Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

RIP summary addresses do not appear to honor split horizon or posion reverse



Article ID: KB11544 KB Last Updated: 19 Jun 2010Version: 3.0
RIP summary address is advertised out the same interface when it learns a particular route from the summarized prefix.

Split Horizon and Poison Reverse do not seem to work properly when it comes to RIP summary routes.   See below for an explanation.


Let's say is advertised via RIPv2 from FW-A to FW-B.  It arrives on FW-B's e1/1 interface.  FW-B has a RIP summary route for and this is configured to be advertised out e1/1 as well.  So, due to split horizon and poison reverse, you would think that this summary route would be "poisoned" and would not be sent out e1/1 due to the fact that FW-B is learning a subset of this summary route, from FW-A.  This is not the case however as FW-B advertises the summary route to FW-A.

Debug output from FW-B :

## 2008-04-27 01:30:39 : rip: [rx] RIP packet on interface ethernet1/1, vr (trust-vr)
## 2008-04-27 01:30:39 : rip: update on ifp ethernet1/1 from, RIP port 520
## 2008-04-27 01:30:39 : rip: [rx], nhop, metric 16, tag 0
## 2008-04-27 01:30:39 : rip: update ignored
## 2008-04-27 01:30:39 : rip: [rx], nhop, metric 2, tag 0
## 2008-04-27 01:30:39 : rip: resetting timer for existing route
## 2008-04-27 01:30:59 : rip: send timer-driven update on ethernet1/1
## 2008-04-27 01:30:59 : rip: [tx] nhop met 2 tag 0
## 2008-04-27 01:30:59 : rip: [tx] number of routes: 1
## 2008-04-27 01:30:59 : rip: [tx] pkt dest, len 24, ifp ethernet1/1
## 2008-04-27 01:31:07 : rip: received packet> on interface ethernet1/1, len 44 "

This behavior is by design and is not a bug.  Because the summary route is configured on the firewall, FW-B in the above example, and because it differs from what is learned from FW-A, i.e., the summary route should be advertised as normal.  In this scenario, split horizon and poison reverse do not apply. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search