Distance-Vector Routing and RIP
Bellman-Ford on the control plane — each router advertises distances to its neighbours, count-to-infinity, split-horizon, poison-reverse, and why RIP capped at 15 hops.
What it is#
Distance-vector routing is a class of routing-protocol designs where each router maintains a table of distances to every known destination and the next-hop neighbour that achieves that distance. Routers periodically exchange their distance tables with directly-connected neighbours; each router relaxes its own table using the Bellman-Ford equation D(x, y) = min over neighbours v of (cost(x, v) + D(v, y)). Over time, distances converge to the shortest paths.
RIP (Routing Information Protocol, RFC 2453 for v2, RFC 1058 for v1) is the canonical distance-vector implementation. It treats hop count as the distance metric, broadcasts the full routing table every 30 seconds on UDP port 520, and caps the network diameter at 15 hops — anything 16 or more is “infinity” (unreachable). RIPng (RFC 2080) is the IPv6 variant.
RIP is mostly historical now — OSPF and IS-IS replaced it inside enterprises and ISPs decades ago. But the distance-vector pattern lives on in EIGRP (Cisco proprietary, a more sophisticated distance-vector) and crucially in BGP (a path-vector, which is distance-vector with extra path information). Understanding RIP is the cheapest way to internalise count-to-infinity and the standard mitigations.
When to use it#
You almost never deploy RIP in greenfield production today. It still shows up in:
- Small office / branch networks. Tens of routers, one administrator, “any routing protocol is fine.” RIPv2 still ships in consumer and small-business gear.
- Lab and exam environments. RIP is the simplest routing protocol to explain — it’s a fixture in CCNA / network-fundamentals courses.
- Legacy interconnects. Two old routers that only speak RIP, kept alive because nobody has the time or budget to migrate. The classic “untouched corner of the network.”
- Teaching count-to-infinity. RIP is the cleanest exhibit of the problem and the textbook mitigations.
Reach for OSPF (link-state, fast convergence, hierarchical) or IS-IS for any new intradomain deployment of meaningful size. Reach for BGP for interdomain. Reach for static routes when the topology is small enough that any dynamic protocol is overkill.
How it works#
The Bellman-Ford relaxation#
Each router maintains a vector D_x indexed by destination, where D_x[y] is the current best-known cost from x to y. On receiving a neighbour v’s vector D_v, router x updates:
for each destination y in D_v: candidate = cost(x, v) + D_v[y] if candidate < D_x[y] or next_hop(x, y) == v: D_x[y] = candidate next_hop(x, y) = vThe second condition — “or my current next hop is v” — forces re-evaluation when the neighbour I was routing through reports a higher cost. Without it, increases never propagate.
A small example#
Topology (link costs all 1):
A ---- B ---- C ---- D
Initial vectors: A: {A:0, B:1, C:inf, D:inf} B: {A:1, B:0, C:1, D:inf} C: {A:inf,B:1, C:0, D:1 } D: {A:inf,B:inf,C:1, D:0 }
Round 1 (B and C exchange with neighbours): A learns from B: C=2, D=inf B learns from C: D=2 C learns from B: A=2 D learns from C: A=inf, B=2
After Round 2: all distances converge. A: {A:0, B:1, C:2, D:3} B: {A:1, B:0, C:1, D:2} C: {A:2, B:1, C:0, D:1} D: {A:3, B:2, C:1, D:0}The protocol converges in O(diameter) rounds when costs only decrease. Convergence on cost increase is where the trouble starts.
Count-to-infinity#
When a link fails, distance-vector protocols can take many rounds to learn the new reality:
Topology: A ---- B ---- C (link A-B costs 1, B-C costs 1)
A knows: D[C] = 2 via BB knows: D[C] = 1 via CC knows: D[C] = 0
The B-C link fails. B's true D[C] is now infinity.
Round 1: B receives A's stale vector saying D[C] = 2. B believes: "I can reach C via A with cost 1 + 2 = 3." B updates D[C] = 3, next hop = A.
Round 2: A receives B's new vector D[C] = 3. A updates D[C] = 1 + 3 = 4.
Round 3: B updates to 5. Round 4: A updates to 6.... and so on, slowly counting upward to infinity.The fix is to declare a finite “infinity” — RIP picks 16 — so the count terminates quickly. The cost is that the protocol cannot represent networks more than 15 hops in diameter.
Split horizon and poison reverse#
Two stronger mitigations:
- Split horizon. A router does not advertise a route back out the interface it learned the route from. B never tells A “I can reach C”, because B learned about C from A. Removes the most common count-to-infinity loop.
- Poison reverse. A stronger version — B does advertise C back to A, but with distance infinity (16). This actively poisons any stale entry A might have.
