SlideShare a Scribd company logo

VRF-Lite: Virtual Routing and Forwarding for Multiple VPNs

Netwax Lab
Netwax Lab

VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. This increases functionality by allowing network paths to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; thus the technology is also referred to as VPN routing and forwarding. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

Technology
1 of 10
Download to read offline
VRF (Virtual Routing and Forwarding) VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. This increases functionality by allowing network paths to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; thus the technology is also referred to as VPN routing and forwarding. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF acts like a logical router, but while a logical router may include many routing tables, a VRF instance uses only a single routing table. In addition, VRF requires a forwarding table that designates the next hop for each data packet, a list of devices that may be called upon to forward the packet, and a set of rules and routing protocols that govern how the packet is forwarded. These tables prevent traffic from being forwarded outside a specific VRF path and also keep out traffic that should remain outside the VRF path. When we hear about VRF, its almost synonymous to MPLS VPN. Virtual Routing and Forwarding is commonly used by Service Providers to provide services within an MPLS cloud with multiple customers. The most interesting feature of this is that, VRF allows creation of multiple routing tables within a single router. This means that overlapping use of IP addresses from different customers is possible. Some enterprises use VRF to seggrate their services like VOIP, wireless, geographical location and other varieties. Just as with a VLAN based network using 802.1q trunks to extend the VLAN between switches, a VRF based design uses 802.1q trunks, GRE tunnels, or MPLS tags to extend and tie the VRFs together. Figure 1
VRF (Virtual Routing and Forwarding) VRF-Lite (Multi-VRF) VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time. It supports multiple, overlapping, independent routing and forwarding tables per customer. Any routing protocol supported by normal VRF can be used in a VRF-Lite CE implementation. The CE supports traffic separation between customer networks. As there is no MPLS functionality on the CE, no label exchange happens between the CE and PE. VRF-lite includes these devices:  Customer edge (CE) devices provide customer access to the service provider network over a data link to one or more provider edge routers. The CE device advertises the site's local routes to the provider edge router and learns the remote VPN routes from it. A Catalyst 4500 series switch can be a CE.  Provider edge (PE) routers exchange routing information with CE devices by using static routing or a routing protocol such as BGP, RIPv1, or RIPv2. The PE is only required to maintain VPN routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain all of the service provider VPN routes. Each PE router maintains a VRF for each of its directly connected sites. Multiple interfaces on a PE router can be associated with a single VRF if all of these sites participate in the same VPN. Each VPN is mapped to a specified VRF. After learning local VPN routes from CEs, a PE router exchanges VPN routing information with other PE routers by using internal BGP (iBPG).  Provider routers (or core routers) are any routers in the service provider network that do not attach to CE devices. With VRF-lite, multiple customers can share one CE, and only one physical link is used between the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets for each customer based on its own routing table. VRF-lite extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office. Packet-Forwarding Process in a VRF-lite CE-enabled network:  When the CE receives a packet from a VPN, it looks up the routing table based on the input interface. When a route is found, the CE forwards the packet to the PE.
