Scribd
Upload
346 views21 pages

VRFing 101, Understing VRF Basics - PacketU PDF

- Virtual Routing and Forwarding (VRF) allows routers to maintain multiple isolated routing tables. Each VRF instance acts as a separate routing domain. - The document discusses configuring two VRF instances ("red" and "blue") on a router to provide isolation between two tenants accessing the same default gateway IP. Subinterfaces are assigned to each VRF and loopback interfaces are also added. - Connectivity testing shows that each tenant can only access resources in its own VRF domain, demonstrating the isolation provided by VRF.

Uploaded by

TedCasas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
346 views21 pages

VRFing 101, Understing VRF Basics - PacketU PDF

- Virtual Routing and Forwarding (VRF) allows routers to maintain multiple isolated routing tables. Each VRF instance acts as a separate routing domain. - The document discusses configuring two VRF instances ("red" and "blue") on a router to provide isolation between two tenants accessing the same default gateway IP. Subinterfaces are assigned to each VRF and loopback interfaces are also added. - Connectivity testing shows that each tenant can only access resources in its own VRF domain, demonstrating the isolation provided by VRF.

Uploaded by

TedCasas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

PacketU
What'sonyourwire[s]?

VRFing101,UnderstingVRFBasics
PostedonJuly12,2012byPaulStewart,CCIE26009(Security)

WhenmostengineersthinkaboutVRF,theythinkaboutMPLS.VRF,shortforVirtualRoutingandForwarding,is
oneofthefeaturesthatenabledesignerstocreateflexibleMPLSnetworkdesigns.Howeverwearegoinggoingto
completely forget about MPLS and look at what this does to a single IOS based router. This article is very
simplifiedVRF101.
ThefirstthingthatIwanttomentionisthepronunciation.Inplural,somepeoplesimplycalltheseveeareeffs.
Otherpronouncethemasverforverfs(rhymingwithsurf).Icatchmyselfbeingconsistentlyinconsistentand
pronouncing them both ways. Unless you are my eight grade grammar teacher, what VRFs do for us is more
importantthanhowwepronouncethem.SowhatisaVRF?Howdoesitchangethebehaviorofarouter?What
doesabasicconfigurationlooklike?Thesearethetypesofquestionsthatwewillanswerinthisarticle.
SomepeoplethinkofVRFsasawaytodovirtualizationanddescribeitasVMWareforyourrouter.Eachareasof
isolation is thought of as a VMWare guest instance. I like to think VRFs as similar to VLANS, but at layer 3.
VLANsareobviouslyalayertwotopic,buttheycreatesimilarisolation.TogofromoneVLANtoanother,thereis
aneedtogothroughadevicethathasaccesstobothVLANs.VRFscreatethesametypeofisolationatlayer3.
Howeverthewaythatwejumpbetweenareasofisolationisalittledifferent.
So what are we isolating? The answer to that question is key to understanding the effect of VRF instances in a
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

1/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

router. Lets go back to some routing fundamentals. Routers cannot typically share an IP subnet on multiple
interfaces.Therearesometypesofserialconnectionsthatbreakthisrule,butthegeneralusecaseisthatanIP
subnetisaccessiblethroughnomorethanonelocallyconnectedinterface.Youcertainlycouldnothavethesame
IPaddressonmultipleinterfaces.

R1(configif)#intloop1
R1(configif)#ipaddress192.168.1.1255.255.255.0
//let'strytoputthesameaddressonloopback2
R1(configif)#intloop2
R1(configif)#ipaddress
R1(configif)#ipaddress192.168.1.1255.255.255.0
%192.168.1.0overlapswithLoopback1

What if I had a multitenant environment and really needed to configure two interfaces with 192.168.1.1. It
wouldcertainlysucktohavetobyanotherrouter.ThisiswhereVRFscomeintoplay.
VRF,whenusedinsideasinglerouter,iscalledVRFLite.EachVRFinstanceisaseparateroutetable.Theroute
tablethatweallknowandloveisshownbydoingashowiproute.Thisiscalledtheglobalroutetableanddoes
notshowanyroutesthatarespecifictoaVRF.Inaminute,wellseeaseparatecommandthatwillshowusthe
routes inside a VRF instance. By creating multiple route tables, we overcome the restrictions of multiple
overlappingaddressspaces.Wealsoprovideisolationtoeachtenantorareaofthenetwork.

