Part 20 – How RIP Works

How RIP Works

Table Of Contents
  1. How RIP Works
  2. Resources

Introduction

Welcome to Part 20 of the Network Fundamentals study notes! If you haven’t already, we recommend watching the video first.

RIP — the Routing Information Protocol — is one of the oldest dynamic routing protocols still in use. It’s simple, which makes it the ideal starting point for understanding how dynamic routing works. The concepts you learn with RIP apply directly to more advanced protocols like OSPF and EIGRP.

RIP v1 vs RIP v2

RIP originated in the days of classful networking. RIP v1 is classful — it doesn’t include subnet masks in its updates, so it can’t support VLSM or discontiguous networks. RIP v2 is classless and supports subnet masks. Always use RIP v2. RIP v1 should not be used in modern networks.

Distance Vector Routing

RIP is a distance vector protocol. Rather than building a complete map of the network (as link state protocols like OSPF do), RIP routers share simple information: a network address and how far away it is. Think of it as a series of signposts rather than a map — each sign points in a direction and tells you the distance, but doesn’t show you the full road layout.

For example, a router might advertise: “I know about 10.10.10.0, and it’s two hops from me.” The distance is the hop count; the vector is the direction (the next hop). That’s where the name “distance vector” comes from.

If a router receives the same network from two neighbours with different distances, it chooses the shorter one as the best path.

Configuring RIP

Starting RIP

On a Cisco router, routing protocols run as separate processes, started with the router command:

router rip
 version 2
 no auto-summary
 network <classful-network>

The Network Statement

The network statement does two things simultaneously — and this trips people up:

  1. It enables RIP update messages on any interface whose IP falls within that range.
  2. It tells RIP that it’s allowed to advertise the connected networks within that range to its neighbours.

Note that the network statement is still classful — even in RIP v2. You enter the classful network address with no subnet mask. So network 172.16.0.0 covers all interfaces with addresses in the 172.16.0.0/16 classful range.

RIP v1 broadcasts its updates to all devices. RIP v2 is more efficient — it multicasts to 224.0.0.9, which only RIP-enabled routers receive. Updates are not forwarded beyond a single hop — each router generates its own updates from what it knows.

No Auto-Summary

By default, RIP v2 automatically summarizes routes to their classful boundaries. This means that if a router has several /24 subnets within the 10.0.0.0/8 classful network, it won’t advertise each /24 individually — it advertises the summary 10.0.0.0/8 instead.

This causes problems when multiple routers have networks in the same classful range. They’ll all advertise the same summary, creating confusion in the routing table. Always disable auto-summary with no auto-summary. This makes RIP advertise the real, specific subnet masks.

Passive Interfaces

Sometimes you want RIP to advertise a network but not send update messages out a particular interface — for example, towards a third-party ISP router that you don’t control.

Use passive-interface <interface> to stop sending updates on that interface while still advertising its connected network. A better approach for security is to make all interfaces passive by default and then selectively enable RIP only where needed:

router rip
 passive-interface default
 no passive-interface <interface-to-neighbour>

This way, RIP can’t accidentally send updates to interfaces you didn’t intend.

Authentication

Without authentication, any router connected to your network could send RIP updates and potentially poison your routing table — for example, if someone accidentally connected a home router at the office.

RIP supports authentication using a keychain — a named list of passwords. You create the keychain, add a key with a password, then apply it to the interface using MD5 encryption. The same keychain and key must be configured on both ends of each link.

key chain MY-CHAIN
 key 1
  key-string <password>

interface GigabitEthernet 0/1
 ip rip authentication mode md5
 ip rip authentication key-chain MY-CHAIN

Always use MD5 — plaintext authentication sends the password in clear text and is trivially compromised.

Metrics: Hop Count

RIP uses hop count as its metric — the number of routers a packet must pass through to reach the destination. The maximum allowed hop count is 15. A hop count of 16 means unreachable. This is RIP’s way of signalling that a route is invalid.

When a router receives updates for the same network from multiple neighbours, it chooses the path with the lowest hop count. Routes are stored in the RIP database (show ip rip database) and the best ones are offered to the routing table. In the routing table, RIP routes show an AD of 120 and include their hop count metric, e.g. [120/2].

For comparison: OSPF uses cost (inversely proportional to link speed — faster links are preferred). EIGRP uses a composite metric based on bandwidth, latency, load, and reliability. Each metric reflects different priorities, but the principle — choose the best path according to your metric — is the same.

Loop Prevention: Split Horizon

Without loop prevention, routing information can bounce back and forth between routers in an infinite loop. RIP uses split horizon to prevent this: when a routing update is received on an interface, RIP will never send that same route back out the same interface.

For example, if R2 learns about a network from R1 via interface GI0/1, R2 will share that route with R3 and R4 — but not back to R1. This breaks the potential for looping.

Route Poisoning

When a network goes down, the router that was connected to it needs to tell its neighbours. It does this by advertising the lost network with a metric of 16 — the “infinity” value in RIP. Other routers see this, recognise the route as unreachable, and remove it from their tables. This is called route poisoning.

Convergence and RIP Timers

Convergence is the process of all routers in the network updating their routing tables after a topology change. Routers directly connected to a failed device converge immediately — the link goes down and the route is removed. But routers that aren’t directly connected need another mechanism.

RIP uses four timers:

  • Update timer (default 30s) — how often RIP sends update messages to neighbours.
  • Invalid timer (default 180s) — each route has its own countdown. Every time an update arrives for a route, the timer resets. If no update is received for 180 seconds, the route is marked invalid. This is how a router detects that a neighbour has failed even without a direct link going down.
  • Holddown timer — once a route is marked invalid, a holddown period begins during which no new updates for that route are accepted. This stabilises the routing table while the network reconverges.
  • Flush timer (default 240s) — 60 seconds after the invalid timer expires, the route is fully removed from the routing table. During that overlap, the router actively advertises the route with metric 16 to help neighbours learn about the failure.

These default timers mean RIP can take several minutes to fully converge after a failure. This is one of RIP’s biggest weaknesses compared to OSPF or EIGRP, which converge much faster.

Advertising a Default Route via RIP

You can’t use a network 0.0.0.0 statement to advertise a default route — RIP can only advertise routes to networks it’s directly connected to. Instead:

  1. Configure a static default route on the router closest to the internet: ip route 0.0.0.0 0.0.0.0 <next-hop>
  2. Add default-information originate inside router rip to tell RIP to advertise this default route to all its neighbours.

Other routers in the network will then learn the default route through RIP and use it for any traffic without a more specific destination.

Useful Show Commands

  • show ip protocols — shows all routing protocols configured, network statements, neighbours, and passive interfaces
  • show ip rip database — shows all routes in the RIP database with their metrics
  • show ip route — the routing table; filter for RIP routes with show ip route rip

Resources

Test your knowledge with the Introduction to Networking quizzes.