]>
Commit | Line | Data |
---|---|---|
42fc5d26 QY |
1 | .. _RIP: |
2 | ||
3 | *** | |
4 | RIP | |
5 | *** | |
6 | ||
7 | RIP -- Routing Information Protocol is widely deployed interior gateway | |
8 | protocol. RIP was developed in the 1970s at Xerox Labs as part of the | |
9 | XNS routing protocol. RIP is a @dfn{distance-vector} protocol and is | |
10 | based on the @dfn{Bellman-Ford} algorithms. As a distance-vector | |
11 | protocol, RIP router send updates to its neighbors periodically, thus | |
12 | allowing the convergence to a known topology. In each update, the | |
13 | distance to any given network will be broadcasted to its neighboring | |
14 | router. | |
15 | ||
16 | *ripd* supports RIP version 2 as described in RFC2453 and RIP | |
17 | version 1 as described in RFC1058. | |
18 | ||
19 | .. _Starting_and_Stopping_ripd: | |
20 | ||
21 | Starting and Stopping ripd | |
22 | ========================== | |
23 | ||
24 | The default configuration file name of *ripd*'s is | |
25 | :file:`ripd.conf`. When invocation *ripd* searches directory | |
26 | @value{INSTALL_PREFIX_ETC}. If :file:`ripd.conf` is not there next | |
27 | search current directory. | |
28 | ||
29 | RIP uses UDP port 520 to send and receive RIP packets. So the user must have | |
30 | the capability to bind the port, generally this means that the user must | |
31 | have superuser privileges. RIP protocol requires interface information | |
32 | maintained by *zebra* daemon. So running *zebra* | |
33 | is mandatory to run *ripd*. Thus minimum sequence for running | |
34 | RIP is like below: | |
35 | ||
36 | :: | |
37 | ||
38 | @group | |
39 | # zebra -d | |
40 | # ripd -d | |
41 | @end group | |
42 | ||
43 | ||
44 | Please note that *zebra* must be invoked before *ripd*. | |
45 | ||
46 | To stop *ripd*. Please use @command{kill `cat | |
47 | /var/run/ripd.pid`}. Certain signals have special meaningss to *ripd*. | |
48 | ||
49 | ||
50 | ||
51 | *SIGHUP* | |
52 | Reload configuration file :file:`ripd.conf`. All configurations are | |
53 | reseted. All routes learned so far are cleared and removed from routing | |
54 | table. | |
55 | ||
56 | *SIGUSR1* | |
57 | Rotate *ripd* logfile. | |
58 | ||
59 | *SIGINT* | |
60 | ||
61 | *SIGTERM* | |
62 | *ripd* sweeps all installed RIP routes then terminates properly. | |
63 | ||
64 | *ripd* invocation options. Common options that can be specified | |
65 | (:ref:`Common_Invocation_Options`). | |
66 | ||
67 | ||
68 | ||
69 | *-r* | |
70 | ||
71 | *--retain* | |
72 | When the program terminates, retain routes added by *ripd*. | |
73 | ||
74 | .. _RIP_netmask: | |
75 | ||
76 | RIP netmask | |
77 | ----------- | |
78 | ||
79 | The netmask features of *ripd* support both version 1 and version 2 of | |
80 | RIP. Version 1 of RIP originally contained no netmask information. In | |
81 | RIP version 1, network classes were originally used to determine the | |
82 | size of the netmask. Class A networks use 8 bits of mask, Class B | |
83 | networks use 16 bits of masks, while Class C networks use 24 bits of | |
84 | mask. Today, the most widely used method of a network mask is assigned | |
85 | to the packet on the basis of the interface that received the packet. | |
86 | Version 2 of RIP supports a variable length subnet mask (VLSM). By | |
87 | extending the subnet mask, the mask can be divided and reused. Each | |
88 | subnet can be used for different purposes such as large to middle size | |
89 | LANs and WAN links. Frr *ripd* does not support the non-sequential | |
90 | netmasks that are included in RIP Version 2. | |
91 | ||
92 | In a case of similar information with the same prefix and metric, the | |
93 | old information will be suppressed. Ripd does not currently support | |
94 | equal cost multipath routing. | |
95 | ||
96 | .. _RIP_Configuration: | |
97 | ||
98 | RIP Configuration | |
99 | ================= | |
100 | ||
101 | .. index:: Command {router rip} {} | |
102 | ||
