Advanced RIP configuration

Today I wll begin with labbing and blogging my lab experiences. The reason for that is, that i want to document my own experiences and get the “i did this once on a lab”-effect to review things I will forget. (to forget is one of the most important abilities oh a human being did you know that?).

Ok today I wanna start with some RIP routing.

Here´s the Challenge:

1. We have Two Routers (R1 and R2 directly connected to each other via FastEthernet). Each one of the Routers has a loopback IP-address (see picture)

2. Enable RIPv2 between the routers.

3. Configure MD5 authentication for exchanging routing tables.

4. Configure the following RIP-Paramters:

Update: 1min,     Invalid: 5min,     Hold-Down: 4min,      Flush: 5min

5. Between every routing Update there should be at least 25msec delay.

6. Explain why one would insert such a delay?

7. On router R2 there is another Interface connected to a third router. Make sure that RIP is not enabled on that interface.

So lets begin with the solution of the challenge:

1. Well I think there´s nothing to do except to configure your GNS3 or Home-Lab setup to gain the right start-up configuration.

R1:

R1(config-if)#int fa0/0
R1(config-if)#ip address 172.16.21.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#int lo0
R1(config-if)#ip address 1.1.1.1 255.255.255.255

R2(config)#int fa0/0
R2(config-if)#ip address 172.16.21.2 255.255.255.252
R2(config-if)#no shut
R2(config-if)#int lo0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#int fa0/1
R2(config-if)#ip address 172.16.32.1 255.255.255.252
R2(config-if)#no shut

R3(config)#int fa0/0
R3(config-if)#ip address 172.16.32.2 255.255.255.252
R3(config-if)#no shut
R3(config-if)#int lo0
R3(config-if)#ip address 3.3.3.3 255.255.255.255

So thats the if-configuration we need for basic connectivity. With “ping” we can now check the reachability of the p2p-links. now lets go to the challenge step 2). We need to activate RIPv2. Because we have classless ip addresses in use, we actually need to configure “no auto-summary” an “version 2” under the RIP process.

R1(config-if)#router rip
R1(config-router)#no auto-summary
R1(config-router)#version 2
R1(config-router)#network 172.16.21.0
R1(config-router)#network 1.1.1.1

R2(config)#router rip
R2(config-router)#no auto-summary
R2(config-router)#version 2
R2(config-router)#network 172.16.21.0
R2(config-router)#network 172.16.32.0

R3(config)#router rip
R3(config-router)#no auto-summary
R3(config-router)#version 2
R3(config-router)#network 172.16.32.0
R3(config-router)#network 3.3.3.3

 

Rip should now be active and working. Every Router should see the loopback of all the other routers. Lets check that by viewing the RIP database and the routing table of R1.
R1#sh ip rip database
1.0.0.0/8    auto-summary
1.1.1.1/32    directly connected, Loopback0
2.0.0.0/8    auto-summary
2.2.2.2/32
[1] via 172.16.21.2, 00:00:15, FastEthernet0/0
3.0.0.0/8    auto-summary
3.3.3.3/32
[2] via 172.16.21.2, 00:00:15, FastEthernet0/0
172.16.0.0/16    auto-summary
172.16.21.0/30    directly connected, FastEthernet0/0
172.16.32.0/30
[1] via 172.16.21.2, 00:00:15, FastEthernet0/0
R1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 172.16.21.2, 00:00:18, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
R       3.3.3.3 [120/2] via 172.16.21.2, 00:00:18, FastEthernet0/0
172.16.0.0/30 is subnetted, 2 subnets
R       172.16.32.0 [120/1] via 172.16.21.2, 00:00:18, FastEthernet0/0
C       172.16.21.0 is directly connected, FastEthernet0/0

As we can see. The loopbacks of R2 and R3 are in the routing table and so theyare recieved via RIP. In the RIP databse we can see, that our Interface fa0/0 and lo0 are participating in the RIP-process because they are listed there. If there was no “network 1.1.1.1” command then the Lo0 would not be written into the RIP database.

