Thursday, February 6, 2014

NTS: RIP/RIPng

RIP/RIPng





RIPv1 (Routing Information Protocol v1) is defined in RFC 1058.
RIPv2 is defined in RFC 2453.
RIPng (RIP for IPv6) is defined in RFC 2080.



RIP uses UDP port 520.

Metric = hop count (1-16)  - use offset-list to modify

Admin distance is 120.



RIP v1

If the advertised prefix is part of a directly connected network, the subnet mask of that connected interface is used as the subnet mask of the prefix. Otherwise, major classes A/B/C are used accordingly.

Use secondary ip addresses on intermediate links to fix the discontinuous class issues in RIP v1.

RIP v1 updates are sent as broadcast to 255.255.255.255



RIP v2
  • classless routing
  • next-hop included in updates
  • authentication
  • external route tags
  • multicast updates (to 224.0.0.9)


RIP default mode
  • send v1 updates
  • listen to v1/v2 updates

Passive interface
  • listens to RIP messages (use filtering to block if required)
  • doesn't send RIP updates (unless a specific neighbor is configured)
  • updates the routing table

In IOS, you can use "ip rip triggered" under serial interfaces (on both neighbors) to minimize the number of updates.


Unicast updates

You can specify a specific neighbor for sending unicast updates.

IOS
router rip
 neighbor 10.1.1.2


IOS-XR
router rip
 neighbor 10.1.1.2



Use the command "no validate-update-source" under the RIP process if you want to enable exchange of routes between neighbors with different networks.



Configuration


IOS
router rip
 version 2
 network 10.0.0.0
 no auto-summary


IOS-XR
router rip
 interface X
 !
 no auto-summary



IOS-XR has v2 enabled by default. You need the change the send/receive version under the interface if v1 is required.

Unless told otherwise, always enable v2 and disable auto-summary.



Route Summarization

IOS
interface Serial2/0
 ip summary-address rip x.x.x.x y.y.y.y


IOS-XR
not supported



Route Filtering

  • prefix-list & gateway
    • distribute-list prefix PREFIXES gateway SOURCES in
  • extended ACL
    • distribute-list X in
    • access-list x permit ip host SOURCE host PREFIX




Authentication

Two methods:
  • clear text
  • MD5

IOS
interface X
 ip rip authentication mode md5
 ip rip authentication key-chain KEYCHAIN
!

key chain KEYCHAIN
 key 1
  key-string TESTPASS


IOS-XR
router rip
 interface TenGigE0/0/0/0
  authentication keychain KEYCHAIN mode md5

!
key chain KEYCHAIN
 key 1
  key-string TESTPASS






PE-CE

CE

IOS
router rip
 version 2
 network 10.0.0.0
 no auto-summary


IOS-XR
router rip
 interface X
 !
 no auto-summary



PE

IOS
router rip
 address-family ipv4 vrf VPN
  network 10.0.0.0
  no auto-summary
  version 2
 exit-address-family


IOS-XR
router rip
 vrf VPN
  interface X
  !
  no auto-summary



In IOS, if RIP v2 is to be used, then it must be defined under the ipv4 vrf address-family on the PE.



RIPng (IPv6)

Same as RIPv2, except:
  • uses UDP port 521 (can be changed)
  • updates are sent to FF02::9 (can be changed)
  • metric can be changed per incoming interface (not per received/advertised prefix)

IOS
interface X
 ipv6 rip RIPNG enable
!

ipv6 router rip RIPNG
 port 528 multicast-group FF02::8



IOS-XR
not supported


Defining the RIPng process is not required in IOS; it gets automatically created once you enable it under an interface. Removing the RIPng process will also remove all other configuration from interfaces.

Since you can have multiple RIPng processes, you must use a different UPD port for every RIPng process to differentiate the incoming updates.

Process name is only locally significant.




No comments:

Post a Comment