]>
Commit | Line | Data |
---|---|---|
42fc5d26 QY |
1 | .. _RIP: |
2 | ||
3 | *** | |
4 | RIP | |
5 | *** | |
6 | ||
7 | RIP -- Routing Information Protocol is widely deployed interior gateway | |
8 | protocol. RIP was developed in the 1970s at Xerox Labs as part of the | |
9 | XNS routing protocol. RIP is a @dfn{distance-vector} protocol and is | |
10 | based on the @dfn{Bellman-Ford} algorithms. As a distance-vector | |
11 | protocol, RIP router send updates to its neighbors periodically, thus | |
12 | allowing the convergence to a known topology. In each update, the | |
13 | distance to any given network will be broadcasted to its neighboring | |
14 | router. | |
15 | ||
16 | *ripd* supports RIP version 2 as described in RFC2453 and RIP | |
17 | version 1 as described in RFC1058. | |
18 | ||
19 | .. _Starting_and_Stopping_ripd: | |
20 | ||
21 | Starting and Stopping ripd | |
22 | ========================== | |
23 | ||
24 | The default configuration file name of *ripd*'s is | |
25 | :file:`ripd.conf`. When invocation *ripd* searches directory | |
be46d288 | 26 | |INSTALL_PREFIX_ETC|. If :file:`ripd.conf` is not there next |
42fc5d26 QY |
27 | search current directory. |
28 | ||
29 | RIP uses UDP port 520 to send and receive RIP packets. So the user must have | |
30 | the capability to bind the port, generally this means that the user must | |
31 | have superuser privileges. RIP protocol requires interface information | |
32 | maintained by *zebra* daemon. So running *zebra* | |
33 | is mandatory to run *ripd*. Thus minimum sequence for running | |
34 | RIP is like below: | |
35 | ||
36 | :: | |
37 | ||
42fc5d26 QY |
38 | # zebra -d |
39 | # ripd -d | |
42fc5d26 QY |
40 | |
41 | ||
42 | Please note that *zebra* must be invoked before *ripd*. | |
43 | ||
44 | To stop *ripd*. Please use @command{kill `cat | |
45 | /var/run/ripd.pid`}. Certain signals have special meaningss to *ripd*. | |
46 | ||
47 | ||
48 | ||
49 | *SIGHUP* | |
50 | Reload configuration file :file:`ripd.conf`. All configurations are | |
51 | reseted. All routes learned so far are cleared and removed from routing | |
52 | table. | |
53 | ||
54 | *SIGUSR1* | |
55 | Rotate *ripd* logfile. | |
56 | ||
57 | *SIGINT* | |
58 | ||
59 | *SIGTERM* | |
60 | *ripd* sweeps all installed RIP routes then terminates properly. | |
61 | ||
62 | *ripd* invocation options. Common options that can be specified | |
63 | (:ref:`Common_Invocation_Options`). | |
64 | ||
65 | ||
66 | ||
67 | *-r* | |
68 | ||
69 | *--retain* | |
70 | When the program terminates, retain routes added by *ripd*. | |
71 | ||
72 | .. _RIP_netmask: | |
73 | ||
74 | RIP netmask | |
75 | ----------- | |
76 | ||
77 | The netmask features of *ripd* support both version 1 and version 2 of | |
78 | RIP. Version 1 of RIP originally contained no netmask information. In | |
79 | RIP version 1, network classes were originally used to determine the | |
80 | size of the netmask. Class A networks use 8 bits of mask, Class B | |
81 | networks use 16 bits of masks, while Class C networks use 24 bits of | |
82 | mask. Today, the most widely used method of a network mask is assigned | |
83 | to the packet on the basis of the interface that received the packet. | |
84 | Version 2 of RIP supports a variable length subnet mask (VLSM). By | |
85 | extending the subnet mask, the mask can be divided and reused. Each | |
86 | subnet can be used for different purposes such as large to middle size | |
dc1046f7 | 87 | LANs and WAN links. FRR *ripd* does not support the non-sequential |
42fc5d26 QY |
88 | netmasks that are included in RIP Version 2. |
89 | ||
90 | In a case of similar information with the same prefix and metric, the | |
91 | old information will be suppressed. Ripd does not currently support | |
92 | equal cost multipath routing. | |
93 | ||
94 | .. _RIP_Configuration: | |
95 | ||
96 | RIP Configuration | |
97 | ================= | |
98 | ||
99 | .. index:: Command {router rip} {} | |
100 | ||
