From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Wed Jul 16 2008 - 03:44:49 ART
How RIP process sends/receives updates/requests.
1) RIP process sends multicasts (or broadcast, if configured) updates on all
*non-passive* interfaces by default.
2) RIP also sends multicast requests and flash updates out of all
*non-passive* interface when needed (e.g. when you issue "clear ip route
*"). Requests are NOT being sent out of passive interfaces, since this is an
"active" operation. (Note: RIP responses are unicast to the router that
issued the request, so only the requesting router will receive the response)
3) When an interface is configured as passive for RIP, the process will stop
sending multicast updates and requests out of the passive interface (stop
all active operations).
4) The process will passively accept ANY multicast/unicast updates,
irrespective of receiving interface state (passive/non-passive). The update
only needs to pass the source IP validation check and has valid
authentication information. Note: This means a router may accept *redundant*
multicast and unicasts updates from the same source, provided that the other
side sends multicast and unicast packets at the same time.
5) Unicast updates have IP TTL value of "2" while multicast updates have
TTL=1. This feature has been specifically designed for hub-and-spoke
topologies, where packets from spokes need to traverse the hub. You may
observe the TTL field with "debug ip packet detail dump" command.
6) Authentication configured on an interface affects RIP unicast and
multicast updates, as well as multicast requests/responses flowing across
the interface. Note: if authentication is configured on just one side of the
connection, this will effectivily prohibit bidirectional RIP updates
exchange, and will NOT result in "one-direction" filtering, as with passive
interfaces.
-- Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344 Online Community: http://www.IEOC.com CCIE Blog: http://blog.internetworkexpert.com
2008/7/15 Igor Manassypov <imanassypov@rogers.com>:
> Could someone please clarify rip's neighbor command mixed with a > passive-interface? For example, if you are asked to make sure that routing > updates are only sent to a particular router, I will configure a > corresponding 'neighbor' entry under my rip process, but to satisfy the > requirement that only that particular router gets updates I would also need > to enable the passive interface. As soon as I do that, there are no more > routing updates coming from that interface even though I have an explicit > neighbor configured... If I do not use the passive interface, then other > routers will get updates breaking the requirement... > > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART