Fortinet black logo

Administration Guide

Basic RIP example

Basic RIP example

In this example, a medium-sized network is configured using RIPv2.

  • Two core routers, RIP Router2 and RIP Router3, connect to the ISP router for two redundant paths to the internet.

  • Two other routers, RIP Router1 and RIP Router4, connect to the two core routers and to different local networks.

  • The ISP router is using RIP for its connections to the core routers, and redistributes its default route to the network - that is, default route injection is enabled.

  • The ISP router uses NAT and has a static route to the internet. None of the other routers use NAT or static routes.

All of the FortiGate routers are configured as shown, using netmask 255.255.255.0. Firewall policies have been configured to allow the required traffic to flow across the interfaces.

Router

Interface

Interface name

IP address

Router1

port1

LoSales

10.11.101.101

port2

vd12link0

10.11.201.101

port3

vd13link0

10.11.202.101

Router2

port1

vd23link0

10.12.101.102

port2

vd12link1

10.11.201.102

port3

vd42link1

10.14.201.102

port4

vdr2link1

172.20.120.102

Router3

port1

vd23link1

10.12.101.103

port2

vd13link1

10.11.202.103

port3

vd43link1

10.14.202.103

port4

vdr3link1

172.20.121.103

Router4

port1

LoAccounting

10.14.101.104

port2

vd42link0

10.14.201.104

port3

vd43link0

10.14.202.104

ISP Router

port1

port1

To internet

port2

vdr2link0

172.20.120.5

port3

vdr3link0

172.20.121.5

After configuring each router, you can check the status of the connections by viewing the RIP database, RIP interfaces, and routing table. See Verifying the configuration.

After the network is configured, you can test it to ensure that when network events occur, such as a downed link, routing updates are triggered and converge as expected. See Testing the configuration and routing changes.

ISP router

To configure the ISP Router in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add two networks:

    • 172.20.120.0/255.255.255.0

    • 172.20.121.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port2.

    3. Leave the remaining settings as their default values.

    4. Click OK.

    5. Repeat these steps for port3.

  5. Under Advanced Options, enable Inject Default Route.

    This setting allows the ISP router to share its default 0.0.0.0 routes with other routers in the RIP network.

  6. Click Apply.

To configure the ISP Router in the CLI:
config router rip
    set default-information-originate enable
    config network
        edit 1
            set prefix 172.20.121.0 255.255.255.0
        next
        edit 2
            set prefix 172.20.120.0 255.255.255.0
        next
    end
    config interface
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end

Router2 and Router3

Router2 and Router3 RIP configurations have different IP addresses, but are otherwise the same.

To configure Router2 and Router3 in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add the IP addresses for each port:

    Router2

    10.12.101.0/255.255.255.0

    10.11.201.0/255.255.255.0

    10.14.201.0/255.255.255.0

    172.20.120.0/255.255.255.0

    Router3

    10.12.101.0/255.255.255.0

    10.11.202.0/255.255.255.0

    10.14.202.0/255.255.255.0

    172.20.121.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port1.

    3. Leave the remaining settings as their default values.

    4. Click OK.

    5. Repeat these steps for port2, port3, and port4.

  5. Click Apply.

To configure Router2 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.12.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.201.0 255.255.255.0
        next
        edit 4
            set prefix 172.20.120.0 255.255.255.0
        next
    end
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
        edit "port4"
            set receive-version 2
            set send-version 2
        next
    end
end
To configure Router3 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.12.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.202.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.202.0 255.255.255.0
        next
        edit 4
            set prefix 172.20.121.0 255.255.255.0
        next
    end
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
        edit "port4"
            set receive-version 2
            set send-version 2
        next
    end
end

Router1 and Router4

Router1 and Router4 RIP configurations have different IP addresses, but are otherwise the same.

To configure Router1 and Router4 in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add the IP addresses for each port:

    Router1

    10.11.101.0/255.255.255.0

    10.11.201.0/255.255.255.0

    10.11.202.0/255.255.255.0

    Router4

    10.14.101.0/255.255.255.0

    10.14.201.0/255.255.255.0

    10.14.202.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port1.