103 | Command {router rip} {} | |
104 | The `router rip` command is necessary to enable RIP. To disable | |
105 | RIP, use the `no router rip` command. RIP must be enabled before | |
106 | carrying out any of the RIP commands. | |
107 | ||
108 | .. index:: Command {no router rip} {} | |
109 | ||
110 | Command {no router rip} {} | |
111 | Disable RIP. | |
112 | ||
113 | .. index:: {RIP Command} {network `network`} {} | |
114 | ||
115 | {RIP Command} {network `network`} {} | |
116 | .. index:: {RIP Command} {no network `network`} {} | |
117 | ||
118 | {RIP Command} {no network `network`} {} | |
119 | Set the RIP enable interface by `network`. The interfaces which | |
120 | have addresses matching with `network` are enabled. | |
121 | ||
122 | This group of commands either enables or disables RIP interfaces between | |
123 | certain numbers of a specified network address. For example, if the | |
124 | network for 10.0.0.0/24 is RIP enabled, this would result in all the | |
125 | addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. The `no network` command will disable RIP for the specified network. | |
126 | ||
127 | .. index:: {RIP Command} {network `ifname`} {} | |
128 | ||
129 | {RIP Command} {network `ifname`} {} | |
130 | .. index:: {RIP Command} {no network `ifname`} {} | |
131 | ||
132 | {RIP Command} {no network `ifname`} {} | |
133 | Set a RIP enabled interface by `ifname`. Both the sending and | |
134 | receiving of RIP packets will be enabled on the port specified in the | |
135 | `network ifname` command. The `no network ifname` command will disable | |
136 | RIP on the specified interface. | |
137 | ||
138 | .. index:: {RIP Command} {neighbor `a.b.c.d`} {} | |
139 | ||
140 | {RIP Command} {neighbor `a.b.c.d`} {} | |
141 | .. index:: {RIP Command} {no neighbor `a.b.c.d`} {} | |
142 | ||
143 | {RIP Command} {no neighbor `a.b.c.d`} {} | |
144 | Specify RIP neighbor. When a neighbor doesn't understand multicast, | |
145 | this command is used to specify neighbors. In some cases, not all | |
146 | routers will be able to understand multicasting, where packets are sent | |
147 | to a network or a group of addresses. In a situation where a neighbor | |
148 | cannot process multicast packets, it is necessary to establish a direct | |
149 | link between routers. The neighbor command allows the network | |
150 | administrator to specify a router as a RIP neighbor. The `no neighbor a.b.c.d` command will disable the RIP neighbor. | |
151 | ||
152 | Below is very simple RIP configuration. Interface `eth0` and | |
153 | interface which address match to `10.0.0.0/8` are RIP enabled. | |
154 | ||
155 | :: | |
156 | ||
157 | @group | |
158 | ! | |
159 | router rip | |
160 | network 10.0.0.0/8 | |
161 | network eth0 | |
162 | ! | |
163 | @end group | |
164 | ||
165 | ||
166 | Passive interface | |
167 | ||
168 | .. index:: {RIP command} {passive-interface (`IFNAME`|default)} {} | |
169 | ||
170 | {RIP command} {passive-interface (`IFNAME`|default)} {} | |
171 | .. index:: {RIP command} {no passive-interface `IFNAME`} {} | |
172 | ||
173 | {RIP command} {no passive-interface `IFNAME`} {} | |
174 | This command sets the specified interface to passive mode. On passive mode | |
175 | interface, all receiving packets are processed as normal and ripd does | |
176 | not send either multicast or unicast RIP packets except to RIP neighbors | |
177 | specified with `neighbor` command. The interface may be specified | |
178 | as `default` to make ripd default to passive on all interfaces. | |
179 | ||
180 | The default is to be passive on all interfaces. | |
181 | ||
182 | RIP split-horizon | |
183 | ||
184 | .. index:: {Interface command} {ip split-horizon} {} | |
185 | ||
186 | {Interface command} {ip split-horizon} {} | |
187 | .. index:: {Interface command} {no ip split-horizon} {} | |
188 | ||
189 | {Interface command} {no ip split-horizon} {} | |
