RIP (Routing Information Protocol)
RIP (Routing Information Protocol)
Section titled “RIP (Routing Information Protocol)”TL;DR (Quick Start)
Section titled “TL;DR (Quick Start)”For the impatient: basic RIP setup in RouterOS v7.
# Create RIP instance with redistribution/routing/rip/instance/add name=rip1 redistribute=connected,static
# Add interfaces to RIP/routing/rip/interface-template/add instance=rip1 interfaces=ether2,ether3Verify with:
/routing/rip/neighbor/printOverview
Section titled “Overview”
What this does: RIP (Routing Information Protocol) is a distance-vector routing protocol that automatically shares routing information between routers. It uses hop count as its metric, selecting routes with the fewest hops.
When to use this:
- Small networks (15 hops or fewer between any routers)
- Simple dynamic routing requirements
- Legacy environments requiring RIP compatibility
- Learning dynamic routing concepts
Prerequisites:
- IP addresses configured on participating interfaces
- Firewall allowing UDP port 520
- Multicast 224.0.0.9 reachable (or use static neighbors)
15 Hop Limit
RIP has a maximum metric of 15 hops. Routes requiring 16+ hops are considered unreachable. For larger networks, use OSPF instead.
Configuration Steps
Section titled “Configuration Steps”
Step 1: Create RIP Instance
Section titled “Step 1: Create RIP Instance”Create an instance with route redistribution:
/routing/rip/instance/add name=rip1 redistribute=connected,staticThe redistribute setting determines which routes RIP advertises:
connected: Directly connected networksstatic: Static routesospf: Routes from OSPFbgp: Routes from BGP
Step 2: Add Interface Template
Section titled “Step 2: Add Interface Template”Define which interfaces participate in RIP:
/routing/rip/interface-template/add instance=rip1 interfaces=ether2,ether3You can use wildcards: interfaces=ether* or interfaces=bridge1,vlan*
Step 3: Verify Neighbors
Section titled “Step 3: Verify Neighbors”Check that RIP neighbors are discovered:
/routing/rip/neighbor/printExpected output:
Columns: INSTANCE, ADDRESS, PACKETS-RX, PACKETS-TX, ENTRIES# INSTANCE ADDRESS PACKETS-RX PACKETS-TX ENTRIES0 rip1 192.168.1.2 125 130 12Step 4: Verify Routes
Section titled “Step 4: Verify Routes”Check that RIP routes are in the routing table:
/ip/route/print where routing-table=main protocol=ripCommon Scenarios
Section titled “Common Scenarios”Scenario: RIP with MD5 Authentication (v7.10+)
Section titled “Scenario: RIP with MD5 Authentication (v7.10+)”Secure RIP with MD5 authentication:
Step 1: Create key chain
/routing/rip/keys/add chain=rip-auth key=secretkey123 key-id=1Step 2: Apply to interface template
/routing/rip/interface-template/add instance=rip1 interfaces=ether2 key-chain=rip-authBoth routers must have identical key configuration.
Scenario: Plain-Text Authentication
Section titled “Scenario: Plain-Text Authentication”For environments not requiring strong security:
/routing/rip/interface-template/add instance=rip1 interfaces=ether2 password=simplepassScenario: Passive Interface (Receive Only)
Section titled “Scenario: Passive Interface (Receive Only)”Receive RIP routes without advertising:
/routing/rip/interface-template/add instance=rip1 interfaces=ether1 mode=passiveUse case: Receiving routes from an upstream ISP without advertising your networks.
Scenario: Advertise Default Route
Section titled “Scenario: Advertise Default Route”Advertise a default route to RIP neighbors:
/routing/rip/instance/set rip1 originate-default=alwaysOptions:
never: Don’t originate default (default)always: Always advertise defaultif-installed: Only if default route exists in routing table
Scenario: Filter Advertised Routes
Section titled “Scenario: Filter Advertised Routes”Control which routes are advertised:
Step 1: Create output filter
/routing/filter/rule/add chain=rip-out rule="if (dst in 192.168.0.0/16 && dst-len>=16 && dst-len<=24) { accept }"/routing/filter/rule/add chain=rip-out rule="reject"Step 2: Apply to instance
/routing/rip/instance/set rip1 out-filter-chain=rip-outDo not use protocol rip in filter rules when filtering redistributed connected/static routes. This only matches routes learned from other RIP speakers.
