Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:09,679 --> 00:00:13,019 This is a complete course for the CCNA. 2 00:00:13,019 --> 00:00:17,910 In this video we will cover Virtual Routing\nand Forwarding, VRF. 3 00:00:17,910 --> 00:00:23,879 VRF allows us to divide one physical router\n 4 00:00:23,879 --> 00:00:27,278 You can think of it like VLANs for routers. 5 00:00:27,278 --> 00:00:33,310 VLANs divide a switch into multiple virtual\n 6 00:00:33,310 --> 00:00:39,010 and VRF divides a router into multiple virtual\n 7 00:00:39,009 --> 00:00:43,070 Here’s what we’ll cover in this video. 8 00:00:43,070 --> 00:00:49,530 First I will introduce the concept of VRF\n 9 00:00:50,869 --> 00:00:56,369 Note that VRF configuration isn’t actually\n 10 00:00:56,369 --> 00:00:59,609 configurations will help you understand how\nit works. 11 00:00:59,609 --> 00:01:05,930 Unfortunately VRF isn’t supported in Packet\n 12 00:01:05,930 --> 00:01:11,870 you’ll need to use something like Cisco\n 13 00:01:15,230 --> 00:01:19,840 The diagram at the bottom gives an idea of\nhow VRFs work. 14 00:01:19,840 --> 00:01:25,109 The black box in the middle represents R1,\n 15 00:01:25,109 --> 00:01:31,250 The blue, green, and red router icons inside\n 16 00:01:32,629 --> 00:01:37,579 Let’s call them VRF1, VRF2, and VRF3. 17 00:01:37,579 --> 00:01:43,950 So, Virtual Routing and Forwarding is used\n 18 00:01:45,430 --> 00:01:51,030 This is similar to how VLANs are used to divide\n 19 00:01:54,149 --> 00:01:59,950 By default, all interfaces on a switch are\n 20 00:01:59,950 --> 00:02:06,740 When using VLANs, we can divide that one broadcast\n 21 00:02:06,739 --> 00:02:12,719 Similarly, by default all router interfaces\n 22 00:02:12,719 --> 00:02:17,439 By ‘routing domain’ I mean, by default\n 23 00:02:17,439 --> 00:02:21,710 be forwarded out of any other interface on\n 24 00:02:22,710 --> 00:02:30,810 For example, without using VRF, in the diagram\n 25 00:02:30,810 --> 00:02:35,409 can be routed to and forwarded out of R1’s\nG1/2 interface. 26 00:02:35,409 --> 00:02:38,509 However, with VRF that won’t be possible. 27 00:02:38,509 --> 00:02:47,729 G0/0 is in VRF1 and G1/2 is in VRF3, so traffic\n 28 00:02:49,969 --> 00:02:55,269 It does this allowing a router to build separate\nrouting tables. 29 00:02:55,269 --> 00:03:00,189 Normally a router has one routing table, but\n 30 00:03:00,189 --> 00:03:06,598 Interfaces, specifically layer 3 interfaces,\n 31 00:03:09,699 --> 00:03:14,359 Keep in mind that VRF does not apply to Layer\n 32 00:03:14,360 --> 00:03:20,049 Only router interfaces, SVIs, and routed ports\n 33 00:03:24,169 --> 00:03:28,739 As I mentioned before, traffic in one VRF\n 34 00:03:30,348 --> 00:03:36,048 However, as an exception VRF Leaking can be\n 35 00:03:38,098 --> 00:03:42,098 That is a more advanced concept though and\n 36 00:03:42,098 --> 00:03:44,949 So, what is the main purpose of VRF? 37 00:03:44,949 --> 00:03:51,250 Well VRF is commonly used to facilitate MPLS,\n 38 00:03:51,250 --> 00:03:55,430 However, that’s actually not the kind of\n 39 00:03:55,430 --> 00:04:01,569 The kind of VRF we are talking about is VRF-lite,\n 40 00:04:01,568 --> 00:04:08,109 So, keep in mind that when I say ‘VRF’\n 41 00:04:08,110 --> 00:04:13,890 VRF is commonly used by service providers\n 42 00:04:17,290 --> 00:04:19,379 Well, there are two main points. 