🌐 VRF Routing Domains Lab

Master Virtual Routing and Forwarding with EIGRP & OSPF on Cisco IOS

πŸš€ Welcome to the VRF Routing Domains Lab!

Lab Duration: 90-120 minutes | Difficulty: Intermediate

πŸ“š What You'll Learn

  • Understand Virtual Routing and Forwarding (VRF) concepts and use cases
  • Configure multiple VRF instances on Cisco IOS routers
  • Implement EIGRP routing within VRF domains
  • Deploy OSPF routing within VRF domains
  • Configure and verify inter-VRF communication using route leaking
  • Troubleshoot common VRF configuration issues
  • Validate VRF isolation and routing table separation

πŸ’‘ Why VRF Matters

VRF technology enables network virtualization at Layer 3, allowing multiple routing tables to coexist on a single physical router. This is crucial for service providers, multi-tenant environments, and enterprise network segmentation.

πŸ—οΈ Lab Environment

You'll work with a network of 4 Cisco IOS routers interconnected to create two separate VRF domains:

  • VRF BLUE: Customer A network using EIGRP
  • VRF RED: Customer B network using OSPF

Ready to Begin?

Click through the tabs above to progress through the lab. Start with the Topology tab to understand the network design, then move to Prerequisites to ensure your environment is ready.

πŸ—ΊοΈ Network Topology

                          VRF BLUE (EIGRP AS 100)              VRF RED (OSPF Area 0)
                          
    [Customer A]                                    [Customer B]
         |                                                |
    Lo0: 10.1.1.1/32                              Lo0: 192.168.1.1/32
         |                                                |
    +---------+                                    +---------+
    |   R1    |                                    |   R3    |
    | VRF BLUE|                                    | VRF RED |
    +---------+                                    +---------+
         |                                                |
    Gi0/0: 10.10.12.1/30                     Gi0/0: 192.168.34.3/30
         |                                                |
         |                 +----------+                  |
         +-----------------|    R2    |------------------+
                      Gi0/1| PE Router|Gi0/2
                10.10.12.2/30         192.168.34.2/30
                           |          |
                     VRF BLUE      VRF RED
                           |          |
                           +----+-----+
                                |
                          Gi0/0 | GLOBAL
                     172.16.24.2/30
                                |
                          +---------+
                          |   R4    |
                          | GLOBAL  |
                          | ROUTING |
                          +---------+
                     Lo0: 172.16.4.4/32
                     
    Legend:
    - R1: Customer A Edge Router (VRF BLUE)
    - R2: Provider Edge Router (Multi-VRF)
    - R3: Customer B Edge Router (VRF RED)
    - R4: Core Router (Global Routing Table)

πŸ“Š IP Addressing Scheme

VRF Router Interface IP Address Description
BLUE R1 Lo0 10.1.1.1/32 Customer A Loopback
BLUE R1 Gi0/0 10.10.12.1/30 Link to R2
BLUE R2 Gi0/1 10.10.12.2/30 Link to R1
RED R3 Lo0 192.168.1.1/32 Customer B Loopback
RED R3 Gi0/0 192.168.34.3/30 Link to R2
RED R2 Gi0/2 192.168.34.2/30 Link to R3
Global R2 Gi0/0 172.16.24.2/30 Link to R4
Global R4 Gi0/0 172.16.24.4/30 Link to R2

πŸ’‘ Design Principle

Notice how R2 acts as the Provider Edge (PE) router, maintaining separate routing tables for each VRF while also participating in the global routing domain. This design pattern is common in MPLS L3VPN deployments.

πŸ“‹ Prerequisites & Planning

πŸ”§ Hardware Requirements

  • 4x Cisco IOS routers (ISR 2900/3900 series or virtual routers)
  • IOS version 15.0 or higher with IP Services feature set
  • Minimum 256MB RAM per router
  • Console or SSH access to all devices

πŸ“š Knowledge Prerequisites

  • Basic Cisco IOS CLI navigation
  • Understanding of IP routing concepts
  • Familiarity with EIGRP configuration
  • Basic OSPF knowledge
  • Subnetting and VLSM understanding
⚠️ Important: Ensure all routers are in a factory default state before beginning. Use "write erase" and "reload" if necessary.

