What Is VRF?

VRF (Virtual Routing & Forwarding) is a technology for virtually separating the router. It is mainly used by PE routers that constitute MPLS-VPN. Note that the virtual separation of the router, regardless of MPLS, is referred to as VRF-Lite. However, the terms “VRF” and “VRF-Lite” are not used strictly in relation to MPLS or not. The term “VRF” is often used in situations where it is used regardless of MPLS.

VRF allows the creation of new, separate routing context VRF instances in the router. The routing context refers to the set of components necessary for routing, including the routing table, each routing process for building the routing table, and the associated interfaces.

Although it is very often described very simply as ” separate the routing table with VRF,” it is not only separate the routing table.

Creating a VRF and assigning interfaces to the VRF allows it to be treated as a virtual router with an independent routing table.

Figure VRF Overview
Figure VRF Overview

Virtual routers (routing contexts) divided by VRF cannot basically communicate with each other. Also, communication between the original global routing process and VRF is not possible. If communication between VRFs or between VRFs and the global routing process is needed, this can be done by configuring route leak. In other words, by default, VRFs are independent of each other, but if necessary, VRFs can communicate with each other.

Related articles

VRF route leak to provide communication between VRFs are described in the following article.

Uses of VRF

Packet filtering and route filtering are used to control the range of possible communication. However, conventional packet filtering and route filtering have limitations when trying to provide complex control. VRF allows for routing separation and flexible control over the range of possible communication. For example, it is easy to control the use of VRF in the following use cases.

  • Layer 3VPN Service
  • Separation of management network

Layer 3VPN Service

The following figure outlines the Layer 3 VPN service.

Figure Layer3 VPN Service with VRF
Figure Layer3 VPN Service with VRF

Two sites each of Company A and Company B are connected to the carrier network. The VRF prepares virtual routers for Company A and Company B. This makes it easy to build a Layer 3 VPN that allows communication only between Company A’s sites and between Company B’s sites.

Separation of management network

Separating the network for transferring user data such as web browsers from the network for transferring management data such as Telnet/SSH and Syslog allows for more stable network management. VRF allows easy separation of data and management networks.

Figure Separate management network with VRF
Figure Separate management network with VRF

Related articles

The following article describes the VRF configuration and verification commands for Cisco.

An example of Layer 3 VPN configuration with VRF-Lite is described in the following article.

The following article describes an example configuration (FVRF) that separates overlay and underlay networks by VRF.