Документация
Документация VyOS
Маршрутизация в VyOS
RIP - Routing Information Protocol

RIP - Routing Information Protocol

RIP (Routing Information Protocol) - один из старейших протоколов динамической маршрутизации, использующий алгоритм distance-vector.

Обзор

RIP - простой протокол маршрутизации, подходящий для небольших сетей с предсказуемой топологией.

Характеристики RIP

Основные параметры:

  • Distance-vector алгоритм (Bellman-Ford)
  • Метрика - hop count (количество роутеров до сети)
  • Максимум 15 hops (16 = unreachable)
  • Периодические обновления каждые 30 секунд
  • Split horizon и poison reverse для предотвращения петель

Версии протокола:

  • RIPv1 (RFC 1058) - classful, без VLSM, broadcast обновления
  • RIPv2 (RFC 2453) - classless, VLSM, CIDR, multicast (224.0.0.9), authentication
  • RIPng (RFC 2080) - для IPv6 сетей, multicast (FF02::9)

Когда использовать RIP

Подходит для:

  • Малые сети (до 15 роутеров)
  • Простые топологии (без резервирования)
  • Legacy оборудование
  • Учебные лаборатории
  • Временные тестовые сети

Не подходит для:

  • Крупные enterprise сети
  • Сети с резервными путями
  • Высоконагруженные сети
  • Сети требующие быструю конвергенцию

Ограничения RIP

  1. Hop count limit - максимум 15 роутеров
  2. Медленная конвергенция - до 3 минут
  3. Периодические обновления - создают постоянный трафик
  4. Простая метрика - не учитывает bandwidth, latency
  5. Нет поддержки VLSM в RIPv1

RIPv2 Configuration

VyOS поддерживает RIPv2 по умолчанию.

Базовая настройка

Минимальная конфигурация:

set protocols rip interface eth0
set protocols rip interface eth1
set protocols rip network 192.168.1.0/24
set protocols rip network 192.168.2.0/24

commit
save

Network statement:

set protocols rip network 10.0.0.0/8
set protocols rip network 172.16.0.0/12
set protocols rip network 192.168.0.0/16

commit

Network statement включает все интерфейсы с IP из указанных сетей в RIP процесс.

Interface Configuration

Включить RIP на интерфейсе:

set protocols rip interface eth0
set protocols rip interface eth1
commit

Exclude интерфейс:

delete protocols rip interface eth2
commit

RIP Version

Установить версию RIP:

set protocols rip version 2
commit

По умолчанию VyOS использует RIPv2.

Neighbor Configuration

Unicast neighbor (вместо multicast):

set protocols rip neighbor 192.168.1.2
set protocols rip neighbor 192.168.2.2
commit

Полезно для:

  • Point-to-point links
  • Сети где multicast недоступен
  • VPN туннели

Passive Interface

Интерфейс анонсирует свою сеть, но не отправляет RIP updates.

Per-interface:

set protocols rip interface eth2 passive
commit

All interfaces passive by default:

set protocols rip passive-interface default
commit

Затем активировать нужные:

set protocols rip passive-interface eth0 disable
set protocols rip passive-interface eth1 disable
commit

Рекомендация: Используйте passive для LAN интерфейсов без RIP neighbors.

Authentication

Защита от несанкционированных RIP обновлений.

Plaintext Authentication

Не рекомендуется (пароль передается в открытом виде):

set interfaces ethernet eth0 ip rip authentication plaintext-password 'MyPassword'
commit

Используйте только для совместимости с legacy устройствами.

MD5 Authentication

Рекомендуется:

set interfaces ethernet eth0 ip rip authentication md5 1 password 'SecureRIPPassword123!'
commit

Key ID (1-255) позволяет плавную смену паролей:

# Старый ключ
set interfaces ethernet eth0 ip rip authentication md5 1 password 'OldPassword'

# Добавить новый ключ
set interfaces ethernet eth0 ip rip authentication md5 2 password 'NewPassword'
commit

# После обновления всех роутеров, удалить старый
delete interfaces ethernet eth0 ip rip authentication md5 1
commit

Важно: Authentication должна совпадать на всех соседних роутерах.

Authentication Example

Router 1:

set interfaces ethernet eth1 ip rip authentication md5 1 password 'RIP-Secure-2024'
commit

Router 2:

set interfaces ethernet eth1 ip rip authentication md5 1 password 'RIP-Secure-2024'
commit

Split Horizon

Механизм предотвращения routing loops.

