RIP 101

Starting the routing process

R(config)# router rip
R(config-router)# network NETWORK-ADDR

In RIP there is no wildcard option when configuring the network command. The NETWORK-ADDR will always be considered a classful address and will match all interfaces that are in the same classful network:

R1(config-router)#do sh run | se router
router rip

The network command enables RIP on the interfaces where an IP address is configured that is part of the classful network that is defined in the command. By enabling RIP on that interface, the router will advertise the subnets for the interfaces where RIP has been enabled.

RIP Versions

  • By default, a router will send V1 updates, but will accept both v1 and v2

  • Version 2 can be enabled globally or per interface:

    ! Globally, inside the router process
    R(config-router)# version {1|2}
    ! Per interface
    R(config-if)# ip rip {send|receive} version {1|2|1 2}

RIPv1 vs RIPv2

  • RIPv2 is backwards compatible with RIPv1, but RIPv1 ignore version 2 updates

  • RIPv2 supports VLSM, RIPv1 doesn’t – RIPv1 is a classful routing protocol that does not send netmask information in routing updates

  • RIPv2 sends updates using multicast instead of broadasts like RIPv1

  • RIPv2 supports authentication (MD5 and text)

  • RIPv2 supports route tagging (for redistribution)

RIPv1 updates

RIPv1 does not send netmask information in routing updates, so it uses a system to deduce the mask associated with a destination. When sending an update:

  • Is the advertised network part of the same major network as the outgoing interface?

    • NO: Advertise the major network of the route (Auto-Summary)

    • YES: Does the advertised network has the same netmask as the outgoing interface?

      • YES: Advertise the network

      • NO: Is it a host route? (/32 netmask)

        • YES: advertise the network

        • NO: Do not advertise the network

When receiving an update:

  • Is the received network part of the same major network as the incoming interface?

    • YES: Does it has non-zero bits in the host part (Host network)?

      • YES: Add it to the routing table as a host network (/32)

      • NO: Add it to the routing table with the same netmask as the incoming interface

    • NO: Then it must be a major netwokr. Are there any subnets of this major network already in the routing table, received on other interfaces?

      • YES: Drop the route (Does not support discontiguous networks)

      • NO: Apply a classful mask to the network address and add it to the routing table

Split Horizon

  • “Split Horizon” rule blocks information about routes from being advertised out the interface where that information was received on.

  • “Split Horizon” is on by default, except on Frame Relay physical interfaces. It should be manually disabled on multipoint subinterfaces, or even on Ethernet interfaces, when it is needed.

  • To disable/enable split-horizon on an interface use:

    R(config)# [no] ip split-horizon
  • To verify if split-horizon is enabled or not, use:

    R# show ip interface INTERFACE | i Split
     Split horizon is enabled

Passive interfaces

Setting an interface as passive will disable sending advertisements, but will not disable receiving advertisements.

! Use this command to make all interfaces passive by default:
R(config-router)# passive-interface default
! Use this to enable/disable sending on one interface:
R(config-router)# [no] passive-interface INTERFACE


Static Neighbors

Static neighbors for RIP can be defined with the command:

R(config)# neighbor NEIGH-ADDR

Now, communication with this neighbor will be done using unicast addresses. Unlike EIGRP, multicast addresses will still be used on the interfaces where static neighbors are defined.


RIPv2 supports both MD5 and text authentication.

  1. Define the key chain:

    R(config)# key chain KEY-CHAIN
    R(config-keychain)# key KEY-NUMBER
    R(config-keychain-key)# key-string KEY-STRING
    ! Optionally, define an accept-lifetime
    R(config-keychain-key)# accept-lifetime START-TIME {infinte|END-TIME|duration SEC}
    ! Optionally, define the a send-lifetime
    R(config-keychain-key)# send-lifetime START-TIME {infinte|END-TIME|duration SEC}
    R(config-keychain-key)# end
  2. Apply it on an interface:

    ! set the authentication as MD5 or plain text
    R(config-if)# ip rip authentication mode {md5|text}
    R(config-if)# ip rip authentication key-chain KEY-CHAIN

When using plain text authentication, the Key ID is ignored. Whe using md5 authentication, the Key ID should match for a properly working network. But in fact, a router will accept RIP packets authenticated with a lower key ID and will reject RIP packets authenticated with a higher key ID.


  • RIP sends routing updates at regular intervals and when the network topology changes.

