CCNP Tech-Talk Series

VRF-Lite and Dynamic Routing over MPLS-VPN

Gerry Flores
AS - NCE
September 21, 2017
 Agenda
• VRF-Lite
• What is VRF? VRF-Lite?
• How does it change the behavior of a router?
• How to do static and dynamic routing inside VRF-Lite?
• Basic configuration and verification?
• Use Cases?

• Dynamic Routing over MPLS-VPN

• Brief overview of MPLS-VPN (L3VPN and L2VPN)
• How does different dynamic routing works in L3VPN & L2VPN?

CCNP R&S
VRF-Lite
• VRF = Virtual Routing and Forwarding
• VRFs were initially introduced in combination with MPLS
• VRFs can be used without MPLS and this is known as VRF-Lite
• Network virtualization technology that allows network segmentation from a Layer 3 standpoint, creating multiple “virtual
routers” in the same physical device in the sense of having multiple instances of routing and forwarding table that are
independent of each other
• Key concept: Each VRF instance is a separate routing and forwarding table (w/o VRFs, all routes placed in the Global Routing Table)
• No communication between devices belonging to different VRF is allowed unless explicitly configured (you can configure inter-VRF)
• The routing protocol enabled in the context of each VRF is totally independent from the IGP running in the other VRFs or in the global routing table.
• Because the routing instances are independent, the same or overlapping IP address can be used without conflicting with each other
• Each routed interface (physical or virtual) belongs to exactly one VRF
• VRFs are only locally significant to the router
• VRFs employ essentially a similar concept as VLANs but at L3 to logically separate the L3 topologies
• End-to-end segmentation is done on a per VRF and per hop basis
• VRF-Lite does not scale to the size required by global enterprises or large carriers, as there is the need to implement each VRF
instance on every router, including intermediate routers.
• Use Cases:
• Guest access -- Separate CORP and GUEST network
• Multi-tenant environment
• IT acting as SP for different departments
VRF-Lite
Device partitioning – L2 vs. L3 network virtualization
• Virtualize/Segment at Layer 2
• Associates to one or more L2 interfaces
(switchport) on switch
• Spanning tree instance per VLAN and
has its own MAC address table
• Virtualize/Segment at Layer 3
• Associates to one or more L3 interfaces
(routed) on router/L3 switch
• Each VRF has its own:
• Routing Information Base (RIB) - RT
• Forwarding Information Base (FIB) - CEF
• Routing process (RIP, EIGRP, OSPF, BGP,
Static) – must be “VRF aware”
 VRF-Lite
Verification
Configuration • Show ip vrf / show vrf
• Create VRF instance • Show ip vrf interfaces <VRF-name>
• ip vrf <VRF-name> • Show ip route vrf <VRF-name>
• vrf definition <VRF-name> • Show ip protocols vrf <VRF-name>
address-family… • Show ip eigrp vrf <VRF-name>
• Associate L3 interface (physical or virtual) to a VRF interface|neighbor|topology
• ip vrf forwarding • Show ip ospf <process-id>
• vrf forwarding interface|neighbor|database
• Configure routing (static/dynamic) per VRF instance • etc.
• By default, routing protocols are activated on interfaces
bound to the Global Routing Table
• Explicit VRF configuration must be included in RP
configuration
• Similar to how a static/dynamic routing is configured with
the addition of vrf and address families in certain RP
• Static: ip route vrf <VRF-name> <IP> <mask> <NH>
• RIP: router rip
address-family ipv4 vrf <VRF-name>
{usual RIP config}
• EIGRP: router eigrp <as>
address-family ipv4 vrf <VRF-name> autonomous-
system <unique AS per VRF>
{usual EIGRP config}
• OSPF: router ospf <unique proc-id per VRF> vrf <VRF-name>
{usual OSPF config}
Dynamic Routing over MPLS-VPN
• Brief overview of MPLS-VPN (L3VPN and L2VPN)
• For CCNP R&S level, all the complexity of MPLS
switching in the MPLS-VPN cloud is transparent to you
• Need to understand how an enterprise router
connects with the SP’s MPLS-VPN cloud
• “VPN” does not imply encryption as in IPSec VPN
• Still uses VRF (at the PE facing CE) that creates the
separation between customers. VRFs stop at the edge.
• IP at customer facing; MPLS at the core.

• How does different dynamic routing works in L3VPN & L2VPN?

• RIP/EIGRP/OSPF/BGP over MPLS-L3VPN
• CE (customer edge) running the desired RP establish neighbor relationship with its local PE (provider edge)
• No neighborship is required between all the remote CE routers
• CE routers learn routes/prefixes via the PE thru the MPLS-L3VPN cloud
• RIP/EIGRP/OSPF/BGP over MPLS-L2VPN
• Neighborship is formed between CE routers only, thru the MPLS-L2VPN cloud
• CE router learn routes/prefixes directly from its neighbor CE router
• MPLS-L2VPN cloud can be considered as a LAN segment or simply a wire
• Just think of the MPLS-VPN as a big router (L3VPN) or switch (L2VPN)
• Backdoor/backup link implications? (ospf to mplsvpn pri + ospf bu low bw, igp pri + ebgp to mplsvpn bu etc.)
 Thank You !!!

CCNP Tech-Talk Series

VRF-Lite and Dynamic Routing over MPLS-VPN