RIP在Juniper上的配置

RIP協議，路由信息協議，最簡單的距離矢量協議，最大跳數15跳，16不可達，采用廣播的方式進行路由表的擴散與更新，數據包中不包含子網掩碼（2代中有），以及

外層協議的標記等等

在這里只在Juniper的設備上配置RIP協議，熟悉一下，原理不變

網絡拓撲圖下所示：

R1-------R2------R3

接口連接：

em1.12-----em2.12 192.168.1.1/24

em2.23-----em3.23 192.168.2.1/24

在每臺路由器上創建相應的環回接口：

r1: 1.1.1.1/32

r2: 2.2.2.2/32

r3: 3.3.3.3/32

創建三個邏輯路由器；

logical-routers {

r1;

r2;

r3;

配置接口IP地址：

juniper@Olive# set interfaces em1.12 family inet address 192.168.1.1/24

[edit logical-routers r1]

juniper@Olive# set interfaces lo0.12 family inet address 1.1.1.1/24

在R2 和R3上作類似配置；

查看接口的配置情況：

juniper@Olive> show interfaces terse

Interface Admin Link Proto Local Remote

dsc up up

em0 up up

em0.0 up up inet 192.168.72.10/24

em1 up up

em1.12 up up inet 192.168.1.1/24

em1.32767 up up

em2 up up

em2.12 up up inet 192.168.1.2/24

em2.23 up up inet 192.168.2.1/24

em2.32767 up up

em3 up up

em3.23 up up inet 192.168.2.2/24

lo0 up up

lo0.12 up up inet 1.1.1.1/24

lo0.21 up up inet 2.2.2.2 --> 0/0

lo0.23 up up inet 3.3.3.3 --> 0/0

lo0.16384 up up inet 127.0.0.1 --> 0/0

測試通信：

在R1上去PING R2的接口IP地址：

juniper@Olive# run ping 192.168.1.2 logical-router r1

PING 192.168.1.2 (192.168.1.2): 56 data bytes

64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.387 ms

64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.351 ms

^C

--- 192.168.1.2 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.351/0.369/0.387/0.018 ms

[edit logical-routers r1]

在這之前有必要配置一下靜態路由，雖然靜態路由非常簡單的，但是作為Juniper的配置來說，還是與思科華為的有些不同。

有配置的時候一定要指定掩碼，你配置了192.168.1.0 next-hop 192.168.1.2 ，它不會報錯，但是不通，在以后的配置時

養成良好的習慣。

配置如下所示：

routing-options {

static {

route 192.168.2.0/24 {

next-hop 192.168.1.2;

metric 2;

}

}

}

set routing-options static route 192.168.1.0/24 next-hop 192.168.1.0/24 next-hop 192.168.2.1 metric 2

配置RIP協議：

我們在思科、華為的設備上的時候，就直接Network了，宣告就行了，但在Juniper的配置的時候，即使你在接口上發送了

組播的數據包，但是鄰居還是起不來，這時你必須配置策略，進行相關的宣告；

首先配置如下策略，將直連的宣告：

Applying Export Policy

policy-options {

policy-statement connected-routes {

term advertise-routes {

from protocol direct;

then accept;

}

}

具體的配置命令就不列出來了。

將來自RIP協議的路由進行宣告：

policy-statement transit-rip-routes {

term advretise-routes {

from protocol rip;

then accept;

}

}

}

在協議中再進行配置：

protocols {

rip {

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23;

}

}

}

在接口em3.23上將策略進行應用，將路由信息宣告出去。

查看鄰居的信息：

[edit logical-routers r2]

juniper@Olive# run show rip neighbor logical-router r2

Source Destination Send Receive In

Neighbor State Address Address Mode Mode Met

-------- ----- ------- ----------- ---- ------- ---

em2.12 Up 192.168.1.2 224.0.0.9 mcast both 1

em2.23 Up 192.168.2.1 224.0.0.9 mcast both 1

查看路由表信息：

juniper@Olive# run show route protocol rip logical-router r2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[RIP/100] 00:30:08, metric 2, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 00:25:36, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:25:39, metric 1

MultiRecv

Applying Import Policy

The JUNOS software allows you to filter routes being imported by the local router from its neighbors. You can use import policies to reject unwanted routes or to alter the metric on routes received from certain neighbors. To accomplish these goals, you create a routing policy, which you then apply to the RIP configuration. If you specify more than one policy, they are evaluated in order (first to last) and the first matching policy is applied to the route. If no match is found, the local router imports all usable RIP routes from all neighbors.