Both help two-router loops; neither prevents larger cycles (three or more routers can still form a loop that split-horizon does not see).
RIP packet format#
RIP runs on UDP port 520. Each message carries up to 25 route entries:
+-------+-------+----------+| cmd | ver | unused | cmd = 1 (request) or 2 (response)+-------+-------+----------+ ver = 1 or 2| Address Family Identifier|+-------+-------+----------+| Route tag (RIPv2) | v2 adds: subnet mask, next hop, route tag+--------------------------+| IP address (4 bytes) |+--------------------------+| Subnet mask (RIPv2) |+--------------------------+| Next hop (RIPv2) |+--------------------------+| Metric (1..16) |+--------------------------+| (repeat for up to 25) |Timers worth knowing:
Update timer 30s send full table to neighboursInvalid timer 180s mark route invalid if no update in this windowHolddown timer 180s refuse updates with worse metric during this windowFlush timer 240s remove route from table after this windowTriggered updates#
To shorten convergence, RIP also sends triggered updates when a route changes — not waiting for the next 30-second cycle. Combined with split horizon and poison reverse, this brings small networks to convergence within a few seconds.
Variants#
- RIPv1 (RFC 1058, 1988). Classful — no subnet mask in updates, broadcasts to
255.255.255.255. Effectively obsolete. - RIPv2 (RFC 2453, 1998). Classless — carries subnet masks, multicasts to
224.0.0.9, supports MD5 authentication. The version still seen in the wild. - RIPng (RFC 2080). IPv6 variant; uses UDP port 521, multicast to
ff02::9, leans on IPsec for authentication. - EIGRP (Enhanced Interior Gateway Routing Protocol). Cisco proprietary (now informational RFC 7868). A distance-vector with diffusing-update algorithm (DUAL), composite metrics (bandwidth + delay), and feasible-successor backups — converges in seconds on changes. Mostly Cisco-only deployments.
- BGP. Strictly a path-vector — each advertisement carries the full AS-path, not just a distance. The path information is what lets BGP detect and reject loops without a 15-hop cap.
- Distance-vector with hop-count vs link-cost. RIP uses hop count (every link = 1). EIGRP and modern variants use composite metrics. Hop count is simple but blind to bandwidth (a 10 Mbps backup link looks identical to a 100 Gbps main link).
Trade-offs#
Other tensions:
- Periodic full-table broadcast. RIP sends the whole table every 30 seconds even when nothing changed. Wasted bandwidth on large tables; fine on tiny networks.
- Metric design. Hop count is easy to explain but cannot distinguish a 1 Gbps link from a 10 Mbps one. Composite metrics (EIGRP) capture more but require careful tuning to avoid oscillation.
- Authentication. RIPv1 had none; RIPv2 added MD5; RIPng leans on IPsec. Without auth, an attacker on a shared LAN can inject routes.
- Scaling. RIP’s 15-hop cap and full-table broadcast make it unsuitable above ~50 routers. OSPF areas push this to thousands. BGP scales to the global Internet’s
~75,000ASes.
Why does the Internet use BGP, not OSPF, between ISPs?
Link-state protocols flood full topology information to every participant. Telecoms and ISPs do not want competitors knowing their internal topology, and the global topology is too large to flood anyway. BGP exchanges only reachability — “I can reach this prefix via this AS path” — without internal detail. BGP also supports rich policy (prefer customer routes over peer routes over transit routes), which OSPF cannot express. Inside an AS, OSPF or IS-IS is the right answer; between ASes, BGP is the only viable choice.
Common pitfalls#
- Believing split horizon is sufficient. It only prevents two-router loops. Larger topologies can still count to infinity.
- Skipping authentication. A laptop plugged into the LAN running a rogue RIP daemon can advertise itself as the default route — a man-in-the-middle attack with zero exploitation effort. Always configure RIPv2 MD5 auth.
- Confusing distance-vector with path-vector. BGP looks superficially like distance-vector but carries the full AS-path. The path detection makes BGP loop-free without a 15-hop cap.
- Using hop count where bandwidth matters. A direct slow link beats a multi-hop fast one in RIP’s view. Result: traffic congests the slow backup.
- Forgetting the
holddownsemantics. During holddown, a router refuses updates with worse metrics for the suppressed route — this is what prevents flapping but also delays legitimate recovery if the route is genuinely down then back up quickly. - Tuning timers without testing. Shortening the update interval helps convergence but multiplies broadcast load. The default 30 second / 180 second / 240 second triple was chosen as a compromise; deviate carefully.
- Treating RIP as adequate at scale. Above ~25 routers convergence times and broadcast load become painful. Migrate to OSPF or IS-IS.
- Misreading metric 16 as “16 hops”. It is infinity — the route is dead. RIP routes never have metric 16 in normal operation.
Related building blocks#