Инструменты пользователя

Инструменты сайта


vrf_lite

vrf_lite

Original file

NETSHe firmware user guide

VRF Lite implementation

2018 © NETSHe Lab Ltd.

VRF Lite in NETSHe OS

Overview

VRF Lite is implemented in NETSHe OS

VRF Lite allows to have multiple similar or intersected addresses/networks assigned to different interfaces in single device as well as multiple similar or intersected routes for diffrent interfaces in single device. Please refer to https://en.wikipedia.org/wiki/Virtual_routing_and_forwarding

VRF Lite provides route and address space isolation for every VRF Lite instances. Such instances do not know about any other instances as well as about primary address space, routing tables, processes and firewall rules.

It should be noted! If some userspace network service will listen to interfaces in different instances of VRF Lite, result of working will be unpredicable!

It means that telnet server or RIP/BGP/OSPF daemons enabled in device, may work incorrectly if VRF Lite instances are used.

Primary using of VRF Lite is to provide strict IP VPN service for multiple clients in single device.

VRF Lite instance

VRF Lite Instances in NETSHe OS are represented as pseudo-interfaces with names like «vrf-XXX-YY» where «vrf-» part is mandatory, «XXX» part may be different and represent sense of instance and «YY» must be different numeric value. Overall psudo-interface name must not be longer than 16 symbols.

Reliable name is like «vrf-mgmt-0».

Configuration plan

Please do not reboot device and restart services until configuration will not be completed.

VRF creation

Create one or more VRF instances in «Network-Interfaces» page. Assign names like «vrf-XXX» to each instance.

Enable such interface and do not assign any ip address to it.

Interface creation

Create required interface, enable it, assign required ip addresses and netmasks and assign to related VRF instance.

Route creation

Create static routes which are going through interfaces created in previous step.

Final step

Create reliable firewall zones and rules for interfaces.

Reboot device.

Results

After device booting, interfaces must have configured addresses, primary rouuting table will not have routes assigned to interfaces in VRFs.

How to verify / troubleshoot?

Please use ifconfig INTERFACE_NAME command to verify ip address and interface state

Please use ip sh ro table YY command to verify routes assigned to VRF vrf-XXX-YY

vrf_lite.txt · Последнее изменение: 2020/12/17 14:52 — doku_netshe_admin