190 | Control split-horizon on the interface. Default is `ip split-horizon`. If you don't perform split-horizon on the interface, | |
191 | please specify `no ip split-horizon`. | |
192 | ||
193 | .. _RIP_Version_Control: | |
194 | ||
195 | RIP Version Control | |
196 | =================== | |
197 | ||
198 | RIP can be configured to send either Version 1 or Version 2 packets. | |
199 | The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and | |
200 | replying with packets of the appropriate version for REQUESTS / | |
201 | triggered updates). The version to receive and send can be specified | |
202 | globally, and further overriden on a per-interface basis if needs be | |
203 | for send and receive seperately (see below). | |
204 | ||
205 | It is important to note that RIPv1 can not be authenticated. Further, | |
206 | if RIPv1 is enabled then RIP will reply to REQUEST packets, sending the | |
207 | state of its RIP routing table to any remote routers that ask on | |
208 | demand. For a more detailed discussion on the security implications of | |
209 | RIPv1 see :ref:`RIP_Authentication`. | |
210 | ||
211 | .. index:: {RIP Command} {version `version`} {} | |
212 | ||
213 | {RIP Command} {version `version`} {} | |
214 | Set RIP version to accept for reads and send. `version` | |
215 | can be either `1'' or `2''. | |
216 | ||
217 | Disabling RIPv1 by specifying version 2 is STRONGLY encouraged, | |
218 | :ref:`RIP_Authentication`. This may become the default in a future | |
219 | release. | |
220 | ||
221 | Default: Send Version 2, and accept either version. | |
222 | ||
223 | .. index:: {RIP Command} {no version} {} | |
224 | ||
225 | {RIP Command} {no version} {} | |
226 | Reset the global version setting back to the default. | |
227 | ||
228 | .. index:: {Interface command} {ip rip send version `version`} {} | |
229 | ||
230 | {Interface command} {ip rip send version `version`} {} | |
231 | `version` can be `1', `2' or `1 2'. | |
232 | ||
233 | This interface command overrides the global rip version setting, and | |
234 | selects which version of RIP to send packets with, for this interface | |
235 | specifically. Choice of RIP Version 1, RIP Version 2, or both versions. | |
236 | In the latter case, where `1 2' is specified, packets will be both | |
237 | broadcast and multicast. | |
238 | ||
239 | Default: Send packets according to the global version (version 2) | |
240 | ||
241 | .. index:: {Interface command} {ip rip receive version `version`} {} | |
242 | ||
243 | {Interface command} {ip rip receive version `version`} {} | |
244 | `version` can be `1', `2' or `1 2'. | |
245 | ||
246 | This interface command overrides the global rip version setting, and | |
247 | selects which versions of RIP packets will be accepted on this | |
248 | interface. Choice of RIP Version 1, RIP Version 2, or both. | |
249 | ||
250 | Default: Accept packets according to the global setting (both 1 and 2). | |
251 | ||
252 | .. _How_to_Announce_RIP_route: | |
253 | ||
254 | How to Announce RIP route | |
255 | ========================= | |
256 | ||
257 | .. index:: {RIP command} {redistribute kernel} {} | |
258 | ||
259 | {RIP command} {redistribute kernel} {} | |
260 | .. index:: {RIP command} {redistribute kernel metric <0-16>} {} | |
261 | ||
262 | {RIP command} {redistribute kernel metric <0-16>} {} | |
263 | .. index:: {RIP command} {redistribute kernel route-map `route-map`} {} | |
264 | ||
265 | {RIP command} {redistribute kernel route-map `route-map`} {} | |
266 | .. index:: {RIP command} {no redistribute kernel} {} | |
267 | ||
268 | {RIP command} {no redistribute kernel} {} | |
269 | `redistribute kernel` redistributes routing information from | |
270 | kernel route entries into the RIP tables. `no redistribute kernel` | |
271 | disables the routes. | |
272 | ||
273 | .. index:: {RIP command} {redistribute static} {} | |
274 | ||
275 | {RIP command} {redistribute static} {} | |
276 | .. index:: {RIP command} {redistribute static metric <0-16>} {} | |
