What is VRF-Lite?
VRF is a feature that allows you to create separate instances of the routing table. In turn allowing you to segregate and isolate different network types. When VRFs are used without MPLS it is classed as VRF-lite. VRF-lite configuration doesn’t need the route-target and can be done by static or dynamic routing under its VRF instance.
This tutorial will be based on the following topology (Figure 1):
- 2 x VRFs will be configured on router R1 - Green/Red.
- 2 x networks (126.96.36.199 and 188.8.131.52) will be configured on router R1, one placed into each of the VRFs.
- eBGP peerings will then be established to each of the neighbours (Red/Green).
- eBGP will advertise the corresponding VRF network to its peer:
- Green VRF - 184.108.40.206.
- Red VRF - 220.127.116.11.
Figure 1 - Topology.
Router - R1
First of all we configure the 2 VRFs. Each VRF is assigned a Route Distinguisher.
ip vrf GREEN rd 65001:100 ip vrf RED rd 65001:200
Next, we configure our interfaces. Each loopback and the interface connecting R1 to its neighbor is placed into their corresponding VRF.
interface Loopback1 ip vrf forwarding GREEN ip address 18.104.22.168 255.255.255.0 ! interface Loopback2 ip vrf forwarding RED ip address 22.214.171.124 255.255.255.0 interface GigabitEthernet0/1 description to GREEN ip vrf forwarding GREEN ip address 10.0.0.10 255.255.255.252 ! interface GigabitEthernet0/2 description to RED Ip vrf forwarding RED ip address 10.0.0.5 255.255.255.252
BGP is configured. We use the IPv4 address families to specify our VRFs and redistribute our connected interfaces into BGP.
Note : The IPv4 address-family exchanges normal IPv4 unicast routes, without any route distinguisher (RD). Therefore in our example the RD is only locally significant to R1, hence
vpnv4 being used within the R1 show commands.
router bgp 65001 bgp router-id 126.96.36.199 bgp log-neighbor-changes address-family ipv4 vrf GREEN redistribute connected neighbor 10.0.0.9 remote-as 65002 neighbor 10.0.0.9 activate exit-address-family address-family ipv4 vrf RED redistribute connected neighbor 10.0.0.6 remote-as 65003 neighbor 10.0.0.6 activate exit-address-family
Router - Green
The configuration for Green, is a simple eBGP peering. Like so,
router bgp 65002 bgp router-id 188.8.131.52 bgp log-neighbor-changes redistribute connected neighbor 10.0.0.10 remote-as 65001
Router - Red
We then configure another eBGP peering on Red.
router bgp 65003 bgp router-id 184.108.40.206 bgp log-neighbor-changes redistribute connected neighbor 10.0.0.5 remote-as 65001
First, we will check that the BGP adjacencies have correctly formed on R1, Green and Red. From the output, we can see BGP has successfully established adjacency with its neighbour, and that prefixes have been received.
R1#show ip bgp vpnv4 vrf RED summary ! Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.6 4 65003 36 36 8 0 0 00:28:46 2 R1#show ip bgp vpnv4 vrf GREEN summary ! Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.9 4 65002 51 51 8 0 0 00:42:07 2
GREEN#show ip bgp summary ! Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.10 4 65001 58 59 7 0 0 00:49:01 2
RED#show ip bgp sum ! Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.5 4 65001 46 46 5 0 0 00:38:11 2
Finally, we check the routing table on, both the Green and the Red router, in order to confirm we have learnt the routes advertised from the corresponding VRF on R1.
GREEN#show ip route ! 220.127.116.11/32 is subnetted, 1 subnets C 18.104.22.168 is directly connected, Loopback0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.8/30 is directly connected, GigabitEthernet0/1 L 10.0.0.9/32 is directly connected, GigabitEthernet0/1 22.214.171.124/24 is subnetted, 1 subnets B 126.96.36.199 [20/0] via 10.0.0.10, 00:49:06
RED#show ip route ! 188.8.131.52/32 is subnetted, 1 subnets C 184.108.40.206 is directly connected, Loopback0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.4/30 is directly connected, GigabitEthernet0/1 L 10.0.0.6/32 is directly connected, GigabitEthernet0/1 B 220.127.116.11/24 [20/0] via 10.0.0.5, 00:38:05
Success, as we can see the advertised router from R1’s VRF on each router.