5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

PacketU
What'sonyourwire[s]?

VRFing101,UnderstingVRFBasics
PostedonJuly12,2012byPaulStewart,CCIE26009(Security)

WhenmostengineersthinkaboutVRF,theythinkaboutMPLS.VRF,shortforVirtualRoutingandForwarding,is
oneofthefeaturesthatenabledesignerstocreateflexibleMPLSnetworkdesigns.Howeverwearegoinggoingto
completely forget about MPLS and look at what this does to a single IOS based router. This article is very
simplifiedVRF101.
ThefirstthingthatIwanttomentionisthepronunciation.Inplural,somepeoplesimplycalltheseveeareeffs.
Otherpronouncethemasverforverfs(rhymingwithsurf).Icatchmyselfbeingconsistentlyinconsistentand
pronouncing them both ways. Unless you are my eight grade grammar teacher, what VRFs do for us is more
importantthanhowwepronouncethem.SowhatisaVRF?Howdoesitchangethebehaviorofarouter?What
doesabasicconfigurationlooklike?Thesearethetypesofquestionsthatwewillanswerinthisarticle.
SomepeoplethinkofVRFsasawaytodovirtualizationanddescribeitasVMWareforyourrouter.Eachareasof
isolation is thought of as a VMWare guest instance. I like to think VRFs as similar to VLANS, but at layer 3.
VLANsareobviouslyalayertwotopic,buttheycreatesimilarisolation.TogofromoneVLANtoanother,thereis
aneedtogothroughadevicethathasaccesstobothVLANs.VRFscreatethesametypeofisolationatlayer3.
Howeverthewaythatwejumpbetweenareasofisolationisalittledifferent.
So what are we isolating? The answer to that question is key to understanding the effect of VRF instances in a
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

1/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

router. Lets go back to some routing fundamentals. Routers cannot typically share an IP subnet on multiple
interfaces.Therearesometypesofserialconnectionsthatbreakthisrule,butthegeneralusecaseisthatanIP
subnetisaccessiblethroughnomorethanonelocallyconnectedinterface.Youcertainlycouldnothavethesame
IPaddressonmultipleinterfaces.

R1(configif)#intloop1
R1(configif)#ipaddress192.168.1.1255.255.255.0
//let'strytoputthesameaddressonloopback2
R1(configif)#intloop2
R1(configif)#ipaddress
R1(configif)#ipaddress192.168.1.1255.255.255.0
%192.168.1.0overlapswithLoopback1

What if I had a multitenant environment and really needed to configure two interfaces with 192.168.1.1. It
wouldcertainlysucktohavetobyanotherrouter.ThisiswhereVRFscomeintoplay.
VRF,whenusedinsideasinglerouter,iscalledVRFLite.EachVRFinstanceisaseparateroutetable.Theroute
tablethatweallknowandloveisshownbydoingashowiproute.Thisiscalledtheglobalroutetableanddoes
notshowanyroutesthatarespecifictoaVRF.Inaminute,wellseeaseparatecommandthatwillshowusthe
routes inside a VRF instance. By creating multiple route tables, we overcome the restrictions of multiple
overlappingaddressspaces.Wealsoprovideisolationtoeachtenantorareaofthenetwork.

KeyConceptEachVRFinstanceisaseparateroutetable.
TheChallenge
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

2/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Theimagebelowcontainsthreerouters.Bothroutersneedtobeabletoreachtheirrespectivesubinterfaceand
loopbackonR1.R2andR3donotneedtoaccessoneanother.BothR2andR3mustuse192.168.1.1asa
defaultgateway.R2andR3mustbeinseparateVLANs.

IhopeIvewrittenthechallengeinawaythatVRFsaretheonlysolution.Basedontherequirements,Ibelievewe
needtwoVRFs.Weshouldbeabletoaccomplishthisbyimplementingthediagrambelow.
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

3/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

VRFconfigurationisfairlystraightforward,soletsgoaheadandgetstarted.

