A VRF is a Virtual Routing and Fowarding table. In lamens terms its a way to make multiple routing tables that are completely separate from each other. Consider them as VLANs that operate at layer 3. VRF lite is considered a way of using VRFs to segment networks without MPLS. For now, Ill look at just VRF-lite.
LAB
In this topology, there is a requirement that OSPF needs to be used between customer sites, however, for security reasons, London should not be accessible to any users at Newcastle or Manchester. However, Newcastle & Manchester should be able to communicate between sites and share routes using OSPF. The way we are going to do this is by using VRF-lite.
First off, I configured each of the branch routers. Very simple; just a enable ospf with a network statement at each site.
Newcastle#
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.0.0.6 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
London#
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
Manchester#
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.10 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
Lets dive onto PE1 and start doing the good stuff! Im going to make two VRFs & assign them to the relevant interface. One VRF is for Manchester & Newcastle (SharedSites), and one VRF just for London.
PE1(config)#ip vrf london
PE1(config)#ip vrf SharedSites
PE1#
interface Loopback99
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding london
ip address 10.0.0.1 255.255.255.252
!
interface FastEthernet0/1
ip vrf forwarding SharedSites
ip address 10.0.0.5 255.255.255.252
!
interface FastEthernet1/0
no switchport
ip vrf forwarding SharedSites
ip address 10.0.0.9 255.255.255.252
Note that if you try and apply the command #ip vrf forwarding [vrf name] on the interface when it already has an IP address, it just swipes the config off. So its better to apply the interface to the vrf, and then put the ip address on it.
The final stage is to apply the OSPF configuration. Notice you will need a separate ospf process for each vrf.
router ospf 1 vrf london
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 3 vrf SharedSites
network 0.0.0.0 255.255.255.255 area 0
And now to verify ospf is sharing routes between Newcastle and Manchester.
NewcastleCE# sh ip route | b Gate
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
O 10.0.0.8 [110/2] via 10.0.0.5, 00:07:41, FastEthernet0/1
C 10.0.0.4 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/3] via 10.0.0.5, 00:07:41, FastEthernet0/1
Nice! If I do a quick ping to the loopback at Manchester with a source address of lo0 from Newcastle it will verify full reachability between these two branches.
Newcastle#ping 192.168.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/48 ms
Good. A quick peek at Londons routing table verifies that we do not get any of the routes to either office
LondonCE# sh ip route | b Gate
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
C 192.168.0.0/24 is directly connected, Loopback0
And thats pretty much it!