VRF (Virtual Routing and Forwarding)  When the ingress PE receives a packet from the CE, it performs a VRF lookup. When a route is found, the router adds a corresponding MPLS label to the packet and sends it to the MPLS network.  When an egress PE receives a packet from the network, it strips the label and uses the label to identify the correct VPN routing table. The egress PE then performs the normal route lookup. When a route is found, it forwards the packet to the correct adjacency.  When a CE receives a packet from an egress PE, it uses the input interface to look up the correct VPN routing table. If a route is found, the CE forwards the packet within the VPN. The VRF-lite network has three major components:  VPN route target communities— Lists all other members of a VPN community. You need to configure VPN route targets for each VPN community member.  Multiprotocol BGP peering of VPN community PE routers— Propagates VRF reachability information to all members of a VPN community. You need to configure BGP peering in all PE routers within a VPN community.  VPN forwarding— Transports all traffic between all VPN community members across a VPN service-provider network. Application  Shared Datacenters- The datacenter provider can use VRFs to reduce the number of device involved. Eg. If the datacenter is hosting three different customers (that use similar IP subnets) then there might be a need to three different routers. Figure 2
VRF (Virtual Routing and Forwarding) But if VRF is used, then only one router can be used.  ISP- ISPs provide links between sites of multiple customers. By the use of VRF it is possible to use the same infrastructure for multiple customers. Without VRF Figure 3 Figure 4
VRF (Virtual Routing and Forwarding) With VRF A tag is added to each route. This tag is called a Route Distinguisher. Figure 5
VRF (Virtual Routing and Forwarding) Example Configuration (Note: Make Sure R1 and R2 Ping each other.) ISP int f0/0 ip add 101.1.1.1 255.255.255.0 no shut exit int f0/1 ip add 102.1.1.1 255.255.255.0 no shut exit R1 ip cef ip vrf A exit Figure 6 Topology
VRF (Virtual Routing and Forwarding) int f0/0 ip add 101.1.1.100 255.255.255.0 no shut exit int f0/1 ip vrf forwarding A ip add 192.168.1.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 101.1.1.1 crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 1800 exit crypto keyring KEY pre-shared-key address 102.1.1.100 key cisco exit crypto isakmp profile ISA vrf A keyring KEY match identity address 102.1.1.100 255.255.255.255 exit crypto ipsec transform-set tset esp-3des esp-sha-hmac exit ip access-list extended VPN permit ip host 192.168.1.100 host 192.168.2.100 exit crypto map CMAP 10 ipsec-isakmp set peer 102.1.1.100 set transform-set tset
VRF (Virtual Routing and Forwarding) set isakmp-profile ISA match address VPN reverse-route static exit int f0/0 crypto map CMAP exit R2 ip cef ip vrf A exit int f0/0 ip add 102.1.1.100 255.255.255.0 no shut exit int f0/1 ip vrf forwarding A ip add 192.168.2.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 102.1.1.1 ip route vrf A 192.168.1.100 255.255.255.255 101.1.1.100 global (or you can use reverse-route static on Crypto map CMAP 10 ipsec-isakmp) crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 1800 exit crypto keyring KEY pre-shared-key address 101.1.1.100 key cisco exit
VRF (Virtual Routing and Forwarding) crypto isakmp profile ISA vrf A keyring KEY match identity address 101.1.1.100 255.255.255.255 exit crypto ipsec transform-set tset esp-3des esp-sha-hmac exit ip access-list extended VPN permit ip host 192.168.2.100 host 192.168.1.100 exit crypto map CMAP 10 ipsec-isakmp set peer 101.1.1.100 set transform-set tset set isakmp-profile ISA match address VPN exit int f0/0 crypto map CMAP exit Lan1 ip cef ip vrf A exit int f0/0 ip vrf forwarding A ip add 192.168.1.100 255.255.255.0 no shut exit ip route vrf A 0.0.0.0 0.0.0.0 192.168.1.1
VRF (Virtual Routing and Forwarding) Lan2 ip cef ip vrf A exit int f0/0 ip vrf forwarding A ip add 192.168.2.100 255.255.255.0 no shut exit ip route vrf A 0.0.0.0 0.0.0.0 192.168.2.1

