Configuring vRouter-based VRF (Virtual Routing and Forwarding)


Virtual Routing and Forwarding (VRF) is a technology used to partition the routing table into virtual instances (called VRF instances, or simply VRFs) that segregate routing entries in the control plane as well as in the data plane. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

Before NetVisor OS release 6.1.1, in order to support multiple VRF instances you needed to configure multiple vRouters to create isolated Layer 3 routing contexts in software. By using this strategy, you could create a ‘dumb’ 1:1 association between a vRouter and a VRF instance used to isolate Layer 3 domains in the data plane. Unicast and Multicast Fabric VRFs (see the Configuring VXLAN section for more details) were introduced as hardware entities for high-performance distributed routing and traffic segmentation. There was no corresponding VRF-aware vRouter entity associated to them and therefore no routing protocols could be run to exchange routing information (only static routing was supported).

NetVisor OS release 6.1.1 introduces ‘native’ multi-VRF support to vRouters by making use of new advanced control plane capabilities.

The new implementation is more scalable compared to previous releases as it is much less demanding in terms of memory usage and CPU load (note that the previous vRouter-per-VRF approach is basically limited by the maximum number of supported vRouters, which is switch model-dependent). In addition, since a vRouter can now run routing protocols that are VRF-aware, per VRF peering is supported with BGP.

The new implementation also allows the same interface IP address to be used across different VRF instances. (However, note that reusing the same VLAN number for two interfaces of the same vRouter is not supported.) From a multi-tenant management perspective, VRF instances can be allocated to different vNETs so that each vNET administrator can independently add or remove the VRFs from the vRouters.

The configuration of vRouter-based VRF instances leverages the existing vRouter CLI, which is augmented to include the vrf parameter in many of the existing commands (see the list below).

In addition, a key new command, vrouter-vrf-add, is added to associate VRF instances to vRouters. Corresponding vrouter-vrf-modify, vrouter-vrf-remove and vrouter-vrf-show commands are introduced too. (Note that vrouter-vrf-remove removes a VRF instance as well as all vRouter interfaces belonging to it.)

For example, you can create a vRouter and associate two VRFs to it by using the following commands:

CLI (network-admin@switch) > vrf-create name VRF1 scope fabric

CLI (network-admin@switch) > vrf-create name VRF2 scope fabric

Note: The maximum VRF name length is 15 characters in NetVisor OS.

CLI (network-admin@switch) > vrouter-create name vRouter1 vnet vNET1 router-type hardware bgp-as 100

CLI (network-admin@switch) > vrouter-vrf-add vrouter-name vRouter1 vrf VRF1

CLI (network-admin@switch) > vrouter-vrf-add vrouter-name vRouter1 vrf VRF2

Note : The same VRF cannot be added to more than one vRouter on the same node.

The next step is to configure Layer 3 interfaces and add them to the specific VRFs, for example:

CLI (network-admin@switch) > vrouter-interface-add vrouter-name vRouter1 vrf VRF1 ip vlan 100

CLI (network-admin@switch) > vrouter-interface-add vrouter-name vRouter1 vrf VRF2 ip vlan 101

Then you can specify the BGP neighbors on a per VRF basis with these commands:

CLI (network-admin@switch) > vrouter-bgp-add vrouter-name vRouter1 vrf VRF1 neighbor remote-as 100

CLI (network-admin@switch) > vrouter-bgp-add vrouter-name vRouter1 vrf VRF2 neighbor remote-as 101

Per-VRF BGP Parameters

Starting from NetVisor OS release 6.1.1 the addition of the vrf keyword makes the routing parameters VRF-aware. Some BGP parameters (such as bgp-as, bgp-redistribute, etc.) can now be specified during the vrouter-vrf-add configuration like so:

CLI (network-admin@switch) > vrouter-vrf-add vrouter-name <name> vrf <vrf-name> [bgp-as|bgp-redistribute|...]

(If a parameter is not specified, its value is inherited from the vRouter configuration.)

Subsequently, a parameter can be modified using the vrouter-vrf-modify command:

CLI (network-admin@switch) > vrouter-vrf-modify vrouter-name <name> vrf <vrf-name> [bgp-as|bgp-redistribute|...]

For example, it is possible to configure and modify a router ID on a per-VRF basis with the vrouter-vrf-add and vrouter-vrf-modify commands like so:

CLI (network-admin@switch) > vrouter-vrf-add vrouter-name vRouter1 vrf VRF1 router-id

CLI (network-admin@switch) > vrouter-vrf-show format vrf,hw-vrid,bgp-as,router-id,

vrouter-name vrf  hw-vrid bgp-as router-id

------------ ---- ------- ------ ---------

vRouter1     VRF1 3       100 

CLI (network-admin@switch) > vrouter-vrf-modify vrouter-name vRouter1 vrf VRF1 router-id

CLI (network-admin@switch) > vrouter-vrf-show format vrf,hw-vrid,bgp-as,router-id,

vrouter-name vrf  hw-vrid bgp-as router-id

------------ ---- ------- ------ ---------

vRouter1     VRF1 3       100

BGP uses the per-VRF router-id parameter value when it is configured. If it’s not, the operational per-VRF router ID value is inherited from the corresponding vRouter’s (global) router ID.