So lets head over to step 3) of the challenge. We need to enable authentication in the whole RIP domain. Authentication is also only available in RIP version 2, its not included in version 1! We have two choices to do the authentication. Plain-Text mode and Md5 mode. Here we will use Md5 mode.
First of all you can take a look into the RIP process in configure mode. You will not see anythin looking like authentication. Well tahts right, because authentication with RIP is done under the interfaces themselves. So lets go to the interfaces and check the command we need to configure.

R1(config-if)#int fa0/0
R1(config-if)#ip rip authentication mode md5

R2(config)#int fa0/0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#int fa0/1
R2(config-if)#ip rip authentication mode md5

R3(config-if)#int fa0/0
R3(config-if)#ip rip authentication mode md5

So I guess thats it, we configured MD5 authentication mode, BUT we have no pre-shared keys configured? So the routing will still be alive, as at this point of time no authenticastion will occur concerning RIP. Authentication will then occur when we configured the keys on both sides. Lets do this now.
Within RIP and EIGRP we work with so called “key-chains”. These key-chains contain (hey who guessed *G*) the keys that are used for authentication. Now here is how to configure them:

R1(config)#key chain KEY-CHAIN-R1-TO-R2
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string keyforrouter1and2

R2(config)#key chain KEY-CHAIN-R1-TO-R2
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string keyforrouter1and2
R2(config)#key chain KEY-CHAIN-R2-TO-R3
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string keyforrouter2and3

R3(config)#key chain KEY-CHAIN-R2-TO-R3
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string keyforrouter2and3

Now as you have configured the key-chains, we need to connect the key-chains, with the participating interfaces.

R1(config-if)#int fa0/0
R1(config-if)#ip rip authentication key-chain KEY-CHAIN-R1-TO-R2

Before we configure this to the interfaces on R2 lets, check the routing table on R2 to see if the routes of R1 are still in the table of R2. They should not be in there, because we now should have an authentication mismatch. R1 is using Md5 and R2 is not (because R2 has no key-chains connected to the proper interface):
Lets do first some debugging:

R2#debug ip rip events
RIP event debugging is on
R2#debug ip rip
RIP protocol debugging is on
R2#
*Mar  1 10:41:11.553: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (172.16.21.2)
*Mar  1 10:41:11.553: RIP: build update entries
*Mar  1 10:41:11.553:   2.2.2.2/32 via 0.0.0.0, metric 1, tag 0
*Mar  1 10:41:11.553:   3.3.3.3/32 via 0.0.0.0, metric 2, tag 0
*Mar  1 10:41:11.557:   172.16.32.0/30 via 0.0.0.0, metric 1, tag 0
*Mar  1 10:41:11.557: RIP: Update contains 3 routes
*Mar  1 10:41:11.557: RIP: Update queued
*Mar  1 10:41:11.557: RIP: Update sent via FastEthernet0/0
R2#
*Mar  1 10:41:16.813: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar  1 10:41:16.813: RIP: build update entries
*Mar  1 10:41:16.813:   1.1.1.1/32 via 0.0.0.0, metric 2, tag 0
*Mar  1 10:41:16.813:   3.3.3.3/32 via 0.0.0.0, metric 2, tag 0
*Mar  1 10:41:16.817:   172.16.21.0/30 via 0.0.0.0, metric 1, tag 0
*Mar  1 10:41:16.817:   172.16.32.0/30 via 0.0.0.0, metric 1, tag 0
*Mar  1 10:41:16.817: RIP: Update contains 4 routes
*Mar  1 10:41:16.817: RIP: Update queued
*Mar  1 10:41:16.817: RIP: Update sent via Loopback0
*Mar  1 10:41:16.821: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
R2#
*Mar  1 10:41:23.133: RIP: received v2 update from 172.16.32.2 on FastEthernet0/1
*Mar  1 10:41:23.133:      3.3.3.3/32 via 0.0.0.0 in 1 hops
*Mar  1 10:41:23.133: RIP: Update contains 1 routes
R2#
*Mar  1 10:41:27.385: RIP: ignored v2 packet from 172.16.21.1 (invalid authentication)

There it is…”ignored packet from 172.16.21.1″ (that is R1) because the authentication does not match.
Lets check that by looking up the routing table:

R2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
R       3.3.3.3 [120/1] via 172.16.32.2, 00:00:16, FastEthernet0/1
172.16.0.0/30 is subnetted, 2 subnets
C       172.16.32.0 is directly connected, FastEthernet0/1
C       172.16.21.0 is directly connected, FastEthernet0/0

Indeed the route has been gone. Then lets configure R2 and R3 to gain convergence again.