//createthetwoVRFs
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

4/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1(config)#ipvrfred
R1(config)#ipvrfblue
//createeachsubinterfaceandplacethemintotheappropriateVRF
//noticethatweconfiguretheIPaddressafterconfiguringtheVRF
//otherwisetherouterwillremovetheIPaddress
R1(configsubif)#intfa0/0.10
R1(configsubif)#encapsulationdot1Q10
R1(configsubif)#ipvrfforwardingred
R1(configsubif)#ipaddress192.168.1.1255.255.255.0
R1(configsubif)#intfa0/0.20
R1(configsubif)#encapsulationdot1Q20
R1(configsubif)#ipvrfforwardingblue
R1(configsubif)#ipaddress192.168.1.1255.255.255.0
//noticethattherouteracceptedthesameIPaddressonbothinterfaces
//thisisbecausetheyareinseparateVRFinstances

NowletstestourreachabilitytoR2andR3.

//noticewenowhavetoclueR1intothefactthatwewant
//touseaVRFasopposedtotheglobalroutingtable.
//pingR2
R1#pingvrfred192.168.1.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto192.168.1.2,timeoutis2seconds:
!!!!!
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

5/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
//pingR3
R1#pingvrfblue192.168.1.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto192.168.1.2,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/1/4ms
R1#

Even though 192.168.1.1 is directly connected to Fa0/0.10 and Fa0/0.20, it does not show up with a show ip
route.Remember,showiprouteshowstheglobalroutingtable.

R1#showiproute
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
R1#

ToseetheroutesassociatedwithaVRF,wehavetoaddthevrfvrfnameparameter.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

6/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1#showiproutevrfred
RoutingTable:red
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0.10
R1#showiproutevrfblue
RoutingTable:blue
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0.20
R1#

NowletsaddourloopbackinterfacesintotheappropriateVRFs.
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

7/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1(config)#intloop10
R1(configif)$ipvrfforwardingred
R1(configif)#ipaddress10.10.10.10255.255.255.0
R1(configif)#intloop20
R1(configif)$ipvrfforwardingblue
R1(configif)#ipaddress20.20.20.20255.255.255.0
R1(configif)#exit

Finally,wecantestfromR2andR3.Inamultitenantenvironment,youmightnothaveaccesstothese.However
inthislabwedoandcanthereforusethemtoconfirmthefunctionality.
R2(shouldbeabletoreach10.10.10.10,butnot20.20.20.20)

R2(config)#doping10.10.10.10
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto10.10.10.10,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
R2(config)#doping20.20.20.20
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto20.20.20.20,timeoutis2seconds:
U.U.U
Successrateis0percent(0/5)

R3(shouldnotbeabletoreach10.10.10.10,butshouldhaveaccessto20.20.20.20)

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

8/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R3(config)#doping10.10.10.10
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto10.10.10.10,timeoutis2seconds:
U.U.U
Successrateis0percent(0/5)
R3(config)#doping20.20.20.20
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto20.20.20.20,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
R3(config)#

Whilesolvingourchallenge,thisarticlehasdemonstratedthesimplestformofVRFsonasinglerouter.VRFsare
afoundationalbuildingblockthathasgivennetworkdesignersgreatflexibilitywhendesigningMPLSnetworks.
Infuturearticles,wewillbuildonthisexampleanddemonstratemethodsforjumpingbetweenVRFsandutilizing
NATinamultitenantenvironment.

MigratingServers?
PlanDataorFullServerMigrationsWithOurNearZeroDowntimeGuide

Readersofthisarticlemayalsoenjoy:
1. VRFing102,ProvidingInternetAccessWithDynamicPAT
2. VRFing103,UsingNATVirtualInterfacesforGlobalReachability
3. TheOperationofProxyArp
4. MultipleProtocolsoverIPSec
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

9/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

5. CombiningGREandIPSecwithaFrontSideVRF
pcktu.com/MbJpGb

COPY

SpreadtheWord:

Pocket

Twitter

Facebook

LinkedIn

Google

More

AboutPaulStewart,CCIE26009(Security)
PaulisaNetworkandSecurityEngineer,TrainerandBloggerwhoenjoysunderstandinghowthingsreallywork.Withover15
yearsofexperienceinthetechnologyindustry,Paulhashelpedmanyorganizationsbuild,maintainandsecuretheirnetworks
andsystems.
ViewallpostsbyPaulStewart,CCIE26009(Security)

ThisentrywaspostedinNetwork,Technologyandtaggedmpls,network,vrf.Bookmarkthepermalink.

34ResponsestoVRFing101,UnderstingVRFBasics
RogerStewartsays:
July12,2012at11:19AM

Thislooksinteresting.
Reply

Bashirsays:
July14,2012at3:25AM

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

10/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Greatpostfornewbie..
thanks
Reply

ElvinAriassays:
July15,2012at6:31PM

Thanksforthearticle.
Elvin
Reply

AbhishekSagarsays:
November4,2012at5:51AM

whatisthepurposeofloopbackinterfaces,andhowdoestheauthormakethisclaimR2(shouldbeabletoreach
10.10.10.10,butnot20.20.20.20)??plshelp,iamabeginner.
Reply

PaulStewartsays:
November4,2012at8:42AM

Theloopbackinterfaces,inthisexample,areusedasademonstration.ThesecouldrepresentIPnetworkssomewhere
elseonthenetwork.Thepointistogivesomepointstotestagainst.ThereasonthatR2canreachonenetworkand
notanotherisbecauseoftheisolationcreatedbythevrfinstances.Thisisnotonlyaclaim,butevidencedbythe
testingperformedinthearticle.Thanksforthequestion.
Reply

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

11/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Kuleazesays:
March6,2013at4:37PM

InthenextcomingweeksIhavetosetupaVRFinstanceinoneofournewlocationsinChicago,thishashelpedlayagood
foundationforwhatisactuallyoccuringIllbereadingyourotherblogsaboutVRFshortly.Thanksfortheinfo!!
Reply

Pingback:CiscoVRF/MPBGPRouteronaStickwithNAT|TheNetworkHobo

Santoshsays:
February24,2014at6:56AM

HI,
Iamconfused,whytheauthortalksaboutVLANhere.
sayR2andR3mustbeinseparateVLANs.whythisVLANisneededhere???
Reply

Sensiesays:
December25,2014at4:53PM

Hi
theVLANsisSeparatesthetrafficonlayer2ontheswitch,otherwisetherouterswillbeabletotalktoeachotheron
layer2basedandthisexamplewillnotworkcorrectly.
VRFisveryimportantandthisisjustthebasicbutitsExcellentDescription.
Reply

Rahulsays:
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

12/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

March6,2014at7:59AM

verynicearticlethanks.
Reply

GowthamBalachandhiransays:
May16,2014at3:45AM

IfIcreateSubinterfaceinSerialshouldIchangetheencapsulationtypetoPPPfromHDLC.BecauseIwasnotabletoping
directlyconnectedInterfacebutIwasabletoseetheminroutingtable.Iusedvrfnamewhileenteringpingeverythingworks
exceptreachablility.Ievenseeremoteentriesinmyvrf.
Reply

PaulStewart,CCIE26009(Security)says:
May16,2014at4:08AM

ImnotsureIunderstandwhyyourconfigurationisntworking.Thetypicalplacetouseserialsubinterfacesiswhenframe
relayisused.However,thatissortofanunderlyingtechnologythatcouldimpacttheresultsbutnotchangetheconcepts
beingdemonstratedhere.
Reply

