Virtual Routing and Forwarding (VRF) Support


Netvisor One supports VRF (virtual routing and forwarding instances) to maintain Layer 3 isolation. VRFs are created without a vRouter and do not support running any routing protocols within the VRF. Locally on each node, for each active VRF instance, hardware VRID is allocated to provide Layer 3 isolation. VRFs provides the capability to route between connected networks by leveraging the Netvisor One vPort database within the fabric. You configure VRF and an anycast gateway subnets to provide the distributed routing capability for tenant endpoints. The distributed routing capability hosted on each leaf node avoids hair pinning traffic to the centralized vRouter.


Netvisor One supports anycast gateway routing using a virtual MAC address, anycast gateway MAC address, which is associated with the subnet anycast gateway IP address. Netvisor One provides a default fabric-wide anycast gateway MAC address, and it is also configurable. Since VRF supports connected networks only, each VRF is provided with a configurable option of VRF gateway which installs a default route to provide connectivity to subnets outside of VRF. For redundancy purposes, two VRF default gateways can be configured per leaf node.


Currently VRF only supports IPv4 routing.


Netvisor One assigns the anycast gateway MAC address to VRF from the MAC address in fabric-anycast-gateway-show output.


You can modify the MAC address using the fabric-anycast-gateway-modify command.


The default MAC address for the anycast gateway is 64:0e:94:40:00:02.


Configuring VRF and Distributed Routing with an Anycast Gateway

 

The following commands are used to configure VRF:


CLI (network-admin@Leaf1) > vrf-create


name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF. If you only have a global VNET configured, omit this parameter.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.


CLI (network-admin@Leaf1) > vrf-delete


name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assigned the VRF.


CLI (network-admin@Leaf1) > vrf-modify


name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.


CLI (network-admin@Leaf1) > vrf-show


name name-string

Displays the name of the VRF.

vnet vnet-name

Displays the name of the VNET assigned the VRF.

scope local|cluster|fabric

Displays the scope of the VRF.

vrf-gw ip-address

Displays the gateway IP address.

vrf-gw2 ip-address

Displays the second gateway IP address.


The following commands configure the subnet:


CLI (network-admin@Leaf1) > subnet-create


name name-string

Specify the name of the subnet.

scope local|cluster|fabric

Specify the scope for the VRF.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

vlan vlan-id

Specify the VLAN ID to assign to the subnet.

vxlan vxlan-id

Specify the VXLAN ID to assign to the subnet.

network ip-address

Specify the network IP address.

netmask netmask

Specify the netmask for the IP address.

vrf name-string

Specify the VRF to assign the subnet.

anycast-gw-ip ip-address

Specify the anycast gateway IP address.


CLI (network-admin@Leaf1) > subnet-delete


name name-string

Specify the name of the subnet.

vnet vnet-name

Specify the name of the VNET to assign the VRF.

vrf name-string

Specify the VRF to assign the subnet.


CLI (network-admin@Leaf1) > subnet-modify


name name-string

Specify the name of the subnet.

scope local|cluster|fabric

Specify the scope for the VRF.


CLI (network-admin@Leaf1) > subnet-show


name name-string

Displays the name of the subnet.

scope local|cluster|fabric

Displays the scope for the VRF.

vnet vnet-name

Displays the name of the VNET to assign the VRF.

vlan vlan-id

Displays the VLAN ID to assign to the subnet.

vxlan vxlan-id

Displays the VXLAN ID to assign to the subnet.

network ip-address

Displays the network IP address.

netmask netmask

Displays the netmask for the IP address.

vrf name-string

Displays the VRF to assign the subnet.

anycast-gw-ip ip-address

Displays the anycast gateway IP address.

state init|ok|vxlan not found|vxlan deactivated| subnet is not installed in hw

Displays the subnet state.

hw-state|no-hw-state

Displays if there is a hardware state present.


The following commands allow you to modify and display anycast gateway information on the fabric:


CLI (network-admin@Leaf1) > fabric-anycast-mac-modify


mac mac-address

Modify the MAC address for anycast. The default MAC address is 64:0e:94:40:00:02.


CLI (network-admin@Leaf1) > fabric-anycast-mac-show


mac:    64:0e:94:40:00:02

 

Example Configuration 


To add VRF to all switches installed on the network, use the following syntax:


CLI (network-admin@Leaf1) > vrf-create name BLUE vnet coke scope [local|fabric|cluster vrf-gw1 100.1.1.1 vrf-gw2 100.1.1.2

 

CLI (network-admin@Leaf1) > subnet-create name subnet-1 scope [local|fabric|cluster] vnet coke vxlan 10 network 10.0.10.0/24 vrf BLUE anycast-gateway-ip 10.0.10.1