Virtual Routing and Forwarding, (VRF-lite)
4 likes2,257 views
VRF-Lite allows a single physical router to virtualize multiple routers by creating independent virtual routing tables (VRFs). Each VRF logically isolates the routing tables and network traffic of customers or applications. The physical router uses VLAN trunking to keep traffic from different VRFs separate when sending data to other devices. Configuring VRF-Lite involves defining VRFs, assigning interfaces to VRFs, and configuring routing protocols for each VRF.
Virtual Routing and Forwarding, (VRF-lite)
- 1. (Virtual routing and forwarding) VRF-Lite www.netprotocolxpert.in
- 2. Have you ever used some sort of virtualization software (e.g. vmware) to get multiple virtualized servers running on a single physical server? It’s a great way to save resources, by eliminating the need for extra physical servers. Well, similar to how we can virtualize multiple servers on a single physical server, we can virtualize multiple routers on a single physical router.
- 3. Each of these virtual routers can have their own independent IP routing table and are logically isolated from the other virtual routers residing in the same physical router. This can offer a solution to service providers wanting to keep their customers’ network traffic (including the IP routing tables of customers’ routers) isolated from one another. Or, in a large enterprise, perhaps you have a design requirement to segregate different applications (e.g. voice, video, and data). One solution Cisco offers to make this router virtualization possible is called VRF-Lite. Some literature from Cisco defines VRF as VPN Routing/Forwarding, because it’s commonly used in VPN environments. Other literature from Cisco defines VRF as Virtual Routing and Forwarding, which is the definition I typically use. By the way, each virtualized router is referred to as a VRF. So, a single physical router could be hosting multiple VRFs.
- 4. While it’s great that a single physical router can be running multiple virtual router instances, the question arises, “How does the physical router keep traffic from the virtualized routers separate when sending data to a neighbouring switch or router?” The solution is actually quite simple, and similar to the old router-on-a-stick approach of having a router interface configured as an IEEE 802.1Q trunk interface, with a different subinterface for each VLAN, and each VLAN carries traffic for one VRF. Also, although it’s beyond the scope of this introductory blog post, please be aware that VRF-Lite can be configured to “leak” one or more routes between router instances. To demonstrate a basic VRF-Lite configuration, first consider the topology shown below. VRF-Lite is configured on the COMMON router. The Fa 0/0 interface on the COMMON router has three subinterfaces, one to carry traffic for each of the three VRFs. The VRFs are named: VOICE, DATA, and VIDEO.
- 6. Traffic from these three VRFs flows over a dot1Q trunk to switch SW1, which then sends traffic out to the appropriate destination router based on VLAN membership: VOICE VRF : VLAN 2 DATA VRF: VLAN 3 VIDEO VRF: VLAN 4
- 7. Three steps to set up a basic VRF-Lite configuration Step #1: Globally define one or more VRFs. (Create a VRFs) Below is the configuration on the COMMON router that defines our VRFs:
- 8. Step #2: Assign an interface or a subinterface to a VRF instance. (Assign VRFs to Interfaces or Subinterfaces) Below is the configuration on the COMMON router that assigns subinterfaces to VRF instances.
- 9. Step #3: Associate a routing process with each VRF. (Configure Routing for VRFs) Below is the configuration on the COMMON router that associates an OSPF routing process with each VRF.
- 10. Verifying VRF-Lite You can use the show ip vrf command to display the VRFs you created on a router.
- 11. You can use the show ip route vrf vrf-name command to show a VRF’s IP routing table
- 14. You can also use a VRF-specific ping to test connectivity with a remote IP address. For example, let’s say we’re on the COMMON router and wish to ping the Fa 0/1 interface on the VOICE router, which has an IP address of 10.1.1.1. How does the COMMON router know it needs reach that IP address over the VOICE VRF? Well, we specify the VRF name as part of the ping command.