[FROG] No RIP packets, rejecting distribute-list and redistribute

[jimc]

Version: frr-7.5-3.3.x86_64 from OpenSuSE Tubleweed.
This is probably a near duplicate of bug 1279 (2017-10-02)
https://github.com/FRRouting/frr/issues/1279
except the OP omidit was trying to use BGP while I have RIP[ng].
I'm pointing the finger of blame at a documentation issue; in other
words, almost certainly my frr.conf file (appended with comments)
lacks some prerequisite which would resurrect the redistribute and
distribute-list commands.

Presenting symptoms: ripd and ripngd never emit any RIP[ng] packets,
even though the sub-router has a route to the subnet that I want
the local LAN to be able to reach.  Plus: when I specify
"redistribute" and "distribute-list", frr -C complains:

```
line 56: % Unknown command[4]: distribute-list xenanet in
line 57: % Unknown command[4]: distribute-list xenanet out
line 61: % Unknown command[4]: redistribute kernel
line 63: % Unknown command[4]: redistribute static
line 65: % Unknown command[4]: redistribute connected
```

Back in 1987 I could just start rpc.ripd on SunOS-3 (no authentication
in RIPv1), but 34 years later, Quagga looked like it gave a lot of
people a lot of trouble to configure it, so I thought to reinvent the
wheel.  But for political and national security reasons I think it would
be a real good idea to have open source routing used more widely, and
so I decided to give Quagga my best try.  It succumbed to the same issue
complained about here, attributed to an unfixed bug by many OP's, and
I dug through the source code but was not able to find the "bug".  But
I also hit references to FRR and tried it in the hope of a fix.  No such
luck.  Currently I'm guessing that the problem is not in the code but in
the documentation, so I've missed some important setup aspect.  I'm
planning to write up my experiences and of course it will include the
conf file.  In the appended instance I've retained comments, and if you
spot any misconceptions among them I would appreciate corrections, so
errors don't propagate.

```
# /etc/frr/frr.conf
# This file contains plaintext passwords and needs permission 640 
frr:frr
# Revision history:
#   2021-02-17	jimc	Becomes FRR (Free Range Routing) unified config 
file.
#   2021-02-04	jimc	Initial setup for Quagga / rip[ng]d, abandoned.

# hostname itsname # Default is the system's 1-component name per uname 
-n.

# Without a password, vtysh will not connect; the enable password 
enables
# interactive reconfiguration.  But it uses PAM; password not needed for 
root.
# Warning, security is not robust; turn this off in production.
password redacted#1
enable password redacted#2

# Log file for all daemons
log file /var/log/frr/frr.log

# /etc/frr/daemons controls which protocol daemons to start, but you 
also have
# to enable them.  Not needed for staticd or zebra.
router rip
#rejected: version 2	# Do not receive v1 (which can't do authentication)
router ripng

# "vtysh -C [-f other_file.conf]" will check the configuration file; 
default
# is /etc/frr/frr.conf.  It would appear that if no protocol is enabled 
(e.g.
# by "router rip") for which a particular command (e.g. "network") is 
relevant,
# the command is reported as "Unknown command[4]: network 
192.9.200.0/24", not
# considering the parameters (e.g. with "router ripng", the IPv4 version 
is
# not unknown).

# Interfaces with an IP address in this range may send and receive 
protocol
# packets.  You can also enable named interfaces e.g. en0.
network 192.9.200.0/24
network 2600:3c01:e000:306::/64

# We're only going to include these subnet(s) in incoming + outgoing 
packets.
# In Quagga you could also use an access-list.
ip prefix-list xenanet permit 192.9.200.176/29
ip prefix-list xenanet deny any

# Syntax: 'route-map' its_name permit|deny line_number; matches etc. 
follow.
# A number is a valid identifier and you confusingly see this in 
tutorials.
route-map cnmap permit 1
match ip address prefix-list xenanet
route-map cnmap deny 2

# Zebra can filter incoming routes per protocol or for any protocol.  It 
just
# ignores non-permitted routes.  Looks like the default is to deny 
everything.
ip protocol any route-map cnmap

# In incoming and outgoing packets, only the specified subnets are 
included.
distribute-list xenanet in
distribute-list xenanet out

# Daemons send routes that they learned from these sources.
# kernel = set in system routing table by non-FRR, e.g. "ip route 
add..."
redistribute kernel
# static = configured in a FRR conf file.  (CouchNet has none.)
redistribute static
# connected = seen in protocol packets from neighboring routers.
redistribute connected

# Turn on authentication (RIP v2 only).  Mode md5 (hiss, boo!) makes a 
HMAC
# over the packet with a pre-shared key prepended; the sender and 
receiver must
# use the same key.  It's OK to turn on auth for interfaces that don't 
exist.
key chain CouchNet
key 1
key-string redacted#3
interface en0
ip rip authentication mode md5
ip rip authentication key-chain CouchNet
interface br0
ip rip authentication mode md5
ip rip authentication key-chain CouchNet
interface rad0
ip rip authentication mode md5
ip rip authentication key-chain CouchNet
interface tun0
ip rip authentication mode md5
ip rip authentication key-chain CouchNet
interface tun1
ip rip authentication mode md5
ip rip authentication key-chain CouchNet
interface tun9
ip rip authentication mode md5
ip rip authentication key-chain CouchNet

# Default timer values are used.
#   update	30sec, send a gratuitous RIP packet this often.
#   timeout	180sec, a route absent from "learn from" sources (e.g.
#		neighbors) for this long is redistributed as expired.
#   garbage	120sec, after this long, expired routes are no longer 
announced.
```

-- 
James F. Carter   Email: jimc at jfcarter.net
Web: http://www.math.ucla.edu/~jimc (q.v. for PGP key)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20210225/ff8845e5/attachment.sig>