VRF and MPLS

• VRF
  • Virtual Routing and Forwarding instance
  • Creating new instance of routing table.
  • Interfaces assigned to VRF belong to that VRF routing table.
  • Interfaces NOT in VRF belong to the global table.
• Result
  • VPN
    • Separates control plane instances.
    • Separates data plane based on routing.
      • ie. Can’t reach a destination if there is no route.
    • Addressing can overlap in different VRFs.
• VRF Routing
  • Can be through:
    • VRF Aware static routes
    • VRF Aware dynamic routing
      • Any big routing protocol
    • Policy based Routing
• Creating VRF
  • Specify locally diverse name
    • ‘ip vrf <name>’
      • ipv4
    • vrf definition <name>
      • Supports both IPv4 and v6
  • Specify Route Distinguisher:
    • rd <ASN:nn | IP-address:nn>
• Apply VRF
  • ‘ip vrf forwarding <name>’ | ‘vrf forwarding <name>’
  • Removes IP address from interface

• VRF Lite
  • Minimum configuration means ‘VRF Lite’
    • Basically VRFs without any MPLS
  • VRFs do not always mean MPLS.
  • MPLS does not always mean VRFs.
• With VRFs all commands need VRF stated.
  • ‘show ip route vrf <vrf name>’
  • ‘ping vrf <vrf name>’
  • ‘traceroute vrf <vrf name>’
  • Same with NAT, IPSEC, etc.

In the diagram below R8 to R7 will have an MPLS L3VPN setup. R8/R7 are considered the PEs and R10/R9 are CEs. The ‘P’ in this situation is everything else running MPLS.

First we need to create a VRF on R8 and R10 for the customer networks. The VRF will be called ‘A’ and we’ll specify a route target.

On R7, VRF A will be assigned to interface gig 0/0 that connects to R9. We’re creating a route target with R7’s local ASN and assignment 1 (100:1), and then sending both ways. Under BGP we’re then specifying address-family ipv4 VRF A and redoing our neighbor command so we have EBGP peering between R7 and R9.

We then need to specify the L3 VPN between R7 and R8 via the vpnv4 commands.

The ‘send-community’ command is installed by default.

If these are added appropriately on each side the iBGP peering should come up and routes between the two ‘customers’ should come up.

Notes:

• ‘Next-hop-self’ is enabled in this configuration by default. The Route to R9’s loopback, 9.9.9.9, is already showing next hop as R7 without any adjustment.

• BGP over L3 VPN commands are performed via ‘show ip bgp vpnv4 all <insert command if needed’.
• When adding interfaces to VRFs, the IP assignment gets wiped out and needs to be re-entered.