Friday, February 17, 2012

VRF Basics

When we hear about VRF, its almost synonymous to MPLS VPN. Virtual Routing and Forwarding is commonly used by Service Providers to provide services within an MPLS cloud with multiple customers. The most interesting feature of this is that, VRF allows creation of multiple routing tables within a single router. This means that overlapping use of IP addresses from different customers is possible. Some enterprises use VRF to seggrate their services like VOIP, wireless, geographical location and other varieties. Through the network setup below, we will see how to configure VRF and check if its really possible for duplicate ip addresses. We have 3 customers in the figure connected to a Provider Edge router. We will name the VRF's Blue, Red and Yellow. Click image for a bigger view.



Now let's configure RD's on the PE router.


Router(config)#host PE
PE(config)#ip vrf blue
PE(config-vrf)#rd 1:1
PE(config-vrf)#ip vrf red
PE(config-vrf)#rd 2:2
PE(config-vrf)#ip vrf yellow
PE(config-vrf)#rd 3:3


Basically the "rd" command is in the format ASN:nn or IP-address:nn. The VRF names and rd values are actually locally significant which means that it doesn't matter what name you create. What really matters is the "route target" value because this is what you will import or export. More about this on the next blog entry.

Now we have created VRF's, lets configure interfaces and apply the VRF's to the interfaces.


PE(config)#int fa0/0.2
PE(config-subif)#encapsulation dot1q 2
PE(config-subif)#ip vrf forwarding blue
PE(config-subif)#ip address 1.1.1.1 255.255.255.252
PE(config-subif)#int fa0/0.3
PE(config-subif)#encapsulation dot1q 3
PE(config-subif)#ip vrf forwarding red
PE(config-subif)#ip address 1.1.1.1 255.255.255.252
PE(config-subif)#int fa0/0.4
PE(config-subif)#encapsulation dot1q 4
PE(config-subif)#ip vrf forwarding yellow
PE(config-subif)#ip address 1.1.1.1 255.255.255.252


If you notice above all interfaces have the same ip address which is 1.1.1.1. Normally without VRF, the router will give a warning message that overlapping ip addresses are not allowed. The command "ip vrf forwarding " will add the vrf to a specific interface.

Let's configure the other routers Blue, Red and Yellow with 1.1.1.2/30 on their FastEthernet0/0 interfaces. Lets ping 1.1.1.1 from the routers.


Blue#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/35/80 ms

Red#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/48/156 ms

Yellow#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/60/136 ms


It's good! We have ip reachability to PE from the CE routers. Now, from PE point of view, how will PE know which one to ping if we use 1.1.1.2 since all Blue, Red and Yellow routers use the same ip? This can be accomplished using the "ping vrf " command. See below.


PE#ping vrf blue 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/68 ms
PE#ping vrf red 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/88 ms
PE#ping vrf yellow 1.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/31/68 ms


Now, we have proven that duplicate IP addresses is possible using VRF. Be reminded that VRF's are usually and by standard configured on PE routers. CE routers normally don't make use of VRF's but there are always exceptions. Next entries will focus on importing Route Targets and using IGP's and BGP on a MPLS VPN setup. Cheers.
Related Posts Plugin for WordPress, Blogger...