Scribd Logo
Upload

Welcome to Scribd!

    • 170 views

    Cciev5 VRF Lite Lab

    Uploaded by

    Vijay Saini
    VRF lite allows a router to maintain multiple routing tables virtually separated to represent different customers or networks. It uses virtual routing and forwarding (VRF) tables tagged with route distinguishers to keep the tables independent. The document describes a lab setup where four VRFs (BLUE, GREEN, YELLOW, RED) are configured on routers R1 and R2 to separate the routing tables. BGP is used to exchange routes between the VRFs and routers R3, R4, and R5 are used for management and to connect additional networks to specific VRFs.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Cciev5 VRF Lite Lab

    Uploaded by

    Vijay Saini
    170 views15 pages
    VRF lite allows a router to maintain multiple routing tables virtually separated to represent different customers or networks. It uses virtual routing and forwarding (VRF) tables tagged with route distinguishers to keep the tables independent. The document describes a lab setup where four VRFs (BLUE, GREEN, YELLOW, RED) are configured on routers R1 and R2 to separate the routing tables. BGP is used to exchange routes between the VRFs and routers R3, R4, and R5 are used for management and to connect additional networks to specific VRFs.

    Original Title

    Cciev5 Vrf Lite Lab

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    VRF lite allows a router to maintain multiple routing tables virtually separated to represent different customers or networks. It uses virtual routing and forwarding (VRF) tables tagged with route distinguishers to keep the tables independent. The document describes a lab setup where four VRFs (BLUE, GREEN, YELLOW, RED) are configured on routers R1 and R2 to separate the routing tables. BGP is used to exchange routes between the VRFs and routers R3, R4, and R5 are used for management and to connect additional networks to specific VRFs.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    170 views15 pages

    Cciev5 VRF Lite Lab

    Uploaded by

    Vijay Saini
    VRF lite allows a router to maintain multiple routing tables virtually separated to represent different customers or networks. It uses virtual routing and forwarding (VRF) tables tagged with route distinguishers to keep the tables independent. The document describes a lab setup where four VRFs (BLUE, GREEN, YELLOW, RED) are configured on routers R1 and R2 to separate the routing tables. BGP is used to exchange routes between the VRFs and routers R3, R4, and R5 are used for management and to connect additional networks to specific VRFs.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 15

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    VRF Lite
    VRF =Virtual Routing and Forwarding which allows router to have multiple
    routing tables of the customer routers CEs within one physical router PE.
    Each of virtual routing table is independent of each other as if they are in the
    separated network. Therefore, the VRF technology allows router to route packet
    from different customers with the same IP address range with the use of Route
    Distinguisher.
    VRF lite is a simpler version of VRF that can be used to separate the network in
    the enterprise network for security purposes such as a guest network. It only
    supports 802.1Q trunk encapsulation.
    VRF configuration isn't at all dependent on MPLS (the two components just work
    well together). In Cisco terminology, deployment of VRFs without MPLS is known
    as VRF lite

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Lab

    We want to keep 4 routing table (BLUE, GREEN , YELLOW , RED ) virtually separated in the same
    physical router.
    R1 will connect to R2 using f0/0 and using ip address 10.1.1.1, and we will use Dot1q
    encapsulation protocol to tag each vrf with its own RD . we will do the same in R2 side.
    R1 will advertise its own loopback interfaces on each proper vrf

    R2 connected to R3 , R3 will be our management point and we will use different ip address for
    each vrf

    R1 exists in BGP AS 100


    R2 exists in BGP AS 200
    R3 exists in BGP AS 300

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    R1
    ip vrf BLUE
    rd 1:1
    ip vrf GREEN
    rd 2:2
    ip vrf YELLOW
    rd 3:3
    ip vrf RED
    rd 4:4
    int loop 1
    ip vrf for BLUE
    ip add 1.1.1.1 255.255.255.255
    int loop 2
    ip vrf for GREEN
    ip add 2.2.2.2 255.255.255.255
    int loop 3
    ip vrf for YELLOW
    ip add 3.3.3.3 255.255.255.255
    int loop 4
    ip vrf for RED
    ip add 4.4.4.4 255.255.255.255
    int f0/0
    no ip add
    no sh
    int f0/0.1
    encapsulation dot1Q 1
    ip vrf forwarding BLUE
    ip address 10.1.1.1 255.255.255.0
    int f0/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 10.1.1.1 255.255.255.0
    int f0/0.3
    encapsulation dot1Q 3
    ip vrf forwarding YELLOW
    ip address 10.1.1.1 255.255.255.0
    int f0/0.4
    encapsulation dot1Q 4
    ip vrf forwarding RED
    ip address 10.1.1.1 255.255.255.0
    3

