VRF-Lite

Lee Smitherman · ‎03-06-2014

Hi All,

Im currently studying for my MPLS edge exam, and hitting the subject of VRF Lite. No other way to say this but I just dont get it.

The student guide states its a VRF without the need to run MPLS between the PE and CE, well in MPLS, you DONT run MPLS between the PE and CE but then goes on to state if you dont use BGP on the CE, then you must use LDP which is MPLS

As you can see, im totally confused with this subject... any guides or hints would be appreciated. Ive used google but dont see any decent VRF-lite 101s.

Lee.

blau grana · ‎03-06-2014

Hi Lee,

You can imagine VRF-lite as divide one physical router into separate virtual routers. You configure VRF on router, include interface into VRF and configure routing (static or dynamic) to be able to communicate with between multiple sites. Do not forget that particular VRF is logical significant to local router. Directly connected routers have no idea about VRF, so they can be configured with different VRFs or with none at all.

VRF-lite can be used in lot of different scenatios, here are some examples:

1) you need to connect two different customers to internet, those customers must have completely separete their networks, but you have only one router on site. what do you do?

you configure two separate VRFs on router, one for each customer. They are using one router, but their local networks are separate, each customer has its own routing table on one physical router belonging to ISP.

2) you are IT guy in very small company, you are administrating one router where is connected your data lan, servers, voice vlan, etc....your boss decides that you should offer free wifi to customers who come to your office. you create new vlan for wifi network but you need to secure your internal network from new lan. sure you can configure lot of ACLs but it is so much easier to configure one VRF for wifi, put new vlan interface into vrf and you don'f have to care about anything else. VRF routing table iclude only connected Vlan interface and default route to internet, so wifi users can not access your internal LAN with just 2-3 commands.

3) there is lot of other examples which you can find on internet or you just came with new one when you will need it

http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Lee Smitherman · ‎03-07-2014

Thanks for the rely,

So in a nut shell, VRF-lite is simlpy VRF`s without MPLS, the ability to simply partition the routing tables of a device for some other purpose than MPLS VPNs? We use multiple VRFs within VDC`s on our Nexus 7Ks, no mpls, so thats classed as VRF-lite?

Jeez, why does`nt the student manual say that, Cisco really makes a simple subject seem really complex at times.

thanks again.

sean_evershed · ‎03-08-2014

"So in a nut shell, VRF-lite is simlpy VRF`s without MPLS, the ability to simply partition the routing tables of a device for some other purpose than MPLS VPNs?"

In our organisaition we have an MPLS VPN Data Centre built on N7Ks and 65Ks. We had a security requirement to extend network virtualisation end to end from the Core tier through to the Access tier. However the Access switches are 45Ks that don't support MPLS VPN. To overcome this limiation we created VRF-Lite connections between the 65K Distribution switches and the 45Ks.

An excellent guide can be found below

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html#wp43481

"We use multiple VRFs within VDC`s on our Nexus 7Ks, no mpls, so thats classed as VRF-lite?"

Yes, with no MPLS that is classified as VRF-Lite. You don't need to purchase a MPLS license for the N7Ks in order to create VRF-Lite networks,

Lee Smitherman · ‎03-10-2014

Nice one Sean.

Thanks all.