Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

RIP

The Routing Information Protocol (RIP) is one of the oldest, and still widely used, interior gateway protocols (IGP). RIP uses only the number of hops between nodes to determine the cost of a route to a destination network and does not consider network congestion or link speed. Other shortcomings of RIP are that it can create excessive network traffic if there are a large number of routes and that it has a slow convergence time and is less secure than other IGPs, such as OSPF.

Routers using RIP broadcast their routing tables on a periodic basis to other routers, whether or not the tables have changed. Each update contains paired values consisting of an IP network address and a distance to that network. The distance is expressed as an integer, the hop count metric. Directly connected networks have a metric of 1. Networks reachable through one other router are two hops, and so on. The maximum number of hops in a RIP network is 15 and the protocol treats anything equal to or greater than 16 as unreachable.

Related Topics

RIP 2

RIP 1

Virtual IP Address Support for VRRP

Configuring RIP - WebUI

Configuring RIP - CLI (rip)

Monitoring RIP

RIP 2

The RIP version 2 protocol adds capabilities to RIP. Some of the most notable RIP 2 enhancements follow.

Network Mask

The RIP 1 protocol assumes that all subnetworks of a given network have the same network mask. It uses this assumption to calculate the network masks for all routes received. This assumption prevents subnets with different network masks from being included in RIP packets. RIP 2 adds the ability to explicitly specify the network mask for each network in a packet.

Authentication

RIP 2 packets also can contain one of two types of authentication methods that can be used to verify the validity of the supplied routing data.

The first method is a simple password in which an authentication key of up to 16 characters is included in the packet. If this password does not match what is expected, the packet is discarded. This method provides very little security, as it is possible to learn the authentication key by watching RIP packets.

The second method uses the MD5 algorithm to create a crypto checksum of a RIP packet and an authentication key of up to 16 characters. The transmitted packet does not contain the authentication key itself; instead, it contains a crypto-checksum called the digest. The receiving router performs a calculation using the correct authentication key and discards the packet if the digest does not match. In addition, a sequence number is maintained to prevent the replay of older packets. This method provides stronger assurance that routing data originated from a router with a valid authentication key.

RIP 1

Network Mask

RIP 1 derives the network mask of received networks and hosts from the network mask of the interface from which the packet was received. If a received network or host is on the same natural network as the interface over which it was received, and that network is subnetted (the specified mask is more specific than the natural network mask), then the subnet mask is applied to the destination. If bits outside the mask are set, it is assumed to be a host; otherwise, it is assumed to be a subnet.

Auto Summarization

The Check Point implementation of RIP 1 supports auto summarization; this allows the router to aggregate and redistribute nonclassful routes in RIP 1.

Virtual IP Address Support for VRRP

Gaia supports the advertising of the virtual IP address of the VRRP virtual router. You can configure RIP to advertise the virtual IP address rather than the actual IP address of the interface. If you enable this option, RIP runs only on the master of the virtual router; on a failover, RIP stops running on the old master and then starts running on the new master. A traffic break might occur during the time it takes both the VRRP and RIP protocols to learn the routes again. The larger the network, the more time it would take RIP to synchronize its database and install routes again.

Note -

Gaia also provides support for BGP, OSPF, and PIM, both Sparse-Mode and Dense-Mode, to advertise the virtual IP address of the VRRP virtual router.

You must use Monitored Circuit mode when configuring virtual IP support for any dynamic routing protocol, including RIP.

Configuring RIP - WebUI

To configure RIP:

  1. In the Network Management > Network interfaces page of the WebUI, configure Ethernet Interfaces and assign an IP address to the interface.
  2. Open the Advanced Routing > RIP page of the WebUI.
  3. Optional: In the RIP Global Settings section:
    1. Configure the RIP Update Interval and Expire Interval. These timers allows you to vary the frequency with which updates are sent and when routes expire.
    2. Select Auto Summarization to aggregate and redistribute non-classful routes in RIP 1. Clear it to disable the option.
  4. In the RIP Interfaces section, click Add.

    The Add Interface window opens

  5. Configure the RIP Interfaces.
  6. Click Save.

RIP Global Settings

Option

Description

Update Interval

The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T corresponds to the Update Interval value.

Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.

  • Range: 1-65535.
  • Default: 30.

Expire Interval

The amount of time, in seconds, that must pass without receiving an update for a given route before the route is considered to have timed out. This value should be 6 times the update interval in order to allow for the possibility that packets containing an update could be dropped by the network.

  • Range: 1-65535.
  • Default: 180.

Auto Summarization

Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If the Auto summarization field option is unchecked, you must do the aggregation and redistribution manually by using route aggregation and route redistribution.

Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.

  • Default: Selected.

RIP Interface Options

Option

Description

Interface

The interface on which RIP is enabled.

Version

The version of RIP to run. If you specify version 2, the default is to send full version 2 packets on the RIP multicast address.

  • Options: 1 or 2.
  • Default: 1.

Metric

The RIP metric to be added to routes that are sent using the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router.

  • Range: 0-16.
  • Default: 0.

Accept updates

Whether RIP packets from other routers using the interface are accepted or ignored. Ignoring an update may result in suboptimal routing.

  • Default: Selected.

