VRF Lite


The word VRF stands for Virtual Routing and Forwarding, this feature is used to create multiple instances of the routing table on the same routing device. VRFs are usally used in conjunction with MPLS VPN to separate the traffic of multiple MPLS VPN customers. VRF Lite feature is part of Cisco's network virtualization portfolio. VRF Lite means VRF without  the need to run MPLS in the network.  VRF Lite allows the network administrator to create multiple routing instances on the same routing device within the enterprise. VRF Lite can be useful when you need to isolate traffic between two networks sharing the same routing platform or if you have multiple networks with overlapping addresses sharing the same physical network. Multiple instances of routing protocols can be used for different VRFs on the same device to exchange routes dynamically with a direct connected device.

VRF Lite Configuration:

R2 is connected via Ethernet to R5. Two VRFs (VRF-LITE-A & B) are configured to demonstrate L3 traffic isolation. I am using static routes for this example but dynamic routing protocols can be used. R2 Configuration:

ip vrf VRF-LITE-A
 rd 100:1
!
ip vrf VRF-LITE-B
 rd 100:2

!-- Assign interfaces to VRF
interface FastEthernet0/1.25
 encapsulation dot1Q 25
 ip vrf forwarding VRF-LITE-A
 ip address 25.25.25.2 255.255.255.0
!
interface FastEthernet0/1.52
 encapsulation dot1Q 52
 ip vrf forwarding VRF-LITE-B
 ip address 52.52.52.2 255.255.255.0

interface Loopback20
 ip vrf forwarding VRF-LITE-A
 ip address 20.20.20.20 255.255.255.255
!
interface Loopback22
 ip vrf forwarding VRF-LITE-B
 ip address 22.22.22.22 255.255.255.255

ip route vrf VRF-LITE-A 50.50.50.50 255.255.255.255 25.25.25.5
ip route vrf VRF-LITE-B 55.55.55.55 255.255.255.255 52.52.52.5

R5 Configuration:

ip vrf VRF-LITE-A
 rd 100:1
!
ip vrf VRF-LITE-B
 rd 100:2

interface Loopback50
 ip vrf forwarding VRF-LITE-A
 ip address 50.50.50.50 255.255.255.255
!
interface Loopback55
 ip vrf forwarding VRF-LITE-B
 ip address 55.55.55.55 255.255.255.255
!
interface FastEthernet0/1.25
 encapsulation dot1Q 25
 ip vrf forwarding VRF-LITE-A
 ip address 25.25.25.5 255.255.255.0
!
interface FastEthernet0/1.52
 encapsulation dot1Q 52
 ip vrf forwarding VRF-LITE-B
 ip address 52.52.52.5 255.255.255.0

ip route vrf VRF-LITE-A 20.20.20.20 255.255.255.255 25.25.25.2
ip route vrf VRF-LITE-B 22.22.22.22 255.255.255.255 52.52.52.2

Operation Verification: The following tests were taken from R2 only, the same can be done on R5 for verification.

R2#sh ip route vrf VRF-LITE-A

Routing Table: VRF-LITE-A
!-- output omitted----------
Gateway of last resort is not set

     50.0.0.0/32 is subnetted, 1 subnets
S       50.50.50.50 [1/0] via 25.25.25.5
     20.0.0.0/32 is subnetted, 1 subnets
C       20.20.20.20 is directly connected, Loopback20
     25.0.0.0/24 is subnetted, 1 subnets
C       25.25.25.0 is directly connected, FastEthernet0/1.25

R2#sh ip route vrf VRF-LITE-B

Routing Table: VRF-LITE-B
!--output omitted----------
Gateway of last resort is not set

     55.0.0.0/32 is subnetted, 1 subnets
S       55.55.55.55 [1/0] via 52.52.52.5
     52.0.0.0/24 is subnetted, 1 subnets
C       52.52.52.0 is directly connected, FastEthernet0/1.52
     22.0.0.0/32 is subnetted, 1 subnets
C       22.22.22.22 is directly connected, Loopback22

R2#ping 50.50.50.50

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.50.50.50, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#ping vrf VRF-LITE-A 50.50.50.50

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.50.50.50, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/143/396 ms

R2#ping 55.55.55.55               

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.55.55.55, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R2#ping vrf VRF-LITE-B 55.55.55.55

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.55.55.55, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/133/340 ms

For more information about VRF Lite configuration check Configuring VRF Lite from CISCO.

Check Also

Best AI tools list