* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download RIP V1
Wireless security wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Network tap wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Airborne Networking wikipedia , lookup
RIP V1 W.lilakiatsakun RIP V1 characteristics • RIP is a distance vector routing protocol. • RIP uses hop count as its only metric for path selection. • Advertised routes with hop counts greater than 15 are unreachable. • Messages are broadcast every 30 seconds. RIP Message Format (1/2) • RIP Header • The Command field specifies the message type – request/reply • The Version field is set to 1 for RIP version 1. • The "Must be zero" fields provide room for future expansion of the protocol. RIP Message Format (2/2) • Route Entry • The route entry portion of the message includes three • • • • • fields with content: Address family identifier (set to 2 for IP unless a router is requesting a full routing table, in which case the field is set to zero), IP address, and Metric. This route entry portion represents one destination route with its associated metric. One RIP update can contain up to 25 route entries. The maximum datagram size is 504 bytes, not including the IP or UDP headers. RIP Operation (1/4) • RIP uses two message types specified in the Command field: Request message and Response message. • Each RIP-configured interface sends out a request message on startup, requesting that all RIP neighbors send their complete routing tables. • A response message is sent back by RIPenabled neighbors. RIP Operation (2/4) RIP Operation (3/4) RIP Operation (4/4) • When the requesting router receives the • • • responses, it evaluates each route entry. If a route entry is new, the receiving router installs the route in the routing table. If the route is already in the table, the existing entry is replaced if the new entry has a better hop count. The startup router then sends a triggered update out all RIP-enabled interfaces containing its own routing table so that RIP neighbors can be informed of any new routes. IP Address Classes and Classful Routing • IP addresses assigned to hosts were initially • • • • divided into 3 classes: class A, class B, and class C. RIP is a classful routing protocol. RIPv1 does not send subnet mask information in the update. Therefore, a router either uses the subnet mask configured on a local interface, or applies the default subnet mask based on the address class. Due to this limitation, RIPv1 networks cannot be discontiguous nor can they implement VLSM. Verifying Administrative Distance (1/3) Verifying Administrative Distance (2/3) Verifying Administrative Distance (3/3) Basic RIP Configuration Basic RIP Configuration Basic RIP Configuration : Enabling RIP Basic RIP Configuration : Specifying Networks (1/2) • Router(config-router)#network directlyconnected-classful-network-address • The network command: – Enables RIP on all interfaces that belong to a specific network. – Associated interfaces will now both send and receive RIP updates. – Advertises the specified network in RIP routing updates sent to other routers every 30 seconds. Basic RIP Configuration : Specifying Networks (2/2) Basic RIP Configuration : Verifying RIP (1/8) Basic RIP Configuration : Verifying RIP (2/3) Basic RIP Configuration : Verifying RIP (3/3) Troubleshooting : Debugging (1/3) Troubleshooting : Debugging (2/3) Troubleshooting : Debugging (3/3) RIP Topology: Scenario A Passive Interface (1/2) • R2 is sending updates out FastEthernet0/0 even • though no RIP device exists on that LAN. Impact on Sending out unneeded updates on a LAN: – Bandwidth is wasted transporting unnecessary updates. Because RIP updates are broadcast, switches will forward the updates out all ports. – All devices on the LAN must process the update up to the Transport layers, where the receiving device will discard the update. – Advertising updates on a broadcast network is a security risk. RIP updates can be intercepted with packet sniffing software. Routing updates can be modified and sent back to the router, corrupting the routing table with false metrics that misdirect traffic. Passive Interface (2/2) RIP Topology: Scenario B RIP Topology: Scenario B Boundary Router and Auto Summarization • RIP is a classful routing protocol that automatically summarizes classful networks across major network boundaries. – R2 has interfaces in more than one major classful network. This makes R2 a boundary router in RIP. – Serial 0/0/0 and FastEthernet 0/0 interfaces on R2 are both inside the 172.30.0.0 boundary. – The Serial 0/0/1 interface is inside the 192.168.4.0 boundary. Boundary Router and Auto Summarization Boundary Router and Auto Summarization • Because boundary routers summarize RIP subnets from one major network to the other, – updates for the 172.30.1.0, 172.30.2.0 and 