Network Design Help Please with VRF

Jeff Horton · ‎06-17-2025

I am facing an issue with integrating a new customer, Customer B, into our network. They have developed a virtual system that uses the same IP addresses as another one of our customers, Customer A. Customer B mentioned that it would take a significant amount of time to rebuild their systems with new IP addresses if they are required to make such changes.

I was considering creating Virtual Routing and Forwarding (VRF) instances for each tenant. However, some of these tenants utilize our Virtual Desktop Infrastructure (VDI) to access local systems. Now, Customer B wants to access their systems through our local VDI as well.

This situation creates a dilemma: Customer A is already operating smoothly, and now I must create a VRF for them. If I can resolve the issue for either Customer A or Customer B, I believe it would effectively solve the problem for both customers.

Below is a small diagram to help:

Any suggestions would be greatly appreciated. I have little experience with VRF but not to this extent.

Thanks.

Enes Simnica · ‎07-11-2025

hello @Jeff Horton. ur approach using vrfs is correct for solving the overlapping ip space issue...

If u have time, try and follow these steps: 1. VRF implementation strategy: U need to create separate vrfs for each customer. Also maintain the existing ip schemes for both customers, and ensure route distinguishers/route targets are unique per vrf..

2. VDI access solution: U can either Deploy separate VDI instances per vrf (which is very secure or the most secure option, but requires additional resources, and the other option which is to implement VRF aware VDI with some components...

and for situation like this, i usually use these steps to config:

vrf definition CUST-A
 rd ****
 route-target export *******
 route-target import *****

vrf definition CUST-B
 rd ******
 route-target export ***
 route-target import *****

and from real world experience i say that if u wanna handle the overlapping IPs between Customer A and B, implement VRFs in phases: First build the VRF infrastructure, then migrate Customer A (since stable), followed by Customer B. Alternatives include edge NAT (less ideal) or L2VPN for broadcast domains. VRFs maintain IP separation while allowing shared VDI access if ur platform supports multi-VRF. and for sure if u need specific configs, just let me know.

hope it helps man..

-Enes

more Cisco?!
more Gym?!

Joseph W. Doherty · ‎07-11-2025

Having overlapping addressing in different VRFs, is a non issue, unless you want to share resources across multiple VRFs (as you do). In that case, it appears either NAT is needed or you need overlapping resources to not overlap IPs. Fortunately, as @Enes Simnica has mentioned, it appears VDI can work with VRFs.

I don't know the details, but I suspect each customer VRF will physically share VDI but the VDI will logically be part of the different VRFs.

In other words, if VDI can participate in VRF, directly, you wouldn't need VRF route leaking.

I would hope it would work much like a server that supports VLAN trunking, having a virtual interface on each VLAN, but in this case, each VRF.

Understand, I have no direct experience doing something like this, just researching your question, it seems possible.

balaji.bandi · ‎07-12-2025

You can have tenant with same IP address, where the VRF helps here, but if the same IP need to communicate outside and wise versa, then you need to have NAT should be in Place to interact each other or outside.

As per information the VDI be located outside of the VRF right ? - then you need NAT

some reference old post :

https://community.cisco.com/t5/routing/nat-between-vrf/td-p/4001334

https://community.cisco.com/t5/routing/solution-for-network-connection-with-same-ip-address-nat-vrf-etc/td-p/4962580

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help