    3. For port1 only, enable Passive.

    4. Leave the remaining settings as their default values.

    5. Click OK.

    6. Repeat these steps for port2 and port3, making sure that Passive is disabled.

  5. Click Apply.

To configure Router1 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.11.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.11.202.0 255.255.255.0
        next
    end
    set passive-interface "port1"
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end
To configure Router4 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.14.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.14.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.202.0 255.255.255.0
        next
    end
    set passive-interface "port1"
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end

Verifying the configuration

The interface's names are shown in the debugs. The same commands should also be run on the other routers.

To verify the configuration after the ISP router, Router2, and Route3 have been configured:

This verification can be done after the ISP router, Router2, and Router3 have been configured. Only Router2's debugs are shown.

  1. Check the RIP interface information:

    # get router info rip interface
    Router2 is up, line protocol is up
      RIP is not enabled on this interface
    ssl.Router2 is up, line protocol is up
      RIP is not enabled on this interface
    vdr2link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          172.20.120.102/24
    vd12link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.201.102/24
    vd42link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.14.201.102/24
    vd23link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.12.101.102/24
    

    RIP starts exchanging routes as soon as the networks are added to the Router2 and Router3 configurations because the RIP interfaces are active by default, and start sending and receiving RIP updates when a matching interface on the subnet is found. The interface configuration allows the interface settings to be fine tuned, in this case to specify only RIPv2 support.

  2. Check the RIP database:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          172.20.120.5          2 172.20.120.5    vdr2link1 02:55
    Rc 10.11.201.0/24                           1                 vd12link1
    R  10.11.202.0/24     10.12.101.103         2 10.12.101.103   vd23link0 02:33
    Rc 10.12.101.0/24                           1                 vd23link0
    Rc 10.14.201.0/24                           1                 vd42link1
    R  10.14.202.0/24     10.12.101.103         2 10.12.101.103   vd23link0 02:33
    Rc 172.20.120.0/24                          1                 vdr2link1
    R  172.20.121.0/24    10.12.101.103         2 10.12.101.103   vd23link0 02:33
    
  3. Check the routing table:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/2] via 172.20.120.5, vdr2link1, 13:37:23
    C       10.11.201.0/24 is directly connected, vd12link1
    R       10.11.202.0/24 [120/2] via 10.12.101.103, vd23link0, 14:10:01
    C       10.12.101.0/24 is directly connected, vd23link0
    C       10.14.201.0/24 is directly connected, vd42link1
    R       10.14.202.0/24 [120/2] via 10.12.101.103, vd23link0, 14:10:01
    C       172.20.120.0/24 is directly connected, vdr2link1
    R       172.20.121.0/24 [120/2] via 10.12.101.103, vd23link0, 13:20:36
    

    Router2 has learned the default gateway from the ISP router, and has learned of other networks from Router3.

  4. If firewall policies are correctly configured, the outside network can be reached:

    # execute ping-options source 10.11.201.102
    # execute ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=4.5 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=4 ttl=115 time=4.1 ms
    --- 8.8.8.8 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 4.1/4.2/4.5 ms
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  172.20.120.5  0.101 ms  0.030 ms  0.014 ms
     2  172.16.151.1  0.169 ms  0.144 ms  0.131 ms
     3  * * *
To verify the configuration after Router1 and Router4 have also been configured:

This verification can be done after Router1 and Router4 have been configured. Only Router1's debugs are shown.

  1. Check the RIP interface information:

    # get router info rip interface
    Router1 is up, line protocol is up
      RIP is not enabled on this interface
    ssl.Router1 is up, line protocol is up
      RIP is not enabled on this interface
    vd12link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.201.101/24
    vd13link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.202.101/24
    LoSales is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Enabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.101.101/24
          127.0.0.1/8
    
  2. Check the RIP database:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.11.202.103         3 10.11.202.103   vd13link0 02:35
    Rc 10.11.101.0/24                           1                 LoSales
    Rc 10.11.201.0/24                           1                 vd12link0
    Rc 10.11.202.0/24                           1                 vd13link0
    R  10.12.101.0/24     10.11.202.103         2 10.11.202.103   vd13link0 02:35
    R  10.14.101.0/24     10.11.202.103         3 10.11.202.103   vd13link0 02:35
    R  10.14.201.0/24     10.11.201.102         2 10.11.201.102   vd12link0 02:30
    R  10.14.202.0/24     10.11.202.103         2 10.11.202.103   vd13link0 02:35
    R  172.20.120.0/24    10.11.201.102         2 10.11.201.102   vd12link0 02:30
    R  172.20.121.0/24    10.11.202.103         2 10.11.202.103   vd13link0 02:35
    