Default Split Horizon

По умолчанию включен:

# Роутер не анонсирует маршруты обратно через интерфейс, откуда их получил

Disable Split Horizon 

set interfaces ethernet eth0 ip rip split-horizon disable
commit

Когда отключать:

  • Hub-and-spoke топологии
  • Frame Relay NBMA сети
  • Некоторые VPN конфигурации

Poison Reverse

Агрессивная версия split horizon:

set interfaces ethernet eth0 ip rip split-horizon poison-reverse
commit

Анонсирует маршруты обратно с метрикой 16 (unreachable).

Когда использовать:

  • Faster convergence при отказах
  • Явное указание на недоступность маршрута

Timers

Управление RIP timers для конвергенции.

Update Timer

Интервал отправки RIP updates:

set protocols rip timers update 30
commit

По умолчанию: 30 секунд.

Меньшее значение:

  • Faster convergence
  • Больше трафика
  • Выше CPU usage

Timeout Timer

Время ожидания обновления от neighbor:

set protocols rip timers timeout 180
commit

По умолчанию: 180 секунд (6x update timer).

После timeout маршрут помечается unreachable (metric 16).

Garbage Collection Timer

Время до удаления unreachable маршрута:

set protocols rip timers garbage-collection 120
commit

По умолчанию: 120 секунд.

Timers Configuration Example 

set protocols rip timers update 30
set protocols rip timers timeout 180
set protocols rip timers garbage-collection 120

commit
save

Aggressive timers (для быстрой конвергенции):

set protocols rip timers update 10
set protocols rip timers timeout 60
set protocols rip timers garbage-collection 40

commit

Осторожно: Более короткие timers увеличивают нагрузку на сеть и CPU.

Route Redistribution

Импорт маршрутов из других источников в RIP.

Redistribute Connected

Анонсировать directly connected сети:

set protocols rip redistribute connected
commit

С метрикой:

set protocols rip redistribute connected metric 2
commit

Redistribute Static

Анонсировать static routes:

set protocols rip redistribute static
commit

С метрикой:

set protocols rip redistribute static metric 3
commit

Redistribute OSPF

Импорт OSPF маршрутов в RIP:

set protocols rip redistribute ospf
commit

С метрикой:

set protocols rip redistribute ospf metric 5
commit

Redistribute BGP

Импорт BGP маршрутов:

set protocols rip redistribute bgp
commit

Осторожно: BGP full table (900K+ routes) не подходит для RIP (limit 15 hops).

Redistribute Kernel

Kernel routes (e.g., from DHCP):

set protocols rip redistribute kernel
commit

Route-map для Selective Redistribution

Создать route-map:

set policy route-map STATIC-TO-RIP rule 10 action permit
set policy route-map STATIC-TO-RIP rule 10 match ip address prefix-list ALLOWED-NETWORKS

set policy prefix-list ALLOWED-NETWORKS rule 10 action permit
set policy prefix-list ALLOWED-NETWORKS rule 10 prefix 192.168.0.0/16 le 24

commit

Применить к redistribution:

set protocols rip redistribute static route-map STATIC-TO-RIP
commit

Metric для Redistribution

По умолчанию: metric 1 (для всех redistributed routes).

Установить custom metric:

set protocols rip redistribute connected metric 2
set protocols rip redistribute static metric 3
set protocols rip redistribute ospf metric 5
commit

Default Information Originate

Анонс default route (0.0.0.0/0) в RIP.

Basic Default Route 

set protocols rip default-information originate
commit

Анонсирует default route только если она существует в routing table.

Создать static default route:

set protocols static route 0.0.0.0/0 next-hop 203.0.113.1
commit

Always Originate

Анонсировать default route всегда (даже если нет в routing table):

set protocols rip default-information originate always
commit

Default Route Example

Internet Gateway Router:

# Static default route к ISP
set protocols static route 0.0.0.0/0 next-hop 198.51.100.1

# Анонсировать в RIP
set protocols rip default-information originate

commit
save

Branch routers получат default route автоматически.

Distance (Administrative Distance)

Приоритет RIP маршрутов относительно других протоколов.

Default Distance

RIP default distance: 120 (выше чем OSPF 110, ниже чем eBGP 20).

Change RIP Distance 

set protocols rip distance 130
commit

Меньшее значение - выше приоритет:

  • Connected: 0
  • Static: 1
  • eBGP: 20
  • OSPF: 110
  • RIP: 120
  • iBGP: 200

Network-specific Distance 

set protocols rip network-distance 192.168.10.0/24 distance 90
commit

Для конкретной сети установить custom distance.

Distance Example 

# Prefer OSPF over RIP
set protocols ospf distance global 110
set protocols rip distance 120

# Except для specific network - prefer RIP
set protocols rip network-distance 10.10.0.0/16 distance 80

commit

Access List (Distribute List)

Фильтрация RIP routes.