GowthamBalachandhiransays:
May16,2014at5:37AM

ThisishowmytopologywillapearonevrfperonesubinterfacetwocustomersareusingthesameCEwithonesubinterface
percustomervrf.ICustomersnetworkinmyvrfroutingtablebutforsomeunusualreasonIamnotabletopingthem
Reply
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

13/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

PaulStewart,CCIE26009(Security)says:
May16,2014at1:36PM

Iwouldexpectyoushouldbeabletosendtraffictoanythinginthevrfyouseeintheroutingtable.Obviously,you
needtotellthepingcommandtousethevrf.IwonderifthetrafficisbeingblockedbyanACL(thatispossiblynot
underyourcontrol)?
Reply

vadanmehtasays:
June26,2014at3:07PM

HIpaul.
Thankyouverymuchforthisinformation.
Ihaveonebasicquestion:
DoesOneVRFpointstoonePublicIPaddress!!andMultiVRFcapabilitymeansOnePublicIPaddresssharedbymanyVRF
instances??
regds
Vadan
Reply

PaulStewart,CCIE26009(Security)says:
June26,2014at6:18PM

Ivenottriedthat,butIthinkIshould.MyinitialreactionisthatitprobablywouldntworkwithasingleIPaddress.
AnexampleofNATNVIisattheurlbelow.However,itisusingapoolpervrf.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

14/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

http://www.packetu.com/2012/07/26/vrfing103usingnatvirtualinterfacesforglobalreachability/
Reply

madim2013says:
August5,2014at6:09PM

HelloPaul,
FantascipostandiseeyournamealsoontheCiscocommunity.
Iwaswonderingifyoucouldassitmeestablishingthis.Ihavenorealhardwaretotestthisunfortunatley.
Hopethebelowisclear::)
(icannotpostadiagramsohopethisissufficent:)
HostA>||
|ALAYER2
ACcESSsW|trunkpassingVLANA+VLANBtoDISTSWTICH
HostB>||
theDISTSWitchwillhaveaVRFforVLANAonly
HostAshouldnotpingHostB
HostAshouldpingthedefaultgateway,Alayer3SVIplacedinaVRFofthelaye3swtich
HostAhasadedicatedvlanAintheaccessswtichandlayer3distswtichVlandatabase

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

15/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

HostBshouldnotpingHostA
HostBshouldpingthedefaultgateway,Alayer3SVInotinanyVRFofthelaye3swtich
HostBhasadedicatedvlanBintheaccessswtichandlayer3distswtichVlandatabase
Basically,HostBispartofthecorporatenetworkandrequirestoaccessfarmorenetworkthenHostAneedtodo.(Thinkof
hostAbeinga3rdPartyorGuestLAN)
Iwaswonderingifthetrunkbetweenlayer2accessswtichandthedistpopsofthevlan.tagofVLANA(theVRFone)and
placeitintotheVRFA
whichispartoftheSVIforVLANA?
Manythanksinadvance
BestWishes
Markus
Reply

madim2013says:
August5,2014at6:11PM

Sorrytheabove(attemtped)diagramdidnotcomeoutthatwell,
Basically,hostAandhostBareattachedtothesamelayer2accessswitch
eachaccesportisconfiguredwiththebasicswtichportmode/accessvlanetc
manythanksagain
Bestwishes
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

16/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

markus
Reply

PaulStewart,CCIE26009(Security)says:
August5,2014at9:03PM

Thevrfwouldbealayer3concept.Eachlayer3SVIcanexistinavrforglobally.EachSVIwouldalsobeassociated
withaVLAN.Thevlanswouldbehandlednormallyasperthetrunkconfiguration(nativeuntaggedandallother
tagged).Soyourscenario,properlyconfigured,cangiveisolationbetweenhostAandhostBeventhoughtheyare
connectedtotheaccessswitch.
Reply