43 00:04:19,379 --> 00:04:24,569 First, each customer’s traffic is isolated\n 44 00:04:24,569 --> 00:04:29,790 to their own virtual router within the service\n 45 00:04:29,790 --> 00:04:35,439 In the diagram below, let’s say the blue,\n 46 00:04:36,800 --> 00:04:41,500 All customers connect to the same service\n 47 00:04:41,500 --> 00:04:45,889 a different virtual router, a different VRF\ninstance. 48 00:04:45,889 --> 00:04:50,600 And another major point is that customer IP\n 49 00:04:50,600 --> 00:05:01,770 For example, the blue customer uses subnets\n 50 00:05:01,769 --> 00:05:06,159 The green customer also uses 192.168.1.0/24\nand 2.0/24. 51 00:05:11,129 --> 00:05:15,629 Without VRF, this kind of configuration is\n 52 00:05:15,629 --> 00:05:19,699 But with VRF, it works fine even though the\n 53 00:05:19,699 --> 00:05:25,569 Okay, now let’s try configuring VRF to help\n 54 00:05:25,569 --> 00:05:31,019 To demonstrate VRF configuration I’ll use\nthe network below. 55 00:05:31,019 --> 00:05:37,948 SPR1 is a service provider router providing\n 56 00:05:39,730 --> 00:05:48,629 C1R1 and C1R2 belong to Customer 1 and C2R1\n 57 00:05:50,470 --> 00:05:55,460 Both Customer 1 and Customer 2 use subnet\n192.168.1.0/30. 58 00:05:55,459 --> 00:06:03,269 First, let’s see what happens when we try\n 59 00:06:03,269 --> 00:06:09,979 First I configured SPR1’s G0/0 and G0/1,\n 60 00:06:12,040 --> 00:06:20,569 But when I try to configure G0/2, I get an\n 61 00:06:20,569 --> 00:06:29,129 G0/2 cannot use IP address 192.168.1.1 because\n 62 00:06:29,129 --> 00:06:34,149 In this case it’s the exact same IP address,\n 63 00:06:36,769 --> 00:06:44,759 To prove that point I tried to configure it\n 64 00:06:44,759 --> 00:06:49,879 Even if the IP address is different, G0/2\n 65 00:06:51,209 --> 00:06:58,919 So, without the use of VRF, two interfaces\n 66 00:06:58,920 --> 00:07:04,689 Next let’s use VRF to configure this network\nproperly. 67 00:07:04,689 --> 00:07:09,189 First we have to create the VRFs, which can\n 68 00:07:09,189 --> 00:07:13,500 IP VRF, followed by the VRF name. 69 00:07:13,500 --> 00:07:19,740 Here I created two VRFs, one named CUSTOMER1\n 70 00:07:19,740 --> 00:07:25,329 I then used the command SHOW IP VRF which\n 71 00:07:25,329 --> 00:07:28,750 As you can see, the CUSTOMER1 and CUSTOMER2\nVRFs were created. 72 00:07:28,750 --> 00:07:34,959 The next step is to assign interfaces to each\nVRF. 73 00:07:34,959 --> 00:07:42,969 So, from interface config mode for G0/0 I\n 74 00:07:42,970 --> 00:07:50,199 G0/0 is now part of the CUSTOMER1 VRF, however\n 75 00:07:50,199 --> 00:07:57,840 Interface G0/0 IPv4 disabled and addresses\n 76 00:07:57,839 --> 00:08:02,849 If an interface has an IP address configured,\n 77 00:08:05,230 --> 00:08:12,210 So, I then re-configured the IP address, 192.168.1.1/30. 78 00:08:14,029 --> 00:08:19,359 Again, the IP address I configured before\n 79 00:08:22,199 --> 00:08:25,639 I then configured the G0/2 interface. 