  • Routing updates are sent every 30 sec(default UPDATE)

  • If no update is received for a route for 180 sec(default INVALID), the route is marked inaccessible and advertised as unreachable (metric 16). However, the route is still used for forwarding packets

  • If no update is received for a route for 240 sec(default FLUSH), the route is removed from the routing table.

  • When a router receives an update with a metric worse than the one it already has, it puts the route in hold-down state. The route stays in this state for 180 sec (default HOLD-DOWN), interval during which outing information regarding better paths is suppressed. The route is marked inaccessible and advertised as unreachable. However, the route is still used for forwarding packets. When HOLD-DOWN expires, routes advertised by other sources are accepted and the route is no longer inaccessible.

The timer values can be changed globally:

! Globally:
R(config-router)# timers basic UPDATE INVALID HOLD-DOWN FLUSH [SLEEP]
! Default: 30 sec, 180 sec, 180 sec, 240 sec

The UPDATE interval can be changed per interface:

R(config-if)# ip rip advertise UPDATE
! Default: 30 sec


  • RIP uses UDP 520 (both source and destination) to exchange routing information

  • One RIP update packet can accomodate up to 25 routing updates

  • RIPv1 sends updates as broadcasts to

  • By default, RIPv2 sends updates to the multicast address (MAC: 01-00-5E-00-00-09)

  • Multicasts in RIPv2 can be sent as broadcasts too, using the commnand:

    R(config-if)#ip rip v2-broadcast
  • RIPv2 can also send updates as unicast if the neighbor is defined using:

    R(config)# neighbor NEIGHBOR-ADDR
    !Unless the interface is passive, the router will send both multicast
    !and unicast address to the statically defined neighbors
  • To check what kind of updates are sent, use:

    R# debug ip rip
  • Updates are sourced only from the primary IP of the interface.

  • When an update is received, the router checks if the source IP is in the same subnet as any IP address on the receiving interface. If it doesn’t find an IP address on the interface in the same subnet as the update source, it drops the update.

  • It can be a problem when using PPP or unnumbered links, because each end of the link can be in different subnets.

  • You can disable this behavior using:

    R(config-router)# no validate-update-source
  • Normally, updates are sent every UPDATE , but you can set RIP to only send updates when there is a change in the topology. This can be usefull on Dial interfaces

    R(config-if)# ip rip triggered

RIP Metric

  • RIP uses hop count as route metric

  • A metric of 16 equals infinty – The route is considered inaccesible

Offset lists

Use offset lists to add a value to the calculated metric:

R(config-router)# offset-list ACL {in|out} OFFSET

Offset value must be between 1 and 16. Remember that any route that has a metric of 16 is considered down. You can control how far a RIP update can reach by advertising the routes with a certain metric. E.g., advertising the routes with a metric of 15, will allow only the next hop router to accept the route. Provided no other metric manipulation is done, other routers, beyond the next hop router, will consider the route inaccessible.

RIP Administrative Distace

The default AD for RIP is 120. This can be changed using the distance command:

R(config-router)# distance AD [SRC-ADDR WILDCARD [ACL]]

Load Balancing

RIP can only perform load balancing when the metric is equal. Use offset lists to modify the route metric in order to manually engineer load balancing.

Distribute lists

Use them to filter the updates that are sent or received

! Using ACLs
R(config-router)# distribute-list ACL {in|out} [INTERFACE]
! Using Prefix-list
R(config-router)# distribute-list prefix PREFIX-LIST {in|out} [INTERFACE]
! Using gateway - filter based on the source of the update:
R(config-router)# distribute-list gateway PREFIX-LIST1 [prefix PREFIX-LIST2] {in|out} [INTERFACE]


By default, RIP summarizes at major network boundaries. This can be disabled using:

R(config-router)# no auto-summary

Manual summarization can be done per interface, using:

R(config-if)# ip summary-address rip SUMMARY-ADDR SUMMARY-MASK

When manually summarizing, you can’t go past the major network. As a workaround, you can add a static route to NULL and redistribute static. The summary route will have a metric equal to the lowest metric of all its children. Unlike EIGRP, RIP does not add a NULL route when summarizing.

Default routes

You can enable RIP to advertise a default route using:

R(config-router)# default-information originate [route-map ROUTE-MAP]

The route map can be used to make conditional advertisement of the default route:

  • Advertise a default route only on some interfaces:

    R(config)# route-map ROUTE-MAP
    R(config-route-map)# set interface INTERFACE
  • Advertise a default route only if another route is in the routing table:

    R(config)# route-map ROUTE-MAP
    R(config-route-map)# match ip address prefix-list PREFIX-LIST

Last updated