CCNA Virtual Routing and Forwarding (VRF)

Welcome to Jeremy’s IT Lab. This is a complete course for the CCNA. In this video we will cover Virtual Routing and Forwarding, VRF. VRF allows us to divide one physical router into multiple virtual routers. You can think of it like VLANs for routers. VLANs divide a switch into multiple virtual switches each with their own broadcast domain, and VRF divides a router into multiple virtual routers each with their own routing table. Here’s what we’ll cover in this video. First I will introduce the concept of VRF and its capabilities, and then introduce VRF configuration. Note that VRF configuration isn’t actually a CCNA exam topic, but I think seeing the configurations will help you understand how it works. Unfortunately VRF isn’t supported in Packet Tracer, so if you want to try it in a lab you’ll need to use something like Cisco Modeling Labs, CML, or real Cisco devices. Let’s get started. The diagram at the bottom gives an idea of how VRFs work. The black box in the middle represents R1, a single physical router. The blue, green, and red router icons inside represent three virtual routers inside R1, three VRFs. Let’s call them VRF1, VRF2, and VRF3. So, Virtual Routing and Forwarding is used to divide a single router into multiple virtual routers. This is similar to how VLANs are used to divide a single switch, a LAN, into multiple virtual switches, virtual LANs. By default, all interfaces on a switch are in the same LAN, the same broadcast domain. When using VLANs, we can divide that one broadcast domain into multiple virtual broadcast domains. Similarly, by default all router interfaces are all in the same ‘routing domain’. By ‘routing domain’ I mean, by default traffic received on one router interface can be forwarded out of any other interface on the router, if the routing table says to do so. For example, without using VRF, in the diagram below traffic received on R1’s G0/0 interface can be routed to and forwarded out of R1’s G1/2 interface. However, with VRF that won’t be possible. G0/0 is in VRF1 and G1/2 is in VRF3, so traffic cannot be forwarded between them. How does VRF accomplish this? It does this allowing a router to build separate routing tables. Normally a router has one routing table, but with VRF it has multiple. Interfaces, specifically layer 3 interfaces, are configured to be in a specific VRF, also known as a VRF Instance. Keep in mind that VRF does not apply to Layer 2 interfaces on a switch. Only router interfaces, SVIs, and routed ports on multilayer switches can be configured in a VRF. It’s a Layer 3 concept. As I mentioned before, traffic in one VRF cannot be forwarded out of an interface in another VRF. However, as an exception VRF Leaking can be configured to allow traffic to pass between VRFs. That is a more advanced concept though and I won’t cover it in this video. So, what is the main purpose of VRF? Well VRF is commonly used to facilitate MPLS, multi-protocol label switching. However, that’s actually not the kind of VRF we are talking about here. The kind of VRF we are talking about is VRF-lite, VRF without MPLS. So, keep in mind that when I say ‘VRF’ in this video, I’m really referring to ‘VRF-lite’. VRF is commonly used by service providers to allow one device to carry traffic from multiple customers. How does it help with that? Well, there are two main points. First, each customer’s traffic is isolated from the others, because each customer connects to their own virtual router within the service provider’s physical router. In the diagram below, let’s say the blue, green, and red devices represent three different customers. All customers connect to the same service provider router, R1, but each connects to a different virtual router, a different VRF instance. And another major point is that customer IP addresses can overlap without issues. For example, the blue customer uses subnets 192.168.1.0/24 and 192.168.2.0/24. The green customer also uses 192.168.1.0/24 and 2.0/24. And so does the red customer. Without VRF, this kind of configuration is not possible on a router. But with VRF, it works fine even though the IP addresses all overlap. Okay, now let’s try configuring VRF to help understand how it works. To demonstrate VRF configuration I’ll use the network below. SPR1 is a service provider router providing WAN services to two customers, Customer 1 and Customer 2. C1R1 and C1R2 belong to Customer 1 and C2R1 and C2R2 belong to customer 2. Note the subnets being used. Both Customer 1 and Customer 2 use subnet 192.168.1.0/30. First, let’s see what happens when we try to configure this without using VRF. First I configured SPR1’s G0/0 and G0/1, both connected to Customer 1’s routers. No problems yet. But when I try to configure G0/2, I get an error message, 192.168.1.0 overlaps with G0/0. G0/2 cannot use IP address 192.168.1.1 because it is in the same subnet as G0/0. In