By default, interfaces do not belong to any VRF instance until they are assigned. An interface may belong to only one VRF at a time. When you first create a VRF, the next available loopback interface is assigned as the default interface for the VRF router. Once bound to a VRF router, interfaces are configured in that VRF router context. You must first remove the bound VRF interface from its current VRF instance before moving the interface to a different VRF instance. To remove an interface from a VRF instance, along with all its configuration, use the command no interface interface-name.
In VRF configuration mode, the interface interface-name command automatically binds the named interface to the current VRF and enters interface configuration mode. If the interface has already been bound to a different VRF, an error message is displayed.
IP addresses assigned in different VRFs are completely separate, thus overlapping or identical IP addressing is permitted across different VRFs. For example, VRF “Corporate” may have IP address range 10.1.100.1/16 associated with interface ge.1.1 while the “Marketing” VRF has IP address range 10.1.100.1/16 associated with interface ge.1.2. As a packet ingresses the router, the interface it ingresses on will determine which VRF router will receive it.
On the S-Series platform, the routing tables for each VRF router will handle routes within the physical router for overlapping IP addresses. If an overlapping IP address requires communication with the outside Internet through a shared-access-VRF, you must configure the IP address for NAT-inside-VRF on the shared-access-VRF so that it will know how to communicate with the correct VRF. See VRFs With Overlapping IP Networks (S-Series) for NAT-inside-VRF details.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB