RIPv2 Topic Notes

RIPv2 Overview Summary

RIPv2 Process

• Enable the global process:
  • Command:
    • (config)#router rip
• Enable the interface process
  • Command:
    • (config-router)#network <address>

[_/su_spoiler]

Updates

• Matches major network only

• Each update can fit up to 25 prefixes in a single routing update
• Only routes in the RIB are advertised
• Routes installed in the RIB are periodically advertised
  • Defined by Update Timer
• Can fit up to 25 prefixes in a single routing update packet

• Changes in topology will result in triggered updates immediately
  • This can be controlled through timer
    • Command:
      • (config-router)#flash-update-threshold <seconds>
• Updates on WAN connections can be improved by preventing regular updates or broadcasts
• known as RIP triggered extensions
  • Useful for demand circuits, where the connection needs to close e.g. ISDN
  •  Command:
    • (config-if)#ip rip triggered
• RIP queues updates on a router if to many
  • Default queue depth of 50
  • Can be controlled
    • Command:
      • (config-router)#input-queue <0-1024>

[_/su_spoiler]

Methods of Updating

1. Broadcast Updates
   • RIPv1 default
   • RIPv2 optional
     • Can be enabled with command:
       • (config-if)##ip rip v2-broadcast
2. Multicast Updates
   • Ripv2 default
   • Sends updates to 224.0.0.9
3. Unicast
   • RIPv1/v2 optional
   • Set the neighbor manually to enable unicast update
   • Multicast/Broadcast updates will still happen on that interface
     • Need to use alongside passive-interface command
   • Command:
     • (config-router)#neighbor <address>

• To suppress outgoing broadcast/multicast updates
  • Command:
    • (config-router)#passive-interface <IF>
  • Still receives and processes updates

• RIP can check the source of the updates.
  • If not on same subnet as the advertising router, will not install updates in table
  • Command:
    • (config-router)#validate-update-source

[_/su_spoiler]

RIP Version

• Sends version 1 by default
• Receives version 1 and 2 by default
• Version can be confirmed with command:
  • #show ip protocols
• To modify the version being sent or received:
  • Process level:
    • Command:
      • (config-router)#version <1 / 2>
  • Interface level:
    • Command:
      • (config-if)#ip rip receive version <1 / 2>
      • (config-if)#ip rip send version <1 / 2>

[_/su_spoiler]

Metric

• Uses hop-count as metric
• 1 hop per device
• Hop count max is 16
  • 16 = unreachable
• If multiple prefixes exist with same metric, RIP installs up to 4 of the same prefix
• Can be adjusted with command:
  • (config-router)#maximim-paths <1-16>
• This feature is not related to RIP or any other routing protocol
  • Maximum number of paths depends on router patform

Authentication

• Supports 2 types:
  1. Clear-text
  2. Cryptographic (only MD5)

• Authentication is implemented with key-chains
• Process level configuration:
  1. Define Key-chain
     • (config)#key chain <name>
  2. Define the Key ID
     • (config-keychain)#key <#>
  3. Define the key-string
     • (config-keychain-key)key-string <string>
• Interface level configuration
  • (config-if)#ip rip authenitcation mode [text | md5]
  • (config-if)#ip rip authentication key-chain <name>
• Key ID doesn’t need to match on clear-text authentication
  • Its arbitrary and still shows up in packet
  • Needs to match for MD5
• When using authentication the number of routes an update can carry is reduced by 1 down to 24
  • The first route entry in the update message contains 20bytes of authentication information
  • The rest is placed after the 25th route entry

RIPv2 NLRI Manipluation

• Filtering and Summarisation can be applied anywhere in topology

Summarization

• Due to being a Distance Vector protocol summarization can be applied anywhere in the topology
• Performs classful  summarization by default to the major network boundary
  • Command to disable:
    • (config-router)#no auto-summary

• If  Auto-Summary is on
  • VLSM is supported within the same major network
  • Advertisements between major network boundaries are summarized to classful boundary
  • Can result in traffic blackholes

• Summarization implemented at interface level
  • (config-if)#ip summary-address rip <network> <mask>
  • At least 1 subnet must be in the RIP database
• Can't summarize past the major network boundary
  • Example
    • multiple 192.x.x.x/26 can't be summarized past a /24
    • multiple 172.16.x.x/24 can't be summarized past a /16
  • workaround is create a static route to null0 and redistribute static into RIP
• Summarization doesn't suppress other prefixes

[_/su_spoiler]

Default routing

• Supports both legacy 0.0.0.0/0 and default-network
• To enable at Global level
  • Command:
    • (config)#ip default network <network>
  • Doesn't support classless prefix or 0.0.0.0/0
    • Major network boundaries only
• Process level
  • Command:
    • (config-router)#default-information originate [route-map <route-map-name>]
  • Supports route-maps for conditional default advertisement
    • Example
      • (route-map)#set interface <interface>
        • Send default only out specified interface
      • (route-map)#match ip address <prefix-list>
        • Send default only if specified prefix is in routing table
  • Can send default-route out passive interfaces only
    • (config-router)#default-information originate on-passive

[_/su_spoiler]

Filtering: Distribute Lists

• Can be applied on inbound and outbound direction
• Inbound can also match on route source
• Can reference the following to match traffic

Standard ACLs

• Match prefix but not length (of prefix)
• Example
  • Filter all routes with odd 3rd octet
  • (config)#access-list 1 deny 0.0.1.0 255.255.254.255
  • (config-router)#distribute-list 1 <in | out> [interface]

[___/su_spoiler]

Extended ACLs

• Match on route source and prefix but not length
• Example
  • Filter out prefixes starting 10 from route source 2.2.2.2
  • (config)#access-list <###> deny ip host <route source> <filter prefix> <filter wildcard>
  • (config)#access-list 100 deny ip host 2.2.2.2 10.0.0.0 0.255.255.255

[___/su_spoiler]

Prefix Lists

• Match on route source, prefix and length
• Example
  • Accept only host routes from 2.2.2.2 with exception of 10.5.5.5/32.
  • (config)#ip prefix-list ROUTER2 permit 2.2.2.2/32
  • (config)#ip prefix-list DENY_10 deny 10.5.5.5/32
  • (config)#ip prefix-list DENY_10 permit 0.0.0.0/0 ge 32
  • (config-router)#distribute-list prefix-list DENY_10 gateway ROUTER2 in [interface]

[___/su_spoiler]

[__/su_spoiler]

Filtering: Offset Lists

• Used to add hop count to metric
• Applied inbound or outbound
• Command:
  • (config-router)#offset-list <acl #> <in | out> <offset> [interface]
• Example
  • Filter all routes from interface fa0/0
  • (config-router)#offset-list 0 in 16 fa 0/0
  • Offset-list (or ACL) 0 mean to match all routes
  • sets the hop could to 16 which is inaccessible

[__/su_spoiler]

Filtering: Administrative Distance

• Default AD of 120
• Prefixes with AD 255 are infinite and can't be installed in RIB
• Can be applied per prefix or per neighbor
  • Per prefix
    • (config-router)#distance <distance> <prefix source network> <prefix source wildcard> <acl of prefix>
    • Example
      • Filter prefixes prefixes matching 10.2.2.2/32 from any source
      • (config)#access-list 10 permit 10.2.2.2
      • (config-router)#distance 255 0.0.0.0 255.255.255.255 10
  • Per neighbor
    • (config-router)#distance <distance> <prefix source network> <prefix source wildcard> <acl of prefix> <distance>
    • Example
      • Filter prefixes in ACL 10 from source 3.3.3.3
      • (config-router)#distance 255 3.3.3.3 0.0.0.0 10

[__/su_spoiler]

Filtering: Passive Interface

• Doesn't send routing updates
  • Still receives and processes updates
• Can be applied:
  • Selectively on individual interfaces
    • Command:
      • (config-router)# passive-interface <IF>
  • On all interfaces
  • • Command:
      • (config-router)#passive-interface default
  • No-passive
    • Overrides default passive state
    • Command:
      • (config-router)#no passive-interface <interface>

[__/su_spoiler]

[_/su_spoiler]

Timers

1. Update Timer
   1. Defaults to 30 seconds
   2. Specifies when to send updates to neighbors
2. Invalid-after Timer
   1. Defaults to 180 seconds
   2. Pre-prefix timer
   3. Reset after an update is received about a prefix from its next-hop
   4. If no update received and time reaches its end the route is considered invalid
      1. Holddown timer is started for this prefix
3. Holddown Timer
   1. Defaults to 180 seconds
   2. Per-prefix timer
   3. Begins after a route has been declared invalid (Invalid-after timer expired)
   4. Router starts advertising route in inaccessible
   5. Doesn't accept any updated information
   6. Doesn't modify the routing table entry for that prefix until Holddown timer expired
4. Flushed-after Timer
   1. Defaults to 240 seconds
   2. Per-prefix timer
   3. Reset every time an update is received for that prefix from its next-hop
   4. If updates for prefix cease and timer expires the prefix is removed from the routing table

• Can be manually specified globally or at the interface level
• Global command:
  • (config-router)timers basic <update (secs)> <invalid (secs)> <holddown (secs)> <flush (secs)>
• Interface commands:
  • (config-if)#ip rip advertise <interval (secs)>

[_/su_spoiler]

Split Horizon

• Don't advertise a prefix out same interface used to reach that prefix
  • i.e. the next-hop of that prefix
• Enabled by default on all interfaces except Frame Relay physical interface
• Effects multipoint connections or partial mesh topologies
• To disable use interface command:
  • (config-if)#no ip split-horizon
• Can be verified with command:
  • #show ip interface <IF>

RIPv2 with Split-Horizon Enabled

RIPv2 with Split-Horizon disabled

[_/su_spoiler]

Split-Horizon with Poison Reverse

• Not implemented in Cisco RIPv2
• Instead of not advertising a prefix back out the same interface, the prefix is re-advertised with an inaccessible metric of 16

RIPv2 Split-Horizon with Poisoned Reverse

[_/su_spoiler]

Route Poisoning

• Mechanism to rapidly flush a route that is unreachable
• Advertise prefix with metric set to infinity (16)
• Receiving router will immediately remove the prefix from the routing table
• Routers that receive an update about an unreachable prefix from a neighbor that is not the next-hop of that prefix, are ignored
  • Processed accordingly but doesn't effect that routers routing tables
  • Indistinguishable from Split-Horizon with Poison Reverse

RIPv2 Poison Route (Same as Split-Horizon with Poisoned Reverse)

[_/su_spoiler]

Count to Infinity

• Usually caused be disabling Split-Horizon
  • 2 directly connected neighbors consider themselves as the next-hop towards the destination network
    • Each of them will derive its own metric from the metric of its neighbor
    • They will keep flooding the update to each other until the first router reaches infinity (16)
• As a result of count-to-infinity routes can be expired from the table
  • Will be slow to expire
• Provides a loop prevention mechanism as a consequence of the Distance Vector principle and not as a built in feature
• If the next-hop to a prefix advertises that network with suddenly increased metric
  • accept the advertisement immediately
  • update metric accordingly
  • If updated metric reaches infinity (16), stop using that next-hop

RIPv2 Count to infinity loop

[_/su_spoiler]

Troubleshooting Commands

• #show ip rip database – displays the routing information held in the RIP database
• #show ip protocols – to verify rip and version numbers
• #debug ip rip – Enable RIP debugging
• #clear ip route * – flushes out old routes
• #show ip interface <IF> – display split horizon state