Inbound Filter

Фильтровать входящие updates:

set policy access-list 10 rule 10 action permit
set policy access-list 10 rule 10 source any
set policy access-list 10 rule 10 destination 192.168.0.0/16

set protocols rip distribute-list interface eth0 access-list in 10

commit

Принимать только маршруты из 192.168.0.0/16.

Outbound Filter

Фильтровать исходящие updates:

set policy access-list 20 rule 10 action deny
set policy access-list 20 rule 10 source any
set policy access-list 20 rule 10 destination 10.0.0.0/8

set policy access-list 20 rule 20 action permit
set policy access-list 20 rule 20 source any
set policy access-list 20 rule 20 destination any

set protocols rip distribute-list interface eth1 access-list out 20

commit

Не анонсировать 10.0.0.0/8, анонсировать всё остальное.

Prefix-list Filter

Более гибкая фильтрация:

set policy prefix-list ALLOWED-IN rule 10 action permit
set policy prefix-list ALLOWED-IN rule 10 prefix 192.168.0.0/16 le 24

set protocols rip distribute-list interface eth0 prefix-list in ALLOWED-IN

commit

Принимать 192.168.0.0/16 и все подсети до /24.

RIPng (IPv6)

RIPng - RIP для IPv6 сетей.

RIPng Overview

Характеристики:

  • Distance-vector для IPv6
  • Multicast FF02::9
  • UDP port 521 (vs 520 для RIPv2)
  • Аналогичная логика RIPv2
  • Hop count limit 15

Применение:

  • Малые IPv6 сети
  • Legacy IPv6 routing (современные сети используют OSPFv3/BGP)

RIPng Basic Configuration

Router 1:

set protocols ripng interface eth0
set protocols ripng interface eth1
set protocols ripng network 2001:db8:1::/64
set protocols ripng network 2001:db8:2::/64

commit
save

Router 2:

set protocols ripng interface eth0
set protocols ripng interface eth2
set protocols ripng network 2001:db8:1::/64
set protocols ripng network 2001:db8:3::/64

commit
save

RIPng Timers 

set protocols ripng timers update 30
set protocols ripng timers timeout 180
set protocols ripng timers garbage-collection 120

commit

RIPng Redistribution

Connected networks:

set protocols ripng redistribute connected
commit

Static routes:

set protocols ripng redistribute static
commit

OSPFv3:

set protocols ripng redistribute ospfv3
commit

RIPng Default Route 

set protocols ripng default-information originate
commit

RIPng Aggregate Address

Суммирование IPv6 префиксов:

set protocols ripng aggregate-address 2001:db8::/32
commit

RIPng Passive Interface 

set protocols ripng interface eth2 passive
commit

RIPng Split Horizon 

set interfaces ethernet eth0 ipv6 ripng split-horizon disable
commit

Poison reverse:

set interfaces ethernet eth0 ipv6 ripng split-horizon poison-reverse
commit

Configuration Examples

Simple Two-Router RIP Network

Топология:

[Router1: eth0 192.168.1.1/24] --- [eth1 10.0.0.1/30 - 10.0.0.2/30 eth1] --- [Router2: eth0 192.168.2.1/24]

Router 1:

# Interfaces
set interfaces ethernet eth0 address 192.168.1.1/24
set interfaces ethernet eth1 address 10.0.0.1/30

# RIP
set protocols rip interface eth0
set protocols rip interface eth1

set protocols rip network 192.168.1.0/24
set protocols rip network 10.0.0.0/30

# Authentication
set interfaces ethernet eth1 ip rip authentication md5 1 password 'RipSecure2024!'

# Passive на LAN
set protocols rip interface eth0 passive

commit
save

Router 2:

# Interfaces
set interfaces ethernet eth0 address 192.168.2.1/24
set interfaces ethernet eth1 address 10.0.0.2/30

# RIP
set protocols rip interface eth0
set protocols rip interface eth1

set protocols rip network 192.168.2.0/24
set protocols rip network 10.0.0.0/30

# Authentication
set interfaces ethernet eth1 ip rip authentication md5 1 password 'RipSecure2024!'

# Passive на LAN
set protocols rip interface eth0 passive

commit
save

RIP with Default Route

Internet Gateway Router:

# WAN interface
set interfaces ethernet eth0 address dhcp

# LAN interface
set interfaces ethernet eth1 address 192.168.1.1/24

# Static default route
set protocols static route 0.0.0.0/0 dhcp-interface eth0

# RIP
set protocols rip interface eth1
set protocols rip network 192.168.1.0/24

# Originate default
set protocols rip default-information originate

# Passive на LAN
set protocols rip interface eth1 passive

commit
save

Branch Router:

