Skip to content
Network as Code

VRF

VRF (Virtual Routing and Forwarding) enables network virtualization by creating isolated routing and forwarding instances within a single physical device, supporting MPLS Layer 3 VPNs, multi-tenancy, and network segmentation through separate routing tables, forwarding tables, and interfaces for each VRF instance. It provides comprehensive control over route import and export policies using route targets, route distinguishers for unique route identification across VPN networks, and support for both IPv4 and IPv6 address families with granular policy control. VRF technology is essential for service providers offering VPN services, enterprise network segmentation, and scenarios requiring complete routing isolation between different network domains while maintaining operational efficiency on shared infrastructure.

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
vrfsList[vrfs]No

vrfs (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
nameStringYes
descriptionStringNo
route_distinguisherStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$No
address_family_ipv4Booleantrue, falseNo
address_family_ipv6Booleantrue, falseNo
vpn_idStringRegex: ^[0-9a-fA-F]{1,6}:[0-9a-fA-F]{1,8}$No
import_route_targetsList[import_route_targets]No
export_route_targetsList[export_route_targets]No
ipv4_route_target_importsList[ipv4_route_target_imports]No
ipv4_route_target_exportsList[ipv4_route_target_exports]No
ipv6_route_target_importsList[ipv6_route_target_imports]No
ipv6_route_target_exportsList[ipv6_route_target_exports]No

import_route_targets (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo
ipv4Booleantrue, falseNo
ipv6Booleantrue, falseNo

export_route_targets (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo
ipv4Booleantrue, falseNo
ipv6Booleantrue, falseNo

ipv4_route_target_imports (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo

ipv4_route_target_exports (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo

ipv6_route_target_imports (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo

ipv6_route_target_exports (iosxe.devices.configuration.vrfs)

NameTypeConstraintMandatoryDefault Value
valueStringRegex: ^((\d{1,5}:\d{1,10})|((\d{1,3}\.){3}\d{1,3}:\d{1,10})|([\da-fA-F]{1,8}:\d{1,10}))$Yes
stitchingBooleantrue, falseNo

VRF provides network segmentation and isolation by creating separate routing and forwarding tables on a single device, enabling multi-tenancy and efficient resource utilization.

VRF Parameters

  • VRF name
  • Description
  • Route Distinguisher (RD)
  • Route Targets (Import/Export)
  • Address Families (IPv4/IPv6)
  • VPN ID
  • Interface association

You can use these VRF parameters to define isolated routing environments on your network device. Customize the name, route distinguisher, route targets, and interface associations to fit your network’s segmentation and multi-tenancy needs. Adjusting these parameters lets you tailor traffic isolation and routing policies for different network domains.

Examples

ip vrf definition VRF-PROD
  • Defines a new VRF instance named VRF-PROD.
rd 200:1
  • Configures the Route Distinguisher for the VRF, making routes unique within the MPLS VPN domain.
route-target export 200:10
  • Specifies a route target for exporting routes from this VRF to other VRFs.
route-target import 300:10
  • Specifies a route target for importing routes into this VRF from other VRFs.
address-family ipv4
  • Enters the IPv4 address family configuration mode within the VRF.
interface GigabitEthernet0/1
  • Selects an interface to associate with a VRF.
ip vrf forwarding VRF-PROD
  • Assigns the VRF-PROD instance to the selected interface, isolating its traffic.

Sample Configuration

The following configuration describes how to set up a VRF instance on an IOS-XE device. It includes defining the VRF, setting its route distinguisher, configuring route targets for import and export, and associating an interface with the VRF for traffic isolation.

ip vrf definition VRF-PROD
 description Production VRF
 rd 200:1
 route-target export 200:10
 route-target export 300:10
 route-target import 200:10
 route-target import 300:10
 address-family ipv4
  route-target import 200:11 stitching
  route-target export 300:11
 exit-address-family
 address-family ipv6
  route-target import 200:13
  route-target export 300:13 stitching
 exit-address-family
!
interface GigabitEthernet0/1
 ip vrf forwarding VRF-PROD
 ip address 10.0.0.1 255.255.255.0

Example YAML Code

The following YAML code sets up a VRF instance on an IOS-XE device, specifying its name, description, route distinguisher, route targets for import and export, and address family configurations for both IPv4 and IPv6.

iosxe:
  devices:
    - name: Device1
      configuration:
        vrfs:
          - name: "VRF-PROD"
            description: "Production VRF"
            route_destinguisher: "200:1"
            address_family_ipv4: true
            address_family_ipv6: true
            vpn_id: 36B:1234
            import_route_targets:
              - value: "200:10"
                stitching: false
                ipv4: true
                ipv6: true
              - value: "300:10"
                stitching: false
                ipv4: true
                ipv6: true
            export_route_targets:
              - value: "200:10"
                stitching: false
                ipv4: true
                ipv6: true
              - value: "300:10"
                stitching: false
                ipv4: true
                ipv6: true
            ipv4_route_target_imports:
              - value: "200:11"
                stitching: true
            ipv4_route_target_exports:
              - value: "300:11"
                stitching: false
            ipv6_route_target_imports:
              - value: "200:13"
                stitching: false
            ipv6_route_target_exports:
              - value: "300:13"
                stitching: true