Manualshelf

User's Manual

ManualsBrandsAllied Telesis ManualsNetworkingC613-16164-00
12345678910
Understanding VRF-lite
Page 8 | Configure VRF-lite
Inter-VRF communication
Whilst the prime purpose of VRF-lite is to keep routing domains separate from each other,
there are cases where you do want some communication between VRFs.
Internal Company
Network
VRF red
(Wi-Fi)
VRF green
(company)
VRF shared
Internet
Wi-Fi access
An example to consider is multiple 'clients' requiring shared Internet access. In this case a
VRF instance can be created for each, providing secure and separate routing. Whilst
overlapping IP addresses could be used with this scenario, only one instance of each
overlapping address range will be able to access the Internet for the simple reason that when
return traffic comes back from the Internet to an address in one of the overlapped subnets,
the VRF aware device must have only one choice for which instance of that subnet to send
that return traffic to.
A distinct shared VRF is utilised to allow sharing of the Internet connection. The shared VRF
is actually just another VRF instance; it has no special VRF properties.
In the example below, each of the red and green VRFs need inter-VRF communication with
the shared VRF. This is achieved by selectively leaking routes between the shared VRF and
the other two VRFs, and vice-versa. The selective leaking can use statically configured routes
or dynamic route import/export via the BGP protocol.
For example, a company may wish to segregate their netw
ork and provide Wi-Fi access to
the Internet for visitors to the company, whilst preventing the visitors from accessing the
internal company network. The users in internal company network and visitors in the Wi-Fi
network are able to share a single common Internet connection.
Internal company and Wi-Fi networks are isolated in Layer 3 on the same device by using
different VRFs, but they want to access the Internet by using the same network interface on
VRF shared. To make it work with dynamic route import/export, VRF green (company VRF)
needs to import routes from VRF shared to access the Internet and some selected routes
from VRF green need to be exported to VRF shared. Similar configuration is needed for VRF
red (Wi-Fi VRF) for importing/exporting routes between VRF red and VRF shared.
As a result traffic flows between VRF green and VRF shared and between VRF red and VRF
shared but not between VRF green and VRF red.