Virtual Routing and Forwarding (VRF) Support

Netvisor OS supports VRF (virtual routing and forwarding instances) to maintain Layer 3 isolation. VRFs are created without a vRouter and do not support running any routing protocols within the VRF. Locally on each node, for each active VRF instance, hardware VRID is allocated to provide Layer 3 isolation. VRFs provides the capability to route between connected networks by leveraging the Netvisor OS vPort database within the fabric. You configure VRF and an anycast gateway subnets to provide the distributed routing capability for tenant endpoints. The distributed routing capability hosted on each leaf node avoids hair pinning traffic to the centralized vRouter.

Netvisor OS supports anycast gateway routing using a virtual MAC address, anycast gateway MAC address, which is associated with the subnet anycast gateway IP address. Netvisor OS provides a default fabric-wide anycast gateway MAC address, and it is also configurable. Since VRF supports connected networks only, each VRF is provided with a configurable option of VRF gateway which installs a default route to provide connectivity to subnets outside of VRF. For redundancy purposes, two VRF default gateways can be configured per leaf node.

Currently VRF only support IPv4 routing.

Netvisor OS assigns the anycast gateway MAC address to VRF from the MAC address in fabric-anycast-gatway-show output. You can modify the MAC address using the fabric-anycast-gateway-modify command.

The default MAC address for the anycast gateway is 64:0e:94:40:00:02.

Configuring VRF and Distributed Routing with an Anycast Gateway

 

The following commands are used to configure VRF:

CLI network-admin@Leaf1 > vrf-create

name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF. If you only have a global VNET configured, omit this parameter.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.

CLI network-admin@Leaf1 > vrf-delete

name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assigned the VRF.

CLI network-admin@Leaf1 > vrf-modify

name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.

CLI network-admin@Leaf1 > vrf-show

name name-string

Displays the name of the VRF.

vnet vnet-name

Displays the name of the VNET assigned the VRF.

scope local|cluster|fabric

Displays the scope of the VRF.

vrf-gw ip-address

Displays the gateway IP address.

vrf-gw2 ip-address

Displays the second gateway IP address.

The following commands configure the subnet:

CLI network-admin@Leaf1 > subnet-create

name name-string

Specify the name of the subnet.

scope local|cluster|fabric

Specify the scope for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

vlan vlan-id

Specify the VLAN ID to assign to the subnet.

vxlan vxlan-id

Specify the VXLAN ID to assign to the subnet.

network ip-address

Specify the network IP address.

netmask netmask

Specify the netmask for the IP address.

vrf name-string

Specify the VRF to assign the subnet.

anycast-gw-ip ip-address

Specify the anycast gateway IP address.

CLI network-admin@Leaf1 > subnet-delete

name name-string

Specify the name of the subnet.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

vrf name-string

Specify the VRF to assign the subnet.

CLI network-admin@Leaf1 > subnet-modify

name name-string

Specify the name of the subnet.

scope local|cluster|fabric

Specify the scope for the VRF.

CLI network-admin@Leaf1 > subnet-show

name name-string

Displays the name of the subnet.

scope local|cluster|fabric

Displays the scope for the VRF.

vnet vnet-name

Displays the name of the VNET to assign the VRF.

vlan vlan-id

Displays the VLAN ID to assign to the subnet.

vxlan vxlan-id

Displays the VXLAN ID to assign to the subnet.

network ip-address

Displays the network IP address.

netmask netmask

Displays the netmask for the IP address.

vrf name-string

Displays the VRF to assign the subnet.

anycast-gw-ip ip-address

Displays the anycast gateway IP address.

state init|ok|vxlan not found|vxlan deactivated| subnet is not installed in hw

Displays the subnet state.

hw-state|no-hw-state

Displays if there is a hardware state present.

The following commands allow you to modify and display anycast gateway information on the fabric:

CLI network-admin@Leaf1 > fabric-anycast-mac-modify

mac mac-address

Modify the MAC address for anycast. The default MAC address is 64:0e:94:40:00:02.

CLI network-admin@Leaf1 > fabric-anycast-mac-show

mac:    64:0e:94:40:00:02

 

Example Configuration 

To add VRF to all switches installed on the network, use the following syntax:

CLI network-admin@Leaf1 > vrf-create name BLUE vnet coke scope [local|fabric|cluster vrf-gw1 100.1.1.1 vrf-gw2 100.1.1.2

 

CLI network-admin@Leaf1 > subnet-create name subnet-1 scope [local|fabric|cluster] vnet coke vxlan 10 network 10.0.10.0/24 vrf BLUE anycast-gateway-ip 10.0.10.1