  3. Check the routing table:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/3] via 10.11.202.103, vd13link0, 00:09:42
    C       10.11.101.0/24 is directly connected, LoSales
    C       10.11.201.0/24 is directly connected, vd12link0
    C       10.11.202.0/24 is directly connected, vd13link0
    R       10.12.101.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    R       10.14.101.0/24 [120/3] via 10.11.202.103, vd13link0, 00:09:42
    R       10.14.201.0/24 [120/2] via 10.11.201.102, vd12link0, 00:09:42
    R       10.14.202.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    R       172.20.120.0/24 [120/2] via 10.11.201.102, vd12link0, 00:09:42
    R       172.20.121.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    
  4. If firewall policies are correctly configured, the accounting network and the internet are reachable from the sales network:

    # execute ping-options source 10.11.101.101
    # execute ping 10.14.101.104
    PING 10.14.101.104 (10.14.101.104): 56 data bytes
    64 bytes from 10.14.101.104: icmp_seq=0 ttl=254 time=0.1 ms
    64 bytes from 10.14.101.104: icmp_seq=1 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=2 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=3 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=4 ttl=254 time=0.0 ms
    --- 10.14.101.104 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 0.0/0.0/0.1 ms
    
    # execute traceroute 10.14.101.104
    traceroute to 10.14.101.104 (10.14.101.104), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.11.202.103  0.079 ms  0.029 ms  0.013 ms
     2  10.14.101.104  0.043 ms  0.020 ms  0.010 ms
    
    # execute ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=4.3 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=4.1 ms
    --- 8.8.8.8 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 4.1/4.2/4.3 ms
    
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.11.202.103  0.094 ms  0.036 ms  0.030 ms
     2  172.20.121.5  0.216 ms  0.045 ms  0.038 ms

Testing the configuration and routing changes

After the network is configured, test it to ensure that when network events occur, such as a downed link, routing updates are triggered and converge as expected.

In the following examples, we disable certain links to simulate network outages, then verify that routing and connectivity is restored after the updates have converged.

Example 1 - ISP router port3 interface goes down

In this example, a link outage occurs on port3 of the ISP router. Consequently, all routers must use Router2, and not Router3, to reach the internet. Note the RIP database before and after the link failure, and the time taken for the route updates to propagate and return to a functioning state.

Router4's debugs are shown.

Before:

# get router info rip database
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
       C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
   Network            Next Hop         Metric From            If     Time
R  0.0.0.0/0          10.14.202.103         3 10.14.202.103   vd43link0 02:31
R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:31
R  10.11.201.0/24     10.14.201.102         2 10.14.201.102   vd42link0 02:47
R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:31
R  10.12.101.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:31
Rc 10.14.101.0/24                           1                 LoAccounting
Rc 10.14.201.0/24                           1                 vd42link0
Rc 10.14.202.0/24                           1                 vd43link0
R  172.20.120.0/24    10.14.201.102         2 10.14.201.102   vd42link0 02:47
R  172.20.121.0/24    10.14.202.103         2 10.14.202.103   vd43link0 02:31
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
Routing table for VRF=0
R*      0.0.0.0/0 [120/3] via 10.14.202.103, vd43link0, 02:45:15
R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 02:44:49
R       10.11.201.0/24 [120/2] via 10.14.201.102, vd42link0, 02:45:15
R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
R       10.12.101.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
C       10.14.101.0/24 is directly connected, LoAccounting
C       10.14.201.0/24 is directly connected, vd42link0
C       10.14.202.0/24 is directly connected, vd43link0
R       172.20.120.0/24 [120/2] via 10.14.201.102, vd42link0, 02:45:15
R       172.20.121.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
# execute traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  10.14.202.103  0.187 ms  0.054 ms  0.030 ms
 2  172.20.121.5  0.117 ms  0.062 ms  0.040 ms
 3  * * *

After:

  • You might see different routes, and the routes might change, while convergence is occurring. During convergence, the metric for your default route increases to 16.

