Cisco Virtual Routing and Forwarding Meaning and Configuration Examples
We will be explaining Cisco virtual routing and forwarding (VRF ). Continue reading below to get the full details about the technology.
Users can set up numerous routing table instances to coexist simultaneously within the same router using Cisco Virtual Routing and Forwarding. Due to the independence of the many routing instances and their ability to choose alternative outgoing interfaces, overlapping IP addresses can be used without causing conflicts.
Cisco Virtual Routing and Forwarding allows a router to run more that one routing table simultaneously.
When running multiple routing tables concurrently, they operate independently of one another. For instance, many VRFs on the same router may contain overlapping IP addresses, and they would all work harmoniously and independently.
The same VRF instance can be used on many routers, and each instance can be connected independently using a sub-interface or a dedicated VRF router port.
VRFs are available for use on the ISP side. One VRF per customer VPN is often administered by Provider Edge (PE) routers, allowing one router to serve as a PE router for several Customer Edge (CE) routers even though more customers are sharing the same subnets over the VPN. These subnets will never mix together thanks to the use of VRF for every customer.
Every VRF generates its own RIB and FIB, also known as a separate Routing table and CEF table.
Simply enter the following command into a Cisco router that supports VRFs to create a VRF:
ip vrf MYTESTVRF
Route distinguisher is required for VRF to function after creation. Route differentiators are discussed a little later. The route distinguisher (RD) settings for this VRF, MYTESTVRF, are as follows:
VRF must have some interfaces in order to be built and configured with RD. These interfaces must be devoted to this VRF in order for traffic to enter it. This is how a router interface (or, more likely, a subinterface) will be assigned to a VRF:
int gi1/0/1 ip vrf forwarding MYTESTVRF
On an L3 switch, which doubles as a smart router, we must add a VLAN interface to the VRF before all of the VLAN’s members will be included in that particular VRF:
“int VLAN 20 ip
int VLAN 20 ip vrf forwarding MYTESTVRF
You need to take into note that inclusion of interface to VRF would erase any existing IP addresses defined on the interface. This is done in order to prevent address duplication in the new routing table in the event that an irresponsible engineer enters an interface with an IP address into a VRF that already has an interface with that IP.
When setup, the VRF table is used to route and forward traffic that is received on an interface that is a member of the VRF.
The finest illustration of a VRF-like concept is VLAN trunking between two switches. Only when a packet with a VLAN tag reaches the other switch’s side of a trunk link between two switches can it enter the same VLAN. There are no trunk ports but only L3 sub-interfaces with VRFs, and the same is done on L3 rather than L2 for VLANs (or physical interfaces). Routes from the routing table of a particular VRF will be used to forward packets that enter that VRF.
The example continues. Similar to how VLANs can stretch over several switches using a trunk port, VRFs can do the same using different interconnections or sub-interfaces of two router connections.
The connections are typically Ethernet VLAN interfaces with dot1q encapsulation on L3 sub-interfaces. The most popular Layer 2 virtualization method nowadays.
ip vrf MYTESTVRF rd 111:1 interface Gi 1/0/1 description Global Routing Table Interconnect ip address 10.10.10.1 255.255.255.252 interface Gi 1/0/2 description VRF MYTESTVRF Interconnect ip vrf forwarding MYTESTVRF ip address 10.10.10.1 255.255.255.252
ip vrf MYTESTVRF rd 111:1 interface Gi 1/0/1 description Global Routing Table Interconnect ip address 10.10.10.2 255.255.255.252 interface Gi 1/0/2 description VRF MYTESTVRF Interconnect ip vrf forwarding MYTESTVRF ip address 10.10.10.2 255.255.255.252
Second Example (Dotiq Tagged Subinterfaces):
ip vrf MYTESTVRF rd 111:1 interface Gi 1/0/1.10 description Global Routing Table Interconnect encapsulation dot1q 10 ip address 10.10.10.1 255.255.255.252 interface Gi 1/0/1.20 description VRF MYTESTVRF Interconnect encapsulation dot1q 20 ip vrf forwarding MYTESTVRF ip address 10.10.10.1 255.255.255.252
ip vrf MYTESTVRF rd 111:1 interface Gi 1/0/1.10 description Global Routing Table Interconnect encapsulation dot1q 10 ip address 10.10.10.2 255.255.255.252 interface Gi 1/0/1.20 description VRF MYTESTVRF Interconnect encapsulation dot1q 20 ip vrf forwarding MYTESTVRF ip address 10.10.10.2 255.255.255.252
ICMP Test Example
Pinging from Gi 1/0/1 to Gi 1/0/1 on other side within Global Routing Table is straight forward ping:
If you want to ping the same (but other) ip address. The one that is inside VRF MYTESTVRF you neet to initiate the ping within that VRF on R1:
ping vrf MYTESTVRF 10.10.10.2
The example above illustrates both options, albeit the subinterface example is more frequently used in practice. We are setting interfaces of connectivity with VRF mapping setup in order to expand VRF MYTESTVRF to another router (R2) (ip vrf forwarding inside interface configuration). Each interconnection will then route the traffic to the mapped VRF in this manner.
To learn more about Cisco VRF configuration, Read Here.