VRF (Virtual Routing and Forwarding) is like a logical router, no need to require many router for different routing or different customers.VRF are most commonly associated MPLS service providers. Deployment without MPLS is know as VRF lite.In this topology we configure the VRF Lite. Let see, we have two customer Green and Yellow are using our network service.They have same network prefixes. As we know router don't accept same network prefixes but Vrf can solve that problem.
First step we need to create vrf.
R1
ip vrf GREEN
ip vrf YELLOW
R2
ip vrf GREEN
ip vrf YELLOW
R3
ip vrf GREEN
ip vrf YELLOW
Each routed interface (virtual or physical) belongs to exactly one VRF.
For vrf GREEN
R2
int lo0
ip vrf forwarding GREEN
ip add 192.168.1.1 255.255.255.0
int f0/0.1
encapsulation dot1q 10
ip vrf forwarding GREEN
ip add 10.10.12.2 255.255.255.252
R1
int f0/0.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.12.1 255.255.255.252
int f0/1.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.13.1 255.255.255.252
R3
interface Loopback0
ip vrf forwarding GREEN
ip address 192.168.2.1 255.255.255.0
interface FastEthernet0/0.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.13.2 255.255.255.252
For VRF YELLOW
R1
int f0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.12.1 255.255.255.252
int f0/1.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.13.1 255.255.255.252
R2
interface Loopback1
ip vrf forwarding YELLOW
ip address 192.168.1.1 255.255.255.0
interface FastEthernet0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.12.2 255.255.255.252
R3
interface Loopback1
ip vrf forwarding YELLOW
ip address 192.168.2.1 255.255.255.0
interface FastEthernet0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.13.2 255.255.255.252
Verify the routing table.At normal condition we use 'sh ip route' to look the global routing table.For vrf routing table use 'sh ip route vrf xxxx (vrf name)'.
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R2#sh ip route vrf GREEN
Routing Table: GREEN
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, Loopback0
R2#sh ip route vrf YELLOW
Routing Table: YELLOW
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, Loopback1
Now we connect R2 and R3 networks with OSPF.Router id is a important to define.If the same router id neighbor is not coming up for other vrf.
For vrf GREEN
R1
router ospf 1 vrf GREEN
router-id 1.1.1.1
net 10.10.12.0 0.0.0.3 area 0
net 10.10.13.0 0.0.0.3 area 0
R2
router ospf 1 vrf GREEN
router-id 2.2.2.1
log-adjacency-changes
network 10.10.12.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
R3
router ospf 1 vrf GREEN
router-id 3.3.3.1
log-adjacency-changes
network 10.10.13.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
For vrf YELLOW
R1
router ospf 1 vrf YELLOW
OSPF process 1 already exists and is attached to VRF GREEN
Processing number must different other vrf used.
router ospf 2 vrf YELLOW
router-id 1.1.1.2
net 10.10.12.0 0.0.0.3 area 0
net 10.10.13.0 0.0.0.3 area 0
R2
router ospf 2 vrf YELLOW
router-id 2.2.2.2
log-adjacency-changes
network 10.10.12.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
R3
router ospf 2 vrf YELLOW
router-id 3.3.3.2
log-adjacency-changes
network 10.10.13.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
Verify the ospf neighbors.
R1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.2 1 FULL/DR 00:00:35 10.10.13.2 FastEthernet0/1.2
2.2.2.2 1 FULL/DR 00:00:36 10.10.12.2 FastEthernet0/0.2
3.3.3.1 1 FULL/DR 00:00:33 10.10.13.2 FastEthernet0/1.1
2.2.2.1 1 FULL/DR 00:00:34 10.10.12.2 FastEthernet0/0.1
Verify the routing table.
For vrf GREEN
R1
R1#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
C 10.10.13.0 is directly connected, FastEthernet0/1.1
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.10.12.2, 00:14:55, FastEthernet0/0.1
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 10.10.13.2, 00:07:40, FastEthernet0/1.1
R2
R2#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
O 10.10.13.0 [110/2] via 10.10.12.1, 00:08:21, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/3] via 10.10.12.1, 00:08:21, FastEthernet0/0.1
R3
R3#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
O 10.10.12.0 [110/2] via 10.10.13.1, 00:09:12, FastEthernet0/0.1
C 10.10.13.0 is directly connected, FastEthernet0/0.1
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/3] via 10.10.13.1, 00:09:12, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, Loopback0
For vrf YELLOW
R1
R1#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
C 10.10.13.0 is directly connected, FastEthernet0/1.2
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.10.12.2, 00:13:59, FastEthernet0/0.2
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 10.10.13.2, 00:09:56, FastEthernet0/1.2
R2
R2#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
O 10.10.13.0 [110/2] via 10.10.12.1, 00:10:28, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, Loopback1
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/3] via 10.10.12.1, 00:10:28, FastEthernet0/0.2
R3
R3#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
O 10.10.12.0 [110/2] via 10.10.13.1, 00:11:01, FastEthernet0/0.2
C 10.10.13.0 is directly connected, FastEthernet0/0.2
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/3] via 10.10.13.1, 00:11:01, FastEthernet0/0.2
C 192.168.2.0/24 is directly connected, Loopback1
Ping testing.
R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#ping vrf GREEN 192.168.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
If I add new network prefixs at GREEN we can see more clear.
R3#ping vrf GREEN 192.168.1.1 so lo11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/27/32 ms
R3#ping vrf YELLOW 192.168.1.1 so lo11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
.....
