Cisco * VRF (virtual route forwarding table)

VRF-（Virtual Routing Forwarding） Virtual route forwarding table

VPN Virtual route forwarding table , Also known as VPN-instance（VPN example ）, yes PE Directly connected site A specialized entity established and maintained

Every site stay PE They all have their own VPN-instance, Every VPN-instance Contains one or more associated with the PE Directly connected CE Routing and forwarding table , In addition, if you want to implement the same VPN each Site The intercommunication between , The VPN-instance It should also include connections in other PE Issue this on VPN Of Site Routing information for .

One 、VRF Introduction to

MPLS VPN The Internet is mainly made up of CE、PE and P etc. 3 Part of it is made up of ：

1. CE(Customer Edge Router, User network edge router ） The device is directly connected to the service provider network （ chart 1 Medium MPLS Backbone network ） Connected to a , it “ perception ” Less than VPN The existence of ;
2. PE(Provider Edge Router, Backbone edge router ） Between the device and the user CE Direct connection , be responsible for VPN Service access , Handle VPN-IPv4 route , yes MPLS Three layers VPN The main implementer of ;
3. P(Provider Router, Backbone network core router ） Responsible for fast forwarding data , Not with CE Direct connection . Throughout MPLS VPN in ,P、PE Equipment needs support MPLS Basic functions of ,CE The device does not have to support MPLS.

PE yes MPLS VPN The key equipment of the network , according to PE Whether the router participates in the customer's routing ,MPLS VPN Divide into Layer3 MPLS VPN and Layer2 MPLS VPN.
among Layer3 MPLS VPN follow RFC2547bis standard , Use MBGP stay PE Distribute routing information between routers , Use MPLS Technology in VPN Transfer data between sites , So it is also called BGP/MPLS VPN.

This paper mainly expounds Layer3 MPLS VPN.

stay MPLS VPN In the network , Yes VPN All processing of occurs in PE Routers , So ,PE The router is enabled VPNv4 Address family , Introduced RD(Route Distinguisher） and RT(Route Target） Equal attribute .

1. RD With global uniqueness , By way of 8byte Of RD As IPv4 Extension of address prefix , Make not unique IPv4 The address is converted to a unique VPNv4 Address .VPNv4 The address is not visible to the client device , It is only used for the distribution of routing information on the backbone network .PE Peer to peer publishing is required based on VPNv4 Address family routing , This is usually done by MBGP Realized . natural BGP4 Can only transmit IPv4 The routing ,MP-BGP stay BGP New attributes are defined on the basis of .MP-iBGP Pass... Between neighbors VPN When users route, they will IPv4 The address is marked with RD Prefix , such VPN From the user IPv4 The route changes to VPNv4 route , To ensure that VPN The user's route goes to the opposite end PE After going up , Even if there is address space overlap , Opposite end PE It is also able to distinguish the different VPN User routing for .
2. RT Used BGP Extended community attribute in , Used to distribute routing information , With global uniqueness , The same RT Only one VPN Use , It is divided into Import RT and Export RT, It is used for importing and exporting routing information respectively . stay PE On the router for each site A virtual route forwarding table has been created VRF(VPN Routing & Forwarding）,VRF For each site Maintain logically separate routing tables , Every VRF There are Import RT and Export RT attribute . When PE from VRF Export from table VPN When routing , Use Export RT Yes VPN Route for marking ; When PE received VPNv4 When routing information , Only with RT Tag with VRF Any one of the tables Import RT The matching route will be imported to VRF In the table , Instead of being owned by the whole network VPN The routing , So as to form different VPN, Realization VPN Mutual visits and isolation . Through to Import RT and Export RT Reasonable allocation of resources , Operators can build different topology types VPN, Such as overlapping type VPN and Hub-and-spoke VPN.

Whole MPLS VPN Architecture can be divided into control plane and data plane
The control surface defines LSP The establishment of and VPN The distribution process of routing information ,
The data plane defines VPN Data forwarding process .

1. At the control level ,P Routers are not involved VPN Interaction of routing information , The client router is through CE and PE Between routers 、PE The routing interaction between routers knows that it belongs to a VPN Network topology information .CE-PE Between routers, static / Default route or adopt IGP(RIPv2、OSPF） And so on .PE-PE By adopting MP-iBGP Exchange routing information ,PE The router maintains iBGP Mesh connections or use routing reflectors to ensure that routing information is distributed to all PE Router . In addition to routing protocols , At the control level, there are also LDP, It's all over the place MPLS Distribution of labels in the network , Form a logical channel for data forwarding LSP.

