How VRFs Work (VRF Lite) | VRFs Part 1
How VRFs Work (VRF Lite) | VRFs Part 1
VRFs, or Virtual Routing and Forwarding, are virtual routing tables. They enable separation of one part of the network from another.
There could be many reasons to do this. It could be for security, to separate the inside network from the DMZ. Or, it could be to separate BU's, or separate customers from each other.
This video explains VRF basics, what they are used for, when they are used, and how they work.
This includes two labs you can follow along with.
The first lab starts at the beginning and shows basic VRF configuration to separate two customers.
The second lab shows how you can use VRFs to force traffic through a firewall for security purposes.
You can download the labs, and practice on your own if you want (Patreon).
networkdirecti...
Part 1: VRF Lite - The Fundamentals of how VRF's work. This covers route separation, why you need it, and how it's configured
• How VRFs Work (VRF Lit...
Part 2: Dynamic Routing - Taking it a step further, we see how to add OSPF, EIGRP, and BGP routing, all while keeping it VRF-aware
• Dynamic Routing with V...
Part 3: Route Targets - VRF's are local to each router. But, we can use route-targets and MP-BGP to share routes between VRF's on different routers. The ed result? VRF's are spanned across your network!
• Route Target Import an...
Part 4: Route Leaking - VRF's keep routes separate, but what if you have some important services to share? How do you share the routes then? With Route Leaking!
• Leak Routes Between VRF's
For more information, have a look at networkdirecti...
/ networkdirection
/ netwrkdirection
/ networkdirection
Пікірлер: 123
the first video where vrf is cleary explained... thanx
@NetworkDirection
2 жыл бұрын
Thankyou! I also found it hard to find a clear explanation (which is why I tried to make one)
This is really solid bud. Been doing this stuff for 10+ years. Showed this to some entry level guys on my team and they picked it up instantly. Great work!
@NetworkDirection
4 жыл бұрын
Thanks Rougewolf! I am really glad you have been able to find the videos beneficial! Have a great day.
@MrGuitarSmoker
4 жыл бұрын
Hello ! I can only confirm since i'm a entry level network engineer who never heard about VRFs and your video explained it very well ! I got it now ;) Thanks buddy !
Beautifully explained
@NetworkDirection
3 жыл бұрын
Thanks
very easy explanation from the beginning to the end. New subscriber!
I love the way how you keep it simple and short! Thank you very much for the great content :)
@NetworkDirection
2 жыл бұрын
Thanks for the feedback
Thank you for sharing. Simple explanation of a complex subject. Great work.
@NetworkDirection
3 жыл бұрын
Glad you like it, thanks for the feedback
Thanks for this video, now i feel more confident on VRF's.
You are great bro, first time I found great explanation to this topic, we need more videos series for other network topics
@NetworkDirection
6 жыл бұрын
Thanks Techno Ocean. Working through a GRE series right now. Considering a DMVPN series in the near future.
@hussainsyed2161
5 жыл бұрын
Never understood this before hitting here God bless you sir
I'm amazed how easy looks the concept after your explanation. Kudos for this great content.
@NetworkDirection
3 жыл бұрын
Thanks!
excellent!! Just what I was looking for. Thanks for your time.
@NetworkDirection
3 жыл бұрын
Glad to help!
You’re the best!!!!! Thanks for the knowledge dump!
@NetworkDirection
3 жыл бұрын
You're welcome!
Nice video, glad to have found this channel. Thanks for sharing.
@NetworkDirection
5 жыл бұрын
Glad to help
Great explanation!
@NetworkDirection
4 жыл бұрын
Thanks!
The Videos are great for refreshing one's knowledge, top.
@NetworkDirection
3 жыл бұрын
Glad you like it
great video. lots of work put into this to make it easily digestible
Great explanation. Thank you
Amazing job! You guys rock!!
@NetworkDirection
5 жыл бұрын
Thanks mate!
I'm literally configuring this right now except with Cisco 3850s and clustered as sRX345 that need to route back for nat. Thank you for this! It's wonky for sure but a work around I had to do due to vendor compliance.
@NetworkDirection
3 жыл бұрын
Glad this is helping! I also use SRX345's. They use the term 'routing-instance'. The 'virtual router' type is most similar to Cisco's VRF-Lite, as discussed in this video networkdirection.net/articles/routingandswitching/juniper-routers-and-switches/juniper-routing-instances/
Amazing! Simple and clear explanation. Thank you!
Great videos, thank you very much!
@NetworkDirection
4 жыл бұрын
You're welcome!
great explanation thanks
@NetworkDirection
2 жыл бұрын
Glad you liked it
Nice one. Keep up the good work.
