For example in Juniper environment it is called “routing instance”. The VRF Lite feature is offered by other vendors as well.When you issue ping, telnet or other commands that make us of the routing tables, you must always specify the VRF routing instance name that you want to use:.If you run the command “ show ip route” without specifying a VRF name, it will show the “Global Routing Table” of the device (which will be empty in our example above).As you can see, the routing tables are totally separated and the traffic will be totally separated.Protocol Address Age (min) Hardware Addr Type Interface L 192.168.1.1/32 is directly connected, FastEthernet8 Networkstraining#sh ip route vrf Extranet L 10.10.10.1/32 is directly connected, GigabitEthernet0 Gateway of last resort is 10.10.10.254 to network 0.0.0.0ġ0.0.0.0/8 is variably subnetted, 2 subnets, 2 masksĬ 10.10.10.0/24 is directly connected, GigabitEthernet0 Networkstraining#sh ip route vrf Intranet Step 3 : Add default routes facing the internet for both VRF instances Interface FastEthernet1 <- on this interface connect Intranet hosts Interface FastEthernet0 <- on this interface connect the WiFi Access Point for guests Interface Vlan100 <- SVI interface for Extranet traffic Ip vrf forwarding Extranet <- interface is attached to the Extranet VRF Interface FastEthernet8 <- wan port facing the internet for guest traffic Interface Vlan10 <- SVI interface for Intranet trafficĭescription Intranet <- interface is attached to the Intranet VRF Ip vrf forwarding Intranet <- interface is attached to the Intranet VRF Interface GigabitEthernet0 <-– wan port facing the internet for Intranet traffic Step 2 : Configure VLANs and interfaces and include them in the VRF instances VRF Extranet: VLAN100 and Interface Fa8 will be included in “vrf Extranet”.VRF Intranet: VLAN10 and Interface Gi0 will be included in “vrf Intranet”.Consider each VRF Instance as a virtual router with two interfaces. The router used is CISCO891-K9 with image 4.bin installed.Įach VRF Instance will have two Layer3 routed interfaces associated with it as shown below. We will create “ VRF Intranet” and “ VRF Extranet” for the two networks. Therefore we can isolate the two Layer3 networks using VRF Lite. The company security team demanded that the Wi-Fi connection must be totally separated from the local intranet network, so that guests don’t have access to the local network. We have a Cisco 891 border router with an Intranet connection for employees’ computers and company servers and also we need to offer internet connectivity for a Wi-Fi connection to allow guests to connect to the internet.
#Mpls fundamentals luc de ghein example 10 4 explanation how to
To demonstrate how to use this feature lets see the following simplified scenario: Network Scenario using Cisco 891 and VRF LiteĬonsider the scenario depicted on the diagram above. Each routing table (VRF instance) is isolated from the other VRF instances. With VRF Lite, you can have separate routing tables on the same physical router device. Now, although VRFs and MPLS are usually configured on high-end ISP routers, you can still use this feature on some smaller Cisco ISR routers in a simplified manner called VRF Lite and have the same advantages. If you want to read about this technology, one good book to start with is MPLS Fundamentals wrote by Luc De Ghein. They are discussed in the chapters needed for your CCIE R&S certification. Also, from what I know, MPLS and VRFs are not examined at the CCNA or CCNP R&S level. If you don’t work in an ISP environment you will not encounter this technology very often. VRF (Virtual Routing and Forwarding) is traditionally associated with IP MPLS technology whereby an ISP creates Layer3 (or Layer2) VPNs for customers using VRF.Ĭonsider a VRF as a separate routing instance (and separate routing table) on the same network device holding the IP routes for each customer which are isolated from the other customers.Įach VRF is like a separate virtual router with its own routing table on the same physical router. VRFs employ essentially the same concept as VLANs and Trunking, but at Layer 3. In this tutorial, we will discuss traffic isolation at Layer3 level using VRF Lite on Cisco routers. In the previous post, we have discussed about isolating traffic using the private VLAN feature at Layer2 level.
0 kommentar(er)
