Allied Telesis C613-16164-00 REV E manual How To Configure VRF-lite Introduction

Page 1

Technical Guide

How To Configure VRF-lite

Introduction

In IP-based networks, VRF stands for Virtual Routing and Forwarding. This technology allows multiple routing domains to co-exist within the same device at the same time. As the routing domains are independent, overlapping IP addresses can be used without causing conflict. In large service provider networks, virtual routing and forwarding is used in conjunction with MPLS - Multi Protocol Label Switching - to separate each customer’s traffic into its own wide area VPN. VRF is also known as VPN Routing and Forwarding (when used with MPLS), and is also known as Multi-VRF.

What is VRF-lite?

VRF-lite is VRF without the need to run MPLS in the network. VRF-lite is used for isolating customer networks - it allows multiple secure customer routing domains to co-exist in one physical device simultaneously, which remain completely isolated from each other.

VRF-lite also allows the re-use of IP addresses on the same physical device. An IP address range in one VLAN used in one VRF domain can simultaneously be used in another VLAN in a different VRF domain within the same device. While VRF-lite will segregate traffic from different customers/clients, VRF-lite can also allow for route leakage between VRF domains (inter-VRF communication), by using static inter-VRF routes and/or dynamic route leakage via BGP and associated route maps. This provides filtered access from one VRF routing domain to another where the IP address ranges do not overlap.

This How to Note begins with a description of VRF-lite’s key features and the generic commands used to configure VRF-lite. There are a number of simple configuration examples provided to illustrate its use with OSPF, RIP, and BGP routing protocols. This is followed with a configuration breakdown of a complex inter-VRF scenario, which includes overlapping IP addresses and a range of routing protocols. Dynamic inter-VRF communication between the global VRF domain and a VRF instance is also explained. Finally, a short list of diagnostics commands are provided to help troubleshoot VRF-related issues.

C613-16164-00 REV E

alliedtelesis.com x

Page 1 Page 2
Image 1
Page 1 Page 2
Contents What is VRF-lite? How To Configure VRF-lite IntroductionCommand summary Software feature licensesWho should read this document? Which products and software version does it apply to?Contents VRF GlossaryUnderstanding VRF-lite Route table and interface management with VRF-lite VRF-lite security domainsInterface management with VRF Vlan5Adding a VRF-aware static ARP Route management with VRFInter-VRF communication Static and dynamic inter-VRF routing For example VRF-lite features in AW+Route limiting per VRF instance VRF aware services includeVRF-aware utilities within AW+  Ping SSH client  Telnet client TCP dump Awplusconfig# access-list standard Configuring VRF-liteAwplusconfig-if#switchportaccess vlanx Family Awplusconfig-route-map#match ip Ip route 192.168.50.0/24 Ip route vrf green 192.168.1.0/24 Static inter-VRF routingForwarding Information Base FIB and routing protocols Dynamic inter-VRF communication explainedBGP Inter-VRF communication via BGP Route-target import ASNVRFinstance For example Using the route-target commandRoute-target both ASNVRFinstance For example Can be replaced withIf VRF red initially includes Also, if VRF shared configuration includesIf VRF shared initially includes Via BGP IVR, VRF shared will end up with the routesThen via BGP IVR, VRF red will end up with the routes If VRF shared configuration includesViewing source VRF and attribute information for a prefix How VRF-lite security is maintainedMultiple VRFs without inter-VRF communication Simple VRF-lite configuration examples26 Configure VRF-lite Vlan 28 Configure VRF-lite Configure VRF-lite 30 Configure VRF-lite Configure VRF-lite 32 Configure VRF-lite Inter-VRF configuration examples with Internet access Configuration Configure VRF-lite Example B Configuration 38 Configure VRF-lite Configure VRF-lite Example C Configuration 42 Configure VRF-lite Configure VRF-lite Network description Configuring a complex inter-VRF solution Each VLANs is associated with a VRF instance VRF communication plan Configuration breakdown Configure VRF-lite Configure Vrfs Configure the hardware ACLs Within the same IP subnet that the switch port is a member This example, three access groups are attached to port192.168.43.0/24 via the shared VRF Configure Vlan Database Configure IP Addresses Configure VRF-lite Configure Dynamic Routing Configure VRF-lite 56 Configure VRF-lite Configure Static Routing Complete show run output from VRF device is below Configure VRF-lite 60 Configure VRF-lite Configure VRF-lite IP route table from VRF device is below VRF blue Hostname Internetrouter Hostname sharedrouter N1 Ospf Nssa Hostname redospfpeerHostname greeniBGPpeer Hostname bluerippeer Hostname orangerouter Hostname orangeospfpeer VCStack and VRF-lite Other features used in this configurationStack provisioning GreyVirtual Chassis ID X610 VCStack configurationX900 configuration 74 Configure VRF-lite Communication plan Sharing VRF routing and double tagging on the same portGreen PortX610 a ConfigurationsX610 B Configure VRF-lite Additional notes BGP configuration tips 80 Configure VRF-lite VRF device Red router vlan database Red router Route Limits Configuring static route limitsAllowed number of fib routes excluding Connect and Static Configuring Dynamic route limits100 Syntax No max-fib-routesVRF-lite usage guidelines General Useful VRF-related diagnostics command listRouting general Routing protocols IP prefix network, e.g TCPdump HW platform table commands

C613-16164-00 REV E specifications

The Allied Telesis C613-16164-00 REV E is a robust networking device designed to enhance connectivity and communication within enterprise environments. Renowned for its reliability and efficiency, this device serves as an ideal choice for organizations seeking to improve their network infrastructure.

At its core, the C613-16164-00 REV E is a part of Allied Telesis' suite of products that adhere to high-performance standards. One of the main features is its support for both Layer 2 and Layer 3 networking, making it versatile enough to handle a variety of network configurations. This capability allows for seamless integration into different network architectures, whether for simple local area networks (LANs) or more advanced setups with routing capabilities.

Another significant characteristic of the C613-16164-00 REV E is its high-speed data transfer capabilities. With support for Gigabit Ethernet, the device ensures that data can be transmitted quickly and efficiently across the network. This is particularly important for businesses that rely on heavy data usage and need to maintain performance standards even during peak hours.

Additionally, the C613-16164-00 REV E features advanced security measures, including VLAN support and port security configurations, which help protect sensitive information and prevent unauthorized access. This is essential for businesses that handle confidential data and must comply with industry regulations.

In terms of manageability, the device supports SNMP (Simple Network Management Protocol), allowing for easy monitoring and management of network resources. Network administrators can efficiently manage the device and optimize performance with minimal effort, improving overall productivity.

The design of the C613-16164-00 REV E is also noteworthy; it is built for durability, often featuring a compact form factor that makes installation straightforward without compromising on performance. Its compatibility with various Allied Telesis products ensures that organizations can build a cohesive network ecosystem.

In conclusion, the Allied Telesis C613-16164-00 REV E stands out as an excellent networking solution characterized by its support for multiple networking layers, high-speed data transfer, and robust security features. Ideal for both small to medium enterprises and larger organizations, it helps ensure that businesses can maintain efficient and secure operations in a constantly evolving digital landscape.
Top Page Image Contents