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.14.202.103        16 10.14.202.103   vd43link0 01:50
    
  • After convergence is complete, the RIP database will look similar to the following:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.14.201.102         3 10.14.201.102   vd42link0 02:53
    R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 03:00
    R  10.11.201.0/24     10.14.201.102         2 10.14.201.102   vd42link0 02:53
    R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 03:00
    R  10.12.101.0/24     10.14.202.103         2 10.14.202.103   vd43link0 03:00
    Rc 10.14.101.0/24                           1                 LoAccounting
    Rc 10.14.201.0/24                           1                 vd42link0
    Rc 10.14.202.0/24                           1                 vd43link0
    R  172.20.120.0/24    10.14.201.102         2 10.14.201.102   vd42link0 02:53
  • The default router should point to Router2, with the same number of hops:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/3] via 10.14.201.102, vd42link0, 00:05:24
    R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 02:58:13
    R       10.11.201.0/24 [120/2] via 10.14.201.102, vd42link0, 02:58:39
    R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 02:58:39
    R       10.12.101.0/24 [120/2] via 10.14.202.103, vd43link0, 02:58:39
    C       10.14.101.0/24 is directly connected, LoAccounting
    C       10.14.201.0/24 is directly connected, vd42link0
    C       10.14.202.0/24 is directly connected, vd43link0
    R       172.20.120.0/24 [120/2] via 10.14.201.102, vd42link0, 02:58:39
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.14.201.102  0.167 ms  0.063 ms  0.029 ms
     2  172.20.120.5  0.117 ms  0.073 ms  0.041 ms
     3  172.16.151.1  0.303 ms  0.273 ms  0.253 ms
Example 2- Additional link failures on Router2

In addition to the link failure on the ISP router in example, port1 and port3 on Router2 have also failed. This means that Router4 must go through Router3, Router1, Router2, then the ISP router to reach the internet. Note that, for a period of time, some routes' metrics increase to 16. If no better routes are found for these networks, then they eventually disappear.

After the convergence completes, the RIP database and routing table on Router4 should resemble the following:

# get router info rip database
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
       C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
   Network            Next Hop         Metric From            If     Time
R  0.0.0.0/0          10.14.202.103         5 10.14.202.103   vd43link0 02:54
R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:54
R  10.11.201.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:54
R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:54
Rc 10.14.101.0/24                           1                 LoAccounting
Rc 10.14.202.0/24                           1                 vd43link0
R  172.20.120.0/24    10.14.202.103         4 10.14.202.103   vd43link0 02:54
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
Routing table for VRF=0
R*      0.0.0.0/0 [120/5] via 10.14.202.103, vd43link0, 00:03:54
R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 03:10:12
R       10.11.201.0/24 [120/3] via 10.14.202.103, vd43link0, 00:03:54
R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 03:10:38
C       10.14.101.0/24 is directly connected, LoAccounting
C       10.14.202.0/24 is directly connected, vd43link0
R       172.20.120.0/24 [120/4] via 10.14.202.103, vd43link0, 00:03:54

Reaching the internet on the default gateway now requires five hops from Router4:

# execute traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  10.14.202.103  0.087 ms  0.026 ms  0.012 ms
 2  10.11.202.101  0.045 ms  0.024 ms  0.025 ms
 3  10.11.201.102  0.048 ms  0.024 ms  0.015 ms
 4  172.20.120.5  0.050 ms  0.028 ms  0.019 ms
 5  * * *

Basic RIP example

In this example, a medium-sized network is configured using RIPv2.

  • Two core routers, RIP Router2 and RIP Router3, connect to the ISP router for two redundant paths to the internet.

  • Two other routers, RIP Router1 and RIP Router4, connect to the two core routers and to different local networks.

  • The ISP router is using RIP for its connections to the core routers, and redistributes its default route to the network - that is, default route injection is enabled.

  • The ISP router uses NAT and has a static route to the internet. None of the other routers use NAT or static routes.

All of the FortiGate routers are configured as shown, using netmask 255.255.255.0. Firewall policies have been configured to allow the required traffic to flow across the interfaces.