# WAN к gateway
set interfaces ethernet eth0 address 192.168.1.2/24

# LAN
set interfaces ethernet eth1 address 192.168.10.1/24

# RIP
set protocols rip interface eth0
set protocols rip interface eth1

set protocols rip network 192.168.1.0/24
set protocols rip network 192.168.10.0/24

set protocols rip interface eth1 passive

commit
save

RIP Redistribution Example

Core Router (RIP + OSPF):

# Interfaces
set interfaces ethernet eth0 address 192.168.1.1/24
set interfaces ethernet eth1 address 10.0.0.1/30

# RIP domain
set protocols rip interface eth0
set protocols rip network 192.168.1.0/24

# OSPF domain
set protocols ospf parameters router-id 10.0.0.1
set protocols ospf interface eth1 area 0
set protocols ospf area 0 network 10.0.0.0/30

# Redistribute RIP в OSPF
set protocols ospf redistribute rip metric 100 metric-type 2

# Redistribute OSPF в RIP
set protocols rip redistribute ospf metric 5

commit
save

Осторожно: Возможны routing loops при двусторонней redistribution. Используйте route-maps.

RIP через VPN (VTI)

Site A:

# VTI tunnel
set interfaces vti vti0 address 172.16.0.1/30

# IPsec VPN (настроить отдельно)

# RIP через VTI
set protocols rip interface vti0
set protocols rip network 172.16.0.0/30
set protocols rip network 192.168.1.0/24

# Authentication
set interfaces vti vti0 ip rip authentication md5 1 password 'VPN-RIP-Pass'

# LAN interface
set interfaces ethernet eth1 address 192.168.1.1/24
set protocols rip interface eth1 passive

commit
save

Site B:

# VTI tunnel
set interfaces vti vti0 address 172.16.0.2/30

# RIP через VTI
set protocols rip interface vti0
set protocols rip network 172.16.0.0/30
set protocols rip network 192.168.2.0/24

# Authentication
set interfaces vti vti0 ip rip authentication md5 1 password 'VPN-RIP-Pass'

# LAN interface
set interfaces ethernet eth1 address 192.168.2.1/24
set protocols rip interface eth1 passive

commit
save

RIP Filtering Example

HQ Router (анонсирует только internal сети):

# Prefix list для фильтрации
set policy prefix-list INTERNAL-ONLY rule 10 action permit
set policy prefix-list INTERNAL-ONLY rule 10 prefix 192.168.0.0/16 le 24

set policy prefix-list INTERNAL-ONLY rule 20 action permit
set policy prefix-list INTERNAL-ONLY rule 20 prefix 10.0.0.0/8 le 24

# Применить к RIP outbound
set protocols rip distribute-list interface eth1 prefix-list out INTERNAL-ONLY

# RIP configuration
set protocols rip network 192.168.0.0/16
set protocols rip network 10.0.0.0/8

commit
save

RIPng IPv6 Example

Router 1:

# IPv6 interfaces
set interfaces ethernet eth0 address 2001:db8:1::1/64
set interfaces ethernet eth1 address 2001:db8:100::1/64

# RIPng
set protocols ripng interface eth0
set protocols ripng interface eth1

set protocols ripng network 2001:db8:1::/64
set protocols ripng network 2001:db8:100::/64

# Passive на LAN
set protocols ripng interface eth0 passive

commit
save

Router 2:

# IPv6 interfaces
set interfaces ethernet eth0 address 2001:db8:2::1/64
set interfaces ethernet eth1 address 2001:db8:100::2/64

# RIPng
set protocols ripng interface eth0
set protocols ripng interface eth1

set protocols ripng network 2001:db8:2::/64
set protocols ripng network 2001:db8:100::/64

# Passive на LAN
set protocols ripng interface eth0 passive

commit
save

Yandex Cloud Example: Legacy Network Migration

Сценарий: Миграция legacy RIP сети в Yandex Cloud с постепенным переходом на OSPF.

