How to use VRF

Written by Arnaud 27 august 2013 no comments

This Example is only working for IPv4 (see the "vrf definition" command below for IPv6) :

First create your VRF and define an RD (Route Distinguisher) which is 16bits:16bits (can also be 32b:16b if you use doted IP notation)

(config)# ip vrf my_vrf_1
(config-vrf)# rd 500:1

Add you interface into the VRF (remeber to set the IP address *after*)

(config)# interface Gi0/0
(config-if)# ip vrf forwarding my_vrf_1
(config-if)# ip 192.0.2.1 255.255.255.0

Define your RT (Route Targert), which will tell how you want to export/import between VRF (aka route leaking). You must enable BGP on the router but no BGP neighbor is required.

(config)# ip vrf my_vrf_1
(config-vrf)# route-target export 500:1
(config-vrf)# route-target import 100:1

Make you BGP

(config)# ip route vrf my_vrf_1 XX.XX.XX.XX 255.255.255.0 Null0
(config)# router bgp 65534
(config-router)# address-family ipv4 vrf my_vrf_1
! next line is for the RT, if you don t do it your interface won't have a route to others vrf
(config-router)# redistribute connected
! next lines are for remote BGP session
(config-router)# network XX.XX.XX.XX mask 255.255.255.0
(config-router)# neighbor XX.XX.XX.XX remote-as XXXXX
(config-router)# neighbor XX.XX.XX.XX prefix-list PFX-OUT out

And the "show ip bgp sum" & fiends like http://www.configbytes.com/2011/04/my-mpls-cheat-sheet/ :

sh ip bgp vpnv4 all sum
sh bgp vpnv6 uni all sum
sh ip bgp vpnv4 vrf NAME sum
sh bgp vpn6 uni vrf NAME sum
clear bgp vrf NAME ipv6 unicast *
clear bgp vrf NAME ipv4 unicast A.B.C.D
ping vrf NAME A.B.C.D

Source : (French) http://www.antoinebenkemoun.fr/2009/12/cloisonnement-d%E2%80%99un-reseau-a-l%E2%80%99aide-de-vrf-mise-en-place/ and http://www.antoinebenkemoun.fr/2009/12/cloisonnement-d%E2%80%99un-reseau-a-l%E2%80%99aide-de-vrf-bgp/
(English) What are RD / RT http://blog.initialdraft.com/archives/1537/

You can easily import route of you global table into your VRF :

(config)# vrf definition NAME
(config-vrf)# rd XX:XX
(config-vrf)# address-family ipv4
(config-vrf-af)# import ipv4 unicast map RMAP-NAME

You may have noticed we used "vrf definition" instead of "ip vrf", if you want to convert you old vrf conf to "vrf def" use the command below :

(config)#vrf upgrade-cli multi-af-mode common-policies

And the question in now : How to export the route of the VRF to the Global table?
Sadly this feature (BGP Support for IP Prefix Export from a VRF Table into the Global Table) is only available on 15.2+ IOS... You can check on the Cisco Feature Navigator : http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

(config)# vrf definition NAME
(config-vrf)# rd XX:XX
(config-vrf)# address-family ipv4
(config-vrf-af)# export ipv4 unicast map MAP_NAME

Do not use the "export map RMAP-NAME" it does not what you want! (It's the way to set route-max when leaking between VRF)

Oh BTW you can create a static route in a VRF to an IP in the global table like this :

ip route vrf NAME x.x.x.x s.s.s.s nh.nh.nh.nh global

Souce : http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/asr1000/irg-prefix-export.html

Go futher and read this excellent explanation : http://mellowd.co.uk/ccie/?p=3645