VRF
VRF (Virtual Routing and Forwarding) enables network virtualization by creating isolated routing and forwarding instances within a single physical device. It supports MPLS Layer 3 VPNs, multi-tenancy, and network segmentation through separate routing tables, forwarding tables, and interfaces for each VRF instance. VRF provides comprehensive control over route import/export policies using route targets, route distinguishers for unique route identification, and supports both IPv4 and IPv6 address families with granular policy control.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”configuration (iosxe.devices)
Section titled “configuration (iosxe.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| vrfs | List | [vrfs] | No |
vrfs (iosxe.devices.configuration)
Section titled “vrfs (iosxe.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| description | String | No | ||
| route_distinguisher | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | No | |
| address_family_ipv4 | Boolean | true, false | No | |
| address_family_ipv6 | Boolean | true, false | No | |
| vpn_id | String | Regex: ^[0-9a-fA-F]{1,6}:[0-9a-fA-F]{1,8}$ | No | |
| import_route_targets | List | [import_route_targets] | No | |
| export_route_targets | List | [export_route_targets] | No | |
| ipv4_route_target_imports | List | [ipv4_route_target_imports] | No | |
| ipv4_route_target_exports | List | [ipv4_route_target_exports] | No | |
| ipv6_route_target_imports | List | [ipv6_route_target_imports] | No | |
| ipv6_route_target_exports | List | [ipv6_route_target_exports] | No |
import_route_targets (iosxe.devices.configuration.vrfs)
Section titled “import_route_targets (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No | |
| ipv4 | Boolean | true, false | No | |
| ipv6 | Boolean | true, false | No |
export_route_targets (iosxe.devices.configuration.vrfs)
Section titled “export_route_targets (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No | |
| ipv4 | Boolean | true, false | No | |
| ipv6 | Boolean | true, false | No |
ipv4_route_target_imports (iosxe.devices.configuration.vrfs)
Section titled “ipv4_route_target_imports (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No |
ipv4_route_target_exports (iosxe.devices.configuration.vrfs)
Section titled “ipv4_route_target_exports (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No |
ipv6_route_target_imports (iosxe.devices.configuration.vrfs)
Section titled “ipv6_route_target_imports (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No |
ipv6_route_target_exports (iosxe.devices.configuration.vrfs)
Section titled “ipv6_route_target_exports (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | String | Regex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$ | Yes | |
| stitching | Boolean | true, false | No |
By segmenting the network into multiple VRFs, you achieve traffic isolation, multi-tenancy, and efficient resource utilization, making VRF essential for service providers and enterprises requiring routing separation.
VRF Parameters
Section titled “VRF Parameters”Key Components:
VRF Name (
name): The unique identifier for the VRF instance.Description (
description): A text description for the VRF, useful for documentation and operational clarity.Route Distinguisher (
route_distinguisher): Uniquely identifies routes within the MPLS VPN domain, preventing overlap.Route Targets (
import_route_targets,export_route_targets): Control which routes are imported to or exported from the VRF, supporting flexible policy and stitching.Address Families (
address_family_ipv4,address_family_ipv6): Enable IPv4 and/or IPv6 routing within the VRF.VPN ID (
vpn_id): Identifies the VPN for interoperability and management.Interface Association (
interface): Associates physical or logical interfaces with the VRF for traffic isolation.
Key Parameters Briefly Explained:
name: Sets the VRF instance name.description: Adds a description to the VRF.route_distinguisher: Configures the unique route identifier.import_route_targets,export_route_targets: Define route import/export policies.address_family_ipv4,address_family_ipv6: Enable IPv4/IPv6 address families.vpn_id: Sets the VPN identifier.interface: Associates interfaces with the VRF.
You can use these VRF parameters to define isolated routing environments on your network device. Customize the name, route distinguisher, route targets, and interface associations to fit your network’s segmentation and multi-tenancy needs. Adjusting these parameters lets you tailor traffic isolation and routing policies for different network domains.
Sample Configuration
Section titled “Sample Configuration”The following configuration describes how to set up a VRF instance on a Cisco IOS-XE device. It includes defining the VRF, setting its route distinguisher, configuring route targets for import and export, enabling address families, and associating an interface for traffic isolation.
ip vrf definition VRF-PROD description Production VRF rd 200:1 route-target export 200:10 route-target export 300:10 route-target import 200:10 route-target import 300:10 address-family ipv4 route-target import 200:11 stitching route-target export 300:11 exit-address-family address-family ipv6 route-target import 200:13 route-target export 300:13 stitching exit-address-family!interface GigabitEthernet0/1 ip vrf forwarding VRF-PROD ip address 10.0.0.1 255.255.255.0Example YAML Code
Section titled “Example YAML Code”The following YAML code sets up a VRF instance on an IOS-XE device, specifying its name, description, route distinguisher, route targets for import and export, and address family configurations for both IPv4 and IPv6.
iosxe: devices: - name: Device1 configuration: vrfs: - name: "VRF-PROD" description: "Production VRF" route_distinguisher: "200:1" address_family_ipv4: true address_family_ipv6: true vpn_id: "36B:1234" import_route_targets: - value: "200:10" stitching: false ipv4: true ipv6: true - value: "300:10" stitching: false ipv4: true ipv6: true export_route_targets: - value: "200:10" stitching: false ipv4: true ipv6: true - value: "300:10" stitching: false ipv4: true ipv6: true ipv4_route_target_imports: - value: "200:11" stitching: true ipv4_route_target_exports: - value: "300:11" stitching: false ipv6_route_target_imports: - value: "200:13" stitching: false ipv6_route_target_exports: - value: "300:13" stitching: true