CCIE Topic: 1.2b VRF-lite

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone i'm charles judd and welcome to this video covering the 1.2b topic of vrf lite vrf stands for virtual routing and forwarding or sometimes we see that referred to as vpn routing and forwarding this is a technology that allows us to create multiple routing tables within a single router that work together simultaneously let's discuss how this is useful and look at an example of how we can implement that when we think of vrf's or virtual routing and forwarding instances we typically associate these with service providers this is where we would see vrfs used in conjunction with multi-protocol bgp and using mpls traffic labeling at layer 3. when we talk about vrf lite however we're essentially referring to the use of vrf without mpls or multi-protocol bgp we may typically see vrf light used in small enterprise or small data center environments rather than in large service provider instances vrf lite allows us to create multiple routing tables on a single router that can potentially have overlapping ip address schemes and it allows us to do that as opposed to requiring separate routers or separate physical connections so let's look at a practical example of this here we have two routers r1 and r2 connected together over a single physical link and on each side we have two additional routers we have r3 and r4 connected to r1 and we have r5 and r6 connected to r2 you can also see that i have designated r3 and r5 as customer a sites while routers r4 and r6 are going to be customer b sites so this is a simplified example of a case where we have two customers that we're servicing and we need to separate the customer traffic between these sites we're starting with a blank configuration here on both r1 and r2 we don't have anything in place no ip addressing no routing protocols and no vrf instances the customer sites which are routers r3 through r6 all of those devices do have valid ip addressing already in place for example if we jump to r3 and say show ip interface brief we can see our single gig zero slash zero interface is assigned a valid ip address 10.10.10.2 now i'll also point out that there are some overlapping address schemes here you might have noticed that customer a uses networks 10.10.10.0.24 and 20.20.20.00 24. you'll also see that customer b uses the same two address schemes now normally this could complicate things and perhaps create some issues but with vrf lite we can handle that very easily so the first thing we want to do let's go back to router 1. we want to define the vrf instances globally on routers r1 and r2 so let's start on r1 and under global configuration mode let's say ip vrf followed by the name of our vrf and the first one i'm just going to name cust dash a for customer a we can do the exact same thing for our other customer we can say ipvrf cust-b for customer b now if we break out of here and if i say show show ip route this is our global routing table and you'll notice that currently this is empty but in addition to that we're going to have two other routing tables as well we can say show iprout vrf and we can call out the name of a vrf cust a for example so this is our customer a routing table and we can do the same for customer b so we now have three separate routing tables on r1 let's jump to r2 and let's also create our global instances of our vrfs ipvrf customer a and we'll do the same for customer b now the next thing we can do is we can assign our interface into our vrf instances if you look at our topology you can see that on r1 we have gig zero slash one connected to router r3 which is customer a and gig zero slash two is connected to r4 which is customer b so let's go under global configuration mode interface gig zero slash one here on r1 and since this is connecting out to a customer a device let's say ipvrf forwarding followed by the name of a vrf and of course we want to use customer a so this essentially assigns gig001 into our customer a vrf let's do the same under interface gig zero slash two but let's assign that one to customer beat let's jump over to r2 and let's do the same thing interface gig zero slash one and we want to say ipvrf4d customer a and for interface gig zero slash two we want to assign that to our customer brf and i missed a capitalization there there we go now that we have our interfaces assigned into our vrf instances let's set up some ip addressing on r1 and r2 let's go back to r1 and i'm gonna go under interface gig 0-1 and i'm going to set the ip address so let's say ip address i'm going to make this 10.10.10.1 because our customer a router is dot two and i'll give that a 24 bit subnet mask as we need i'll hit enter and i'll say no shut that takes care of the customer a connection so under interface gig 0-2 let's take care of customer b ip address 10.10.10.1 again a 24-bit subnet mask and i will say no shut now notice we did not receive an error when we configure the exact same ip address and subnet mask on those two interfaces under normal circumstances our router would not allow us to do that we would get a message letting us know that we have an overlapping address scheme but since we've assigned these interfaces into separate vrf instances that's completely fine for us to do and we have no errors so let's jump over to r2 let's do something very similar here let's go under interface gig zero slash one let's set our ip address on this side we want to do 20.20.20.1 again a 24 bit subnet mask we'll say no shut and under interface gig 0 2 we want to give that the exact same ip address and we'll say no shut for that interface as well so now we have connections from r1 and r2 out to all of our customer sites let's go back to r1 now and let's