Router

Interface

Interface name

IP address

Router1

port1

LoSales

10.11.101.101

port2

vd12link0

10.11.201.101

port3

vd13link0

10.11.202.101

Router2

port1

vd23link0

10.12.101.102

port2

vd12link1

10.11.201.102

port3

vd42link1

10.14.201.102

port4

vdr2link1

172.20.120.102

Router3

port1

vd23link1

10.12.101.103

port2

vd13link1

10.11.202.103

port3

vd43link1

10.14.202.103

port4

vdr3link1

172.20.121.103

Router4

port1

LoAccounting

10.14.101.104

port2

vd42link0

10.14.201.104

port3

vd43link0

10.14.202.104

ISP Router

port1

port1

To internet

port2

vdr2link0

172.20.120.5

port3

vdr3link0

172.20.121.5

After configuring each router, you can check the status of the connections by viewing the RIP database, RIP interfaces, and routing table. See Verifying the configuration.

After the network is configured, you can test it to ensure that when network events occur, such as a downed link, routing updates are triggered and converge as expected. See Testing the configuration and routing changes.

ISP router

To configure the ISP Router in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add two networks:

    • 172.20.120.0/255.255.255.0

    • 172.20.121.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port2.

    3. Leave the remaining settings as their default values.

    4. Click OK.

    5. Repeat these steps for port3.

  5. Under Advanced Options, enable Inject Default Route.

    This setting allows the ISP router to share its default 0.0.0.0 routes with other routers in the RIP network.

  6. Click Apply.

To configure the ISP Router in the CLI:
config router rip
    set default-information-originate enable
    config network
        edit 1
            set prefix 172.20.121.0 255.255.255.0
        next
        edit 2
            set prefix 172.20.120.0 255.255.255.0
        next
    end
    config interface
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end

Router2 and Router3

Router2 and Router3 RIP configurations have different IP addresses, but are otherwise the same.

To configure Router2 and Router3 in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add the IP addresses for each port:

    Router2

    10.12.101.0/255.255.255.0

    10.11.201.0/255.255.255.0

    10.14.201.0/255.255.255.0

    172.20.120.0/255.255.255.0

    Router3

    10.12.101.0/255.255.255.0

    10.11.202.0/255.255.255.0

    10.14.202.0/255.255.255.0

    172.20.121.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port1.

    3. Leave the remaining settings as their default values.

    4. Click OK.

    5. Repeat these steps for port2, port3, and port4.

  5. Click Apply.

To configure Router2 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.12.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.201.0 255.255.255.0
        next
        edit 4
            set prefix 172.20.120.0 255.255.255.0
        next
    end
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
        edit "port4"
            set receive-version 2
            set send-version 2
        next
    end
end
To configure Router3 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.12.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.202.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.202.0 255.255.255.0
        next
        edit 4
            set prefix 172.20.121.0 255.255.255.0
        next
    end
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
        edit "port4"
            set receive-version 2
            set send-version 2
        next
    end
end

Router1 and Router4

Router1 and Router4 RIP configurations have different IP addresses, but are otherwise the same.

To configure Router1 and Router4 in the GUI:
  1. Go to Network > RIP.

  2. Set the Version to 2.

  3. Under Networks, add the IP addresses for each port:

    Router1

    10.11.101.0/255.255.255.0

    10.11.201.0/255.255.255.0

    10.11.202.0/255.255.255.0

    Router4

    10.14.101.0/255.255.255.0

    10.14.201.0/255.255.255.0

    10.14.202.0/255.255.255.0

  4. Add the interfaces:

    1. In the Interfaces table, click Create New.

    2. Set Interface to port1.

    3. For port1 only, enable Passive.

    4. Leave the remaining settings as their default values.

    5. Click OK.

    6. Repeat these steps for port2 and port3, making sure that Passive is disabled.

  5. Click Apply.

To configure Router1 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.11.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.11.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.11.202.0 255.255.255.0
        next
    end
    set passive-interface "port1"
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end
To configure Router4 in the CLI:
config router rip
    config network
        edit 1
            set prefix 10.14.101.0 255.255.255.0
        next
        edit 2
            set prefix 10.14.201.0 255.255.255.0
        next
        edit 3
            set prefix 10.14.202.0 255.255.255.0
        next
    end
    set passive-interface "port1"
    config interface
        edit "port1"
            set receive-version 2
            set send-version 2
        next
        edit "port2"
            set receive-version 2
            set send-version 2
        next
        edit "port3"
            set receive-version 2
            set send-version 2
        next
    end
end

Verifying the configuration

The interface's names are shown in the debugs. The same commands should also be run on the other routers.