Topology 

Internet
   |
[Yandex Cloud VPC]
   |
[Gateway Router - RIP + OSPF]
   |
+--+----------+----------+
   |          |          |
[Legacy1]  [Legacy2]  [OSPF Zone]
 (RIP)      (RIP)      (OSPF)

Gateway Router Configuration

Gateway Router (dual protocol):

# External interface
set interfaces ethernet eth0 address 10.128.0.10/24
set protocols static route 0.0.0.0/0 next-hop 10.128.0.1

# RIP zone interface
set interfaces ethernet eth1 address 192.168.1.1/24

# OSPF zone interface
set interfaces ethernet eth2 address 10.10.0.1/24

# Loopback
set interfaces loopback lo address 10.255.255.1/32

# RIP configuration
set protocols rip interface eth1
set protocols rip network 192.168.1.0/24

# RIP authentication
set interfaces ethernet eth1 ip rip authentication md5 1 password 'YC-RIP-Legacy2024'

# RIP passive
set protocols rip interface eth1 passive disable

# Default route в RIP
set protocols rip default-information originate

# OSPF configuration
set protocols ospf parameters router-id 10.255.255.1
set protocols ospf interface eth2 area 0
set protocols ospf area 0 network 10.10.0.0/24
set protocols ospf area 0 network 10.255.255.1/32

# OSPF authentication
set protocols ospf interface eth2 authentication md5 key-id 1 md5-key 'YC-OSPF-Secure'

# Redistribute RIP в OSPF (controlled)
set policy prefix-list RIP-TO-OSPF rule 10 action permit
set policy prefix-list RIP-TO-OSPF rule 10 prefix 192.168.0.0/16 le 24

set policy route-map RIP-TO-OSPF rule 10 action permit
set policy route-map RIP-TO-OSPF rule 10 match ip address prefix-list RIP-TO-OSPF

set protocols ospf redistribute rip route-map RIP-TO-OSPF metric 100 metric-type 2

# Redistribute OSPF в RIP (controlled)
set policy prefix-list OSPF-TO-RIP rule 10 action permit
set policy prefix-list OSPF-TO-RIP rule 10 prefix 10.10.0.0/16 le 24

set policy route-map OSPF-TO-RIP rule 10 action permit
set policy route-map OSPF-TO-RIP rule 10 match ip address prefix-list OSPF-TO-RIP

set protocols rip redistribute ospf route-map OSPF-TO-RIP metric 3

commit
save

Legacy RIP Router

Legacy Router (только RIP):

# Management interface (Yandex Cloud)
set interfaces ethernet eth0 address dhcp

# LAN interface
set interfaces ethernet eth1 address 192.168.10.1/24

# Uplink к Gateway
set interfaces ethernet eth2 address 192.168.1.10/24

# RIP configuration
set protocols rip interface eth2
set protocols rip interface eth1

set protocols rip network 192.168.1.0/24
set protocols rip network 192.168.10.0/24

# Authentication
set interfaces ethernet eth2 ip rip authentication md5 1 password 'YC-RIP-Legacy2024'

# Passive на LAN
set protocols rip interface eth1 passive

commit
save

Migration Plan

Phase 1: Dual protocol на Gateway (текущее состояние).

Phase 2: Перенести legacy routers один за другим:

# На каждом legacy router
delete protocols rip
set protocols ospf parameters router-id 192.168.10.1
set protocols ospf interface eth2 area 0
set protocols ospf area 0 network 192.168.1.0/24
set protocols ospf interface eth2 authentication md5 key-id 1 md5-key 'YC-OSPF-Secure'
commit

Phase 3: После миграции всех роутеров, удалить RIP с Gateway:

delete protocols rip
delete protocols ospf redistribute rip
commit

VK Cloud Example: Small Office RIP Deployment

Сценарий: Простая малая офисная сеть на VK Cloud с RIP.

Topology 

[VK Cloud VPC 10.0.0.0/16]
          |
    [Main Router]
     10.0.1.1/24
          |
    +-----+-----+
    |           |
[Office1]   [Office2]
10.0.2.1/24  10.0.3.1/24

Main Router Configuration

Main Router:

# Interfaces
set interfaces ethernet eth0 address 10.0.1.1/24
set interfaces ethernet eth1 address 10.0.10.1/30
set interfaces ethernet eth2 address 10.0.10.5/30

# Internet via VK Cloud NAT
set protocols static route 0.0.0.0/0 next-hop 10.0.1.254

# RIP configuration
set protocols rip interface eth1
set protocols rip interface eth2

set protocols rip network 10.0.10.0/30
set protocols rip network 10.0.10.4/30

# Authentication для безопасности
set interfaces ethernet eth1 ip rip authentication md5 1 password 'VKCloud-RIP-2024'
set interfaces ethernet eth2 ip rip authentication md5 1 password 'VKCloud-RIP-2024'