KeyConceptEachVRFinstanceisaseparateroutetable.
TheChallenge
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

2/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Theimagebelowcontainsthreerouters.Bothroutersneedtobeabletoreachtheirrespectivesubinterfaceand
loopbackonR1.R2andR3donotneedtoaccessoneanother.BothR2andR3mustuse192.168.1.1asa
defaultgateway.R2andR3mustbeinseparateVLANs.

IhopeIvewrittenthechallengeinawaythatVRFsaretheonlysolution.Basedontherequirements,Ibelievewe
needtwoVRFs.Weshouldbeabletoaccomplishthisbyimplementingthediagrambelow.
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

3/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

VRFconfigurationisfairlystraightforward,soletsgoaheadandgetstarted.

//createthetwoVRFs
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

4/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1(config)#ipvrfred
R1(config)#ipvrfblue
//createeachsubinterfaceandplacethemintotheappropriateVRF
//noticethatweconfiguretheIPaddressafterconfiguringtheVRF
//otherwisetherouterwillremovetheIPaddress
R1(configsubif)#intfa0/0.10
R1(configsubif)#encapsulationdot1Q10
R1(configsubif)#ipvrfforwardingred
R1(configsubif)#ipaddress192.168.1.1255.255.255.0
R1(configsubif)#intfa0/0.20
R1(configsubif)#encapsulationdot1Q20
R1(configsubif)#ipvrfforwardingblue
R1(configsubif)#ipaddress192.168.1.1255.255.255.0
//noticethattherouteracceptedthesameIPaddressonbothinterfaces
//thisisbecausetheyareinseparateVRFinstances

NowletstestourreachabilitytoR2andR3.

//noticewenowhavetoclueR1intothefactthatwewant
//touseaVRFasopposedtotheglobalroutingtable.
//pingR2
R1#pingvrfred192.168.1.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto192.168.1.2,timeoutis2seconds:
!!!!!
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

5/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
//pingR3
R1#pingvrfblue192.168.1.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto192.168.1.2,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/1/4ms
R1#

Even though 192.168.1.1 is directly connected to Fa0/0.10 and Fa0/0.20, it does not show up with a show ip
route.Remember,showiprouteshowstheglobalroutingtable.

R1#showiproute
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
R1#

ToseetheroutesassociatedwithaVRF,wehavetoaddthevrfvrfnameparameter.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

6/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1#showiproutevrfred
RoutingTable:red
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0.10
R1#showiproutevrfblue
RoutingTable:blue
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
E1OSPFexternaltype1,E2OSPFexternaltype2
iISIS,suISISsummary,L1ISISlevel1,L2ISISlevel2
iaISISinterarea,*candidatedefault,Uperuserstaticroute
oODR,Pperiodicdownloadedstaticroute
Gatewayoflastresortisnotset
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0.20
R1#

NowletsaddourloopbackinterfacesintotheappropriateVRFs.
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

7/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R1(config)#intloop10
R1(configif)$ipvrfforwardingred
R1(configif)#ipaddress10.10.10.10255.255.255.0
R1(configif)#intloop20
R1(configif)$ipvrfforwardingblue
R1(configif)#ipaddress20.20.20.20255.255.255.0
R1(configif)#exit

Finally,wecantestfromR2andR3.Inamultitenantenvironment,youmightnothaveaccesstothese.However
inthislabwedoandcanthereforusethemtoconfirmthefunctionality.
R2(shouldbeabletoreach10.10.10.10,butnot20.20.20.20)

R2(config)#doping10.10.10.10
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto10.10.10.10,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
R2(config)#doping20.20.20.20
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto20.20.20.20,timeoutis2seconds:
U.U.U
Successrateis0percent(0/5)

R3(shouldnotbeabletoreach10.10.10.10,butshouldhaveaccessto20.20.20.20)

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

8/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

R3(config)#doping10.10.10.10
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto10.10.10.10,timeoutis2seconds:
U.U.U
Successrateis0percent(0/5)
R3(config)#doping20.20.20.20
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto20.20.20.20,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
R3(config)#

Whilesolvingourchallenge,thisarticlehasdemonstratedthesimplestformofVRFsonasinglerouter.VRFsare
afoundationalbuildingblockthathasgivennetworkdesignersgreatflexibilitywhendesigningMPLSnetworks.
Infuturearticles,wewillbuildonthisexampleanddemonstratemethodsforjumpingbetweenVRFsandutilizing
NATinamultitenantenvironment.