101 | Command {router rip} {} | |
102 | The `router rip` command is necessary to enable RIP. To disable | |
103 | RIP, use the `no router rip` command. RIP must be enabled before | |
104 | carrying out any of the RIP commands. | |
105 | ||
106 | .. index:: Command {no router rip} {} | |
107 | ||
108 | Command {no router rip} {} | |
109 | Disable RIP. | |
110 | ||
111 | .. index:: {RIP Command} {network `network`} {} | |
112 | ||
113 | {RIP Command} {network `network`} {} | |
114 | .. index:: {RIP Command} {no network `network`} {} | |
115 | ||
116 | {RIP Command} {no network `network`} {} | |
117 | Set the RIP enable interface by `network`. The interfaces which | |
118 | have addresses matching with `network` are enabled. | |
119 | ||
120 | This group of commands either enables or disables RIP interfaces between | |
121 | certain numbers of a specified network address. For example, if the | |
122 | network for 10.0.0.0/24 is RIP enabled, this would result in all the | |
123 | addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. The `no network` command will disable RIP for the specified network. | |
124 | ||
125 | .. index:: {RIP Command} {network `ifname`} {} | |
126 | ||
127 | {RIP Command} {network `ifname`} {} | |
128 | .. index:: {RIP Command} {no network `ifname`} {} | |
129 | ||
130 | {RIP Command} {no network `ifname`} {} | |
131 | Set a RIP enabled interface by `ifname`. Both the sending and | |
132 | receiving of RIP packets will be enabled on the port specified in the | |
133 | `network ifname` command. The `no network ifname` command will disable | |
134 | RIP on the specified interface. | |
135 | ||
136 | .. index:: {RIP Command} {neighbor `a.b.c.d`} {} | |
137 | ||
138 | {RIP Command} {neighbor `a.b.c.d`} {} | |
139 | .. index:: {RIP Command} {no neighbor `a.b.c.d`} {} | |
140 | ||
141 | {RIP Command} {no neighbor `a.b.c.d`} {} | |
142 | Specify RIP neighbor. When a neighbor doesn't understand multicast, | |
143 | this command is used to specify neighbors. In some cases, not all | |
144 | routers will be able to understand multicasting, where packets are sent | |
145 | to a network or a group of addresses. In a situation where a neighbor | |
146 | cannot process multicast packets, it is necessary to establish a direct | |
147 | link between routers. The neighbor command allows the network | |
148 | administrator to specify a router as a RIP neighbor. The `no neighbor a.b.c.d` command will disable the RIP neighbor. | |
149 | ||
150 | Below is very simple RIP configuration. Interface `eth0` and | |
151 | interface which address match to `10.0.0.0/8` are RIP enabled. | |
152 | ||
153 | :: | |
154 | ||
42fc5d26 QY |
155 | ! |
156 | router rip | |
157 | network 10.0.0.0/8 | |
158 | network eth0 | |
159 | ! | |
42fc5d26 QY |
160 | |
161 | ||
162 | Passive interface | |
163 | ||
164 | .. index:: {RIP command} {passive-interface (`IFNAME`|default)} {} | |
165 | ||
166 | {RIP command} {passive-interface (`IFNAME`|default)} {} | |
167 | .. index:: {RIP command} {no passive-interface `IFNAME`} {} | |
168 | ||
169 | {RIP command} {no passive-interface `IFNAME`} {} | |
170 | This command sets the specified interface to passive mode. On passive mode | |
171 | interface, all receiving packets are processed as normal and ripd does | |
172 | not send either multicast or unicast RIP packets except to RIP neighbors | |
173 | specified with `neighbor` command. The interface may be specified | |
174 | as `default` to make ripd default to passive on all interfaces. | |
175 | ||
176 | The default is to be passive on all interfaces. | |
177 | ||
178 | RIP split-horizon | |
179 | ||
180 | .. index:: {Interface command} {ip split-horizon} {} | |
181 | ||
182 | {Interface command} {ip split-horizon} {} | |
183 | .. index:: {Interface command} {no ip split-horizon} {} | |
184 | ||
185 | {Interface command} {no ip split-horizon} {} | |
186 | Control split-horizon on the interface. Default is `ip split-horizon`. If you don't perform split-horizon on the interface, | |
