An overview of Virtual Routing and Forwarding (VRF), management services and some other details.
Several technologies exist to allow multiple scopes, or routing instances, within a single router. For example, some hardware-based routers can be divided into independent virtual routers in which each instance operates as a complete router that uses some of the physical interfaces of the router.
Virtual Routing and Forwarding (VRF) is a technology that controls information flow within a network by partitioning the network and separating Layer 3 traffic into different logical VRF domains. For each VRF domain, the router maintains a separate routing table and Layer 3 forwarding tables and can run separate instances of routing protocols. The separation creates isolated Layer 3 forwarding and routing instances that can support overlapping address spaces without contention. The isolation applies only to Layer 3 routing and forwarding. Layer 2 forwarding is unaffected, and from a device management perspective, the router continues to be a single entity.
To forward traffic, the router selects a VRF routing instance that is based on the input interface (and possibly on policy configuration). Because the interface and Layer 2 information are not strictly partitioned, it is possible to use technologies such as MPLS VPN to multiplex route signaling and traffic for multiple routing instances over the same physical connections or Layer 3 interfaces.
VRF-lite refers to VRF without technologies like MPLS VPN. With VRF-lite, Layer 3 traffic is isolated into separate routing instances. However, connecting routing instances across multiple routers requires a separate physical link for each instance, or the use of Layer 2 trunking technologies, such as VLANs (802.1q), to create separate Layer 2 links over the same physical link.
Basic VRF-lite configuration shows a basic VRF-lite configuration with routing instances that are labeled RED and GREEN. The RED and GREEN traffic is completely separated over different interfaces, with no common processing or signaling within the vRouters. The vRouters are aware of both routing instances, but each interface carries traffic for only one routing instance.
The following guidelines apply to VRF-lite deployments:
- The VRF-capable routers must be reachable at Layer 3, deploying BGP, OSPF, RIP, or static routes.
- Each routing instance maintains unique routing and forwarding tables.
- One or more Layer 3 interfaces on a router can be assigned to be part of a routing instance.
- Each routing instance can be configured with an IPv4 address family, an IPv6 address family, or both. The routing instance for a received packet is determined based on the VRF index of the interface on which the packet is received.
- Separate routing protocol instances are required for each routing instance.
- Overlapping address spaces can be configured on different routing instances. A VRF-lite instance can be configured on any interface that is configured for Layer 3. For example, a bridge interface that is associated with a bridge group can have a routing instance because the bridge group is a Layer 3 interface. However, you cannot use VRF-lite with data plane interfaces that are configured as part of a bridge group because they forward traffic only at the Layer 2 level.