check our connectivity real quick so first of all notice if we try to ping 10.10.10.2 which is a valid connection for us that isn't going to work remember if we say show iprout to see our global routing table we don't have any information in there so we need to actually do this in a different manner what we want to do is we want to say ping vrf and we follow that with the name of the vrf that we want to use first i'll say customer a 10.10.10.2 and we do get a success message there we can up arrow and do the same for our customer b site which of course uses the same ip address and that works as well so that's great so now let's set up some connectivity between r1 and r2 now you'll notice that we have a single physical interface connecting those routers but again the entire goal here is to keep our traffic separated now we could certainly use two different physical connections to separate our customer traffic that's absolutely valid but we can also use the sub interfaces which are virtual interfaces that are created when we divide a physical interface into several logical interfaces so that's what i'm going to do in this case the physical interface on router 1 you can see from the topology is gig 0 0. so on router 1 let's go under global configuration mode let's say interface gig zero slash zero and we can designate a sub interface by using a dot or a decimal followed by a number so in my case i'll say dot one and i'm going to hit enter to create that sub interface now i'm going to create two sub interfaces in total one dedicated to each of our customers these sub interfaces are 1q virtual interfaces and they are associated with a vlan id on a routed physical interface so we do have to set the encapsulation method and indicate a vlan id so let's say encapsulation and we want that to be dot 1q and if we look at contextual help you'll see that we need to indicate a vlan id for this and i'm just going to set that to 2 in my case we can hit enter and with that set we can now associate this virtual sub interface with the customer a vrf in the same way that we've already looked at by saying ipvrf forwarding and we want to say customer dash a with that completed let's now set an ip address on this virtual interface so i'm going to say ip address and you can see that we're using the 30.30.30.0 subnet with a slash 30 subnet mask so i'm just going to create router 1 with the dot 1 ip address again the slash 30 subnet mask we'll hit enter there and i'll say no shut let's create another sub interface for the other customer so we'll again say interface gig zero zero this time we'll say dot two we'll say encapsulation dot one q i'm going to use the vlan id three this time and i'll just arrow up to my vrf forwarding command and i'll set that to customer b again that command is ipvrf forwarding customer b and i'll set the ip address as well and notice that i can set the exact same ip address here since we're using vrf instances now i don't have to do that but i'm going to do that just so that you can see that that is possible i'll hit enter and i'll say no shut now if we break out of here and say show ip interface brief you'll notice that our sub interfaces are in the administratively down status even though we did say no shut and that's because we have to bring up the physical interface as well in order to bring those up so let's go back under interface gig zero zero and we'll say no shut we'll see that come up momentarily and now if we say show interface brief now we can see everything is in the up up state as we would expect so that looks good let's go to router 2 and let's do something very similar we'll create our sub interfaces interface gig zero zero dot one encapsulation dot one q vlan id two ipv rf forwarding we'll say customer a to assign this into that vrf and we want to say ip address on this side we want to do 30.30.30.2 again with our slash 30 subnet mask and we'll say no shut we'll do the same for interface gig 0 0.2 so we'll create that virtual interface we'll say encapsulation.1q vlan id3 ipvrf forwarding we'll assign this to customer b and we'll give it the exact same ip address as well and then we'll go under the physical interface gig zero slash zero and we'll bring that up break out and just verify by saying show ip interface brief everything is in the up up state so that looks good so again if we go back to router 1 and we say show ip interface brief we see everything in the up up state if we say show ip route then again we'll notice that our global routing table is empty and that's because all of our interfaces are assigned into vrf's if we look at that customer a vrf if we say show ip route vrf customer a then we can see our connection over to r2 we can see that listed here the 30.30.30.0.30 and that's going over sub interface 0 0.1 and we can see the customer a site 10.10.10.0.24 connected to gig 0-1 if we look at customer b the routing table for that customer we can see the 10.10.10.0 24 network available over gig zero slash two and our connection over to r2 is available via our sub interface zero slash 0.2 so that looks good now if we jump over to r3 which is one of our customer a sites and we say show ip route this site currently has no knowledge of the other customer a site which is using the 20.20.20.0 24 network and so we actually need to set up a routing protocol for that so here let's do a quick ospf configuration so under global configuration mode let's say router ospf one let's advertise our 10.10.10.0.24 network and we'll advertise that into area one now let's jump over to router 5 which is our other customer a site we're going to do the same thing here just a quick ospf configuration router ospf one we'll advertise our 20.20.20.0 24 network into area one so