Guidelines for Configuring VRF-lite
IPv4 and IPv6
-
A switch with VRF-lite is shared by multiple customers, and all customers have their own routing tables.
-
Because customers use different VRF tables, you can reuse the same IP addresses. Overlapped IP addresses are allowed in different VPNs.
-
VRF-lite lets multiple customers share the same physical link between the PE and the CE. Trunk ports with multiple VLANs separate packets among customers. All customers have their own VLANs.
-
For the PE router, there is no difference between using VRF-lite or using multiple CEs. In Information About VRF-lite, multiple virtual Layer 3 interfaces are connected to the VRF-lite device.
-
The Cisco Catalyst switch supports configuring VRF by using physical ports, VLAN SVIs, or a combination of both. You can connect SVIs through an access port or a trunk port.
-
A customer can use multiple VLANs as long because they do not overlap with those of other customers. A customer’s VLANs are mapped to a specific routing table ID that is used to identify the appropriate routing tables stored on the switch.
-
The Layer 3 TCAM resource is shared between all VRFs. To ensure that any one VRF has sufficient CAM space, use the maximum routes command.
-
A Cisco Catalyst switch using VRF can support one global network and multiple VRFs. The total number of routes supported is limited by the size of the TCAM.
-
A single VRF can be configured for both IPv4 and IPv6.
-
If an incoming packet's destination address is not found in the vrf table, the packet is dropped. Also, if insufficient TCAM space exists for a VRF route, hardware switching for that VRF is disabled and the corresponding data packets are sent to software for processing.
IPv4 Specific
-
You can use most routing protocols (BGP, OSPF, EIGRP, RIP and static routing) between the CE and the PE. However, we recommend using external BGP (EBGP) for these reasons:
-
BGP does not require multiple algorithms to communicate with multiple CEs.
-
BGP is designed for passing routing information between systems run by different administrations.
-
BGP makes simplifies passing attributes of the routes to the CE.
-
-
The Cisco Catalyst switch supports PIM-SM and PIM-SSM protocols.
-
The capability vrf-lite subcommand under router ospf should be used when configuring OSPF as the routing protocol between the PE and the CE.
IPv6 specific
-
VRF-aware OSPFv3, BGPv6, EIGRPv6, and IPv6 static routing are supported.
-
VRF-aware IPv6 route applications include: ping, telnet, ssh, tftp, ftp and traceroute. (This list does not include the management interface, which is handled differently even though you can configure both IPv4 or IPv6 VRF under it.)