# Default route в RIP для branch offices
set protocols rip default-information originate

# Timers (aggressive для малой сети)
set protocols rip timers update 15
set protocols rip timers timeout 90
set protocols rip timers garbage-collection 60

commit
save

Office Router 1 

# Interfaces
set interfaces ethernet eth0 address 10.0.2.1/24
set interfaces ethernet eth1 address 10.0.10.2/30

# RIP
set protocols rip interface eth0
set protocols rip interface eth1

set protocols rip network 10.0.2.0/24
set protocols rip network 10.0.10.0/30

# Authentication
set interfaces ethernet eth1 ip rip authentication md5 1 password 'VKCloud-RIP-2024'

# Passive на LAN
set protocols rip interface eth0 passive

# Timers (match main router)
set protocols rip timers update 15
set protocols rip timers timeout 90
set protocols rip timers garbage-collection 60

# NAT для выхода в интернет
set nat source rule 100 outbound-interface name eth1
set nat source rule 100 source address 10.0.2.0/24
set nat source rule 100 translation address masquerade

commit
save

Office Router 2 

# Interfaces
set interfaces ethernet eth0 address 10.0.3.1/24
set interfaces ethernet eth1 address 10.0.10.6/30

# RIP
set protocols rip interface eth0
set protocols rip interface eth1

set protocols rip network 10.0.3.0/24
set protocols rip network 10.0.10.4/30

# Authentication
set interfaces ethernet eth1 ip rip authentication md5 1 password 'VKCloud-RIP-2024'

# Passive на LAN
set protocols rip interface eth0 passive

# Timers
set protocols rip timers update 15
set protocols rip timers timeout 90
set protocols rip timers garbage-collection 60

# NAT
set nat source rule 100 outbound-interface name eth1
set nat source rule 100 source address 10.0.3.0/24
set nat source rule 100 translation address masquerade

commit
save

Firewall для RIP

На всех роутерах:

# Allow RIP multicast (224.0.0.9)
set firewall ipv4 input filter rule 100 action accept
set firewall ipv4 input filter rule 100 destination address 224.0.0.9
set firewall ipv4 input filter rule 100 protocol udp
set firewall ipv4 input filter rule 100 destination port 520

# Allow from specific interfaces only
set firewall ipv4 input filter rule 100 inbound-interface interface-name eth1

commit

Verification Commands

Show RIP Status

Общий статус RIP:

show ip rip status

Вывод:

Routing Protocol is "rip"
  Sending updates every 30 seconds with +/-50%, next due in 18 seconds
  Timeout after 180 seconds, garbage collect after 120 seconds
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default redistribution metric is 1
  Redistributing: connected, static
  Default version control: send version 2, receive version 2
  Interface        Send  Recv  Key-chain
  eth0              2     2
  eth1              2     2
  Routing for Networks:
    192.168.1.0/24
    192.168.2.0/24
    10.0.0.0/8
  Routing Information Sources:
    Gateway          BadPackets BadRoutes  Distance Last Update
    192.168.1.2             0         0       120   00:00:05
  Distance: (default is 120)

Show RIP Routes

RIP routing table:

show ip rip

Вывод:

Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP
       > - selected route, * - FIB route

R>* 192.168.2.0/24 [120/1] via 192.168.1.2, eth0, 00:00:15
R>* 192.168.3.0/24 [120/2] via 192.168.1.2, eth0, 00:00:15
R>* 10.10.0.0/24 [120/1] via 192.168.1.2, eth0, 00:00:15

Show RIP Database

RIP database entries:

show ip protocols

Информация о всех routing protocols включая RIP.

Show IP Route

Все маршруты (включая RIP):

show ip route

Только RIP маршруты:

show ip route rip

Вывод:

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

R>* 192.168.2.0/24 [120/1] via 192.168.1.2, eth0, weight 1, 00:02:15
R>* 192.168.3.0/24 [120/2] via 192.168.1.2, eth0, weight 1, 00:02:15

Show RIP Interface

RIP на интерфейсах:

show ip rip interface

Debug RIP

Enable RIP debugging:

monitor protocol rip

RIP packet debug:

debug rip packet

RIP events:

debug rip events

Остановить debug:

no debug rip all

Clear RIP Routes

Clear RIP process (restart):

restart rip

Удаляет все learned routes и перезапускает RIP процесс.

Troubleshooting

RIP Neighbors не видны

Проверка 1 - Connectivity:

ping <neighbor-ip>

Проверка 2 - RIP процесс активен:

show ip rip status

Проверка 3 - Network statements:

show configuration protocols rip

Убедитесь, что интерфейсы включены в RIP:

set protocols rip interface eth0
set protocols rip network 192.168.1.0/24

Проверка 4 - Authentication:

show configuration interfaces ethernet eth0 ip rip authentication

Authentication должна совпадать на обоих роутерах.

