Tuesday, June 14, 2016

Utilizing VRFs making 1 router appear as multiple routers

I had an internal struggle with myself, one as a studier and the other as an instructor. How do I make really cool labs and demos with really big topologies and not have 30 routers running. The conundrum. After an internal conversation with myself I had an epiphany. Why not use VRFs?

Ok so with VRFs you are able to make a router act like a switch. How so you may ask? Simple! What helps you breakup a switch into multiple broadcast domains? VLANs of course. So I did that very same thing except with a router. I took R11 and R12 (see the topology below this paragraph) and configured them so that R11 (Customer 1) and R12 (Customer 2) would be 1 router acting like 6 different sites.
As you can see R11 and R12 are each in 6 different locations. But R11 S1-S6 are the same CSR1000v same with R12. All you have to do is create the VRF, configure the RD (Route Distinguisher), not really needed for this but I set it up anyways. Then you place the appropriate Dot1q Sub Interface in the appropriate VRF and viola. 

So if you were to take a peak at R11S2 and R11S1 (both at the top of the topology), you'll see that each router connects to a different PE device, both of which are XRvs. I tested out the MPLS L3 VPN configuration on it. The only special thing you have to do is on R11S2, you have to send traceroutes out the R11S2 VRF. 

R11#traceroute vrf R11S2 11.21.0.11 source lo0 numeric

The output given was the MPLS labeled path from XR1 to R1 to XR2. Essentially R11S2 had trace to itself through the MPLS cloud and came in on a different interface which is in a different routing table due to the VRF config. 

I'll give you some homework, I'll give you the config for R12S1, you just have to get the rest done on your own. I give the R12 RD 2 and R11 RD 1, Site 1 is RD 2:1, Site 2 is RD 2:2 etc.

vrf definition R12S1
 rd 2:1
 !
 address-family ipv4
  route-target export 2:1
  route-target import 2:1
 exit-address-family
 !
 address-family ipv6
  route-target export 2:1
  route-target import 2:1
 exit-address-family

interface GigabitEthernet1.1213
 encapsulation dot1Q 1213
 vrf forwarding R12S1
 ip address 12.13.0.12 255.255.255.0
 ipv6 address 2001:12:13::12/64


R12(config-subif)#do sh run int g1.1213
Building configuration...

Current configuration : 134 bytes
!
interface GigabitEthernet1.1213
 encapsulation dot1Q 1213
 ip address 12.13.0.12 255.255.255.0
 ipv6 address 2001:12:13::12/64
end


When you go to apply the VRF to the interface, the IP addressing is removed since you are leaving the global routing table and entering a VRF. A sh run of the interface will ensure you have the addressing you need.

R12(config-subif)#vrf for
R12(config-subif)#vrf forwarding R12S1
% Interface GigabitEthernet1.1213 IPv4 disabled and address(es) removed due to disabling VRF R12S1
% Interface GigabitEthernet1.1213 IPv6 disabled and address(es) removed due to disabling VRF R12S1
R12(config-subif)#ip address 12.13.0.12 255.255.255.0
R12(config-subif)# ipv6 address 2001:12:13::12/64

Thanks for stopping by and I hope that this was helpful.
Rob Riker, CCIE #50693, VCP5/6-DCV
Posted by at
Labels:

2 comments:

  1. UnknownOctober 24, 2016 at 10:11 PM

    Hey Rob, I have checked some of your videos and I really like them. I was wonder if you are interesting in set up a new video that helps to understand redistribution between different autonomous system, like ospf, bgp (ebgp and ibgp)and eigrp... I am learning CCNP and I believe that that is something that could most of us to understand...

    ReplyDelete
    Replies
    1. rob rikerDecember 17, 2016 at 2:41 PM

      I have plans to cover redistribution, it's on the roadmap, but not sure when I'll get to it.

      Delete

Subscribe to: Post Comments (Atom)