Allied Telesis C613-16164-00 REV E User Manual
Size:
2.42 Mb
Download

Technical Guide

How To |Configure VRF-lite

Introduction

In IP-basednetworks, VRF stands for Virtual Routing and Forwarding. This technology allows multiple routing domains toco-existwithin the same device at the same time. As the routing domains are independent, overlapping IP addresses can be used without causing conflict. In large service provider networks, virtual routing and forwarding is used in conjunction with MPLS - Multi Protocol Label Switching - to separate each customer’s traffic into its own wide area VPN. VRF is also known as VPN Routing and Forwarding (when used with MPLS), and is also known asMulti-VRF.

What is VRF-lite?

VRF-liteis VRF without the need to run MPLS in the network.VRF-liteis used for isolating customer networks - it allows multiple secure customer routing domains toco-existin one physical device simultaneously, which remain completely isolated from each other.

VRF-litealso allows there-useof IP addresses on the same physical device. An IP address range in one VLAN used in one VRF domain can simultaneously be used in another VLAN in a different VRF domain within the same device. WhileVRF-litewill segregate traffic from different customers/clients,VRF-litecan also allow for route leakage between VRF domains(inter-VRFcommunication), by using staticinter-VRFroutes and/or dynamic route leakage via BGP and associated route maps. This provides filtered access from one VRF routing domain to another where the IP address ranges do not overlap.

This How to Note begins with a description of VRF-lite’skey features and the generic commands used to configureVRF-lite.There are a number of simple configuration examples provided to illustrate its use with OSPF, RIP, and BGP routing protocols. This is followed with a configuration breakdown of a complexinter-VRFscenario, which includes overlapping IP addresses and a range of routing protocols. Dynamicinter-VRFcommunication between the global VRF domain and a VRF instance is also explained. Finally, a short list of diagnostics commands are provided to help troubleshootVRF-relatedissues.

C613-16164-00REV E

 

 

 

 

 

alliedtelesis.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

Who should read this document?

This document is aimed at advanced network engineers.

Which products and software version does it apply to?

The information provided in this document applies to:

SwitchBlade AT-x908andAT-x900series switches running 5.4.1 and above.

x610 switches running AlliedWare+ version 5.4.2 and above.

Note: VRF-liteis not supported in the x600 series switch.

Software feature licenses

The VRF-litefeature requires a special software license. Without a proper license installed, configuring VRFs is not possible. AVRF-litefeature license key is distributed in the Advanced Layer 3 License Bundle that allows up to 8VRF-liteinstances to be configured.

The number of configurable VRF-liteinstances can be increased via an additionalVRF-lite-63license.

The Advanced Layer 3 License Bundle containing the VRF-litefeature and the additional VRF-lite-63license are available through the AW+ licensing web portal (http:// licensing.alliedtelesis.com/).

A VRF-lite-63license requires an Advanced Layer 3 License Bundle to work.

Note: Enabling multiple VRFs means there will be more routing entries on the device systemwide. This may affect the number of routes used by BGP or OSPF specified by the licence key on the device.

Command summary

All the existing CLI commands available in the current non-VRFenvironment are available with no change.

Page 2 | ConfigureVRF-lite

Introduction

Contents

Introduction .............................................................................................................................................................................

1

What is VRF-lite? .........................................................................................................................................................

1

Who should read this document?.....................................................................................................................

2

Which products and software version does it apply to?......................................................................

2

Software feature licenses ........................................................................................................................................

2

Command summary .................................................................................................................................................

2

Glossary .....................................................................................................................................................................................

3

Understanding VRF-lite.....................................................................................................................................................

4

VRF-lite security domains .......................................................................................................................................

5

Route table and interface management with VRF-lite...........................................................................

5

Inter-VRF communication.......................................................................................................................................

7

Static and dynamic inter-VRF routing...............................................................................................................

8

VRF-lite features in AW+.......................................................................................................................................

9

Route limiting per VRF instance.......................................................................................................................

10

VRF-aware utilities within AW+......................................................................................................................

10

Configuring VRF-lite.........................................................................................................................................................

12

Static inter-VRF routing.........................................................................................................................................

16

Dynamic inter-VRF communication explained..................................................................................................

17

The Forwarding Information Base (FIB) and routing protocols.....................................................

17

Inter-VRF communication via BGP.................................................................................................................

19

How VRF-lite security is maintained .............................................................................................................

23

Simple VRF-lite configuration examples...............................................................................................................

24

Multiple VRFs without inter-VRF communication..................................................................................

24

Dynamic inter-VRF communication with RIP routing to external peers..................................

27

Dynamic inter-VRF communication with BGP routing to external peers ...............................

28

Dynamic inter-VRF communication with OSPF routing to external peers ............................

29

Inter-VRF configuration examples with Internet access ..............................................................................

32

Configuring a complex inter-VRF solution ..........................................................................................................

43

Network description..............................................................................................................................................

43

Configuration breakdown ...................................................................................................................................

45

VCStack and VRF-lite ......................................................................................................................................................

70

Sharing VRF routing and double tagging on the same port ............................................................

74

Dynamic inter-VRF routing between the global VRF domain and a VRF instance ......................

77

BGP configuration tips...........................................................................................................................................

78

Dynamic inter-VRF communication with i-BGP routing to external peer...............................

80

Dynamic inter-VRF communication with e-BGP routing to external peer.............................

81

Route Limits..........................................................................................................................................................................

83

Configuring static route limits ...........................................................................................................................

83

Configuring Dynamic route limits ...................................................................................................................

84

VRF-lite usage guidelines ...............................................................................................................................................

86

Useful VRF-related diagnostics command list ...................................................................................................

87

Configure VRF-lite| Page3