VRF

VRF (Virtual Routing and Forwarding) enables network virtualization by creating isolated routing and forwarding instances within a single NX-OS device, supporting multi-tenancy and network segmentation through separate routing tables. Each VRF instance can be configured with a route distinguisher, VNI for VXLAN integration, VPN ID, and per-address-family route target import/export policies for both IPv4 and IPv6 unicast. VRF supports EVPN route target auto-derivation, selective route leaking between VRFs, and L3VNI association for VXLAN-based Layer 3 overlay networking.

Diagram

Classes

configuration (nxos.devices)

Name	Type	Constraint	Mandatory	Default Value
vrfs	List	`[vrfs]`	No

vrfs (nxos.devices.configuration)

Name	Type	Constraint	Mandatory
name	String		Yes
description	String		No
vni	Integer		No
l3vni	Boolean	`true`, `false`	No
route_distinguisher	String		No
oui	String		No
vpn_id	String		No
auto_discard	Boolean	`true`, `false`	No
icmp_errors_source_interface_type	Choice	`ethernet`, `loopback`, `mgmt`, `port-channel`, `vlan`, `vni`	No
icmp_errors_source_interface_id	String		No
address_families	List	`[address_families]`	No

address_families (nxos.devices.configuration.vrfs)

Name	Type	Constraint	Mandatory
address_family	Choice	`ipv4-unicast`, `ipv6-unicast`	Yes
route_target_both_auto	Boolean	`true`, `false`	No
route_target_both_auto_evpn	Boolean	`true`, `false`	No
route_target_imports	List	String	No
route_target_exports	List	String	No
route_target_imports_evpn	List	String	No
route_target_exports_evpn	List	String	No

Examples

Example 1: Single tenant VRF with IPv4 unicast and EVPN route targets

nxos:
  devices:
    - name: LEAF1
      configuration:
        vrfs:
          - name: BLUE
            description: Blue Tenant VRF
            vni: 11010
            route_distinguisher: "65000:1010"
            address_families:
              - address_family: ipv4-unicast
                route_target_imports:
                  - "65000:11010"
                route_target_exports:
                  - "65000:11010"
                route_target_imports_evpn:
                  - "65000:11010"
                route_target_exports_evpn:
                  - "65000:11010"

Example 2: Dual-stack VRF with both IPv4 and IPv6 address families

nxos:
  devices:
    - name: LEAF1
      configuration:
        vrfs:
          - name: GREEN
            description: Green Tenant VRF
            vni: 11020
            route_distinguisher: "65000:1020"
            address_families:
              - address_family: ipv4-unicast
                route_target_imports:
                  - "65000:11020"
                route_target_exports:
                  - "65000:11020"
                route_target_imports_evpn:
                  - "65000:11020"
                route_target_exports_evpn:
                  - "65000:11020"
              - address_family: ipv6-unicast
                route_target_imports:
                  - "65000:11020"
                route_target_exports:
                  - "65000:11020"
                route_target_imports_evpn:
                  - "65000:11020"
                route_target_exports_evpn:
                  - "65000:11020"

Example 3: Multiple tenant VRFs on a leaf switch with L2 VNI route target imports

nxos:
  devices:
    - name: LEAF2
      configuration:
        vrfs:
          - name: BLUE
            description: Blue Tenant VRF
            vni: 11010
            route_distinguisher: "65000:1010"
            address_families:
              - address_family: ipv4-unicast
                route_target_imports:
                  - "65000:11010"
                  - "65000:10101"
                  - "65000:10102"
                route_target_exports:
                  - "65000:11010"
                route_target_imports_evpn:
                  - "65000:11010"
                route_target_exports_evpn:
                  - "65000:11010"
          - name: GREEN
            description: Green Tenant VRF
            vni: 11020
            route_distinguisher: "65000:1020"
            address_families:
              - address_family: ipv4-unicast
                route_target_both_auto: true
                route_target_both_auto_evpn: true