VRF
VRF (Virtual Routing and Forwarding) enables network virtualization by creating isolated routing and forwarding instances within a single physical device. It supports MPLS Layer 3 VPNs, multi-tenancy, and network segmentation through separate routing tables, forwarding tables, and interfaces for each VRF instance. VRF provides comprehensive control over route import/export policies using route targets, route distinguishers for unique route identification, route replication between VRFs for selective route leaking, and supports both IPv4 and IPv6 address families with granular policy control.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”configuration (iosxe.devices)
Section titled “configuration (iosxe.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| vrfs | List | [vrfs] | No |
vrfs (iosxe.devices.configuration)
Section titled “vrfs (iosxe.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| description | String | No | ||
| route_distinguisher | String | No | ||
| address_family_ipv4 | Class | [address_family_ipv4] | No | |
| address_family_ipv6 | Class | [address_family_ipv6] | No | |
| vpn_id | String | Regex: ^[0-9a-fA-F]{1,6}:[0-9a-fA-F]{1,8}$ | No |
address_family_ipv4 (iosxe.devices.configuration.vrfs)
Section titled “address_family_ipv4 (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enable | Boolean | true, false | No | |
| import_route_targets | List | String | No | |
| import_route_targets_stitching | List | String | No | |
| export_route_targets | List | String | No | |
| export_route_targets_stitching | List | String | No | |
| route_replicate | List | [route_replicate] | No |
address_family_ipv6 (iosxe.devices.configuration.vrfs)
Section titled “address_family_ipv6 (iosxe.devices.configuration.vrfs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enable | Boolean | true, false | No | |
| import_route_targets | List | String | No | |
| import_route_targets_stitching | List | String | No | |
| export_route_targets | List | String | No | |
| export_route_targets_stitching | List | String | No |
route_replicate (iosxe.devices.configuration.vrfs.address_family_ipv4)
Section titled “route_replicate (iosxe.devices.configuration.vrfs.address_family_ipv4)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| route_map | String | No |
By segmenting the network into multiple VRFs, you achieve traffic isolation, multi-tenancy, and efficient resource utilization, making VRF essential for service providers and enterprises requiring routing separation.
VRF Parameters
Section titled “VRF Parameters”Key Components:
VRF Name (
name): The unique identifier for the VRF instance.Description (
description): A text description for the VRF, useful for documentation and operational clarity.Route Distinguisher (
route_distinguisher): Uniquely identifies routes within the MPLS VPN domain, preventing overlap.Address Families (
address_family_ipv4,address_family_ipv6): Enable IPv4 and/or IPv6 routing within the VRF, each containing route target configuration and route replication settings.Route Replication (
route_replicate): Enables selective route leaking between VRFs by replicating routes from one VRF to another, with optional route-map filtering for granular control over which routes are leaked.VPN ID (
vpn_id): Identifies the VPN for interoperability and management.Interface Association (
interface): Associates physical or logical interfaces with the VRF for traffic isolation.
Key Parameters Briefly Explained:
name: Sets the VRF instance name.description: Adds a description to the VRF.route_distinguisher: Configures the unique route identifier.address_family_ipv4,address_family_ipv6: Enable IPv4/IPv6 address families with route target configuration and route replication.route_replicate: Configures selective route leaking from other VRFs with optional route-map filtering.vpn_id: Sets the VPN identifier.interface: Associates interfaces with the VRF.
You can use these VRF parameters to define isolated routing environments on your network device. Customize the name, route distinguisher, route targets, route replication settings, and interface associations to fit your network’s segmentation and multi-tenancy needs. Adjusting these parameters lets you tailor traffic isolation, selective route leaking, and routing policies for different network domains.
Sample Configuration
Section titled “Sample Configuration”ip vrf definition VRF-PROD description Production VRF rd 200:1 route-target export 200:10 route-target export 300:10 route-target import 200:10 route-target import 300:10 address-family ipv4 route-target import 200:11 stitching route-target export 300:11 route-replicate from vrf global unicast all route-map RM-GLOBAL route-replicate from vrf VRF-GUEST unicast all exit-address-family address-family ipv6 route-target import 200:13 route-target export 300:13 stitching exit-address-family!interface GigabitEthernet0/1 ip vrf forwarding VRF-PROD ip address 10.0.0.1 255.255.255.0Example YAML Code
Section titled “Example YAML Code”The following YAML code sets up a VRF instance on an IOS-XE device, specifying its name, description, route distinguisher, route targets for import and export, route replication for selective route leaking, and address family configurations for both IPv4 and IPv6.
iosxe: devices: - name: Device1 configuration: vrfs: - name: "VRF-PROD" description: "Production VRF" route_distinguisher: "200:1" address_family_ipv4: import_route_targets: ["200:11"] import_route_targets_stitching: ["200:12"] export_route_targets: ["300:11"] export_route_targets_stitching: ["300:12"] route_replicate: - name: global route_map: RM-GLOBAL - name: VRF-GUEST address_family_ipv6: import_route_targets: ["200:13"] import_route_targets_stitching: ["200:14"] export_route_targets: ["300:13"] export_route_targets_stitching: ["300:14"] vpn_id: "36B:1234"