Success rate is 0 percent (0/5)
R1
ip vrf GREEN
ip vrf YELLOW
R2
ip vrf GREEN
ip vrf YELLOW
R3
ip vrf GREEN
ip vrf YELLOW
Each routed interface (virtual or physical) belongs to exactly one VRF.
For vrf GREEN
R2
int lo0
ip vrf forwarding GREEN
ip add 192.168.1.1 255.255.255.0
int f0/0.1
encapsulation dot1q 10
ip vrf forwarding GREEN
ip add 10.10.12.2 255.255.255.252
R1
int f0/0.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.12.1 255.255.255.252
int f0/1.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.13.1 255.255.255.252
R3
interface Loopback0
ip vrf forwarding GREEN
ip address 192.168.2.1 255.255.255.0
interface FastEthernet0/0.1
encapsulation dot1Q 10
ip vrf forwarding GREEN
ip address 10.10.13.2 255.255.255.252
For VRF YELLOW
R1
int f0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.12.1 255.255.255.252
int f0/1.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.13.1 255.255.255.252
R2
interface Loopback1
ip vrf forwarding YELLOW
ip address 192.168.1.1 255.255.255.0
interface FastEthernet0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.12.2 255.255.255.252
R3
interface Loopback1
ip vrf forwarding YELLOW
ip address 192.168.2.1 255.255.255.0
interface FastEthernet0/0.2
encapsulation dot1Q 20
ip vrf forwarding YELLOW
ip address 10.10.13.2 255.255.255.252
Verify the routing table.At normal condition we use 'sh ip route' to look the global routing table.For vrf routing table use 'sh ip route vrf xxxx (vrf name)'.
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R2#sh ip route vrf GREEN
Routing Table: GREEN
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, Loopback0
R2#sh ip route vrf YELLOW
Routing Table: YELLOW
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, Loopback1
Now we connect R2 and R3 networks with OSPF.Router id is a important to define.If the same router id neighbor is not coming up for other vrf.
For vrf GREEN
R1
router ospf 1 vrf GREEN
router-id 1.1.1.1
net 10.10.12.0 0.0.0.3 area 0
net 10.10.13.0 0.0.0.3 area 0
R2
router ospf 1 vrf GREEN
router-id 2.2.2.1
log-adjacency-changes
network 10.10.12.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
R3
router ospf 1 vrf GREEN
router-id 3.3.3.1
log-adjacency-changes
network 10.10.13.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
For vrf YELLOW
R1
router ospf 1 vrf YELLOW
OSPF process 1 already exists and is attached to VRF GREEN
Processing number must different other vrf used.
router ospf 2 vrf YELLOW
router-id 1.1.1.2
net 10.10.12.0 0.0.0.3 area 0
net 10.10.13.0 0.0.0.3 area 0
R2
router ospf 2 vrf YELLOW
router-id 2.2.2.2
log-adjacency-changes
network 10.10.12.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
R3
router ospf 2 vrf YELLOW
router-id 3.3.3.2
log-adjacency-changes
network 10.10.13.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
Verify the ospf neighbors.
R1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.2 1 FULL/DR 00:00:35 10.10.13.2 FastEthernet0/1.2
2.2.2.2 1 FULL/DR 00:00:36 10.10.12.2 FastEthernet0/0.2
3.3.3.1 1 FULL/DR 00:00:33 10.10.13.2 FastEthernet0/1.1
2.2.2.1 1 FULL/DR 00:00:34 10.10.12.2 FastEthernet0/0.1
Verify the routing table.
For vrf GREEN
R1
R1#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
C 10.10.13.0 is directly connected, FastEthernet0/1.1
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.10.12.2, 00:14:55, FastEthernet0/0.1
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 10.10.13.2, 00:07:40, FastEthernet0/1.1
R2
R2#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.1
O 10.10.13.0 [110/2] via 10.10.12.1, 00:08:21, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/3] via 10.10.12.1, 00:08:21, FastEthernet0/0.1
R3
R3#sh ip route vrf GREEN
10.0.0.0/30 is subnetted, 2 subnets
O 10.10.12.0 [110/2] via 10.10.13.1, 00:09:12, FastEthernet0/0.1
C 10.10.13.0 is directly connected, FastEthernet0/0.1
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/3] via 10.10.13.1, 00:09:12, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, Loopback0
For vrf YELLOW
R1
R1#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
C 10.10.13.0 is directly connected, FastEthernet0/1.2
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/2] via 10.10.12.2, 00:13:59, FastEthernet0/0.2
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 10.10.13.2, 00:09:56, FastEthernet0/1.2
R2
R2#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, FastEthernet0/0.2
O 10.10.13.0 [110/2] via 10.10.12.1, 00:10:28, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, Loopback1
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/3] via 10.10.12.1, 00:10:28, FastEthernet0/0.2
R3
R3#sh ip route vrf YELLOW
10.0.0.0/30 is subnetted, 2 subnets
O 10.10.12.0 [110/2] via 10.10.13.1, 00:11:01, FastEthernet0/0.2
C 10.10.13.0 is directly connected, FastEthernet0/0.2
192.168.1.0/32 is subnetted, 1 subnets
O 192.168.1.1 [110/3] via 10.10.13.1, 00:11:01, FastEthernet0/0.2
C 192.168.2.0/24 is directly connected, Loopback1
Ping testing.
R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#ping vrf GREEN 192.168.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
If I add new network prefixs at GREEN we can see more clear.
R3#ping vrf GREEN 192.168.1.1 so lo11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/27/32 ms
R3#ping vrf YELLOW 192.168.1.1 so lo11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
.....
Success rate is 0 percent (0/5)
Comments
Post a Comment