From: Narbik Kocharians (narbikk@gmail.com)
Date: Wed Jul 16 2008 - 04:11:21 ART
i have to disagree on item number 6,
In RIPv2, authentication can be used to provide "one directional" filtering.
On Tue, Jul 15, 2008 at 11:44 PM, Petr Lapukhov <petr@internetworkexpert.com>
wrote:
> How RIP process sends/receives updates/requests.
> 1) RIP process sends multicasts (or broadcast, if configured) updates on
> all
> *non-passive* interfaces by default.
>
> 2) RIP also sends multicast requests and flash updates out of all
> *non-passive* interface when needed (e.g. when you issue "clear ip route
> *"). Requests are NOT being sent out of passive interfaces, since this is
> an
> "active" operation. (Note: RIP responses are unicast to the router that
> issued the request, so only the requesting router will receive the
> response)
>
> 3) When an interface is configured as passive for RIP, the process will
> stop
> sending multicast updates and requests out of the passive interface (stop
> all active operations).
>
> 4) The process will passively accept ANY multicast/unicast updates,
> irrespective of receiving interface state (passive/non-passive). The update
> only needs to pass the source IP validation check and has valid
> authentication information. Note: This means a router may accept
> *redundant*
> multicast and unicasts updates from the same source, provided that the
> other
> side sends multicast and unicast packets at the same time.
>
> 5) Unicast updates have IP TTL value of "2" while multicast updates have
> TTL=1. This feature has been specifically designed for hub-and-spoke
> topologies, where packets from spokes need to traverse the hub. You may
> observe the TTL field with "debug ip packet detail dump" command.
>
> 6) Authentication configured on an interface affects RIP unicast and
> multicast updates, as well as multicast requests/responses flowing across
> the interface. Note: if authentication is configured on just one side of
> the
> connection, this will effectivily prohibit bidirectional RIP updates
> exchange, and will NOT result in "one-direction" filtering, as with passive
> interfaces.
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
> Online Community: http://www.IEOC.com <http://www.ieoc.com/>
> CCIE Blog: http://blog.internetworkexpert.com
>
> 2008/7/15 Igor Manassypov <imanassypov@rogers.com>:
>
> > Could someone please clarify rip's neighbor command mixed with a
> > passive-interface? For example, if you are asked to make sure that
> routing
> > updates are only sent to a particular router, I will configure a
> > corresponding 'neighbor' entry under my rip process, but to satisfy the
> > requirement that only that particular router gets updates I would also
> need
> > to enable the passive interface. As soon as I do that, there are no more
> > routing updates coming from that interface even though I have an explicit
> > neighbor configured... If I do not use the passive interface, then other
> > routers will get updates breaking the requirement...
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- Narbik Kocharians CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining www.Net-Workbooks.com Sr. Technical Instructor
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART