|
|
|
In This Section: |
The Routing Information Protocol (RIP) is one of the oldest, and still widely used, interior gateway protocols (IGP). RIP uses only the number of hops between nodes to determine the cost of a route to a destination network and does not consider network congestion or link speed. Other shortcomings of RIP are that it can create excessive network traffic if there are a large number of routes and that it has a slow convergence time and is less secure than other IGPs, such as OSPF.
Routers using RIP broadcast their routing tables on a periodic basis to other routers, whether or not the tables have changed. Each update contains paired values consisting of an IP network address and a distance to that network. The distance is expressed as an integer, the hop count metric. Directly connected networks have a metric of 1. Networks reachable through one other router are two hops, and so on. The maximal number of hops in a RIP network is 15 and the protocol treats anything equal to or greater than 16 as unreachable.
RIP 1 derives the network mask of received networks and hosts from the network mask of the interface from which the packet was received. If a received network or host is on the same natural network as the interface over which it was received, and that network is subnetted (the specified mask is more specific than the natural network mask), then the subnet mask is applied to the destination. If bits outside the mask are set, it is assumed to be a host; otherwise, it is assumed to be a subnet.
The Check Point implementation of RIP 1 supports auto summarization; this allows the router to aggregate and redistribute nonclassful routes in RIP 1.
The RIP version 2 protocol adds capabilities to RIP. Some of the most notable RIP 2 enhancements follow.
The RIP 1 protocol assumes that all subnetworks of a given network have the same network mask. It uses this assumption to calculate the network masks for all routes received. This assumption prevents subnets with different network masks from being included in RIP packets. RIP 2 adds the ability to specify explicitly the network mask for each network in a packet.
RIP 2 packets also can contain one of two types of authentication methods that can be used to verify the validity of the supplied routing data.
The first method is a simple password in which an authentication key of up to 16 characters is included in the packet. If this password does not match what is expected, the packet is discarded. This method provides very little security, as it is possible to learn the authentication key by watching RIP packets.
The second method uses the MD5 algorithm to create a crypto checksum of a RIP packet and an authentication key of up to 16 characters. The transmitted packet does not contain the authentication key itself; instead, it contains a crypto-checksum called the digest. The receiving router performs a calculation using the correct authentication key and discards the packet if the digest does not match. In addition, a sequence number is maintained to prevent the replay of older packets. This method provides stronger assurance that routing data originated from a router with a valid authentication key.
Gaia supports the advertising of the virtual IP address of the VRRP Virtual Router. You can configure RIP to advertise the virtual IP address rather than the actual IP address of the interface. If you enable this option, RIP runs only on the master of the Virtual Router; on a failover, RIP stops running on the old master and then starts running on the new master. A traffic break might occur during the time it takes both the VRRP and RIP protocols to learn the routes again. The larger the network, the more time it would take RIP to synchronize its database and install routes again.
|
Note - Gaia also provides support for BGP, OSPF, and PIM, both Sparse-Mode and Dense-Mode, to advertise the virtual IP address of the VRRP Virtual Router. You must use Monitored Circuit mode when configuring virtual IP support for any dynamic routing protocol, including RIP. |
|---|
To configure RIP:
The Add Interface window opens
Option |
Description |
|---|---|
Update Interval |
The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T is the Update Interval value. Note - Be careful when you set this parameter, because RIP has no protocol mechanism to detect misconfiguration.
|
Expire Interval |
The amount of time, in seconds, that must pass with no update for a given route before the route is considered to have timed out. This value must be 6 times the update interval before the network drops packets which contain an update.
|
Auto Summarization |
Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If you do not select the Auto summarization field option, you must use route aggregation and route redistribution and do the aggregation and redistribution manually. Note - Be careful when you set this parameter, because RIP has no protocol mechanism to detect misconfiguration.
|
Option |
Description |
|---|---|
Interface |
The interface on which RIP is enabled. |
Version |
The version of RIP to run. If you enter version 2, the default is to send full version 2 packets on the RIP multicast address.
|
Metric |
The RIP metric to add to routes that are sent with the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router.
|
Accept updates |
Defines if RIP packets from other routers which use the interface are accepted or ignored. Ignoring an update may result in suboptimal routing.