MigratingServers?
PlanDataorFullServerMigrationsWithOurNearZeroDowntimeGuide

Readersofthisarticlemayalsoenjoy:
1. VRFing102,ProvidingInternetAccessWithDynamicPAT
2. VRFing103,UsingNATVirtualInterfacesforGlobalReachability
3. TheOperationofProxyArp
4. MultipleProtocolsoverIPSec
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

9/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

5. CombiningGREandIPSecwithaFrontSideVRF
pcktu.com/MbJpGb

COPY

SpreadtheWord:

Pocket

Twitter

Facebook

LinkedIn

Google

More

AboutPaulStewart,CCIE26009(Security)
PaulisaNetworkandSecurityEngineer,TrainerandBloggerwhoenjoysunderstandinghowthingsreallywork.Withover15
yearsofexperienceinthetechnologyindustry,Paulhashelpedmanyorganizationsbuild,maintainandsecuretheirnetworks
andsystems.
ViewallpostsbyPaulStewart,CCIE26009(Security)

ThisentrywaspostedinNetwork,Technologyandtaggedmpls,network,vrf.Bookmarkthepermalink.

34ResponsestoVRFing101,UnderstingVRFBasics
RogerStewartsays:
July12,2012at11:19AM

Thislooksinteresting.
Reply

Bashirsays:
July14,2012at3:25AM

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

10/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Greatpostfornewbie..
thanks
Reply

ElvinAriassays:
July15,2012at6:31PM

Thanksforthearticle.
Elvin
Reply

AbhishekSagarsays:
November4,2012at5:51AM

whatisthepurposeofloopbackinterfaces,andhowdoestheauthormakethisclaimR2(shouldbeabletoreach
10.10.10.10,butnot20.20.20.20)??plshelp,iamabeginner.
Reply

PaulStewartsays:
November4,2012at8:42AM

Theloopbackinterfaces,inthisexample,areusedasademonstration.ThesecouldrepresentIPnetworkssomewhere
elseonthenetwork.Thepointistogivesomepointstotestagainst.ThereasonthatR2canreachonenetworkand
notanotherisbecauseoftheisolationcreatedbythevrfinstances.Thisisnotonlyaclaim,butevidencedbythe
testingperformedinthearticle.Thanksforthequestion.
Reply

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

11/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Kuleazesays:
March6,2013at4:37PM

InthenextcomingweeksIhavetosetupaVRFinstanceinoneofournewlocationsinChicago,thishashelpedlayagood
foundationforwhatisactuallyoccuringIllbereadingyourotherblogsaboutVRFshortly.Thanksfortheinfo!!
Reply

Pingback:CiscoVRF/MPBGPRouteronaStickwithNAT|TheNetworkHobo

Santoshsays:
February24,2014at6:56AM

HI,
Iamconfused,whytheauthortalksaboutVLANhere.
sayR2andR3mustbeinseparateVLANs.whythisVLANisneededhere???
Reply

Sensiesays:
December25,2014at4:53PM

Hi
theVLANsisSeparatesthetrafficonlayer2ontheswitch,otherwisetherouterswillbeabletotalktoeachotheron
layer2basedandthisexamplewillnotworkcorrectly.
VRFisveryimportantandthisisjustthebasicbutitsExcellentDescription.
Reply

Rahulsays:
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

12/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

March6,2014at7:59AM

verynicearticlethanks.
Reply

GowthamBalachandhiransays:
May16,2014at3:45AM

IfIcreateSubinterfaceinSerialshouldIchangetheencapsulationtypetoPPPfromHDLC.BecauseIwasnotabletoping
directlyconnectedInterfacebutIwasabletoseetheminroutingtable.Iusedvrfnamewhileenteringpingeverythingworks
exceptreachablility.Ievenseeremoteentriesinmyvrf.
Reply