Scenario: Static Neighbor (Unicast)
Section titled “Scenario: Static Neighbor (Unicast)”When multicast doesn’t work (filtered switches, tunnels):
/routing/rip/static-neighbor/add instance=rip1 address=192.168.1.2Scenario: IPv6 RIPng
Section titled “Scenario: IPv6 RIPng”Configure RIP for IPv6:
/routing/rip/instance/add name=ripng afi=ipv6 redistribute=connected/routing/rip/interface-template/add instance=ripng interfaces=ether2Scenario: Adjust RIP Timers
Section titled “Scenario: Adjust RIP Timers”Customize update and timeout intervals:
/routing/rip/instance/set rip1 update-interval=15s route-timeout=90s route-gc-timeout=60sDefault timers:
update-interval: 30s (sends updates)route-timeout: 180s (marks route invalid)route-gc-timeout: 120s (removes invalid route)
Scenario: Enable Split-Horizon with Poison-Reverse
Section titled “Scenario: Enable Split-Horizon with Poison-Reverse”For better loop prevention:
/routing/rip/interface-template/set [find instance=rip1] split-horizon=yes poison-reverse=yes- Split-horizon: Don’t advertise routes back to the learning interface
- Poison-reverse: Advertise learned routes back with metric 16 (unreachable)
Scenario: Adjust Interface Cost
Section titled “Scenario: Adjust Interface Cost”Add metric to routes learned on an interface:
/routing/rip/interface-template/set [find interfaces=ether3] cost=5Routes learned via ether3 will have 5 added to their metric.
Verification
Section titled “Verification”Confirm RIP is working correctly:
Check 1: Verify Instance
Section titled “Check 1: Verify Instance”/routing/rip/instance/printExpected: Instance with redistribute settings.
Check 2: Verify Interface Templates
Section titled “Check 2: Verify Interface Templates”/routing/rip/interface-template/printExpected: Templates with interfaces defined.
Check 3: View Active Interfaces
Section titled “Check 3: View Active Interfaces”/routing/rip/interface/printExpected: Interfaces running RIP.
Check 4: Check Neighbors
Section titled “Check 4: Check Neighbors”/routing/rip/neighbor/printExpected: Neighbor addresses with packet counts.
Check 5: View RIP Routes
Section titled “Check 5: View RIP Routes”/ip/route/print where protocol=ripExpected: Routes with rip protocol.
Check 6: Check for Errors
Section titled “Check 6: Check for Errors”/routing/rip/neighbor/printLook at packets-bad and entries-bad columns for authentication issues.
Troubleshooting
Section titled “Troubleshooting”| Symptom | Cause | Solution |
|---|---|---|
| No routes advertised | redistribute not set | Add redistribute=connected,static to instance |
| Routes received but inactive | Firmware bug or gateway unreachable | Reboot router; verify gateway connectivity |
| No neighbors discovered | Firewall blocking UDP 520 or multicast | Allow UDP 520; check multicast 224.0.0.9 |
| Routes exceed 15 hops | Network too large for RIP | Use OSPF instead; reduce network diameter |
| Output filter blocking routes | Using protocol rip in filter | Remove protocol matcher; filter by destination only |
| Authentication failures | Key mismatch | Verify identical key-chain on both routers |
| Passive mode not receiving | Interface not in template | Add interface to template with mode=passive |
| v7 neighbor not showing | Neighbors show only when exchanging routes | Wait for updates; check interface templates |
Debug: Enable RIP Logging
Section titled “Debug: Enable RIP Logging”/system/logging/add topics=rip,!raw action=memory/log/print where topics~"rip"Debug: Check Bad Packets
Section titled “Debug: Check Bad Packets”/routing/rip/neighbor/printIncreasing packets-bad indicates authentication or protocol issues.
