What is VRF-Lite?
VRF is a feature that allows you to create separate instances of the routing table. In turn allowing you to segregate and isolate different network types. When VRFs are used without MPLS it is classed as VRF-lite. VRF-lite configuration doesn’t need the route-target and can be done by static or dynamic routing under its VRF instance.[1]
Topology
This tutorial will be based on the following topology (Figure 1):
- 2 x VRFs will be configured on router R1 - Green/Red.
- 2 x networks (100.1.1.0 and 200.1.1.0) will be configured on router R1, one placed into each of the VRFs.
- eBGP peerings will then be established to each of the neighbours (Red/Green).
- eBGP will advertise the corresponding VRF network to its peer:
- Green VRF - 100.1.1.0.
- Red VRF - 200.1.1.0.
Figure 1 - Topology.
Configuration
Router - R1
VRFs
First of all we configure the 2 VRFs. Each VRF is assigned a Route Distinguisher.
ip vrf GREEN
rd 65001:100
ip vrf RED
rd 65001:200
Interfaces
Next, we configure our interfaces. Each loopback and the interface connecting R1 to its neighbor is placed into their corresponding VRF.
interface Loopback1
ip vrf forwarding GREEN
ip address 100.1.1.1 255.255.255.0
!
interface Loopback2
ip vrf forwarding RED
ip address 200.1.1.1 255.255.255.0
interface GigabitEthernet0/1
description to GREEN
ip vrf forwarding GREEN
ip address 10.0.0.10 255.255.255.252
!
interface GigabitEthernet0/2
description to RED
Ip vrf forwarding RED
ip address 10.0.0.5 255.255.255.252
BGP
BGP is configured. We use the IPv4 address families to specify our VRFs and redistribute our connected interfaces into BGP.
Note : The IPv4 address-family exchanges normal IPv4 unicast routes, without any route distinguisher (RD). Therefore in our example the RD is only locally significant to R1, hence vpnv4 being used within the R1 show commands.
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
address-family ipv4 vrf GREEN
redistribute connected
neighbor 10.0.0.9 remote-as 65002
neighbor 10.0.0.9 activate
exit-address-family
address-family ipv4 vrf RED
redistribute connected
neighbor 10.0.0.6 remote-as 65003
neighbor 10.0.0.6 activate
exit-address-family
Router - Green
The configuration for Green, is a simple eBGP peering. Like so,
router bgp 65002
bgp router-id 2.2.2.2
bgp log-neighbor-changes
redistribute connected
neighbor 10.0.0.10 remote-as 65001
Router - Red
We then configure another eBGP peering on Red.
router bgp 65003
bgp router-id 3.3.3.3
bgp log-neighbor-changes
redistribute connected
neighbor 10.0.0.5 remote-as 65001
Verification
BGP Adjacencies
First, we will check that the BGP adjacencies have correctly formed on R1, Green and Red. From the output, we can see BGP has successfully established adjacency with its neighbour, and that prefixes have been received.
R1#show ip bgp vpnv4 vrf RED summary
!
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.6 4 65003 36 36 8 0 0 00:28:46 2
R1#show ip bgp vpnv4 vrf GREEN summary
!
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.9 4 65002 51 51 8 0 0 00:42:07 2
GREEN#show ip bgp summary
!
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.10 4 65001 58 59 7 0 0 00:49:01 2
RED#show ip bgp sum
!
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.5 4 65001 46 46 5 0 0 00:38:11 2
Routes
Finally, we check the routing table on, both the Green and the Red router, in order to confirm we have learnt the routes advertised from the corresponding VRF on R1.
GREEN#show ip route
!
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.8/30 is directly connected, GigabitEthernet0/1
L 10.0.0.9/32 is directly connected, GigabitEthernet0/1
100.0.0.0/24 is subnetted, 1 subnets
B 100.1.1.0 [20/0] via 10.0.0.10, 00:49:06
RED#show ip route
!
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.4/30 is directly connected, GigabitEthernet0/1
L 10.0.0.6/32 is directly connected, GigabitEthernet0/1
B 200.1.1.0/24 [20/0] via 10.0.0.5, 00:38:05
Success, as we can see the advertised router from R1’s VRF on each router.
References
"VRF vs VRF Lite | IP With Ease | IP With Ease." 28 Dec. 2016, https://ipwithease.com/vrf-vs-vrf-lite/. Accessed 12 Feb. 2018. ↩︎