this case it’s the exact same IP address, but even if the IP address is different it won’t work. Let me demonstrate that. To prove that point I tried to configure it as 192.168.1.2, but again it didn’t work. Even if the IP address is different, G0/2 cannot be configured in the same subnet as G0/0. So, without the use of VRF, two interfaces on the same router cannot be in the same subnet. Next let’s use VRF to configure this network properly. First we have to create the VRFs, which can be done in global config mode with the command IP VRF, followed by the VRF name. Here I created two VRFs, one named CUSTOMER1 and the other CUSTOMER2. I then used the command SHOW IP VRF which shows all of the VRFs on the router. As you can see, the CUSTOMER1 and CUSTOMER2 VRFs were created. The next step is to assign interfaces to each VRF. So, from interface config mode for G0/0 I used the command IP VRF FORWARDING CUSTOMER1. G0/0 is now part of the CUSTOMER1 VRF, however I also got this message. Interface G0/0 IPv4 disabled and addresses removed due to enabling VRF CUSTOMER1. If an interface has an IP address configured, the IP address will be removed when you assign the interface to a VRF. So, I then re-configured the IP address, 192.168.1.1/30. I then configured G0/1. Again, the IP address I configured before was removed when I assigned it to the VRF, so I had to re-configure it. I then configured the G0/2 interface. Note that this time it worked, I was able to configure G0/2 as 192.168.1.1/30 even though it overlaps with G0/0. That’s because they are in separate VRFs. I then configured G0/3 as well. I then once again confirmed the VRFs and now you can see the interfaces listed in the output. So, SPR1 is now divided into two separate virtual routers: the CUSTOMER1 VRF, which includes G0/0 and G0/1, and the CUSTOMER2 VRF, which includes G0/2 and G0/3. So, basic configuration of VRF-lite is simple: create VRFs with the IP VRF command, and then assign interfaces to VRFs with the IP VRF FORWARDING command. There is of course a lot more depth to VRFs, but that’s all we’ll look at for now. I then used SHOW IP ROUTE on SPR1, but I don’t see any routes. Usually you’d expect to see connected and local routes after configuring IP addresses on interfaces, so why is nothing displayed here? SHOW IP ROUTE displays the ‘global routing table’, that’s the normal routing table you’re used to when not using VRFs. In this case, all of SPR1’s interfaces are configured in VRFs, so nothing displays here. By the way, you can have a mix of interfaces using and not using VRFs. So, I then used the command SHOW IP ROUTE VRF CUSTOMER1, and now we can see some routes, the connected and local routes for G0/0 and G0/1. So, if you want to see a VRF’s routing table you have to add VRF and the VRF’s name to the end of the command. Here I viewed the CUSTOMER2 VRF’s routing table. So, these are separate routing tables from each other and from the global routing table. By the way, if an interface is not in a VRF its routes will appear in the global routing table, and it will be isolated from the interfaces in VRFs, just like interfaces in different VRFs are isolated from each other. To test reachability, I tried some pings from SPR1. I first pinged 192.168.1.2, but all the pings failed. Why is that? It’s because, in the global routing table, there are no routes. As I showed in the previous slide, the global routing table is empty. You can specify the VRF when pinging like this, PING VRF, the VRF name, and then the destination. This time the pings worked. Which device was SPR1 pinging in this case? There are two devices with the IP address 192.168.1.2; C1R1 and C2R1, but in this case SPR1 was pinging C1R1 because I specified the CUSTOMER1 VRF. In the CUSTOMER1 VRF again I pinged 192.168.11.2, C1R2, which worked, and then 192.168.12.2, C2R2, which didn’t work. That’s because, in the CUSTOMER1 VRF’s routing table, there is no route to the destination .12.2. This time I pinged 192.168.1.2 and specified the CUSTOMER2 VRF. Who is SPR1 pinging this time? C2R1, connected to G0/2 in the CUSTOMER2 VRF. And I pinged 192.168.12.2, C2R2, which worked this time because I pinged in the proper VRF. So, to sum it up, hosts in the same VRF can communicate with each other, and hosts in different VRFs can’t. SPR1 was divided into two separate virtual routers. Here’s what we covered in this video. I introduced VRFs and showed the basics of how they are configured in Cisco IOS. But remember, what we mentioned in this video is more accurately called ‘VRF-lite’, which means we’re not using VRF with MPLS. VRF is used to split a router up into multiple virtual routers, each with their own routing table. Service providers can use VRFs to allow multiple customers to connect to the same infrastructure while still allowing their traffic to be isolated. Plus, it doesn’t matter if customers use the same IP addresses in