Virtual Routing and Forwarding:
Virtual Routing and Forwarding (VRF) is a Layer 3 level isolation to achieve Virtual Private Network (VPN).
Virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to co-exist within the same router.
Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.
Network functionality is improved because network paths can be segmented without requiring multiple routers.
HB: Heartbeat Link
VSX: Virtual Switching Extension
MC-LAG: Multi-chassis LAG
VRF: Virtual Routing and Forwarding
Checklist for configuring VRF on AOS-CX Switch:
It about using the command “vrf attach” to the L3 Interface.
We got two VRF here.,
Default: 172.30.29.0/24 TRANSIT SUBNET: 10.10.101.2
DOE: 10.10.200.0/24 TRANSIT SUBNET: 10.10.102.2
The transit subnet should also be a part of the VRF.
Since we only got one link from AOS-CX to 7005 Gateway, the links needs to be configured as trunk with multiple VLAN L3 interface, one for each VRF.
Create the VRF:
Create the VLANs:
Define the connection mode and VLAN tagging:
interface lag 1 multi-chassis //Connection between 2930M and AOS-CX
vlan trunk native 101
vlan trunk allowed all
lacp mode active
interface 1/1/48 //Connection between the AOS-CX and the 7005 G/W
Doing the VRF Attach:
vrf attach DOE
ip address 10.10.102.12/24
active-gateway ip mac 00:00:00:00:02:00
active-gateway ip 10.10.102.2
ip address 10.10.200.2/24
active-gateway ip 10.10.200.1
Remember to configure default Gateway on AOS-CX for each VRF:
ip route 0.0.0.0/0 10.10.102.1 vrf DOE //For VRF “DOE”
ip route 0.0.0.0/0 10.10.101.1 //For VRF “Default”
Also add the reverse route on the 7005 Gateway:
ip route 10.10.200.0 255.255.255.0 10.10.102.2 //For VRF “DOE”
ip route 172.30.29.0 255.255.255.0 10.10.101.2 //For VRF “Default”
In order to know how to configure VSX and MC-LAG, please refer the below link
IP Inteface on Different VRF - show ip interface brief
Routing Table: show ip route
Checking the clients Pingability:
Hope you find this post useful !
Are the VRF/routing limits documented somwhere for the 83xx and 6400M switches? (For example how many VRFs you can and how many routes in those)
@pubjohndoe wrote:Are the VRF/routing limits documented somwhere for the 83xx and 6400M switches? (For example how many VRFs you can and how many routes in those)
if remenber, it is 64 VRF max
The number of supported routes is documented in the product DataSheet.
The number of supported VRFs has been increased over the past main releases for 8320/8325/8400.
For all products, it is now 64 VRFs.
The number of supported routes is given for all aggregated/configured VRFs (not per VRF).
We're running MPLS between our distribution switches in different buildings and at the DCs we have a lot more than 64 VRFs configured. With dynamic segmentation we could probably do with a bit less, but currently it seems that for our use case that VRF amount would limit us.
This topic would deserve a separate thread as it is diverging from the initial subject of the current thread.
@vincent.giles wrote:This topic would deserve a separate thread as it is diverging from the initial subject of the current thread.
Yep probably 64 VRF limit is enough as there is no way to configure these centrally but just doing 'VRF-lite' type of stuff. And if you have more than 64 it's not really manageable :)
Still I think it's important to understand that there are limitations
Not sure how you would build your network with EVPN over VXLAN. Currently I think ArubaOS-CX only supports bridging, so if you're using FW as the GW you would have all the ARP entries on the FW and in a larger network that would be too much. Instead of doing IRB.
With MPLS PE's you can just have the local building PE act as a router and then just route that /23-/26 towards the rest of the network.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.