Friday, November 30, 2012

A look at classic RIPv1 & v2 differences

Here's a quick review of the differences in RIPv1 and RIPv2. RIP ( Routed IP ) has been a dynamic routing protocol going back to the beginning of the internet.

At one time, it was also the most common dynamic routing protocol before OSPF and EIGRP came of use. Almost all unix systems supported, it as daemon known as;  in.routed or routed.

Rip had serious drawbacks and here's some of the cons;

1: convergence was slow, when compared to  OSPF or EIGRP
2: it's limited to 16 hops ( it's a distance vector protocol )
3: updates are constant regardless of changes in the network topology ( very chatting )
4: packet size limits the total numbers of routes that could be installed in a update


The  RIPv1  updates  sends only  class ( A B C ) only  network in the updates. So networks are summarize into a Class Boundary based on the network number ;


Ken-Felixs-MacBook:~ root# tcpdump -nvv -i en0 port 520         
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:17:48.561285 IP (tos 0x0, ttl 64, id 1609, offset 0, flags [none], proto UDP (17), length 132)
    192.168.1.99.520 > 192.168.1.255.520: [udp sum ok]
    RIPv1, Response, length: 104, routes: 5
      3.0.0.0, metric: 16
      4.0.0.0, metric: 16
      99.99.99.1, metric: 1
      99.99.99.2, metric: 1
      192.168.1.0, metric: 16
    0x0000:  0201 0000 0002 0000 0300 0000 0000 0000
    0x0010:  0000 0000 0000 0010 0002 0000 0400 0000
    0x0020:  0000 0000 0000 0000 0000 0010 0002 0000
    0x0030:  6363 6301 0000 0000 0000 0000 0000 0001
    0x0040:  0002 0000 6363 6302 0000 0000 0000 0000
    0x0050:  0000 0001 0002 0000 c0a8 0100 0000 0000
    0x0060:  0000 0000 0000 0010





23:18:19.558392 IP (tos 0x0, ttl 64, id 1610, offset 0, flags [none], proto UDP (17), length 132)
    192.168.1.99.520 > 192.168.1.255.520: [udp sum ok]
    RIPv1, Response, length: 104, routes: 5
      3.0.0.0, metric: 16
      4.0.0.0, metric: 16
      99.99.99.1, metric: 1
      99.99.99.2, metric: 1
      192.168.1.0, metric: 16
    0x0000:  0201 0000 0002 0000 0300 0000 0000 0000
    0x0010:  0000 0000 0000 0010 0002 0000 0400 0000
    0x0020:  0000 0000 0000 0000 0000 0010 0002 0000
    0x0030:  6363 6301 0000 0000 0000 0000 0000 0001
    0x0040:  0002 0000 6363 6302 0000 0000 0000 0000
    0x0050:  0000 0001 0002 0000 c0a8 0100 0000 0000
    0x0060:  0000 0000 0000 0010
^C
2 packets captured
10 packets received by filter




Where as  RIPv2 supports classlesss mask information in the updates.



23:13:47.572172 IP (tos 0x0, ttl 1, id 34644, offset 0, flags [none], proto UDP (17), length 192)
    192.168.1.99.520 > 224.0.0.9.520: [udp sum ok]
    RIPv2, Response, length: 164, routes: 8
      Unknown (3) Authentication data:
      0x0000:  0090 0114 3844 7105 0000 0000 0000 0000
      AFI IPv4,         0.0.0.0/0 , tag 0x0000, metric: 16, next-hop: 192.168.1.1
      AFI IPv4,         3.3.3.0/24, tag 0x0000, metric: 16, next-hop: 192.168.1.1
      AFI IPv4,        4.4.44.0/24, tag 0x0000, metric: 16, next-hop: self
      AFI IPv4,      99.99.99.1/32, tag 0x0000, metric: 1, next-hop: self
      AFI IPv4,      99.99.99.2/32, tag 0x0000, metric: 1, next-hop: self
      AFI IPv4,     192.168.1.0/24, tag 0x0000, metric: 16, next-hop: self
      Unknown (1) Authentication data:
      0x0000:  6cc3 7237 64c9 518b b627 429f 27eb f8e2
    0x0000:  0202 0000 ffff 0003 0090 0114 3844 7105
    0x0010:  0000 0000 0000 0000 0002 0000 0000 0000
    0x0020:  0000 0000 c0a8 0101 0000 0010 0002 0000
    0x0030:  0303 0300 ffff ff00 c0a8 0101 0000 0010
    0x0040:  0002 0000 0404 2c00 ffff ff00 0000 0000
    0x0050:  0000 0010 0002 0000 6363 6301 ffff ffff
    0x0060:  0000 0000 0000 0001 0002 0000 6363 6302
    0x0070:  ffff ffff 0000 0000 0000 0001 0002 0000
    0x0080:  c0a8 0100 ffff ff00 0000 0000 0000 0010
    0x0090:  ffff 0001 6cc3 7237 64c9 518b b627 429f
    0x00a0:  27eb f8e2
^C
24 packets captured
2893 packets received by filter
0 packets dropped by kernel


See the differences? This can become a issues if used in various designs and no consideration for summarization.

RIPv1 sends no CIDR-prefix information in it's update. Both  version sends to udp.port 520, but RIPv2 uses multicast ( 224.0.0.9)  and RIPv1 uses broadcast.Multicast is far superior to broadcasting a packet that's handle by all hosts in the broadcast domain.

One other key thing, RIPv2 supports  text or md5 based authentication in all of it updates. The above update shows md5 but here's a simple text-authentication.

23:03:51.052452 IP (tos 0x0, ttl 1, id 34595, offset 0, flags [none], proto UDP (17), length 92)
    192.168.1.99.520 > 224.0.0.9.520: [udp sum ok]
    RIPv2, Response, length: 64, routes: 3
      Simple Text Authentication data: myrip
      AFI IPv4,      99.99.99.1/32, tag 0x0000, metric: 1, next-hop: self
      AFI IPv4,     192.168.1.0/24, tag 0x0000, metric: 16, next-hop: self
    0x0000:  0202 0000 ffff 0002 6d79 7269 7000 0000
    0x0010:  0000 0000 0000 0000 0002 0000 6363 6301
    0x0020:  ffff ffff 0000 0000 0000 0001 0002 0000
    0x0030:  c0a8 0100 ffff ff00 0000 0000 0000 0010

The authentication string is a simple word of myrip. I hope this helps & with understanding the differences between RIPv1 and v2.

And the last noticeable difference, RIPv2 supports AFI ( address family indicators ).


Ken Felix
Freelance Network and Security Engineer
kfelix " at  hyperfeed.com

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)