Recommended

Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)NetProtocol Xpert
 
OSPF v3
OSPF v3OSPF v3
OSPF v3Irsandi Hasan
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF BasicsMartin Bratina
 
Mpls technology
Mpls technologyMpls technology
Mpls technologyNaveen Sihag
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1AIRTEL
 
Netmanias L2,L3 Training (1) L2 Ethernet
Netmanias L2,L3 Training (1) L2 EthernetNetmanias L2,L3 Training (1) L2 Ethernet
Netmanias L2,L3 Training (1) L2 EthernetChris Changmo Yoo
 

Recommended

Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)NetProtocol Xpert
 
OSPF v3
OSPF v3OSPF v3
OSPF v3Irsandi Hasan
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF BasicsMartin Bratina
 
Mpls technology
Mpls technologyMpls technology
Mpls technologyNaveen Sihag
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1AIRTEL
 
Netmanias L2,L3 Training (1) L2 Ethernet
Netmanias L2,L3 Training (1) L2 EthernetNetmanias L2,L3 Training (1) L2 Ethernet
Netmanias L2,L3 Training (1) L2 EthernetChris Changmo Yoo
 
VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)Naveen Soni
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
Netmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW ArchitectureNetmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW ArchitectureChris Changmo Yoo
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
VTP
VTPVTP
VTPAlberto Jimenez
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)Vipin Sahu
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlanMohammed Umair
 
Vlan
Vlan Vlan
Vlan sanss40
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)Sri Safrina
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefZivaro Inc
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN IntroductionBangladesh Network Operators Group
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.pptEdgardo Scrimaglia
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocolAmeer Agel
 
Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)Mohammad Javad Abdolmaleki
 
acl configuration
acl configurationacl configuration
acl configurationRandyDookheran1
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?Haris Chughtai
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF ConfigurationNetwax Lab
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routingMohammedseleim
 
ODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptmarwan76
 
Intrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdfIntrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdfNesibusami
 

More Related Content

What's hot

VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)Naveen Soni
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Netmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW ArchitectureNetmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW ArchitectureChris Changmo Yoo
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)Vipin Sahu
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)Sri Safrina
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefZivaro Inc
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking ProtocolNetwax Lab
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocolAmeer Agel
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?Haris Chughtai
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF ConfigurationNetwax Lab
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routingMohammedseleim
 

What's hot (20)

VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP)
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - Basic
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
Netmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW ArchitectureNetmanias L2,L3 Training (5) L3 SW Architecture
Netmanias L2,L3 Training (5) L3 SW Architecture
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 
VTP
VTPVTP
VTP
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
 
Vlan
Vlan Vlan
Vlan
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
VLAN Trunking Protocol
VLAN Trunking ProtocolVLAN Trunking Protocol
VLAN Trunking Protocol
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN Introduction
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
 
Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)
 
acl configuration
acl configurationacl configuration
acl configuration
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF Configuration
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routing
 

Similar to VRF-Lite: Virtual Routing and Forwarding for Multiple VPNs

ODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptmarwan76
 
Intrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdfIntrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdfNesibusami
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.ripfarhanica
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Ashish Tanwer
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfHuynh MVT
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecAreaNetworking.it
 
Wp ip-mpls-based-vpns
Wp ip-mpls-based-vpnsWp ip-mpls-based-vpns
Wp ip-mpls-based-vpnssubha_87
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing projectvishal sharma
 
Spirent TestCenter EVPN Emulation
Spirent TestCenter EVPN EmulationSpirent TestCenter EVPN Emulation
Spirent TestCenter EVPN EmulationMalathi Malla
 

Similar to VRF-Lite: Virtual Routing and Forwarding for Multiple VPNs (20)

ODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).ppt
 
Intrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdfIntrdouction to VRF Implementation.pdf
Intrdouction to VRF Implementation.pdf
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
V R F Checking
V R F CheckingV R F Checking
V R F Checking
 
Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...
 
Mpls
MplsMpls
Mpls
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdf
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpn
 
G010314853
G010314853G010314853
G010314853
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsec
 
Wp ip-mpls-based-vpns
Wp ip-mpls-based-vpnsWp ip-mpls-based-vpns
Wp ip-mpls-based-vpns
 
Ospf
OspfOspf
Ospf
 
Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
BRKCRT-2601.pdf
BRKCRT-2601.pdfBRKCRT-2601.pdf
BRKCRT-2601.pdf
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing project
 
