Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12044
Views
25
Helpful
8
Replies

VRF basics

network770
Level 1
Level 1

‎09-27-2011 09:45 AM - edited ‎03-07-2019 02:28 AM

HI,

I was recommended to start using vrf's to separate networks defined on my switches but I am not sure what is the added value of using vrf's.

how is it different than having different vlans and controlling access with acl's? do all switches support vrf's?

we have many sites connected over a wan, is that a viable solution or vlans is ok as well?

if you know of some explanation and sample config i would love that.

thank you

1 person had this problem
Labels:
0 Helpful
8 Replies 8

JohnTylerPearce
Level 7
Level 7

‎09-27-2011 09:49 AM

I'm not sure what they would be telling you to use VRFs to separate networks defined on your switches. You can

just use multiple VLANs for that. VRFs have to deal with MPLS VPNs. VRF stands for Virtual Routing and Forwarding.

Basically it's a separate routing instance with an MPLS VPN network. By default it only holds routing information destined

for that specific instance. What kind of WAN connection do you have between your sites, what is the speed, and how many

sites do you have?

Peter Paluch
Cisco Employee
Cisco Employee
In response to JohnTylerPearce

‎09-27-2011 09:54 AM

John,

VRFs are not necessarily bound to MPLS networks only; there may be many creative uses for VRFs even without MPLS, that is the point of VRF-lite. However, I do agree with you that VRFs are most often seen in MPLS VPN scenarios.

Best regards,

Peter

Peter Paluch
Cisco Employee
Cisco Employee

‎09-27-2011 09:53 AM

Ronni,

In a sense, VRFs are to routing table like VLANs are to LANs. Using VRFs, you are virtualizing your routing table into multiple routing tables, similarly to VLANs used to virtualize LANs. One could say that VLANs are performing L2 virtualization, VRFs are performing L3 virtualization. VLANs make a single switch look like several switches; VRFs make a single router look like several routers.

Using VRFs strongly depends on what your requirements are. Also, whether a switch supports VRFs is strongly dependent on its platform - for this reason, I would recommend using the Feature Navigator at http://cisco.com/go/fn to verify if a particular platform and IOS version supports VRFs.

I hope other friends here will share their views on the topic.

Best regards,

Peter

JohnTylerPearce
Level 7
Level 7
In response to Peter Paluch

‎09-27-2011 09:58 AM

I understand that VRFs are not just for MPLS, but you usually always see them in MPLS VPN enviornments.

I wish I could get my hands dirty on some MPLS VPN setups, but so far, where I have worked it's always the

SP that takes care of that. One of these days, maybe I can work for a large company, with which they have

their own private MPLS VPN setup.

Peter Paluch
Cisco Employee
Cisco Employee
In response to JohnTylerPearce

‎09-27-2011 11:37 AM

John,

Please do not take my previous comments as criticizing you - I apologize if I have been offensive in any way.

I wish I could get my hands dirty on some MPLS VPN setups

I sincerely hope you will be able to do that - I wish you that wholeheartedly!

Best regards,

Peter

0 Helpful

network770
Level 1
Level 1
In response to Peter Paluch

‎09-27-2011 06:16 PM

but isn't a vlan also layer3 if you define a layer3 interface?

i guess i'll stick to vlans and forgot about vrf

0 Helpful

Ruhann Du Plessis
Level 1
Level 1
In response to network770

‎09-28-2011 12:42 AM

Lo,

A VRF provides Layer3 speration. This is done by a creating seperate table per VRF to the global tables.

A VLAN provides layer2 seperation. A SVI is a layer3 interface for a VLAN on a given switch.

When one switch has two SVI's on the same switch the prefixes of the SVI's would be present in the same routing table. Depending how Gateway/routing was setup, routing (layer3) between the SVI is possible. To illustrate this, trying to configure two SVI with the same IP prefix will produce an error.

Where a VRF in the switching world might add benfit in certain designs, is by seperating the layer3 table on the same switch. Considering the above example where one switch has two SVIs configured, and each SVI is configured within its  own VRF, The prefixes from the SVI would be contained in SEPERATE routing tables. Routing between the two VRFs (although still possible) is not native enabled. Now since there is Layer3 seperation the same IP prefix could be configured on both SVI's.

Lastly another difference between a VRF and a VLAN.

A VRF is local to a router/switch, where the membership of a VRF is determine by the input interface.

A VLAN is comunicated between device by encapsulating frame leaving the device. A VLAN membership is determined by the information in the encapsulation of the arriving frame.

Lastly to address the MPLS side. The VRF functionality operate indepently of MPLS. MPLS protocols leverage of a VRF for the mentioned seperation. VRFs are however mostly used in MPLS network, but not required by MPLS.

HTH

mcgavel9000
Level 1
Level 1
In response to network770

‎03-05-2014 01:41 AM

Keith Barker CCIE has a cool video about it.

I watched it, which led me here but now it makes sense after reading all these helpful comments together with the video.

They seem extremely easy to configure and good luck:

http://www.youtube.com/watch?v=01t_E3IzaK4

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card