[FROG] RIP route announcements & OpenVPN
renato at opensourcerouting.org
Mon Oct 2 14:28:46 EDT 2017
On Mon, Oct 2, 2017 at 11:10 AM, Jim Carroll <jim at carroll.com> wrote:
> We manage a large network of OpenVPN clients that connect into a central
> location (think Hub & Spoke design). We have a need to distribute RIP routes
> to these remote machines – but we’ve run into a design limitation of RIP and
> was hoping for some guidance.
> RIPd will not send out announcements through an interface that it knows it
> learned the routes from (which I believe is 100% in keeping with the RFC).
> The problem for us is these remote hosts connect into a single tap
> interface, which OpenVPN uses to maintain their tunnels. This means the Hub
> can receive routes from the remote hosts, but it will not send out route
> announcements to the tap that it learns from the remote hosts so that the
> remotes can then reach other.
> We have experimented with using the RIP neighbor statement to try to force
> RIPd to override this restriction, but it looks like this is not honored.
> That RIPd still will refuse to send out routes to a tap interface from which
> it sees it learned the route from.
> We know we could define a series of point-to-point gre tunnels between each
> remote host and the RIPd hub, and then configure RIPd to distribute routes
> over each individual gre interface, but this is pretty messy, and we were
> hoping someone else might have a better idea.
The ripd's "neighbor" command should be working, I remember fixing it
a while ago . Static neighbors shouldn't prevent split horizon from
happening thought. What you need to do is to disable split horizon in
the hub with the following command: no ip rip split-horizon. As far as
my knowledge goes, disabling split horizon is safe and a standard
practice when deploying distance vector protocols on hub-and-spoke
More information about the frog