MPLS Scenario: Introduction to VRF Lite
Today I am going to talk about the concept of VRF lite. Many of you knew about the concept of VRF lite and where it is used in the real scenario.
What is VRF lite ?
A VRF is a Virtual Routing and Fowarding table. In lamens terms it’s a way to make multiple routing tables that are completely separate from each other. Consider them as VLANs that operate at layer 3. There are two types of VRF: simply, a VRF, or VRF lite. The latter of the two being a VRF without MPLS. For now I’ll look at just VRF-lite.
VRF lite Topology and LAB
Let's talk about the topology, there is a requirement that OSPF needs to be used between customer sites, however, for security reasons, New York should not be accessible to any users at New Delhi or Toronto. However, New Delhi & Toronto should be able to communicate between sites and share routes using OSPF. The way we are going to do this is by using VRF-lite.
 |
Fig 1.1- VRF Lite Concept
|
Let's Configure all the branch offices with the loopback addresses and the also configure OSPF on all the branch offices one by one.
Configuration at New Delhi
!
interface Loopback0
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.0.0.6 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
Configuration at New York
!
interface Loopback0
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
Configuration at Toronto
!
interface Loopback0
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.10 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
Now we can go to PE1 router and will create two VRF’s & assign them to the relevant interface. One VRF is for Toronto & New Delhi (SharedSites), and one VRF just for New York.
PE1(config)#ip vrf New York
PE1(config)#ip vrf SharedSites
PE1#
interface Loopback99
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding New York
ip address 10.0.0.1 255.255.255.252
!
interface FastEthernet0/1
ip vrf forwarding SharedSites
ip address 10.0.0.5 255.255.255.252
!
interface FastEthernet1/0
no switchport
ip vrf forwarding SharedSites
ip address 10.0.0.9 255.255.255.252
!
Note that if you try and apply the command #ip vrf forwarding [vrf name] on the interface when it already has an IP address, it just swipes the config off.
So it’s better to apply the interface to the vrf, and then put the ip address on it. The final stage is to apply the OSPF configuration. Notice you will need a separate ospf process for each vrf.
!
router ospf 1 vrf New York
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 3 vrf SharedSites
network 0.0.0.0 255.255.255.255 area 0
!
And now to verify ospf is sharing routes between New Delhi and Toronto.
And now to verify ospf is sharing routes between New Delhi and Toronto.
New DelhiCE# sh ip route | b Gate
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
10.0.0.8 [110/2] via 10.0.0.5, 00:07:41, FastEthernet0/1
10.0.0.4 is directly connected, FastEthernet0/1
192.168.10.0/24 is directly connected, Loopback0
192.168.30.0/32 is subnetted, 1 subnets
192.168.30.1 [110/3] via 10.0.0.5, 00:07:41, FastEthernet0/1
New Delhi#ping 192.168.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/48 ms
Good. A quick peek at New York’s routing table verifies that we do not get any of the routes to either office
New YorkCE# sh ip route | b Gate
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
C 192.168.20.0/24 is directly connected, Loopback0