To verify the configuration after the ISP router, Router2, and Route3 have been configured:

This verification can be done after the ISP router, Router2, and Router3 have been configured. Only Router2's debugs are shown.

  1. Check the RIP interface information:

    # get router info rip interface
    Router2 is up, line protocol is up
      RIP is not enabled on this interface
    ssl.Router2 is up, line protocol is up
      RIP is not enabled on this interface
    vdr2link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          172.20.120.102/24
    vd12link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.201.102/24
    vd42link1 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.14.201.102/24
    vd23link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.12.101.102/24
    

    RIP starts exchanging routes as soon as the networks are added to the Router2 and Router3 configurations because the RIP interfaces are active by default, and start sending and receiving RIP updates when a matching interface on the subnet is found. The interface configuration allows the interface settings to be fine tuned, in this case to specify only RIPv2 support.

  2. Check the RIP database:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          172.20.120.5          2 172.20.120.5    vdr2link1 02:55
    Rc 10.11.201.0/24                           1                 vd12link1
    R  10.11.202.0/24     10.12.101.103         2 10.12.101.103   vd23link0 02:33
    Rc 10.12.101.0/24                           1                 vd23link0
    Rc 10.14.201.0/24                           1                 vd42link1
    R  10.14.202.0/24     10.12.101.103         2 10.12.101.103   vd23link0 02:33
    Rc 172.20.120.0/24                          1                 vdr2link1
    R  172.20.121.0/24    10.12.101.103         2 10.12.101.103   vd23link0 02:33
    
  3. Check the routing table:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/2] via 172.20.120.5, vdr2link1, 13:37:23
    C       10.11.201.0/24 is directly connected, vd12link1
    R       10.11.202.0/24 [120/2] via 10.12.101.103, vd23link0, 14:10:01
    C       10.12.101.0/24 is directly connected, vd23link0
    C       10.14.201.0/24 is directly connected, vd42link1
    R       10.14.202.0/24 [120/2] via 10.12.101.103, vd23link0, 14:10:01
    C       172.20.120.0/24 is directly connected, vdr2link1
    R       172.20.121.0/24 [120/2] via 10.12.101.103, vd23link0, 13:20:36
    

    Router2 has learned the default gateway from the ISP router, and has learned of other networks from Router3.

  4. If firewall policies are correctly configured, the outside network can be reached:

    # execute ping-options source 10.11.201.102
    # execute ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=4.5 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=4.2 ms
    64 bytes from 8.8.8.8: icmp_seq=4 ttl=115 time=4.1 ms
    --- 8.8.8.8 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 4.1/4.2/4.5 ms
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  172.20.120.5  0.101 ms  0.030 ms  0.014 ms
     2  172.16.151.1  0.169 ms  0.144 ms  0.131 ms
     3  * * *
To verify the configuration after Router1 and Router4 have also been configured:

This verification can be done after Router1 and Router4 have been configured. Only Router1's debugs are shown.

  1. Check the RIP interface information:

    # get router info rip interface
    Router1 is up, line protocol is up
      RIP is not enabled on this interface
    ssl.Router1 is up, line protocol is up
      RIP is not enabled on this interface
    vd12link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.201.101/24
    vd13link0 is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Disabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.202.101/24
    LoSales is up, line protocol is up
      Routing Protocol: RIP
        Receive RIPv2 packets only
        Send RIPv2 packets only
        Passive interface: Enabled
        Split horizon: Enabled with Poisoned Reversed
        IP interface address:
          10.11.101.101/24
          127.0.0.1/8
    
  2. Check the RIP database:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.11.202.103         3 10.11.202.103   vd13link0 02:35
    Rc 10.11.101.0/24                           1                 LoSales
    Rc 10.11.201.0/24                           1                 vd12link0
    Rc 10.11.202.0/24                           1                 vd13link0
    R  10.12.101.0/24     10.11.202.103         2 10.11.202.103   vd13link0 02:35
    R  10.14.101.0/24     10.11.202.103         3 10.11.202.103   vd13link0 02:35
    R  10.14.201.0/24     10.11.201.102         2 10.11.201.102   vd12link0 02:30
    R  10.14.202.0/24     10.11.202.103         2 10.11.202.103   vd13link0 02:35
    R  172.20.120.0/24    10.11.201.102         2 10.11.201.102   vd12link0 02:30
    R  172.20.121.0/24    10.11.202.103         2 10.11.202.103   vd13link0 02:35
    