277 | ||
278 | {RIP command} {redistribute static metric <0-16>} {} | |
279 | .. index:: {RIP command} {redistribute static route-map `route-map`} {} | |
280 | ||
281 | {RIP command} {redistribute static route-map `route-map`} {} | |
282 | .. index:: {RIP command} {no redistribute static} {} | |
283 | ||
284 | {RIP command} {no redistribute static} {} | |
285 | `redistribute static` redistributes routing information from | |
286 | static route entries into the RIP tables. `no redistribute static` | |
287 | disables the routes. | |
288 | ||
289 | .. index:: {RIP command} {redistribute connected} {} | |
290 | ||
291 | {RIP command} {redistribute connected} {} | |
292 | .. index:: {RIP command} {redistribute connected metric <0-16>} {} | |
293 | ||
294 | {RIP command} {redistribute connected metric <0-16>} {} | |
295 | .. index:: {RIP command} {redistribute connected route-map `route-map`} {} | |
296 | ||
297 | {RIP command} {redistribute connected route-map `route-map`} {} | |
298 | .. index:: {RIP command} {no redistribute connected} {} | |
299 | ||
300 | {RIP command} {no redistribute connected} {} | |
301 | Redistribute connected routes into the RIP tables. `no redistribute connected` disables the connected routes in the RIP tables. | |
302 | This command redistribute connected of the interface which RIP disabled. | |
303 | The connected route on RIP enabled interface is announced by default. | |
304 | ||
305 | .. index:: {RIP command} {redistribute ospf} {} | |
306 | ||
307 | {RIP command} {redistribute ospf} {} | |
308 | .. index:: {RIP command} {redistribute ospf metric <0-16>} {} | |
309 | ||
310 | {RIP command} {redistribute ospf metric <0-16>} {} | |
311 | .. index:: {RIP command} {redistribute ospf route-map `route-map`} {} | |
312 | ||
313 | {RIP command} {redistribute ospf route-map `route-map`} {} | |
314 | .. index:: {RIP command} {no redistribute ospf} {} | |
315 | ||
316 | {RIP command} {no redistribute ospf} {} | |
317 | `redistribute ospf` redistributes routing information from | |
318 | ospf route entries into the RIP tables. `no redistribute ospf` | |
319 | disables the routes. | |
320 | ||
321 | .. index:: {RIP command} {redistribute bgp} {} | |
322 | ||
323 | {RIP command} {redistribute bgp} {} | |
324 | .. index:: {RIP command} {redistribute bgp metric <0-16>} {} | |
325 | ||
326 | {RIP command} {redistribute bgp metric <0-16>} {} | |
327 | .. index:: {RIP command} {redistribute bgp route-map `route-map`} {} | |
328 | ||
329 | {RIP command} {redistribute bgp route-map `route-map`} {} | |
330 | .. index:: {RIP command} {no redistribute bgp} {} | |
331 | ||
332 | {RIP command} {no redistribute bgp} {} | |
333 | `redistribute bgp` redistributes routing information from | |
334 | bgp route entries into the RIP tables. `no redistribute bgp` | |
335 | disables the routes. | |
336 | ||
337 | If you want to specify RIP only static routes: | |
338 | ||
339 | .. index:: {RIP command} {default-information originate} {} | |
340 | ||
341 | {RIP command} {default-information originate} {} | |
342 | .. index:: {RIP command} {route `a.b.c.d/m`} {} | |
343 | ||
344 | {RIP command} {route `a.b.c.d/m`} {} | |
345 | .. index:: {RIP command} {no route `a.b.c.d/m`} {} | |
346 | ||
347 | {RIP command} {no route `a.b.c.d/m`} {} | |
348 | This command is specific to Frr. The `route` command makes a static | |
349 | route only inside RIP. This command should be used only by advanced | |
350 | users who are particularly knowledgeable about the RIP protocol. In | |
351 | most cases, we recommend creating a static route in Frr and | |
352 | redistributing it in RIP using `redistribute static`. | |
353 | ||
354 | .. _Filtering_RIP_Routes: | |
355 | ||
356 | Filtering RIP Routes | |
357 | ==================== | |
358 | ||
359 | RIP routes can be filtered by a distribute-list. | |
360 | ||
361 | .. index:: Command {distribute-list `access_list` `direct` `ifname`} {} | |
362 | ||