Debug: Verify Multicast Reachability
Section titled “Debug: Verify Multicast Reachability”/tool/ping 224.0.0.9 interface=ether2 count=3If multicast fails, use static neighbors.
Common Mistakes
- Forgetting
redistribute- v7 requires explicit redistribution; adding interfaces alone isn’t enough - Using
protocol ripin filters - This only matches RIP-learned routes, not redistributed connected/static - Subnet mismatch - Both routers must have interfaces in the same subnet for RIP to work
- Missing interface-template - Without it, the interface doesn’t join multicast group 224.0.0.9
- Network too large - RIP cannot handle networks with more than 15 hops; use OSPF
RIP Timers Explained
Section titled “RIP Timers Explained”
| Timer | Default | Purpose |
|---|---|---|
update-interval | 30s | Send routing updates |
route-timeout | 180s | Mark route invalid if no updates |
route-gc-timeout | 120s | Remove invalid route from table |
Convergence time = route-timeout + route-gc-timeout = 5 minutes by default.
Related Topics
Section titled “Related Topics”Routing Alternatives
Section titled “Routing Alternatives”- OSPF - preferred for larger networks
- BGP - external routing protocol
- Static Routes - can be redistributed into RIP
Route Management
Section titled “Route Management”- Routing Filters - filter RIP routes
- Routing Tables - multiple routing tables
Infrastructure
Section titled “Infrastructure”- Firewall Basics - allow UDP 520 for RIP
- IP Addresses - interface addressing
Reference
Section titled “Reference”- MikroTik RIP Documentation
- RFC 2453 - RIPv2
Key Commands Reference
Section titled “Key Commands Reference”| Command | Description |
|---|---|
/routing/rip/instance/add | Create RIP instance |
/routing/rip/instance/print | View instances |
/routing/rip/interface-template/add | Add interfaces to RIP |
/routing/rip/interface/print | View active interfaces |
/routing/rip/neighbor/print | View discovered neighbors |
/routing/rip/static-neighbor/add | Add unicast neighbor |
/routing/rip/keys/add | Create authentication key |
Instance Properties
Section titled “Instance Properties”| Property | Type | Default | Description |
|---|---|---|---|
name | string | - | Instance identifier |
vrf | string | main | VRF for this instance |
afi | ipv4/ipv6 | ipv4 | Address family |
redistribute | list | - | Sources: connected, static, ospf, bgp |
originate-default | enum | never | Advertise default route |
update-interval | time | 30s | Route update interval |
route-timeout | time | 180s | Route invalidation timeout |
route-gc-timeout | time | 120s | Garbage collection timeout |
in-filter-chain | string | - | Input routing filter |
out-filter-chain | string | - | Output routing filter |
Interface Template Properties
Section titled “Interface Template Properties”| Property | Type | Default | Description |
|---|---|---|---|
instance | string | - | Associated RIP instance |
interfaces | string | - | Interface patterns |
cost | integer | 1 | Metric added to routes (1-15) |
split-horizon | yes/no | yes | Enable split-horizon |
poison-reverse | yes/no | no | Enable poison-reverse |
mode | enum | - | passive = receive only |
key-chain | string | - | MD5 authentication key chain |
password | string | - | Plain-text authentication |
Authentication Keys Properties
Section titled “Authentication Keys Properties”| Property | Type | Default | Description |
|---|---|---|---|
chain | string | - | Key chain name |
key | string | - | MD5 secret (max 16 chars) |
key-id | integer | - | Key identifier (0-255) |
valid-from | datetime | - | Key activation time |
valid-till | datetime | - | Key expiration time |
Protocol Limitations
Section titled “Protocol Limitations”| Limitation | Value |
|---|---|
| Maximum hop count | 15 |
| Unreachable metric | 16 (infinity) |
| RIPv1 support | Not supported |
| Route summarization | Not supported |
| Default update interval | 30 seconds |
| Typical convergence | 3-5 minutes |