At the data forwarding level ,MPLS VPN In the network transmission VPN External labels are used for business data （ Also known as tunnel label ） And inner label （ also called VPN label ） Two layer label stack structure . When one VPN The service group is composed of CE The router sends it to the portal PE Behind the router ,PE The router finds the sub interface and forwards VPN Business data .

RD： distinguish VRF To enter VRF Lu Yi X:X RD The logo of , It works in a router
RT：router-target It is divided into import RT And export RT Distinguish between different routers VRF route ,import Feel like receiving those VRF RT Identified routes ,export Decide to send out those VRF RT Identified routes

RD And RT Of export RT Values are passed
RT In direction can have multiple values , Can receive multiple VRF The routing
RT Only one value can exist in the out direction

MPLS Label assignment range ：MPLS label range 100-199

View double labels ：

      
      

       
       show 
       
       ip 
       
       cef 
       
       vrf 
       
       x 
       
       y.
       
       y.
       
       y.
       
       y
       
       /
       
       24
       
       

       
       （ belt V Identifies that the route is routed by VPNV4 Pass on ）
      
      
      
      

       
       
1.
       
       
2.
      
      

      
      

       
       Show 
       
       ip 
       
       cef 
       
       

       
        see CEF surface 
       
       

       
       Show 
       
       ip 
       
       bgp 
       
       vpnv4 
       
       all 
       
       

       
        see VPNV4 All routes 
       
       

       
       show 
       
       mpls 
       
       forwarding
       
       -
       
       table 
       
       

       
        see CEF The tag 
      
      
      
      

       
       
1.
       
       
2.
       
       
3.
       
       
4.
       
       
5.
       
       
6.
      
      

Two 、VRF Problem solved

1. Implement similar dedicated PE The function of , Use routes to isolate different vpn user .
2. Solve the problem of address overlap
   That is, it supports both client devices with public addresses and client devices with private addresses , Or more VPN Use the same address space ;
   You can also support creating overlaps VPN, The so-called overlap VPN It means that the same site belongs to multiple sites at the same time VPN The situation of .

3、 ... and 、 Why introduce RT And RD
1. introduce RT The concept of
stay PE in , There is a global routing table 、vrf etc. , Select a route from the global routing table to vrf be called export export ; from vrf Selecting a route to the global route table in is called import.RT Used to distribute routing information , It is divided into Import RT and Export RT, Used for importing routing information 、 Export policy . When exporting routes from the global route table to vrf when , Use Export RT Yes VPN Route for marking ; Importing to global route VPNv4 When routing , Only with RT Tag with VRF Any one of the tables Import RT The matching routes will be imported into the global route table .RT bring PE Routers contain only those directly connected to them VPN The routing , Instead of being owned by the whole network ipvpnv4 The routing , Thus saving PE Router information Source , Improved network expansibility . In a VRF in , Use... When publishing routes RT Of export The rules . Send directly to other PE equipment . At the receiving end PE On , Receive all routes , And according to each VRF Configured RT Of import Check the rules , If it is related to RT attribute match, Then add the route to the corresponding VRF in .

Export Target: This is me. VRF What mark is marked on the route sent out ;
Import Target： This is me. VRF What marked routes are accepted .

2. introduce RD The concept of
ISP The network needs to bring information from CE User's route , Other information delivered to the user through the public network CE Router . But the routes from different users may be the same （ overlap ）. hypothesis A The user has a routing entry that is 10.180.0.0/16,B The user has a route 10.180.0.0/16. In this way ISP The interior will not be able to distinguish 10.180.0.0/16 Which user is it . In order to solve this problem RD （64bit） Concept , take ipv4 The address is extended to ipvpn4 Address （RD:ipv4）, stay ISP Internal propagation routes are generated for each from CE Add a distinguishing identifier to the route of , This is the opposite ISP,PE Received different vrf The same route , Can accurately distinguish . hypothesis A User RD yes 65001:1,B User RD by 65002：1, such A Of 10.180.0.0/16 It is expanded to 65001:1:10.180.0.0/16,B Expand to 65002：1：10.180.0.0/16 , This extended route becomes ipvpn4 route. as long as RD Globally unique , Will not be unique IPv4 The address is converted to a unique IPVPNv4 Address , however IPVPNv4 The address is not visible to the client device .

Creator ：Eric· Charles