Configuring Multi-Vrf Ce - Cisco Catalyst 3550 series Software Configuration Manual

Chapter 31 Configuring IP Unicast Routing

Configuring Multi-VRF CE

Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP
backbone network. A VPN is a collection of sites sharing a common routing table. A customer site is
connected to the service provider network by one or more interfaces, and the service provider associates
each interface with a VPN routing table. A VPN routing table is called a VPN routing/forwarding (VRF)
table.
The Catalyst 3550 switch supports multiple VPN routing/forwarding (multi-VRF) instances in customer
edge (CE) devices (multi-VRF CE). Multi-VRF CE allows a service provider to support two or more
VPNs with overlapping IP addresses.
The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs. For information about
Note
MPLS VRF, refer to the Cisco IOS Switching Services Configuration Guide for Release 12.1.
This section includes these topics:
•
•
•
•
•
•
•
•
Understanding Multi-VRF CE
Multi-VRF CE is a feature that allows a service provider to support two or more VPNs, where IP
addresses can be overlapped among the VPNs. Multi-VRF CE uses input interfaces to distinguish routes
for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3
interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical,
such as VLAN SVIs, but an interface cannot belong to more than one VRF at any time.
Multi-VRF CE interfaces must be Layer 3 interfaces.
Note
Multi-VRF CE includes these devices:
•
•
78-11194-09
Understanding Multi-VRF CE, page 31-65
Default Multi-VRF CE Configuration, page 31-67
Multi-VRF CE Configuration Guidelines, page 31-68
Configuring VRFs, page 31-69
Configuring a VPN Routing Session, page 31-70
Configuring BGP PE to CE Routing Sessions, page 31-70
Multi-VRF CE Configuration Example, page 31-71
Displaying Multi-VRF CE Status, page 31-75
Customer edge (CE) devices provide customers access to the service provider network over a data
link to one or more provider edge routers. The CE device advertises the site's local routes to the
router and learns the remote VPN routes from it. A Catalyst 3550 switch can be a CE.
Provider edge (PE) routers exchange routing information with CE devices by using static routing or
a routing protocol such as BGP, RIPv2, OSPF, or EIGRP. The PE is only required to maintain VPN
routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain
all of the service provider VPN routes. Each PE router maintains a VRF for each of its directly
connected sites. Multiple interfaces on a PE router can be associated with a single VRF if all of these
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Multi-VRF CE
31-65