187 | please specify `no ip split-horizon`. | |
188 | ||
189 | .. _RIP_Version_Control: | |
190 | ||
191 | RIP Version Control | |
192 | =================== | |
193 | ||
194 | RIP can be configured to send either Version 1 or Version 2 packets. | |
195 | The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and | |
196 | replying with packets of the appropriate version for REQUESTS / | |
197 | triggered updates). The version to receive and send can be specified | |
198 | globally, and further overriden on a per-interface basis if needs be | |
199 | for send and receive seperately (see below). | |
200 | ||
201 | It is important to note that RIPv1 can not be authenticated. Further, | |
202 | if RIPv1 is enabled then RIP will reply to REQUEST packets, sending the | |
203 | state of its RIP routing table to any remote routers that ask on | |
204 | demand. For a more detailed discussion on the security implications of | |
205 | RIPv1 see :ref:`RIP_Authentication`. | |
206 | ||
207 | .. index:: {RIP Command} {version `version`} {} | |
208 | ||
209 | {RIP Command} {version `version`} {} | |
210 | Set RIP version to accept for reads and send. `version` | |
211 | can be either `1'' or `2''. | |
212 | ||
213 | Disabling RIPv1 by specifying version 2 is STRONGLY encouraged, | |
214 | :ref:`RIP_Authentication`. This may become the default in a future | |
215 | release. | |
216 | ||
217 | Default: Send Version 2, and accept either version. | |
218 | ||
219 | .. index:: {RIP Command} {no version} {} | |
220 | ||
221 | {RIP Command} {no version} {} | |
222 | Reset the global version setting back to the default. | |
223 | ||
224 | .. index:: {Interface command} {ip rip send version `version`} {} | |
225 | ||
226 | {Interface command} {ip rip send version `version`} {} | |
227 | `version` can be `1', `2' or `1 2'. | |
228 | ||
229 | This interface command overrides the global rip version setting, and | |
230 | selects which version of RIP to send packets with, for this interface | |
231 | specifically. Choice of RIP Version 1, RIP Version 2, or both versions. | |
232 | In the latter case, where `1 2' is specified, packets will be both | |
233 | broadcast and multicast. | |
234 | ||
235 | Default: Send packets according to the global version (version 2) | |
236 | ||
237 | .. index:: {Interface command} {ip rip receive version `version`} {} | |
238 | ||
239 | {Interface command} {ip rip receive version `version`} {} | |
240 | `version` can be `1', `2' or `1 2'. | |
241 | ||
242 | This interface command overrides the global rip version setting, and | |
243 | selects which versions of RIP packets will be accepted on this | |
244 | interface. Choice of RIP Version 1, RIP Version 2, or both. | |
245 | ||
246 | Default: Accept packets according to the global setting (both 1 and 2). | |
247 | ||
248 | .. _How_to_Announce_RIP_route: | |
249 | ||
250 | How to Announce RIP route | |
251 | ========================= | |
252 | ||
253 | .. index:: {RIP command} {redistribute kernel} {} | |
254 | ||
255 | {RIP command} {redistribute kernel} {} | |
256 | .. index:: {RIP command} {redistribute kernel metric <0-16>} {} | |
257 | ||
258 | {RIP command} {redistribute kernel metric <0-16>} {} | |
259 | .. index:: {RIP command} {redistribute kernel route-map `route-map`} {} | |
260 | ||
261 | {RIP command} {redistribute kernel route-map `route-map`} {} | |
262 | .. index:: {RIP command} {no redistribute kernel} {} | |
263 | ||
264 | {RIP command} {no redistribute kernel} {} | |
265 | `redistribute kernel` redistributes routing information from | |
266 | kernel route entries into the RIP tables. `no redistribute kernel` | |
267 | disables the routes. | |
268 | ||
269 | .. index:: {RIP command} {redistribute static} {} | |
270 | ||
271 | {RIP command} {redistribute static} {} | |
272 | .. index:: {RIP command} {redistribute static metric <0-16>} {} | |
273 | ||
