VRF Communication Method for simplified routing configuration

With the rapid growth of network infrastructure construction, the link technology of wide-area private networks in various industries has also undergone major changes. Traditional wide-area private networks are generally implemented by renting point-to-point long-distance ddnleased lines. problems such as long construction periods and difficult maintenance exist. With the popularization of MPLS technology, bgp mpls vpn technology solutions have become one of the most popular VPN solutions.

Generally, configure OSPF orMultiple RIP instances are used to learn and distribute routes between PES and CECustomer Edge. By configuring the route target route-target, and using route-map, routes between VRF can be introduced and derived, however, the disadvantage of this method is that it occupies a large amount of memory and the Protocol configuration is complicated.

In addition, in some cases, you can directly configure static routes under VRF to achieve mutual access between routes between PE and CE and VRF. However, when configuring static VRF routes, in particular, when it is a non-point-to-point link, you must specify the next hop of the route, that is, the host static route. This requires configuring different next hop addresses for static routes of different hosts, which requires a large number of repetitive operations, greatly occupying PE memory, affecting processing capability and consuming bandwidth.

In view of the problems and shortcomings of the above two VRF communication methods, this article focuses on providing a VRF communication method that can greatly reduce the routing configuration in the PE device.

This method is expanded based on the existing static VRF routes. By configuring the subnet static route to the next hop of another VRF as the outbound Interface Name, that is, configure the subnet route prefix and the static route of the outbound Interface Name of other VRF in each VRF of the PE, that is, you can configure the next hop without specifying the specific one, before forwarding packets, use ARP to obtain the target MAC address in the layer-2 header. In this way, you can replace a large number of host static routes with limited number of extended static routes on the PE, reduces resource usage. At the same time, concise Static Routing is more conducive to maintenance. Even if a new PC is added to the same subnet, no additional forwarding Static Routing is required, which greatly simplifies the configuration. The implementation method is described in the left diagram.

This method saves the subnet static route with the interface name as the next hop of another VRF in different VRF forwarding table of the PE, and sets the route pointing to the PE in each device connected to the VRF, enable OSPF, RIP, or configure static routes on these devices. If the target IP address in the PE is not directly connected to the subnet, start the proxy ARP on the secondary router CE connected to the PE.

The following describes the implementation steps of this method by taking two VRF: VRF and VRFb In the PE as an example. The address and PE interface of each device are respectively. If the original static routing configuration is used, the following configuration should be performed on the PE device, that is, to configure different next hop addresses for the PE, see the table below ).

Although the above configuration implements mutual access between VRF and VRFb, if you need to expand it, such as adding 20 PCs to the VRFb site and assigning IP addresses to 10.1.2.x, as a result, 20 static routes such as ip route vrf 10.1.2.x 255.255.255.255.255 eth 0/1 10.1.2.x must be configured in the PE, which greatly increases the configuration repeatability.

Simplify the configuration of Static Routing to achieve communication between different VRF. First, configure the default route pointing to PE on CE and PC respectively. Here, routes between CE and PE and between PC and PE can be distributed in other ways than static routes, for example, OSPF or RIP. The objective is to generate a route from CE to PE. Then configure PE as follows:

Ip route vrf 10.1.2.0 255.255.255.0 eth 0/1

The preceding command indicates the packets sent from VRF 0/1. To send the packets to the prefix 10.1.2.0/24, the packets must be sent from eth.

Ip route vrf VRFb 10.1.1.0 255.255.255.0 eth 0/0

The preceding command indicates the packets from VRFb. To send the packets to prefix 10.1.1.0/24, the packets must be sent from eth 0/0.

In this way, because the VRF of the route is different from the VRF of the outbound interface, mutual access between VRF is achieved. Two different vbrs and VRFb can communicate with each other, no specific next hop is specified for the configured subnet static route, which greatly simplifies the configuration.

Finally, let's briefly describe the process of ping VRFb's PC 10.1.2.2 from the CE Device of VRF:

When CE sends packets, it finds the default route pointing to the PE device in the local forwarding table, and the packet is sent to the eth 0/0 interface of the PE device. When the PE device receives the packets sent by CE, the destination IP address is 10.1.2.2, And the IP address searches for the route in the forwarding table of vhd. The static route 10.1.2.0/24 is selected as the best matched route; the route is forwarded to the next hop, that is, the packet is sent to the second-tier device. However, because the route has only the Interface Name and does not have a specific next hop address, therefore, the destination IP address 10.1.2.2 of the packet is used as the target of the ARP request to send ARP broadcast. The request is broadcast through a layer-2 device. After PC 10.1.1.2 receives the ARP request, it responds to the MAC address through its own interface, the request is sent back to PE. After the PE device receives the response, the target MAC address of the L2 packet is entered as the MAC address of the ARP response. The packet is forwarded to the driver and sent from the eth 0/1 interface, the next hop address of the packet is the MAC address of 10.1.2.2. After receiving the packet, PC 10.1.2.2 finds that the destination IP address of the packet is itself and submits it to the upper layer for processing.

Configuration

Ip route vrf 10.1.2.2 255.255.255.255 eth 0/1 10.1.2.2

Ip route vrf 10.1.2.3 255.255.255.255 eth 0/1 10.1.2.3

Ip route vrf 10.1.2.4 255.255.255.255 eth 0/1 10.1.2.4

Ip route vrf VRFb 10.1.1.2 255.255.255.255 eth 0/0 10.1.1.2