172.30.3.0 networks will automatically be summarized into 172.30.0.0 when sent out R2's Serial 0/0/1 interface. Processing RIP Updates (1) • Rules for Processing RIPv1 Updates • If a routing update and the interface on which it is received belong to the same major network, the subnet mask of the interface is applied to the network in the routing update. • If a routing update and the interface on which it is received belong to different major networks, the classful subnet mask of the network is applied to the network in the routing update. Processing RIP Updates (2) Processing RIP Updates (3) • How does R2 know that this subnet has a /24 (255.255.255.0) subnet mask? It knows because: – R2 received this information on an interface that belongs to the same classful network (172.30.0.0) as that of the incoming 172.30.1.0 update. – The IP address for which R2 received the "172.30.1.0 in 1 hops" message was on Serial 0/0/0 with an IP address of 172.30.2.2 and a subnet mask of 255.255.255.0 (/24). – R2 uses its own subnet mask on this interface and applies it to this and all other 172.30.0.0 subnets that it receives on this interface - in this case, 172.30.1.0. Processing RIP Updates (4) Advantage of Automatic summarization • Smaller routing updates sent and received, which uses less bandwidth for routing updates between R2 and R3. – RIP sends out only a single update for the entire classful network instead of one for each of the different subnets. • R3 has a single route for the 172.30.0.0/16 network, regardless of how many subnets there are or how it is subnetted. Using a single route results in a faster lookup process in the routing table for R3. Disdvantage of Automatic summarization (1/6) • Notice that R1 and R3 both have subnets from • • the 172.30.0.0/16 major network, whereas R2 does not. Essentially, R1 and R3 are boundary routers for 172.30.0.0/16 because they are separated by another major network, 209.165.200.0/24. This separation creates a discontiguous network, as two groups of 172.30.0.0/24 subnets are separated by at least one other major network. 172.30.0.0/16 is a discontiguous network. Disdvantage of Automatic summarization (2/6) Disdvantage of Automatic summarization (3/6) • R1 does not have any routes to the LANs • • • attached to R3. R3 does not have any routes to the LANs attached to R1. R2 has two equal-cost paths to the 172.30.0.0 network. R2 will load balance traffic destined for any subnet of 172.30.0.0. – This means that R1 will get half of the traffic and R3 will get the other half of the traffic whether or not the destination of the traffic is for one of their LANs. Disdvantage of Automatic summarization (4/6) Disdvantage of Automatic summarization (5/6) Disdvantage of Automatic summarization (6/6) RIP Topology: Scenario C Default Route and RIP (1/4) Default Route and RIP (2/4) Default Route and RIP (3/4) • To provide Internet connectivity to all other networks in the RIP routing domain, the default static route needs to be advertised to all other routers that use the dynamic routing protocol. Default Route and RIP (4/4) RIP V2 W.lilakiatsakun RIP V2 • RFC 2453 (obsoletes –RFC 1723 /1388) • Extension of RIP v1 (Classful routing protocol) • Classless routing protocol – VLSM is supported • Subnet mask included in the routing updates • Next-hop addresses included in the routing • • updates Use of multicast addresses in sending updates Authentication option available RIP V2 & V1 • Use of holddown and other timers to help • • • prevent routing loops. Use of split horizon or split horizon with poison reverse to also help prevent routing loops. Use of triggered updates when there is a change in the topology for faster convergence. Maximum hop count limit of 15 hops, with the hop count of 16 signifying an unreachable network. RIP v1 Limitation (Discontiguous Address) Addressing scheme VLSM Private IP Problems • R1 cannot ping to network 172.30.100.0 • R3 cannot ping to network 172.30.1.0 • R2 can partially ping to network 172.30.1.0 and 172.30.100.0 RIP V1 message format R2 installs both paths in routing table R2 routing table NO VLSM supported • RIPv1 either summarizes the subnets to the classful boundary or uses the subnet mask of the outgoing interface to determine which subnets to advertise. No CIDR supported Static Routing configuration and Routing Table on R2 Because … • RIPv1 and other classful routing protocols • • cannot support CIDR routes that are summarized routes with a smaller subnet mask than the classful mask of the route. RIPv1 ignores these supernets in the routing table and does not include them in updates to other routers. This is because the receiving router would only be able to apply the larger classful mask to the update and not the shorter /16 mask. RIP V2 • RFC 1723 • RIPv2 is encapsulated in a UDP segment using port 520 and can carry