This is the full list of supported per-VRF parameters:


BGP Autonomous System number from 1 to 4294967295


BGP router id


BGP route redistribution


BGP route redistribution static metric


Route map for BGP redistribution of static routes


Metric for redistributing BGP connected routes


Route map for BGP redistribution of connected routes


Metric for redistributing RIP connected routes


Metric for BGP to redistribute OSPF connected routes


Route map for BGP redistribution of OSPF routes


IP address for BGP cluster ID


No dampening for BGP routes 


dampening is active for BGP routes


BGP Keepalive interval (seconds) - default 60


BGP Holdtime (seconds) - default 180


BGP distance for routes external to AS


BGP distance for routes internal to AS


BGP distance for local routes






Remove BGP static redist route-map


Remove BGP connect redist route-map


Remove BGP OSPF redist route-map


BGP graceful shutdown RFC 8326


BGP graceful shutdown RFC 8326 

The BGP parameters below, instead, are inherited from the vRouter (in other words, for them per VRF configuration is not supported):







VRF-aware BFD Support

VRF support was added to BFD for both static routing and dynamic routing with BGP. The following vRouter commands are VRF aware. For static routing:

CLI (network-admin@switch) > vrouter-static-bfd-show

vrouter-name src-ip    dst-ip    type       vrf

------------ --------- --------- ---------- ----

vRouter1 single-hop VRF1

vRouter2 single-hop VRF2

CLI (network-admin@switch) > vrouter-bfd-neighbor-show format out-addr,neighbor,holdown,multiplier,state,interface,vrf,flap-count,remote-router

vrouter-name out-addr  neighbor  holdown(ms) multiplier state interface vrf  flap-count remote-router

------------ --------- --------- ----------- ---------- ----- --------- ---- ---------- -------------

vRouter1 2191        3          up    eth0.100  VRF1 0          vr1

vRouter2 2230        3          up    eth1.100  VRF2 0          vr2


CLI (network-admin@switch) > vrouter-bgp-neighbor-show format neighbor,l3-port,nic,ver,remote-as,up/down,state/pfxrcd,remote-router,description,vrf

vrouter-name neighbor  l3-port nic ver remote-as up/down  state/pfxrcd remote-router description vrf

------------ --------- ------- --- --- --------- -------- ------------ ------------- ----------- ----

vRouter1 0           4   200       00:00:18 Established  vr1                       VRF1

vRouter2 0           4   100       00:00:19 Established  vr2                       VRF2

CLI (network-admin@switch) > vrouter-bfd-neighbor-show format out-addr,neighbor,holdown,multiplier,state,interface,vrf,flap-count,remote-router

vrouter-name out-addr  neighbor  holdown(ms) multiplier state interface vrf  flap-count remote-router

------------ --------- --------- ----------- ---------- ----- --------- ---- ---------- -------------

vRouter1 2118        3          up    eth0.100  VRF1 0          vr1

vRouter2 2024        3          up    eth1.100  VRF2 0          vr2

VRF-aware Commands

The full list of vRouter commands with the new vrf keyword is:

  •    vrouter-bfd-neighbor-show
  •    vrouter-bgp-add
  •    vrouter-bgp-modify 
  •    vrouter-bgp-neighbor-detail-show 
  •    vrouter-bgp-neighbor-no-shutdown
  •    vrouter-bgp-neighbor-reset 
  •    vrouter-bgp-neighbor-show 
  •    vrouter-bgp-neighbor-shutdown 
  •    vrouter-bgp-network-add
  •    vrouter-bgp-network-remove 
  •    vrouter-bgp-network-show
  •    vrouter-bgp-remove 
  •    vrouter-bgp-show 
  •    vrouter-cached-routes-show
  •    vrouter-ecmp-cached-routes-show
  •    vrouter-ecmp-group-show 
  •    vrouter-fib-arps-show 
  •    vrouter-fib-routes-show 
  •    vrouter-interface-add 
  •    vrouter-interface-modify
  •    vrouter-interface-show
  •    vrouter-ping 
  •    vrouter-routes-show 
  •    vrouter-routes-stats-show
  •    vrouter-static-bfd-add
  •    vrouter-static-bfd-remove
  •    vrouter-static-bfd-show 
  •    vrouter-static-route-add
  •    vrouter-static-route-remove 
  •    vrouter-static-route-show 
  •    vrouter-traceroute

Below are a few examples of VRF-aware commands:

