Step by Step Into MPLS – VRF LITE

 

Although VRF (virtual routing and forwarding) is not actually part of the MPLS you can think of the VRF as a helper for the MPLS in achieving the MPLS VPN infrastructure, now as I would like to make that a very simple to understand guide , I will address here only the VRF part without any MPLS, also known as VRF Lite.

Simple Topology :

R1 Configuration	R2 Configuration
! ip cef no ip domain lookup ! ! ip vrf VRF_GOLD ! ip vrf VRF_SILVER ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 100 ip vrf forwarding VRF_SILVER ip address 10.0.0.1 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1Q 200 ip vrf forwarding VRF_GOLD ip address 20.0.0.1 255.255.255.0 !	! ip cef no ip domain lookup ! ip vrf VRF_GOLD ! ip vrf VRF_SILVER ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 100 ip vrf forwarding VRF_SILVER ip address 10.0.0.2 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1Q 200 ip vrf forwarding VRF_GOLD ip address 20.0.0.2 255.255.255.0 ! !

 

As you can see from above I have done something very simple, 2 VRF’s GOLD and SILVER, I have configured sub interface for FastEthernet 0/0 and each is assigned to its own VRF with the ip vrf forwarding <VRF_NAME> command.

see what happen if I try to see my routing table:

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

What happen here?! where are my connected interfaces ?!

Well this is the VRF, as you can see from above configuration I have configured only interface assigned to VRF, and the VRF job is to take my router and give each VRF a totally separate virtual ip routing table. you can see the same result is with R2 main routing table.

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

So , where is the routing table I have created?!

R1

R1#sh ip route vrf VRF_GOLD
Routing Table: VRF_GOLD
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/0.2
R1#sh ip route vrf VRF_SILVER
Routing Table: VRF_SILVER
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0.1

 

R2

R2#sh ip vrf
  Name                             Default RD          Interfaces
  VRF_GOLD                         <not set>           Fa0/0.2
  VRF_SILVER                       <not set>           Fa0/0.1
R2#sh ip route vrf VRF_GOLD
Routing Table: VRF_GOLD
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/0.2

 

Now lets check simple connectivity:

R2#ping 20.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds:
.....
 

Now what is going on?!  I am pinging my own interface!!!

Relax again, when working with VRF everything need to be referred with the VRF, ping traceroute…

R2#ping vrf VRF_GOLD 20.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds:
!!!!!
R2#ping vrf VRF_GOLD 20.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
.!!!!
R2#ping vrf VRF_SILVER 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.!!!!

 

Now I would like to take it one step further and show you that the VRF is locally significant, meaning the router it self have virtual separation there is no tagging or added header’s or anything like MPLS.

R2(config)#ip vrf VRF_A
R2(config-vrf)#ip vrf VRF_B
R2(config-vrf)#int f0/0.1
R2(config-subif)#ip vrf f
R2(config-subif)#ip vrf forwarding VRF_A
% Interface FastEthernet0/0.1 IP address 10.0.0.2 removed due to enabling VRF VRF_A
R2(config-subif)#ip add 10.0.0.2 255.255.255.0
R2(config-subif)#int f0/0.2
R2(config-subif)#ip vrf forwarding VRF_B
% Interface FastEthernet0/0.2 IP address 20.0.0.2 removed due to enabling VRF VRF_B
R2(config-subif)#ip add 20.0.0.2 255.255.255.0
R2(config-subif)#^Z
R2#sh
*Mar  1 00:08:58.651: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  up                    up  
FastEthernet0/0.1          10.0.0.2        YES manual up                    up  
FastEthernet0/0.2          20.0.0.2        YES manual up                    up  
R2#sh ip vrf
  Name                             Default RD          Interfaces
  VRF_A                            <not set>           Fa0/0.1
  VRF_B                            <not set>           Fa0/0.2
  VRF_GOLD                         <not set>
  VRF_SILVER                       <not set>

as you can see from above I have configured 2 new VRF’s and reassign them to the interfaces, replacing old VRF_GOLD and VRF_SILVER, notice I had to reconfigure the ip address, as when assigning VRF to an interface the ip address is removed (I have just assigned the same to each interface)

Now lets test

R2#ping vrf VRF_A 10.0.0.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 200/200/200 ms

 

Success !!!

Now If you have any doubts

R1#debug ip packet detail
IP packet debugging is on (detailed)
R1#
*Mar  1 00:09:20.979: IP: tableid=1, s=10.0.0.2 (FastEthernet0/0.1), d=10.0.0.1 (FastEthernet0/0.1), routed via RIB
*Mar  1 00:09:20.979: IP: s=10.0.0.2 (FastEthernet0/0.1), d=10.0.0.1 (FastEthernet0/0.1), len 100, rcvd 3
*Mar  1 00:09:20.983:     ICMP type=8, code=0
*Mar  1 00:09:20.983: IP: tableid=1, s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0.1), routed via FIB
*Mar  1 00:09:20.983: IP: s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0.1), len 100, sending
*Mar  1 00:09:20.983:     ICMP type=0, code=0
R1#un all

 

Now I could have made it more confusing and switch the names, but why go there take below .net file for GNS and play your self:

autostart = False
[127.0.0.1:7200]
    workingdir = D:\DYN\Work
    udp = 10000
    [[3640]]
        image = D:\DYN\C3640-JK.BIN
        idlepc = 0x6060d328
        ghostios = True
        chassis = 3640
    [[ROUTER R1]]
        model = 3640
        console = 2000
        cnfg = R1.cfg
        slot0 = NM-1FE-TX
        f0/0 = R2 f0/0
        x = -221.0
        y = -91.0
    [[ROUTER R2]]
        model = 3640
        console = 2001
        cnfg = R2.cfg
        slot0 = NM-1FE-TX
        f0/0 = R1 f0/0
        x = 144.0
        y = -83.0
[GNS3-DATA]
    configs = .
    [[NOTE 1]]
        text = f0/0
        x = -6.99933176856
        y = 21.7687899898
        interface = R2 f0/0
    [[NOTE 2]]
        text = f0/0
        x = 72.9993317686
        y = 22.2312100102
        interface = R1 f0/0

 

This is the very basic VRF , If you understand that it is the first step to understanding MPLS VPN’s