their networks, because each VRF is a separate routing table. For the CCNA, it’s enough to just understand the basic purpose of VRF, but if you go further to study at the CCNP level and beyond you’ll definitely have to study VRF in more depth. Okay, let’s go to the quiz, here’s question 1. You issue the following commands on R1’s G0/0 interface. However, after issuing show ip interface brief you notice that G0/0 does not have an IP address. Why is that? Pause the video now to think about the answer. Okay, the answer is B, the IP address was removed by the IP VRF FORWARDING VRF1 command. As I showed earlier, if an interface already has an IP address, that IP address will be removed when you assign it to a VRF. You will then have to re-configure the IP address. So, if you’re planning to use VRFs you should configure the interface IP addresses after assigning them to VRFs. Okay, let’s go to question 2. Examine the network below. If you issue the command ping 192.168.1.10 on R1, which device will respond? Pause the video now to select the best answer. Okay, the answer is D, no device will respond. Actually, R1 won’t be able to even send the pings. All of R1’s interfaces are assigned to VRFs, and a ping without specifying a VRF will use the global routing table. None of R1’s interfaces are using the global routing instance, so the routing table will be empty and it won’t be able to send the pings. Okay, let’s go to question 3. Which of the following statements about VLANs and VRFs are true? (select three). Pause the video now to select your answers. Okay, the answers are C, D, and F. VRFs divide routers up by creating separate routing tables. In effect, you are dividing the router into separate virtual routers. VLANs, on the other hand, divide switches up by creating separate broadcast domains. And router interfaces in different VRFs can have the same IP address, as I demonstrated in this video. A is incorrect because VRFs do not create separate broadcast domains. Router interfaces are already in separate broadcast domains anyway, without VRFs. B is wrong because VLANs do not create separate MAC address tables, even when using VLANs the switch still keeps one MAC address table. And E is wrong because VRFs can also be configured on the SVIs and routed ports of multilayer switches, not just on routers. Okay, that’s all for the quiz and this video. I hope it was helpful, thanks for watching.

Welcome to Jeremy’s IT Lab. This is a complete course for the CCNA. In this video we will cover Virtual Routing
and Forwarding, VRF. VRF allows us to divide one physical router
into multiple virtual routers. You can think of it like VLANs for routers. VLANs divide a switch into multiple virtual
switches each with their own broadcast domain, and VRF divides a router into multiple virtual
routers each with their own routing table. Here’s what we’ll cover in this video. First I will introduce the concept of VRF
and its capabilities, and then introduce VRF configuration. Note that VRF configuration isn’t actually
a CCNA exam topic, but I think seeing the configurations will help you understand how
it works. Unfortunately VRF isn’t supported in Packet
Tracer, so if you want to try it in a lab you’ll need to use something like Cisco
Modeling Labs, CML, or real Cisco devices. Let’s get started. The diagram at the bottom gives an idea of
how VRFs work. The black box in the middle represents R1,
a single physical router. The blue, green, and red router icons inside
represent three virtual routers inside R1, three VRFs. Let’s call them VRF1, VRF2, and VRF3. So, Virtual Routing and Forwarding is used
to divide a single router into multiple virtual routers. This is similar to how VLANs are used to divide
a single switch, a LAN, into multiple virtual switches, virtual LANs. By default, all interfaces on a switch are
in the same LAN, the same broadcast domain. When using VLANs, we can divide that one broadcast
domain into multiple virtual broadcast domains. Similarly, by default all router interfaces
are all in the same ‘routing domain’. By ‘routing domain’ I mean, by default
traffic received on one router interface can be forwarded out of any other interface on
the router, if the routing table says to do so. For example, without using VRF, in the diagram
below traffic received on R1’s G0/0 interface can be routed to and forwarded out of R1’s
G1/2 interface. However, with VRF that won’t be possible. G0/0 is in VRF1 and G1/2 is in VRF3, so traffic
cannot be forwarded between them. How does VRF accomplish this? It does this allowing a router to build separate
routing tables. Normally a router has one routing table, but
with VRF it has multiple. Interfaces, specifically layer 3 interfaces,
are configured to be in a specific VRF, also known as a VRF Instance. Keep in mind that VRF does not apply to Layer
2 interfaces on a switch. Only router interfaces, SVIs, and routed ports