CLI (network-admin@switch) > vrf-show format switch,name,scope,anycast-mac,active,hw-vrid,flags,enable

switch name  scope   anycast-mac       active hw-vrid flags   enable

------ ----- ------- ----------------- ------ ------- ------- ------

switch vrf1  cluster 64:0e:94:40:00:02 no     1       vrouter yes

switch vrf10 cluster 64:0e:94:40:00:02 no     10      vrouter yes

switch vrf11 cluster 64:0e:94:40:00:02 no     11      vrouter yes

switch vrf12 cluster 64:0e:94:40:00:02 no     12      vrouter yes

switch vrf13 cluster 64:0e:94:40:00:02 no     13      vrouter yes

switch vrf14 cluster 64:0e:94:40:00:02 no     14      vrouter yes

switch vrf15 cluster 64:0e:94:40:00:02 no     15      vrouter yes

switch vrf2  cluster 64:0e:94:40:00:02 no     2       vrouter yes

switch vrf3  cluster 64:0e:94:40:00:02 no     3       vrouter yes

switch vrf4  cluster 64:0e:94:40:00:02 no     4       vrouter yes

switch vrf5  cluster 64:0e:94:40:00:02 no     5       vrouter yes

switch vrf6  cluster 64:0e:94:40:00:02 no     6       vrouter yes

switch vrf7  cluster 64:0e:94:40:00:02 no     7       vrouter yes

switch vrf8  cluster 64:0e:94:40:00:02 no     8       vrouter yes

switch vrf9  cluster 64:0e:94:40:00:02 no     9       vrouter yes

CLI (network-admin@switch) > vrouter-vrf-show vrouter-name leaf1_vr1 format vrf,hw-vrid,bgp-as,bgp-max-paths,bgp-bestpath-as-path,bgp-ibgp-multipath

vrouter-name vrf   hw-vrid bgp-as bgp-max-paths bgp-bestpath-as-path bgp-ibgp-multipath

------------ ----- ------- ------ ------------- -------------------- ------------------ 

leaf1_vr1    vrf1  1       12101  16            multipath-relax      16                

leaf1_vr1    vrf2  2       12102  16            multipath-relax      16                 

leaf1_vr1    vrf3  3       12103  16            multipath-relax      16                

leaf1_vr1    vrf4  4       12104  16            multipath-relax      16                

leaf1_vr1    vrf5  5       12100  16            multipath-relax      16                 

leaf1_vr1    vrf6  6       12106  16            multipath-relax      16                 

leaf1_vr1    vrf7  7       12107  16            multipath-relax      16                

leaf1_vr1    vrf8  8       12108  16            multipath-relax      16                

leaf1_vr1    vrf9  9       12109  16            multipath-relax      16                

leaf1_vr1    vrf10 10      12110  16            multipath-relax      16                

leaf1_vr1    vrf11 11      12111  16            multipath-relax      16                

leaf1_vr1    vrf12 12      12112  16            multipath-relax      16                

leaf1_vr1    vrf13 13      12113  16            multipath-relax      16                

leaf1_vr1    vrf14 14      12114  16            multipath-relax      16                

leaf1_vr1    vrf15 15      12115  16            multipath-relax      16                

CLI (network-admin@switch) > vrouter-interface-show vrouter-name leaf1_vr1 vrf vrf1 format nic,ip,mac,vlan,vlan-type,nic-state,vrf

vrouter-name nic       ip            mac               vlan vlan-type nic-state vrf

------------ --------- ------------- ----------------- ---- --------- --------- -----

leaf1_vr1    eth0.110   66:0e:94:1b:c5:21 110  public    up        vrf1

leaf1_vr1    eth1.110   00:00:5e:00:01:79 110  public    down      vrf1

leaf1_vr1    eth0.111   66:0e:94:1b:c5:21 111  public    up        vrf1

leaf1_vr1    eth1.111   00:00:5e:00:01:79 111  public    down      vrf1

leaf1_vr1    eth0.112   66:0e:94:1b:c5:21 112  public    up        vrf1

leaf1_vr1    eth1.112   00:00:5e:00:01:79 112  public    down      vrf1

leaf1_vr1    eth0.113   66:0e:94:1b:c5:21 113  public    up        vrf1

leaf1_vr1    eth1.113   00:00:5e:00:01:79 113  public    down      vrf1

leaf1_vr1    eth0.114   66:0e:94:1b:c5:21 114  public    up        vrf1

leaf1_vr1    eth1.114   00:00:5e:00:01:79 114  public    down      vrf1

leaf1_vr1    eth2.3001 66:0e:94:1b:c5:21 3001 public    up        vrf1

CLI (network-admin@switch) > vrouter-bgp-neighbor-show vrouter-name leaf1_vr1 remote-router leaf2_vr1 vrf vrf1 format neighbor,remote-as,msg_rcvd,msg_sent,up/down,remote-router,vrf

vrouter-name neighbor   remote-as msg_rcvd msg_sent up/down  remote-router vrf

------------ ---------- --------- -------- -------- -------- ------------- -----

leaf1_vr1 12101     7133     7147     4d22h42m leaf2_vr1     vrf1

CLI (network-admin@switch) > vrouter-bfd-neighbor-show vrouter-name leaf1_vr1 remote-router leaf2_vr1 vrf vrf1 format out-addr,neighbor,state,interface,vrf,flap-count,remote-router

vrouter-name out-addr   neighbor   state interface vrf      flap-count remote-router

------------ ---------- ---------- ----- --------- -------- ---------- -------------

leaf1_vr1 up    eth2.3001 vrf1     0          leaf2_vr1