Enhance your Career in Networking With IPinBits!!!​

MPLS : VRF and VRF-LITE (LAN/Customer Network)

Lets discuss about VRF and VRF-LITE what is the difference how do we configure and check.

Virtual Routing and Forwarding

  • As we all know, Routers refer the Global routing table to make Forwarding Decisions. But with invent of MPLS and its application, what we needed was to separate the customer routes from each other and also from the ISP internal routes.
  • For this purpose, VRF was used, VRF is nothing but virtual routing and forwarding which creates a separate Virtual Router itself inside the Main physical routers with all routing functionality like separate interfaces, separate routing tables, routing protocols….
  • Depending upon the router’s capabilities like if it has lots of CPU, Memory, interfaces, Like Provider Edge Routers, we can create multiple separate virtual instances of the routers inside single Physical Router itself.
  • We will take the same lab topology for better understanding of VRF.
Just Snip from the main topology to understand VRF

Here we have VRF configured on R1-PE1 and R2-PE2. Lets concentrate on VRF configured on R1-PE1.

  • R-1PE1, has been configured with two separate VRF’s for two separate customers.
  • As soon we create VRF’s with MPLS in PE devices, Router will create virtual instances like switches creates separate VLANs.
  • We need to assign interfaces inside each and every VRF and then give IP address, also we need to have separate routing protocols between PE-CE which will be stored in separate routing tables.
  • We will verify that from the lab topology.
Lets check configuration for both the above VRF from diagram:

You can ignore the RD and RT configuration part as of now, we will have separate article on it inside MPLS L3 VPN terminology.

RD: Route  Distinguisher, RT : Route target just for reference.

VRF 1 : CustomerA-Site1

!
!
ip vrf Customer-A-Site1
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!

!
interface GigabitEthernet0/1
 ip vrf forwarding Customer-A-Site1
 ip address 10.0.0.1 255.255.255.0

!



VRF 1 : CustomerA-Site1

ip vrf Customer-B-Site1
 rd 1:2
 route-target export 1:2
 route-target import 1:2

interface GigabitEthernet0/2
 ip vrf forwarding Customer-B-Site1
 ip address 10.0.0.1 255.255.255.0

Lets verify how the VRF works, how to check the basic ping and trace for VRF, how to view the VRF routing table

Lets check all the routing table configured on R1-PE1, we should see 3 separate tables, one Global RT, one for VRF Customer-A-Site1 and one for VRF Customer-B-Site1:

As you can see below, show ip route vrf * , gives output of all the routing tables configured on router i.e. global RT and all VRF's. We can see all 3 Routing tables.

We have used BGP as PE-CE protocol for customer-siteA-1 in this topology.


R-1-PE1#show ip route vrf *  
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/3] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/4] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/5] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, GigabitEthernet0/0
L        192.168.0.1/32 is directly connected, GigabitEthernet0/0
O     192.168.1.0/24 [110/2] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
O     192.168.2.0/24 [110/3] via 192.168.0.2, 01:26:16, GigabitEthernet0/0
O     192.168.3.0/24 [110/4] via 192.168.0.2, 01:26:16, GigabitEthernet0/0

Routing Table: Customer-A-Site1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/24 is directly connected, GigabitEthernet0/1
L        10.0.0.1/32 is directly connected, GigabitEthernet0/1
      11.0.0.0/24 is subnetted, 1 subnets
B        11.11.11.0 [20/0] via 10.0.0.2, 02:03:25
      21.0.0.0/24 is subnetted, 1 subnets
B        21.21.21.0 [200/0] via 5.5.5.5, 01:26:10
      100.0.0.0/24 is subnetted, 1 subnets
B        100.100.100.0 [20/0] via 10.0.0.2, 02:03:25
B     200.200.200.0/24 [200/0] via 5.5.5.5, 01:26:10

Routing Table: Customer-B-Site1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/24 is directly connected, GigabitEthernet0/2
L        10.0.0.1/32 is directly connected, GigabitEthernet0/2
R-1-PE1#

To quickly check the interfaces and its VRF:

R-1-PE1#show ip vrf interfaces 
Interface              IP-Address      VRF                              Protocol
Gi0/1                  10.0.0.1        Customer-A-Site1                 up      
Gi0/2                  10.0.0.1        Customer-B-Site1                 up      
R-1-PE1#

Last thing is to verify the ping/trace for VRF since its separate from global routing instance, we need to mention the routing instance on PE device to verify the connectivity:

As you can see the normal ping and trace wont work to reach the customer sites from provider edge:

We have to specify the VRF's to which the customer is connected inside the PE device.(R1-PE1)

PING:

R-1-PE1#ping 10.0.0.2                     
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R-1-PE1#ping vrf Customer-A-Site1 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms

TRACE:

R-1-PE1#traceroute 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
  1  *  *  * 
  2  * 
R-1-PE1#
R-1-PE1#trac
R-1-PE1#traceroute vrf Customer-A-Site1 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.2 5 msec 3 msec 2 msec
R-1-PE1#

So this is all about VRF in MPLS domain, then what is VRF LITE.

VRF LITE:

  • It’s nothing but the same above VRF, but on the non MPLS router, or on the customer end router which is not participating in MPLS.
  • VRF-LITE are generally used when the customer wants to separate the traffic types on his device.
  • Like mostly they want to separate the voice, video, data traffic, so 3 separate VRF’s are created for the same purpose.
  • VRF lite is simple: each routed interface (whether physical or virtual) belongs to exactly one VRF.
  • Unless import/export maps (we will see this in another article it’s about RT) have been applied, routes (and therefore packets) cannot move from one VRF to another, much like the way VLANs work at layer two. Packets entering a particular VRF can only follow routes in that VRF’s routing table.

That’s all about VRF and VRF-LITE, hope you liked it, stay tuned for more !!!!

Related blog posts