on multilayer switches can be configured in a VRF. It’s a Layer 3 concept. As I mentioned before, traffic in one VRF
cannot be forwarded out of an interface in another VRF. However, as an exception VRF Leaking can be
configured to allow traffic to pass between VRFs. That is a more advanced concept though and
I won’t cover it in this video. So, what is the main purpose of VRF? Well VRF is commonly used to facilitate MPLS,
multi-protocol label switching. However, that’s actually not the kind of
VRF we are talking about here. The kind of VRF we are talking about is VRF-lite,
VRF without MPLS. So, keep in mind that when I say ‘VRF’
in this video, I’m really referring to ‘VRF-lite’. VRF is commonly used by service providers
to allow one device to carry traffic from multiple customers. How does it help with that? Well, there are two main points. First, each customer’s traffic is isolated
from the others, because each customer connects to their own virtual router within the service
provider’s physical router. In the diagram below, let’s say the blue,
green, and red devices represent three different customers. All customers connect to the same service
provider router, R1, but each connects to a different virtual router, a different VRF
instance. And another major point is that customer IP
addresses can overlap without issues. For example, the blue customer uses subnets
192.168.1.0/24 and 192.168.2.0/24. The green customer also uses 192.168.1.0/24
and 2.0/24. And so does the red customer. Without VRF, this kind of configuration is
not possible on a router. But with VRF, it works fine even though the
IP addresses all overlap. Okay, now let’s try configuring VRF to help
understand how it works. To demonstrate VRF configuration I’ll use
the network below. SPR1 is a service provider router providing
WAN services to two customers, Customer 1 and Customer 2. C1R1 and C1R2 belong to Customer 1 and C2R1
and C2R2 belong to customer 2. Note the subnets being used. Both Customer 1 and Customer 2 use subnet
192.168.1.0/30. First, let’s see what happens when we try
to configure this without using VRF. First I configured SPR1’s G0/0 and G0/1,
both connected to Customer 1’s routers. No problems yet. But when I try to configure G0/2, I get an
error message, 192.168.1.0 overlaps with G0/0. G0/2 cannot use IP address 192.168.1.1 because
it is in the same subnet as G0/0. In this case it’s the exact same IP address,
but even if the IP address is different it won’t work. Let me demonstrate that. To prove that point I tried to configure it
as 192.168.1.2, but again it didn’t work. Even if the IP address is different, G0/2
cannot be configured in the same subnet as G0/0. So, without the use of VRF, two interfaces
on the same router cannot be in the same subnet. Next let’s use VRF to configure this network
properly. First we have to create the VRFs, which can
be done in global config mode with the command IP VRF, followed by the VRF name. Here I created two VRFs, one named CUSTOMER1
and the other CUSTOMER2. I then used the command SHOW IP VRF which
shows all of the VRFs on the router. As you can see, the CUSTOMER1 and CUSTOMER2
VRFs were created. The next step is to assign interfaces to each
VRF. So, from interface config mode for G0/0 I
used the command IP VRF FORWARDING CUSTOMER1. G0/0 is now part of the CUSTOMER1 VRF, however
I also got this message. Interface G0/0 IPv4 disabled and addresses
removed due to enabling VRF CUSTOMER1. If an interface has an IP address configured,
the IP address will be removed when you assign the interface to a VRF. So, I then re-configured the IP address, 192.168.1.1/30. I then configured G0/1. Again, the IP address I configured before
was removed when I assigned it to the VRF, so I had to re-configure it. I then configured the G0/2 interface. Note that this time it worked, I was able
to configure G0/2 as 192.168.1.1/30 even though it overlaps with G0/0. That’s because they are in separate VRFs. I then configured G0/3 as well. I then once again confirmed the VRFs and now
you can see the interfaces listed in the output. So, SPR1 is now divided into two separate
virtual routers: the CUSTOMER1 VRF, which includes G0/0 and G0/1, and the CUSTOMER2
VRF, which includes G0/2 and G0/3. So, basic configuration of VRF-lite is simple:
create VRFs with the IP VRF command, and then assign interfaces to VRFs with the IP VRF
FORWARDING command. There is of course a lot more depth to VRFs,
but that’s all we’ll look at for now. I then used SHOW IP ROUTE on SPR1, but I don’t
see any routes. Usually you’d expect to see connected and
local routes after configuring IP addresses on interfaces, so why is nothing displayed
here? SHOW IP ROUTE displays the ‘global routing
table’, that’s the normal routing table you’re used to when not using VRFs. In this case, all of SPR1’s interfaces are
configured in VRFs, so nothing displays here. By the way, you can have a mix of interfaces
