Hi, I know RIP is outdated and IETF doesnt support it anymore. Knowing this i couldnt think of a more appropriate place to post this query: I keep seeing RIP packets with a tag field filled with some non zero number. Any clues on why this is happening? I know that the border routers were meant to use this to fill their AS numbers there, but is there any vendor that really uses this. Moreover, does it make any sense now in doing so. Thanks, Tom
Tom Sanders wrote:
Hi,
I know RIP is outdated and IETF doesnt support it anymore. Knowing this i couldnt think of a more appropriate place to post this query:
There are so many boxes out there dating from a century before: Windows, Macs, old routers, PDPs and VAXes. Even uptodate CISCOs still use it.
I keep seeing RIP packets with a tag field filled with some non zero number. Any clues on why this is happening?
Those old and new boxes never heard of IETF. They only know plug and play. Someone plugs them in and plays arround until it works more ore less.
I know that the border routers were meant to use this to fill their AS numbers there, but is there any vendor that really uses this. Moreover, does it make any sense now in doing so.
That border has two sides: The side you are living is the world of AS numbers, BGP or OSPF and strictly to be ovserved rules. The other side is where your customers are living. There are living real system and network managers who know what they are doing. I dont think they let slip RIP into your network. But there are also people who believe in windows, who believe it makes sense to use netbios packets in the internet. They dont even know their box is sending and receiving RIP. I dont believe in blocking internet packets, but I am shure it is a good idea blocking those RIP packets. They are definitely ment to stay in the local network. RIP was never meant for the internet. Only missconfigured router allow it to pass through. And I cannot imagine anybody using RIP packets for SSH or something like that :)
Thanks, Tom
Regards, Peter and Karin Dambier -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) mail: peter@peter-dambier.de http://iason.site.voila.fr http://www.kokoom.com/iason
The other side is where your customers are living. There are living real system and network managers who know what they are doing. I dont think they let slip RIP into your network.
ok
But there are also people who believe in windows, who believe it makes sense to use netbios packets in the internet. They dont even know their box is sending and receiving RIP.
I dont recollect any connection between Netbios and RIP. Am i missing something? Even if some application is leaking the RIP packets, why would they carry a tag in them? I thought it was a field rarely used in the implementations.
I dont believe in blocking internet packets, but I am shure it is a good idea blocking those RIP packets. They are definitely ment to stay in the local network. RIP was never meant for the internet. Only missconfigured router allow it to pass through.
And I cannot imagine anybody using RIP packets for SSH or something like that :)
Thanks, Tom
But there are also people who believe in windows, who believe it makes sense to use netbios packets in the internet. They dont even know their box is sending and receiving RIP.
I dont recollect any connection between Netbios and RIP. Am i missing something? Even if some application is leaking the RIP packets, why would they carry a tag in them?
I thought it was a field rarely used in the implementations.
You are right, there is no connection between Netbios and RIP. They are accidently running on the same system. I have seen RIP on all kinds of routers and systems. It is kind of plug and play. They mostly use RIP v1 but Tags is RIP v2. My first guess it must be a router or a unix system, maybe MAC OS X
I dont believe in blocking internet packets, but I am shure it is a good idea blocking those RIP packets. They are definitely ment to stay in the local network. RIP was never meant for the internet. Only missconfigured router allow it to pass through.
Routers normally dont let RIP pass through. They eat it and send out something new. So whoever sends RIP must be a router or a hacker trying to play man in the middle.
And I cannot imagine anybody using RIP packets for SSH or something like that :)
It could be a windows pc that connects a lan to the internet and there is IPv6 in the lan. Then they might use RIP v2. It could be a Sun. As soon as they start routing they start RIP and they do RIP v2. CISCO? As far as I remember you have to start RIP in your configuration. They dont do it automatically. I remember rarely, very rarely having seen RIP and ICMP packets trying to redirect a 192.168.something to somebody else
Thanks, Tom
You are welcome. Peter -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) mail: peter@peter-dambier.de http://iason.site.voila.fr http://www.kokoom.com/iason
Tags are simply a way to mark the routes. Typically people will do it if they have multiple redistribution points (or if someone tells them to set a tag). Depending on the complexity of the network, tags are used for many different reasons, but those are all "internal" reasons to a company unless you have a relationship and reason to exchange RIP with your customer (MPLS VPN?). If you are seeing this on VRF customers, would you have any reason to be concerned about it? The VRF should keep things separate from the rest of your network. If you aren't running a VRF, why do you have RIP enabled on the edge interface to see these things anyway? (e.g. why do you care?) Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Tom Sanders Sent: Friday, August 19, 2005 5:34 AM To: nanog@nanog.org Subject: Tags Hi, I know RIP is outdated and IETF doesnt support it anymore. Knowing this i couldnt think of a more appropriate place to post this query: I keep seeing RIP packets with a tag field filled with some non zero number. Any clues on why this is happening? I know that the border routers were meant to use this to fill their AS numbers there, but is there any vendor that really uses this. Moreover, does it make any sense now in doing so. Thanks, Tom
participants (3)
-
Peter Dambier
-
Scott Morris
-
Tom Sanders