RIP


RIP Notes
·        RIP is a distance vector protocol
·        RIP uses udp 520
·        The metric used by RIP is hop count, 1 is  directly connected network of the advertising router and 16 is unreachable
·        RIP timers are
Updates interval: how often does the router send updates
Invalid: after how seconds since last update does the router consider it invalid
Holddown: how many seconds does the router hold down before anything from the router that advertised that route
Flush: how many seconds before deleting it from the routing table
Sleep: how many msec before delay before sending flash update

·        Split horizon (prevent sending the updates on the same interface that received on) is enabled on multIPoint subinteraces and disabled on multIPoint physical interfaces by default
·        RIP supports md5 and text authentication, the key has to match
if the key is different the router with higher number key will accept the updates from the lower key one but no vice versa
·        RIP will originate the default route regardless if it has it or not and it doesn't use null routers
With RIP, “IP default-network” command will work only if (1) the network address is a classful network that is not directly connected, and (2) this classful network is in the local router’s IP routing table, via any meansreferenced in.

·        IP triggered can be used to set the RIP to advertise the changes only 
·        When triggered extensions to RIP are enabled, routing updates are transmitted on the WAN only if one of the following occurs:

Ø  The router receives a specific request for a routing update. (Full database is sent.)

Ø  Information from another interface modifies the routing database. (Only latest changes are sent)
Ø  The interface comes up or goes down. (Partial database is sent.)

Ø  The router is first powered on, to ensure that at least one update is sent. (Full database is sent.)

·        when RIP send the summary address it sends the summary only and not the smaller subnets buy default
·        output delay can be when high end router send update to lower end router

·        RIP sends periodic updates every 30 seconds minus a small random variable that prevents the updates of neighboring routers from becoming synchronized.

·        RIP doesn’t inject null 0 routes when summarizing routes and hence the feedback routes can occur

·        Supernet advertisement (advertising any network prefix less than its classful major network) is not allowed in RIP
·        Extended ACLs when called as distribute-list in IGP have a different meaning than in redistribution or as in BGP. In BGP and redistribution the “source” field in the ACL represents the network address, and the “destination” represents the subnet mask. In IGP distribute-list the Source  in the ACL matches the update source of the route, and the destination field represents the network address;
·         validate-update-source does not validate source (if it is in the same subnet) of “IP unnumbered” interfaces.
·        The IP-RIP Delay Start feature (“IP rIP initial-delay ...”) is used on Cisco routers to delay the initiation of RIPv2 neighbor sessions until the network connectivity between the neighbor routers is fully operational, thereby ensuring that the sequence number of the first MD5 packet that the router sends to the non-Cisco neighbor router is 0.
·         If an interface is configured with secondary IP addresses and split horizon is enabled, updates might not be sourced by the secondary address
·         Filtering
1-     Offset list X in/out Z interfaces
X is standard access list
Z is the offset 0-16
2-     Distribute list access-list/prefix-list in/out interface
If the access list is standard then the source cannot be matched
If the access-list is extended then the source is source of the ACL and the network is distention
              If prefix list is used then gateway can be used to match the source through 
              Another prefix list
3-     Distance 0.0.0.0 0.0.0.0 access-list X

Comments

Post a Comment

Popular posts from this blog

IPv6 EIGRP

Image
In this post we will try to configure IPv6 EIGRP see the different options for the protocol and how these options are almost identical to the IPv4 version of EIGRP configuration R1 ipv6 unicast-routing interface lo0 ipv6 address 2001:1:1::1/64 interface FastEthernet0/0   ipv6 address FE80::1 link-local   ipv6 address FC00:1:12::1/64 ! interface FastEthernet0/1   ipv6 address FE80::1 link-local   ipv6 address FC00:1:13::1/64 !          R2 ipv6 unicast-routing interface lo0 ipv6 address 2001:2:2::2/64 interface FastEthernet0/0   ipv6 address FE80::2 link-local   ipv6 address FC00:1:12::2/64 ! interface FastEthernet0/1   ipv6 address FE80::2 link-local   ipv6 address FC00:1:23::2/64 R3 ipv6 unicast-routing interface lo0 ipv6 address 2001:3:3::3/64 interface lo1 ipv6 address 2001:3:4::3/64 interface lo2 ipv6 address 2001:3:5::3/64 interface FastEthernet0/0   ipv6 address FE80::3 link-...
Read more

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to...
Read more

Private VLANS and protected ports

Image
In this post we will try to learn two layer 2 technologies, private vlans and protected ports Private vlans is used to segregate the layer 2 domain within the same vlan so we don’t waste any IP addresses, think about as sub-vlans within the same vlan that share the same layer 3 address. These sub-vlans can be of two kinds                      1- Community 2- Isolated The difference between community and isolated sub-vlans that hosts within community vlan can communicate together however hosts within isolated vlans con’t communicate to each others, also note that hosts from different community vlans can’t communicate/isolated vlans can’t communicate together. The question is how these hosts in community/isolated vlans communicate to the outside world, and the answer is they communicate through the promiscuous port which is part of parent vlan but this port is allowed to communicat...
Read more