363 | Command {distribute-list `access_list` `direct` `ifname`} {} | |
364 | You can apply access lists to the interface with a `distribute-list` | |
365 | command. `access_list` is the access list name. `direct` is | |
366 | @samp{in} or @samp{out}. If `direct` is @samp{in} the access list | |
367 | is applied to input packets. | |
368 | ||
369 | The `distribute-list` command can be used to filter the RIP path. | |
370 | `distribute-list` can apply access-lists to a chosen interface. | |
371 | First, one should specify the access-list. Next, the name of the | |
372 | access-list is used in the distribute-list command. For example, in the | |
373 | following configuration @samp{eth0} will permit only the paths that | |
374 | match the route 10.0.0.0/8 | |
375 | ||
376 | :: | |
377 | ||
378 | @group | |
379 | ! | |
380 | router rip | |
381 | distribute-list private in eth0 | |
382 | ! | |
383 | access-list private permit 10 10.0.0.0/8 | |
384 | access-list private deny any | |
385 | ! | |
386 | @end group | |
387 | ||
388 | ||
389 | `distribute-list` can be applied to both incoming and outgoing data. | |
390 | ||
391 | .. index:: Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {} | |
392 | ||
393 | Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {} | |
394 | You can apply prefix lists to the interface with a | |
395 | `distribute-list` command. `prefix_list` is the prefix list | |
396 | name. Next is the direction of @samp{in} or @samp{out}. If | |
397 | `direct` is @samp{in} the access list is applied to input packets. | |
398 | ||
399 | .. _RIP_Metric_Manipulation: | |
400 | ||
401 | RIP Metric Manipulation | |
402 | ======================= | |
403 | ||
404 | RIP metric is a value for distance for the network. Usually | |
405 | *ripd* increment the metric when the network information is | |
406 | received. Redistributed routes' metric is set to 1. | |
407 | ||
408 | .. index:: {RIP command} {default-metric <1-16>} {} | |
409 | ||
410 | {RIP command} {default-metric <1-16>} {} | |
411 | .. index:: {RIP command} {no default-metric <1-16>} {} | |
412 | ||
413 | {RIP command} {no default-metric <1-16>} {} | |
414 | This command modifies the default metric value for redistributed routes. The | |
415 | default value is 1. This command does not affect connected route | |
416 | even if it is redistributed by *redistribute connected*. To modify | |
417 | connected route's metric value, please use @command{redistribute | |
418 | connected metric} or *route-map*. *offset-list* also | |
419 | affects connected routes. | |
420 | ||
421 | .. index:: {RIP command} {offset-list `access-list` (in|out)} {} | |
422 | ||
423 | {RIP command} {offset-list `access-list` (in|out)} {} | |
424 | .. index:: {RIP command} {offset-list `access-list` (in|out) `ifname`} {} | |
425 | ||
426 | {RIP command} {offset-list `access-list` (in|out) `ifname`} {} | |
427 | ||
428 | .. _RIP_distance: | |
429 | ||
430 | RIP distance | |
431 | ============ | |
432 | ||
433 | Distance value is used in zebra daemon. Default RIP distance is 120. | |
434 | ||
435 | .. index:: {RIP command} {distance <1-255>} {} | |
436 | ||
437 | {RIP command} {distance <1-255>} {} | |
438 | .. index:: {RIP command} {no distance <1-255>} {} | |
439 | ||
440 | {RIP command} {no distance <1-255>} {} | |
441 | Set default RIP distance to specified value. | |
442 | ||
443 | .. index:: {RIP command} {distance <1-255> `A.B.C.D/M`} {} | |
444 | ||
445 | {RIP command} {distance <1-255> `A.B.C.D/M`} {} | |
446 | .. index:: {RIP command} {no distance <1-255> `A.B.C.D/M`} {} | |
447 | ||
448 | {RIP command} {no distance <1-255> `A.B.C.D/M`} {} | |
449 | Set default RIP distance to specified value when the route's source IP | |
450 | address matches the specified prefix. | |
451 | ||
452 | .. index:: {RIP command} {distance <1-255> `A.B.C.D/M` `access-list`} {} | |
453 | ||
454 | {RIP command} {distance <1-255> `A.B.C.D/M` `access-list`} {} | |
