What are VRFs and why to use them?
Virtual Routing and Forwarding (VRF) is an IP technology that allows multiple instances of a routing table to coexist on the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflict. "VRF" is also used to refer to a routing table instance that can exist in one or multiple instances per each VPN on a Provider Edge (PE) router. Scaling limitations of VRFs can be resolved with the implementation of IP VPNs. IP VPNs are most commonly deployed across an MPLS backbone as the inherent labeling of packets in MPLS lends itself to the identification of the customer VRF.
In the network below there is simply one router and four end-user computers. In real world deployments a network could have dozens or hundreds of routers and devices depending on the scale of the network. Regardless of the network complexity VRF provides the same fundamental separation of routing instances. A typical example would be an ISP using same router to route traffic for various customer traffic while using VRFs to separate each customer's traffic from each other. In the below example e will configure VRFs to separate routing instances as needed so that only hosts within each VRF can communicate with each other.
Steps to configure VRFs
Step 1: Create two VRFs, one named VRF-1 and a second named VRF-2.
R1(config)#ip vrf vrf-1 ! R1(config)#ip vrf vrf-2
Step 2: Assign the VRF-1 to FastEthernet0/0 and FastEthernet1/0.
R1(config)#interface FastEthernet0/0 R1(config-if)#ip vrf forwarding vrf-1 ! R1(config)#interface FastEthernet1/0 R1(config-if)#ip vrf forwarding vrf-1
Step 3: Assign the VRF-2 to FastEthernet0/1 and FastEthernet1/1.
R1(config)#interface FastEthernet0/1 R1(config-if)#ip vrf forwarding vrf-2 ! R1(config)#interface FastEthernet1/1 R1(config-if)#ip vrf forwarding vrf-2
Step 4: Configure a IP address all applicable router interfaces.
R1(config)#interface FastEthernet0/0 R1(config-if)#ip address 192.168.1.1 255.255.255.0 ! R1(config)#interface FastEthernet0/1 R1(config-if)#ip address 172.16.1.1 255.255.255.0 ! R1(config)#interface FastEthernet1/0 R1(config-if)#ip address 192.168.2.1 255.255.255.0 ! R1(config)#interface FastEthernet1/1 R1(config-if)#ip address 172.16.2.1 255.255.255.0
NOTE: You must configure IP addressing on an interface after a VRF is assigned to the interface. Adding or removing a VRF from an interface will remove all IP addressing from the interface to which the VRF was added or removed.
Verify the configuration
Now that the configuration is finished lets verify our VRF deployment. Using the show ip route, show ip route vrf WORD, show ip vrf WORD commands on R1 you can verify the global and separate vrf routing tables as well as VPN routing/forwarding instance information. Use the ping command to verify connectivity.
As designed the VRFs are separating traffic between vrf-1 and vrf-2. Using ping we can verify only hosts within each VRF are able to communicate with one another. All other traffic external to the VRF is isolated.