274 | {RIP command} {redistribute static metric <0-16>} {} | |
275 | .. index:: {RIP command} {redistribute static route-map `route-map`} {} | |
276 | ||
277 | {RIP command} {redistribute static route-map `route-map`} {} | |
278 | .. index:: {RIP command} {no redistribute static} {} | |
279 | ||
280 | {RIP command} {no redistribute static} {} | |
281 | `redistribute static` redistributes routing information from | |
282 | static route entries into the RIP tables. `no redistribute static` | |
283 | disables the routes. | |
284 | ||
285 | .. index:: {RIP command} {redistribute connected} {} | |
286 | ||
287 | {RIP command} {redistribute connected} {} | |
288 | .. index:: {RIP command} {redistribute connected metric <0-16>} {} | |
289 | ||
290 | {RIP command} {redistribute connected metric <0-16>} {} | |
291 | .. index:: {RIP command} {redistribute connected route-map `route-map`} {} | |
292 | ||
293 | {RIP command} {redistribute connected route-map `route-map`} {} | |
294 | .. index:: {RIP command} {no redistribute connected} {} | |
295 | ||
296 | {RIP command} {no redistribute connected} {} | |
297 | Redistribute connected routes into the RIP tables. `no redistribute connected` disables the connected routes in the RIP tables. | |
298 | This command redistribute connected of the interface which RIP disabled. | |
299 | The connected route on RIP enabled interface is announced by default. | |
300 | ||
301 | .. index:: {RIP command} {redistribute ospf} {} | |
302 | ||
303 | {RIP command} {redistribute ospf} {} | |
304 | .. index:: {RIP command} {redistribute ospf metric <0-16>} {} | |
305 | ||
306 | {RIP command} {redistribute ospf metric <0-16>} {} | |
307 | .. index:: {RIP command} {redistribute ospf route-map `route-map`} {} | |
308 | ||
309 | {RIP command} {redistribute ospf route-map `route-map`} {} | |
310 | .. index:: {RIP command} {no redistribute ospf} {} | |
311 | ||
312 | {RIP command} {no redistribute ospf} {} | |
313 | `redistribute ospf` redistributes routing information from | |
314 | ospf route entries into the RIP tables. `no redistribute ospf` | |
315 | disables the routes. | |
316 | ||
317 | .. index:: {RIP command} {redistribute bgp} {} | |
318 | ||
319 | {RIP command} {redistribute bgp} {} | |
320 | .. index:: {RIP command} {redistribute bgp metric <0-16>} {} | |
321 | ||
322 | {RIP command} {redistribute bgp metric <0-16>} {} | |
323 | .. index:: {RIP command} {redistribute bgp route-map `route-map`} {} | |
324 | ||
325 | {RIP command} {redistribute bgp route-map `route-map`} {} | |
326 | .. index:: {RIP command} {no redistribute bgp} {} | |
327 | ||
328 | {RIP command} {no redistribute bgp} {} | |
329 | `redistribute bgp` redistributes routing information from | |
330 | bgp route entries into the RIP tables. `no redistribute bgp` | |
331 | disables the routes. | |
332 | ||
333 | If you want to specify RIP only static routes: | |
334 | ||
335 | .. index:: {RIP command} {default-information originate} {} | |
336 | ||
337 | {RIP command} {default-information originate} {} | |
338 | .. index:: {RIP command} {route `a.b.c.d/m`} {} | |
339 | ||
340 | {RIP command} {route `a.b.c.d/m`} {} | |
341 | .. index:: {RIP command} {no route `a.b.c.d/m`} {} | |
342 | ||
343 | {RIP command} {no route `a.b.c.d/m`} {} | |
dc1046f7 | 344 | This command is specific to FRR. The `route` command makes a static |
42fc5d26 QY |
345 | route only inside RIP. This command should be used only by advanced |
346 | users who are particularly knowledgeable about the RIP protocol. In | |
dc1046f7 | 347 | most cases, we recommend creating a static route in FRR and |
42fc5d26 QY |
348 | redistributing it in RIP using `redistribute static`. |
349 | ||
350 | .. _Filtering_RIP_Routes: | |
351 | ||
352 | Filtering RIP Routes | |
353 | ==================== | |
354 | ||
355 | RIP routes can be filtered by a distribute-list. | |
356 | ||
357 | .. index:: Command {distribute-list `access_list` `direct` `ifname`} {} | |
358 | ||
