Explanation by examples: virtual routing tables (vrf)

1. Create 3 virtual router forwarding (vrf) table entries

In the following example we are going to setup VRF tables and see how they can be applied to ordinary routers. MPLS is not used in this example, which make the workings of VRF a lot easier to explain – and understand.

In the following example “rd” stands for router-distinquisher, and here is

the explanation from the Cisco documenatation:

“The route distinquisher (RD) is either an autonomous system number (ASN)-relative RD,

in which case it is composed of an autonomous system number and an arbitrary number,

or it is an IP-address-relative RD, in which case it is composed of an IP address

and an arbitrary number.

 

•You can enter an RD in either of these formats:

–16-bit autonomous system number: your 32-bit number

For example, 101:3.

–32-bit IP address: your 16-bit number

For example, 192.168.122.15:1. ”

 

(indeed: it still doesn’t explain why we need it..)

 

So here we will just use “1” for the ASN and a arbitrary number for the next digit after the colon.

 

IUWNE-SW(config)#ip vrf blue

IUWNE-SW(config-vrf)#rd 1:1

IUWNE-SW(config-vrf)#ip vrf red

IUWNE-SW(config-vrf)#rd 1:2

IUWNE-SW(config-vrf)#ip vrf yellow

IUWNE-SW(config-vrf)#rd 1:3

 

 

2. The usage

The next question is: what are we going to do with these?

 

In the example from http://ciscodreamer.blogspot.com/2009/06/vrf-basics.html we can learn that it is eg possible to assign the same IP address to multiple subinterfaces and by

issueing the right VRF, reach individual IP addressess on the other end. Cisco IOS

in this case will not complain about the re-use of the same IP address..

 

Let’s create the subinterfaces and assign VRF’s to each of them:

R1(config)#int fas 0/0.1

R1(config-subif)#encapsulation dot1Q 1

R1(config-subif)#ip vrf forwarding blue

R1(config-subif)#ip address 10.0.0.1 255.255.255.0

R1(config-subif)#no shut

R1(config-subif)#int fas 0/0.2

R1(config-subif)#encapsulation dot1Q 2

R1(config-subif)#ip vrf forwarding red

R1(config-subif)#ip address 10.0.0.1 255.255.255.0

R1(config-subif)#no shut

R1(config-subif)#int fas 0/0.3

R1(config-subif)#ip vrf forwarding yellow

R1(config-subif)#ip address 10.0.0.1 255.255.255.0

R1(config-subif)#encapsulation dot1Q 3

R1(config-subif)#ip address 10.0.0.1 255.255.255.0

R1(config-subif)#no shut

R1(config)#int fas 0/0

R1(config-subif)#no shut

R1(config-subif)#do wri

 

On the switch that we are going to connect to, our router interface will trunk with these 3

subinterfaces, fas0/0.1, .2 and .3.

First let’s check the vrf at work on our router:

R1#sh ip route vrf blue

Routing Table: blue

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * – candidate default, U – per-user static route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0.1

 

 

R1#ping vrf blue 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

 

Well well.. this is actually working!

 

3. Connecting to remote IP addressess

Now we connect this router interface fas0/0 to a (switchport) trunk and make sure that

the VLANs 1,2,3 each in turn have an access port assigned to them. To these access ports

we connect a device with an IP address. (here we will use routers but that is

besides the point)

 

See the exhibit of GNS3 to check the connections.

 

Hint: in GNS3 click “manual” under the connections drop down menu to pick an individual interface to make sure you get the right NIC’s connected.

 

In the switchport 1 for vlan 1 (vrf red), the IP of the router on the other end is 10.0.0.2:

R1#ping vrf blue 10.0.0.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

!!!!!

 

In the switchport 2mfor vlan 2 (vrf red), the IP of the router on the other end is 10.0.0.3:

R1#ping vrf red 10.0.0.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:

!!!!!

In the switchport 3 for vlan 3 (vrf yellow), the IP of the router on the other end is 10.0.0.4:

R1#ping vrf yellow 10.0.0.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:

.!!!!

 

So this should be impossible:

R1#ping vrf red 10.0.0.4

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:

…..

Success rate is 0 percent (0/5)

 

Which it is.. Once again.. life in wonderfull.

This entry was posted in Cisco Networking. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *