VRF
Define a VRF
Virtual Routing and Forwarding (VRF) is a technology that enables multiple isolated routing tables on a single physical router. Each VRF instance maintains its own routing table, which is separate and independent from the global routing table of the router. This allows multiple virtual networks to coexist on the same physical infrastructure while maintaining their privacy and isolation from one another.
Each VRF has its own set of interfaces, routes, and routing protocols, which means that traffic that enters one VRF is unaware of the existence of other VRFs on the same router. This allows for a more flexible and secure network design, where different departments or customers can have their own virtual network that is logically separated from other networks.
VRFs are commonly used in service provider environments, where they provide a way to offer VPN services to customers using the same infrastructure. VRFs can also be used in enterprise networks to separate traffic between departments or projects, or to connect to different cloud providers or internet service providers using separate routing tables.
- vrf VRF_NAME
The vrf command is used to create a Virtual Routing and Forwarding (VRF) instance in a device.
VRF_NAME: is the name of the VRF instance to be created.
Example :
soodar(config)# vrf vrf-greenThis creates a VRF instance named
vrf-green. Once the VRF instance is created, it can be used to configure routing protocols, interface settings, and other network services for that particular VRF.
Add an interface to VRF
- ip vrf forwarding NAME
The command is used to enable a Virtual Routing and Forwarding (VRF) instance and associate it with an interface or sub-interface.
NAME: is the name of the VRF that will be enabled and associated with the interface.
Example :
soodar(config)# vrf vrf-green soodar(config)# interface ge1 soodar(config-if)# ip vrf forwarding vrf-green
In the above example, the VRF named vrf-green is enabled and associated with the ge1 interface. Any traffic that enters this interface is associated with the VRF and is forwarded according to the routing table configured for that VRF.
- no ip vrf forwarding [NAME]
The command is used to disable the forwarding of packets to a Virtual Routing and Forwarding (VRF) instance on an interface. In other words, it associates the interface with the default VRF.
Note
When adding/removing interfaces to/from a VRF, make sure no valid IP is set on it.
Example:
n1(config)# int ge3 n1(config-if)# ip vrf forwarding vrf-green n1(config-if)# ip address 200.1.2.20/24
VRF Configuration examples
VRF Trunking
Example :
n1(config)# int ge1.100 n1(config-if)# encapsulation dot1q 100 n1(config-if)# ip vrf forwarding vrf-green n1(config-if)# ip address 200.1.2.20/24 n1(config)# int ge2 n1(config-if)# rewrite tag push 1 dot1q 300
Dynamic routing in VRF
Example:
soodar3(config)# router ospf vrf vrf-green soodar3(config-router)# network 200.2.3.0/24 area 0 soodar3(config-router)# network 3.2.1.0/24 area 0 soodar3(config-if) # end
VRF FIB
Example:
soodar1# sh ip ospf vrf vrf-green route soodar1# sh ip fib vrf vrf-green soodar1# sh ip fib vrf all
Display VRF info
Logging
Debugging logs can be set in case of need.
- [no] debug vrf event
logs data plane installation processes and results