TMS zl Management and Configuration Guide ST.1.1.100226
9-17
Routing
RIP
When the module discovers a new or better route to a destination from a RIPv2
packet, it enters the route with the next-hop IP address specified in the packet.
If the next-hop IP address field is all zeros, the module assumes that the source
of the packet is the next-hop IP address. (This assumption provides some
backward compatibility with RIPv1.)
RIPv1 interfaces broadcast their routing updates to the entire subnet. RIPv2
routers join the group for the RIPv2 multicast address (224.0.0.9) and multicast
updates to this address. Therefore, RIPv1 and v2 interfaces may not receive
each other’s updates. You must take care to configure the router to send and
listen for the correct version of RIP.
Passive Interfaces
In some situations, you may want an interface to receive routes but not to
broadcast its own routing table. For example, the module needs to receive
routes from an external router, but it should not advertise its own private
subnets to this router.
To configure a passive interface, select the Passive (Updates are received but
not sent.) check box. See step 10 on page 9-22.
RIP Authentication
If you enable authentication on your RIP network, routers will not exchange
their routing tables to achieve adjacency until they have authenticated each
other with a password. Hackers and malware can send pseudo-RIP packets
to establish a neighbor relationship with the routers on your private net-
work. After this relationship is established, the hackers and the malware
writers will receive your routing tables and learn valuable information
about your network. RIP authentication ensures that routers on your
private network do not accept unauthorized packets.
The TMS zl Module supports two types of RIP authentication:
■ RIP simple password authentication
■ Authentication with MD5
With RIP simple password authentication, routers simply add a password to
the 64-bit authentication field in the RIP header.
With MD5 authentication, a router uses a secret key and the MD5 algorithm
to generate a message digest for a packet. Routers that receive the packet
dehash the message digest using the same key. If the dehashed message digest
matches the packet, the packet is authentic.