80 00:08:25,639 --> 00:08:32,889 Note that this time it worked, I was able\n 81 00:08:34,990 --> 00:08:39,220 That’s because they are in separate VRFs. 82 00:08:39,220 --> 00:08:42,149 I then configured G0/3 as well. 83 00:08:42,149 --> 00:08:48,320 I then once again confirmed the VRFs and now\n 84 00:08:48,320 --> 00:08:55,381 So, SPR1 is now divided into two separate\n 85 00:08:55,380 --> 00:09:03,240 includes G0/0 and G0/1, and the CUSTOMER2\n 86 00:09:03,240 --> 00:09:11,450 So, basic configuration of VRF-lite is simple:\n 87 00:09:11,450 --> 00:09:16,860 assign interfaces to VRFs with the IP VRF\nFORWARDING command. 88 00:09:16,860 --> 00:09:23,200 There is of course a lot more depth to VRFs,\n 89 00:09:23,200 --> 00:09:28,450 I then used SHOW IP ROUTE on SPR1, but I don’t\nsee any routes. 90 00:09:28,450 --> 00:09:32,959 Usually you’d expect to see connected and\n 91 00:09:32,958 --> 00:09:37,639 on interfaces, so why is nothing displayed\nhere? 92 00:09:37,639 --> 00:09:42,191 SHOW IP ROUTE displays the ‘global routing\n 93 00:09:42,191 --> 00:09:45,350 you’re used to when not using VRFs. 94 00:09:45,350 --> 00:09:52,009 In this case, all of SPR1’s interfaces are\n 95 00:09:52,009 --> 00:09:57,278 By the way, you can have a mix of interfaces\n 96 00:09:57,278 --> 00:10:04,958 So, I then used the command SHOW IP ROUTE\n 97 00:10:04,958 --> 00:10:08,588 the connected and local routes for G0/0 and\nG0/1. 98 00:10:08,589 --> 00:10:14,900 So, if you want to see a VRF’s routing table\n 99 00:10:16,970 --> 00:10:20,190 Here I viewed the CUSTOMER2 VRF’s routing\ntable. 100 00:10:20,190 --> 00:10:25,970 So, these are separate routing tables from\n 101 00:10:25,970 --> 00:10:30,649 By the way, if an interface is not in a VRF\n 102 00:10:30,649 --> 00:10:36,278 table, and it will be isolated from the interfaces\n 103 00:10:36,278 --> 00:10:40,419 VRFs are isolated from each other. 104 00:10:40,419 --> 00:10:44,169 To test reachability, I tried some pings from\nSPR1. 105 00:10:44,169 --> 00:10:50,129 I first pinged 192.168.1.2, but all the pings\nfailed. 106 00:10:51,129 --> 00:10:55,299 It’s because, in the global routing table,\nthere are no routes. 107 00:10:55,299 --> 00:10:59,859 As I showed in the previous slide, the global\n 108 00:10:59,860 --> 00:11:06,129 You can specify the VRF when pinging like\n 109 00:11:09,720 --> 00:11:13,420 Which device was SPR1 pinging in this case? 110 00:11:13,419 --> 00:11:22,149 There are two devices with the IP address\n 111 00:11:22,149 --> 00:11:29,139 SPR1 was pinging C1R1 because I specified\nthe CUSTOMER1 VRF. 112 00:11:29,139 --> 00:11:38,580 In the CUSTOMER1 VRF again I pinged 192.168.11.2,\n 113 00:11:41,528 --> 00:11:47,159 That’s because, in the CUSTOMER1 VRF’s\n 114 00:11:49,759 --> 00:11:55,769 This time I pinged 192.168.1.2 and specified\nthe CUSTOMER2 VRF. 115 00:11:55,769 --> 00:11:58,690 Who is SPR1 pinging this time? 116 00:11:58,690 --> 00:12:04,110 C2R1, connected to G0/2 in the CUSTOMER2 VRF. 117 00:12:04,110 --> 00:12:11,730 And I pinged 192.168.12.2, C2R2, which worked\n 118 00:12:11,730 --> 00:12:18,028 So, to sum it up, hosts in the same VRF can\n 119 00:12:20,309 --> 00:12:24,829 SPR1 was divided into two separate virtual\nrouters. 120 00:12:24,830 --> 00:12:28,149 Here’s what we covered in this video. 