Проверка 5 - Firewall:

# Allow RIP (UDP 520)
set firewall ipv4 input filter rule 100 action accept
set firewall ipv4 input filter rule 100 destination address 224.0.0.9
set firewall ipv4 input filter rule 100 protocol udp
set firewall ipv4 input filter rule 100 destination port 520
commit

Проверка 6 - Multicast:

tcpdump -i eth0 -n 'udp port 520'

Должны видеть RIP updates каждые 30 секунд.

Routes не появляются

Проверка 1 - RIP database:

show ip rip

Маршрут есть в RIP, но не в routing table?

Проверка 2 - Administrative Distance:

show ip route <network>

Возможно другой протокол (OSPF, static) имеет лучший distance.

Проверка 3 - Hop count:

show ip rip

Если metric 16 - маршрут unreachable (слишком далеко).

Проверка 4 - Split horizon:

set interfaces ethernet eth0 ip rip split-horizon disable
commit

Попробуйте отключить split horizon (для hub-and-spoke).

Проверка 5 - Distribute list:

show configuration protocols rip distribute-list

Возможно route filter блокирует маршрут.

Slow Convergence

RIP convergence медленная (до 3 минут).

Решение 1 - Aggressive timers:

set protocols rip timers update 10
set protocols rip timers timeout 60
set protocols rip timers garbage-collection 40
commit

Осторожно: Увеличивает нагрузку на сеть.

Решение 2 - Poison reverse:

set interfaces ethernet eth0 ip rip split-horizon poison-reverse
commit

Решение 3 - Migrate to OSPF:

RIP не подходит для сетей требующих быструю конвергенцию. Используйте OSPF.

Authentication Failures

Проверка 1 - Logs:

show log | grep RIP

Ищите “authentication failed” сообщения.

Проверка 2 - Passwords match:

# Router 1
show configuration interfaces ethernet eth0 ip rip authentication

# Router 2
show configuration interfaces ethernet eth0 ip rip authentication

Пароли и key-id должны совпадать.

Проверка 3 - Key rotation:

Если меняете пароли, добавьте новый key ID перед удалением старого:

# Добавить новый
set interfaces ethernet eth0 ip rip authentication md5 2 password 'NewPassword'
commit

# После обновления всех роутеров, удалить старый
delete interfaces ethernet eth0 ip rip authentication md5 1
commit

Routing Loops

Проблема: Пакеты ходят по кругу между роутерами.

Решение 1 - Split horizon:

# Убедитесь, что split horizon включен (по умолчанию)
delete interfaces ethernet eth0 ip rip split-horizon disable
commit

Решение 2 - Maximum hop count:

RIP автоматически ограничивает loops через hop count (max 15).

Решение 3 - Administrative distance:

Если используете redistribution между RIP и другими протоколами:

set protocols rip distance 120
set protocols ospf distance global 110
commit

High Network Traffic

RIP создает постоянный трафик (updates каждые 30 сек).

Решение 1 - Passive interfaces:

set protocols rip interface eth2 passive
commit

Решение 2 - Unicast neighbors:

set protocols rip neighbor 192.168.1.2
delete protocols rip interface eth0
commit

Решение 3 - Increase update interval:

set protocols rip timers update 60
commit

Осторожно: Замедляет конвергенцию.

Решение 4 - Migrate to OSPF:

OSPF использует triggered updates вместо periodic.

Best Practices

General Recommendations

  1. Use RIPv2 (не RIPv1):

    set protocols rip version 2

  2. MD5 Authentication на всех интерфейсах:

    set interfaces ethernet eth0 ip rip authentication md5 1 password 'StrongPassword'

  3. Passive interfaces для LAN:

    set protocols rip interface eth1 passive

  4. Limit network size - максимум 10-15 роутеров

  5. Use default route на branch routers:

    set protocols rip default-information originate

  6. Filter redistributed routes:

    set protocols rip redistribute connected route-map CONNECTED-FILTER

  7. Monitor hop count - не допускайте близости к 15

  8. Document network topology - RIP не имеет database visibility

  9. Plan migration to OSPF для growing networks

  10. Regular backups конфигурации

Security Best Practices

  1. Always use MD5 authentication:

    set interfaces ethernet eth0 ip rip authentication md5 1 password 'Secure123!'