  3. Check the routing table:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/3] via 10.11.202.103, vd13link0, 00:09:42
    C       10.11.101.0/24 is directly connected, LoSales
    C       10.11.201.0/24 is directly connected, vd12link0
    C       10.11.202.0/24 is directly connected, vd13link0
    R       10.12.101.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    R       10.14.101.0/24 [120/3] via 10.11.202.103, vd13link0, 00:09:42
    R       10.14.201.0/24 [120/2] via 10.11.201.102, vd12link0, 00:09:42
    R       10.14.202.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    R       172.20.120.0/24 [120/2] via 10.11.201.102, vd12link0, 00:09:42
    R       172.20.121.0/24 [120/2] via 10.11.202.103, vd13link0, 00:09:42
    
  4. If firewall policies are correctly configured, the accounting network and the internet are reachable from the sales network:

    # execute ping-options source 10.11.101.101
    # execute ping 10.14.101.104
    PING 10.14.101.104 (10.14.101.104): 56 data bytes
    64 bytes from 10.14.101.104: icmp_seq=0 ttl=254 time=0.1 ms
    64 bytes from 10.14.101.104: icmp_seq=1 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=2 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=3 ttl=254 time=0.0 ms
    64 bytes from 10.14.101.104: icmp_seq=4 ttl=254 time=0.0 ms
    --- 10.14.101.104 ping statistics ---
    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 0.0/0.0/0.1 ms
    
    # execute traceroute 10.14.101.104
    traceroute to 10.14.101.104 (10.14.101.104), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.11.202.103  0.079 ms  0.029 ms  0.013 ms
     2  10.14.101.104  0.043 ms  0.020 ms  0.010 ms
    
    # execute ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=4.3 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=4.1 ms
    --- 8.8.8.8 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 4.1/4.2/4.3 ms
    
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.11.202.103  0.094 ms  0.036 ms  0.030 ms
     2  172.20.121.5  0.216 ms  0.045 ms  0.038 ms

Testing the configuration and routing changes

After the network is configured, test it to ensure that when network events occur, such as a downed link, routing updates are triggered and converge as expected.

In the following examples, we disable certain links to simulate network outages, then verify that routing and connectivity is restored after the updates have converged.

Example 1 - ISP router port3 interface goes down

In this example, a link outage occurs on port3 of the ISP router. Consequently, all routers must use Router2, and not Router3, to reach the internet. Note the RIP database before and after the link failure, and the time taken for the route updates to propagate and return to a functioning state.

Router4's debugs are shown.

Before:

# get router info rip database
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
       C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
   Network            Next Hop         Metric From            If     Time
R  0.0.0.0/0          10.14.202.103         3 10.14.202.103   vd43link0 02:31
R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:31
R  10.11.201.0/24     10.14.201.102         2 10.14.201.102   vd42link0 02:47
R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:31
R  10.12.101.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:31
Rc 10.14.101.0/24                           1                 LoAccounting
Rc 10.14.201.0/24                           1                 vd42link0
Rc 10.14.202.0/24                           1                 vd43link0
R  172.20.120.0/24    10.14.201.102         2 10.14.201.102   vd42link0 02:47
R  172.20.121.0/24    10.14.202.103         2 10.14.202.103   vd43link0 02:31
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
Routing table for VRF=0
R*      0.0.0.0/0 [120/3] via 10.14.202.103, vd43link0, 02:45:15
R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 02:44:49
R       10.11.201.0/24 [120/2] via 10.14.201.102, vd42link0, 02:45:15
R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
R       10.12.101.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
C       10.14.101.0/24 is directly connected, LoAccounting
C       10.14.201.0/24 is directly connected, vd42link0
C       10.14.202.0/24 is directly connected, vd43link0
R       172.20.120.0/24 [120/2] via 10.14.201.102, vd42link0, 02:45:15
R       172.20.121.0/24 [120/2] via 10.14.202.103, vd43link0, 02:45:15
# execute traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  10.14.202.103  0.187 ms  0.054 ms  0.030 ms
 2  172.20.121.5  0.117 ms  0.062 ms  0.040 ms
 3  * * *

After:

  • You might see different routes, and the routes might change, while convergence is occurring. During convergence, the metric for your default route increases to 16.

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.14.202.103        16 10.14.202.103   vd43link0 01:50
    
  • After convergence is complete, the RIP database will look similar to the following:

    # get router info rip database
    Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
           C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
       Network            Next Hop         Metric From            If     Time
    R  0.0.0.0/0          10.14.201.102         3 10.14.201.102   vd42link0 02:53
    R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 03:00
    R  10.11.201.0/24     10.14.201.102         2 10.14.201.102   vd42link0 02:53
    R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 03:00
    R  10.12.101.0/24     10.14.202.103         2 10.14.202.103   vd43link0 03:00
    Rc 10.14.101.0/24                           1                 LoAccounting
    Rc 10.14.201.0/24                           1                 vd42link0
    Rc 10.14.202.0/24                           1                 vd43link0
    R  172.20.120.0/24    10.14.201.102         2 10.14.201.102   vd42link0 02:53
  • The default router should point to Router2, with the same number of hops:

    # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    R*      0.0.0.0/0 [120/3] via 10.14.201.102, vd42link0, 00:05:24
    R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 02:58:13
    R       10.11.201.0/24 [120/2] via 10.14.201.102, vd42link0, 02:58:39
    R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 02:58:39
    R       10.12.101.0/24 [120/2] via 10.14.202.103, vd43link0, 02:58:39
    C       10.14.101.0/24 is directly connected, LoAccounting
    C       10.14.201.0/24 is directly connected, vd42link0
    C       10.14.202.0/24 is directly connected, vd43link0
    R       172.20.120.0/24 [120/2] via 10.14.201.102, vd42link0, 02:58:39
    # execute traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
     1  10.14.201.102  0.167 ms  0.063 ms  0.029 ms
     2  172.20.120.5  0.117 ms  0.073 ms  0.041 ms
     3  172.16.151.1  0.303 ms  0.273 ms  0.253 ms
Example 2- Additional link failures on Router2

In addition to the link failure on the ISP router in example, port1 and port3 on Router2 have also failed. This means that Router4 must go through Router3, Router1, Router2, then the ISP router to reach the internet. Note that, for a period of time, some routes' metrics increase to 16. If no better routes are found for these networks, then they eventually disappear.

After the convergence completes, the RIP database and routing table on Router4 should resemble the following:

# get router info rip database
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
       C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
   Network            Next Hop         Metric From            If     Time
R  0.0.0.0/0          10.14.202.103         5 10.14.202.103   vd43link0 02:54
R  10.11.101.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:54
R  10.11.201.0/24     10.14.202.103         3 10.14.202.103   vd43link0 02:54
R  10.11.202.0/24     10.14.202.103         2 10.14.202.103   vd43link0 02:54
Rc 10.14.101.0/24                           1                 LoAccounting
Rc 10.14.202.0/24                           1                 vd43link0
R  172.20.120.0/24    10.14.202.103         4 10.14.202.103   vd43link0 02:54
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
Routing table for VRF=0
R*      0.0.0.0/0 [120/5] via 10.14.202.103, vd43link0, 00:03:54
R       10.11.101.0/24 [120/3] via 10.14.202.103, vd43link0, 03:10:12
R       10.11.201.0/24 [120/3] via 10.14.202.103, vd43link0, 00:03:54
R       10.11.202.0/24 [120/2] via 10.14.202.103, vd43link0, 03:10:38
C       10.14.101.0/24 is directly connected, LoAccounting
C       10.14.202.0/24 is directly connected, vd43link0
R       172.20.120.0/24 [120/4] via 10.14.202.103, vd43link0, 00:03:54

Reaching the internet on the default gateway now requires five hops from Router4:

# execute traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  10.14.202.103  0.087 ms  0.026 ms  0.012 ms
 2  10.11.202.101  0.045 ms  0.024 ms  0.025 ms
 3  10.11.201.102  0.048 ms  0.024 ms  0.015 ms
 4  172.20.120.5  0.050 ms  0.028 ms  0.019 ms
 5  * * *