VRF Lite for Dual ISP Gateway

Uncategorized 2 Minutes

vrflite

Scenario:

Branch office decided to have two internet connections, both getting private addresses. It is not for redundant purposes but they want to dedicate one link for DATA and other for Voice over IP. Both internet tails are ordered through the same carrier set to one to many. This means there is a single physical link onsite with 2 logically tagged tails or in Cisco’s terminology VLAN.

Office has an 1921 Cisco router onsite and due to budget constraints, cannot afford to by an extra gigabit WIC to run their VOIP vlan on.

For the purpose of this lab, we are going to have 4 VLANs. Two VLANs facing the carrier (WAN) and another pair of VLANs for the DATA and VOIP LAN network.

WAN VLANs

1023 DATA, 1024 VOIP

WAN IPs

1023 = 203.149.1.2/30, 1024 = 203.149.1.6/30

LAN VLANs

10 DATA, 20 VOIP

LAN IPs

10 = 192.168.10.0/24, 20 = 192.168.20.0/24

Challenge is you have only 2 ports on your Cisco 1921 WAN/LAN but need to run 2 networks which will have their own default gateway to the carrier. How do you solve this?

VRF Lite

Virtual Routing and Forwarding is a magical way of creating layer 3 instances on your router. Kinda like having virtual routers inside your single router. It is lite because there are no MPLS gypsy magic involvedJ

Format:

Ip vrf <vrf name>

!

int <int name>

ip vrf forwarding <vrf name>

ip add x.x.x.x x.x.x.x

!

Just remember to do the ”ip vrf forwarding” command first before putting in your ip address. Doing it the other way around, you’d lose your ip address because the moment you type that command it creates the instance within the interface and removing existing address.

ip vrf DATA
ip vrf VOIP
!
int g0/1
no shut
!
int g0/1.1023
encap dot1q 1023
desc WAN_DATA
ip vrf forwarding DATA
ip add 203.149.1.2 255.255.255.252
!
int g0/1.1024
encap dot1q 1024
desc WAN_VOIP
ip vrf forwarding VOIP
ip add 203.149.1.6 255.255.255.252
!
int g0/0
no shut
!
int g0/0.10
encap dot1q 10
desc LAN_DATA
ip vrf forwarding DATA
ip add 192.168.10.1 255.255.255.0
!
int g0/0.20
encap dot1q 20
desc LAN_VOIP
ip vrf forwarding VOIP
ip add 192.168.20.1 255.255.255.0
!
ip route vrf DATA 0.0.0.0 0.0.0.0 203.149.1.1 255.255.255.252 name DATA_GATEWAY
ip route vrf VOIP 0.0.0.0 0.0.0.0 203.149.1.5 255.255.255.252 name DATA_GATEWAY
!

You can verify that you are on the right track by doing a “sh ip route” and there should be nothing on your global routing table.

Each VRF instance would have its own routing table. So here are some helpful verification commands.

sh ip route vrf <vrf name>, so in this case it would be “sh ip route vrf DATA”
ping vrf <vrf name> x.x.x.x, ping vrf DATA 203.149.1.1
sh ip arp vrf <vrf name>, sh ip arp vrf DATA

Published by delanajero

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s