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    router bgp 100


    bgp router-id 1.1.1.1
    address-family ipv4 vrf BLUE
    neighbor 10.1.1.2 remote-as 200
    neighbor 10.1.1.2 activate
    net 1.1.1.1 mask 255.255.255.255
    address-family ipv4 vrf GREEN
    neighbor 10.1.1.2 remote-as 200
    neighbor 10.1.1.2 activate
    net 2.2.2.2 mask 255.255.255.255
    address-family ipv4 vrf YELLOW
    neighbor 10.1.1.2 remote-as 200
    neighbor 10.1.1.2 activate
    net 3.3.3.3 mask 255.255.255.255
    address-family ipv4 vrf RED
    neighbor 10.1.1.2 remote-as 200
    neighbor 10.1.1.2 activate
    net 4.4.4.4 mask 255.255.255.255
    R2
    ip vrf BLUE
    rd 1:1
    ip vrf GREEN
    rd 2:2
    ip vrf YELLOW
    rd 3:3
    ip vrf RED
    rd 4:4
    int f0/0
    no ip add
    no sh
    int f0/0.1
    encapsulation dot1Q 1
    ip vrf forwarding BLUE
    ip address 10.1.1.2 255.255.255.0
    int f0/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 10.1.1.2 255.255.255.0

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    int f0/0.3
    encapsulation dot1Q 3
    ip vrf forwarding YELLOW
    ip address 10.1.1.2 255.255.255.0
    int f0/0.4
    encapsulation dot1Q 4
    ip vrf forwarding RED
    ip address 10.1.1.2 255.255.255.0
    router bgp 200
    bgp router-id 2.2.2.2
    address-family ipv4 vrf BLUE
    neighbor 10.1.1.1 remote-as 100
    neighbor 10.1.1.1 activate
    address-family ipv4 vrf GREEN
    neighbor 10.1.1.1 remote-as 100
    neighbor 10.1.1.1 activate
    address-family ipv4 vrf YELLOW
    neighbor 10.1.1.1 remote-as 100
    neighbor 10.1.1.1 activate
    address-family ipv4 vrf RED
    neighbor 10.1.1.1 remote-as 100
    neighbor 10.1.1.1 activate
    R2#sh ip vrf br
    Name
    BLUE
    GREEN
    RED
    YELLOW

    Default RD
    Interfaces
    1:1
    Fa0/0.1
    2:2
    Fa0/0.2
    4:4
    Fa0/0.4
    3:3
    Fa0/0.3

    R2#sh ip route vrf BLUE


    Routing Table: BLUE
    1.0.0.0/32 is subnetted, 1 subnets
    1.1.1.1 [20/0] via 10.1.1.1, 00:00:23
    10.0.0.0/24 is subnetted, 1 subnets
    C
    10.1.1.0 is directly connected, FastEthernet0/0.1
    B

    R2#sh ip bgp vpnv4 vrf BLUE


    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 1:1 (default for vrf BLUE)
    *> 1.1.1.1/32
    10.1.1.1
    0
    0 100 i
    5

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    R2
    int f0/1
    no ip add
    no sh
    int f0/1.1
    encapsulation dot1Q 1
    ip vrf forwarding BLUE
    ip address 10.2.2.2 255.255.255.0
    int f0/1.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 10.22.22.2 255.255.255.0
    int f0/1.3
    encapsulation dot1Q 3
    ip vrf forwarding YELLOW
    ip address 10.12.12.2 255.255.255.0
    int f0/1.4
    encapsulation dot1Q 4
    ip vrf forwarding RED
    ip address 10.122.122.2 255.255.255.0
    router bgp 200
    bgp router-id 2.2.2.2
    address-family ipv4 vrf BLUE
    neighbor 10.2.2.1 remote-as 300
    neighbor 10.2.2.1 activate
    address-family ipv4 vrf GREEN
    neighbor 10.22.22.1 remote-as 300
    neighbor 10.22.22.1 activate
    address-family ipv4 vrf YELLOW
    neighbor 10.12.12.1 remote-as 300
    neighbor 10.12.12.1 activate
    address-family ipv4 vrf RED
    neighbor 10.122.122.1 remote-as 300
    neighbor 10.122.122.1 activate

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Notice in R3 no need for rd commands or ip vrf forwarding commands under sub interfaces or even
    bgp address family for each vrf .
    R3
    int f0/1
    no ip add
    no sh
    int f0/1.1
    encapsulation dot1Q 1
    ip address 10.2.2.1 255.255.255.0
    int f0/1.2
    encapsulation dot1Q 2
    ip address 10.22.22.1 255.255.255.0
    int f0/1.3
    encapsulation dot1Q 3
    ip address 10.12.12.1 255.255.255.0
    int f0/1.4
    encapsulation dot1Q 4
    ip address 10.122.122.1 255.255.255.0
    router bgp 300
    bgp router-id 3.3.3.3
    neighbor 10.2.2.2 remote-as 200
    neighbor 10.22.22.2 remote-as 200
    neighbor 10.12.12.2 remote-as 200
    neighbor 10.122.122.2 remote-as 200
    R3#sh ip bgp
    Network
    *> 1.1.1.1/32
    *> 2.2.2.2/32
    *> 3.3.3.3/32
    *> 4.4.4.4/32