359 | Command {distribute-list `access_list` `direct` `ifname`} {} | |
360 | You can apply access lists to the interface with a `distribute-list` | |
361 | command. `access_list` is the access list name. `direct` is | |
8fa64b2a | 362 | ``in`` or ``out``. If `direct` is ``in`` the access list |
42fc5d26 QY |
363 | is applied to input packets. |
364 | ||
365 | The `distribute-list` command can be used to filter the RIP path. | |
366 | `distribute-list` can apply access-lists to a chosen interface. | |
367 | First, one should specify the access-list. Next, the name of the | |
368 | access-list is used in the distribute-list command. For example, in the | |
8fa64b2a | 369 | following configuration ``eth0`` will permit only the paths that |
42fc5d26 QY |
370 | match the route 10.0.0.0/8 |
371 | ||
372 | :: | |
373 | ||
42fc5d26 QY |
374 | ! |
375 | router rip | |
376 | distribute-list private in eth0 | |
377 | ! | |
378 | access-list private permit 10 10.0.0.0/8 | |
379 | access-list private deny any | |
380 | ! | |
42fc5d26 QY |
381 | |
382 | ||
383 | `distribute-list` can be applied to both incoming and outgoing data. | |
384 | ||
385 | .. index:: Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {} | |
386 | ||
387 | Command {distribute-list prefix `prefix_list` (in|out) `ifname`} {} | |
388 | You can apply prefix lists to the interface with a | |
389 | `distribute-list` command. `prefix_list` is the prefix list | |
8fa64b2a QY |
390 | name. Next is the direction of ``in`` or ``out``. If |
391 | `direct` is ``in`` the access list is applied to input packets. | |
42fc5d26 QY |
392 | |
393 | .. _RIP_Metric_Manipulation: | |
394 | ||
395 | RIP Metric Manipulation | |
396 | ======================= | |
397 | ||
398 | RIP metric is a value for distance for the network. Usually | |
399 | *ripd* increment the metric when the network information is | |
400 | received. Redistributed routes' metric is set to 1. | |
401 | ||
402 | .. index:: {RIP command} {default-metric <1-16>} {} | |
403 | ||
404 | {RIP command} {default-metric <1-16>} {} | |
405 | .. index:: {RIP command} {no default-metric <1-16>} {} | |
406 | ||
407 | {RIP command} {no default-metric <1-16>} {} | |
408 | This command modifies the default metric value for redistributed routes. The | |
409 | default value is 1. This command does not affect connected route | |
410 | even if it is redistributed by *redistribute connected*. To modify | |
411 | connected route's metric value, please use @command{redistribute | |
412 | connected metric} or *route-map*. *offset-list* also | |
413 | affects connected routes. | |
414 | ||
415 | .. index:: {RIP command} {offset-list `access-list` (in|out)} {} | |
416 | ||
417 | {RIP command} {offset-list `access-list` (in|out)} {} | |
418 | .. index:: {RIP command} {offset-list `access-list` (in|out) `ifname`} {} | |
419 | ||
420 | {RIP command} {offset-list `access-list` (in|out) `ifname`} {} | |
421 | ||
422 | .. _RIP_distance: | |
423 | ||
424 | RIP distance | |
425 | ============ | |
426 | ||
427 | Distance value is used in zebra daemon. Default RIP distance is 120. | |
428 | ||
429 | .. index:: {RIP command} {distance <1-255>} {} | |
430 | ||
431 | {RIP command} {distance <1-255>} {} | |
432 | .. index:: {RIP command} {no distance <1-255>} {} | |
433 | ||
434 | {RIP command} {no distance <1-255>} {} | |
435 | Set default RIP distance to specified value. | |
436 | ||
437 | .. index:: {RIP command} {distance <1-255> `A.B.C.D/M`} {} | |
438 | ||
439 | {RIP command} {distance <1-255> `A.B.C.D/M`} {} | |
440 | .. index:: {RIP command} {no distance <1-255> `A.B.C.D/M`} {} | |
441 | ||
442 | {RIP command} {no distance <1-255> `A.B.C.D/M`} {} | |
443 | Set default RIP distance to specified value when the route's source IP | |
444 | address matches the specified prefix. | |
445 | ||
446 | .. index:: {RIP command} {distance <1-255> `A.B.C.D/M` `access-list`} {} | |
447 | ||
448 | {RIP command} {distance <1-255> `A.B.C.D/M` `access-list`} {} | |
