Getting started

ARIP module is a realization of a standard routing protocol RIP.

ARIP routing module support two RIP versions - RIP-1 and RIP-2.

Module configuration is performed by "arip" command.

Command language. Basic principles

ARIP has its own command shell (CS). To start the ARIP module and enter the shell, execute the following commands:

#1> arip start
#1> arip
RIP>

Commands entered in CS are not case-sensitive and can be shortened until ambiguity appears. To get a quick hint you can press “?” at any time:

RIP>?
  configure  Configuration from vty interface
  end        End current mode and change to root mode (CTRL+C).
  exit       Back to WANFleX command shell (CTRL+D).
  help       Print command list
  show       Show running system information
RIP>

CS can work in different modes. Current mode is displayed along with command prefix as “RIP(mode)#”. For example, if configure command is entered, CS switches to  config mode:

RIP> configure
RIP(config)#

The following figure shows the transition scheme between different modes of CS.

One can set the necessary mode or execute commands without specially entering into arip module. For example, if we consistently execute the following commands:

#1> arip configure
#1> arip router
#1> arip
RIP(config-router)#

While entering arip we will enter directly into necessary mode config-router (as it is shown in the example).

Every mode has its own set of commands. The following commands are available in any mode:

• "Help" – prints the list of commands for the current mode
• "End" – goes back from the current mode to the base mode
• "Exit" – exit to WANFleX CLI from RIP CS.

At the start, CS is in the base mode which has a set of commands to view current router state. In order to switch to the configuration mode you should have superuser rights. After entering a configuration mode, the configuration is being blocked and entering in this mode from other terminal (e.g. other telnet session) is prohibited. In order to avoid a “dead” block of the session, CS automatically quits the configuration mode after five minutes of no activity.

Context help is always available using “?”. For example,

RIP> config
RIP(config)#?
  access-list  Add an access list entry
  clear        Reset functions
  end          End current mode and change to root mode (CTRL+C).
  exit         Back to WANFleX command shell (CTRL+D).
  help         Print command list
  interface    Select an interface to configure
  key          Authentication key management
  no           Negate a command or set its defaults
  prefix-list  Build a prefix list
  route-map    Create route-map or enter route-map command mode
  router       Enable a routing process
  show         Show running system information
  stop         stop
RIP(config)# interface?
  IFNAME  Interface's name
RIP(config)# interface eth0
RIP(config-if)#?
  authentication  Authentication control
  description     Interface specific description
  end             End current mode and change to root mode (CTRL+C).
  exit            Back to WANFleX command shell (CTRL+D).
  help            Print command list
  no              Negate a command or set its defaults
  receive         Advertisement reception
  send            Advertisement transmission
  show            Show running system information
  split-horizon   Perform split horizon
RIP(config-if)#

After quitting CS using “exit” command (or Ctrl+D), CS stays in the last active mode.

Commands may have different parameters. Commands parameters are specified in several formats. Parameter’s format is described in the context help or in the list of commands ("help" command) in the following way:

• "A.B.C.D" – a parameter is set in IP-address format. Example: 192.168.0.15
• "WORD" – a set of characters with no spaces
• "<1-N>" - a parameter is set as a decimal number in a range from 1 to N
• "A.B.C.D/M" – a parameter is set in a format IP-address/subnet mask length. Example: 192.168.0.0/24
• "IFNAME" – name of a physical network interface. Example: eth0

If a parameter can be written in different formats, it will be displayed in round brackets, the options are separated by “|” character. Example: (A.B.C.D|<0-4294967295>).

If a parameter is optional, it is put into square brackets: “[]”.

Any command may contain “no” prefix. Having this prefix in the command means deleting a corresponding parameter from the configuration.

Start / stop of RIP

Start of the RIP router is executed by the following command:

arip start

In order to stop RIP, execute the following command in config mode:

stop (daemon|clear)

Example,

> arip
RIP> configure
RIP(config)# stop daemon

If “stop” command is executed with clear parameter, the router will clear its part of the system configuration prior to quitting CS.

Filters

In many participating in the configuration parameters of the router filters are used. Filters are represented by two classes of objects:

• Access lists (access-list)
• Prefixes lists (prefix-list)

Access lists consist of a set of operators. Each operator consists of a range of IP-addresses and deny or permit command. The range of addresses is set as <value> <mask for insignificant bits>. The object to be filtrated has its basic parameter in the same format (IP-address, subnet etc). To make a decision whether the object corresponds with a list, each operator from the list is consequently applied to the basic parameter of the object until this parameter satisfies the condition. When a right condition is met, the decision is made according to the record in the command of the operator (deny or permit).

