VRF (Virtual Routing and Forwarding ) was initially a MPLS technology which allows router to have multiple routing tables of the customer routers (CE) within one physical router (PE). Each of virtual routing table is independent of each other as if they are in the separated network. Therefore, the VRF technology allows router to route packet from different customers with the same IP address range with the use of Route Distinguisher.
VRF lite is a simpler version of VRF that can be used to separate the network in the enterprise network for security purposes such as a guest network. It only support 802.1Q trunk encapsulation. Below is the graphical view of how VRF looks like.
In the figure, we have 2 customers: Red and Blue. We want to keep 2 routing table virtually separated in the same physical router. Let's take a look at the configuration.
- Assign RED RD and Blue RD as 1:1 and 2:2 respectively.
- For RED we will use OSPF routing protocol to transmit routing information between R1 and R2
- For Blue, we will use EIGRP routing protocol between R1 and R2
- The red and blue networks will be configured to the loopback interface 1 and 2 respectively.
R1 configuration.
ip cef
!
ip vrf Blue
rd 2:2
!
ip vrf Red
rd 1:1
!
interface Loopback0
ip vrf forwarding Red
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Blue
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding Red
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding Blue
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1 vrf Red
router-id 1.1.1.1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf Blue
router-id 11.11.11.11
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 0.0.0.0 255.255.255.255 area 0
!
ip cef
!
ip vrf Blue
rd 2:2
!
ip vrf Red
rd 1:1
!
interface Loopback0
ip vrf forwarding Red
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Blue
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding Red
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding Blue
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1 vrf Red
router-id 1.1.1.1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 2 vrf Blue
router-id 11.11.11.11
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 0.0.0.0 255.255.255.255 area 0
!
Here is the configuration for R2
ip cef
<omitted>
ip vrf Blue
rd 2:2
ip vrf Red
rd 1:1
interface Loopback0
ip vrf forwarding Red
ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Blue
ip address 172.16.2.1 255.255.255.0
!
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding Red
ip address 10.1.1.2 255.255.255.252
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding Blue
ip address 10.1.1.2 255.255.255.252
!
router ospf 1 vrf Red
router-id 2.2.2.2
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 2 vrf Blue
router-id 22.22.22.22
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
<omitted>
ip vrf Blue
rd 2:2
ip vrf Red
rd 1:1
interface Loopback0
ip vrf forwarding Red
ip address 172.16.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Blue
ip address 172.16.2.1 255.255.255.0
!
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding Red
ip address 10.1.1.2 255.255.255.252
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding Blue
ip address 10.1.1.2 255.255.255.252
!
router ospf 1 vrf Red
router-id 2.2.2.2
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 2 vrf Blue
router-id 22.22.22.22
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
Verify VRF operation.
Since vrf routing table is different from the regular routing table and it is also different from each of the vrf network. Therefore, when showing the vrf routing table, the vrf keyword is required. Example below shows when "show ip route" command was put in, it will have nothing on the result. However, when "show ip route vrf Red", the routing information of vrf Red shows up.
Since vrf routing table is different from the regular routing table and it is also different from each of the vrf network. Therefore, when showing the vrf routing table, the vrf keyword is required. Example below shows when "show ip route" command was put in, it will have nothing on the result. However, when "show ip route vrf Red", the routing information of vrf Red shows up.
R2 vrf Red routing table
Also, when doing a ping test, the normal ping will not wok. The vrf keyword is needed to be able to ping the destination. Below is the example of the ping command.
No comments:
Post a Comment