Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VRF - virtual routing and forwarding

HI NetPros .. would you mind making sense of these config I have found in one of my customers .. I know it is related to virtual routing and forwarding but am confused as to what exactly is doing .. perhaps it is a missconfiguration which I would like to remove !!!

ip vrf orange

rd 100:100

interface Vlan30

ip vrf forwarding orange

ip address

ip route vrf orange

ip route vrf orange

ip route vrf orange

ip route vrf orange

ip route vrf orange

ip route vrf orange

Any comments are appreciated !!!


Re: VRF - virtual routing and forwarding

Hello fernando,

Yeah.. VRF configurations.. this basically builds up a seperate routing table for a customer or vendor called orange.. it has a route-distinguisher of 100:100, which will be unique to this customer... Are you still using VRF's on this router/switch ?? Just check also if tag switching is enabled on the interfaces... all the routing configurations on VRF, has the ip route vrf context with the reqruied route.. so, if any packet comes with a vrf tag or orange, it will basically look into the vrf routing table and not the ip routing table..

SO, If you dont require, REMOVE IT, and have some good sleep :)


Re: VRF - virtual routing and forwarding

Hi Raj,

Cheers, this is a core 6513 switch and it is the only device configured with vrf so I think someone was trying to configure something in the past.

Just to confirm what you said and what I have been thinking.

1.- Assuming that a device in the range has its default gateway as ( the vrf interface ) then when a packet is sent by this device towards a different segment, the packet will :

a.- hit the default gateway ( vrf interface )

b.- the ip routing lookup will be performed on the routes that belong to the vrf instance instead of the normal routing table.

c.- the packets will go out accordingly to point 2.

Is that correct ..?

Re: VRF - virtual routing and forwarding

Hello Fernando,

Yeah.. you are right.. Just to add.. When a packet enters or exits an interface, and if the interface is tagged to any VRF, using the "ip vrf forwarding" command, (eg orange in ur case), it looks for a route in that particular VRF routing table.. This applies only to the router, which tags the VRF information (PE - Provider Edge), and not to the router which sends this information (CE - customer edge).. The CE router will still have only a IP routing table...

Just to brief:

1) IP Packets are sent from an interface, which is tagged with VRF forwarding...

2) packets enter the router, and are attached with a particular rd (route distinguisher), which is attached to the VRF name.. This makes it to have a distinct routing table info...

3) Depending on the VRF name, the VRF routing table entries are checked and packets are forwarded to the next hop PE router..

4) Packet goes to the destination PHP (Penultimate Hop Router) router, where a VRF lookup is done, and packets are forwarded to the appropriate interface, where the ip vrf forwarding is configured....

uff. did i confuse you too much ??


Re: VRF - virtual routing and forwarding

Hi .. a bit .. but I think I have got the principle very clear now .. basically vrf instances are used for creating multiple routing tables which can be used as alternate paths to a destination .. Cheers for your explanation Raj .. it definetly made things clear .. Cheers,

New Member

Re: VRF - virtual routing and forwarding

With regard to previous posts about tag-switching, PEs, PHPs, etc., are only true if MPLS is involved. Doesn't look like this is the case.

Based on the config posted which has no route-targets nor import/export policies configured, this looks more like vrf-lite. It appears that this switch is used as the default-gateway for hosts on the vlan. It appears to co-exist with 2 other routers - and And it will use icmp-redirects to move host traffic to the other destinations listed by the route statements via either of those two routers.

Why would this be done? If one of your customers has address space that overlaps with another, it is desireable to allocate that customer its own routing table. That's all vrf-lite and/or this config are doing.

If it were me, I would verify the existence of the other two routers as well as hosts on that vlan before changing config.

ping vrf orange

ping vrf orange

show arp vrf orange

ping vrf orange

contact customer to verify routing scheme


CreatePlease login to create content