Cisco IOS - How to Configure VRF-Lite

Written by Rick Donato on 12 February 2018. Posted in Tutorials

Contents[Hide]

What is VRF-Lite?

VRF is a feature that allows you to create separate instances of the routing table. In turn allowing you to segregate and isolate different network types. When VRFs are used without MPLS it is classed as VRF-lite. The configuration for VRF-lite doesn’t need the route-target and can be done by static or dynamic routing under its VRF instance. ^[1]

Topology

This tutorial will be based on the following topology (Figure 1):

2 x VRFs will be configured on router R1 - Green/Red.
2 x networks (100.1.1.0/200.1.1.0) will be configured on router R1, one placed into each of the VRFs.
eBGP peerings will then be established to each neighbor (Red/Green).
eBGP will advertise the corresponding VRF network to its peer:
- Green VRF - 100.1.1.0
- Red VRF - 200.1.1.0.

VRF-lite

Figure 1 - Topology.

R1 Configuration

VRF

First all we configure the 2 VRFs. Each VRF is assigned a Route Distinguisher.

ip vrf GREEN
 rd 65001:100
ip vrf RED
 rd 65001:200

Interfaces

Next, we configure our interfaces. Each loopback and the interface connecting R1 to its neighbor is placed into a separate VRF (Figure 1).

interface Loopback1
 ip vrf forwarding GREEN
 ip address 100.1.1.1 255.255.255.0
!
interface Loopback2
 ip vrf forwarding RED
 ip address 200.1.1.1 255.255.255.0

interface GigabitEthernet0/1
 description to GREEN
 ip vrf forwarding GREEN
 ip address 10.0.0.10 255.255.255.252
!
interface GigabitEthernet0/2
 description to RED
 ip vrf forwarding RED
 ip address 10.0.0.5 255.255.255.252

BGP

BGP is configured. We use the ipv4 address families to specify our VRFs and redistribute our connected interfaces into BGP.

NOTE We use the IPv4 address family rather then VPNv4. VPNv4 routes are nothing more than IPv4 routes with an additional 64 byte Route Distinguisher header assigned.

router bgp 65001
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 
 address-family ipv4 vrf GREEN
  redistribute connected
  neighbor 10.0.0.9 remote-as 65002
  neighbor 10.0.0.9 activate
 exit-address-family
 
 address-family ipv4 vrf RED
  redistribute connected
  neighbor 10.0.0.6 remote-as 65003
  neighbor 10.0.0.6 activate
 exit-address-family

Green Configuration

BGP

The configuration for Green is a simple eBGP peering. Like so,

router bgp 65002
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.0.0.10 remote-as 65001

Red Configuration

BGP

We then, again configure on Red another eBGP peering.

router bgp 65003
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.0.0.5 remote-as 65001

Verification

BGP Adjacencies

First, we will check that the BGP adjacencies have correctly formed on R1, Green, and Red. From the output, we can see BGP has successfully established adjacency with its neighbor, and that we have received prefixes.

R1#show ip bgp vpnv4 vrf RED summary 
!
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.6        4        65003      36      36        8    0    0 00:28:46        2

R1#show ip bgp vpnv4 vrf GREEN summary 
!
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.9        4        65002      51      51        8    0    0 00:42:07        2

GREEN#show ip bgp sum
!
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.10       4        65001      58      59        7    0    0 00:49:01        2

RED#show ip bgp sum
!
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.5        4        65001      46      46        5    0    0 00:38:11        2

Routes

Finally, we check the routing table on, both the Green and the Red router, in order to confirm we have learned the routes advertised from the corresponding VRF on R1.

GREEN#show ip route  
!
      2.0.0.0/32 is subnetted, 1 subnets
C        2.2.2.2 is directly connected, Loopback0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.8/30 is directly connected, GigabitEthernet0/1
L        10.0.0.9/32 is directly connected, GigabitEthernet0/1
      100.0.0.0/24 is subnetted, 1 subnets
B        100.1.1.0 [20/0] via 10.0.0.10, 00:49:06

RED#show ip route
!
      3.0.0.0/32 is subnetted, 1 subnets
C        3.3.3.3 is directly connected, Loopback0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.4/30 is directly connected, GigabitEthernet0/1
L        10.0.0.6/32 is directly connected, GigabitEthernet0/1
B     200.1.1.0/24 [20/0] via 10.0.0.5, 00:38:05

Success, as we can see the advertised routes from R1’s VRF on each router.

References

[1] "VRF vs VRF Lite | IP With Ease | IP With Ease." 28 Dec. 2016, https://ipwithease.com/vrf-vs-vrf-lite/ . Accessed 12 Feb. 2018.

JW_DISQUS_BLOG_COMMENTS_POWERED_BY DISQUS JW_DISQUS_BACK_TO_TOP

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001