420 likes | 736 Views
RIP V2 . W.lilakiatsakun. RIP V2 . RFC 2453 (obsoletes –RFC 1723 /1388) Extension of RIP v1 (Classful routing protocol) Classless routing protocol VLSM is supported Subnet mask included in the routing updates Next-hop addresses included in the routing updates
E N D
RIP V2 W.lilakiatsakun
RIP V2 • RFC 2453 (obsoletes –RFC 1723 /1388) • Extension of RIP v1 (Classful routing protocol) • Classless routing protocol • VLSM is supported • Subnet mask included in the routing updates • Next-hop addresses included in the routing updates • Use of multicast addresses in sending updates • Authentication option available
RIP V2 & V1 • Use of holddown and other timers to help prevent routing loops. • Use of split horizon or split horizon with poison reverse to also help prevent routing loops. • Use of triggered updates when there is a change in the topology for faster convergence. • Maximum hop count limit of 15 hops, with the hop count of 16 signifying an unreachable network.
Problems • R1 cannot ping to network 172.30.100.0 • R3 cannot ping to network 172.30.1.0 • R2 can partially ping to network 172.30.1.0 and 172.30.100.0
NO VLSM supported • RIPv1 either summarizes the subnets to the classful boundary or uses the subnet mask of the outgoing interface to determine which subnets to advertise.
Because … • RIPv1 and other classful routing protocols cannot support CIDR routes that are summarized routes with a smaller subnet mask than the classful mask of the route. • RIPv1 ignores these supernets in the routing table and does not include them in updates to other routers. • This is because the receiving router would only be able to apply the larger classful mask to the update and not the shorter /16 mask.
RIP V2 • RIPv2 is encapsulated in a UDP segment using port 520 and can carry up to 25 routes. • 3 extensions are added. • The subnet mask field • The Next Hop address • The Route Tag
The subnet mask field • Allow a 32 bit mask to be included in the RIP route entry. • As a result, the receiving router no longer depends upon • the subnet mask of the inbound interface or • the classful mask when determining the subnet mask for a route.
Next hop Address • The Next Hop address is used to identify a better next-hop address - if one exists - than the address of the sending router. • If the field is set to all zeros (0.0.0.0), the address of the sending router is the best next-hop address. • The purpose of the Next Hop field is to eliminate packets being routed through extra hops in the system. • It is particularly useful when RIP is not being run on all of the routers on a network.
Route Tag • To provide a method of separating "internal" RIP routes (routes for networks within the RIP routing domain) from "external" RIP routes, which may have been imported from an EGP or another IGP • Routers supporting protocols other than RIP should be configurable to allow the Route Tag to be configured for routes imported from different sources • It is either set to an arbitrary value, or at least to the number of the Autonomous System
Troubleshooting • Version : misconfiguration • Network Statements: incorrect or missing network statements. • The network statement does two things: • It enables the routing protocol to send and receive updates on any local interfaces that belong to that network. • It includes that network in its routing updates to its neighboring routers. • A missing or incorrect network statement will result in missed routing updates and routing updates not being sent or received on an interface. • Automatic Summarization • If there is a need or expectation for sending specific subnets and not just summarized routes, make sure that automatic summarization has been disabled.
Authentication • A security concern of any routing protocol is the possibility of accepting invalid routing updates. • The source of these invalid routing updates could be an attacker maliciously attempting to disrupt the network or trying to capture packets by tricking the router into sending its updates to the wrong destination. • Another source of invalid updates could be a misconfigured router.
For example, in the figure, R1 is propagating a default route to all other routers in this routing domain. • However, someone has mistakenly added router R4 to the network, which is also propagating a default route. • Some of the routers may forward default traffic to R4 instead of to the real gateway router, R1. • These packets could be "black holed" and never seen again.
RIPv2, EIGRP, OSPF, IS-IS, and BGP can be configured to authenticate routing information. • This practice ensures routers will only accept routing information from other routers that have been configured with the same password or authentication information. • Note: Authentication does not encrypt the routing table.
RIPV2 Authentication (1) • The authentication scheme for RIP version 2 will use the space of an entire RIP entry. • If the Address Family Identifier of the first (and • only the first) entry in the message is 0xFFFF, then the remainder of the entry contains the authentication. • This means that there can be at most, 24 RIP entries in the remainder of the message.
RIPV2 Authentication (2) • Currently, the only Authentication Type is simple password and it is type 2 • The remaining 16 octets contain the plain text password. • If the password is under 16 octets, it must be left-justified and padded to the right with nulls (0x00).
RIPV2 Authentication (3) • If the router is not configured to authenticate RIP-2 messages, then • RIP-1 and unauthenticated RIP-2 messages will be accepted; • authenticated RIP-2 messages shall be discarded. • If the router is configured to authenticate RIP-2 messages, then • RIP-1 messages and RIP-2 messages which pass authentication testing shall be accepted; • unauthenticated and failed authentication RIP-2 messages shall be discarded.
RIPV2 Authentication (4) • For maximum security, RIP- 1 messages should be ignored when authentication is in use otherwise, • The routing information from authenticated messages will be propagated by RIP-1 routers in an unauthenticated manner. • Since an authentication entry is marked with an Address Family • Identifier of 0xFFFF, a RIP-1 system would ignore this entry since it would belong to an address family other than IP.