Keeping it all separate with VRFs
A Virtual Routing and Forwarding (VRF) instance can deliver separation across both a shared infrastructure and shared devices, ultimately simplifying management.
In recent years a lot of changes have been made in the core IP and networking markets. We continue to see more and more about newer technologies such as Voice over IP and on-demand wireless networking (to name a couple) "applications and services that will change the way you do business." At least, that's the direction a lot companies and providers are starting to head. With all the new growth in these pioneering markets, more emphasis is being placed on the concept of "smarter, not just more bandwidth." Engineers and architects are looking for new ways to consolidate services on shared backbones, which brings us to the topic of this week's article: Common technologies which can deliver separation across both a shared infrastructure and shared devices.
Where do you start?
It's important to realize that as each new "greatest" technology is unveiled, those CIOs and business people out there will find reasons -- and good ones -- to change the face and focus of their business through new technology. As always, it's up to the engineers and architects to find ways to make the technology work while decreasing the impact of the initial investment. This could mean possibly consolidating the newer technologies on your current infrastructure without adding costly and unneeded circuits. Is your network ready? Forget for a second that we're heading towards service consolidation. Let's focus on a common task, which can serve as the foundation for bigger and better things in the future: separation.
Scenario
Here's the scenario: You're a small service provider with just two customers. Because of your size, you have chosen to pay for only one physical connection to the Internet (through another provider) which your customers will have to share.
Both customers A and B have chosen to use OSPF to exchange routing information with your router. This will allow each customer's networks to be known by all the routers in the Internet. But if you use OSPF for both customers, won't they be able to see each other's routes -- and potentially, everything in each other's networks? Well, maybe -- if you don't choose to separate them!
So how do you, as the provider of services, keep sensitive information between customers separate from each other? Enter the VRF.
 |
||||
|
|
|||
|
||||
The VRF
A Virtual Routing and Forwarding (VRF) instance is, for all intents and purposes, a logical router. A VRF consists of an IP routing table, a forwarding table, a set of interfaces that use the forwarding table and a set of rules and routing protocols that determine what goes into the forwarding table.
With this "logical router" you -- as "the little provider that could" -- can keep customers A and B completely separate from one another. You also simplify management, troubleshooting and future enhancements to each client. In this scenario the provider router, which I will now refer to as the Provider Edge (PE) router, will use two different instances of OSPF to peer with each customer. The figure below illustrates what this might look like:
This solves the first phase of your separation. The situation is made a little easier from the fact that there are two physical interfaces connecting each customer. The harder task is figuring out how to keep A and B separate on the link which connects to the Internet. In my next tip, I will show you how to configure this scenario and give you some alternatives to handling the Internet link.