455 | .. index:: {RIP command} {no distance <1-255> `A.B.C.D/M` `access-list`} {} | |
456 | ||
457 | {RIP command} {no distance <1-255> `A.B.C.D/M` `access-list`} {} | |
458 | Set default RIP distance to specified value when the route's source IP | |
459 | address matches the specified prefix and the specified access-list. | |
460 | ||
461 | .. _RIP_route-map: | |
462 | ||
463 | RIP route-map | |
464 | ============= | |
465 | ||
466 | Usage of *ripd*'s route-map support. | |
467 | ||
468 | Optional argument route-map MAP_NAME can be added to each `redistribute` | |
469 | statement. | |
470 | ||
471 | :: | |
472 | ||
473 | redistribute static [route-map MAP_NAME] | |
474 | redistribute connected [route-map MAP_NAME] | |
475 | ..... | |
476 | ||
477 | ||
478 | Cisco applies route-map _before_ routes will exported to rip route table. | |
479 | In current Frr's test implementation, *ripd* applies route-map | |
480 | after routes are listed in the route table and before routes will be | |
481 | announced to an interface (something like output filter). I think it is not | |
482 | so clear, but it is draft and it may be changed at future. | |
483 | ||
484 | Route-map statement (:ref:`Route_Map`) is needed to use route-map | |
485 | functionality. | |
486 | ||
487 | .. index:: {Route Map} {match interface `word`} {} | |
488 | ||
489 | {Route Map} {match interface `word`} {} | |
490 | This command match to incoming interface. Notation of this match is | |
491 | different from Cisco. Cisco uses a list of interfaces - NAME1 NAME2 | |
492 | ... NAMEN. Ripd allows only one name (maybe will change in the | |
493 | future). Next - Cisco means interface which includes next-hop of | |
494 | routes (it is somewhat similar to "ip next-hop" statement). Ripd | |
495 | means interface where this route will be sent. This difference is | |
496 | because "next-hop" of same routes which sends to different interfaces | |
497 | must be different. Maybe it'd be better to made new matches - say | |
498 | "match interface-out NAME" or something like that. | |
499 | ||
500 | .. index:: {Route Map} {match ip address `word`} {} | |
501 | ||
502 | {Route Map} {match ip address `word`} {} | |
503 | .. index:: {Route Map} {match ip address prefix-list `word`} {} | |
504 | ||
505 | {Route Map} {match ip address prefix-list `word`} {} | |
506 | Match if route destination is permitted by access-list. | |
507 | ||
508 | .. index:: {Route Map} {match ip next-hop `word`} {} | |
509 | ||
510 | {Route Map} {match ip next-hop `word`} {} | |
511 | .. index:: {Route Map} {match ip next-hop prefix-list `word`} {} | |
512 | ||
513 | {Route Map} {match ip next-hop prefix-list `word`} {} | |
514 | Match if route next-hop (meaning next-hop listed in the rip route-table | |
515 | as displayed by "show ip rip") is permitted by access-list. | |
516 | ||
517 | .. index:: {Route Map} {match metric <0-4294967295>} {} | |
518 | ||
519 | {Route Map} {match metric <0-4294967295>} {} | |
520 | This command match to the metric value of RIP updates. For other | |
521 | protocol compatibility metric range is shown as <0-4294967295>. But | |
522 | for RIP protocol only the value range <0-16> make sense. | |
523 | ||
524 | .. index:: {Route Map} {set ip next-hop A.B.C.D} {} | |
525 | ||
526 | {Route Map} {set ip next-hop A.B.C.D} {} | |
527 | This command set next hop value in RIPv2 protocol. This command does | |
528 | not affect RIPv1 because there is no next hop field in the packet. | |
529 | ||
530 | .. index:: {Route Map} {set metric <0-4294967295>} {} | |
531 | ||
532 | {Route Map} {set metric <0-4294967295>} {} | |
533 | Set a metric for matched route when sending announcement. The metric | |
534 | value range is very large for compatibility with other protocols. For | |
535 | RIP, valid metric values are from 1 to 16. | |
536 | ||
537 | .. _RIP_Authentication: | |
538 | ||
539 | RIP Authentication | |
540 | ================== | |
541 | ||
