About Vrf-Lite - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
About VRF-lite
About VRF-lite
VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses
can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different
VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with
each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN
SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time.
VRF-lite interfaces must be Layer 3 interfaces.
Note
VRF-lite includes these devices:
•
•
•
With VRF-lite, multiple customers can share one CE, and only one physical link is used between the CE
and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes
packets for each customer based on its own routing table. VRF-lite extends limited PE functionality to
a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of
a VPN to the branch office.
Figure 43-1
Because VRF-lite is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
Figure 43-1
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
43-2
Customer edge (CE) devices provide customer access to the service provider network over a data
link to one or more provider edge routers. The CE device advertises the site's local routes to the
provider edge router and learns the remote VPN routes from it. A Catalyst 4500 series switch can
be a CE.
Provider edge (PE) routers exchange routing information with CE devices by using static routing or
a routing protocol such as BGP, RIPv1, or RIPv2.
The PE is only required to maintain VPN routes for those VPNs to which it is directly attached,
eliminating the need for the PE to maintain all of the service provider VPN routes. Each PE router
maintains a VRF for each of its directly connected sites. Multiple interfaces on a PE router can be
associated with a single VRF if all of these sites participate in the same VPN. Each VPN is mapped
to a specified VRF. After learning local VPN routes from CEs, a PE router exchanges VPN routing
information with other PE routers by using internal BGP (iBPG).
Provider routers (or core routers) are any routers in the service provider network that do not attach
to CE devices.
shows a configuration where each Catalyst 4500 series switches acts as multiple virtual CEs.
Catalyst 4500 Series Switches Acting as Multiple Virtual CEs
VPN 1
CE
Catalyst 4500
Si
switch
VPN 2
PE
MPLS
network
MPLS-VRF
router
CE = Customer edge device
PE = Provider edge router
Chapter 43
CE
PE
Catalyst 4500
Si
switch
MPLS-VRF
router
Configuring VRF-lite
VPN 1
VPN 2
Advertisement
Chapters
Table of Contents
Troubleshooting
