Information Technology Reference
In-Depth Information
VPN Routing/Forwarding Instance
A fundamental concept of MPLS VPN implementation in IOS is VPN routing/forwarding
instance (VRF). Each VRF can be associated with one VPN site (CE) via one or more
interfaces. A PE router maintains one routing and forwarding table for each VRF that is
configured locally. Additionally, a PE maintains a global routing and forwarding table that
is not associated with any VRFs.
A VRF is local to a PE device where it is configured. A VPN is a network-wide concept that
consists of private routing and forwarding information. It may span multiple devices and
VRFs.
NOTE
To have unique VPNv4 addresses in the provider's network, each VRF has a locally
unique RD (Route Distinguisher). When routes are received from a VPN site that belongs
to this VRF, a PE router prepends the RD to the IPv4 prefixes before sending them to the
remote PE.
To control VPN route redistribution, each VRF is also associated with one or more Route
Targets (RTs). To attach an RT to a VPNv4 prefix is to export an RT. To allow a VPNv4
prefix with a certain RT to be installed into a VRF is to import the RT.
Example 10-8 shows a VRF configuration. A VRF is assigned a name that is locally signif-
icant. Note that the VRF name is case-sensitive. When VPNv4 routes are advertised to the
remote PE, an RT of 100:58 is attached (exported). VPNv4 routes from the remote PE devices
are installed into VRF vpn58 only when they have an RT of 100:58.
Example 10-8
Sample VRF Configuration
ip vrf vpn58
rd 100:58
route-target export 100:58
route-target import 100:58
The PE interface that is directly connected to a CE that belongs to a VRF is associated
with the VRF using the interface command
ip vrf forwarding
vrf-name
. To exchange
routes between a PE and a CE, you can configure dynamic routing protocols or
static routes on the PE.
When the command
ip vrf forwarding
is entered under an interface, the existing IP address
is automatically removed.
NOTE
