Introduction to VRF Lite

VRF LITE

VRF (Virtual Routing and Forwarding ) was initially a MPLS technology  which allows router to have multiple routing tables of the customer routers (CE) within one physical router (PE). Each of virtual routing table is independent of each other as if they are in the separated network. Therefore, the VRF technology allows router to route packet from different customers with the same IP address range with the use of Route Distinguisher.

VRF lite is a simpler version of VRF that can be used to separate the network in the enterprise network for security purposes such as a guest network. It only support 802.1Q trunk encapsulation. Below is the graphical view of how VRF looks like.

In the figure, we have 2 customers: Red and Blue. We want to keep 2 routing table virtually separated in the same physical router. Let's take a look at the configuration.

• Assign RED RD and Blue RD as 1:1 and 2:2  respectively.
• For RED we will use OSPF routing protocol to transmit routing information between R1 and R2
• For Blue, we will use EIGRP routing protocol between R1 and R2
• The red and blue networks will be configured to the loopback interface 1 and 2 respectively.

R1 configuration.


ip cef
!
ip vrf Blue
 rd 2:2
!
ip vrf Red
 rd 1:1
!
interface Loopback0
 ip vrf forwarding Red
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
 ip vrf forwarding Blue
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding Red
 ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding Blue
 ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1 vrf Red
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf Blue
 router-id 11.11.11.11
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
 network 0.0.0.0 255.255.255.255 area 0
!

Here is the configuration for R2

ip cef
<omitted>

ip vrf Blue
 rd 2:2
ip vrf Red
 rd 1:1

interface Loopback0
 ip vrf forwarding Red
 ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
 ip vrf forwarding Blue
 ip address 172.16.2.1 255.255.255.0
!
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding Red
 ip address 10.1.1.2 255.255.255.252
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding Blue
 ip address 10.1.1.2 255.255.255.252
!
router ospf 1 vrf Red
 router-id 2.2.2.2
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
router ospf 2 vrf Blue
 router-id 22.22.22.22
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!

Verify VRF operation.


Since vrf routing table is different from the regular routing table and it is also different from each of the vrf network. Therefore, when showing the vrf routing table, the vrf keyword is required. Example below shows when "show ip route" command was put in, it will have nothing on the result. However, when "show ip route vrf Red", the routing information of vrf Red shows up.

R2 vrf Red routing table

Also, when doing a ping test, the normal ping will not wok. The vrf keyword is needed to be able to ping the destination. Below is the example of the ping command.

Manipulate Spanning tree protocol

In order to control and understand spanning tree protocol behavior, we need to understand how each parameter influence the root bridge selection. The important parameter in BPDU  that is used for the root bridge election is a Bridge ID.


Switches send out the BPDU message to all of the switches in the layer 2 network in order to elect the root in spanning tree. BPDU message contains 8 bytes long Bridge ID which is a combination of the bridge priority and MAC address. The lower bridge ID is more preferred to become the root bridge. Once the root bridge is elected, the rest of the switches calculate cost to reach root bridge and assign the spanning tree state accordingly.


Interface bandwidth and the port priority have come in to play at this point. Interface bandwidth determines cost of each interface. The least cost to the root is preferred. In case the cost is tied, port priority will be used. The example below illustrate the concept of the spanning tree protocol.

Configuration task


Configure SW1 to be a root bridge

• Initially, 3 switches bridge priority are the same. It depends on the MAC address of each switch. The switch which has the lowest Bridge ID will be a root bridge. Since we want to make sure that the SW1 is a root bridge. Therefore, we set the bridge priority for VLAN 1 of SW1 to be 100 as opposed to default value.
• SW1(config)#spanning-tree vlan 1 priority 100

Configure interface e1/0 of SW3 to a spanning tree blocking port and e1/1 as a forwarding port

• Initailly, SW3 e1/0 and SW2 e1/0 are the forwarding port since they have the least cost to root. Each of the interface has cost 19 since they have 100 Mbps bandwidth (as default). We will need to adjust the SW3 e1/0 cost to force the LAN traffic going through e1/1. In this example, we configured it to have cost 300. As a result, SW3 will then choose the path to root through e1/1 because it has less cost (19 + 19) than going via e1/0 (300).
• SW3(config)# interface e1/0
• SW3(config-if)#spanning-tree cost 300

Related Link.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml

Network-Helper Start date

Eventually, the Network Helper blog has successfully created. I will try to put some useful information to help solve networking problem especially, in the implementation part. Again, welcome to Network 101