VRF Configuration Guide

introduction introduction vrf (virtual routing forwarding) is also known as a vpn instance vrf is a logical division of physical devices using vrf, we can create multiple virtual devices on a single physical device, each of which is like a separate device with a separate route table, separate route process and separate interfaces, etc this technology allows for complete isolation of data or services in mpls vpns, vrf enable operators to provide vpn services to multiple customers on the same pe (provider engine) device, adding customers to different vrfs, making the route data between these customers completely isolated and not conflicting even if they use the same ip address space basic concepts basic concepts a physical machine can maintain multiple vrfs, each of which can be seen as a virtual router that contains the following elements a separate route table, a collection of interfaces belonging to this vrf, and a set of route rules that belong only to this vrf configuring service port vrfs can assign different users to different vrfs, solving the problems of overlapping addresses and local route conflicts vrf configuration vrf configuration table 1 overview of vrf configuration tasks table 1 overview of vrf configuration tasks true 92,194 96352148799966,104 2464286360328,214 79004987596755 left #4283c7 2 1 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left 1 4 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type configure vrf for service port configure vrf for service port naming rules only upper and lower case letters, numbers, , , , e g vrf100 table 2 configure vrf of the service port table 2 configure vrf of the service port true 264,183,159 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type note when deleting vrf, if there are still interfaces bound to this vrf, this vrf will not be deleted; if this vrf is configured with vni, this vrf will not be deleted bind the interface to vrf bind the interface to vrf table 3 bind the interface to vrf table 3 bind the interface to vrf true 167,188 5,250 5 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type configure specified vrf route configure specified vrf route users are isolated between different vrfs, and to communicate across vrfs, you need to configure the appropriate vrf routes, specifying the vrf where the route is located and the vrf where the next hop is located table 4 configure specified vrf route table 4 configure specified vrf route true 169,170 5,266 5 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type op vrf means that the vrf where the next hop is located is the same as the vrf where the route is located set vrf mac set vrf mac table 5 set vrf mac table 5 set vrf mac true 260,214,132 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left unhandled content type display and maintenance display and maintenance vrf configuration display vrf configuration display table 6 vrf configuration display table 6 vrf configuration display true 279,189 47790579913746,137 52209420086254 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type typical configuration example typical configuration example configure service port vrf configure service port vrf networking requirements a large number of hosts in an enterprise's network center are causing ip address conflicts vm1 and vm2 belong to department 1, vm3 and vm4 belong to department 2 please configure vrf to solve the problem, requiring that hosts in the same department can access each other and cannot access hosts in other departments to achieve logical division and security isolation topology procedure \#create vrf100, 200 sonic# configure terminal sonic(config)# vrf 100 sonic(config)# vrf 100 \#bind the corresponding port sonic# configure terminal sonic(config)# interface ethernet 0/0 sonic(config if 0/0)# vrf 100 sonic(config)# interface ethernet 0/1 sonic(config if 0/1)# vrf 100 sonic(config)# interface ethernet 0/2 sonic(config if 0/2)# vrf 200 sonic(config)# interface ethernet 0/3 sonic(config if 0/3)# vrf 200 \#configure port ip sonic# configure terminal sonic(config)# interface ethernet 0/0 sonic(config if 0/0)# ip address 10 0 0 1/24 sonic(config)# interface ethernet 0/1 sonic(config if 0/1)# ip address 11 0 0 1/24 sonic(config)# interface ethernet 0/2 sonic(config if 0/2)# ip address 12 0 0 1/24 sonic(config)# interface ethernet 0/3 sonic(config if 0/3)# ip address 13 0 0 1/24 verify configuration sonic# show vrf interface vm1 ping vm2 can be pinged, vm1 ping vm4 cannot be pinged