RIP在Juniper上的配置

RIP協議，路由信息協議，最簡單的距離矢量協議，最大跳數15跳，16不可達，採用廣播的方式進行路由表的擴散與更新，數據包中不包含子網掩碼（2代中有），以及

外層協議的標記等等

在這裏只在Juniper的設備上配置RIP協議，熟悉一下，原理不變

網絡拓撲圖下所示：

R1-------R2------R3

接口鏈接：

em1.12-----em2.12 192.168.1.1/24

em2.23-----em3.23 192.168.2.1/24

在每臺路由器上建立相應的環回接口：

r1: 1.1.1.1/32

r2: 2.2.2.2/32

r3: 3.3.3.3/32

建立三個邏輯路由器；

logical-routers {

r1;

r2;

r3;

配置接口IP地址：

juniper@Olive# set interfaces em1.12 family inet address 192.168.1.1/24

[edit logical-routers r1]

juniper@Olive# set interfaces lo0.12 family inet address 1.1.1.1/24

在R2 和R3上做相似配置；

查看接口的配置狀況：

juniper@Olive> show interfaces terse

Interface Admin Link Proto Local Remote

dsc up up

em0 up up

em0.0 up up inet 192.168.72.10/24

em1 up up

em1.12 up up inet 192.168.1.1/24

em1.32767 up up

em2 up up

em2.12 up up inet 192.168.1.2/24

em2.23 up up inet 192.168.2.1/24

em2.32767 up up

em3 up up

em3.23 up up inet 192.168.2.2/24

lo0 up up

lo0.12 up up inet 1.1.1.1/24

lo0.21 up up inet 2.2.2.2 --> 0/0

lo0.23 up up inet 3.3.3.3 --> 0/0

lo0.16384 up up inet 127.0.0.1 --> 0/0

測試通訊：

在R1上去PING R2的接口IP地址：

juniper@Olive# run ping 192.168.1.2 logical-router r1

PING 192.168.1.2 (192.168.1.2): 56 data bytes

64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.387 ms

64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.351 ms

^C

--- 192.168.1.2 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.351/0.369/0.387/0.018 ms

[edit logical-routers r1]

在這以前有必要配置一下靜態路由，雖然靜態路由很是簡單的，可是做爲Juniper的配置來講，仍是與思科華爲的有些不一樣。

有配置的時候必定要指定掩碼，你配置了192.168.1.0 next-hop 192.168.1.2 ，它不會報錯，可是不通，在之後的配置時

養成良好的習慣。

配置以下所示：

routing-options {

static {

route 192.168.2.0/24 {

next-hop 192.168.1.2;

metric 2;

}

}

}

set routing-options static route 192.168.1.0/24 next-hop 192.168.1.0/24 next-hop 192.168.2.1 metric 2

配置RIP協議：

咱們在思科、華爲的設備上的時候，就直接Network了，宣告就好了，但在Juniper的配置的時候，即便你在接口上發送了

組播的數據包，可是鄰居仍是起不來，這時你必須配置策略，進行相關的宣告；

首先配置以下策略，將直連的宣告：

Applying Export Policy

policy-options {

policy-statement connected-routes {

term advertise-routes {

from protocol direct;

then accept;

}

}

具體的配置命令就不列出來了。

未來自RIP協議的路由進行宣告：

policy-statement transit-rip-routes {

term advretise-routes {

from protocol rip;

then accept;

}

}

}

在協議中再進行配置：

protocols {

rip {

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23;

}

}

}

在接口em3.23上將策略進行應用，將路由信息宣告出去。

查看鄰居的信息：

[edit logical-routers r2]

juniper@Olive# run show rip neighbor logical-router r2

Source Destination Send Receive In

Neighbor State Address Address Mode Mode Met

-------- ----- ------- ----------- ---- ------- ---

em2.12 Up 192.168.1.2 224.0.0.9 mcast both 1

em2.23 Up 192.168.2.1 224.0.0.9 mcast both 1

查看路由表信息：

juniper@Olive# run show route protocol rip logical-router r2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[RIP/100] 00:30:08, metric 2, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 00:25:36, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:25:39, metric 1

MultiRecv

Applying Import Policy

The JUNOS software allows you to filter routes being imported by the local router from its neighbors. You can use import policies to reject unwanted routes or to alter the metric on routes received from certain neighbors. To accomplish these goals, you create a routing policy, which you then apply to the RIP configuration. If you specify more than one policy, they are evaluated in order (first to last) and the first matching policy is applied to the route. If no match is found, the local router imports all usable RIP routes from all neighbors.

