Configuration Guide: RIP

From: IP Routing: RIP Configuration Guide, Cisco IOS Release 15M&T

RIP Overview

  • The Routing Information Protocol (RIP) uses broadcast UDP data packets to exchange routing information. 
  • Cisco IOS software sends routing information updates every 30 seconds.
  • If a device does not receive an update from another device for 180 seconds or more, the receiving device marks the routes served by the nonupdating device as unusable. 
  • If there is still no update after 240 seconds, the device removes all routing table entries for the nonupdating device.
  • The Routing Information Protocol (RIP) sends routing-update messages at regular intervals and when the network topology changes.
  • The metric value for the path is increased by 1, and the sender is indicated as the next hop. 
  • RIP devices maintain only the best route (the route with the lowest metric value) to a destination.
  • By default, the software receives RIP Version 1 (RIPv1) and RIPv2 packets, but sends only RIPv1 packets.
  • To override the default behavior, you can configure the RIP version that an interface sends. 
  • Similarly, you can also control how packets received from an interface are processed.
  • RIPv1 does not support authentication. If you are sending and receiving RIP v2 packets, you can enable RIP authentication on an interface.
  • The key chain determines the set of keys that can be used on the interface. Authentication, including default authentication, is performed on that interface only if a key chain is configured.
  • Cisco supports two modes of authentication on an interface on which RIP is enabled: plain-text authentication and message digest algorithm 5 (MD5) authentication. Plain-text authentication is the default authentication in every RIPv2 packet.
  • To control the set of interfaces with which you want to exchange routing updates, you can disable the sending of routing updates on specified interfaces by configuring the passive-interface router configuration command.
  • You can use an offset list to increase increasing incoming and outgoing metrics to routes learned via RIP. Optionally, you can limit the offset list with either an access list or an interface.
  • You can make the following timer adjustments:
    • The rate (time, in seconds, between updates) at which routing updates are sent
    • The interval of time, in seconds, after which a route is declared invalid
    • The interval, in seconds, during which routing information about better paths is suppressed
    • The amount of time, in seconds, that must pass before a route is removed from the routing table
    • The amount of time for which routing updates will be postponed

RIP Route Summarization

  • Summary IP address functions more efficiently than multiple individually advertised IP routes for the following reasons:
  • The summarized routes in the RIP database are processed first.
  • Any associated child routes that are included in a summarized route are skipped as RIP looks through the routing database, reducing the processing time required. Cisco routers can summarize routes in two ways:
  • Automatically, by summarizing subprefixes to the classful network boundary when crossing classful network boundaries (automatic summary).
  • As long as there are child routes for a summary address, the address remains in the routing database.
  • When the last child route is removed, the summary entry also is removed from the database.
  • The lowest metric of the "best route" of an aggregated entry, or the lowest metric of all current child routes, be advertised.
  • You can verify which routes are summarized for an interface using the show ip protocols EXEC command. You can check summary address entries in the RIP database.
  • The split horizon mechanism blocks information about routes from being advertised by a device out of any interface from which that information originated.
  • By default, the software adds no delay between packets in a multiple-packet RIP update being sent. If you have a high-end router sending to a low-speed router, you might want to add such interpacket delay to RIP updates, in the range of 8 to 50 milliseconds.
  • By default, the Cisco software validates the source IP address of incoming Routing Information Protocol (RIP) routing updates. If the source address is not valid, the software discards the routing update.

Neighbor Router Authentication

  • Without neighbor authentication, unauthorized or deliberately malicious routing updates could compromise the security of your network traffic.
  • There are two types of neighbor authentication used: plain text authentication and Message Digest Algorithm Version 5 (MD5) authentication.
  • Both forms work in the same way, with the exception that MD5 sends a "message digest" instead of the authenticating key itself. The message digest is created using the key and a message, but the key itself is not sent, preventing it from being read while it is being transmitted. Plain text authentication sends the authenticating key itself over the wire.
  • The IP-RIP Delay Start feature is used on Cisco devices to delay the initiation of Routing Information Protocol Version 2 (RIPv2) neighbor sessions until the network connectivity between the neighbor devices is fully operational.


  • An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via RIP. This is done to provide a local mechanism for increasing the value of routing metrics. Optionally, you can limit the offset list with either an access list or an interface.

