search cancel

RIP Configuration on the ProxySG / ASG

book

Article ID: 175600

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The Routing Information Protocol (RIP) is a dynamic routing protocol which determines the best path between two hosts based on the lowest hop count among the possible paths. The protocol is dynamic, meaning the routing information is shared between hosts and is updated over time as changes occur in the network. The proxy also supports advertising default gateways in the network via RIP.

Hosts communicate over UDP port 520. The proxy supports RIPv1 and RIPv2. In RIPv1, the hosts send updates to the broadcast address 255.255.255.255 while RIPv2 uses the multicast address 224.0.0.9.

The maximum hop count for RIP is 15, thus limiting the network size.

Resolution

Step 1 - Creating a RIP configuration file

A RIP configuration file needs to be installed on the device. No RIP configuration file is shipped with the appliance.

Two commands used are net and host which can be used to specify particular parameters to a net / host.

net Nname[/mask] gateway Gname metric Value {passive | active | external}

Parameter

Description

Nname

Name of the destination network. It can be a symbolic network name, or an Internet address specified in dot notation.

/mask

Optional number between 1 and 32 indicating the netmask associated with Nname.

Gname

Name or address of the gateway to which RIP responses should be forwarded.

Value

The hop count to the destination host or network. A net Nname/32 specification is equivalent to the host Hname command (see below).

passive | active | external

Specifies whether the gateway is treated as passive or active, or whether the gateway is external to the scope of the RIP protocol. Active routers advertise their routes, while passive routers only listen for updates.

 

host Hname gateway Gname metric Value {passive | active | external}

Parameter

Description

Hname

Name of the destination host. It can be a symbolic host name, or an Internet address specified in dot notation.

Gname

Name or address of the gateway to which RIP responses should be forwarded.

Value

The hop count to the destination host or network.

passive | active | external

Specifies whether the gateway is treated as passive or active, or whether the gateway is external to the scope of the RIP protocol. Active routers advertise their routes, while passive routers only listen for updates.

 

The following additional parameters and logic statements are supported. Each line must consist of one or more of the following parameter settings, separated by commas or blank spaces.

Parameter

Description

if={0|1|2|3}

Specifies that the other parameters on the line apply to the interface adapter numbered 0, 1, 2, or 3. | represents or logic.

passwd=XXX

Specifies an RIPv2 password included on all RIPv2 responses sent and checked on all RIPv2 responses received. The password must not contain any blanks, tab characters, commas or '#' characters.

no_ag

Turns off aggregation of subnets in RIPv1 and RIPv2 responses.

no_super_ag

Turns off aggregation of networks into supernets in RIPv2 responses.

passive

Marks the interface/s to not be advertised in updates sent through other interfaces, and turns off all RIP and router discovery through the interface.

no_rip

Disables all RIP processing on the specified interface.

no_rip_out

Disables the transmission of all RIP packets. This setting is the default.

no_ripv1_in

Causes RIPv1 received responses to be ignored.

no_ripv1_out

Disables the transmission of RIPv1 packets.

no_ripv2_in

Causes RIPv2 received responses to be ignored.

no_ripv2_out

Disables the transmission of RIPv2 packets.

rip_out

Enables the transmission of RIPv1 packets.

ripv1_out Enables the transmission of RIPv1 packets.

ripv2_out

Turns off RIPv1 output and causes RIPv2 advertisements to be multicast when possible.

ripv2

Is equivalent to no_ripv1_in and no_ripv1_out. This parameter is set by default.

ripv1_in

Causes RIPv1 packets to be sent.

ripv1

Causes RIPv1 received responses to be handled.

no_rdisc

Disables the Internet Router Discovery Protocol. This parameter is set by default.

no_solicit

Disables the transmission of Router Discovery Solicitations

send_solicit

Specifies that Router Discovery solicitations should be sent, even on point-to-point links, which by default only listen to Router Discovery messages.

no_rdisc_adv

Disables the transmission of Router Discovery Advertisements

rdisc

Enables the transmission of Router Discovery Advertisements

rdisc_adv

Specifies that Router Discovery Advertisements should be sent, even on point-to-point links, which by default only listen to Router Discovery messages.

bcast_rdisc

Specifies that Router Discovery packets should be broadcast instead of multicast.

rdisc_pref=N

Sets the preference in Router Discovery Advertisements to the integer N.

rdisc_interval=N

Sets the nominal interval with which Router Discovery Advertisements are transmitted to N seconds and their lifetime to 3*N.

trust_gateway=rname

Causes RIP packets from that router and other routers named in other trust_gateway keywords to be accepted while packets from other routers to be ignored.

redirect_ok

Causes RIP to allow ICMP Redirect messages when the system is acting as a router and forwarding packets. Otherwise, ICMP Redirect messages are overridden.

supply_router_info

or

advertise_routes

-s option: Supplying this option forces routers to supply routing information whether it is acting as an Internetwork router or not. This is the default if multiple network interfaces are present or if a point-to -point link is in use.

