NSX-T VRF Lite Beginner Guide

VRF (Virtual Routing and Forwarding) is not a new term. It allows you to logically carve out a single router into multiple routers or routing instances that share resources on that given Physical or Logical Router (T-0). Each VRF instance has its own independent routing table and interfaces on that given router. This allows you to have a multitenant environment where each tenant can have a unique or overlapping address space that functions independently without any conflict with other tenant addressing schema (Provided segregation is provided throughout the DC network).

Little bit of background:

A decade ago L3 MPLS transport network was the preferred way to connect multiple Data Center and Branch networks, the reason being it provided better SLA, QoS, and better performance over the internet network (Best Effort). VRF configuration was very much prevalent in the Service Provider environment inside Provider Edge (PE Router) that connected Customer Edge routers to the MPLS network. Each customer was assigned a unique VRF instance on that PE router.

Service Provider network ran L3 MPLS with MP-BGP to provide MPLS services to customers. Inside service provider network customer router advertisement was managed via MP-BGP VPNv4 address family utilizing RD and RT.

Each customer could have overlapping private address space where route uniqueness was maintained inside the Service Provider network by converting IPv4 route to VPNv4 route that is route+RD. Example:

RD acronym is Route Distinguisher which distinguishes the route from each customer or tenant, which means if you have multiple customers each would have a unique RD value associate with their VRF instance. When a route is advertised through the MPLS network, the customer prefix is advertised as VPNv4 route which is the combination of the route + RD value.

To assure those customer routes are delivered to far end DC or Branch Office customer router without being leaked among different customers, RT (Route Target) was used, this is nothing but an extended community that colors or tags the route from a specific customer. You export and import RT values that are unique for each customer. Sample configuration Example:

NOTE: MPLS and MP-BGP protocol is not used in NSX-T VRF lite implementation.

What benefit does NSX-T VRF Lite or what is the advantage of using VRF Lite?

Prior to NSX-T 3.0 only way to extend tenant VRF from underlay to Virtual network was by deploying separate T-0 for each tenant to separate their routing instance. As per platform design single T-0 instance can be deployed on a given edge node, which resulted in a scale issue.

VRF Lite allows you to have multiple routing instances on single Parent T-0 without need of deploying additional T-0 Gateways for each tenant.

To learn more about VRF Lite , I highly recommend to refer following link to tutorial and NSX-T 3.0 design guide:

VRF Lite Tutorial

NSX-T 3.0 Design Guide

Amit Juneja

Leave a Reply

%d bloggers like this: