VRF Definition
Virtual routing and forwarding (VRF) is an IP-based computer network technology that enables the simultaneous co-existence of multiple virtual routers (VRs) as instances or virtual router instances (VRIs) within the same router. One or multiple physical or logical interfaces may have a VRF—but none of the VRFs share routes. Packets are forwarded only between interfaces on the same VRF.
VRFs work on Layer 3 of the OSI model. The independent routing instances allow users to deploy IP internet protocol addresses that overlap or are the same without conflict. Because users may segment network paths without multiple routers, network functionality improves—one of the key benefits of virtual routing and forwarding.
What is VRF?
Virtual routing and forwarding (VRF) IP technology allows users to configure multiple routing table instances to simultaneously co-exist within the same router. Overlapping IP addresses can be used without conflicting because the multiple routing instances are independent, and can select different outgoing interfaces.
VRFs are used for network isolation/virtualization at Layer 3 of the OSI model as VLANs serve similarly at Layer 2. Typically, users implement VRFs primarily to seperate network traffic and more efficiently use network routers. Virtual routing and forwarding can also create VPN tunnels to be solely dedicated to a single network or client.
Virtual Routing and Forwarding Basics
There are basically two types of VRF: VRF in its complete form and VRF lite. Here are the basic differences.
Full VRF focuses on labeling Layer 3 traffic via MPLS—a similar idea to Layer 2 VLANS. The multiprotocol label switching or MPLS cloud in the service provider cloud environment uses multiprotocol border gateway protocol, or MP BGP. VRF isolates traffic from source to destination through that MPLS cloud. To separate overlapping routes and make use of common services, VRF incorporates Route Distinguishers (RDs) and Route Targets (RTs).
VRF lite, actually a subset of VRF, is normally VRF without MPLS and MP BGP. VRF lite is generally used in the office LAN or data center environment to virtualize various security zones and network elements. Full VRF is a highly scalable solution, whereas VRF lite is not scalable.
Advantages of Virtual Routing and Forwarding
The are several benefits of virtual routing and forwarding:
- Enables the virtual creation of multiple routes instate on one physical device
- Allows users to simultaneously manage multiple routing tables
- Can be used for MP BGP and MPLS deployments
- Multiple VPNs for customers can use overlapping IP addresses without conflict
- Users may segment network paths without multiple routers, improving network functionality
VRF: Key Terms
There are several key terms to define in the context of virtual routing and forwarding, and a few comparisons to make, because they answer common questions. Here they are:
VRF vs VPN
A virtual private network (referred to as VPN) is a network that provides private services over a public infrastructure. Sets of sites that privately communicate together over other private or public networks over the internet are virtual private networks VPNs. The “private” in VPN does not automatically signal encryption or security; it merely means a separated pathway.
Virtual routing and forwarding or VRF configurations enable multiple VPN environments to simultaneously co-exist in a router on the same physical network or infrastructure. This allows an organization to have separated network services that reside in the same physical infrastructure invisible to each other—such as wireless, voice (VoIP), data, and video. VRFs can also be used for multiprotocol label switching or MPLS deployments.
VDC vs VRF vs VLANs
Virtual route forwarding instances (VRF) are what supports virtualization for Layer 3 of the OSI model. Virtual device contexts (VDCs) have a broader focus: virtualizing the device itself. The VDC presents the physical switch as multiple devices and may contain its own independent, unique set of VRFs and VLANs.
VLANs are switches functioning on Layer 2 of the OSI model. VLANs split ethernet networks into multiple separated virtual networks to improve security and performance without constraining the physical layout of the network. In contrast, VRFs enable users to create multiple VRs in one physical piece of hardware.
Static routes
A VPN routing and forwarding (VRF) instance, whether the default VRF or one specified by the user, always has a static route associated with it. Users can configure a default VRF static route in lieu of specifying a VRF, which allows a user to customize a static route in VRF configuration mode.
Does Avi Offer VRF Routing Support?
Yes. Avi application delivery platform has a feature which enables the assignment of Avi service engine data interfaces to multiple VRFs. The Avi platform helps each VRF network achieve the target level of performance and increases network security.
For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.