Our scenario: Router R2 is acting as the ISP for the other routers and it is using two Virtual Routing and Forwarding tables to keep both Cust1 (R1,R3) and Cust2 (R4, R5) separate from each others networks.
As you may have already noticed in the diagram above I have overlapping IP address assignments. There are 2 different logical networks but also 4 physical links! Without VRF's this IP address scheme would not work. If I pinged R1 10.1.1.2 from R3 10.1.1.6 how would the router know which 10.1.1.2 to send the packet to?
So as a networking professional you need a tool to that allows to jump over this hurdle. Enter the VRF!
VRF's at work - VRF was created as a tool for engineers to use to help separate networks from each other on the same router. This is achieved by creating a separate routing and forwarding table apart from the global routing table.
How to configure a VRF: Creating a VRF is absolutely easy stuff on a Cisco router/L3 Switch. In global configuration mode you can simply type 'ip vrf name-here' example 'ip vrf blue' like how we have setup in this lab! Once you enter that command you will be put into the VRF sub-command mode. This is where you set the VRF attributes. The only thing you need to set for basic VRF functionality is the forwarding Route Distinguisher (RD) which is in the following format ASN:ID. For instance in our lab I have set the RD for the VRF blue to 200:2, where 200 is the ASN and the 2 is the identification of the VRF. You will normally use the ASN:ID format so you can match the ASN to whatever the routing protocol's AS number is, for instance if you have BGP AS1000 you would use something like 1000:2, you can also use just the IP address and ID #, something like 10.1.1.1:2 would work as well. I will create a new tutorial showing how to use VRF's in routing protocols in another posting!!
Once the VRF is created you must place interfaces into the VRF that you want to share the new routing and forwarding table with. In the diagram above R2's F0/0 and F0/1 interfaces are placed in VRF blue and S0/0 and S0/1 are placed in VRF red. The color assignment and naming is completely arbitrary, you may choose something more logical like CustomerA and CustomerB.You also have to remember that you can only place one interface in one VRF at a time!! So if S0/0 is in red then it can not be in blue, it would defeat the purpose of the whole idea to keep the networks separate!!
So let us jump in and see how the config look on the ISP router, I have edited the config so they only show the important VRF related commands.
Look down the config at my notes so you can see what I have configured and why and how it is working.
hostname ISP
ip cef <--- Using Cisco express forwarding is recommend for improved forwarding on all the interfaces. I entered the command in the global config mode on the router.
!
ip vrf blue <--- Our first VRF with a route distinguisher of ASN 200 and ID 2
rd 200:2
!
ip vrf red <--- Our second VRF with a route distinguisher of ASN 100 and ID 1
rd 100:1
!
interface FastEthernet0/0
ip vrf forwarding blue <--- Int F0/0 was placed into VRF blue and is now using the blue routing table
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip vrf forwarding red <--- Int S0/0 was placed into VRF red and is now using the blue routing table
ip address 10.1.1.1 255.255.255.252
clock rate 2000000
!
interface FastEthernet0/1 <--- Int F0/1 was placed into VRF blue and is now using the blue routing table
ip vrf forwarding blue
ip address 10.1.1.5 255.255.255.252
duplex auto
speed auto
!
interface Serial0/1
ip vrf forwarding red <--- Int S0/1 was placed into VRF red and is now using the blue routing table
ip address 10.1.1.5 255.255.255.252
clock rate 2000000
!
end
As you can probably tell this is a simple configuration but it works!!
The only thing left to do is to configure the interfaces with IP addresses on the remaining routers in our topology and viola! VRF in action!!!
The customer end points of R1, R3, R4, R5 have no VRF configuration necessary, only basic ip addressing and perhaps a default route or routing protocol to connect the 2 networks together for each Customer!
Once you build this lab you can test it by tracing packets from one end to another between R1 and R3 or R4 and R5.
Well that wasn't hard was it?
I would suggest at this point that you noodle around with this configuration in your lab and try adding on new VRF's and customer endpoints, or if you want to get hardcore start by adding some more ISP's with more complex routing scenarios!!
I hope this article was worth while and please comment and or leave suggestions for future articles!!
Thank you for reading my blog :)
That is a nice and easy start to VRF :)
ReplyDelete