vrf routing

Unanswered Question
Oct 27th, 2008

Hi all, how hard is it to setup vrf routing? I would like to try it out, I have a lab of 3 routers, what do I need to do ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Giuseppe Larosa Tue, 10/28/2008 - 14:43

Hello Carl,

how hard is a question of your experience you have to be confident with BGP and OSPF or EIGRP (or IS-IS)

you can use also only two routers as in the following example:

First on the two routers you enable mpls

conf t

int loop1

desc MPLS router-id

ip address

mpls ip

mpls label protocol ldp

on common segment

int gi0/0

desc mpls backbone link to other PE

mpls ip

this provides the MPLS infrastructure.

Now to send traffic between the two customer sites the best is to use an MPLS VPN made of two VRF sites

ip vrf Customer1

rd 1:1

route-target both 1:1

int f0/1

desc VRF access link facing customer

ip vrf forwarding Customer1

router bgp 1

no bgp default ipv4-unicast

neighbor remote-as 1

neighbor update-source loop1

address-family vpnv4

neighbor activate

neighbor send-community both

address-family ipv4 vrf Customer1

no sync

no auto-summary

redistribute connected

Do the same on the second router that will use a different IP address for the loopback

There is no need for a P router between the two PE routers.

For penultimate hop popping MPLS VPN packets will be sent out with a single label the VPN label advertised by BGP multiprotocol in address-family vpnv4.

Hope to help


carl_townshend Wed, 10/29/2008 - 04:48

hi there

do you hae to type this in?

"ip vrf Customer1

rd 1:1

route-target both 1:1"

with an ISP's network, is this how they configure a shared network for different customer, am i right in saying that MPLS does not split up customers networks on it's own, its just a quicker way of forwarding traffic?


marikakis Wed, 10/29/2008 - 08:23


MPLS/VPN is more of a service over MPLS (requires MPLS) and not MPLS itself.

So, its configuration involves more than just enabling MPLS.

The way forwarding is done in an MPLS core makes possible for the core routers

to afford to be ignorant about VPN routes (they consider top IGP label and

ignore VPN label in label stack). In this sense, MPLS forwarding mechanism assists

in the isolation, by not requiring VPN information to leak into the core.

It does need however other mechanisms to provide separation at the edge

to finally provide the MPLS/VPN service end-to-end.

MPLS/VPN uses routing (L3) information exchange to establish the connectivity between VPN sites. As such, it needs to manage the sharing of routes and that's the reason for the existence of VRFs at each PE. Each VRF keeps routes separated from routes of other VRFs and the Global Routing Table (separation at network edge). There exist administratively controlled mechanisms to exchange information between VRFs at various edges to achieve various topologies and business needs.

Although the benefits of MPLS are supposed to be numerous (MPLS TE is probably one of them), the forwarding acceleration benefit is often called the "bogus benefit", because the hardware chips used to perform Longest Prefix Match (LPM) lookups are now smart enough (compared to MPLS exact lookups, which were expected faster). In some cisco press book it says that the same chip does both lookup types in cisco equipment. This might need some discussion. Still, the point is that you cannot expect speedup when enabling MPLS.

Kind Regards,


carl_townshend Fri, 10/31/2008 - 07:33

hi there, thanks for the explanation, however it is a little to deep for me to really understand if Im honest.

would it be possible to put in a list for me the benifits of why providers use mpls and vrf's etc?

Also are you saying that you cant have a vrf unless you have mpls ?

marikakis Fri, 10/31/2008 - 11:25


About the benefits of MPLS, here is a link from a Juniper presentation:

http://www.nanog.org/mtg-0006/ppt/mpls/sld019.htm (yes, this is a cisco forum, but juniper happens :-)

You can browse through the presentation if you like. The key to understanding the benefits of a particular technology

is to learn a little bit about the history of networking, which naturally takes some time.

I am not saying that a VRF absolutely needs MPLS.

VRF is a tool, a data structure at an edge device that helps in separation of routes, not the MPLS/VPN solution itself.

I was only referring to the MPLS/VPN solution in the general case (MPLS and VRFs are part of the solution).

You can create a VRF in a PE router, connect 2 of its interfaces to 2 CEs, assign those interfaces to the same VRF,

and the CEs attached could directly reach each other (no strings or labels attached).

(This can present some problems in a hub-and-spoke scenario, if we happen to have 2 spokes on same PE.)

If you add another PE router, then you need label exchange between PEs (label means MPLS).

A PE that receives a packet from the core side has to answer the following question:

Which routing/forwarding table should I consult to forward this packet?

If a packet has a hint (such as a label that has been communicated in the past),

then the router can find the proper table (VRF or global table) and consequently the proper next-hop.

Hope this helps,


Giuseppe Larosa Fri, 10/31/2008 - 12:46

Hello Maria,

very good post.

MPLS doesn't provide real forwarding gain in modern routers because they have already developed route caching / switching methods (from the first Fast Switching to the current CEF and CEF distributed).

The real advantage of MPLS is the introduction of a forwarding plane and a signalling plane (made by LDP and the routing protocols in use) in the IP networks.


A provider can introduce IPv6 support in its network without requiring the inner core routers to support IPv6. (6PE and 6VPE solutions).

Only the PE routers are upgraded and reconfigured to support double stack IPv4 and IPv6: IPv6 packets are carried inside MPLS label frames with two level label stack : routers in the path to destination PE just swaps the external label.

In a IPv4 only network a router cannot forward a packet that it cannot route or even that it cannot recognize.

Hope to help



This Discussion