summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Jakma <paul.jakma@sun.com>2006-05-04 07:37:37 +0000
committerPaul Jakma <paul.jakma@sun.com>2006-05-04 07:37:37 +0000
commit5f03f141eced8bad4971fcc6ec7d7a538c227d8c (patch)
tree7a166e6a89c3e98c25989fd4a7d823df66cfaf92
parent15a2b089ced3f1e956659e9ca88af45d1c48272c (diff)
[docs] Update ripd docs on version and authentication, see bugs #261,#262
2006-05-04 Paul Jakma <paul.jakma@sun.com> * ripd.texi: Add Version Control as a distinct section. Expand Version Control section with overview text, touching on insecurity of RIPv1 and referencing authentication section, cleanup text of various version commands. RIP Authentication: Add overview text, refer to RIPv1 version control, which is required to completely secure RIP.
-rw-r--r--doc/ChangeLog10
-rw-r--r--doc/ripd.texi107
2 files changed, 86 insertions, 31 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 2cf20851..ea1e2f6e 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,13 @@
+2006-05-04 Paul Jakma <paul.jakma@sun.com>
+
+ * ripd.texi: Add Version Control as a distinct section.
+ Expand Version Control section with overview text,
+ touching on insecurity of RIPv1 and referencing
+ authentication section, cleanup text of various version
+ commands.
+ RIP Authentication: Add overview text, refer to RIPv1 version
+ control, which is required to completely secure RIP.
+
2006-03-31 Paul Jakma <paul.jakma@sun.com>
* fig*.txt: New files, txt versions of the diagrammes for the
diff --git a/doc/ripd.texi b/doc/ripd.texi
index c1ddfd1b..197bc5af 100644
--- a/doc/ripd.texi
+++ b/doc/ripd.texi
@@ -20,6 +20,7 @@ version 1 as described in RFC1058.
@menu
* Starting and Stopping ripd::
* RIP Configuration::
+* RIP Version Control::
* How to Announce RIP route::
* Filtering RIP Routes::
* RIP Metric Manipulation::
@@ -117,18 +118,6 @@ carrying out any of the RIP commands.
Disable RIP.
@end deffn
-RIP can be configured to process either Version 1 or Version 2 packets,
-the default mode is Version 2. If no version is specified, then the RIP
-daemon will default to Version 2. If RIP is set to Version
-1, the setting "Version 1" will be displayed, but the setting "Version
-2" will not be displayed whether or not Version 2 is set explicitly as
-the version of RIP being used. The version can be specified globally, and
-also on a per-interface basis (see below).
-
-@deffn {RIP Command} {version @var{version}} {}
-Set RIP process's version. @var{version} can be `1'' or `2''.
-@end deffn
-
@deffn {RIP Command} {network @var{network}} {}
@deffnx {RIP Command} {no network @var{network}} {}
Set the RIP enable interface by @var{network}. The interfaces which
@@ -187,33 +176,66 @@ as @var{default} to make ripd default to passive on all interfaces.
The default is to be passive on all interfaces.
@end deffn
-RIP version handling
+RIP split-horizon
-@deffn {Interface command} {ip rip send version @var{version}} {}
-@var{version} can be `1', `2', `1 2'. This configuration command
-overrides the router's rip version setting. The command will enable the
-selected interface to send packets with RIP Version 1, RIP Version 2, or
-both. In the case of '1 2', packets will be both broadcast and
-multicast.
+@deffn {Interface command} {ip split-horizon} {}
+@deffnx {Interface command} {no ip split-horizon} {}
+Control split-horizon on the interface. Default is @code{ip
+split-horizon}. If you don't perform split-horizon on the interface,
+please specify @code{no ip split-horizon}.
+@end deffn
+
+@node RIP Version Control
+@section RIP Version Control
+
+RIP can be configured to send either Version 1 or Version 2 packets.
+The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and
+replying with packets of the appropriate version for REQUESTS /
+triggered updates). The version to receive and send can be specified
+globally, and further overriden on a per-interface basis if needs be
+for send and receive seperately (see below).
+
+It is important to note that RIPv1 can not be authenticated. Further,
+if RIPv1 is enabled then RIP will reply to REQUEST packets, sending the
+state of its RIP routing table to any remote routers that ask on
+demand. For a more detailed discussion on the security implications of
+RIPv1 see @ref{RIP Authentication}.
+
+@deffn {RIP Command} {version @var{version}} {}
+Set RIP version to accept for reads and send. @var{version}
+can be either `1'' or `2''.
+
+Disabling RIPv1 by specifying version 2 is STRONGLY encouraged,
+@xref{RIP Authentication}. This may become the default in a future
+release.
-The default is to send only version 2.
+Default: Send Version 2, and accept either version.
@end deffn
-@deffn {Interface command} {ip rip receive version @var{version}} {}
-Version setting for incoming RIP packets. This command will enable the
-selected interface to receive packets in RIP Version 1, RIP Version 2,
-or both.
+@deffn {RIP Command} {no version} {}
+Reset the global version setting back to the default.
+@end deffn
-The default is to receive both versions.
+@deffn {Interface command} {ip rip send version @var{version}} {}
+@var{version} can be `1', `2' or `1 2'.
+
+This interface command overrides the global rip version setting, and
+selects which version of RIP to send packets with, for this interface
+specifically. Choice of RIP Version 1, RIP Version 2, or both versions.
+In the latter case, where `1 2' is specified, packets will be both
+broadcast and multicast.
+
+Default: Send packets according to the global version (version 2)
@end deffn
-RIP split-horizon
+@deffn {Interface command} {ip rip receive version @var{version}} {}
+@var{version} can be `1', `2' or `1 2'.
-@deffn {Interface command} {ip split-horizon} {}
-@deffnx {Interface command} {no ip split-horizon} {}
-Control split-horizon on the interface. Default is @code{ip
-split-horizon}. If you don't perform split-horizon on the interface,
-please specify @code{no ip split-horizon}.
+This interface command overrides the global rip version setting, and
+selects which versions of RIP packets will be accepted on this
+interface. Choice of RIP Version 1, RIP Version 2, or both.
+
+Default: Accept packets according to the global setting (both 1 and 2).
@end deffn
@node How to Announce RIP route
@@ -428,6 +450,29 @@ RIP, valid metric values are from 1 to 16.
@node RIP Authentication
@section RIP Authentication
+RIPv2 allows packets to be authenticated via either an insecure plain
+text password, included with the packet, or via a more secure MD5 based
+@acronym{HMAC, keyed-Hashing for Message AuthentiCation},
+RIPv1 can not be authenticated at all, thus when authentication is
+configured @code{ripd} will discard routing updates received via RIPv1
+packets.
+
+However, unless RIPv1 reception is disabled entirely,
+@xref{RIP Version Control}, RIPv1 REQUEST packets which are received,
+which query the router for routing information, will still be honoured
+by @code{ripd}, and @code{ripd} WILL reply to such packets. This allows
+@code{ripd} to honour such REQUESTs (which sometimes is used by old
+equipment and very simple devices to bootstrap their default route),
+while still providing security for route updates which are received.
+
+In short: Enabling authentication prevents routes being updated by
+unauthenticated remote routers, but still can allow routes (I.e. the
+entire RIP routing table) to be queried remotely, potentially by anyone
+on the internet, via RIPv1.
+
+To prevent such unauthenticated querying of routes disable RIPv1,
+@xref{RIP Version Control}.
+
@deffn {Interface command} {ip rip authentication mode md5} {}
@deffnx {Interface command} {no ip rip authentication mode md5} {}
Set the interface with RIPv2 MD5 authentication.