🎯 Initial Setup Checklist

Pre-Configuration Tasks

  • ☐ Physical or virtual connections established between routers
  • ☐ Console access verified to all devices
  • ☐ Routers booted and responsive
  • ☐ No existing configuration present
  • ☐ Lab topology diagram available for reference

πŸ› οΈ Base Configuration Template

Apply this base configuration to all routers before starting:

# Enter configuration mode enable configure terminal # Set hostname (replace X with router number) hostname RX # Disable DNS lookup no ip domain-lookup # Set enable secret enable secret cisco # Configure console line line console 0 logging synchronous exec-timeout 0 0 password cisco login # Configure VTY lines for SSH/Telnet line vty 0 4 password cisco login transport input all # Save configuration end write memory

Ready Check

Before proceeding to configuration, verify that you can:

  • βœ“ Access all four routers
  • βœ“ See interface status with "show ip interface brief"
  • βœ“ Confirm no VRFs exist with "show vrf"

βš™οΈ VRF Configuration Implementation

πŸ”΅ R1 Configuration - Customer A (VRF BLUE)

1

Create VRF BLUE

First, we'll create the VRF instance for Customer A:

enable configure terminal # Create VRF BLUE vrf definition BLUE rd 65000:1 address-family ipv4 exit-address-family exit
2

Configure Interfaces

Assign interfaces to VRF BLUE and configure IP addresses:

# Configure Loopback interface interface Loopback0 vrf forwarding BLUE ip address 10.1.1.1 255.255.255.255 description Customer A Loopback no shutdown exit # Configure GigabitEthernet0/0 interface GigabitEthernet0/0 vrf forwarding BLUE ip address 10.10.12.1 255.255.255.252 description Link to R2 PE no shutdown exit
3

Configure EIGRP for VRF BLUE

Set up EIGRP routing within the VRF:

# Configure EIGRP for VRF BLUE router eigrp 100 address-family ipv4 vrf BLUE autonomous-system 100 network 10.0.0.0 no auto-summary exit-address-family exit # Save configuration end write memory
⚠️ Note: After applying VRF forwarding to an interface, any existing IP configuration is removed. Always reconfigure the IP address after VRF assignment.

πŸ”„ Advanced Configuration: Route Leaking

To enable controlled communication between VRFs, configure route leaking on R2:

Configure Route Leaking Between VRFs

# On R2 - Configure route leaking configure terminal # Create route-map for filtering route-map BLUE-TO-RED permit 10 match ip address prefix-list BLUE-ROUTES exit route-map RED-TO-BLUE permit 10 match ip address prefix-list RED-ROUTES exit # Create prefix lists ip prefix-list BLUE-ROUTES permit 10.1.1.1/32 ip prefix-list RED-ROUTES permit 192.168.1.1/32 # Import/Export between VRFs vrf definition BLUE address-family ipv4 import ipv4 unicast map RED-TO-BLUE export ipv4 unicast map BLUE-TO-RED exit-address-family exit vrf definition RED address-family ipv4 import ipv4 unicast map BLUE-TO-RED export ipv4 unicast map RED-TO-BLUE exit-address-family exit end write memory
⚠️ Security Note: Route leaking should be implemented carefully with proper filtering to maintain security boundaries between VRFs.

πŸ”§ Troubleshooting Guide

🚨 Common Issues and Solutions

Issue 1: EIGRP Neighbors Not Forming in VRF

Symptom: "show ip eigrp vrf BLUE neighbors" shows no neighbors

Causes & Solutions:

  • Verify interface is in correct VRF: show vrf
  • Check EIGRP AS number matches on both sides
  • Ensure network statements cover interface subnets
  • Verify interface is up/up: show ip interface brief vrf BLUE

Issue 2: OSPF Not Establishing Adjacency in VRF

Symptom: OSPF stuck in INIT or 2-WAY state

Solutions:

# Debug OSPF adjacency debug ip ospf adj # Check OSPF interfaces in VRF show ip ospf vrf RED interface # Verify OSPF process show ip ospf vrf RED # Check for area mismatch show ip ospf vrf RED neighbor detail

Issue 3: Routes Not Appearing in VRF Routing Table

Symptom: Missing routes in "show ip route vrf [name]"

Troubleshooting Steps:

  1. Verify routing protocol is running for the VRF
  2. Check if routes are in protocol database:
    • EIGRP: show ip eigrp vrf BLUE topology
    • OSPF: show ip ospf vrf RED database
  3. Verify administrative distance and metrics
  4. Check for route filtering or summarization

Issue 4: Cannot Ping Between VRFs

Symptom: Ping fails between different VRF domains

Solution: This is expected behavior! VRFs provide isolation. To enable communication:

  • Configure route leaking (import/export maps)
  • Use inter-VRF routing with static routes
  • Implement MPLS with PE-CE routing

πŸ› οΈ Useful Troubleshooting Commands

Command Purpose
show vrf Display all VRF instances
show vrf detail Show detailed VRF information including RD and interfaces
show ip route vrf * Display routing tables for all VRFs
show ip interface brief vrf [name] Show interface status for specific VRF
show ip protocols vrf [name] Display routing protocol information for VRF
ping vrf [name] [destination] Ping within a specific VRF context
traceroute vrf [name] [destination] Traceroute within VRF context
show ip cef vrf [name] Display CEF table for VRF

πŸ’‘ Pro Tip: VRF-Aware Debugging

When troubleshooting VRF issues, always remember to specify the VRF context in your commands. Many show and debug commands have VRF-specific versions. Without specifying the VRF, you're looking at the global routing table!

