Saturday, December 17, 2011

RIP SOURCE VALIDATION

To finish up on rip i looked at the rip source validation this feature is on by
default in rip and what it does is that it will only accept updates from a router on
your same subnet.

r1 10.229.254.1/24 >>>>>>>> 10.229.254.2/24 r2 = ok on same subnet
r1 10.229.253.1/24 >>>>>>>>10.229.254.2/24 r2 - not ok not same subnet
IN general this is fine as in most designs routers connected will be on the same
subnet but there is a case where it comes an issue this is when you are using ppp
running ipcp as discussed previously it is possible as of the installation of the
host route in ppp that two routers connected could be on different subnets in a valid
configuration. In this type of case it will need to be disabled.
Source validation will auto disable for unnumbered interfaces but not directly
connected
LAB
----
so r4 and r5 are directly connected i will put r4 and r5 in different subnet using
ppp in valid config that bought can ping and we will stop reciveing rip updates


r4
---
r4(config-if)#do sh run int s0/1/0
Building configuration...
Current configuration : 105 bytes
!
interface Serial0/1/0
 ip address 10.10.10.3 255.255.255.0
 encapsulation ppp
 clock rate 2000000
end
r4(config-if)#
r5
---
r5(config)#do sh run int s0/1/0
Building configuration...
Current configuration : 85 bytes
!
interface Serial0/1/0
 ip address 11.11.11.1 255.255.255.0
 encapsulation ppp
end
r5(config)#

so r5 s0/1/0 and r4 s0/1/0 are in completely different subnet running ppp

r5#ping 10.10.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
i can ping successful r4 s0/1/0 from r5
as ppp has put a host route automatically in the routing table of r5

r5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     6.0.0.0/32 is subnetted, 1 subnets
C       6.6.6.6 is directly connected, Loopback1
     10.0.0.0/32 is subnetted, 1 subnets
C       10.10.10.3 is directly connected, Serial0/1/0
     11.0.0.0/24 is subnetted, 1 subnets
C       11.11.11.0 is directly connected, Serial0/1/0

i have enabled rip on both r4 and r5

r5
--
router rip
 version 2
 timers basic 30 180 0 240
 network 5.0.0.0
 network 6.0.0.0
 network 11.0.0.0
 no auto-summary

r4
--
router rip
 version 2
 timers basic 30 180 0 240
 network 3.0.0.0
 network 4.0.0.0
 network 10.0.0.0
 no auto-summary

I am not learning any routes via rip
r4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback1
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial0/1/0
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.1 is directly connected, Serial0/1/0
r4#
In the debug ip rip i see the following message
*Dec 17 14:02:23.255: RIP: ignored v2 update from bad source 11.11.11.1 on
Serial0/1/0

r4(config)#router rip
r4(config-router)#no validate-update-source
r4(config-router)#

r4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback1
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     5.0.0.0/32 is subnetted, 1 subnets
R       5.5.5.5 [120/1] via 11.11.11.1, 00:00:04
     6.0.0.0/32 is subnetted, 1 subnets
R       6.6.6.6 [120/1] via 11.11.11.1, 00:00:04
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Serial0/1/0
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.1 is directly connected, Serial0/1/0
r4#
we are now recieving the routes

Ok i am going change it back and this time i am going use an unnumbered interface for
s0/1/0 on r5 and r4
SO i am back on r4 and not recieving rip updates as of bad source

I am taking the ip address of serial 0/1/0 and putting it on lo10 then i am using the
ip numbered on serial0/1/0 telling it to use the ip of lo10

I am back recieving rip updates this tell us that validate source is disabled on
unnumbered interfaces
r4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback1
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     5.0.0.0/32 is subnetted, 1 subnets
R       5.5.5.5 [120/1] via 11.11.11.1, 00:00:03, Serial0/1/0
     6.0.0.0/32 is subnetted, 1 subnets
R       6.6.6.6 [120/1] via 11.11.11.1, 00:00:03, Serial0/1/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Loopback10
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.1 is directly connected, Serial0/1/0
r4#

No comments:

Post a Comment