Configuring RIP in JUNOS
Configuring RIP in JUNOS
Network topology:
Here, RIP is enabled between Juniper Networks M10i router and SRX210 Service Gateway.
Initial RIP Configuration
M10i router:interfaces { fe-0/3/0 { unit 0 { family inet { address 172.16.6.10/24; } } } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } }}protocols { rip { group RIP_GROUP { neighbor fe-0/3/0.0; neighbor lo0.0; } }}SRX210:interfaces { ge-0/0/0 { unit 0 { family inet { address 172.16.6.20/24; } } }}protocols { rip { group RIP_GROUP { neighbor ge-0/0/0.0; } }}The show rip neighbor command shows RIP neighbor(s). The term "Neighbor" is a misnomer since the neighbor here is the logical interface connected to this router. The state is UP. RIPv2 uses multicast address 224.0.0.9 to exchange routes.
RIP Neighbors
user@SRX210> show rip neighbor Source Destination Send Receive InNeighbor State Address Address Mode Mode Met-------- ----- ------- ----------- ---- ------- ---ge-0/0/0.0 Up 172.16.6.20 224.0.0.9 mcast both 1Since the state is UP, we presume that RIP routes should be exchanged between two devices. The show route protocol rip command shows RIP routes learnt by the router.
RIP Routes
user@SRX210> show route protocol ripinet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both224.0.0.9/32 *[RIP/100] 00:01:49, metric 1 MultiRecvThe above table indicates no RIP routes are learnt by the router. The issues is- by default, RIP does not export any routes from the local routing table to its neighbors. This includes the directly connected interfaces running RIP protocol. Hence, a routing policy is required to export RIP routes to the neighbors.
Routing policy to export RIP routes:
A routing policy is first defined and then applied to RIP on M10i router. This routing policy advertises the directly connected RIP interfaces (direct keyword) and transit RIP routes (RIP keyword).
Export RIP Routes on M10i
policy-options { policy-statement RIP_ROUTES { term ADVERTISE { from protocol [ rip direct ]; then accept; } }}protocols { rip { group RIP_GROUP { export RIP_ROUTES; neighbor fe-0/3/0.0; neighbor lo0.0; } }}Once the routing policy is applied, M10i router starts to advertise RIP routes.
Advertised RIP Routes
user@SRX210> show route protocol ripinet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both1.1.1.1/32 *[RIP/100] 00:00:37, metric 2, tag 0 > to 172.16.6.10 via ge-0/0/0.0224.0.0.9/32 *[RIP/100] 00:08:53, metric 1 MultiRecvModifying the Incoming Metric:
It is required that the incoming metric of RIP routes be changed when SRX210 devices receives them. The RIP metric should be incremented by 5. This is done on per-neighbor basis.
Changing Incoming Metric
protocols { rip { group RIP_GROUP { neighbor ge-0/0/0.0 { metric-in 5; } } }}This change causes all the received RIP routes to increase their metric by 5.
Result of metric change
user@SRX210> show route protocol ripinet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both1.1.1.1/32 *[RIP/100] 00:13:29, metric 6, tag 0 > to 172.16.6.10 via ge-0/0/0.0224.0.0.9/32 *[RIP/100] 00:00:24, metric 1 MultiRecvAuthentication:
By default, no authentication is enabled between RIP neighbors. Authentication can be configured globally for all neighbors or on a per-neighbor basis. Two types of authentication methods are available in RIP- Simple authentication and MD5 authentication
Here, MD5 authentication is configured on per-neighbor basis. Although, the authentication-key was entered in plain-text, the JUNOS software encrypts it.
MD5 Authentication
rip { group RIP_GROUP { neighbor ge-0/0/0.0 { metric-in 5; authentication-type md5; authentication-key "$9$96RKt0IylMNdsEcds24DjCtu"; ## SECRET-DATA } }}