在R2上配置以下所示：

policy-statement filter-riesling {

term filter-routes {

from {

protocol rip;

route-filter 192.168.100.0/24 orlonger;

}

then reject;

}

增長一條進入的過濾策略，將192.168.100.0 的過濾了，所在在R2和R1上就再也不在有這樣的一條路由信息了；

將在相應的接口進行配置，這是在協議上具體實現的。

protocols {

rip {

group neighbor-routers {

export [ transit-rip-routes connected-routes ];

neighbor em2.12;

neighbor em2.23 {

import filter-riesling;

}

}

Modifying the Incoming Metric

對於些配置我就不做過多的解釋，它本意就是如此，只是應用到JUNOS軟件中而已，無論你在怎樣的設備上配置RIP，它的一些特性不是不會改變的，

RIP運行這麼多年了，那個供應商也不會去改變的特性應用，只是在配置方面有所不同而已；

在R1上做以下配置：

protocols {

rip {

group neihbor-routes {

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

metric-in 5;

}

}

}

}

查看相應的結果：

juniper@Olive# run show route protocol rip logical-router r1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/100] 01:03:13, metric 7, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:02:43, metric 1

MultiRecv

能夠看出，度量值增長了；

Modifying the Outgoing Metric

配置命令只增長一小條而已；

protocols {

rip {

group neihbor-routes {

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

在其餘的路由設備上查看相應的結果：

juniper@Olive# run show route protocol rip logical-router r2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[RIP/100] 01:19:41, metric 11, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 01:15:09, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:01:40, metric 1

MultiRecv

Configuring Authentication

By default, authentication between RIP neighbors is disabled within the JUNOS software；You　can configure it globally for all peers or on a peer-by-peer basis within the neighbor configuration　hierarchy；

Simple authentication Uses a plain-text password that is included in the transmitted packet.

MD5 authentication Sends the result of a one-way hashing algorithm in the transmitted packet.

在配置認證的時候，有一個時間的緩衝時間，在這段時間裏，雖然你能夠看到路由信息，可是Ping不通的，網絡尚未收斂完成；

簡單配置以下所示：

protocols {

rip {

authentication-type md5;

authentication-key "$9$VMsgJikP36AGD6Ap0hcbs2"; ## SECRET-DATA

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23

Controlling Route Preference

The JUNOS software default for the preference of RIP routes within the routing table is 100. The routing table uses the preference values to select the best route when multiple protocols are advertising the same destination prefix;

有些配置操做其實就在協議的全局模式下進行配置的，所應用到的就是啓用了協議的接口；

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

路由設備上能夠看到這一優先級，當網絡拓撲圖複雜點時，能夠修改優先級進行相應的路由選擇；

juniper@Olive# run show route protocol rip logical-router r1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/90] 01:48:29, metric 3, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:04:10, metric 1

Configuring Update Messages

By default, all RIP routers will advertise RIPv2 messages via multicast to all configured neighbors. In addition, all routers are able to receive both RIPv1 and RIPv2 messages.；

The receive-options values are:

both Accept RIPv1 and v2 packets.

none Do not receive RIP packets.

version-1 Accept only RIPv1 packets.

version-2 Accept only RIPv2 packets.

配置也是比較簡單的；

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

send version-1;

receive version-1

Configuring the Number of Route Entries in an Update Message

You can increase the default size of the RIP Response messages to include more than 25 route entries in each Update message. The maximum number of route entries you can advertise is 255 in a single message；

juniper@Olive# set protocols rip message-size 100

如此就行；

Accepting Packets Whose Reserved Fields Are Nonzero

Recall that the Request and Response messages for both RIPv1 and RIPv2 were identical. The difference between them was in the use of the message fields. RIPv1 viewed many fields as reserved, while the RIPv2 specification used those same fields for subnet mask, next hop, and so forth.

這一條命令的做用是由於RIPV1和RIPV2的數據包格式不同，爲不使檢驗出錯，忽略檢查 ；

juniper@Olive# set protocols rip no-check-zero