ccie blog

VRF-lite

A VRF is a Virtual Routing and Fowarding table.  In lamens terms it’s a way to make multiple routing tables that are completely separate from each other.  Consider them as VLANs that operate at layer 3. VRF lite is considered a way of using VRF’s to segment networks without MPLS.  For now, I’ll look at just VRF-lite.

 

LAB

In this topology, there is a requirement that OSPF needs to be used between customer sites, however, for security reasons, London should not be accessible to any users at Newcastle or Manchester.  However, Newcastle & Manchester should be able to communicate between sites and share routes using OSPF.  The way we are going to do this is by using VRF-lite.


First off, I configured each of the branch routers.  Very simple; just a enable ospf with a network statement at each site.

Newcastle#
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.0.0.6 255.255.255.252
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

London#
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.252
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

Manchester#
interface Loopback0
 ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.0.0.10 255.255.255.252
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

Let’s dive onto PE1 and start doing the good stuff! I’m going to make two VRF’s & assign them to the relevant interface. One VRF is for Manchester & Newcastle (SharedSites), and one VRF just for London.

PE1(config)#ip vrf london
PE1(config)#ip vrf SharedSites

PE1#
interface Loopback99
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding london
ip address 10.0.0.1 255.255.255.252
!
interface FastEthernet0/1
ip vrf forwarding SharedSites
ip address 10.0.0.5 255.255.255.252
!
interface FastEthernet1/0
no switchport
ip vrf forwarding SharedSites
ip address 10.0.0.9 255.255.255.252

Note that if you try and apply the command #ip vrf forwarding [vrf name] on the interface when it already has an IP address, it just swipes the config off.  So it’s better to apply the interface to the vrf, and then put the ip address on it.

The final stage is to apply the OSPF configuration.  Notice you will need a separate ospf process for each vrf.

router ospf 1 vrf london
 network 0.0.0.0 255.255.255.255 area 0
!
router ospf 3 vrf SharedSites
 network 0.0.0.0 255.255.255.255 area 0

And now to verify ospf is sharing routes between Newcastle and Manchester.

NewcastleCE# sh ip route | b Gate

Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 2 subnets
O      10.0.0.8 [110/2] via 10.0.0.5, 00:07:41, FastEthernet0/1
C      10.0.0.4 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, Loopback0
     192.168.2.0/32 is subnetted, 1 subnets
O      192.168.2.1 [110/3] via 10.0.0.5, 00:07:41, FastEthernet0/1

Nice! If I do a quick ping to the loopback at Manchester with a source address of lo0 from Newcastle it will verify full reachability between these two branches.

Newcastle#ping 192.168.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/48 ms

Good. A quick peek at London’s routing table verifies that we do not get any of the routes to either office

LondonCE# sh ip route | b Gate

Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 1 subnets
C      10.0.0.0 is directly connected, FastEthernet0/0
C    192.168.0.0/24 is directly connected, Loopback0

And that’s pretty much it!

12 Comments

Hose SnowboardFebruary 19th, 2012 at 10:57 pm

Brilliant content, I am checking back frequent to look for up-grades.

KennethFebruary 25th, 2012 at 9:24 pm

I am extremely impressed with your writing skills as well as with the layout on your blog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it’s rare to see a great blog like this one today..

stephengarbettFebruary 26th, 2012 at 12:36 am

Hey Kenneth. Thanks very much, glad you like my blog. It was originally a theme called Mantra version 1.7.4 After some little mods on the theme settings & CSS code, I got it looking roughly how I wanted it. I am hoping to find someone to make me a banner in order to make it more appealing.

Steve

DallasFebruary 29th, 2012 at 12:00 pm

I really appreciate this post. I¡¦ve been looking all over for this! Thank goodness I found it on Bing. You’ve made my day! Thx again

BalaSeptember 24th, 2013 at 11:35 am

Nice article. Thank you.

JawwadFebruary 1st, 2014 at 12:06 pm

Thanks a lor for sharing a good example.Clearly explained

theserpantJuly 31st, 2014 at 6:31 pm

thanks man. You really helped me understand this.

jimmyOctober 10th, 2014 at 8:12 pm

Good and simple example

AniketJanuary 2nd, 2016 at 6:53 pm

thank you it is really help full.

suneethJune 2nd, 2016 at 6:19 am

Thank you…

JatinDecember 4th, 2016 at 6:34 pm

Nice article.

Kumar GauravApril 18th, 2017 at 8:07 pm

very good stuff!!…keep up the good work…

Leave a comment

Your comment