VRF Lite Configuration on Cisco IOS

In this lesson you will learn about VRFs (Virtual Routing and Forwarding). By default a router uses a single global routing table that contains all the directly connected networks and prefixes that it learned through static or dynamic routing protocols.

VRFs are like VLANs for routers, instead of using a single global routing table we can use multiple virtual routing tables. Each interface of the router is assigned to a different VRF.

In this lesson you will learn about VRFs (Virtual Routing and Forwarding). By default a router uses a single global routing table that contains all the directly connected networks and prefixes that it learned through static or dynamic routing protocols. VRFs are like VLANs for routers, instead of us

VRFs are commonly used for MPLS deployments, when we use VRFs without MPLS then we call it VRF lite. That’s what we will focus on in this lesson. Let’s take a look at an example topology:

ISP Router customer Red BlueIn the topology above we have one ISP router and two customers called “Red” and “Blue”. Each customer has two sites and those are connected to the ISP router. The ISP router has only one global routing table so if we connect everything like the topology above, this is what the routing table will look like:

ISP#show ip route connected
C    192.168.4.0/24 is directly connected, FastEthernet3/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.2.0/24 is directly connected, FastEthernet1/0
C    192.168.3.0/24 is directly connected, FastEthernet2/0

The ISP router has a single global routing table that has all 4 directly connected networks. Let’s use VRFs to change this, I want to create a seperate routing table for customer “Blue” and “Red”. First we have to create these VRFs:

ISP(config)#ip vrf Red
ISP(config-vrf)#exit
ISP(config)#ip vrf Blue
ISP(config-vrf)#exit

Globally we create the VRFs, one for each customer. Our next step is to add the interfaces of the ISP router to the correct VRF. Here’s how:

ISP(config)#interface FastEthernet 0/0
ISP(config-if)#ip vrf forwarding Blue
% Interface FastEthernet0/0 IP address 192.168.1.254 removed due to enabling VRF Blue
ISP(config-if)#ip address 192.168.1.254 255.255.255.0

On the interface level we use the ip vrf forwarding command to assign the interface to the correct VRF. Once you do this , you’ll have to add the IP address again. Let’s configure the remaining interfaces:

ISP(config)#interface FastEthernet 1/0
ISP(config-if)#ip vrf forwarding Red
ISP(config-if)#ip address 192.168.2.254 255.255.255.0

ISP(config)#interface FastEthernet 2/0
ISP(config-if)#ip vrf forwarding Blue
ISP(config-if)#ip address 192.168.3.254 255.255.255.0

ISP(config)#interface FastEthernet 3/0
ISP(config-if)#ip vrf forwarding Red
ISP(config-if)#ip address 192.168.4.254 255.255.255.0

All interfaces are now configured. There’s a useful command you can use to see all the VRFs and their interfaces:

ISP#show ip vrf
  Name                             Default RD          Interfaces
  Blue                                                 Fa0/0
                                                       Fa2/0
  Red                                                  Fa1/0
                                                       Fa3/0

Our VRFs are configured, let’s take a look at the global routing table of the ISP router:

ISP#show ip route connected

The global routing table has no entries, this is because all interfaces were added to a VRF. Let’s check the VRF routing tables:

ISP#show ip route vrf Blue connected
C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.3.0/24 is directly connected, FastEthernet2/0
ISP#show ip route vrf Red connected
C    192.168.4.0/24 is directly connected, FastEthernet3/0
C    192.168.2.0/24 is directly connected, FastEthernet1/0

We use the show ip route command but you’ll need to specify which VRF you want to look at. As you can see, each VRF has its own routing table with the interfaces that we configured earlier.

If you want to do something on the router like sending a ping then you’ll have to specify which VRF you want to use. By default it will use the global routing table. Here’s an example how to send a ping:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

501 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Collin,

    That’s right, it’s a little side effect of replicating everything. All routes are replicated from blue/red to green and vice versa.

    To solve this, it’s better to use a route-map to define what should/shouldn’t be replicated:

    ISP1(config-vrf-af)#route-replicate from vrf Green unicast all route-map RED_PREFIXES

    Rene

  2. EVN only knows what tags to use since we configured the tags on the VRFs.

    Also, it basically only does this for us:

    interface GigabitEthernet3.10
     description Subinterface for VNET Blue
     encapsulation dot1Q 10
     vrf forwarding Blue
     ip address 192.168.56.5 255.255.255.0
    

    The sub-interface above was created by EVN. If you don’t want to use EVN, you could configure sub-interfaces like this yourself.

  3. Hopefully, this will be easier. I don’t know what it means when it says please use the “code” button to post configurations.
    ISP1:

    vrf definition Blue
     vnet tag 10
     !
     address-family ipv4
     exit-address-family
    !
    vrf definition Red
     vnet tag 20
     !
     address-family ipv4
     exit-address-family
    !
    interface GigabitEthernet1
     vrf forwarding Blue
     ip address 192.168.1.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     vrf forwarding Red
     ip address 192.168.2.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet3
     vnet trunk
     ip address 192.168.56.
    ... Continue reading in our forum

  4. Hello Don.

    I’m assuming the EVN trunk is working and that you’ve checked the VRF configuration, and you’ve successfully verified that the vnet trunk has been created with the appropriate show and ping commands. I’m also assuming you’ve checked the output from the command show derived-confg and that the subinterfaces Gi3.10 and Gi3.20 are showing up. Check these first to see that the EVN is working correctly before any routing has been configured.

    Looking through your config, I’m not able to find something that stands out as an error. It seems like it should

    ... Continue reading in our forum

  5. Hello Johnson

    The vrf forwarding command can only be used under the interface configuration. You may be referring to the ip vrf forwarding command which can also be implemented in global configuration mode.

    Cisco explains the difference like so:

    In earlier Cisco IOS releases, you created a VRF to be applied only to an IPv4 address family (single-protocol VRF) by entering the ip vrf command. To activate the single-protocol VRF on an interface, you entered the ip vrf forwarding (interface configuration) command.

    You can now define multiple address families und

    ... Continue reading in our forum

37 more replies! Ask a question or join the discussion by visiting our Community Forum