@NetworkDirection
2 жыл бұрын
Thanks!
Awesome video, once again! I also really enjoy how you run into errors on purpose, because that's likely what someone configuring VRFs for the first time would run into. But a little sad that it's only available on an enterprise service license level in IOS, if you run another license level on your L3 device, you won't be able to use VRFs. :(
@NetworkDirection
6 жыл бұрын
Thanks again 😀 Some platforms (like the N5k I think) allow VRF lite on a lower license, and full VRF on a higher license
@DarkbaseTTV
6 жыл бұрын
Roman Matys This is not a lab issue, but a real life enterprise issue for me :P
** GREAT WORK ------ THANKS FOR SHARING ------- CHEERS PEOPLE ! **
@NetworkDirection
3 жыл бұрын
Glad you like it!
Very Helpful. Thank you
@NetworkDirection
3 жыл бұрын
Glad it was helpful!
Fantastic mate
Awesome explanation!
@NetworkDirection
3 жыл бұрын
Thanks!
thank you! amazing video!
help a lot, Thanks for sharing
@NetworkDirection
5 жыл бұрын
Happy to help! Glad you're getting some value from the videos!
absolutely fantastic Teacher !
how u make it so easy to understand :) well done
@NetworkDirection
6 жыл бұрын
Hours of writing and rewriting the script :) Thanks for watching
Superuseful video !
@NetworkDirection
5 жыл бұрын
That's good to hear, thanks!
Great work on these vids. would be awesome to see some more vids in relation to routing and switching
@NetworkDirection
4 жыл бұрын
Hi Alenbilic, thanks for the suggestion. Is there anything specific that you are after?
@alenbilic
4 жыл бұрын
@@NetworkDirection im the middle of studying for my CCNP route switch. so detailed info on the layer 2 and 3 technologies and also some vids in regards to the TSHOOT exam. e.g troubleshooting scenarios, would be awesome
Vrf commands can be cumbersome to work with, so on some platforms there is a command that can help out a lot: #routing-context vrf CustA and then you can use the regular commands. Much easier!
@NetworkDirection
4 жыл бұрын
I didn't know about that shortcut, thanks!
Nice Video.....appreciated
Do you not need to configure a route distinguisher when you create the VRF?
Very nice video...helps a lot...keep it coming :)
Great video and right to the point!. i have a scenario where i want to use 1 VRF and leak 1 route to the global table, is it possible?.
Thanks man.. Good sub!
@NetworkDirection
5 жыл бұрын
You're very welcome!
Subbed!!!
amazing vid !
awesome!
@NetworkDirection
6 жыл бұрын
Thanks!
how come adding the router will allow hosts from different VLANs to communicate with each other? (without additional config. like a router on a stick.)
@NetworkDirection
3 жыл бұрын
Generally they will have an IP address in each of those VLANs, and will be able to pass packets from one to the other
I want to install an SOHO network please I need guidelines on how to do it
very good
Concept well explained.Ty. What is the difference btn vrf and vrf-lite.Need to know how both works and their respective configuration as well.
@NetworkDirection
2 жыл бұрын
Part 4 will explain this better, but in short, VRF uses MPLS or similar technology to share informatio with other routers. VRF-Lite does not.
How to do static route with VRF in Cisco iOS ?
Good
@NetworkDirection
2 жыл бұрын
Thanks
Good🎉
I couldnt understand gi 0/3 sub interface, as per your diagrams there are .9 and .13 interface towards firewall and not .3 interface ..?
@NetworkDirection
5 жыл бұрын
Looking at 9:58, it is .13, not .3 Is that the part you mean, or is there somewhere else I'm missing?
Hey man. I've done the 9 Network fundamental videos. This video makes very little sense to me.I don't really understand the concepts and purpose here. Could you give me some info about it and what I should learn now. (cuz this is too advanced for me) I appreciate your job man keep up.
@NetworkDirection
5 жыл бұрын
Yeah, the VRF videos are going to be a bit more advanced than the fundamental ones. I would suggest looking at reading up on CCENT or CCNA to fill in a few gaps before moving into the deeper topics.
@bernardgarrett3897
3 жыл бұрын
Nice ansswer
Thank you for the video, much appreciated. You mention the global routing table can still be used even with the VRF tables, is there a common instance where you would want to use both?
@NetworkDirection
6 жыл бұрын
In one case, I use the global routing table to carry infrastructure routes. How to get from one environment to another, that sort of thing Then I use VRFs for the tenant traffic. That was a good question!
@techno_ocean1938
6 жыл бұрын
@@NetworkDirection can you explain with more easier scenario?
