Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

RIP summary addresses do not appear to honor split horizon or posion reverse

0

0

Article ID: KB11544 KB Last Updated: 19 Jun 2010Version: 3.0
Summary:
RIP summary address is advertised out the same interface when it learns a particular route from the summarized prefix.
Symptoms:

Split Horizon and Poison Reverse do not seem to work properly when it comes to RIP summary routes.   See below for an explanation.

Example:

Let's say 172.16.1.0/30 is advertised via RIPv2 from FW-A to FW-B.  It arrives on FW-B's e1/1 interface.  FW-B has a RIP summary route for 172.16.0.0/16 and this is configured to be advertised out e1/1 as well.  So, due to split horizon and poison reverse, you would think that this summary route would be "poisoned" and would not be sent out e1/1 due to the fact that FW-B is learning a subset of this summary route, 172.16.1.0/30 from FW-A.  This is not the case however as FW-B advertises the summary route to FW-A.

Debug output from FW-B :

## 2008-04-27 01:30:39 : rip: [rx] RIP packet on interface ethernet1/1, vr (trust-vr)
## 2008-04-27 01:30:39 : rip: update on ifp ethernet1/1 from 192.168.1.2, RIP port 520
## 2008-04-27 01:30:39 : rip: [rx] 172.16.0.0/16, nhop 192.168.1.2, metric 16, tag 0
## 2008-04-27 01:30:39 : rip: update ignored
## 2008-04-27 01:30:39 : rip: [rx] 172.16.1.0/30, nhop 192.168.1.2, metric 2, tag 0
## 2008-04-27 01:30:39 : rip: resetting timer for existing route
## 2008-04-27 01:30:59 : rip: send timer-driven update on ethernet1/1
## 2008-04-27 01:30:59 : rip: [tx] 172.16.0.0/16 nhop 0.0.0.0 met 2 tag 0
## 2008-04-27 01:30:59 : rip: [tx] number of routes: 1
## 2008-04-27 01:30:59 : rip: [tx] pkt dest 224.0.0.9, len 24, ifp ethernet1/1
## 2008-04-27 01:31:07 : rip: received packet 192.168.1.2->224.0.0.9 on interface ethernet1/1, len 44 "

Solution:
This behavior is by design and is not a bug.  Because the summary route is configured on the firewall, FW-B in the above example, and because it differs from what is learned from FW-A, i.e. 172.16.1.0/30, the summary route should be advertised as normal.  In this scenario, split horizon and poison reverse do not apply. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search