449 | .. index:: {RIP command} {no distance <1-255> `A.B.C.D/M` `access-list`} {} | |
450 | ||
451 | {RIP command} {no distance <1-255> `A.B.C.D/M` `access-list`} {} | |
452 | Set default RIP distance to specified value when the route's source IP | |
453 | address matches the specified prefix and the specified access-list. | |
454 | ||
455 | .. _RIP_route-map: | |
456 | ||
457 | RIP route-map | |
458 | ============= | |
459 | ||
460 | Usage of *ripd*'s route-map support. | |
461 | ||
462 | Optional argument route-map MAP_NAME can be added to each `redistribute` | |
463 | statement. | |
464 | ||
465 | :: | |
466 | ||
467 | redistribute static [route-map MAP_NAME] | |
468 | redistribute connected [route-map MAP_NAME] | |
469 | ..... | |
470 | ||
471 | ||
472 | Cisco applies route-map _before_ routes will exported to rip route table. | |
dc1046f7 | 473 | In current FRR's test implementation, *ripd* applies route-map |
42fc5d26 QY |
474 | after routes are listed in the route table and before routes will be |
475 | announced to an interface (something like output filter). I think it is not | |
476 | so clear, but it is draft and it may be changed at future. | |
477 | ||
478 | Route-map statement (:ref:`Route_Map`) is needed to use route-map | |
479 | functionality. | |
480 | ||
481 | .. index:: {Route Map} {match interface `word`} {} | |
482 | ||
483 | {Route Map} {match interface `word`} {} | |
484 | This command match to incoming interface. Notation of this match is | |
485 | different from Cisco. Cisco uses a list of interfaces - NAME1 NAME2 | |
486 | ... NAMEN. Ripd allows only one name (maybe will change in the | |
487 | future). Next - Cisco means interface which includes next-hop of | |
488 | routes (it is somewhat similar to "ip next-hop" statement). Ripd | |
489 | means interface where this route will be sent. This difference is | |
490 | because "next-hop" of same routes which sends to different interfaces | |
491 | must be different. Maybe it'd be better to made new matches - say | |
492 | "match interface-out NAME" or something like that. | |
493 | ||
494 | .. index:: {Route Map} {match ip address `word`} {} | |
495 | ||
496 | {Route Map} {match ip address `word`} {} | |
497 | .. index:: {Route Map} {match ip address prefix-list `word`} {} | |
498 | ||
499 | {Route Map} {match ip address prefix-list `word`} {} | |
500 | Match if route destination is permitted by access-list. | |
501 | ||
502 | .. index:: {Route Map} {match ip next-hop `word`} {} | |
503 | ||
504 | {Route Map} {match ip next-hop `word`} {} | |
505 | .. index:: {Route Map} {match ip next-hop prefix-list `word`} {} | |
506 | ||
507 | {Route Map} {match ip next-hop prefix-list `word`} {} | |
508 | Match if route next-hop (meaning next-hop listed in the rip route-table | |
509 | as displayed by "show ip rip") is permitted by access-list. | |
510 | ||
511 | .. index:: {Route Map} {match metric <0-4294967295>} {} | |
512 | ||
513 | {Route Map} {match metric <0-4294967295>} {} | |
514 | This command match to the metric value of RIP updates. For other | |
515 | protocol compatibility metric range is shown as <0-4294967295>. But | |
516 | for RIP protocol only the value range <0-16> make sense. | |
517 | ||
518 | .. index:: {Route Map} {set ip next-hop A.B.C.D} {} | |
519 | ||
520 | {Route Map} {set ip next-hop A.B.C.D} {} | |
521 | This command set next hop value in RIPv2 protocol. This command does | |
522 | not affect RIPv1 because there is no next hop field in the packet. | |
523 | ||
524 | .. index:: {Route Map} {set metric <0-4294967295>} {} | |
525 | ||
526 | {Route Map} {set metric <0-4294967295>} {} | |
527 | Set a metric for matched route when sending announcement. The metric | |
528 | value range is very large for compatibility with other protocols. For | |
529 | RIP, valid metric values are from 1 to 16. | |
530 | ||
531 | .. _RIP_Authentication: | |
532 | ||
533 | RIP Authentication | |
534 | ================== | |
