RIP is a standard protocol, but in this post, i want to introduce some knowledges relate to Junos OS
RIP is a dynamic routing protocol operates within a Routing Domain (IGP). It uses the distance vector algorithm to determine the best route to a destination. The distance is measured in hops, which is a number of router that a packet must pass to reach the destination. The best route is the route with the lowest of hops. In routing table, RIP maintains two informations:
- IP address of the destination network
- and the hop count (metric) to that destination.
RIP v1 routers exchange their routing information by broadcasting RIP route information every 30 minutes. RIP uses UDP packets for all transactions with port number 520
2.Routing loops in RIP
A problem of the most dynamic routing protocol is routing loop that provides the incorrect routing information. RIP uses two methods to control this problem:
-Split horizon: when a device receives the route advertisement on an interface, it will not readvertise back that information on the earlier interface.
In the figure above, Router Z advertises route 10.1.1.0/24 to router C and increases 1 in the metric. At this
time, router C knows that the metric to reach to 10.1.1.0 is 1. And
router C does not advertise this information back to router Z since
it received from router Z. And so on, router A and B receive
information from router C and increase the metric by 1 and again, do
not advertise back to router C.
-Poison reverse: when a RIP device
knows a route is no longer connected or reachable, it will
advertises that route with an infinite value of metric (16). With
this information, each RIP device treats that route is unreachable
and never advertise information about that route.
Junos software default supports all
above functions.
3.Limitations of RIP
-RIP can be used only in a small
network. Because the infinite of hops are 16.
-RIPv1 only uses classful routing. It
can not handle the subnet and mask informations
-RIPv1 only uses plain-text password
authentication which can be easily sniffed in the insecured network.
4.RIPv2
RIPv2 was developed to increase the
security in RIP. It supports CIDR and MD5 authentication. The
limitation of 15 hops was remained.
By default, Junos RIP only listens to
RIP updates. The router does not advertise the updates until you tell
it to do. This is done by setting up the routing policy.
5.Configuring RIP on Junos OS
I use Junos Olive running on VMware to emulate in this guide
5.1.Basic RIP configuration
Diagram:
Configuration on each router:
[edit protocols rip]
cuong@Jun1# show
group rip-group { <- define a rip group
export rip-policy; <- a routing policy to advertise RIP information
neighbor em1.0; <- interfaces take part in the routing
neighbor lo0.0;
}
// routing policy allows rip advertises information
[edit policy-options]
cuong@Jun1# show
policy-statement rip-group {
from protocol [ rip direct ]; <- all rip/direct routes
then accept; <-- all routes after from statement are allowed
}
[edit protocols rip]
cuong@Jun2# show
group rip-group {
export rip-policy;
neighbor em1.0;
neighbor em2.0;
}
[edit protocols rip]
cuong@Jun3# show
group rip-group {
export rip-policy;
neighbor em1.0;
neighbor lo0.0;
}
Results in each router:
cuong@Jun1> show route protocol
rip
inet.0: 9 destinations, 10 routes (9
active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, *
= Both
11.0.0.0/24 *[RIP/100]
00:06:53, metric 2, tag 0
> to 10.0.0.6
via em1.0
172.16.1.0/24 *[RIP/100]
00:06:02, metric 3, tag 0
> to 10.0.0.6
via em1.0
192.168.128.0/24 [RIP/100]
00:06:53, metric 2, tag 0
> to 10.0.0.6
via em1.0
224.0.0.9/32 *[RIP/100]
00:07:43, metric 1
MultiRecv
--
cuong@Jun2> show route protocol
rip
inet.0: 9 destinations, 10 routes (9
active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, *
= Both
172.16.1.0/24 *[RIP/100]
00:06:26, metric 2, tag 0
> to 11.0.0.6
via em2.0
192.168.2.0/24 *[RIP/100]
00:08:01, metric 2, tag 0
> to 10.0.0.5
via em1.0
192.168.128.0/24 [RIP/100]
00:08:01, metric 2, tag 0
to 10.0.0.5
via em1.0
> to 11.0.0.6
via em2.0
224.0.0.9/32 *[RIP/100]
00:07:17, metric 1
MultiRecv
--
cuong@Jun3> show route protocol
rip
inet.0: 9 destinations, 10 routes (9
active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, *
= Both
10.0.0.0/24 *[RIP/100]
00:07:36, metric 2, tag 0
> to 11.0.0.5
via em1.0
192.168.2.0/24 *[RIP/100]
00:08:23, metric 3, tag 0
> to 11.0.0.5
via em1.0
192.168.128.0/24 [RIP/100]
00:07:36, metric 2, tag 0
> to 11.0.0.5
via em1.0
224.0.0.9/32 *[RIP/100]
00:06:52, metric 1
MultiRecv
Testing routes
cuong@Jun1> ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1): 56
data bytes
64 bytes from 172.16.1.1: icmp_seq=0
ttl=63 time=0.598 ms
64 bytes from 172.16.1.1: icmp_seq=1
ttl=63 time=1.002 ms
64 bytes from 172.16.1.1: icmp_seq=2
ttl=63 time=1.017 ms
^C
--- 172.16.1.1 ping statistics ---
3 packets transmitted, 3 packets
received, 0% packet loss
round-trip min/avg/max/stddev =
0.598/0.872/1.017/0.194 ms
5.2.Enabling
authentication
Using two commands
to set authentication on RIP routers
[edit protocols rip]
set authentication-type md5 <--
md5 is a type of authentication, it encrypts the plain-text password
[edit protocols rip]
cuong@Jun3# set authentication-key
juniper <-- juniper is a key
(password), used for all RIP routers in network.
Configuration on
each router:
cuong@Jun1# set rip
authentication-type md5
[edit protocols]
cuong@Jun1# set rip
authentication-key juniper
[edit protocols]
cuong@Jun1# show
rip {
authentication-type md5;
authentication-key
"$9$R2AcrvxNboJDWLJDikTQEcy"; ## SECRET-DATA
group rip-group {
export rip-policy;
neighbor em1.0;
neighbor lo0.0;
}
}
--
cuong@Jun2# set authentication-type
md5
[edit protocols rip]
cuong@Jun2# set authentication-key
juniper
[edit protocols rip]
cuong@Jun2# show
authentication-type md5;
authentication-key
"$9$fQ390BEevLApvLxNY25QF"; ## SECRET-DATA
group rip-group {
export rip-policy;
neighbor em1.0;
neighbor em2.0;
}
--
cuong@Jun3# set authentication-type
md5
[edit protocols rip]
cuong@Jun3# set authentication-key
juniper
[edit protocols rip]
cuong@Jun3# show
authentication-type md5;
authentication-key
"$9$0DAq1EyM87s2alK2aZU.mO1R"; ## SECRET-DATA
group rip-group {
export rip-policy;
neighbor em1.0;
neighbor lo0.0;
}
No comments:
Post a Comment