RIP
The Routing Information Protocol (RIP) is one of the oldest, and still widely used, interior gateway protocols (IGP). RIP uses only the number of hops between nodes to determine the cost of a route to a destination network and does not consider network congestion or link speed. Other shortcomings of RIP are that it can create excessive network traffic if there are a large number of routes and that it has a slow convergence time and is less secure than other IGPs, such as OSPF.
Routers using RIP broadcast their routing tables on a periodic basis to other routers, whether or not the tables have changed. Each update contains paired values consisting of an IP network address and a distance to that network. The distance is expressed as an integer, the hop count metric. Directly connected networks have a metric of 1. Networks reachable through one other router are two hops, and so on. The maximum number of hops in a RIP network is 15 and the protocol treats anything equal to or greater than 16 as unreachable.
RIP 2
The RIP version 2 protocol adds capabilities to RIP. Some of the most notable RIP 2 enhancements follow.
Network Mask
The RIP 1 protocol assumes that all subnetworks of a given network have the same network mask. It uses this assumption to calculate the network masks for all routes received. This assumption prevents subnets with different network masks from being included in RIP packets. RIP 2 adds the ability to explicitly specify the network mask for each network in a packet.
Authentication
RIP 2 packets also can contain one of two types of authentication methods that can be used to verify the validity of the supplied routing data.
The first method is a simple password in which an authentication key of up to 16 characters is included in the packet. If this password does not match what is expected, the packet is discarded. This method provides very little security, as it is possible to learn the authentication key by watching RIP packets.
The second method uses the MD5 algorithm to create a crypto checksum of a RIP packet and an authentication key of up to 16 characters. The transmitted packet does not contain the authentication key itself; instead, it contains a crypto-checksum called the digest. The receiving router performs a calculation using the correct authentication key and discards the packet if the digest does not match. In addition, a sequence number is maintained to prevent the replay of older packets. This method provides stronger assurance that routing data originated from a router with a valid authentication key.
RIP 1
Network Mask
RIP 1 derives the network mask of received networks and hosts from the network mask of the interface from which the packet was received. If a received network or host is on the same natural network as the interface over which it was received, and that network is subnetted (the specified mask is more specific than the natural network mask), then the subnet mask is applied to the destination. If bits outside the mask are set, it is assumed to be a host; otherwise, it is assumed to be a subnet.
Auto Summarization
The Check Point implementation of RIP 1 supports auto summarization; this allows the router to aggregate and redistribute nonclassful routes in RIP 1.
Virtual IP Address Support for VRRP
Gaia supports the advertising of the virtual IP address of the VRRP virtual router. You can configure RIP to advertise the virtual IP address rather than the actual IP address of the interface. If you enable this option, RIP runs only on the master of the virtual router; on a failover, RIP stops running on the old master and then starts running on the new master. A traffic break might occur during the time it takes both the VRRP and RIP protocols to learn the routes again. The larger the network, the more time it would take RIP to synchronize its database and install routes again.
|
Note -
Gaia also provides support for BGP, OSPF, and PIM, both Sparse-Mode and Dense-Mode, to advertise the virtual IP address of the VRRP virtual router.
You must use Monitored Circuit mode when configuring virtual IP support for any dynamic routing protocol, including RIP.
|
Configuring RIP - WebUI
To configure RIP:
- In the page of the WebUI, configure Ethernet Interfaces and assign an IP address to the interface.
- Open the page of the WebUI.
- Optional: In the RIP Global Settings section:
- Configure the RIP and . These timers allows you to vary the frequency with which updates are sent and when routes expire.
- Select to aggregate and redistribute non-classful routes in RIP 1. Clear it to disable the option.
- In the section, click .
The window opens
- Configure the RIP Interfaces.
- Click .
RIP Global Settings
Option
|
Description
|
|
|
The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T corresponds to the Update Interval value.
Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.
- Range: 1-65535.
- Default: 30.
|
|
|
The amount of time, in seconds, that must pass without receiving an update for a given route before the route is considered to have timed out. This value should be 6 times the update interval in order to allow for the possibility that packets containing an update could be dropped by the network.
- Range: 1-65535.
- Default: 180.
|
|
|
Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If the Auto summarization field option is unchecked, you must do the aggregation and redistribution manually by using route aggregation and route redistribution.
Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.
|
RIP Interface Options
Option
|
Description
|
|
|
The interface on which RIP is enabled.
|
|
|
The version of RIP to run. If you specify version 2, the default is to send full version 2 packets on the RIP multicast address.
- Options: 1 or 2.
- Default: 1.
|
|
|
The RIP metric to be added to routes that are sent using the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router.
|
|
|
Whether RIP packets from other routers using the interface are accepted or ignored. Ignoring an update may result in suboptimal routing.
|
|
|
Whether RIP packets should be sent via the interface. This causes the interface to be a passive RIP listener.
|
|
|
Make RIP run only on the VRRP Virtual IP address associated with this interface. If this router is not a VRRP Master then RIP will not run if this option is selected. It will only run on the VRRP Master. Make sure that VRRP is configured to Accept Connections to VRRP IPs.
|
|
|
Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default.
