![Virtual Routing and Forwarding
Virtual Routing and Forwarding (Cont.)
The following steps are required to create a VRF and assign it to an interface:
Step 1. Create a multiprotocol VRF routing table by using the command vrf definition vrf-name.
Step 2. Initialize the appropriate address family by using the command address-family {ipv4 | ipv6}. The
address family can be IPv4, IPv6, or both.
Step 3. Enter interface configuration submode and specify the interface to be associated with the VRF
instance by using the command interface interface-id.
Step 4. Associate the VRF instance to the interface or subinterface by entering the command vrf
forwarding vrf-name under interface configuration submode.
Step 5. Configure an IP address (IPv4, IPv6, or both) on the interface or subinterface by entering either or
both of the following commands:
IPv4 - ip address ip-address subnet-mask [secondary]
IPv6 - ipv6 address ipv6-address/prefix-length](https://image.slidesharecdn.com/intrdouctiontovrfimplementation-220602112544-c2c60dce/85/Intrdouction-to-VRF-Implementation-pdf-6-320.jpg)
Intrdouction to VRF Implementation.pdf
- 2. 2 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Virtual Routing and Forwarding • Virtual routing and forwarding (VRF) is a technology that creates separate virtual routers on a physical router. • Router interfaces, routing tables, and forwarding tables are completely isolated between VRFs, preventing traffic from one VRF from forwarding into another VRF. • All router interfaces belong to the global VRF until they are specifically assigned to a user-defined VRF.
- 3. • Virtual Routing and Forwarding or VRF is a technology that supports multiple routing instance inside a single router (or layer-3 switch). This means a single router can have multiple separated routing table and each one is completely independent. Due to its independency, it also allows the usage of overlapping IP address. Cisco IOS router supports VRF by default. • Usage of overlapping address should be avoided as much as possible. However, there are certain causes where this condition is unavoidable (usually happens in a service provider network), and this is one of the reasons why understanding the way to configure VRF in Cisco IOS router is important. Virtual Routing and Forwarding (Cont.)
- 4. Virtual Routing and Forwarding (Cont.) The global VRF is identical to the regular routing table of non-VRF routers: • Every router’s VRF maintains a separate routing table; it is possible to allow for overlapping IP address ranges. • VRF creates segmentation between network interfaces, network subinterfaces, IP addresses, and routing tables. • Configuring VRF on a router ensures that the paths are isolated, network security is increased, and encrypting traffic on the network is not needed to maintain privacy between VRF instances.
- 5. Virtual Routing and Forwarding (Cont.) • Figure 6-14 shows two routers to help visualize the VRF routing table concept. • One of the routers has no VRFs configured, and the other one has a management VRF instance named MGMT. • The creation of multiprotocol VRF instances requires the global configuration command vrf definition vrf-name. • Under the VRF definition submode, the command address-family {ipv4 | ipv6} is required to specify the appropriate address family. • The VRF instance is then associated to the interface with the command vrf forwarding vrf-name under the interface configuration submode.
- 6. Virtual Routing and Forwarding Virtual Routing and Forwarding (Cont.) The following steps are required to create a VRF and assign it to an interface: Step 1. Create a multiprotocol VRF routing table by using the command vrf definition vrf-name. Step 2. Initialize the appropriate address family by using the command address-family {ipv4 | ipv6}. The address family can be IPv4, IPv6, or both. Step 3. Enter interface configuration submode and specify the interface to be associated with the VRF instance by using the command interface interface-id. Step 4. Associate the VRF instance to the interface or subinterface by entering the command vrf forwarding vrf-name under interface configuration submode. Step 5. Configure an IP address (IPv4, IPv6, or both) on the interface or subinterface by entering either or both of the following commands: IPv4 - ip address ip-address subnet-mask [secondary] IPv6 - ipv6 address ipv6-address/prefix-length
- 7. • In this scenario, a service provider named ISPx have two customers, namely “Company A” and “Company B”. ISPx uses a single router named MBG001 and it is shared for both company “A” and “B”. Interface f0/0 on MBG001 connected to a switch and the switch connected to each of the company network. • The goal is to make company “A” network able to access Loopback1 address and “B” must be able to access Loopback2 address. However, for some reason both companies needs to use the same network address but they refuse to expose their network to each other. • Therefore, separate VLAN is used where VLAN17 is for Company-A and VLAN18 is for Company-B. Unfortunately, there’s just one problem as message below appears on MBG001 when trying to configure the gateway interface for those VLANs:
- 9. Virtual Routing and Forwarding Virtual Routing and Forwarding (Cont.) Table 6-5 provides a set of interfaces and IP addresses that overlap between the global routing table and the VRF instance. Table 6-5 Sample Interfaces and IP Address Interface IP Address VRF Global Gigabit Ethernet 0/1 10.0.3.1/24 -- Gigabit Ethernet 0/2 10.0.4.1/24 -- Gigabit Ethernet 0/3 10.0.3.1/24 MGMT -- Gigabit Ethernet 0/4 10.0.4.1/24 MGMT -- • Example 6-20 shows how the IP addresses are assigned to the interfaces in the global routing table, along with the creation of the VRF instance named MGMT and two interfaces associated with it (refer to Table 6-5). • The IP addresses in the MGMT VRF instance overlap with the ones configured in the global table, but there is no conflict because they are in a different routing table.
- 10. Thank you!