Scribd
Upload
111 views

Implementing Virtual Routing and Forwarding VRF On Cisco Nexus Data Center

HSRP

Uploaded by

zxcd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
111 views

Implementing Virtual Routing and Forwarding VRF On Cisco Nexus Data Center

HSRP

Uploaded by

zxcd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Expert Reference Series of White Papers

Implementing
Virtual Routing and
Forwarding (VRF)
on Cisco Nexus
Data Center
Switches
1-800-COURSES www.globalknowledge.com
Implementing Virtual Routing and
Forwarding (VRF) on Cisco Nexus
Data Center Switches
Chris Olsen, Global Knowledge Instructor, Author, IT Consultant

Introduction
Cisco in the past six years has developed a wide array of leading-edge technologies for the data center with a
focus on the Nexus switches and UCS servers. Within the Nexus switches, Cisco has created many different
technical approaches to achieve the two high-level objectives of connectivity or isolation. Simply put, for users to
access email on servers, query a database, or open a web page, they must have connectivity into the data center.
However, the obvious benefit of connectivity also creates the same opportunity to spread viruses, Trojans, worms,
and denial of service (DOS) attacks as well as the full array of potential security breaches. Therefore, a secure
data center design must also implement isolation for all networking devices, hosts, and virtual machines that
don’t have a productive need for connectivity amongst each other.

Cisco provides a wide array of connectivity and isolation tools within the datacenter. This white paper addresses
Virtual Routing and Forwarding (VRF), which is a Layer 3 isolation mechanism for routing protocols.

Virtual Routing and Forwarding (VRF)


In a very simple sense, a VRF provides a Layer 3 isolation mechanism within routing protocols or static routes.
In the Cisco Nexus 7000 series of data center switches, the highest level of isolation mechanisms is a Virtual Device
Context (VDC). A VDC creates a totally different and fully isolated set of switches within the entire physical
switch. This white paper addresses VRFs within a VDC when implemented on the Nexus 7000 series of switches.

A common use of VRFs is to isolate the management network from the production network. In the event that a
production network experiences any severe problems, to fix the network remotely, an engineer would need the
“broken network” to fix the network. Before VRFs, network designers often solved this dilemma by building a
network called a management network separate from the production network to aid troubleshooting with
remote connectivity. VRFs create a cost-effective management network fully isolated from the production
network while sharing the same hardware and cabling.

Another common use of VRFs is for isolation for multitenant cloud providers. Many public and private cloud
providers can create a single common data center infrastructure to provide services to several different customers
or tenants. VRFs can be implemented to ensure that the different tenants have a secure isolation from other
tenants while benefiting from the cost savings of a common infrastructure.

On any newly installed Nexus switch, there are two VRFs that exist by default, which are named default and
management. This first example is on a Nexus 5548 switch named Nexus5k.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 2


Shown next are the same default (original) VRFs within a VDC named N7K-VDC-2 on a Cisco Nexus 7010 switch.

Any other VRFs on a Nexus device need to be manually configured.

Note that even basic connectivity from or through a Nexus device requires an understanding of VRFs. The
following two different ping tests to the same destination get different responses based solely on the VRF being
referenced, or not referenced.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 3


VRF Configurations
The first configuration step is to create the VRF in the Nexus config mode. In this example, a custom VRF is
created with the name OSPFPrivate.

VRFs require Switch Virtual Interfaces (SVI) for inter-VLAN routing which is enabled with the feature interface-
vlan command. The example shown here will be based on the routing protocol OSPF, which also needs to be
enabled. Then the VRF is applied to all applicable Layer 3 interfaces within the device.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 4


OSPF is also enabled on the SVI of VLAN 10 in this example.

This example also shows enabling OSPF on a loopback interface.

Note the output of the OSPF routing protocol differs entirely based on the VRF. The following output includes
the VRF OSPFPrivate. There are no other OSPF routers in this simple example.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 5


The next output does not include the VRF. Note the lack of specific OSPF information within area 0.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 6


The OSPF protocol creates a database of entries in the Layer 3 (router) device. Again, note the content of the
database is VRF specific.

Also note how OSPF is enabled per interface, but also per interface per VRF.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 7


Conclusion
VRFs provide a valuable routing tool to provide isolation between different networks that are sharing the same
network infrastructure.

Learn More
Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge
through training.
DCUFI - Implementing Cisco Data Center Unified Fabric v5.0
DCNX7K - Configuring Cisco Nexus 7000 Switches v3.0
DCNX5K - Implementing the Cisco Nexus 5000 and 2000 v2.0

Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge


training advisor.

About the Author


Chris Olsen has been an IT trainer since 1993 and an independent consultant and technical writer since 1996. He
has taught over 60 different IT, datacenter, and telephony classes to over 15,000 students. He is a technical editor
for Global Knowledge’s lab manuals and he has published two books with Cisco Press, CIPT2 and CCNA Voice
Flash Cards. He is an author and technical editor on both Microsoft OCS 2007 and 2007 R2 certification exams, as
well as a technical author for Cisco certified courses.

Copyright ©2014 Global Knowledge Training LLC. All rights reserved. 8

You might also like