Selecting Broadcast specifies that RIP version 1 packets that are compatible with version 2 should be broadcast on this interface.
- Options: Broadcast/Multicast.
- Default: Multicast.
|
|
|
The type of authentication scheme to use for the link. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers.
- There is no authentication scheme for the interface to accept routing information from neighboring routers.
- : Implement a simple authentication scheme for the interface to accept routing information from neighboring routers. Enter the Simple Password, from 1 to 16 characters. Must contain alphanumeric characters only.
- Implement an authentication scheme that uses an MD5 algorithm for the interface to accept routing information from neighboring routers. Enter the password.
To ensure interoperability with Cisco routers running RIP MD5 authentication, enable Cisco Compatibility. By default, RIP MD5 is set to conform to the Check Point standard, and not for Cisco compatibility.
- Options: None/Simple/MD5.
- Default: None.
|
Configuring RIP - CLI (rip)
RIP Global Commands
Use these commands to configure RIP properties that apply to all interfaces configured for RIP.
set rip
auto‑summary <on | off>
update‑interval <1‑65535>
update‑interval default
expire‑interval <1‑65535>
expire‑interval default
|
Parameter
|
Description
|
auto‑summary <on | off>
|
Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If the Auto summarization field option is unchecked, you must do the aggregation and redistribution manually by using route aggregation and route redistribution.
Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.
Default: on
|
update‑interval <1‑65535>
|
The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T corresponds to the Update Interval value.
Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.
|
update‑interval default
|
A value of 30 seconds.
|
expire‑interval <1‑65535>
|
The amount of time, in seconds, that must pass without receiving an update for a given route before the route is considered to have timed out. This value should be 6 times the update interval in order to allow for the possibility that packets containing an update could be dropped by the network.
|
expire‑interval default
|
A value of 180 seconds.
|
RIP Interface Commands
Use these commands to configure RIP properties that apply to a RIP interface.
set rip interface if_name
<off |on>
version <1 | 2> on
metric <0‑16>
metric default
accept‑updates <on | off>
send‑updates <on | off>
transport <multicast | broadcast>
authtype none
authtype simple password
authtype md5 secret secret [cisco‑compatibility] <on | off>
virtual address <on | off>
|
Parameter
|
Description
|
interface if_name
<off |on>
|
Turn on or turn off RIP on the interface.
Default: off
|
<1 | 2>
|
The version of RIP to run. If you specify version 2, the default is to send full version 2 packets on the RIP multicast address.
Default: 1
|
metric <0–16>
|
The RIP metric to be added to routes that are sent using the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router.
|
metric default
|
A value of 0.
|
accept‑updates <on | off>
|
Whether RIP packets from other routers using the interface are accepted or ignored. Ignoring an update may result in suboptimal routing.
Default: off
|
send‑updates <on | off>
|
Whether RIP packets should be sent via the interface. This causes the interface to be a passive RIP listener.
|
transport <multicast | broadcast>
|
The transport mechanism.
Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default.
Note - When you use RIP 2, always select multicast. We recommend that you do not operate RIP 1 and RIP 2 together.
Selecting Broadcast specifies that RIP version 1 packets that are compatible with version 2 should be broadcast on this interface.
|
authtype none
|
There is no authentication scheme for the interface to accept routing information from neighboring routers. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers.
|
authtype simple password
|
Implement a simple authentication scheme for the interface to accept routing information from neighboring routers. Enter the Simple Password, from 1 to 16 characters. Must contain alphanumeric characters only. This option applies to RIP version 2 only.
|
authtype md5 secret secret
|
Implement an authentication scheme that uses an MD5 algorithm for the interface to accept routing information from neighboring routers. Enter the password.
|
interface if_name virtual <on | off>
|
Make RIP run only on the VRRP Virtual IP address associated with this interface. If this router is not a VRRP Master then RIP will not run if this option is selected. It will only run on the VRRP Master. Make sure that VRRP is configured to Accept Connections to VRRP IPs.
Note - You must use Monitored Circuit mode when configuring VRRP to accept connections to VRRP virtual IPs, and when configuring virtual IP support for any dynamic routing protocol, including RIP.
For more information, see ICMP Router Discovery.
Default: off
|
cisco‑compatibility <on | off>
|
To ensure interoperability with Cisco routers running RIP MD5 authentication, enable Cisco Compatibility. By default, RIP MD5 is set to conform to the Check Point standard, and not for Cisco compatibility.
Default: off
|
Monitoring RIP
Monitoring RIP - WebUI
To monitor and troubleshoot RIP:
- Open the page of the WebUI.
- Click the tab.
- In the table, click a line to see the current values.
|
Note - The page is static. To see the latest values, reload your browser page.
|
RIP Show Commands
Use these commands to monitor and troubleshoot RIP.
show rip
show rip
interfaces
interface <if_name>
packets
errors
neighbors
summary
|
|
|