Configuring RIP

Enabling RIP and Configuring RIP Parameters

! Enables a RIP routing process and enters router configuration mode.
Device(config)# router rip
! Associates a network with a RIP routing process.
Device(config-router)# network
! Defines a neighboring device with which to exchange routing information.
Device(config-router)# neighbor
! Applies an offset list to routing metrics.
! Command syntax: offset-list [access-list-number | access-list-name] {in | outoffset [interface-type interface-number]
Device(config-router)# offset-list 98 in 1 Ethernet 1/0
! Adjusts routing protocol timers.
! Command syntax: timers basic update invalid holddown flush [sleeptime]
Device(config-router)# timers basic 1 2 3 4

Specifying a RIP Version and Enabling Authentication

Device(config)# router rip
! Enables the Cisco software to send only RIP Version 2 (RIPv2) packets.
Device(config-router)# version 2

Device(config)# interface Ethernet0/0
! Configures an interface to send only RIPv2 packets.
Device(config-if)# ip rip send version 2
! Configures an interface to accept only RIPv2 packets.
Device(config-if)# ip rip receive version 2
! Enables RIP authentication.
! Command syntax: ip rip authentication key-chain name-of-chain
Device(config-if)# ip rip authentication key-chain KEYS
! Configures the interface to use message digest algorithm 5 (MD5) authentication (or let it default to plain-text authentication).
Device(config-if)# ip rip authentication mode md5

Summarizing RIP Routes

NOTE: Supernet advertisement (advertising any network prefix less than its classful major network) is not allowed in RIP route summarization, other than advertising a supernet learned in the routing tables. Supernets learned on any interface that is subject to configuration are still learned. For example, the following summarization is invalid: (invalid supernet summarization)

Router(config)# interface Ethernet0/0 
Router(config-if)# ip summary-address rip 

Router(config)# interface Ethernet0/0
! Specifies the IP address and network mask that identify the routes to be summarized.
Router(config-if)# ip summary-address rip
Router(config)# router rip
! Used in router configuration mode, disables automatic summarization.
Router(config-router)# no auto-summary

Enabling or Disabling Split Horizon

Router(config)# interface Ethernet0/0
! Enables split horizon.
Router(config-if)# ip split-horizon
! Disables split horizon.
Router(config-if)# no ip split-horizon

Disabling the Validation of Source IP Addresses

Router(config)# interface Ethernet0/0
Router(config-if)# ip split-horizon
Router(config)# router rip
! Disables the validation of the source IP address of incoming RIP routing updates.
Router(config-router)# no validate-update-source

Configuring Interpacket Delay

Router(config)# router rip
! Configures interpacket delay for outbound RIP updates.
! Command syntax: output-delay milliseconds
Router(config-router)# output-delay 8

Optimizing RIP over WAN

  • There are two problems when RIP is not optimized:
    • Periodic broadcasting by RIP generally prevents WAN circuits from being closed.
    • Even on fixed, point-to-point links, the overhead of periodic RIP transmissions could seriously interrupt normal data transfer because of the quantity of information that passes through the line every 30 seconds.
  • To overcome these limitations, triggered extensions to RIP cause RIP to send information on the WAN only when there has been an update to the routing database. Periodic update packets are suppressed over the interface on which this feature is enabled.

Router(config)# interface serial3/0
! Enables triggered extensions to RIP.
Router(config-if)# ip rip triggered

Configuring IP with MD5 Authentication for RIPv2 

! Specifies the name of a key chain and enters key chain configuration mode.
! Command syntax: key chain name-of-chain
Device(config)# key chain rip-md5 
! Specifies the key identifier and enters key chain key configuration mode. The range is from 0 to 2147483647.
Device(config-keychain)# key 123456
! Configures the key string.
! Command syntax: key-string string
Device(config-keychain-key)# key-string abcde

Device(config)# interface serial 3/0.1
! Specifies the mode for RIPv2 authentication.
! Command syntax: ip rip authentication mode {text | md5}
Device(config-subif)# ip rip authentication mode md5
! Specifies a previously configured key chain for Routing Information Protocol Version (RIPv2) message digest algorithm 5 (MD5) authentication.
Device (config-subif)# ip rip authentication key-chain rip-md5

The following example shows how to adjust individual address family timers. Note that the address family "notusingtimers" will use the system defaults of 30, 180, 180, and 240 even though timer values of 5, 10, 15, and 20 are used under the general RIP configuration. Address family timers are not inherited from the general RIP configuration.

Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# timers basic 5 10 15 20
Router(config-router)# redistribute connected
Router(config-router)# network
Router(config-router)# default-metric 10
Router(config-router)# no auto-summary
Router(config-router)# address-family ipv4 vrf abc
Router(config-router-af)# timers basic 10 20 20 20
Router(config-router-af)# redistribute connected
Router(config-router-af)# network
Router(config-router-af)# default-metric 5
Router(config-router-af)# no auto-summary
Router(config-router-af)# version 2
Router(config-router-af)# exit-address-family
Router(config-router)# address-family ipv4 vrf xyz
Router(config-router-af)# timers basic 20 40 60 80
Router(config-router-af)# redistribute connected
Router(config-router-af)# network
Router(config-router-af)# default-metric 2
Router(config-router-af)# no auto-summary
Router(config-router-af)# version 2
Router(config-router-af)# exit-address-family
Router(config-router)# address-family ipv4 vrf notusingtimers
Router(config-router-af)# redistribute connected 
Router(config-router-af)# network 
Router(config-router-af)# default-metric 2 
Router(config-router-af)# no auto-summary 
Router(config-router-af)# version 2 
Router(config-router-af)# exit-address-family