PaulStewart,CCIE26009(Security)says:
May16,2014at4:08AM

ImnotsureIunderstandwhyyourconfigurationisntworking.Thetypicalplacetouseserialsubinterfacesiswhenframe
relayisused.However,thatissortofanunderlyingtechnologythatcouldimpacttheresultsbutnotchangetheconcepts
beingdemonstratedhere.
Reply

GowthamBalachandhiransays:
May16,2014at5:37AM

ThisishowmytopologywillapearonevrfperonesubinterfacetwocustomersareusingthesameCEwithonesubinterface
percustomervrf.ICustomersnetworkinmyvrfroutingtablebutforsomeunusualreasonIamnotabletopingthem
Reply
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

13/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

PaulStewart,CCIE26009(Security)says:
May16,2014at1:36PM

Iwouldexpectyoushouldbeabletosendtraffictoanythinginthevrfyouseeintheroutingtable.Obviously,you
needtotellthepingcommandtousethevrf.IwonderifthetrafficisbeingblockedbyanACL(thatispossiblynot
underyourcontrol)?
Reply

vadanmehtasays:
June26,2014at3:07PM

HIpaul.
Thankyouverymuchforthisinformation.
Ihaveonebasicquestion:
DoesOneVRFpointstoonePublicIPaddress!!andMultiVRFcapabilitymeansOnePublicIPaddresssharedbymanyVRF
instances??
regds
Vadan
Reply

PaulStewart,CCIE26009(Security)says:
June26,2014at6:18PM

Ivenottriedthat,butIthinkIshould.MyinitialreactionisthatitprobablywouldntworkwithasingleIPaddress.
AnexampleofNATNVIisattheurlbelow.However,itisusingapoolpervrf.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

14/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

http://www.packetu.com/2012/07/26/vrfing103usingnatvirtualinterfacesforglobalreachability/
Reply

madim2013says:
August5,2014at6:09PM

HelloPaul,
FantascipostandiseeyournamealsoontheCiscocommunity.
Iwaswonderingifyoucouldassitmeestablishingthis.Ihavenorealhardwaretotestthisunfortunatley.
Hopethebelowisclear::)
(icannotpostadiagramsohopethisissufficent:)
HostA>||
|ALAYER2
ACcESSsW|trunkpassingVLANA+VLANBtoDISTSWTICH
HostB>||
theDISTSWitchwillhaveaVRFforVLANAonly
HostAshouldnotpingHostB
HostAshouldpingthedefaultgateway,Alayer3SVIplacedinaVRFofthelaye3swtich
HostAhasadedicatedvlanAintheaccessswtichandlayer3distswtichVlandatabase

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

15/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

HostBshouldnotpingHostA
HostBshouldpingthedefaultgateway,Alayer3SVInotinanyVRFofthelaye3swtich
HostBhasadedicatedvlanBintheaccessswtichandlayer3distswtichVlandatabase
Basically,HostBispartofthecorporatenetworkandrequirestoaccessfarmorenetworkthenHostAneedtodo.(Thinkof
hostAbeinga3rdPartyorGuestLAN)
Iwaswonderingifthetrunkbetweenlayer2accessswtichandthedistpopsofthevlan.tagofVLANA(theVRFone)and
placeitintotheVRFA
whichispartoftheSVIforVLANA?
Manythanksinadvance
BestWishes
Markus
Reply

madim2013says:
August5,2014at6:11PM

Sorrytheabove(attemtped)diagramdidnotcomeoutthatwell,
Basically,hostAandhostBareattachedtothesamelayer2accessswitch
eachaccesportisconfiguredwiththebasicswtichportmode/accessvlanetc
manythanksagain
Bestwishes
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

16/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

markus
Reply

PaulStewart,CCIE26009(Security)says:
August5,2014at9:03PM

Thevrfwouldbealayer3concept.Eachlayer3SVIcanexistinavrforglobally.EachSVIwouldalsobeassociated
withaVLAN.Thevlanswouldbehandlednormallyasperthetrunkconfiguration(nativeuntaggedandallother
tagged).Soyourscenario,properlyconfigured,cangiveisolationbetweenhostAandhostBeventhoughtheyare
connectedtotheaccessswitch.
Reply

