Administrator Guide
Virtual Routing and Forwarding (VRF)
VRF Overview
VRF improves functionality by allowing network paths to be segmented without using multiple devices. Using VRF also increases network
security and can eliminate the need for encryption and authentication due to traffic segmentation.
Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; VRF is
also referred to as VPN routing and forwarding.
VRF acts like a logical router; while a physical router may include many routing tables, a VRF instance uses only a single routing table. VRF
uses a forwarding table that designates the next hop for each data packet, a list of devices that may be called upon to forward the packet,
and a set of rules and routing protocols that govern how the packet is forwarded. These VRF forwarding tables prevent traffic from being
forwarded outside a specific VRF path and also keep out traffic that should remain outside the VRF path.
VRF uses interfaces to distinguish routes for different VRF instances. Interfaces in a VRF can be either physical (Ethernet port or port
channel) or logical (VLANs). You can configure identical or overlapping IP subnets on different interfaces if each interface belongs to a
different VRF instance.
Figure 150. VRF Network Example
63
952 Virtual Routing and Forwarding (VRF)