Community discussions

MikroTik App
 
User avatar
kiler129
Member
Member
Topic Author
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Can someone explain the point of VRF to me?

Thu Jul 29, 2021 12:14 am

I realize it may be a basic question (to the point I'm almost ashamed of asking it) but what is the point of using VRF?

I understand what it does I think. It allows for creating multiple virtual routers in a sense that routing decisions are separated into distinct segments, giving me multiple routing tables. This can be used to separate devices into discrete non-conflicting domains. By default the traffic cannot cross between these domains, unlike VLANs.
However, I'm struggling to see the benefit of VRF over VLAN+firewall. VLANs give me an easy way of separating the traffic of different kind (e.g. IPTV and normal) with rules in place to prohibit routing between different subnets. How is VRF different in that respect?

The only thing I found so far is that VRF allows for operation of networks where there are logically separated networks which have conflicting subnets (e.g. merge of two companies).
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: Can someone explain the point of VRF to me?

Thu Jul 29, 2021 6:43 am

There are a few reasons here.

First of all, VRF's are very often used for providing customers with MPLS L3 VPN's. This allows an ISP to give a customer a managed service whereby they handle the routing between the customer's individual locations and their internal networks. Most such customers have the same internal private network as some other customer (ex. two completely different customers using 192.168.1.0/24 internally), which would break this entire setup if you relied on traditional routing. Fortunately, with VRF's, the subnet need not be unique globally - only unique within the VRF. So you could have one customer with 192.168.1.0/24 and another customer with the exact same subnet, and route them differently for the two customers so you never have to worry about issues.

We do not deliver MPLS L3 VPN's at the moment, but are interested in VRF's in ROS 7 particularly as a potential better way of separating out management vs. customer traffic. We have approximately 140 routers in the field all of which have the same 50 firewall rules. Every time we make a firewall rule change we have to deploy it to all 140 routers. Keeping everything in sync doesn't always work and we have some drift and issues as a result. If we split things into different VRF's (one for management, one for customers) we could potentially keep customer traffic and management traffic separated on a series of routers going all the way back to our core, so that we wouldn't need a firewall at all on those 140 routers and yet still keep them secure. I still have to work out the details as to whether this will be possible in RouterOS v7 (it does not seem to be in ROS 6), but it is something I am interested in doing for our network.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Can someone explain the point of VRF to me?

Fri Jul 30, 2021 12:39 pm

An other example is that you have several routers (with different customers, networks, etc.), but you wan't to do the firewalling in only one place.
 
User avatar
feranmi
just joined
Posts: 14
Joined: Tue Aug 20, 2019 11:11 am
Location: Surulere, Lagos

Re: Can someone explain the point of VRF to me?

Fri Jul 30, 2021 6:53 pm

VRF is a way of separating routes into different routing tables in the same router. One router having multples routing tables.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Can someone explain the point of VRF to me?

Fri Jul 30, 2021 7:12 pm

Thanks, but this description is too simplistic, even those who have more than one WAN and don't use VRF can have more than one routing table inside the router...
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Can someone explain the point of VRF to me?

Fri Jul 30, 2021 7:55 pm

VRF is a way of separating routes into different routing tables in the same router. One router having multples routing tables.
And have certain interfaces and/or VLAN's "bound" exclusivly to this routing-domain.
By default there is strict separation between these routing-domains, only by "leaking" routes between the VRF you can have some "inter-VRF" routing.

Who is online

Users browsing this forum: No registered users and 15 guests