Send updates

Whether RIP packets should be sent via the interface. This causes the interface to be a passive RIP listener.

  • Default: Selected

Virtual Address

Make RIP run only on the VRRP Virtual IP address associated with this interface. If this router is not a VRRP Master then RIP will not run if this option is selected. It will only run on the VRRP Master. Make sure that VRRP is configured to Accept Connections to VRRP IPs.

  • Default: Cleared.

Transport

Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default.

Selecting Broadcast specifies that RIP version 1 packets that are compatible with version 2 should be broadcast on this interface.

  • Options: Broadcast/Multicast.
  • Default: Multicast.

Authentication Type

The type of authentication scheme to use for the link. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers.

  • None: There is no authentication scheme for the interface to accept routing information from neighboring routers.
  • Simple: Implement a simple authentication scheme for the interface to accept routing information from neighboring routers. Enter the Simple Password, from 1 to 16 characters. Must contain alphanumeric characters only.
  • MD5: Implement an authentication scheme that uses an MD5 algorithm for the interface to accept routing information from neighboring routers. Enter the password.

    To ensure interoperability with Cisco routers running RIP MD5 authentication, enable Cisco Compatibility. By default, RIP MD5 is set to conform to the Check Point standard, and not for Cisco compatibility.

  • Options: None/Simple/MD5.
  • Default: None.

Configuring RIP - CLI (rip)

RIP Global Commands

Use these commands to configure RIP properties that apply to all interfaces configured for RIP.

set rip
	auto‑summary <on | off>
	update‑interval <1‑65535>
	update‑interval default
	expire‑interval <1‑65535>
	expire‑interval default

Parameter

Description

auto‑summary <on | off>

Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If the Auto summarization field option is unchecked, you must do the aggregation and redistribution manually by using route aggregation and route redistribution.

Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.

Default: on

update‑interval <1‑65535>

The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T corresponds to the Update Interval value.

Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration.

update‑interval default

A value of 30 seconds.

expire‑interval <1‑65535>

The amount of time, in seconds, that must pass without receiving an update for a given route before the route is considered to have timed out. This value should be 6 times the update interval in order to allow for the possibility that packets containing an update could be dropped by the network.

expire‑interval default

A value of 180 seconds.

RIP Interface Commands

Use these commands to configure RIP properties that apply to a RIP interface.

set rip interface if_name
	<off |on>
	version <1 | 2> on
	metric <0‑16>
	metric default
	accept‑updates <on | off>
	send‑updates <on | off>
	transport <multicast | broadcast>
	authtype none
	authtype simple password
	authtype md5 secret secret [cisco‑compatibility] <on | off>
	virtual address <on | off>

Parameter

Description

interface if_name
<off |on>

Turn on or turn off RIP on the interface.

Default: off

<1 | 2>

The version of RIP to run. If you specify version 2, the default is to send full version 2 packets on the RIP multicast address.

Default: 1

metric <0–16>

The RIP metric to be added to routes that are sent using the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router.

metric default

A value of 0.

accept‑updates <on | off>

Whether RIP packets from other routers using the interface are accepted or ignored. Ignoring an update may result in suboptimal routing.

Default: off

send‑updates <on | off>

Whether RIP packets should be sent via the interface. This causes the interface to be a passive RIP listener.

transport <multicast | broadcast>

The transport mechanism.

Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default.

Note - When you use RIP 2, always select multicast. We recommend that you do not operate RIP 1 and RIP 2 together.

Selecting Broadcast specifies that RIP version 1 packets that are compatible with version 2 should be broadcast on this interface.

authtype none

There is no authentication scheme for the interface to accept routing information from neighboring routers. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers.

authtype simple password

Implement a simple authentication scheme for the interface to accept routing information from neighboring routers. Enter the Simple Password, from 1 to 16 characters. Must contain alphanumeric characters only. This option applies to RIP version 2 only.

authtype md5 secret secret

Implement an authentication scheme that uses an MD5 algorithm for the interface to accept routing information from neighboring routers. Enter the password.

interface if_name virtual <on | off>

Make RIP run only on the VRRP Virtual IP address associated with this interface. If this router is not a VRRP Master then RIP will not run if this option is selected. It will only run on the VRRP Master. Make sure that VRRP is configured to Accept Connections to VRRP IPs.

Note - You must use Monitored Circuit mode when configuring VRRP to accept connections to VRRP virtual IPs, and when configuring virtual IP support for any dynamic routing protocol, including RIP.

For more information, see ICMP Router Discovery.

Default: off

cisco‑compatibility <on | off>

To ensure interoperability with Cisco routers running RIP MD5 authentication, enable Cisco Compatibility. By default, RIP MD5 is set to conform to the Check Point standard, and not for Cisco compatibility.

Default: off

Monitoring RIP

Monitoring RIP - WebUI

To monitor and troubleshoot RIP:

  1. Open the Advanced Routing > RIP page of the WebUI.
  2. Click the Monitoring tab.
  3. In the Information table, click a line to see the current values.

    Note - The page is static. To see the latest values, reload your browser page.

RIP Show Commands

Use these commands to monitor and troubleshoot RIP.

show rip
 
show rip
	interfaces
	interface <if_name>
	packets
	errors
	neighbors
	summary

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print