How VRF creates virtual networks?

I see certain articles make analogies between VRF and VLAN, while the former creates virtual networks and the latter creates the virtual LAN. Then, does VRF use something like tagging as VLAN does to implement this?

Find more posts tagged with

Comments

networker050184

All a VRF is is a logical separation of routing tables. For example if you create three VRFs you then have three unique routing tables that do not (by default) share routes.

johnifanx98

networker050184 wrote: »

All a VRF is is a logical separation of routing tables. For example if you create three VRFs you then have three unique routing tables that do not (by default) share routes.

I think this is more the result instead of the implementation mechanism...

The question is: since VRF allows same IP is configured on network interfaces belonging to separate VRF, then when an IP packet arrives at the IP module, how the IP module tells which VRF to use? I assume this feature is implemented in IP module, and IP module does not have knowledge which network interface this packet came from...

networker050184

A VRF is locally significant, it doesn't transmit this information to other routers so no need for a tag of any kind. It just creates a separate routing table on the router.

If you want to get into MPLS L3 VPNs then you get into more implementation to share this information, but the VRF is still in itself just a segregated routing table.

networker050184

johnifanx98 wrote: »

The question is: since VRF allows same IP is configured on network interfaces belonging to separate VRF, then when an IP packet arrives at the IP module, how the IP module tells which VRF to use? I assume this feature is implemented in IP module, and IP module does not have knowledge which network interface this packet came from...

Interfaces are assigned to the VRF. If a packet arrives on one of these interfaces the route look up is performed in the segregated routing table.

VRFs start to make much more sense when you start getting into MPLS and VPNs where you have label look ups etc.

johnifanx98

networker050184 wrote: »

Interfaces are assigned to the VRF. If a packet arrives on one of these interfaces the route look up is performed in the segregated routing table.

VRFs start to make much more sense when you start getting into MPLS and VPNs where you have label look ups etc.

Here you make a point.

Interfaces are assigned to the VRF.

Say, when two interfaces belonging to two separate VRFs are assigned same IP network, which is allowed by VRF, there must be some technique in IP module to differentiate them.

I'm suspecting the result of assigning an interface to a VRF causes the future IP packet on this interface to be tagged for uniqueness.

networker050184

I think you are looking far too deep into a simple process. The IP module does not need to know anything about VRFs. All that needs to be known is which routing table to look into for the next hop. The router knows this by which interface the packet is received on. There is nothing special about the IP lookup that differentiates it from any other IP packet.

johnifanx98

networker050184 wrote: »

I think you are looking far too deep into a simple process. The IP module does not need to know anything about VRFs. All that needs to be known is which routing table to look into for the next hop. The router knows this by which interface the packet is received on. There is nothing special about the IP lookup that differentiates it from any other IP packet.

I'm trying to understand the WHOLE process in a layered model. For a physical router, no VRF enabled, it's simple. A packet has to be routed according the single routing table, no matter which interface it comes from. For VRF, there has to be a logic between the network interface and the routing tables, which determines the routing table applying to the packet coming from a certain network interface. Maybe this logic does not sit in the IP module. Then where it is?

networker050184

It is the same simple logic as in a router with no VRF. The only difference is that a subset of destinations and next hops are available to the look up of this packet. When the VRF is created so is a separate routing/forwarding table. When an interface is assigned to the VRF route look ups for arriving packets are only performed on this particular table.

Edit: If you want to get any deeper than that you are going to have to get into specific vendor hardware and software designs.

johnifanx98

networker050184 wrote: »

It is the same simple logic as in a router with no VRF. The only difference is that a subset of destinations and next hops are available to the look up of this packet. When the VRF is created so is a separate routing/forwarding table. When an interface is assigned to the VRF route look ups for arriving packets are only performed on this particular table.

Edit: If you want to get any deeper than that you are going to have to get into specific vendor hardware and software designs.

My curiosity is out of an appliance I am working on. The vendor creates two VRF objects to group the network interfaces of the same appliance, one for admin, and the other for business data traffic. However, the VRF object does not have routing functions at all. The vendor simply wants to separate the traffics/network interfaces. The admin applications bind to admin network interface, and the data app binds to other network interfaces.

Obviously in this case the point of VRF is not routing table, but the separation of network interfaces.

astorrs

johnifanx98 wrote: »

However, the VRF object does not have routing functions at all. The vendor simply wants to separate the traffics/network interfaces. The admin applications bind to admin network interface, and the data app binds to other network interfaces.

And they do that by maintaining separate routing/ARP tables within the device, just like networker050184's been saying.