@NetworkDirection
6 жыл бұрын
On using the global routing table with VRF's? Sure. I like to use the global routing table for infrastructure. If I have a few routers, I will connect them and get BGP (or some routing protocol) working in the global routing table. Then a customer comes along. I don't want them knowing about all my routes. I just want to help them move packets around while keeping my infrastructure secure. That's when I would create a VRF. Customers will have their own routes, and they will all go in the VRF. Extra customers get their own VRF's too. As you get to part 3 of this series, this will probably make more sense.
he is pinging (ping vrf custB 10.20.0.1) unsuccessfully. How it could be successful; he did not define the route to 10.20.0.0 for custB vrf?
Thnxxxxxxxxxxx!!!!!
I've never heard of VRF's before. Is this new? What products support this feature? How do we know if a certain product supports this feature?
@memyselfimemyselfi496
4 жыл бұрын
I had the same question. Please answer!!!!!!!!!
is it possible for you two create video scenerio like:- one router with two ISP and router runnning two routing protocol rip and osp.rip for acitve and ospf for standby
@NetworkDirection
6 жыл бұрын
In part 2, I'll show you how to configure dynamic routing (OSPF and EIGRP) with VRF's, which might be similar to what you're asking for. I'm not sure how you would use RIP for active and OSPF for secondary though. For dual-ISP, I would use BGP
@tusharnaik4710
6 жыл бұрын
yes but i have seen such senerio..customer having one router with two isp one nomal and 2ndar 3g cellular link..abd only ospf and rip config are there..i can share you config if you provide me email....nowa days i am too much confuse about this
@NetworkDirection
6 жыл бұрын
Sure, send it through. My details are on the website.
Amazing Explanation about VRF. Great work bro !!! How can the overlapping ip subnet 10.10.0.0/24 exchange between them ? what is the feature in the FW that can allow it ?
@NetworkDirection
5 жыл бұрын
The only way to have overlapping subnets communicate with each other is by sending the traffic to an L3 device (router or firewall), where there is no VRF, or the traffic is in the same VRF. This device then needs to use NAT to make the networks appear unique. It's a complicated scenario, so avoid it if you can
@ithereos9554
4 жыл бұрын
@@NetworkDirection It does sound complicated, is it something you'd usually see in real networks? Why would companies do that besides bad design?
@NetworkDirection
4 жыл бұрын
@@ithereos9554 I've done it myself in some cases. I've used it when working for a cloud provider. We had different customers connected through WAN links. We couldn't control their IP space, and they couldn't control ours. So in a case like this, we can use NAT. However, if you have control, use unique subnets to avoid using NAT.
@surb0nt
3 жыл бұрын
@@ithereos9554 Service Providers use this to divide customer overlapping 10/8 rfc1918 networks. And customers can communicate over Service Provider MPLS network separately. You can do this always when you have many customers and you need to separate them into domains.
How come Core1 router ports(.1 and .5) are in the same network, Aren't they suppose to be on different network ?
@NetworkDirection
5 жыл бұрын
They are in different networks. They are /30's
@bhasker1999
5 жыл бұрын
@@NetworkDirection yes yes, thank you .will need to refresh my subnetting..thanks again.
@NetworkDirection
5 жыл бұрын
No worries, glad to help. I have some IP addressing and subnetting videos coming in about two weeks if you're interested
@bhasker1999
5 жыл бұрын
@@NetworkDirection that would be great..subscribe and enabled notification..
@NetworkDirection
5 жыл бұрын
Good to hear 😀
Are custa and b 10.10.0.0 networks on different interface and if so are they sub interfaces?
@NetworkDirection
4 жыл бұрын
The 10.0.0.0 network are on different routers. Is that what you mean?
Why does the vrf definition command not work on my IOS? I have to use # IP VRF CustA on my router. Also, ADDRESS-FAMILY IPV4 command not recognised in vrf configuration mode. What IOS are you using?
@NetworkDirection
5 жыл бұрын
Have you tried downloading the labs from the site?
how did you do it can you share with me , thank you
@NetworkDirection
2 жыл бұрын
How did I create the VRF do you mean?
I don't get your explanation at all. You show some topology with IPs, when you configure the routes in the vRFs they are all differents. :| I'm totally confused by this video.
Here's the lab files (Patreon): networkdirection.net/VRF+Lab+1
@DemonKamikaze
6 жыл бұрын
Really nice video! built something like this for my employer a couple of years ago, now spans multiple VRFs for internal divisions and individual business clients we process data for, inter VRF routing is accomplished with OSPF :)
@NetworkDirection
6 жыл бұрын
It works really well doesn't it? Rock solid
It's 2023 and you still charge in order to view some firewall configuration!!. Make it free man.. specially your old labs. 6$ for some firewall config🦂