that takes care of both of our customer a sites let's do the same for our customer b routers let's start with r4 under global configuration mode router ospf 1 we'll say network 10.10.10.0 area 1 and on r6 which is our final customer b site we'll say router ospf 1. here we want to advertise the 20.20.20.0 network into area one so now customer a and customer b sites are all advertising their networks into ospf now of course we need to configure this on r1 and r2 as well so let's go back to r1 and normally we would configure this exactly as we did on the customer routers we would say router ospf followed by the process id but that's going to run ospf specifically for our global routing table remember that is empty so we need to do this instead for a vrf instance and we actually need to do that for both of our vrf instances if we look at contextual help here you'll notice that we have the vrf keyword so we can say vrf and we can follow that with the name of a vrf that we have configured so let's say customer a and once we do that then we can advertise into ospf specifically for this vrf so let's say network we'll do our 10.10.10.0 network and we'll advertise that into area one once we do that we will see a neighbor adjacency come up for r3 we just saw that happen we also want to advertise the network going over to r2 as well so 30.30.30.0 0.0.0.3 and we'll also advertise that into area one so let's break out of here and let's do a quick show run let's go down and find our ospf configuration area and here you can see our ospf instance for our customer a vrf let's break out of there and we need to do the same thing for customer b so let's say router ospf 2 and we want to do that for vrf customer dash b once we do that let's say network i'll do our 10 network into area one and we'll do our 30 network also into area one so let's break out of here and let's again say show run so that we can see that configuration we'll go down to where our ospf configuration is and there we can see both instances of that now let's jump over to router 2 and let's do something similar let's say router ospf 1 vrf and we'll do that for customer a first we want to say network on this side our customer a network is our 20.20.20.0 slash 24 network we'll do that in area one we will see a neighbor adjacency form and let's advertise our 30 network as well 30.30.30.0 into area one now let's create our second instance for our other vrf we do see a neighbor adjacency forming for that 30.30 30.0 network as well let's say router ospf 2 vrf customer b and we're going to use again the network 20.20.20.0 and we'll also advertise our 30 network as well we'll end we'll do a quick show run just to verify that everything is in place as we expect we see some neighbor adjacencies continuing to form there as we do that and there is our ospf configuration for router 2. so that looks good now let's go back to r1 let's break out of our show command and clear off a little space so once more let's say show ip route and again just to point out our global routing table is empty let's say show iprout vrf and let's look at that for customer a and now we can see our three different subnets that we would expect to see notice that the 10.10.10.00 network is available over the gig zero slash one interface uh and of course we see our 20.20.20.0 network available over the sub interface 0 0.1 and of course we see that this has been learned via ospf and we see our 30.30.30.0 30 network also available over 0.1 available over that sub interface which is separate from our customer b traffic interfaces let's also look at our customer b routing table we're going to see something fairly similar here but we're using different interfaces we can see our local 10.10.10.0.24 network of course available over gig zero slash two for customer b we can see our 20.20.20.0.24 network as well available over the sub interface gig 0 0.2 which has been learned via ospf as we can see from our code at the beginning of that now if we go over to r3 i'm just going to clear off a little space here this is one of our customer a sites if we say show iprout you'll notice that the global routing table on this router has knowledge of all three of those networks so this router has no knowledge of those vrf instances we're looking at the global routing table here so from the perspective of the customer they have absolutely no idea that we're running vrf light at all things look normal from the perspective of their routing table and again we can see all of our three networks available over the same interface here the gig zero slash zero interface which is the only interface on this customer router that's connected into our network and of course we would be able to ping all of those destinations this is a customer a router let's say show ip interface brief you can see this is using the 10.10.10.0 subnet can we ping our other customer a site at 20.20.20.2 yes we can so we have success there and there are no issues at all so it looks like everything's working with our vrf light with our traffic separation and with our ospf advertisements so that's a look at vrf lite i hope you found this content useful and i want to thank you sincerely for watching

Info

Channel: Charles Judd

Views: 1,715

Rating: undefined out of 5

Keywords: cisco, ccie, cisco enarsi, ccie enterprise infrastructure, cisco enarsi 300-410, cisco encor 350-401, ccie lab, my ccie journey, ccie training, ccie blueprint, section 1.2, routing concepts, 1.2 routing concepts, cisco routing, routing table, 1.2b vrf-lite, vrf-lite, vrf lite, vrf, virtual routing and forwarding, vpn routing and forwarding, virtual router

Id: uRzaaX5t-yQ

Channel Id: undefined

Length: 22min 39sec (1359 seconds)

Published: Mon Aug 24 2020