9
366 Nokia Network Voyager for IPSO 4.0 Reference Guide
Authentication
RIP 2 packets also can contain one of two types of authentication methods that can be used to
verify the validity of the supplied routing data.
The first method is a simple password in which an authentication key of up to 16 characters is
included in the packet. If this password does not match what is expected, the packet is discarded.
This method provides very little security, as it is possible to learn the authentication key by
watching RIP packets.
The second method uses the MD5 algorithm to create a crypto checksum of a RIP packet and an
authentication key of up to 16 characters. The transmitted packet does not contain the
authentication key itself; instead, it contains a crypto-checksum called the digest. The receiving
router performs a calculation using the correct authentication key and discards the packet if the
digest does not match. In addition, a sequence number is maintained to prevent the replay of
older packets. This method provides stronger assurance that routing data originated from a router
with a valid authentication key.
RIP 1
Network Mask
RIP 1 derives the network mask of received networks and hosts from the network mask of the
interface from which the packet was received. If a received network or host is on the same
natural network as the interface over which it was received, and that network is subnetted (the
specified mask is more specific than the natural network mask), then the subnet mask is applied
to the destination. If bits outside the mask are set, it is assumed to be a host; otherwise, it is
assumed to be a subnet.
Auto Summarization
The Nokia implementation of RIP 1 supports auto summarization; this allows the router to
aggregate and redistribute nonclassful routes in RIP 1.
Virtual IP Address Support for VRRP
Beginning with IPSO 3.8.1, Nokia supports the advertising of the virtual IP address of the VRRP
virtual router. You can configure RIP to advertise the virtual IP address rather than the actual IP
address of the interface. If you enable this option, RIP runs only on the master of the virtual
router; on a failover, RIP stops running on the old master and then starts running on the new
master. A traffic break might occur during the time it takes both the VRRP and RIP protocols to
learn the routes again. The larger the network, the more time it would take RIP to synchronize its
database and install routes again. For more information on enabling the advertising of a virtual
IP address when running RIP, see “Configuring RIP,” step 12.