121 00:12:28,149 --> 00:12:34,259 I introduced VRFs and showed the basics of\n 122 00:12:34,259 --> 00:12:39,458 But remember, what we mentioned in this video\n 123 00:12:39,458 --> 00:12:42,578 which means we’re not using VRF with MPLS. 124 00:12:42,578 --> 00:12:48,819 VRF is used to split a router up into multiple\n 125 00:12:50,629 --> 00:12:56,278 Service providers can use VRFs to allow multiple\n 126 00:12:56,278 --> 00:12:59,049 while still allowing their traffic to be isolated. 127 00:12:59,049 --> 00:13:04,278 Plus, it doesn’t matter if customers use\n 128 00:13:04,278 --> 00:13:08,200 each VRF is a separate routing table. 129 00:13:08,200 --> 00:13:13,778 For the CCNA, it’s enough to just understand\n 130 00:13:13,778 --> 00:13:19,328 to study at the CCNP level and beyond you’ll\n 131 00:13:19,328 --> 00:13:24,859 Okay, let’s go to the quiz, here’s question\n1. 132 00:13:24,860 --> 00:13:29,090 You issue the following commands on R1’s\nG0/0 interface. 133 00:13:29,090 --> 00:13:36,899 However, after issuing show ip interface brief\n 134 00:13:38,129 --> 00:13:42,200 Pause the video now to think about the answer. 135 00:13:42,200 --> 00:13:50,950 Okay, the answer is B, the IP address was\n 136 00:13:50,950 --> 00:13:57,079 As I showed earlier, if an interface already\n 137 00:13:57,078 --> 00:14:00,149 removed when you assign it to a VRF. 138 00:14:00,149 --> 00:14:03,139 You will then have to re-configure the IP\naddress. 139 00:14:03,139 --> 00:14:08,759 So, if you’re planning to use VRFs you should\n 140 00:14:16,820 --> 00:14:23,680 If you issue the command ping 192.168.1.10\n 141 00:14:23,679 --> 00:14:28,588 Pause the video now to select the best answer. 142 00:14:28,589 --> 00:14:33,930 Okay, the answer is D, no device will respond. 143 00:14:33,929 --> 00:14:38,309 Actually, R1 won’t be able to even send\nthe pings. 144 00:14:38,309 --> 00:14:44,299 All of R1’s interfaces are assigned to VRFs,\n 145 00:14:46,669 --> 00:14:51,269 None of R1’s interfaces are using the global\n 146 00:14:51,269 --> 00:14:53,889 be empty and it won’t be able to send the\npings. 147 00:14:59,289 --> 00:15:04,649 Which of the following statements about VLANs\n 148 00:15:04,649 --> 00:15:09,250 Pause the video now to select your answers. 149 00:15:09,250 --> 00:15:18,549 Okay, the answers are C, D, and F. VRFs divide\n 150 00:15:18,549 --> 00:15:23,409 In effect, you are dividing the router into\n 151 00:15:23,409 --> 00:15:29,350 VLANs, on the other hand, divide switches\n 152 00:15:29,350 --> 00:15:34,070 And router interfaces in different VRFs can\n 153 00:15:36,149 --> 00:15:41,639 A is incorrect because VRFs do not create\n 154 00:15:41,639 --> 00:15:47,299 Router interfaces are already in separate\n 155 00:15:47,299 --> 00:15:52,659 B is wrong because VLANs do not create separate\n 156 00:15:52,659 --> 00:15:56,469 the switch still keeps one MAC address table. 157 00:15:56,470 --> 00:16:01,980 And E is wrong because VRFs can also be configured\n 158 00:16:01,980 --> 00:16:04,769 switches, not just on routers. 159 00:16:04,769 --> 00:16:07,589 Okay, that’s all for the quiz and this video. 160 00:16:07,589 --> 00:16:11,720 I hope it was helpful, thanks for watching. 13129