βœ… Verification & Testing

🎯 Step-by-Step Verification Process

Step 1: Verify VRF Creation

On R2 (PE Router), verify both VRFs are created:

R2# show vrf # Expected Output: Name Default RD Protocols Interfaces BLUE 65000:1 ipv4 Gi0/1 RED 65000:2 ipv4 Gi0/2

Step 2: Verify Interface Assignment

Check interfaces are correctly assigned to VRFs:

R2# show ip vrf interfaces # Expected Output: Interface IP-Address VRF Protocol Gi0/1 10.10.12.2 BLUE up Gi0/2 192.168.34.2 RED up

Step 3: Verify EIGRP Neighbors (VRF BLUE)

On R2, check EIGRP adjacency with R1:

R2# show ip eigrp vrf BLUE neighbors # Expected Output: EIGRP-IPv4 Neighbors for AS(100) VRF(BLUE) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.10.12.1 Gi0/1 13 00:05:24 1 100 0 3

Step 4: Verify OSPF Neighbors (VRF RED)

On R2, check OSPF adjacency with R3:

R2# show ip ospf vrf RED neighbor # Expected Output: Neighbor ID Pri State Dead Time Address Interface 3.3.3.3 1 FULL/DR 00:00:35 192.168.34.3 GigabitEthernet0/2

Step 5: Verify VRF Routing Tables

Check that routes are properly learned in each VRF:

# Check VRF BLUE routing table R2# show ip route vrf BLUE # Expected Output: Routing Table: BLUE Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets C 10.10.12.0/30 is directly connected, GigabitEthernet0/1 L 10.10.12.2/32 is directly connected, GigabitEthernet0/1 D 10.1.1.1/32 [90/130816] via 10.10.12.1, 00:10:15, GigabitEthernet0/1 # Check VRF RED routing table R2# show ip route vrf RED # Expected Output: Routing Table: RED Gateway of last resort is not set 192.168.0.0/16 is variably subnetted, 3 subnets O 192.168.1.1/32 [110/2] via 192.168.34.3, 00:08:42, GigabitEthernet0/2 C 192.168.34.0/30 is directly connected, GigabitEthernet0/2 L 192.168.34.2/32 is directly connected, GigabitEthernet0/2

Step 6: End-to-End Connectivity Test

Test connectivity within each VRF domain:

# From R2, ping R1's loopback in VRF BLUE R2# ping vrf BLUE 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5) # From R2, ping R3's loopback in VRF RED R2# ping vrf RED 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5)

Step 7: Verify VRF Isolation

Confirm that VRFs are properly isolated (this should fail):

# Try to ping from VRF BLUE to VRF RED (should fail) R2# ping vrf BLUE 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) # This failure confirms proper VRF isolation!

πŸ“Š Verification Checklist

βœ“ Complete Verification Checklist

  • ☐ All VRFs show as "up" in show vrf
  • ☐ Interfaces correctly assigned to VRFs
  • ☐ EIGRP neighbors established in VRF BLUE
  • ☐ OSPF neighbors in FULL state for VRF RED
  • ☐ Routes present in respective VRF routing tables
  • ☐ Ping successful within each VRF
  • ☐ Ping fails between VRFs (confirming isolation)
  • ☐ CEF tables populated for each VRF

πŸ’‘ Verification Best Practice

Always verify VRF configurations from multiple perspectives: control plane (routing protocols), data plane (CEF), and management plane (ping/traceroute). This comprehensive approach ensures complete validation of your VRF deployment.

πŸ“ Knowledge Check Quiz

Test your understanding of VRF concepts and configuration. Select the best answer for each question.

Question 1: What does the Route Distinguisher (RD) accomplish in a VRF configuration?
Question 2: When you apply "vrf forwarding" to an interface that already has an IP address, what happens?
Question 3: Which command correctly configures OSPF for a VRF named "CUSTOMER"?
Question 4: What is the primary benefit of using VRF-Lite in an enterprise network?
Question 5: How can you enable communication between two different VRFs on the same router?
Question 6: Which show command displays the CEF forwarding table for a specific VRF?
Question 7: In the EIGRP VRF configuration "address-family ipv4 vrf BLUE autonomous-system 100", what does the AS number represent?