在R2上配置如下所示：

policy-statement filter-riesling {

term filter-routes {

from {

protocol rip;

route-filter 192.168.100.0/24 orlonger;

}

then reject;

}

增加一條進入的過濾策略，將192.168.100.0 的過濾了，所在在R2和R1上就不再在有這樣的一條路由信息了；

將在相應的接口進行配置，這是在協議上具體實現的。

protocols {

rip {

group neighbor-routers {

export [ transit-rip-routes connected-routes ];

neighbor em2.12;

neighbor em2.23 {

import filter-riesling;

}

}

Modifying the Incoming Metric

對于些配置我就不作過多的解釋，它本意就是如此，只是應用到JUNOS軟件中而已，不管你在怎樣的設備上配置RIP，它的一些特性不是不會改變的，

RIP運行這么多年了，那個供應商也不會去改變的特性應用，只是在配置方面有所不一樣而已；

在R1上作如下配置：

protocols {

rip {

group neihbor-routes {

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

metric-in 5;

}

}

}

}

查看相應的結果：

juniper@Olive# run show route protocol rip logical-router r1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/100] 01:03:13, metric 7, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:02:43, metric 1

MultiRecv

可以看出，度量值增加了；

Modifying the Outgoing Metric

配置命令只增加一小條而已；

protocols {

rip {

group neihbor-routes {

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

在其他的路由設備上查看相應的結果：

juniper@Olive# run show route protocol rip logical-router r2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.0/24 *[RIP/100] 01:19:41, metric 11, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 01:15:09, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:01:40, metric 1

MultiRecv

Configuring Authentication

By default, authentication between RIP neighbors is disabled within the JUNOS software；You　can configure it globally for all peers or on a peer-by-peer basis within the neighbor configuration　hierarchy；

Simple authentication Uses a plain-text password that is included in the transmitted packet.

MD5 authentication Sends the result of a one-way hashing algorithm in the transmitted packet.

在配置認證的時候，有一個時間的緩沖時間，在這段時間里，雖然你可以看到路由信息，但是Ping不通的，網絡還沒有收斂完成；

簡單配置如下所示：

protocols {

rip {

authentication-type md5;

authentication-key "$9$VMsgJikP36AGD6Ap0hcbs2"; ## SECRET-DATA

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23

Controlling Route Preference

The JUNOS software default for the preference of RIP routes within the routing table is 100. The routing table uses the preference values to select the best route when multiple protocols are advertising the same destination prefix;

有些配置操作其實就在協議的全局模式下進行配置的，所應用到的就是啟用了協議的接口；

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

路由設備上可以看到這一優先級，當網絡拓撲圖復雜點時，可以修改優先級進行相應的路由選擇；

juniper@Olive# run show route protocol rip logical-router r1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/90] 01:48:29, metric 3, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:04:10, metric 1

Configuring Update Messages

By default, all RIP routers will advertise RIPv2 messages via multicast to all configured neighbors. In addition, all routers are able to receive both RIPv1 and RIPv2 messages.；

The receive-options values are:

both Accept RIPv1 and v2 packets.

none Do not receive RIP packets.

version-1 Accept only RIPv1 packets.

version-2 Accept only RIPv2 packets.

配置也是比較簡單的；

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

send version-1;

receive version-1

Configuring the Number of Route Entries in an Update Message

You can increase the default size of the RIP Response messages to include more than 25 route entries in each Update message. The maximum number of route entries you can advertise is 255 in a single message；

juniper@Olive# set protocols rip message-size 100

如此就行；

Accepting Packets Whose Reserved Fields Are Nonzero

Recall that the Request and Response messages for both RIPv1 and RIPv2 were identical. The difference between them was in the use of the message fields. RIPv1 viewed many fields as reserved, while the RIPv2 specification used those same fields for subnet mask, next hop, and so forth.

這一條命令的作用是因為RIPV1和RIPV2的數據包格式不一樣，為不使檢驗出錯，忽略檢查 ；

juniper@Olive# set protocols rip no-check-zero