542 | RIPv2 allows packets to be authenticated via either an insecure plain | |
543 | text password, included with the packet, or via a more secure MD5 based | |
544 | @acronym{HMAC, keyed-Hashing for Message AuthentiCation}, | |
545 | RIPv1 can not be authenticated at all, thus when authentication is | |
546 | configured `ripd` will discard routing updates received via RIPv1 | |
547 | packets. | |
548 | ||
549 | However, unless RIPv1 reception is disabled entirely, | |
550 | :ref:`RIP_Version_Control`, RIPv1 REQUEST packets which are received, | |
551 | which query the router for routing information, will still be honoured | |
552 | by `ripd`, and `ripd` WILL reply to such packets. This allows | |
553 | `ripd` to honour such REQUESTs (which sometimes is used by old | |
554 | equipment and very simple devices to bootstrap their default route), | |
555 | while still providing security for route updates which are received. | |
556 | ||
557 | In short: Enabling authentication prevents routes being updated by | |
558 | unauthenticated remote routers, but still can allow routes (I.e. the | |
559 | entire RIP routing table) to be queried remotely, potentially by anyone | |
560 | on the internet, via RIPv1. | |
561 | ||
562 | To prevent such unauthenticated querying of routes disable RIPv1, | |
563 | :ref:`RIP_Version_Control`. | |
564 | ||
565 | .. index:: {Interface command} {ip rip authentication mode md5} {} | |
566 | ||
567 | {Interface command} {ip rip authentication mode md5} {} | |
568 | .. index:: {Interface command} {no ip rip authentication mode md5} {} | |
569 | ||
570 | {Interface command} {no ip rip authentication mode md5} {} | |
571 | Set the interface with RIPv2 MD5 authentication. | |
572 | ||
573 | .. index:: {Interface command} {ip rip authentication mode text} {} | |
574 | ||
575 | {Interface command} {ip rip authentication mode text} {} | |
576 | .. index:: {Interface command} {no ip rip authentication mode text} {} | |
577 | ||
578 | {Interface command} {no ip rip authentication mode text} {} | |
579 | Set the interface with RIPv2 simple password authentication. | |
580 | ||
581 | .. index:: {Interface command} {ip rip authentication string `string`} {} | |
582 | ||
583 | {Interface command} {ip rip authentication string `string`} {} | |
584 | .. index:: {Interface command} {no ip rip authentication string `string`} {} | |
585 | ||
586 | {Interface command} {no ip rip authentication string `string`} {} | |
587 | RIP version 2 has simple text authentication. This command sets | |
588 | authentication string. The string must be shorter than 16 characters. | |
589 | ||
590 | .. index:: {Interface command} {ip rip authentication key-chain `key-chain`} {} | |
591 | ||
592 | {Interface command} {ip rip authentication key-chain `key-chain`} {} | |
593 | .. index:: {Interface command} {no ip rip authentication key-chain `key-chain`} {} | |
594 | ||
595 | {Interface command} {no ip rip authentication key-chain `key-chain`} {} | |
596 | Specifiy Keyed MD5 chain. | |
597 | ||
598 | :: | |
599 | ||
600 | ! | |
601 | key chain test | |
602 | key 1 | |
603 | key-string test | |
604 | ! | |
605 | interface eth1 | |
606 | ip rip authentication mode md5 | |
607 | ip rip authentication key-chain test | |
608 | ! | |
609 | ||
610 | ||
611 | .. _RIP_Timers: | |
612 | ||
613 | RIP Timers | |
614 | ========== | |
615 | ||
616 | .. index:: {RIP command} {timers basic `update` `timeout` `garbage`} {} | |
617 | ||
618 | {RIP command} {timers basic `update` `timeout` `garbage`} {} | |
619 | ||
620 | RIP protocol has several timers. User can configure those timers' values | |
621 | by `timers basic` command. | |
622 | ||
623 | The default settings for the timers are as follows: | |
624 | ||
625 | ||
626 | `` | |
627 | The update timer is 30 seconds. Every update timer seconds, the RIP | |
628 | process is awakened to send an unsolicited Response message containing | |
629 | the complete routing table to all neighboring RIP routers. | |