  2. Passive interfaces по умолчанию:

    set protocols rip passive-interface default
set protocols rip passive-interface eth0 disable

  3. Firewall для RIP:

    set firewall ipv4 input filter rule 100 action accept
set firewall ipv4 input filter rule 100 source address 192.168.1.0/24
set firewall ipv4 input filter rule 100 destination address 224.0.0.9
set firewall ipv4 input filter rule 100 protocol udp
set firewall ipv4 input filter rule 100 destination port 520

  4. Filter redistributed routes:

    set protocols rip distribute-list interface eth0 prefix-list ALLOWED-OUT out

  5. Limit network statements - только нужные сети

Performance Best Practices

  1. Default timers для большинства случаев:

    set protocols rip timers update 30
set protocols rip timers timeout 180
set protocols rip timers garbage-collection 120

  2. Poison reverse для faster convergence:

    set interfaces ethernet eth0 ip rip split-horizon poison-reverse

  3. Summarization где возможно (хотя RIPv2 не имеет explicit summarization)

  4. Unicast neighbors для reducing multicast:

    set protocols rip neighbor 192.168.1.2

  5. Monitor metrics:

    show ip rip

Migration Best Practices

From RIP to OSPF:

  1. Dual protocol phase:

    # Keep RIP running
set protocols rip network 192.168.0.0/16

# Add OSPF
set protocols ospf parameters router-id 10.0.0.1
set protocols ospf area 0 network 10.0.0.0/8

# Redistribute both ways (temporary)
set protocols rip redistribute ospf metric 5
set protocols ospf redistribute rip metric 100

  2. Migrate routers one by one

  3. Remove RIP after all migrated:

    delete protocols rip
delete protocols ospf redistribute rip

From RIP to static routes (small networks):

  1. Document current RIP routes:

    show ip rip

  2. Create static routes:

    set protocols static route 192.168.2.0/24 next-hop 192.168.1.2

  3. Disable RIP:

    delete protocols rip

When to Migrate from RIP

Signs You Need OSPF/BGP

  1. Network growth - more than 10 routers
  2. Slow convergence - unacceptable downtime
  3. Multiple paths - need load balancing
  4. VLSMs required - complex subnetting
  5. Hop count limit - hitting 15 hop barrier
  6. High bandwidth links - need better metrics
  7. Large routing tables - RIP updates too big
  8. Require fast failover - seconds not minutes
  9. Integration with ISP - need BGP
  10. Security requirements - need better authentication

Migration Path

Small networks (2-5 routers):

RIP → Static Routes

Medium networks (5-20 routers):

RIP → OSPF (single area)

Large networks (20+ routers):

RIP → OSPF (multi-area) → BGP for external

Cloud deployments:

RIP → Cloud-native routing (VPC routing tables + BGP)

Comparison with Other Protocols

RIP vs OSPF

FeatureRIPOSPF
AlgorithmDistance-vectorLink-state
MetricHop countCost (bandwidth)
Max hops15No limit
ConvergenceSlow (minutes)Fast (seconds)
ScalabilitySmall (10-15)Large (100+)
CPU usageLowMedium
ConfigurationSimpleComplex
UpdatesPeriodic (30s)Triggered
VLSMRIPv2 yesYes
AreasNoYes

Recommendation: Use OSPF for any network with more than 10 routers.

RIP vs BGP

RIP - Interior Gateway Protocol (IGP) для internal routing.

BGP - Exterior Gateway Protocol (EGP) для inter-AS routing.

Use case:

  • RIP - small internal networks
  • BGP - ISP connectivity, multi-homed networks

RIP vs Static Routes

FeatureRIPStatic Routes
ConfigurationAutomaticManual
FailoverAutomaticManual or with tracking
ScalabilityLowVery low
ConvergenceSlowInstant (if tracked)
MaintenanceLowHigh

When to use static:

  • 2-3 routers
  • No redundancy needed
  • Predictable topology

When to use RIP:

  • 5-15 routers
  • Some redundancy
  • Simple failover needed

Summary

RIP Summary:

  • Simple distance-vector protocol
  • Suitable for small networks (5-15 routers)
  • Maximum 15 hops
  • Slow convergence (minutes)
  • Use RIPv2 with MD5 authentication
  • Passive interfaces on LAN
  • Plan migration to OSPF as network grows

Key Commands:

# Enable RIP
set protocols rip interface <interface>
set protocols rip network <network>

# Authentication
set interfaces ethernet <int> ip rip authentication md5 <id> password '<pass>'

# Passive interface
set protocols rip interface <int> passive

# Default route
set protocols rip default-information originate

# Verification
show ip rip
show ip rip status
show ip route rip

Migration Path:

Small network: RIP → Static Routes
Growing network: RIP → OSPF
Large network: RIP → OSPF + BGP

Next Steps

Проверено OpenNix LLC · Обновлено
Статическая маршрутизация (Static Routes)OSPF (Open Shortest Path First)