|
Send updates |
Defines if RIP packets are sent through the interface. This causes the interface to be a passive RIP listener.
|
Virtual Address |
Make RIP run only on the VRRP Virtual IP address related to this interface. If this router is not a VRRP Master then RIP does not run if this option is selected. It only runs on the VRRP Master. Note - You must use Monitored Circuit mode when you configure VRRP to work with virtual IPs, and when you configure virtual IP support for a dynamic routing protocol, including RIP.
|
Transport |
Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default.
|
Authentication Type |
The type of authentication scheme to use for the link. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers.
|
Use these commands to configure RIP properties that apply to all interfaces configured for RIP.
set rip
auto-summary <on | off>
update-interval <1-65535>
update-interval default
expire-interval <1-65535>
expire-interval default
Parameter |
Description |
|---|---|
|
Automatically aggregates and redistributes non-classful RIP Version 1 into RIP. This applies only to RIP Version 1. If the Auto summarization field option is unchecked, you must do the aggregation and redistribution manually by using route aggregation and route redistribution. Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration. Default: on |
|
The amount of time, in seconds, between regularly scheduled RIP updates. To prevent synchronization of periodic updates, RIP updates are actually sent at a time from the uniform distribution on the interval (0.5T, 1.5T) where T corresponds to the Update Interval value. Note - Take care when you set this parameter, as RIP has no protocol mechanism to detect misconfiguration. |
|
A value of 30 seconds. |
|
The amount of time, in seconds, that must pass without receiving an update for a given route before the route is considered to have timed out. This value should be 6 times the update interval in order to allow for the possibility that packets containing an update could be dropped by the network. |
|
A value of 180 seconds. |
Use these commands to configure RIP properties that apply to a RIP interface.
set rip interface if_name <off |on> version <1 | 2> on metric <0-16> metric default accept-updates <on | off> send-updates <on | off> transport <multicast | broadcast> authtype none authtype simple password authtype md5 secret secret [cisco-compatibility] <on | off> virtual address <on | off> |
Parameter |
Description |
|---|---|
|
Turn on or turn off RIP on the interface. Default: off |
|
The version of RIP to run. If you specify version 2, the default is to send full version 2 packets on the RIP multicast address. Default: 1 |
|
The RIP metric to be added to routes that are sent using the specified interface(s). The default is zero. This is used to make other routers prefer other sources of RIP routes over this router. |
|
A value of 0. |
|
Whether RIP packets from other routers using the interface are accepted or ignored. Ignoring an update may result in suboptimal routing. Default: off |
|
Whether RIP packets should be sent via the interface. This causes the interface to be a passive RIP listener. |
|
The transport mechanism. Selecting Multicast specifies that RIP version 2 packets should be multicast on this interface. This is the default. Note - When you use RIP 2, always select multicast. We recommend that you do not operate RIP 1 and RIP 2 together. |
|
There is no authentication scheme for the interface to accept routing information from neighboring routers. This option applies to rip version 2 only. In general, routers on a given link must agree on the authentication configuration in order to form neighbor adjacencies. This is used to guarantee that routing information is accepted only from trusted routers. |
|
Implement a simple authentication scheme for the interface to accept routing information from neighboring routers. Enter the Simple Password, from 1 to 16 characters. Must contain alphanumeric characters only. This option applies to RIP version 2 only. |
|
Implement an authentication scheme that uses an MD5 algorithm for the interface to accept routing information from neighboring routers. Enter the password. |
|
Make RIP run only on the VRRP Virtual IP address associated with this interface. If this router is not a VRRP Master then RIP will not run if this option is selected. It will only run on the VRRP Master. Note - You must use Monitored Circuit mode when configuring VRRP to work with virtual IPs, and when configuring virtual IP support for any dynamic routing protocol, including RIP. For more information, see ICMP Router Discovery. Default: off |
|
To ensure interoperability with Cisco routers running RIP MD5 authentication, enable Cisco Compatibility. By default, RIP MD5 is set to conform to the Check Point standard, and not for Cisco compatibility. Default: off |
To monitor and troubleshoot RIP:
|
Note - The page is static. To see the latest values, reload your browser page. |
Use these commands to monitor and troubleshoot RIP.
show rip
show rip
interfaces
interface <if_name>
packets
errors
neighbors
summary