using and not using VRFs. So, I then used the command SHOW IP ROUTE
VRF CUSTOMER1, and now we can see some routes, the connected and local routes for G0/0 and
G0/1. So, if you want to see a VRF’s routing table
you have to add VRF and the VRF’s name to the end of the command. Here I viewed the CUSTOMER2 VRF’s routing
table. So, these are separate routing tables from
each other and from the global routing table. By the way, if an interface is not in a VRF
its routes will appear in the global routing table, and it will be isolated from the interfaces
in VRFs, just like interfaces in different VRFs are isolated from each other. To test reachability, I tried some pings from
SPR1. I first pinged 192.168.1.2, but all the pings
failed. Why is that? It’s because, in the global routing table,
there are no routes. As I showed in the previous slide, the global
routing table is empty. You can specify the VRF when pinging like
this, PING VRF, the VRF name, and then the destination. This time the pings worked. Which device was SPR1 pinging in this case? There are two devices with the IP address
192.168.1.2; C1R1 and C2R1, but in this case SPR1 was pinging C1R1 because I specified
the CUSTOMER1 VRF. In the CUSTOMER1 VRF again I pinged 192.168.11.2,
C1R2, which worked, and then 192.168.12.2, C2R2, which didn’t work. That’s because, in the CUSTOMER1 VRF’s
routing table, there is no route to the destination .12.2. This time I pinged 192.168.1.2 and specified
the CUSTOMER2 VRF. Who is SPR1 pinging this time? C2R1, connected to G0/2 in the CUSTOMER2 VRF. And I pinged 192.168.12.2, C2R2, which worked
this time because I pinged in the proper VRF. So, to sum it up, hosts in the same VRF can
communicate with each other, and hosts in different VRFs can’t. SPR1 was divided into two separate virtual
routers. Here’s what we covered in this video. I introduced VRFs and showed the basics of
how they are configured in Cisco IOS. But remember, what we mentioned in this video
is more accurately called ‘VRF-lite’, which means we’re not using VRF with MPLS. VRF is used to split a router up into multiple
virtual routers, each with their own routing table. Service providers can use VRFs to allow multiple
customers to connect to the same infrastructure while still allowing their traffic to be isolated. Plus, it doesn’t matter if customers use
the same IP addresses in their networks, because each VRF is a separate routing table. For the CCNA, it’s enough to just understand
the basic purpose of VRF, but if you go further to study at the CCNP level and beyond you’ll
definitely have to study VRF in more depth. Okay, let’s go to the quiz, here’s question
1. You issue the following commands on R1’s
G0/0 interface. However, after issuing show ip interface brief
you notice that G0/0 does not have an IP address. Why is that? Pause the video now to think about the answer. Okay, the answer is B, the IP address was
removed by the IP VRF FORWARDING VRF1 command. As I showed earlier, if an interface already
has an IP address, that IP address will be removed when you assign it to a VRF. You will then have to re-configure the IP
address. So, if you’re planning to use VRFs you should
configure the interface IP addresses after assigning them to VRFs. Okay, let’s go to question 2. Examine the network below. If you issue the command ping 192.168.1.10
on R1, which device will respond? Pause the video now to select the best answer. Okay, the answer is D, no device will respond. Actually, R1 won’t be able to even send
the pings. All of R1’s interfaces are assigned to VRFs,
and a ping without specifying a VRF will use the global routing table. None of R1’s interfaces are using the global
routing instance, so the routing table will be empty and it won’t be able to send the
pings. Okay, let’s go to question 3. Which of the following statements about VLANs
and VRFs are true? (select three). Pause the video now to select your answers. Okay, the answers are C, D, and F. VRFs divide
routers up by creating separate routing tables. In effect, you are dividing the router into
separate virtual routers. VLANs, on the other hand, divide switches
up by creating separate broadcast domains. And router interfaces in different VRFs can
have the same IP address, as I demonstrated in this video. A is incorrect because VRFs do not create
separate broadcast domains. Router interfaces are already in separate
broadcast domains anyway, without VRFs. B is wrong because VLANs do not create separate
MAC address tables, even when using VLANs the switch still keeps one MAC address table. And E is wrong because VRFs can also be configured
on the SVIs and routed ports of multilayer switches, not just on routers. Okay, that’s all for the quiz and this video. I hope it was helpful, thanks for watching.

Transcript for:CCNA Virtual Routing and Forwarding (VRF)

Transcript for:
CCNA Virtual Routing and Forwarding (VRF)