Do you know about VRF lite in MPLS networks ?

Today I am going to talk about the VRF lite feature which many of you know and some of you really want to understand the concept of VRF lite in details. Here in this article we will talk about the VRF lite and I will take configuration part in another article.

Before we will start with the VRF lite, you guys should know what is PE and CE routers. In the MPLS scenario the PE router is the Provider's edge router and the CE is the Customer edge router where the routing or L2 protocol works. The MPLS works start between one end PE to other end PE routers.

What is VRF lite and what is the purpose of the VRF lite ?

VRF-lite is a feature in MPLS environment that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. 

Fig 1.1- MPLS 

Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time.

Where we are using the VRF lite PE router or CE Router ?

Well let me talk about the CE router/device first, Customer edge (CE) devices provide customer access to the service provider network over a data link to one or more provider edge routers. The CE device advertises the site's local routes to the provider edge router and learns the remote VPN routes from it. 

Provider edge (PE) routers exchange routing information with CE devices by using static routing or a routing protocol such as BGP, RIPv1, or RIPv2.

What is the purpose of the PE router in the VRF lite scenario ?

The purpose of the PE device is to only required to maintain VPN routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain all of the service provider VPN routes. Each PE router maintains a VRF for each of its directly connected sites. Multiple interfaces on a PE router can be associated with a single VRF if all of these sites participate in the same VPN. 

Each VPN is mapped to a specified VRF. After learning local VPN routes from CEs, a PE router exchanges VPN routing information with other PE routers by using internal BGP (IBPG).

With VRF-lite, multiple customers can share one CE, and only one physical link is used between the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or routes packets for each customer based on its own routing table. VRF-lite extends limited PE functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office.

What are the components of the VRF-lite ?

Let me talk about the configuration part, to configure VRF, create a VRF table and specify the Layer 3 interface associated with the VRF. Then configure the routing protocols in the VPN and between the CE and the PE. You can use various routing protocols between PE and CE but service provider always that BGP is the preferred routing protocol used to distribute VPN routing information across the provider's backbone. 

Below are the VRF-lite network major components:

• VPN route target communities: The first one is VPN route target community and it consists of lists of all other members of a VPN community. You need to configure VPN route targets for each VPN community member.
• MP-BGP peering of VPN community PE routers: The second is the MP-iBGP peering which will propagates VRF reachability information to all members of a VPN community. You need to configure BGP peering in all PE routers within a VPN community.
• VPN forwarding: The third one is VPN forwarding and it transports all traffic between all VPN community members across a VPN service-provider network.