The NX-OS supports Virtual Routing and Forwarding (VRF) instances that define unique L3 routing domains. Each VRF contains its own Address Space, Unicast, and Multicast routing tables that make decisions independent from each other. The NX-OS does not allow internal route-leaking between VRF instances today. All unicast and multicast routing protocols support VRFs. When you configure a routing protocol in a VRF, you set routing parameters for the VRF that are independent of routing parameters in another VRF for the same routing protocol instance. By default, Cisco NX-OS uses the VRF of the incoming interface to select which routing table to use for a route lookup. VRFs require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you.
Cisco NX-OS can virtualize each VDC to support virtual routing and forwarding instances (VRFs). You can configure multiple VRFs in a VDC. Each VRF contains a separate address space with unicast and multicast route tables for IPv4 and IPv6 and makes routing decisions independent of any other VRF. A VRF name is local to a VDC, so you can configure two VRFs with the same name if the VRFs exist in different VDCs.
Management VRF and Default VRF
Each router has a management VRF and a default VRF:
The management VRF is for management purposes only.
Only the mgmt 0 interface can be in the management VRF.
The mgmt 0 interface cannot be assigned to another VRF.
The mgmt 0 interface is shared among multiple VDCs.
No routing protocols can run in the management VRF (static only).
All Layer 3 interfaces exist in the default VRF until they are assigned to another VRF.
Routing protocols run in the default VRF context unless another VRF context is specified.
The default VRF uses the default routing context for all show commands.
The default VRF is similar to the global routing table concept in Cisco IOS.
Limitations for VRF
VRFs have the following configuration guidelines and limitations:
• When you make an interface a member of an existing VRF, Cisco NX-OS removes all Layer 3 configurations. You should configure all Layer 3 parameters after adding an interface to a VRF. • You should add the mgmt0 interface to the management VRF and configure the mgmt0 IP address and other parameters after you add it to the management VRF. • If you configure an interface for a VRF before the VRF exists, the interface is operationally down until you create the VRF. • Cisco NX-OS creates the default and management VRFs by default. You should make the mgmt0 interface a member of the management VRF. • The write erase boot command does not remove the management VRF configurations. You must use the write erase command and then the write erase boot command.
Create the VRF Context:
n7000(config)# vrf context Test-VRF
n7000(config-vrf)# ip ?
Assign Interfaces to the VRF:
n7000(config-router-vrf)# interface ethernet 1/13
n7000(config-if)# vrf member Test-VRF
n7000(config-if)# ip address 10.142.1.1 255.255.255.0
n7000(config-if)# interface loopback 10
n7000(config-if)# vrf member Test-VRF
n7000(config-if)# ip address 10.142.10.1 255.255.255.0
Create the VRF Routing Process:
n7000(config-vrf)# feature ospf
n7000(config)# router ospf 10
n7000(config-router)# vrf Test-VRF
n7000(config-router-vrf)# router-id 10.142.10.1
Verify VRF Context:
n7000# show vrf
VRF-Name VRF-ID State Reason
Test-VRF 3 Up --
default 1 Up --
management 2 Up --
Verify VRF Interfaces:
n7000# show vrf interface
Interface VRF-Name VRF-ID
mgmt0 management 2
loopback10 Test-VRF 3
Ethernet1/1 default 1
Ethernet1/2 default 1
Ethernet1/10 default 1
Ethernet1/11 default 1
Ethernet1/12 default 1
Ethernet1/13 Test-VRF 3
Verify VRF Routes:
n7000# show ip route vrf Test-VRF
IP Route Table for VRF "Test-VRF"
'*' denotes best ucast next-hop '**' denotes best mcast next-hop
We have run into an obscure problem on one of our Nexus 7000s, where IPv6 neighbour discovery has stopped working for link-local addresses on a specific VLAN.
NAME: "Chassis", DESCR: "Nexus7000 C7009 (9 Slot) Chassis "PID: N7K-C7009 , VID: V01 , SN: JAF16...
We have a security vulnerability that says we must move to postgresql 9.6. We are running DCNM 10.2; however 10.4 and 11.1 both list postgresql 9.4.5 as the compatibility version. Has anyone crossed this issue and solved it?
Hello, I want stack 2 switch catalyst 2960x-48FPD-LThe switch are not in the same room. The distance between the room is 50 meter. The bandwith required is 40Gb. I see in the white-paper-c11-739615 that we can do that with the c2960xf...
My customer has requested an upgrade from the legacy ACI-N9K-48X base license to ACI essentials.
I can't seem to find any guides or SKUs for this, does anybody know how to go about the upgrade?
The customer gave me ACI-U...
HiI have a small PoC to do where I need to connect a private DCI to a Cisco switch. Since this is a PoC, I really need something basic (and the least expensive possible) that supports VxLAN and EVPN with 10G ports. I would actually need only 2 ports ...