In RIP router there are three types of access lists:

• Standard. Is identified by numbers 1-99 or 1300-1999 and is used to analyze one parameter of filtration object.
• Extended. Is identified by numbers 100-199 or 2000-2699 and is used to analyze two parameters of filtration object (for example, source address and destination address).
• Nominate. Identical to Standard but is identified by a name (not number). Moreover, operators are configured in the format of <value>/<mask length>

In order to create or edit an access list in RIP router the following commands are used (in config mode):

• Standard access lists

This command creates an operator in a standard access list. Value and mask define a range (criteria) for the operator. The mask defines those bits of the value which form the range. For example, in order to specify the range of IP-address from 192.168.12.0 to 192.168.12.255, one should specify the value of 192.168.12.0 and a mask of 0.0.0.255. For the value and mask of 0.0.0.0 255.255.255.255 there is a key word any. For example, the command:

RIP(config)# access-list 1 permit 0.0.0.0 255.255.255.255

is equal to the command:

RIP(config)# access-list 1 permit any

Correspondingly, for the range which consists of only one address, the key word host  is used.

For example, the command:

RIP(config)# access-list 1 permit 192.168.12.150 0.0.0.0

is equal to the following command:

RIP(config)# access-list 1 permit host 192.168.12.150

• Extended access lists

• Nominate access lists

In this case the list identifier is a character expression. The range is specified in a format of <value>/<mask length>. For example, if we need to specify the range of IP-addresses from 192.168.12.0 to 192.168.12.255, 192.168.12.0/24 is specified. For 0.0.0.0/0 range the key word any can be used. For example:

RIP(config)# access-list TestList1 deny 192.168.1.0/24
RIP(config)# access-list TestList1 permit any

While configuring, the operators are appended to the end of the list.

Lists of prefixes are different from access lists so that each operator has a number aside from a range (condition). Moreover, when a check for the parameter to fit into an operator’s range is performed, one can set up additional condition for the parameter’s mask length.

If a sequential number is not specified the router sets it up automatically by adding 5 to the number of the last operator in a list. Thus, the operator will have the biggest number and will be placed in the end of the list.

RIP configuration

The router can be enabled on the interface in several ways:

• By network specification. RIP will be enabled on the interface with network address matching with the specified network. This can be performed by the following command in the "config-router" mode:

network A.B.C.D/M  

Network is specified by its IP-prefix and mask.

• By interface name. RIP will be enabled on the specified interface. This can be performed by the following command in the "config-router" mode:

network WORD

where WORD is interface name.

Example,

RIP>configure
RIP(config)# router
RIP(config-router)# network 4.7.8.0/24
RIP(config-router)# network  rf5.0
RIP(config-router)#

 To cancel RIP on the interfacer use command:

no network A.B.C.D/M
no network WORD

In some cases not all routers understand multiсast requests. To solve this problem, you can establish a direct link between routers. To implement this, use the command in "config-router" mode:

neighbor a.b.c.d

"a.b.c.d" – router’s neighbor address. To cancel link between routers:

no neighbor a.b.c.d

 To announce information from other routing protocols use the following command in "config-router" mode:

redistribute (kernel|connected|static|ospf) [metric <0-16777214>] [route-map WORD]

To define criteria according to which a router will announce information from some routing protocol, use the command in config-router mode:

distribute-list WORD direct ifname

• "WORD" – list name
• "direct" – direction (values “in” or “out”. When direct is “in” access list is adjusted to input packages, when “out” – to output packages). This command connects access list with the interface.

In the following example, the "eth0" allows only those packets that are routed to 10.0.0.0/8:

RIP(config-router)# distribute-list private in eth0
RIP(config-router)# access-list private permit 10 10.0.0.0/8
RIP(config-router)# access-list private deny any

Default metric is specified using the following command in the "config-router" mode:

default-metric <0-16>

If default metric is not defined, it equals 1.

In redistribute kernel mode the router will not make an advertisement into RIP system about having a default route (destination = 0.0.0.0/0 network), even if it is clearly written in the routing table by the administrator. In order for the router to advertise its default route it is necessary to clearly force him to do that using a command in "config-router" mode:

default-information originate

To cancel advertising of the default route us the command:

no default-information originate

The following command enables “split horizon" algorithm at the device’s ip interface in the config-if mode:

split-horizon [poisoned-reverse]

When the "split horizon" algorithm is enabled device doesn’t announce routes through an interface from which they were obtained, thus reducing the likelihood of a local routing cycles.

If "poisoned-reverse" option is set device when removing the route still some time left it in the routing table and include it in the standard distribution announcement with special reference so that neighboring routers realize that the route is no longer used. Metrics of a route with the value 16 is used as a metrics for this.

"Split horizon" algorithm without "poisoned-reverse" option is enabled by default.

