interface and GigabitEthernet 0/1 on R1:


Last but not least, there are two more things we have to configure:

  • Disable next-hop-self: If you don’t do this, R1 will set its own IP address as the next hop for everything it advertises to R2 and R3. If you don’t disable this, then whenever R2 or R3 want to reach each other’s loopback interface, they will send their traffic to R1. It works but it’s sub-optimal routing. If you disable this then R1 will leave the next hop IP address alone and R2/R3 are able to reach each other directly.
  • Disable split horizon: R1 is using a single interface so if you don’t disable split horizon, R2 and R3 are unable to learn each others loopback interfaces.

Let’s disable next-hop-self and split horizon:

R1(config-router-af)#af-interface GigabitEthernet 0/1
R1(config-router-af-interface)#no next-hop-self 
R1(config-router-af-interface)#no split-horizon 

That’s all we have to do on the route reflector.

Spoke routers

Let’s configure R2 and R3. The only thing we have to do is configure R1 as a static remote neighbor and set the LISP encapsulation ID:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

503 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. hi Rene ,
    Correct order should be as below . The same will apply at PE2. When I try with GNS3 , I only found out that. Again, thanks for enlighten us. Your lessons are simple and clear. Especially QOS and mpls lesson you make me very easy. By the way , please teach us Multicast basic as well. :smiley:

    PE1(config)#router eigrp 1
    PE1(config-router)#address-family ipv4 vrf CUSTOMER 
    PE1(config-router)#autonomous-system 1

  2. Hello Fabio,

    Good question, this is something that MPLS VPN does. Here’s an article from Cisco that explains it:

    the EIGRP routes in Site 1 are carried through the BGP core network as iBGP routes. The EIGRP routes in “Site 1” and “Site 2” are converted to iBGP routes and EIGRP extended community attributes are appen

    ... Continue reading in our forum

  3. Any luck on the EIGRP SoO lesson yet Rene? :wink:

    Cost Communities are actually a huge part of MPLS VPN.

    The lessons idea button doesn’t seem to be working btw.

13 more replies! Ask a question or join the discussion by visiting our Community Forum