What are VRFs? (Virtual Routing & Forwarding)

This blog covers what VRFs are and how you would set them up in your network.

TRADITIONAL ROUTING & INTRO TO VRFs

Typically, your router will have a routing table compiling all the known networks with all the possible routes. This is a sole table for all interfaces and subnets. For an organsation that handles one evnironment this is perfectly fine but what if you were a service provider with multiple customers using your network for technologies such as MPLS? This is were VRFs come in.

A VRF is the layer 3 version of a VLAN found at layer 2. With VLANs, you split up your broadcast domains into separate layer 2 domains, assosiating interfaces with a specific VLAN for it take part on that subnet. VRFs work similarly to this. You create your VRFs like you would a VLAN, and then you associate your interfaces with a VRF. Like VLANs, these VRFs are segragated from one another and only see other interfaces that are part of the same VRF.

The router no longer has a sole routing table, there's one for each VRF. As you associate an interface with a VRF, it is taken out the main routing table and put in the VRF's routing table. The built in routing table of the router won't even see that the interface exists. This segmentation of the routing does allow for configurations you wouldn't typically see such as the ability to have duplicate IP addresses on other VRFs and it's perfectly fine. They are virtually separate so there's no conflicts.

VRF USE CASE

VRF is used with service providers running MPBGP in MPLS as it allows them to segement custmer traffic over a WAN environment. The lighter version, VRF-Lite has even more use as it doesn't require MPBGP so places like data centers or large networks can use VRF-Lite to segment traffic for DMZs, extranet and internal to group traffic into zones.

Below shows an example of an ISP with two cusotmers. There's two VRFs for each one, the customers can only see the links part of their VRF so the customers won't see one another but the ISP can still manage both.

HOW IS IT CONFIGURED? 

VRF is configured similar to VLANs where you create the VLAN, assosicate an interface with said VLAN. The image below shows a router with 2 interfaces being assosicated with different VRFs and the console showing the commands. (You can even use one physical interface for multiple VRFs by using subinterfaces then associating each one with a VRF)

At the bottom, you can see you can look at the IP routing table for a specific VRF as well as setup OSPF for a specific VRF.