RIP Distance Vector Routing Protocol

(Ananth Maruti M) #27

Hi Rene,

I have two queries

  1. You had mentioned “Route poisoning overrules split horizon” Can yoy just explain with an example?
  2. How actually the timers work. I am little confused between hold down and invalid timers?
0 Likes

(Maher H) #28

Hi Ananth,

1- We agreed that Split Horizon is a technique incorporated by distance vector routing protocols for avoiding routing loops by preventing the routing path to be sent/advertised back to the node from which the advertising router has received it.

In our example, Router Clubs will not accept any route update about its connected network from the neighbor router when using split horizon. When 3.3.3.3/24 is down, Router Clubs will send a route poison to other routers by assigning the metric of this particular network to 16. There should be a Poison Reverse to inform router Clubs that the Route Poison has reached the routers, and here happens the overruling on the split horizon , otherwise the Poison reverse will never reach Router Club if the split horizon is not overruled.

2- Rene has already given an explanation about the timer in this post, and I am copying it and paste it here:
Let’s say we have two routers:

R1-R2

R1 is advertising 1.1.1.0 /24 to R2.

Suddenly, R1 stops advertising RIP updates to R2.

At this moment, the invalid timer (180 seconds) and flush timer (240 seconds) start counting.

After 180 seconds, the route is considered invalid and the holddown timer will start (180 seconds). The route will remain in the routing table but is “possibly down”.

60 seconds later, the flush timer will expire and the route will be deleted from the routing table…that’s it. In total it takes 240 seconds for a route to be removed. The thing that confused me is that the holddown timer only runs for 60 seconds in this scenario, once the flush timer is expired it’s game over…

Apparatently, the holddown timer is also supposed to start when you receive a triggered update from a neighbor that advertises a route that is unreachable. The confusing part is that it doesn’t work this way on newer IOS versions. Once you receive a triggered update with a network that is unreachable, it’s removed from your routing table immediately. In some of the discussions I read online they say that on IOS 12.0, RIP does enter the holddown state when you receive a triggered update with an unreachable network.

0 Likes

(Shantel - Networklessons.com) split this topic #29

19 posts were merged into an existing topic: RIP Distance Vector Routing Protocol

0 Likes

(Sameer K) #30

Hi Rene ,

When current metric is low , and its received rip update with higher metric for a disconnected route , why router 2 will update its routing table ? can you please clarify .

“I can reach 3.3.3.0 /24 by going to R3 and my hop count used to be 1. I’m receiving a routing table from R3 now and it now says that the hop count is 2…I need to update myself to include this change”.

Reagrds,
Sameer

0 Likes

(Sameer K) #31

Hi ,

one doubt is when i want capture rip request packets in wireshark , i am only seeing rip response i have tried by doing shutdown and no shutdown . is it expected ?

Regards,
Sameer.

0 Likes

(Lazaros Agapides) #32

Hello Sameer

This is a very good question. What is happening here is that R2 has obtained its original hop count of 1 to network 3.3.3.3 from R3. So since R3 has told R2 that the distance to 3.3.3.3 is 1, it puts it in its routing table.

After the procedure that is described, R3 sends a new hop count to R2 of 2. Now you say since this hop count is higher than that which is already in the routing table of R2, why does R2 replace it? Well, it will replace it because it is an updated piece of information.

So, the previous entry of metric 1 that was learned from R3 is replaced with the updated entry of metric 2 from the same source, namely R3.

I hope this has been helpful!

Laz

1 Like

(Lazaros Agapides) #33

Hello Sameer

It is possible to capture requests as well. Requests are few and far between so you need to search a bit for them. Make sure that wireshark is set up to listen for them. Some more info about capturing RIP packets on wireshark can be found at this link.

An example of RIP captured on wireshark can be seen below.
image

I hope this has been helpful!

Laz

1 Like

(Sameer K) #34

Hi Laz ,

Still i have a basic doubt on this , is rip response (periodic at every 30 secs) are soliciated by the request packets , or is it like when we initially enable RIP it will send request packets and then every 30 sec routers will send unsolicited response packets or else these are all unsolicited periodic responses (if so , there is no need of rip request messages) .

If it is unsolicited we cant capture it because it not generated in my case i am thinking that its may be timing issue while capturing the request packet .

Can please elaborate it .
Regards,
Sameer

0 Likes

(Lazaros Agapides) #35

Hello Sameer

RIP requests are only sent under special circumstances, when a router requires that it be provided with immediate routing information. The most common example of this is when a router is first powered on. After initializing, the router will typically send an RIP Request on its attached networks to ask for the latest information about routes from any neighboring routers. The only other situation in which RIP requests are sent is when they are to be used for diagnostic purposes.

So yes, it is rare to find requests.

Responses on the other hand are sent either as a direct result of a request, or unsolicited every 30 seconds as you mentioned. So you are correct when you say that in order to capture requests, it is an issue of timing, being able to capture the packet at the time of RIP initialization.

You can attempt to keep your sniffer on during the enabling of RIP on your routers, thus instigating a RIP request.

I hope this has been helpful!

Laz

1 Like

(RATHINASABAPTHY T) #36

Hi…

I have a doubt route poisoning and poison reverse.? Can u explain it once

0 Likes

(Rene Molenaar) #37

Hi Rathinasabapthy,

Anything, in particular, you don’t understand about it? I explained it with quite some detail in this lesson.

Rene

0 Likes

(Rene Molenaar) split this topic #39

A post was split to a new topic: MAC addresses on switch

0 Likes

(MARKOS A) #40

Hello

Could you please explain how a routing loop would occur if we did not use Route Poisoning and only used Split Horizon?

Thank you

0 Likes

(Rene Molenaar) #41

Hi Markos,

Let’s say we have this topology:

triangle-routers

R2 learns 1.1.1.1/32 through R1.

Suddenly, R1 fails. R2, R3, and R4 still have the route in their routing table with the correct metric (since we don’t use route poisoning).

R2 sends an update to R3 and R4 and a few seconds later, it deletes the route from its routing table since it hasn’t received any updates anymore from R1.

A second later, it receives an update from R4 that contains network 1.1.1.1 /32 and installs this in its routing table. You now have a (temporarily) routing loop. Split horizon doesn’t protect against this since the update went from R2 > R3 > R4 and back to R2 (or from R2 > R4 > R3 > R2 is also possible).

Rene

0 Likes

(aryaka n) #42

Hi Rene ,

I have a question . Let’s say we have to design the network of a company on what basis you will decide whether to use RIP or OSPF or IBGP on the lan side of network ?

0 Likes

(Lazaros Agapides) #43

Hello Aryaka

This is an excellent question. First of all, if we’re talking about the LAN side, then BGP is not a good choice. BGP is designed for large routing tables like those found on the Internet, and is generally much slower in converging. Within a LAN, if a link or a router fails, you want the routing protocol to re-converge within several seconds. Although BGP’s timers can be adjusted down to 3 seconds for the update and 15 seconds for the hold timer. However, this means that in the event of a failure, re-convergence will take at least 15 seconds. For most enterprise networks, this is unacceptable. There are ways to get around that, but there are other features of BGP (and lack thereof) that don’t make it a good choice for a LAN.

RIP, OSPF and EIGRP are internal routing protocols designed to be used within an enterprise LAN. But these too have various differences between them. In general, networking professionals agree that RIP should never be used in production networks unless absolutely necessary. I’ve come across some vendors of some specialized networking equipment only support RIP for example. But if you can avoid it, don’t use it. This is because it is slow to converge, not very scalable, and has comparatively few parameters to tweak and optimise routing. Today it is generally used for teaching purposes for students to understand the concepts before going on to other protocols.

Now it comes down to OSPF and EIGRP. This is really a matter of preference among networking professionals. Both protocols are scalable, tweakable and can provide for the demands of any modern network. Sure, each has its own strong points and weak points, but I think the most vital is that OSPF is open architecture and is supported by many vendors, while EIGRP is proprietary to Cisco, although some other vendors are licensed to support it. This alone may be enough for someone to choose one way or the other.

For a more detailed look at the differences and advantages of each protocol, take a look at Rene’s comprehensive lessons on both of these.

I hope this has been helpful!

Laz

0 Likes

(Rahul R) #44

Hi team,

i have a doubt the router doesn’t forward broadcast.

So how then does RIP work - because it is said that it works using broadcast.

0 Likes

(Lazaros Agapides) #45

Hello Rahul

When routers use RIPv1, they do indeed use broadcast addresses to send out RIP updates. It is also true that routers do not forward broadcast packets that they receive. This means that if a RIP router sends a RIP update out of all its configured ports, only routers that are directly connected to it will receive these updates. A router may not forward broadcasts, but it will receive them and process them if they are sent from a directly connected router.

So RIP updates are sent only to directly connected neighbouring routers, which is the required behaviour to have RIP function correctly.

I hope this has been helpful!

Laz

0 Likes

(Rahul R) #46

Thanks for your reply. i am a bit of confusion in RIPv1. Could you please explain with a simple diagram and elaborate.

0 Likes

(Lazaros Agapides) #47

Hello Rahul

Take a look at the following diagram:


If RIPv1 is configured, R1 will send its updates out of all participating interfaces using a broadcast. This means that a broadcast packet will be sent out of Fa0/0 and Fa1/0. This packet will reach all of the hosts on the 1.1.1.0/24 network as well as all hosts on the 192.168.12.0/24 network. All hosts on the first network will discard the packet because they are not RIP devices. R2 will receive the broadcast and will process it. In this whole procedure, only R2 will receive and process the RIP message. R3 will see nothing. As you very correctly pointed out, routers do not forward broadcast packets, so R2 will not forward RIP messages recieved from R1, but it will process them, meaning, it will take their information and use it to update its own routing table.

Similarly, any RIP messages from R3 will reach R2 but will not reach R1. If R2 sends a broadcast RIP message, both R1 and R3 will receive the packet and will process it, because they are directly connected. They will not however forward these messages to the 1.1.1.0/24 or the 3.3.3.0/24 networks, as broadcasts are not forwarded to other networks.

I hope this has been helpful!

Laz

0 Likes