535 | ||
536 | RIPv2 allows packets to be authenticated via either an insecure plain | |
537 | text password, included with the packet, or via a more secure MD5 based | |
538 | @acronym{HMAC, keyed-Hashing for Message AuthentiCation}, | |
539 | RIPv1 can not be authenticated at all, thus when authentication is | |
540 | configured `ripd` will discard routing updates received via RIPv1 | |
541 | packets. | |
542 | ||
543 | However, unless RIPv1 reception is disabled entirely, | |
544 | :ref:`RIP_Version_Control`, RIPv1 REQUEST packets which are received, | |
545 | which query the router for routing information, will still be honoured | |
546 | by `ripd`, and `ripd` WILL reply to such packets. This allows | |
547 | `ripd` to honour such REQUESTs (which sometimes is used by old | |
548 | equipment and very simple devices to bootstrap their default route), | |
549 | while still providing security for route updates which are received. | |
550 | ||
551 | In short: Enabling authentication prevents routes being updated by | |
552 | unauthenticated remote routers, but still can allow routes (I.e. the | |
553 | entire RIP routing table) to be queried remotely, potentially by anyone | |
554 | on the internet, via RIPv1. | |
555 | ||
556 | To prevent such unauthenticated querying of routes disable RIPv1, | |
557 | :ref:`RIP_Version_Control`. | |
558 | ||
559 | .. index:: {Interface command} {ip rip authentication mode md5} {} | |
560 | ||
561 | {Interface command} {ip rip authentication mode md5} {} | |
562 | .. index:: {Interface command} {no ip rip authentication mode md5} {} | |
563 | ||
564 | {Interface command} {no ip rip authentication mode md5} {} | |
565 | Set the interface with RIPv2 MD5 authentication. | |
566 | ||
567 | .. index:: {Interface command} {ip rip authentication mode text} {} | |
568 | ||
569 | {Interface command} {ip rip authentication mode text} {} | |
570 | .. index:: {Interface command} {no ip rip authentication mode text} {} | |
571 | ||
572 | {Interface command} {no ip rip authentication mode text} {} | |
573 | Set the interface with RIPv2 simple password authentication. | |
574 | ||
575 | .. index:: {Interface command} {ip rip authentication string `string`} {} | |
576 | ||
577 | {Interface command} {ip rip authentication string `string`} {} | |
578 | .. index:: {Interface command} {no ip rip authentication string `string`} {} | |
579 | ||
580 | {Interface command} {no ip rip authentication string `string`} {} | |
581 | RIP version 2 has simple text authentication. This command sets | |
582 | authentication string. The string must be shorter than 16 characters. | |
583 | ||
584 | .. index:: {Interface command} {ip rip authentication key-chain `key-chain`} {} | |
585 | ||
586 | {Interface command} {ip rip authentication key-chain `key-chain`} {} | |
587 | .. index:: {Interface command} {no ip rip authentication key-chain `key-chain`} {} | |
588 | ||
589 | {Interface command} {no ip rip authentication key-chain `key-chain`} {} | |
590 | Specifiy Keyed MD5 chain. | |
591 | ||
592 | :: | |
593 | ||
594 | ! | |
595 | key chain test | |
596 | key 1 | |
597 | key-string test | |
598 | ! | |
599 | interface eth1 | |
600 | ip rip authentication mode md5 | |
601 | ip rip authentication key-chain test | |
602 | ! | |
603 | ||
604 | ||
605 | .. _RIP_Timers: | |
606 | ||
607 | RIP Timers | |
608 | ========== | |
609 | ||
610 | .. index:: {RIP command} {timers basic `update` `timeout` `garbage`} {} | |
611 | ||
612 | {RIP command} {timers basic `update` `timeout` `garbage`} {} | |
613 | ||
614 | RIP protocol has several timers. User can configure those timers' values | |
615 | by `timers basic` command. | |
616 | ||
617 | The default settings for the timers are as follows: | |
618 | ||
619 | ||
620 | `` | |
621 | The update timer is 30 seconds. Every update timer seconds, the RIP | |
622 | process is awakened to send an unsolicited Response message containing | |