    Next Hop
    Metric LocPrf Weight Path
    10.2.2.2
    0 200 100 i
    10.22.22.2
    0 200 100 i
    10.12.12.2
    0 200 100 i
    10.122.122.2
    0 200 100 i

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Same lab above but we will add R4,R5

    R4 (BGP AS 400 ) f1/0 will be connected to R2 f1/0 through vrf BLUE & GREEN using 40.40.40.0/24
    R5 (BGP AS 500) f1/0 will be connected to R2 f2/0 through vrf RED & GREEN using 50.50.50.0/24
    R2
    interface FastEthernet1/0
    no ip address
    !
    interface FastEthernet1/0.1
    encapsulation dot1Q 1
    ip vrf forwarding BLUE
    ip address 40.40.40.2 255.255.255.0
    !
    interface FastEthernet1/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 40.40.40.2 255.255.255.0
    interface FastEtherne2/0
    no ip address
    interface FastEthernet2/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 50.50.50.2 255.255.255.0
    !
    interface FastEthernet2/0.4
    encapsulation dot1Q 4
    ip vrf forwarding RED
    ip address 50.50.50.2 255.255.255.0

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    router bgp 200


    !
    address-family ipv4 vrf RED
    neighbor 50.50.50.5 remote-as 500
    neighbor 50.50.50.5 activate
    address-family ipv4 vrf GREEN
    neighbor 50.50.50.5 remote-as 500
    neighbor 50.50.50.5 activate
    neighbor 40.40.40.4 remote-as 400
    neighbor 40.40.40.4 activate
    no synchronization
    exit-address-family
    !
    address-family ipv4 vrf BLUE
    neighbor 40.40.40.4 remote-as 400
    neighbor 40.40.40.4 activate
    R4
    ip vrf BLUE
    rd 1:1
    !
    ip vrf GREEN
    rd 2:2
    interface FastEthernet1/0
    no ip address
    !
    interface FastEthernet1/0.1
    encapsulation dot1Q 1
    ip vrf forwarding BLUE
    ip address 40.40.40.4 255.255.255.0
    !
    interface FastEthernet1/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 40.40.40.4 255.255.255.0
    router bgp 400
    bgp router-id 4.4.4.4
    address-family ipv4 vrf GREEN
    neighbor 40.40.40.2 remote-as 200
    neighbor 40.40.40.2 activate
    !
    address-family ipv4 vrf BLUE
    neighbor 40.40.40.2 remote-as 200
    neighbor 40.40.40.2 activate
    9

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    R4#sh ip bgp vpnv4 vrf BLUE


    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 1:1 (default for vrf BLUE)
    *> 1.1.1.1/32
    40.40.40.2
    0 200 100 i
    R4#sh ip bgp vpnv4 vrf GREEN
    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 0:0
    *> 2.2.2.2/32
    40.40.40.2
    0 200 100 i
    R5
    ip vrf GREEN
    rd 2:2
    !
    ip vrf RED
    rd 4:4
    int f1/0
    no ip add
    interface FastEthernet1/0.2
    encapsulation dot1Q 2
    ip vrf forwarding GREEN
    ip address 50.50.50.5 255.255.255.0
    !
    interface FastEthernet1/0.4
    encapsulation dot1Q 4
    ip vrf forwarding RED
    ip address 50.50.50.5 255.255.255.0
    router bgp 500
    bgp router-id 5.5.5.5
    address-family ipv4 vrf RED
    neighbor 50.50.50.2 remote-as 200
    neighbor 50.50.50.2 activate
    address-family ipv4 vrf GREEN
    neighbor 50.50.50.2 remote-as 200
    neighbor 50.50.50.2 activate
    R5#sh ip bgp vpnv4 vrf RED
    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 4:4 (default for vrf RED)
    *> 4.4.4.4/32
    50.50.50.2
    0 200 100 i
    R5#sh ip bgp vpnv4 vrf GREEN
    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 2:2 (default for vrf GREEN)
    *> 2.2.2.2/32
    50.50.50.2
    0 200 100 i

    10

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Now lets assume we want R4 to get Default route in his BLUE vrf from R2
    R2
    router bgp 200
    address-family ipv4 vrf BLUE
    neighbor 40.40.40.4 default-originate
    R4#sh ip bgp vpnv4 vrf BLUE
    Network
    Next Hop
    Metric LocPrf Weight Path
    Route Distinguisher: 1:1 (default for vrf BLUE)
    *> 0.0.0.0
    40.40.40.2
    0
    0 200 i
    *> 1.1.1.1/32
    40.40.40.2
    0 200 100 i

