Understanding Multi-Vrf Ce - Cisco Catalyst 9500 series Configuration Manual

Configuring IP Unicast Routing
The switch supports multiple VPN routing/forwarding (multi-VRF) instances in customer edge (CE) devices
(multi-VRF CE) when the it is running the Network Advantage license. Multi-VRF CE allows a service
provider to support two or more VPNs with overlapping IP addresses.
The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs.
Note

Understanding Multi-VRF CE

Multi-VRF CE is a feature that allows a service provider to support two or more VPNs, where IP addresses
can be overlapped among the VPNs. Multi-VRF CE uses input interfaces to distinguish routes for different
VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each
VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but
an interface cannot belong to more than one VRF at any time.
Note Multi-VRF CE interfaces must be Layer 3 interfaces.
Multi-VRF CE includes these devices:
• Customer edge (CE) devices provide customers access to the service-provider network over a data link
• Provider edge (PE) routers exchange routing information with CE devices by using static routing or a
• Provider routers or core routers are any routers in the service provider network that do not attach to CE
With multi-VRF CE, multiple customers can share one CE, and only one physical link is used between the
CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets
for each customer based on its own routing table. Multi-VRF CE extends limited PE functionality to a CE
device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to
the branch office.
Network Topology
The figure shows a configuration using switches as multiple virtual CEs. This scenario is suited for customers
who have low bandwidth requirements for their VPN service, for example, small companies. In this case,
to one or more provider edge routers. The CE device advertises the site's local routes to the router and
learns the remote VPN routes from it. A switch can be a CE.
routing protocol such as BGP, RIPv2, OSPF, or EIGRP. The PE is only required to maintain VPN routes
for those VPNs to which it is directly attached, eliminating the need for the PE to maintain all of the
service-provider VPN routes. Each PE router maintains a VRF for each of its directly connected sites.
Multiple interfaces on a PE router can be associated with a single VRF if all of these sites participate in
the same VPN. Each VPN is mapped to a specified VRF. After learning local VPN routes from CEs, a
PE router exchanges VPN routing information with other PE routers by using internal BGP (IBPG).
devices.
Routing Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9500 Switches)
Understanding Multi-VRF CE
159