Tuesday, 27 October 2015

RIPv2 source update validation

RIPv2 source update validation

  • Source of a RIP packet must be on the same subnet as the receiving interface
  • Packet not coming from the same subnet will be ignored.
This command is used to receive RIP updates on a RIP-enabled network and the sending router is on another subnet.


R2(config)#router rip
R2(config-router)#no validate-update-source

RIP (and IGRP too) checks to see if the source of the update received is in the same subnet as that configured on the router's receiving interface.

When a router running Routing Information Protocol (RIP) receives an update from a neighboring router, it checks whether the source of the update belongs to the same network or sub-network as the receiving interface. If they are the same, the routes are accepted for installing into the routing table. Otherwise, the update is dropped.
This situation is more common in dial-up environments when the ip unnumbered command is issued on one end and ip address negotiated command is issued on the other end, which can result in different subnet masks, although the addresses are actually assigned from the same subnet. This can also occur when connecting across a firewall which does not participate in routing but transparently forwards the updates between the routers connected to its various interfaces belonging to different subnets. This can also occur if RIP is used in Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environments over multiple Generic Routing Encapsulation (GRE) tunnels belonging to different Virtual Routing and Forwarding (VRF) tables on the router, and the same addresses are used as tunnel endpoints for the different tunnels.

Resolution:

If you issue the debug ip rip command, the error message starting with the text RIP: ignored v2 update from bad source or RIP: ignored v1 update from bad source is not displayed depending on the RIP version being used. This indicates that the source of the update is not on the same subnet as the receiving interface.
To resolve this problem, issue the no validate-update-source command under router configuration mode of RIP, which stops validating the source address and accepts the updates.
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router rip
R2(config-router)#no validate-update-source
R2(config-router)#end
R2#
Make sure that you issue this command with caution since it may hide a real problem if the IP addresses on the routers are misconfigured. When using RIP over GRE tunnels with VRFs in an MPLS VPN environment, use unique endpoints as tunnel source and tunnel destination for different GRE tunnels.