    Displaying & Verifications commands


    Lets take vrf BLUE AS example:

    sh ip protocols vrf BLUE


    sh ip route vrf BLUE
    sh ip bgp vpnv4 vrf BLUE
    sh ip vrf br
    sh ip vrf blue
    sh ip bgp vpnv4 all sum
    sh ip vrf interfaces
    R4#sh ip bgp vpnv4 vrf BLUE neighbors 40.40.40.2 advertised-routes
    R4#sh ip bgp vpnv4 vrf BLUE neighbors 40.40.40.2 routes
    R4#sh ip bgp vpnv4 vrf BLUE 1.1.1.1
    R4#ping vrf BLUE 1.1.1.1
    R4#traceroute vrf BLUE 1.1.1.1
    R4#sh ip bgp vpnv4 rd 1:1
    R2#sh ip bgp vpnv4 vrf BLUE rib-failure

    11

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Now lets practice VRF over GRE Tunnel

    R7 f0/0 10.10.10.7/24
    R6 f0/0 10.10.10.6/24 s0/0 20.20.20.6/24
    R2 s0/0 20.20.20.2/24
    R2
    int s0/0
    ip vrf for BLUE
    ip add 20.20.20.2 255.255.255.0
    no sh
    ! Connection to the VRF BLUE network and the VRF GREEN
    ! network using the GRE tunnel.

    12

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    ip route vrf BLUE 10.10.10.7 255.255.255.255 20.20.20.6


    ! Static Host route to ensure that recursive routing does not occur.
    int tunnel 0
    ip vrf for GREEN
    ip add 200.200.200.2 255.255.255.0
    tunnel source s0/0
    tunnel dest 10.10.10.7
    tunnel vrf BLUE
    ! Tunnel 0 is part of VRF GREEN; but it uses the tunnel
    ! destination and source addresses from the routing
    ! table of VRF BLUE, because of this tunnel vrf blue command
    router bgp 200
    address-family ipv4 vrf GREEN
    redis connected
    address-family ipv4 vrf BLUE
    redis conn
    R6
    int s0/0
    ip add 20.20.20.6 255.255.255.0
    no sh
    int f0/0
    ip add 10.10.10.6 255.255.255.0
    no sh
    ip access-group 100 in
    ip access-group 100 out
    access-list 100 permit gre host 10.10.10.7 host 20.20.20.2
    access-list 100 permit gre host 20.20.20.2 host 10.10.10.7
    ! Permits only GRE packets between the endpoints.
    ip route 0.0.0.0 0.0.0.0 20.20.20.2

    13

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    R7
    int f0/0
    ip add 10.10.10.7 255.255.255.0
    no sh
    ip access-group 100 in
    ip access-group 100 out
    ! Accessgroup to allow only GRE packets through the R2CE network. However, R1CE networks
    data is in the GRE packet.
    access-list 100 permit gre host 10.10.10.7 host 20.20.20.2
    access-list 100 permit gre host 20.20.20.2 host 10.10.10.7
    ! Permits only GRE packets between the endpoints.
    int tunnel 0
    ip add 200.200.200.1 255.255.255.0
    tunnel source f0/0
    tunnel dest 20.20.20.2
    ! Both the tunnel source and destination address are in the VRF BLUE, to provide transport for the
    VRF GREEN network.
    ip route 0.0.0.0 0.0.0.0 tunnel0
    ip route 20.20.20.2 255.255.255.255 10.10.10.6
    ! Static Host route to ensure that recursive routing does not occur.
    Verification:
    R2#show ip route vrf BLUE 10.10.10.1
    Routing entry for 10.10.10.0/24
    Known via "static", distance 1, metric 0
    Routing Descriptor Blocks:
    * 20.20.20.6
    Route metric is 0, traffic share count is 1
    R2#sh ip int br | i Tunnel
    Tunnel0
    200.200.200.2 YES manual up

    up

    R7#ping 200.200.200.2
    !!!!!
    Any BLUE or GREEN ip address directly connected in R2 , R7 can ping now :
    R7#ping 10.1.1.2
    !!!!!
    R7#ping 10.22.22.2
    !!!!!
    14

    CCIEv5 VRF lite Lab

    By CCSI: Yasser Auda

    Resources:
    http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/
    http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/
    http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/46252grewithvrf.html
    http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/layer-3-vpns-l3vpn/116725configure-mgre-00.html

    Good Luck
    CCSI: Yasser Auda
    https://www.facebook.com/YasserRamzyAuda
    https://learningnetwork.cisco.com/people/yasser.r.a?view=documents
    https://www.youtube.com/user/yasserramzyauda

    15

    You might also like