623 | the complete routing table to all neighboring RIP routers. | |
624 | ||
625 | ||
626 | `` | |
627 | The timeout timer is 180 seconds. Upon expiration of the timeout, the | |
628 | route is no longer valid; however, it is retained in the routing table | |
629 | for a short time so that neighbors can be notified that the route has | |
630 | been dropped. | |
631 | ||
632 | ||
633 | `` | |
634 | The garbage collect timer is 120 seconds. Upon expiration of the | |
635 | garbage-collection timer, the route is finally removed from the routing | |
636 | table. | |
637 | ||
638 | ||
639 | The `timers basic` command allows the the default values of the timers | |
640 | listed above to be changed. | |
641 | ||
642 | .. index:: {RIP command} {no timers basic} {} | |
643 | ||
644 | {RIP command} {no timers basic} {} | |
645 | The `no timers basic` command will reset the timers to the default | |
646 | settings listed above. | |
647 | ||
648 | .. _Show_RIP_Information: | |
649 | ||
650 | Show RIP Information | |
651 | ==================== | |
652 | ||
653 | To display RIP routes. | |
654 | ||
655 | .. index:: Command {show ip rip} {} | |
656 | ||
657 | Command {show ip rip} {} | |
658 | Show RIP routes. | |
659 | ||
660 | The command displays all RIP routes. For routes that are received | |
661 | through RIP, this command will display the time the packet was sent and | |
662 | the tag information. This command will also display this information | |
663 | for routes redistributed into RIP. | |
664 | ||
665 | .. index:: Command {show ip rip status} {} | |
666 | ||
667 | Command {show ip rip status} {} | |
668 | The command displays current RIP status. It includes RIP timer, | |
669 | filtering, version, RIP enabled interface and RIP peer inforation. | |
670 | ||
671 | :: | |
672 | ||
42fc5d26 QY |
673 | ripd> **show ip rip status** |
674 | Routing Protocol is "rip" | |
675 | Sending updates every 30 seconds with +/-50%, next due in 35 seconds | |
676 | Timeout after 180 seconds, garbage collect after 120 seconds | |
677 | Outgoing update filter list for all interface is not set | |
678 | Incoming update filter list for all interface is not set | |
679 | Default redistribution metric is 1 | |
680 | Redistributing: kernel connected | |
681 | Default version control: send version 2, receive version 2 | |
682 | Interface Send Recv | |
683 | Routing for Networks: | |
684 | eth0 | |
685 | eth1 | |
686 | 1.1.1.1 | |
687 | 203.181.89.241 | |
688 | Routing Information Sources: | |
689 | Gateway BadPackets BadRoutes Distance Last Update | |
42fc5d26 QY |
690 | |
691 | ||
692 | RIP Debug Commands | |
693 | ================== | |
694 | ||
695 | Debug for RIP protocol. | |
696 | ||
697 | .. index:: Command {debug rip events} {} | |
698 | ||
699 | Command {debug rip events} {} | |
700 | Debug rip events. | |
701 | ||
702 | `debug rip` will show RIP events. Sending and receiving | |
703 | packets, timers, and changes in interfaces are events shown with *ripd*. | |
704 | ||
705 | .. index:: Command {debug rip packet} {} | |
706 | ||
707 | Command {debug rip packet} {} | |
708 | Debug rip packet. | |
709 | ||
710 | `debug rip packet` will display detailed information about the RIP | |
711 | packets. The origin and port number of the packet as well as a packet | |
712 | dump is shown. | |
713 | ||
714 | .. index:: Command {debug rip zebra} {} | |
715 | ||
716 | Command {debug rip zebra} {} | |
717 | Debug rip between zebra communication. | |
718 | ||
719 | This command will show the communication between *ripd* and | |
720 | *zebra*. The main information will include addition and deletion of | |
721 | paths to the kernel and the sending and receiving of interface information. | |
722 | ||
723 | .. index:: Command {show debugging rip} {} | |
724 | ||
725 | Command {show debugging rip} {} | |
726 | Display *ripd*'s debugging option. | |
727 | ||
728 | `show debugging rip` will show all information currently set for ripd | |
729 | debug. | |
730 |