Allied Telesis C613-16164-00 REV E manual VRF-lite features in AW+, For example

Page 10

Understanding VRF-lite

VRF-lite features in AW+

Here is a summary of the features provided by the AW+ VRF-lite implementation:

Multiple independent routing table instances may co-exist within the same device. The same or overlapping IP addresses can be present in different route table instances without conflicting. All routing table instances remain securely isolated from those existing in other routing tables.

By default, no communication occurs between VRF instances, facilitating multiple secure routing domains within the same VRF aware device.

However, inter-VRFcommunication between routing domains is possible by using either static inter-VRF routes and/or dynamic filtered route leakage via BGP and its associated route maps.

A single device configuration file simplifies management by providing the ability to create, manage, and monitor all VRF instances.

Detailed diagnostic and debugging information is available.

Ability to view routing table information per VRF.

All appropriate VRF related information and error messages can be viewed in the system wide log.

Separate instances of routing protocols can be mapped to VRF instances so that distribution of route information can be performed on a per VRF domain basis. This enables route information to be distributed securely within each VRF routing domain.

For example:

VRF1 = OSPF routing instance1 VRF2 = OSPF routing instance2

All Layer 3 interfaces and associated switch ports remain in the default global VRF domain until associated with a specific VRF instance.

VRF is supported in HW and SW (including Inter-VRF communications).

The default global VRF domain always exists and cannot be removed. Initially during startup, every VLAN belongs to the default global VRF domain. Also, when a VLAN is removed from a VRF, it is automatically returned to the default global VRF domain. Only one default global VRF domain exists in each physical device.

Static and dynamic routes can be leaked from a VRF instance to the global default VRF.

Selected routes within a VRF instance can be dynamically leaked to other VRF routing domains. This applies both to routes that have been statically configured, and to routes that have been learnt into a VRF instance on the device by routing protocol exchanges with external peer routers.

When a VRF instance has received routes leaked from other VRF instances, that instance can advertise those routes to external peer routers connected to interfaces in that VRF instance, via the routing protocol operating within the VRF instance.

Page 10 Configure VRF-lite

Page 9 Page 11
Image 10
Page 9 Page 11
Contents How To Configure VRF-lite Introduction What is VRF-lite?Who should read this document? Software feature licensesCommand summary Which products and software version does it apply to?Contents Glossary VRFUnderstanding VRF-lite Interface management with VRF VRF-lite security domainsRoute table and interface management with VRF-lite Vlan5Route management with VRF Adding a VRF-aware static ARPInter-VRF communication Static and dynamic inter-VRF routing VRF-lite features in AW+ For exampleVRF-aware utilities within AW+ VRF aware services includeRoute limiting per VRF instance  Ping SSH client  Telnet client TCP dump Configuring VRF-lite Awplusconfig# access-list standardAwplusconfig-if#switchportaccess vlanx Family Awplusconfig-route-map#match ip Static inter-VRF routing Ip route 192.168.50.0/24 Ip route vrf green 192.168.1.0/24Dynamic inter-VRF communication explained Forwarding Information Base FIB and routing protocolsBGP Inter-VRF communication via BGP Route-target both ASNVRFinstance For example Using the route-target commandRoute-target import ASNVRFinstance For example Can be replaced withIf VRF shared initially includes Also, if VRF shared configuration includesIf VRF red initially includes Via BGP IVR, VRF shared will end up with the routesIf VRF shared configuration includes Then via BGP IVR, VRF red will end up with the routesHow VRF-lite security is maintained Viewing source VRF and attribute information for a prefixSimple VRF-lite configuration examples Multiple VRFs without inter-VRF communication26 Configure VRF-lite Vlan 28 Configure VRF-lite Configure VRF-lite 30 Configure VRF-lite Configure VRF-lite 32 Configure VRF-lite Inter-VRF configuration examples with Internet access Configuration Configure VRF-lite Example B Configuration 38 Configure VRF-lite Configure VRF-lite Example C Configuration 42 Configure VRF-lite Configure VRF-lite Network description Configuring a complex inter-VRF solution Each VLANs is associated with a VRF instance VRF communication plan Configuration breakdown Configure VRF-lite Configure Vrfs Configure the hardware ACLs Within the same IP subnet that the switch port is a member This example, three access groups are attached to port192.168.43.0/24 via the shared VRF Configure Vlan Database Configure IP Addresses Configure VRF-lite Configure Dynamic Routing Configure VRF-lite 56 Configure VRF-lite Configure Static Routing Complete show run output from VRF device is below Configure VRF-lite 60 Configure VRF-lite Configure VRF-lite IP route table from VRF device is below VRF blue Hostname Internetrouter Hostname sharedrouter Hostname redospfpeer N1 Ospf NssaHostname greeniBGPpeer Hostname bluerippeer Hostname orangerouter Hostname orangeospfpeer Stack provisioning Other features used in this configurationVCStack and VRF-lite GreyX610 VCStack configuration Virtual Chassis IDX900 configuration 74 Configure VRF-lite Green Sharing VRF routing and double tagging on the same portCommunication plan PortX610 a ConfigurationsX610 B Configure VRF-lite Additional notes BGP configuration tips 80 Configure VRF-lite VRF device Red router vlan database Red router Configuring static route limits Route LimitsAllowed number of fib routes excluding Connect and Static Configuring Dynamic route limits100 No max-fib-routes SyntaxVRF-lite usage guidelines General Useful VRF-related diagnostics command listRouting general Routing protocols IP prefix network, e.g HW platform table commands TCPdump

C613-16164-00 REV E specifications

The Allied Telesis C613-16164-00 REV E is a robust networking device designed to enhance connectivity and communication within enterprise environments. Renowned for its reliability and efficiency, this device serves as an ideal choice for organizations seeking to improve their network infrastructure.

At its core, the C613-16164-00 REV E is a part of Allied Telesis' suite of products that adhere to high-performance standards. One of the main features is its support for both Layer 2 and Layer 3 networking, making it versatile enough to handle a variety of network configurations. This capability allows for seamless integration into different network architectures, whether for simple local area networks (LANs) or more advanced setups with routing capabilities.

Another significant characteristic of the C613-16164-00 REV E is its high-speed data transfer capabilities. With support for Gigabit Ethernet, the device ensures that data can be transmitted quickly and efficiently across the network. This is particularly important for businesses that rely on heavy data usage and need to maintain performance standards even during peak hours.

Additionally, the C613-16164-00 REV E features advanced security measures, including VLAN support and port security configurations, which help protect sensitive information and prevent unauthorized access. This is essential for businesses that handle confidential data and must comply with industry regulations.

In terms of manageability, the device supports SNMP (Simple Network Management Protocol), allowing for easy monitoring and management of network resources. Network administrators can efficiently manage the device and optimize performance with minimal effort, improving overall productivity.

The design of the C613-16164-00 REV E is also noteworthy; it is built for durability, often featuring a compact form factor that makes installation straightforward without compromising on performance. Its compatibility with various Allied Telesis products ensures that organizations can build a cohesive network ecosystem.

In conclusion, the Allied Telesis C613-16164-00 REV E stands out as an excellent networking solution characterized by its support for multiple networking layers, high-speed data transfer, and robust security features. Ideal for both small to medium enterprises and larger organizations, it helps ensure that businesses can maintain efficient and secure operations in a constantly evolving digital landscape.
Top Page Image Contents