RIP v2

Background

Due to the deficiencies of the original RIP specification, RIP version 2 (RIPv2) was developed in 1993, published as RFC 1723 in 1994, and declared Internet Standard 56 in 1998.

It included the ability to carry subnet information, thus supporting Classless Inter-Domain Routing (CIDR). To maintain backward compatibility, the hop count limit of 15 remained. RIPv2 has facilities to fully interoperate with the earlier specification if all Must Be Zero protocol fields in the RIPv1 messages are properly specified. In addition, a compatibility switch feature allows fine-grained interoperability adjustments.

In an effort to avoid unnecessary load on hosts that do not participate in routing, RIPv2 multicasts the entire routing table to all adjacent routers at the address 224.0.0.9, as opposed to RIPv1 which uses broadcast. Unicast addressing is still allowed for special applications.

Route tags were also added in RIP version 2. This functionality allows a distinction between routes learned from the RIP protocol and routes learned from other protocols.

Network Mask

The RIPv1 protocol assumes that all sub-networks of a given network have the same network mask.

It uses this assumption to calculate the network masks for all routes received.

This assumption prevents subnets with different network masks from being included in RIP packets.

RIPv2 adds the ability to specify explicitly the network mask for each network in a packet.

Authentication

RIPv2 packets also can contain one of two types of authentication methods that can be used to verify the validity of the supplied routing data.

The first method is a simple password in which an authentication key of up to 16 characters is included in the packet.

If this password does not match what is expected, the packet is discarded.

This method provides very little security, as it is possible to learn the authentication key by watching RIP packets.

The second method uses the MD5 algorithm to create a crypto checksum of a RIP packet and an authentication key of up to 16 characters.

The transmitted packet does not contain the authentication key itself; instead, it contains a crypto checksum called the digest.

The receiving router performs a calculation using the correct authentication key and discards the packet if the digest does not match.

In addition, a sequence number is maintained to prevent the replay of older packets.

This method provides stronger assurance that routing data originated from a router with a valid authentication key.