VRF's & GRE

I have done a little work using VRF's recently and understand to a limited extent their purpose.

I now have a situation where I have to use a GRE tunnel across a carrier MPLS cloud to solve a particular problem.

My questions:

When a VRF is configured, is the VRF / RD value physically 'tagged' to a route when the route is advertised out to a neighbor using a dynamic routing protocol?

When I configured a VRF previously I assigned my VRF value to both routing information as well as a physical interface on my router. If a VRF is a routing instance why was it needed on the interface?

Most importantly, if I use GRE, does the GRE header hide the route tagging so that it is invisible as it flows over the carrier network ? NB My tunnel interface will be assigned with the VRF value.

Regards

Darren

Reply to
Darren Green
Loading thread data ...

RD are only carried inside M-BGP update packets

In the past you may have used numbers for your VRF names and also used the same number in VLAN sub-interfaces - I do that all the time but they do not have to match - a VRF can have a literal value (i.e a name) as well

interface GigabitEthernet x/x/x/x.1001 vrf vrf1001 ipv4 address 8.1.1.1 255.255.255.0 dot1q vlan 1001

Reply to
Merv

Thanks Merv that helps. Think I need to do some reading up on MBGP by the sounds of it.

Still unsure though why the vrf is assigned to an interface as well if the purpose of it is to enable 'routing separation'. If it was for 'interface separation' I could understand it.

I accept that I have to configure it this way to make it work and indeed this is what I did when I configured a VRF solution a while back.

Regards

Darren

Reply to
Darren Green

Actually, an "interface is assigned to a VRF."

You can attach more than one interface to a VRF. Routes that are received on interfaces that belong to a common VRF will all share the same RD which is assigned to the VRF. It is the RD that really is functioning as the "route seperator." (Route Distinguisher) =============

10.1.1.0/24-------s0---->> VRF=McDonnalds 10.2.2.0/24-------s1---->> same vrf 10.3.3.0/24-------s2---->> same vrf RD 99:99 =============

=============

10.1.1.0/24-------s3---->> VRF=Burger_King 10.2.2.0/24-------s4---->> same vrf 10.3.3.0/24-------s5---->> same vrf RD 44:44 =============

Notice the two customers, who happened to be competitors are both advertising the same common address space which overlaps with each other.

When these 32 bit IPV4 routes are placed into the VRF, the 64 bit RD associated with that VRF is attached to the route, creating a 96 bit address called a VPNv4 address. when the routes are advetertised 'into the cloud,' we can tell that the routes are different because McDonnald's routes will look like:

99:99-10.1.1.0/24 99:99-10.2.2.0/24 99:99-10.3.3.0/24 and Burger_King's routes will look like: 44:44-10.1.1.0/24 44:44-10.2.2.0/24 44:44-10.3.3.0/24

Each VRF has a unique RD. When the RD is attached to regular IPv4 routes, it makes those routes look unique. Sort of like one identical twin dressing in a red dress, and the other identical twin dressing in a blue dress. Now, you know there are two different girls......

Reply to
John Agosta

John,

Really appreciate the follow up explanation, thank you.

Starting to make a lot more sense now.

Regards

Darren

Reply to
Darren Green

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.