Day one-poster-vpns
Day one-poster-vpnsDay one-poster-vpns
Day one-poster-vpns
 
Spirent TestCenter EVPN Emulation
Spirent TestCenter EVPN EmulationSpirent TestCenter EVPN Emulation
Spirent TestCenter EVPN Emulation
 
Ospf
OspfOspf
Ospf
 

More from Netwax Lab

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeNetwax Lab
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Netwax Lab
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionNetwax Lab
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewallNetwax Lab
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access listNetwax Lab
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNetwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Netwax Lab
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting Netwax Lab
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNetwax Lab
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Netwax Lab
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Netwax Lab
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failoverNetwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iiiNetwax Lab
 

More from Netwax Lab (20)

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 

Recently uploaded

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Recently uploaded (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

VRF-Lite: Virtual Routing and Forwarding for Multiple VPNs

  • 1. VRF (Virtual Routing and Forwarding) VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. This increases functionality by allowing network paths to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; thus the technology is also referred to as VPN routing and forwarding. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF acts like a logical router, but while a logical router may include many routing tables, a VRF instance uses only a single routing table. In addition, VRF requires a forwarding table that designates the next hop for each data packet, a list of devices that may be called upon to forward the packet, and a set of rules and routing protocols that govern how the packet is forwarded. These tables prevent traffic from being forwarded outside a specific VRF path and also keep out traffic that should remain outside the VRF path. When we hear about VRF, its almost synonymous to MPLS VPN. Virtual Routing and Forwarding is commonly used by Service Providers to provide services within an MPLS cloud with multiple customers. The most interesting feature of this is that, VRF allows creation of multiple routing tables within a single router. This means that overlapping use of IP addresses from different customers is possible. Some enterprises use VRF to seggrate their services like VOIP, wireless, geographical location and other varieties. Just as with a VLAN based network using 802.1q trunks to extend the VLAN between switches, a VRF based design uses 802.1q trunks, GRE tunnels, or MPLS tags to extend and tie the VRFs together. Figure 1
  • 2. VRF (Virtual Routing and Forwarding) VRF-Lite (Multi-VRF) VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time. It supports multiple, overlapping, independent routing and forwarding tables per customer. Any routing protocol supported by normal VRF can be used in a VRF-Lite CE implementation. The CE supports traffic separation between customer networks. As there is no MPLS functionality on the CE, no label exchange happens between the CE and PE. VRF-lite includes these devices:  Customer edge (CE) devices provide customer access to the service provider network over a data link to one or more provider edge routers. The CE device advertises the site's local routes to the provider edge router and learns the remote VPN routes from it. A Catalyst 4500 series switch can be a CE.  Provider edge (PE) routers exchange routing information with CE devices by using static routing or a routing protocol such as BGP, RIPv1, or RIPv2. The PE is only required to maintain VPN routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain all of the service provider VPN routes. Each PE router maintains a VRF for each of its directly connected sites. Multiple interfaces on a PE router can be associated with a single VRF if all of these sites participate in the same VPN. Each VPN is mapped to a specified VRF. After learning local VPN routes from CEs, a PE router exchanges VPN routing information with other PE routers by using internal BGP (iBPG).  Provider routers (or core routers) are any routers in the service provider network that do not attach to CE devices. With VRF-lite, multiple customers can share one CE, and only one physical link is used between the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets for each customer based on its own routing table. VRF-lite extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office. Packet-Forwarding Process in a VRF-lite CE-enabled network:  When the CE receives a packet from a VPN, it looks up the routing table based on the input interface. When a route is found, the CE forwards the packet to the PE.
