Transcript RIP V2

RIP V2
W.lilakiatsakun
RIP V2
 RFC 2453 (obsoletes –RFC 1723 /1388)
 Extension of RIP v1 (Classful routing protocol)
 Classless routing protocol
– VLSM is supported
 Subnet mask included in the routing updates
 Next-hop addresses included in the routing
updates
 Use of multicast addresses in sending updates
 Authentication option available
RIP V2 & V1
 Use of holddown and other timers to help prevent
routing loops.
 Use of split horizon or split horizon with poison
reverse to also help prevent routing loops.
 Use of triggered updates when there is a change
in the topology for faster convergence.
 Maximum hop count limit of 15 hops, with the hop
count of 16 signifying an unreachable network.
RIP v1 Limitation
(Discontiguous Address)
Addressing scheme
VLSM
Private IP
Problems
 R1 cannot ping to network 172.30.100.0
 R3 cannot ping to network 172.30.1.0
 R2 can partially ping to network 172.30.1.0 and 172.30.100.0
RIP V1 message format
R2 installs both paths in routing table
R2 routing table
NO VLSM supported
 RIPv1 either summarizes the subnets to the
classful boundary or uses the subnet mask of
the outgoing interface to determine which
subnets to advertise.
No CIDR supported
Static Routing configuration and Routing Table on R2
Because …
 RIPv1 and other classful routing protocols cannot
support CIDR routes that are summarized routes
with a smaller subnet mask than the classful mask
of the route.
 RIPv1 ignores these supernets in the routing table
and does not include them in updates to other
routers.
 This is because the receiving router would only be
able to apply the larger classful mask to the
update and not the shorter /16 mask.
RIP V2
 RFC 1723
 RIPv2 is encapsulated in a UDP segment
using port 520 and can carry up to 25 routes.
 3 extensions are added.
– The subnet mask field
– The Next Hop address
– The Route Tag
The subnet mask field
 Allow a 32 bit mask to be included in the
RIP route entry.
 As a result, the receiving router no longer
depends upon
– the subnet mask of the inbound interface or
– the classful mask when determining the subnet
mask for a route.
Next hop Address
 The Next Hop address is used to identify a better
next-hop address - if one exists - than the address of
the sending router.
 If the field is set to all zeros (0.0.0.0), the address of
the sending router is the best next-hop address.
 The purpose of the Next Hop field is to eliminate
packets being routed through extra hops in the
system.
 It is particularly useful when RIP is not being run on
all of the routers on a network.
Route Tag
 To provide a method of separating "internal"
RIP routes (routes for networks within the
RIP routing domain) from "external" RIP
routes, which may have been imported from
an EGP or another IGP
 Routers supporting protocols other than RIP
should be configurable to allow the Route
Tag to be configured for routes imported from
different sources
 It is either set to an arbitrary value, or at least
to the number of the Autonomous System
RIP V2 configuration
Auto-Summary and RIP V2 (1)
Auto-Summary and RIP V2 (2)
Auto-summary
Auto-Summary and RIP V2 (3)
Auto summary
Redistribute Static
Disabling Auto-summary
RIP V2 and VLSM
RIP V2 and VLSM
RIP V2 and CIDR
Troubleshooting
 Version : misconfiguration
 Network Statements: incorrect or missing network
statements.
– The network statement does two things:
 It enables the routing protocol to send and receive updates on any
local interfaces that belong to that network.
 It includes that network in its routing updates to its neighboring
routers.
– A missing or incorrect network statement will result in
missed routing updates and routing updates not being
sent or received on an interface.
 Automatic Summarization
– If there is a need or expectation for sending specific
subnets and not just summarized routes, make sure that
automatic summarization has been disabled.
Verifying RIP
Authentication (1)
 A security concern of any routing protocol is
the possibility of accepting invalid routing
updates.
 The source of these invalid routing updates
could be an attacker maliciously attempting to
disrupt the network or trying to capture
packets by tricking the router into sending its
updates to the wrong destination.
 Another source of invalid updates could be a
misconfigured router.
Authentication (2)
Authentication (3)
 For example, in the figure, R1 is propagating a
default route to all other routers in this routing
domain.
 However, someone has mistakenly added router R4
to the network, which is also propagating a default
route.
 Some of the routers may forward default traffic to R4
instead of to the real gateway router, R1.
 These packets could be "black holed" and never
seen again.
Authentication (4)
 RIPv2, EIGRP, OSPF, IS-IS, and BGP can
be configured to authenticate routing
information.
 This practice ensures routers will only
accept routing information from other routers
that have been configured with the same
password or authentication information.
 Note: Authentication does not encrypt the
routing table.
RIPV2 Authentication (1)
 The authentication scheme for RIP version 2
will use the space of an entire RIP entry.
 If the Address Family Identifier of the first
(and only the first) entry in the message is
0xFFFF, then the remainder of the entry
contains the authentication.
 This means that there can be at most, 24
RIP entries in the remainder of the
message.
RIPV2 Authentication (2)
 Currently, the only Authentication Type is
simple password and it is type 2
 The remaining 16 octets contain the plain
text password.
 If the password is under 16 octets, it must
be left-justified and padded to the right with
nulls (0x00).
RIPV2 Authentication (3)
 If the router is not configured to authenticate RIP-2
messages, then
– RIP-1 and unauthenticated RIP-2 messages will be
accepted;
– authenticated RIP-2 messages shall be discarded.
 If the router is configured to authenticate RIP-2
messages, then
– RIP-1 messages and RIP-2 messages which pass
authentication testing shall be accepted;
– unauthenticated and failed authentication RIP-2 messages
shall be discarded.
RIPV2 Authentication (4)
 For maximum security, RIP- 1 messages should be
ignored when authentication is in use otherwise,
 The routing information from authenticated
messages will be propagated by RIP-1 routers in an
unauthenticated manner.
 Since an authentication entry is marked with an
Address Family
 Identifier of 0xFFFF, a RIP-1 system would ignore
this entry since it would belong to an address family
other than IP.