VRF - Basics

VRF - Virtual Routing and Forwarding

VRF is an technology which allows multiple instances of the routing table coexist on the same router at the same time. Presence of the overlapping networks or the same networks is possible on the router by using VRF.

In some way - this can be similar to creating virtual machines on PC (by using VMware Workstation or Player for example).

On the Diagram_1 basic scenario with using vrf instances is shown. Based on this diagram - devices were configured.

Diagram_1

In this scenario - on router R1 - two additional routing tables ("virtual routers") were created : vr_1 and vr_2 . Then interfaces from the router R1 (Fa0/1-towards R2 and Fa0/2-towards R3) were bind to the proper vrf instances (vr_1 and vr_2). Thanks to this, on the interface Fa0/1 and Fa0/2 - the same ip address (10.1.1.1) can be set.

On R2 and R3 – only ip addresses were set on the proper interfaces. Additional configuration on R2 and R3 is not needed.

Configuration and testing is based on Cisco devices (IOS). R1 is Layer 3 switch.

Configuration of  R1 :

R1#config terminal

R1(config)#ip routing (enable routing)
R1(config)#ip cef (enable cef)
R1(config)#ip vrf vr_1 (configure vrf instance vr_1)
R1(config-vrf)#exit
R1(config)#ip vrf vr_2 (configure vrf instance vr_2)
R1(config-vrf)exit
R1(config)#int fa 0/1
R1(config-if)#no switchport (convert port into L3 interface)
R1(config-if)#ip vrf forwarding vr_1 (bind interface with the proper vrf instance)
R1(config-if)#ip address 10.1.1.1 255.255.255.0 (set ip address)
R1(config-if)#exit
R1(config)#int fa 0/2
R1(config-if)#no switchport (convert port into L3 interface)
R1(config-if)#ip vrf forwarding vr_2 (bind interface with the proper vrf instance)
R1(config-if)#ip address 10.1.1.1 255.255.255.0 (set ip address)
R1(config-if)#exit

Notes :

After providing command ip vrf vr_1 – such a output might appear :
%L3TCAM-3-SIZE_CONFLICT: VRF requires enabling extended routing
(it is connected with partitioning TCAM)
Solution : command sdm prefer extended-match (reload of the device is needed after providing the command)

Binding interface with vrf instance – results with unsetting ip address from the interface (if address was set). The ip address need to be assigned once again (in standard way).

Verification

To check if proper vrf instances were created – command show ip vrf can be used .
Result of the command is shown on Screen_1. It is visible that vr_1 and vr_2 were created and which interfacess are bound to them.



Screen_1

At this moment default routing table on R1 is empty (output from show ip route command), despite of setting ip addresses on the interface Fa0/1 and Fa0/2 on the router R1. Proper commands need to be used after creating vrf's and binding interfaces to them to check routing table – show ip route vrf vrf_instance_name . In this scenario it will be :

- show ip route vrf vr_1

- show ip route vrf vr_2
In the routing table vr_1 and vr_2 – connected network 10.1.1.0 is present.

Results of the commands are shown on Screen_2.

Screen_2

To test communication from the R1 router to R2 and R3 routers – command ping can be used. Standard ping will not work (like standard show ip route does not show connected 10.1.1.0 networks in this scenario). In ping – like in show ip route – the vrf instance need to be specified. Proper commands for this scenario:
- ping vrf vr_1 10.1.1.2 (to ping R2)
- ping vrf vr_2 10.1.1.2 (to ping R3)

Results of the commands are shown on Screen_3. Standard ping command stops with 100% packet loss.

Screen_3