up to 25 routes. • 3 extensions are added. – The subnet mask field – The Next Hop address – The Route Tag The subnet mask field • Allow a 32 bit mask to be included in the RIP route entry. • As a result, the receiving router no longer depends upon – the subnet mask of the inbound interface or – the classful mask when determining the subnet mask for a route. Next hop Address • The Next Hop address is used to identify a better • • next-hop address - if one exists - than the address of the sending router. If the field is set to all zeros (0.0.0.0), the address of the sending router is the best next-hop address. The purpose of the Next Hop field is to eliminate packets being routed through extra hops in the system. • It is particularly useful when RIP is not being run on all of the routers on a network. Route Tag • To provide a method of separating "internal" RIP routes (routes for networks within the RIP routing domain) from "external" RIP routes, which may have been imported from an EGP or another IGP • Routers supporting protocols other than RIP should be configurable to allow the Route Tag to be configured for routes imported from different sources • It is either set to an arbitrary value, or at least to the number of the Autonomous System RIP V2 configuration Auto-Summary and RIP V2 (1) Auto-Summary and RIP V2 (2) Auto-summary Auto-Summary and RIP V2 (3) Auto summary Redistribute Static Disabling Auto-summary RIP V2 and VLSM RIP V2 and VLSM RIP V2 and CIDR Troubleshooting • Version : misconfiguration • Network Statements: incorrect or missing network statements. – The network statement does two things: • It enables the routing protocol to send and receive updates on any local interfaces that belong to that network. • It includes that network in its routing updates to its neighboring routers. – A missing or incorrect network statement will result in missed routing updates and routing updates not being sent or received on an interface. • Automatic Summarization – If there is a need or expectation for sending specific subnets and not just summarized routes, make sure that automatic summarization has been disabled. Verifying RIP Authentication (1) • A security concern of any routing protocol is the possibility of accepting invalid routing updates. • The source of these invalid routing updates could be an attacker maliciously attempting to disrupt the network or trying to capture packets by tricking the router into sending its updates to the wrong destination. • Another source of invalid updates could be a misconfigured router. Authentication (2) Authentication (3) • For example, in the figure, R1 is propagating a • • • default route to all other routers in this routing domain. However, someone has mistakenly added router R4 to the network, which is also propagating a default route. Some of the routers may forward default traffic to R4 instead of to the real gateway router, R1. These packets could be "black holed" and never seen again. Authentication (4) • RIPv2, EIGRP, OSPF, IS-IS, and BGP can be configured to authenticate routing information. • This practice ensures routers will only accept routing information from other routers that have been configured with the same password or authentication information. • Note: Authentication does not encrypt the routing table. RIPV2 Authentication (1) • The authentication scheme for RIP version 2 will use the space of an entire RIP entry. • If the Address Family Identifier of the first (and only the first) entry in the message is 0xFFFF, then the remainder of the entry contains the authentication. • This means that there can be at most, 24 RIP entries in the remainder of the message. RIPV2 Authentication (2) • Currently, the only Authentication Type is simple password and it is type 2 • The remaining 16 octets contain the plain text password. • If the password is under 16 octets, it must be left-justified and padded to the right with nulls (0x00). RIPV2 Authentication (3) • If the router is not configured to authenticate RIP-2 messages, then – RIP-1 and unauthenticated RIP-2 messages will be accepted; – authenticated RIP-2 messages shall be discarded. • If the router is configured to authenticate RIP-2 messages, then – RIP-1 messages and RIP-2 messages which pass authentication testing shall be accepted; – unauthenticated and failed authentication RIP-2 messages shall be discarded. RIPV2 Authentication (4) • For maximum security, RIP- 1 messages should be ignored when authentication is in use otherwise, • The routing information from authenticated messages will be propagated by RIP-1 routers in an unauthenticated manner. • Since an authentication entry is marked with an Address Family • Identifier of 0xFFFF, a RIP-1 system would ignore this entry since it would belong to an address family other than IP. LAB –RIPV2 • CCNA2 – LAB 7.5.2