R2(config)#int fa0/0
R2(config-if)#ip rip authentication key-chain KEY-CHAIN-R1-TO-R2
R2(config)#int fa0/1
R2(config-if)#ip rip authentication key-chain KEY-CHAIN-R2-TO-R3

R3(config)#int fa0/0
R3(config-if)#ip rip authentication key-chain KEY-CHAIN-R2-TO-R3

Check the routing table of R2 again, to see if the configuration was successfully:

R2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
R       1.1.1.1 [120/1] via 172.16.21.1, 00:00:04, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
R       3.3.3.3 [120/1] via 172.16.32.2, 00:00:18, FastEthernet0/1
172.16.0.0/30 is subnetted, 2 subnets
C       172.16.32.0 is directly connected, FastEthernet0/1
C       172.16.21.0 is directly connected, FastEthernet0/0

Looks good :). Then lets go to step 4 of the challenge. We need to configure some TIMERS here…I wrote theword TIMERS in bold and capital letters because thats it :). This task is an easy one. But as it is easy to configure it might not be that easy to explain why to set those timers. Lets first check the configuration part. Go into the RIP process and hit the “?”. Well take a look at this…there is an entry called “timers” :). go into it and just enter the timers.

Here is the detailed Version:

R1(config)#router rip
R1(config-router)#timer
R1(config-router)#timers ?
basic  Basic routing protocol update timers

R1(config-router)#timers basic ?
<0-4294967295>  Interval between updates
R1(config-router)#timers basic 60 ?
<1-4294967295>  Invalid
R1(config-router)#timers basic 60 300 ?
<0-4294967295>  Holddown
R1(config-router)#timers basic 60 300 240 ?
<1-4294967295>  Flush
R1(config-router)#timers basic 60 300 240 300

Thats it. Configure this on the other both routers.

R2(config-router)#timers basic 60 300 240 300

R3(config-router)#timers basic 60 300 240 300

So let´s have a look at challenge part no 5)
Wo need to insert a delay between the routing updates. This means, when a router has learned 3 new networks by another source (i.e. OSPF, EIGRP and BGP), then it shall send the update for the first network as soon as it can, the second update shall be sent 25msec after the first one, and so on.
Now the configuration of this is an easy one.

R1(config)#router rip
R1(config-router)#output-delay 25

R2(config)#router rip
R2(config-router)#output-delay 25

R3(config)#router rip
R3(config-router)#output-delay 25

Going directly to step 6) we need to explain why one should insert such a delay. Well think of the following situation. For example you have high-performance router (i.e. C7609) and this one is connected via a serial link (2M/sec) to a good old C1603 router. Now the C7609 has multiple OSPF neighbors and EIGRP neighbors. Everythin connected to the router andy all the OSPF and EIGRP routes are redistributed (lets say 200 routes) into the RIP process. The OSPF and EIGRP neighbors go down, and then come up again. Now the 7609 will have no problem to send out the routing updates to its RIP neighbor at line speed (as fast as its possible). Well the 1603 then will get a ton of routing updates via the serial line. Well the router has to work on the routing updates, and the 1603 is not that powerful as the 7609 so the issue is that the low-performance router will have a big load on its cpu, which can cause other processes like packet processing, etc. to slow down or even crash (due to a 100% cpu load) in the worst case. By adding a delay between the routing updates, the low-performance router gets one routing update every 25msec, but in the meantime it has the possibility to work on the routing update for the time of the delay. The processing for the routing updates then is not as aggressive as before and the router can work more smooth.

Advertisements

About markus.wirth

Living near Limburg in Germany, working as a Network Engineer around Frankfurt am Main.
This entry was posted in RIP and tagged , , , , , , , . Bookmark the permalink.

One Response to Advanced RIP configuration

  1. Rakesh chandela says:

    Dear Markus,

    Explained very well. Thank a lot.. But I need more information on “*Mar 1 10:41:16.821: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)”. Why this is ignoring the V2 packet… Reply will be very much appreciated.

    Thanks and regards,
    Rakesh Chandela

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s