 

-g option: This option is used on Internetwork routers to offer a route to the 'default' destination. This is typically used on a gateway to the Internet, or on a gateway that uses another routing protocol whose routes are not reported to other local routers.

 

-h option: Suppress_extra_host_routes advertise_host_route

 

-m option: Advertise_host_route on multi-homed hosts

 

-A option: Ignore_authentication

no_supply_routing_info

-q option: opposite of -s.

 

Step 2 - Installing a RIP configuration file

Install the RIP configuration file on the appliance using one of the following methods:

RIP needs to be disabled on the appliance before installing certain parameters. Some versions of SGOS are known to crash if these parameters are installed while RIP is enabled. Other versions give a warning message to disable RIP. It is recommended to always disable RIP before installing a new file.

  1. Using the Text Editor, which allows you to enter settings (or copy and paste the contents of an already created file) directly onto the appliance.
  2. Creating a local file on your local system; the appliance can browse to the file and install it.
  3. Using a remote URL, where you place an already created file on an FTP or HTTP server to be downloaded to the appliance.
  4. Using the CLI inline rip-settings command, which allows you to paste the RIP settings into the CLI.
  5. Using the CLI rip commands, which require that you place an already created file on an FTP or HTTP server and enter the URL into the CLI. You can also enable or disable RIP with these commands. Please see below RIP Commands Available in the CLI for more information.

To install the file from the Management Console using one of options 1,2 or 3, please follow the steps below:

  1. Select Configuration > Network > Routing > RIP
  2. To display the current RIP settings, routes, or source, click one or all of the View RIP buttons.
  3. In the Install RIP Settings from drop-down list, select the method used to install the routing table; click Install.
    • Remote URL: In the dialog that appears, enter the fully-qualified URL, including the filename, where the RIP settings file is located. To view the file before installing it, click view.  Click Install. To view the installation results, click Results; close the window when you are finished. Click OK.
    • Local File: In the file browser which appears, browse for the file on the local system. Open it and click Install. When the installation is complete, a results window opens. View the results and close the window.
    • Text Editor: In the dialog which appears, the current configuration is displayed in installable list format. You can customize it or delete it and create your own. Click Install. When the installation is complete, a results window opens. View the results, close the window, and click OK.

Note: When entering RIP settings that affect current settings (for example, when switching from ripv1 to ripv2), disable RIP before you change the settings; re-enable RIP when you have finished

  1. Click Apply.
  2. Select Enable RIP.
  3. Click Apply.

 

Step 3 - Configure Default Route Advertising (OPTIONAL)

Default route advertisements are treated the same as the static default routes; that is, the default route load balancing schemes also apply to the default routes from RIP.

By default, RIP ignores the default routes advertisement. You can change the default from disable to enable and set the preference group and weight through the CLI only.

To enable and configure advertised default gateway routes:

  1. Issue the following commands at the (config) command prompt:

#(config) rip default-route enable
#(config) rip default-route group group_number
#(config) rip default-route weight weight_number

Where group_number defaults to 1 and weight_number defaults to 100, the same as the static default route set by the ip-default-gateway command.

  1. (Optional) To view the default advertised routes, enter:

#(config) show rip default-route
RIP default route settings:
Enabled: Yes
Preference group: 3
Weight: 30

 

Step 4 - Using Passwords with RIP (OPTIONAL)

The first password specified for an interface is used for output. All passwords pertaining to an interface are accepted on input. For example, with the following configuration file settings:

if=0 passwd=aaa
if=1 passwd=bbb
passwd=ccc

Interface 0 accepts passwords aaa and ccc, and transmits using password aaa.
Interface 1 accepts passwords bbb and ccc, and transmits using password bbb. The other interfaces accept and transmit the password ccc.

 

RIP Commands Available in the CLI

#(config) rip disable
Disables the current RIP configuration.

#(config) rip enable
Enables the current RIP configuration.

#(config) rip default-route {enable | disable}
Accepts or denies the incoming default route advertisement.

#(config) rip default-route {group number | weight number}
Allows you to set the preference group and weight of the default routes.

#(config) rip no path
Clears the current RIP configuration path as determined using the rip path url command.

#(config) rip path url
Sets the path to the RIP configuration file to the URL indicated by url.

#(config) show rip {default-route | parameters | routes | statistics}
Displays information on RIP settings, including parameters and configuration, RIP routes, and RIP statistics.

#(config) inline rip-settings eof_marker
Updates the current RIP settings with the settings you include between the beginning eof_marker and the ending eof_marker.