VRF-lite
Virtual Routing and Forwarding - lite
General information on “VRF-lite”:
- VRF-lite = VRF without MPLS
- VRF creates virtual router instances within a router
- Each VRF instance maintains its own routing table
- By default, VRF instances don’t know about each others routing table
- VRF instances are mapped to interfaces
- If the VRF instance is mapped after the interface' IP is configured, it will drop the IP configuration
- Two or more interfaces can have the same IP address and subnet if they’re in different VRFs
VRF feature route-replicate:
- With route-replicate it’s possible to “copy” the routes from one VRF routing table to another VRF routing table
VRF feature “Route Distinguisher (RD)":
- MP-BGP feature
- When several VRFs use the same subnet there needs to be a way to keep track of which routes belong to which VRF
- RDs add a 8-byte identifier to each route to distinguish them from each other Can only be set globally for the VRF
- RDs don’t need to be configured by default but have to when route-sharing is used
- Types of RDs:
- Type 0: 2-byte ASN + 4-byte value (used for VPNv4 prefixes)
- Type 1: 4-byte IP + 2-byte value (used for VPNv4 prefixes)
- Type 2: 4-byte ASN + 2-byte value (used to signal multicast VPN)
- RD + IPv4/v6 prefix = VPNv4/v6 prefix
- Example (Type 0): RD is 65432:100, IPv4 prefix is 10.0.0.0/24 = VPNv4 prefix will be 0:65432:100:10.0.0.0
- Example (Type 1): RD is 172.16.1.1:100, IPv4 prefix is 10.0.0.0/24 = VPNv4 prefix will be 1:172.16.1.1:100:10.0.0.0
- Example (Type 2): RD is 65432:100, IPv4 prefix is 10.0.0.0/24 = VPNv4 prefix will be 2:65432:100:10.0.0.0
VRF feature “Route Targets (RT)":
- MP-BGP feature
- A RT is simply an extended community value for a route
- Used to share routes between different VRFs
- RT is a 8-byte field
- The export keyword defines the value which an VRF exports its own routes to
- The import keyword defines the value which an VRF imports routes from
- Thumb rule is to use the same RD/RT for a given VRF (doesn’t have to be but makes it less confusing)
- Can be set differently for the IPv4 and IPv6 address-family
- Important: Export RTs are attached as BGP extended community to prefixes received from CE routers!
VRF feature “Import/Export map”:
- MP-BGP feature
- Route leaking/sharing between VRFs is normally done using Route Targets
- But this method is not suitable between when routes from/to the global VRF need to be imported/exported
- To accomplish route leaking/sharing from/to the global VRF, import/export maps must be used
- Important: The prefix must be in the BGP table to be able to be imported/exported!
Configuration steps of “VRF-lite”:
- Create VRF instance
- Map interface to VRF instance
- Configure the interface (IP address, …)
- Map routing protocol instance to VRF instance
- Configure the routing protocol instance
“VRF(-Lite)” CLI configuration commands:
## Configuring a VRF
Router(config)# vrf definition <vrf-name>
Router(config-vrf)# address-family [ipv4 | ipv6]
## Assigning an interface to a VRF
Router(config)# interface <if>
Router(config-if)# vrf forwarding <vrf-name>
## Replicating routes within a VRF
Router(config)# vrf definition <vrf-name>
Router(config-vrf)# address-family [ipv4 | ipv6]
Router(config-vrf-af)# route-replicate from vrf [global | WORD] [unicast | multicast] [protocol] route-map [ROUTE-MAP-NAME]
## Configuring a Route Distinguisher (RD)
Router(config)# vrf definition <vrf-name>
Router(config-vrf)# rd <rd-value>
## Configuring a Route Target (RT)
Router(config)# vrf definition <vrf-name>
Router(config-vrf)# route-target [export | import] <rt-value>
## Configuring route leaking between GRT and VRF using import/export maps
Router(config)# vrf definition <vrf-name>
Router(config-vrf)# address-family [ipv4 | ipv6]
Router(config-vrf-af)# [import | export] [ipv4 | ipv6] unicast map [ROUTE-MAP-NAME]
“VRF(-Lite)” CLI show commands:
## Showing a brief overview of all VRFs
Router# show vrf
## Showing a brief overview of a specific VRF
Router# show vrf <vrf-name>
## Showing detailed information of all VRFs
Router# show vrf detail
## Showing detailed information for a specific VRFs
Router# show vrf detail <vrf-name>
## Showing interfaces and their VRF belonging
Router# show vrf [ipv4 | ipv6] interfaces
## Showing the routing table for a specific VRF
Router# show [ip | ipv6] route vrf <vrf-name>