Virtual routing and forwarding (VRF) is a technology included in IP (Internet Protocol) network routers that allows multiple instances of a routing table to exist in a router and work simultaneously. This increases functionality by allowing network paths to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also increases network security and can eliminate the need for encryption and authentication. Internet service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs) for customers; thus the technology is also referred to as VPN routing and forwarding.

 VRF Diagrams

vrfDiagram

Just as with a VLAN based network using 802.1q trunks to extend the VLAN between switches, a VRF based design uses 802.1q trunks, GRE tunnels, or MPLS tags to extend and tie the VRFs together.

vrfDiagram2

Logical Router

VRF acts like a logical router, but while a logical router may include many routing tables, a VRF instance uses only a single routing table. In addition, VRF requires a forwarding table that designates the next hop for each data packet, a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that govern how the packet is forwarded. These tables prevent traffic from being forwarded outside a specific VRF path and also keep out traffic that should remain outside the VRF path.

How does this Impact NetFlow Traffic Analysis
I read that NetFlow is not VRF aware and because of this the VRF’s are not included in the NetFlow records.  However the subnets, hosts, protocols, applications, etc. etc. all show up fine in the NetFlow Reporting tool.

The long and short of this is, I have not yet to date seen any problems with VRF NetFlow environments.   However, if you are running MPLS VPN—L3VPN over GRE  by default Scrutinizer will drop all the GRE data. This can be modified by going to the Device View.

If however you are dealing with MPLS (e.g. service providers) they sometimes have overlapping IP addresses and there is nothing in NetFlow (other than ifindex) that would help keep the VRFs separate.  Using saved filters in our best at NetFlow Analysis software ‘Scrutinizer’ we can probably come up with the solution to help you.  Just give us a call.

Michael

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

5 comments on “What is VRF: Virtual Routing and Forwarding

  1. It’s a very good article however I am requesting you to add some example with configuration and type of encryption in provided in vrf. Thank you

Comments are closed.