Cisco VRF Basics

Cisco VRF Virtual Routing and
Forwarding
How does a service provider manage to allow overlapping IP addresses for its different
customers, specifically private IP addresses, without affecting network functionality? The
answer is creating multiple routing instances or Cisco VRF, Virtual Routing and Forwarding,
instances.
To put it simply, VRF is like configuring multiple routers or multiple routing tables on the
same router. Let’s look at the image below:
Imagine that the service provider is one giant router with its own global routing table, which
could be public IPs routable to the Internet. Inside this giant router, we configure a virtual
router for Customer A, who happens to be advertising network 192.168.1.0/24 from one of
their sites through either static or dynamic routing. Then, another customer, Customer B, also
advertises the same network 192.168.1.0/24 from one of their sites.
Customers can freely use private IP addresses as stated in RFC 1918:
An enterprise that decides to use IP addresses out of the address space defined in this
document can do so without any coordination with IANA or an Internet registry.
Cisco VRF Configuration Steps
Now, let’s proceed with the process and VRF configuration mode.
1. Let’s create a VRF instance for our Customer A using the ‘vrf definition <vrf-name>’
command. Remember that the VRF name is case-sensitive.
ISP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ISP(config)#vrf definition Cust-A
2. Use the ‘address-family <ipv4 | ipv6>’ command to initialize the address family. We can
configure both IPv4 and IPv6 addresses. For our example, we’ll stick to IPv4.
ISP(config-vrf)#address-family ipv4
ISP(config-vrf-af)#
3. Associate interfaces with VRF instance by using command ‘interface <interface-id>’ and
‘vrf forwarding <vrf-name>’.
ISP(config)#interface gigabitEthernet 0/1
ISP(config-if)#vrf forwarding Cust-A
4. Configure the IPv4 address on the interface.
ISP(config-if)#ip address 192.168.1.1 255.255.255.0
Let’s repeat the same process for Customer B:
ISP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ISP(config)#vrf definition Cust-B
ISP(config-vrf)#address-family ipv4
ISP(config-vrf-af)#exit
ISP(config-vrf)#exit
ISP(config)#interface gigabitEthernet 0/2
ISP(config-if)#vrf forwarding Cust-B
ISP(config-if)#ip address 192.168.1.1 255.255.255.0
ISP(config-if)#end
Notice that the ISP router did not alert us of any overlapping IP addresses. Normally, it
will say something like this:
ISP(config-if)#ip address 192.168.1.1 255.255.255.0
% 192.168.1.0 overlaps with GigabitEthernet0/1
For our ISP global config, we’ve configured 172.10.10.0/24.
Now let’s look at the three routing tables. We should see three different routing tables in a
single router.
For ISP’s global routing table:
ISP#sh ip route
172.10.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.10.10.0/24 is directly connected, GigabitEthernet0/0
L 172.10.10.1/32 is directly connected, GigabitEthernet0/0
For Customer A’s routing table:
ISP#sh ip route vrf Cust-A
Routing Table: Cust-A
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
For Customer B’s routing table:
ISP#sh ip route vrf Cust-B
Routing Table: Cust-B
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/2
L 192.168.1.1/32 is directly connected, GigabitEthernet0/2
Our previous example is usually found on ISP routers, but we can also use this on enterprise
routers called VRF Lite. For example, if we want to separate our network paths for Intranet
and Extranet, then we can create multiple routing tables. The VRF Lite configuration looks
almost the same as our example above, but with some minor differences. However, the
concept is still the same.