Filter
Top Products
Configure VRF-lite | Page 5
Understanding VRF-lite
Understanding VRF-lite
The purpose of VRF is to enable separate IP networks, possibly using overlapping IP
addresses, to share the same links and routers. IP traffic is constrained to a set of separate IP
Virtual Private Networks (VPNs). These VPNs provide a secure way for a service provider
to carry multiple customers’ IP networks across a common infrastructure. The different
customers’ IP networks are able to operate in complete isolation from each other, so there is
no requirement for them to use separate IP address ranges, and there is no leakage of traffic
from one VPN to another, unless specifically requested.
VPN 1
Customer A
VPN 2
Customer B
VPN 1
Customer A
VPN 2
Customer B
MPLS
network
CE = Customer edge device
PE = Provider edge router
MPLS-VRF
device
MPLS-VRF
device
CE
PE
CE
PE
A full VRF solution commonly involves different portions of the IP networks being connected
to each other by an MPLS backbone network. The separate IP networks will be allocated
different tags in the MPLS network. So the full VRF solution involves not only managing
multiple separate IP networks within the same routers, but also a network-to-MPLS tag
mapping process.
In the full VRF solution a distinction is made between Customer Edge (CE) routers and
Provider Edge (PE) routers. CE routers aggregate the separate IP networks of the service
provider’s different clients. PE routers connect the IP networks to the MPLS backbone.
VRF-lite is a subset of the full VRF solution. In a VRF-l
ite solution there are multiple IP
networks sharing the same routers, but no MPLS core is involved. So, VRF-lite is just the
customer edge router part of VRF, without the provider edge router part.
VRF-lite facilitates multiple separate routing tables within a single router - one routing table
associated with each of the customer VPNs connected to the device. Multiple VRF instances
are defined within a router. One or more Layer 3 interfaces (VLAN) are associated with each
VRF instance forming an isolated VRF routing domain. A Layer 3 interface cannot belong to
more than one VRF instance at any time.