  • 3. VRF (Virtual Routing and Forwarding)  When the ingress PE receives a packet from the CE, it performs a VRF lookup. When a route is found, the router adds a corresponding MPLS label to the packet and sends it to the MPLS network.  When an egress PE receives a packet from the network, it strips the label and uses the label to identify the correct VPN routing table. The egress PE then performs the normal route lookup. When a route is found, it forwards the packet to the correct adjacency.  When a CE receives a packet from an egress PE, it uses the input interface to look up the correct VPN routing table. If a route is found, the CE forwards the packet within the VPN. The VRF-lite network has three major components:  VPN route target communities— Lists all other members of a VPN community. You need to configure VPN route targets for each VPN community member.  Multiprotocol BGP peering of VPN community PE routers— Propagates VRF reachability information to all members of a VPN community. You need to configure BGP peering in all PE routers within a VPN community.  VPN forwarding— Transports all traffic between all VPN community members across a VPN service-provider network. Application  Shared Datacenters- The datacenter provider can use VRFs to reduce the number of device involved. Eg. If the datacenter is hosting three different customers (that use similar IP subnets) then there might be a need to three different routers. Figure 2
  • 4. VRF (Virtual Routing and Forwarding) But if VRF is used, then only one router can be used.  ISP- ISPs provide links between sites of multiple customers. By the use of VRF it is possible to use the same infrastructure for multiple customers. Without VRF Figure 3 Figure 4
  • 5. VRF (Virtual Routing and Forwarding) With VRF A tag is added to each route. This tag is called a Route Distinguisher. Figure 5
  • 6. VRF (Virtual Routing and Forwarding) Example Configuration (Note: Make Sure R1 and R2 Ping each other.) ISP int f0/0 ip add 101.1.1.1 255.255.255.0 no shut exit int f0/1 ip add 102.1.1.1 255.255.255.0 no shut exit R1 ip cef ip vrf A exit Figure 6 Topology
  • 7. VRF (Virtual Routing and Forwarding) int f0/0 ip add 101.1.1.100 255.255.255.0 no shut exit int f0/1 ip vrf forwarding A ip add 192.168.1.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 101.1.1.1 crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 1800 exit crypto keyring KEY pre-shared-key address 102.1.1.100 key cisco exit crypto isakmp profile ISA vrf A keyring KEY match identity address 102.1.1.100 255.255.255.255 exit crypto ipsec transform-set tset esp-3des esp-sha-hmac exit ip access-list extended VPN permit ip host 192.168.1.100 host 192.168.2.100 exit crypto map CMAP 10 ipsec-isakmp set peer 102.1.1.100 set transform-set tset
  • 8. VRF (Virtual Routing and Forwarding) set isakmp-profile ISA match address VPN reverse-route static exit int f0/0 crypto map CMAP exit R2 ip cef ip vrf A exit int f0/0 ip add 102.1.1.100 255.255.255.0 no shut exit int f0/1 ip vrf forwarding A ip add 192.168.2.1 255.255.255.0 no shut exit ip route 0.0.0.0 0.0.0.0 102.1.1.1 ip route vrf A 192.168.1.100 255.255.255.255 101.1.1.100 global (or you can use reverse-route static on Crypto map CMAP 10 ipsec-isakmp) crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 1800 exit crypto keyring KEY pre-shared-key address 101.1.1.100 key cisco exit
  • 9. VRF (Virtual Routing and Forwarding) crypto isakmp profile ISA vrf A keyring KEY match identity address 101.1.1.100 255.255.255.255 exit crypto ipsec transform-set tset esp-3des esp-sha-hmac exit ip access-list extended VPN permit ip host 192.168.2.100 host 192.168.1.100 exit crypto map CMAP 10 ipsec-isakmp set peer 101.1.1.100 set transform-set tset set isakmp-profile ISA match address VPN exit int f0/0 crypto map CMAP exit Lan1 ip cef ip vrf A exit int f0/0 ip vrf forwarding A ip add 192.168.1.100 255.255.255.0 no shut exit ip route vrf A 0.0.0.0 0.0.0.0 192.168.1.1
  • 10. VRF (Virtual Routing and Forwarding) Lan2 ip cef ip vrf A exit int f0/0 ip vrf forwarding A ip add 192.168.2.100 255.255.255.0 no shut exit ip route vrf A 0.0.0.0 0.0.0.0 192.168.2.1