NyanLinSoesays:
November24,2014at5:37AM

GreatPost.Thanksalot.
Reply

ClaytonMeyersays:
November24,2014at12:51PM

Thisisagreat,verysimpleexplanation.Thanks!
Reply

ShaneTaylorsays:
January28,2015at11:06AM

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

17/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Greatbasic101explanationPaul.Itrippedmyselfupwhenpingingtheloopbacks.IforgotthatR2/R3donotknowaboutthe
10or20subnetssoIeitherhadtojustaddastaticrouteonbothorrunaroutingprotocol.
Reply

SushimG.says:
March14,2015at10:47AM

HeyPaul,
Veryhelpful,niceandprecisepost
Itmadebasicunderstandveryclear.
Unlessbasicisclearmovingfurtheristrouble.
Youmadeitverywell,thanksagain.
BestRegards
Sushim
Reply

J.DavidFIGsays:
March23,2015at4:46PM

ExcellentintrotoVRFsandmoreimportantwhyweusethem!!
Reply

Pingback:VRFVirtualRoutingandForwarding|

SushantaMishrasays:
May15,2015at6:48AM
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

18/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

ThisisindeedanexcellentposttounderstandVRF.Ihaveadoubt,whyMPLSissupportedinthelocalvrfonly?
Reply

khansays:
August24,2015at5:30AM

Greateplanation
Reply

Bernardsays:
September2,2015at2:59AM

HiPaul,
Greatexplanation
Ihaveasmallquestion,attheendyouarepingingfromR3>R1sloopback20.
howthepingisworking?(isthereanystaticrouteonR3for20.20.20.20vianexthop192.168.1.1?)
OrbecausetheyareinthesameVRFinstancetheyseeeachothers?
Regards,
Reply

PaulStewart,CCIE26009(Security)says:
September2,2015at2:10PM

ThatisagoodobservationtherewouldbeaneedforaroutonR3toreachtheLoopbackonR1.Thiscouldbestatic
ordynamic.Astaticroutewouldlooklike

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

19/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

iproutex.x.x.xy.y.y.yvrf
Sorryfortheconfusion.
Reply

Devnarayansays:
October1,2015at7:08AM

HiPaul,
pleasehelp,Ihave2nosofCisco3560Xswitchwith2differentISPconnectedonit.Suggesthowtoconfigurevrfhereto
maketheautofailoverbetween2ISP.ThementionedswitchesareconnectedbelowtoCheckpoint.Boththeswitchesare
upgradedwithIPservicelicenseaswelltheswitchesareupdatedwithIOSc3560euniversalk9mz.1502.SE8.bin
Reply

Devnarayansays:
October5,2015at12:57AM

HiPaul,ifpossiblecanyoupleasehelpmeinthiscase
Reply

PaulStewart,CCIE26009(Security)says:
October5,2015at7:39AM

Imnotsureifyourscenariorequiresvrf.VRFswillcreatetwoareasofisolation.Itseemstomethatthere
needstobesomeplanningaroundIPaddressing(doyouhaveyourownaddressspaceandASN),NAT
(wheredoesthatterminate),Checkpointcapabilities(aretheyA/Sorclustered,dotheycommunicatestate,
canIGPsand/orBGPterminateontheFWorgothroughit),whatispositionedupstreamandwhathadthe
memorytotakeBGPtableifrequired?Thereisalotinthisquestion,butVRFwouldnttypicallybea
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

20/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

requirement.

Kevynjrsays:
October3,2015at12:46PM

Morestuffvrfplease
Reply

PaulStewart,CCIE26009(Security)says:
October4,2015at10:28AM

Mycurrentchallengeislackoftime.IreallywishIhadtimetopostweeklyormore.Idliketodosomemorestuffon
FirePOWER,AMP,ISEandVRFs(andhowtheyworkwithNexusVDCsandASAcontexts).AsIfindtime,Illtryto
postsomemoreofwhatyouarerequesting.
Reply

PacketU
ProudlypoweredbyWordPress.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

21/21