NyanLinSoesays:
November24,2014at5:37AM

GreatPost.Thanksalot.
Reply

ClaytonMeyersays:
November24,2014at12:51PM

Thisisagreat,verysimpleexplanation.Thanks!
Reply

ShaneTaylorsays:
January28,2015at11:06AM

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

17/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

Greatbasic101explanationPaul.Itrippedmyselfupwhenpingingtheloopbacks.IforgotthatR2/R3donotknowaboutthe
10or20subnetssoIeitherhadtojustaddastaticrouteonbothorrunaroutingprotocol.
Reply

SushimG.says:
March14,2015at10:47AM

HeyPaul,
Veryhelpful,niceandprecisepost
Itmadebasicunderstandveryclear.
Unlessbasicisclearmovingfurtheristrouble.
Youmadeitverywell,thanksagain.
BestRegards
Sushim
Reply

J.DavidFIGsays:
March23,2015at4:46PM

ExcellentintrotoVRFsandmoreimportantwhyweusethem!!
Reply

Pingback:VRFVirtualRoutingandForwarding|

SushantaMishrasays:
May15,2015at6:48AM
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

18/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

ThisisindeedanexcellentposttounderstandVRF.Ihaveadoubt,whyMPLSissupportedinthelocalvrfonly?
Reply

khansays:
August24,2015at5:30AM

Greateplanation
Reply

Bernardsays:
September2,2015at2:59AM

HiPaul,
Greatexplanation
Ihaveasmallquestion,attheendyouarepingingfromR3>R1sloopback20.
howthepingisworking?(isthereanystaticrouteonR3for20.20.20.20vianexthop192.168.1.1?)
OrbecausetheyareinthesameVRFinstancetheyseeeachothers?
Regards,
Reply

PaulStewart,CCIE26009(Security)says:
September2,2015at2:10PM

ThatisagoodobservationtherewouldbeaneedforaroutonR3toreachtheLoopbackonR1.Thiscouldbestatic
ordynamic.Astaticroutewouldlooklike

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

19/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

iproutex.x.x.xy.y.y.yvrf
Sorryfortheconfusion.
Reply

Devnarayansays:
October1,2015at7:08AM

HiPaul,
pleasehelp,Ihave2nosofCisco3560Xswitchwith2differentISPconnectedonit.Suggesthowtoconfigurevrfhereto
maketheautofailoverbetween2ISP.ThementionedswitchesareconnectedbelowtoCheckpoint.Boththeswitchesare
upgradedwithIPservicelicenseaswelltheswitchesareupdatedwithIOSc3560euniversalk9mz.1502.SE8.bin
Reply

Devnarayansays:
October5,2015at12:57AM

HiPaul,ifpossiblecanyoupleasehelpmeinthiscase
Reply

PaulStewart,CCIE26009(Security)says:
October5,2015at7:39AM

Imnotsureifyourscenariorequiresvrf.VRFswillcreatetwoareasofisolation.Itseemstomethatthere
needstobesomeplanningaroundIPaddressing(doyouhaveyourownaddressspaceandASN),NAT
(wheredoesthatterminate),Checkpointcapabilities(aretheyA/Sorclustered,dotheycommunicatestate,
canIGPsand/orBGPterminateontheFWorgothroughit),whatispositionedupstreamandwhathadthe
memorytotakeBGPtableifrequired?Thereisalotinthisquestion,butVRFwouldnttypicallybea
http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

20/21

5/10/2015

VRFing101,UnderstingVRFBasicsPacketU

requirement.

Kevynjrsays:
October3,2015at12:46PM

Morestuffvrfplease
Reply

PaulStewart,CCIE26009(Security)says:
October4,2015at10:28AM

Mycurrentchallengeislackoftime.IreallywishIhadtimetopostweeklyormore.Idliketodosomemorestuffon
FirePOWER,AMP,ISEandVRFs(andhowtheyworkwithNexusVDCsandASAcontexts).AsIfindtime,Illtryto
postsomemoreofwhatyouarerequesting.
Reply

PacketU
ProudlypoweredbyWordPress.

http://www.packetu.com/2012/07/12/vrfing101understingvrfbasics/

21/21

You might also like