To cancel "split horizon" algorithm use command:

no split-horizon

Route map (route-map)

For more flexible configuration of metric type and its value, one can use a route-map. Route-map is a set of conditional records. Each record has its number in the map, a condition of correspondence for the importing route of the record, actions to be done with a resulting object in case of its correspondence, resulting action (deny, permit) etc. Routes are listed in the route-map according to their number in ascending order. If a route satisfies a record’s condition:

• If a resulting action is deny, the route is denied, review of map’s records is aborted and a resulting object is cancelled (link is not advertised)
• If a resulting action is permit, all actions specified in the record are performed for a resulting object. Further, records viewing is stopped or, if specified in the scenario, it is resumed depending on the option specified in the scenario:
  • "on-match next" – viewing is continued from the record which follows a current record
  • "on-match goto <N>" - viewing is continued from the record which number is more or equal N but is not less than current number.

In order to configure a route-map, the following command is used in config mode:

route-map WORD (deny|permit) <1-65535>

where "WORD" – route-map identifier. This identifier is followed by a resulting action and the number of the record. If a record with a specified number does not exist it will be automatically created. After executing this command, CS switched to the mode for editing a selected route-map. For example,

RIP> configure
RIP(config)# route-map testmap permit 10
RIP(config-route-map)#

After that, a condition of match between imported route and current record is specified. The following commands are used in config-route-map mode:

match address (<1-199>|<1300-2699>|WORD)
match address prefix-list WORD
match interface WORD
match next-hop (<1-199>|<1300-2699>|WORD)
match next-hop prefix-list WORD

These commands set matching conditions for the route according to three different parameters: destination, gateway (next hop) and interface. For every record it is permitted to set a number of different conditions. If several conditions are specified they will be conjugated by logical “and”. In "match next-hop" and "match address" command a filtration object is specified (number or name): number or name of "access-list" or "prefix-list" name. In this case the condition will be satisfied if a corresponding route’s parameter belongs to the specified filtering list, according to the rule corresponding to the list type. In "match interface" command a network interface name is specified to which a route belongs.

If a route matches to all record’s rules one can set values for route metric for this router using command in "config-route-map" mode:

set metric <0-4294967295>

The next step for the record’s behavior, after all conditions are matched by the route, can be configured using one of the following commands:

on-match goto <1-65535>
on-match next

Configuration example:

RIP> configure
RIP(config)# access-list AnyNetwork permit any
RIP(config)# access-list net200 permit 192.168.200.0/24
RIP(config)# route-map mapForConnected permit 10
RIP(config-route-map)# match address net200
RIP(config-route-map)# set metric 7
RIP(config-route-map)# route-map mapForConnected deny 11


RIP(config-route-map)# match address AnyNetwork
RIP(config-route-map)# router
RIP(config-router)# redistribute connected route-map mapForConnected
RIP(config-route-map)#

In this configuration the router will announce a route formed from the connected routes of the system routing table. With this, if a destination for this route is 192.168.200.0/24 network the formed route will have metric 7, any other destination will not lead to route announcing it.

route-map WORD (in|out) IFNAME

Authentication. Identity check

In order to prevent an unauthorized connection of the routers to RIP system, the system has an identity check for protocol’s packets. Currently the router has two different options for identity check (authentication):

• Password authentication. Simple password authentication is vulnerable for passive attacks (sniffing) because broadcasting is used and the packet has a password in an explicit form.
• Key-based authentication. Key is used while generation and check of message-digest signatures. Digital signature is built based on MD5 algorithm. As a secret key is never send over the network in a clear form, this gives a protection from passive attacks.

By default, the router does not have any authentication (null-authentication).

Authentication can be configured individually for each interface using the following commands in "config-if" mode:

• Password authentication:

authentication mode text
authentication string LINE

where "LINE" – password, less than 16 symbols.

• Key-based authentication:

authentication mode md5
authentication key-chain LINE

where "LINE" – name of the secret MD5 key.

To configure the key which name is specified in "LINE" parameter use command in "config" mode:

RIP(config)# key chain WORD
RIP(config-keychain)# key <0-2147483647>
RIP(config-keychain-key)# key-string LINE

• "WORD" – key chain name
• "<0-2147483647>" - key ID
• "LINE" – secret md5 key.

Timers configuration

RIP protocol has several timers. User can configure those timers’ values by timer’s basic command. The default settings for the timers are as follows:

• The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an unsolicited Response message containing the complete routing table to all neighboring RIP router
• The timeout timer is 180 seconds. Upon expiration of the timeout, the route is no longer valid; however, it is retained in the routing table for a short time so that neighbors can be notified that the route has been dropped
• The garbage collect timer is 120 seconds. Upon expiration of the garbagecollection timer, the route is finally removed from the routing table.

The following command in "config-router" mode allows the the default values of the timers listed above to be changed:

timers basic update timeout garbage

The no timers basic command will reset the timers to the default settings listed above:

no timers basic

show access-list

show memory

show rip

show route