630 | ||
631 | ||
632 | `` | |
633 | The timeout timer is 180 seconds. Upon expiration of the timeout, the | |
634 | route is no longer valid; however, it is retained in the routing table | |
635 | for a short time so that neighbors can be notified that the route has | |
636 | been dropped. | |
637 | ||
638 | ||
639 | `` | |
640 | The garbage collect timer is 120 seconds. Upon expiration of the | |
641 | garbage-collection timer, the route is finally removed from the routing | |
642 | table. | |
643 | ||
644 | ||
645 | The `timers basic` command allows the the default values of the timers | |
646 | listed above to be changed. | |
647 | ||
648 | .. index:: {RIP command} {no timers basic} {} | |
649 | ||
650 | {RIP command} {no timers basic} {} | |
651 | The `no timers basic` command will reset the timers to the default | |
652 | settings listed above. | |
653 | ||
654 | .. _Show_RIP_Information: | |
655 | ||
656 | Show RIP Information | |
657 | ==================== | |
658 | ||
659 | To display RIP routes. | |
660 | ||
661 | .. index:: Command {show ip rip} {} | |
662 | ||
663 | Command {show ip rip} {} | |
664 | Show RIP routes. | |
665 | ||
666 | The command displays all RIP routes. For routes that are received | |
667 | through RIP, this command will display the time the packet was sent and | |
668 | the tag information. This command will also display this information | |
669 | for routes redistributed into RIP. | |
670 | ||
671 | .. index:: Command {show ip rip status} {} | |
672 | ||
673 | Command {show ip rip status} {} | |
674 | The command displays current RIP status. It includes RIP timer, | |
675 | filtering, version, RIP enabled interface and RIP peer inforation. | |
676 | ||
677 | :: | |
678 | ||
679 | @group | |
680 | ripd> **show ip rip status** | |
681 | Routing Protocol is "rip" | |
682 | Sending updates every 30 seconds with +/-50%, next due in 35 seconds | |
683 | Timeout after 180 seconds, garbage collect after 120 seconds | |
684 | Outgoing update filter list for all interface is not set | |
685 | Incoming update filter list for all interface is not set | |
686 | Default redistribution metric is 1 | |
687 | Redistributing: kernel connected | |
688 | Default version control: send version 2, receive version 2 | |
689 | Interface Send Recv | |
690 | Routing for Networks: | |
691 | eth0 | |
692 | eth1 | |
693 | 1.1.1.1 | |
694 | 203.181.89.241 | |
695 | Routing Information Sources: | |
696 | Gateway BadPackets BadRoutes Distance Last Update | |
697 | @end group | |
698 | ||
699 | ||
700 | RIP Debug Commands | |
701 | ================== | |
702 | ||
703 | Debug for RIP protocol. | |
704 | ||
705 | .. index:: Command {debug rip events} {} | |
706 | ||
707 | Command {debug rip events} {} | |
708 | Debug rip events. | |
709 | ||
710 | `debug rip` will show RIP events. Sending and receiving | |
711 | packets, timers, and changes in interfaces are events shown with *ripd*. | |
712 | ||
713 | .. index:: Command {debug rip packet} {} | |
714 | ||
715 | Command {debug rip packet} {} | |
716 | Debug rip packet. | |
717 | ||
718 | `debug rip packet` will display detailed information about the RIP | |
719 | packets. The origin and port number of the packet as well as a packet | |
720 | dump is shown. | |
721 | ||
722 | .. index:: Command {debug rip zebra} {} | |
723 | ||
724 | Command {debug rip zebra} {} | |
725 | Debug rip between zebra communication. | |
726 | ||
727 | This command will show the communication between *ripd* and | |
728 | *zebra*. The main information will include addition and deletion of | |
729 | paths to the kernel and the sending and receiving of interface information. | |
730 | ||
731 | .. index:: Command {show debugging rip} {} | |
732 | ||
733 | Command {show debugging rip} {} | |
734 | Display *ripd*'s debugging option. | |
735 | ||
736 | `show debugging rip` will show all information currently set for ripd | |
737 | debug. | |
738 |