RIP
The Routing Information Protocol (RIP), is based on a set of algorithms that use distance vectors to mathematically compare routes to identify the best path to any given destination address. RIP will send routing update messages to its peers over a multicast address of 224.0.0.9 at regular intervals or when routing changes occur. For IPv6, RIPng is used to advertise the local IPv6 routes and routing updates are sent to a multicast IPv6 address of FF02::9.
Valid Environments for RIP
Local RIP Routing
The VPN Gateway can listen for and to RIP updates out on the local LAN/VLAN interfaces. By default, this feature is disabled, but it can be enabled in the VPN Gateway profile stored in the AT&T Administration Server.
If local RIP is enabled, it will always be active and it is independent of the VPN tunnel and the tunnel endpoint. The local routes learned through RIP will never be forwarded down an IPSec tunnel. AT&T Administration Server can define three RIP timers:
At every update timer interval, the RIP process sends an unsolicited Response message containing the complete routing table to all neighboring RIP routers.
Upon expiration of the timeout timer, the route is no longer valid; however, it is retained in the routing table for a short time so that neighbors can be notified that the route has been dropped.
Upon expiration of the garbage collection timer, the route is finally removed from the routing table.
The AT&T Administration Server also adds the ability to define filter lists which can be set-up to allow or deny the advertisement or reception of RIP routes. The filters can be configured per VLAN for specific subnets.
IPSec Tunnel RIP Routing
Depending on the tunnel endpoint, the VPN Gateway will use RIP to exchange local routes for Remote Office connections. If RIP is being used, the VPN Gateway will advertise all local subnets, VLANs, cascaded networks and aliases. The list below describes the tunnel end points and when RIP is used to advertise the local routes:
The VPN Gateway will perform RIP for No-NAT, Source NAT, or 1-1 NAT connections.
RIP is not used for Cisco Remote Office connections.
By default, the VPN Gateway will send a RIP delete message and stop advertising routes associated with a local interface or VLAN which is not active. In the case of a VLAN, it is considered active if at least one port associated with the VLAN is active. The VPN Gateway can be configured in the AT&T Administration Server to always send RIP routes regardless of any ports being active. This method is typically used by the enablement group to test the VPN Gateway before any of the customer’s equipment has been attached.
If 1-1 NAT or Source NAT is being performed, the NAT’d address will be advertised and not the local subnet. For subnets that are not mapped to a NAT range, the native IP subnet will be advertised.