Chapter 33. Configuring virtual routing and forwarding (VRF)

With Virtual routing and forwarding (VRF), Administrators can use multiple routing tables simultaneously on the same host. For that, VRF partitions a network at layer 3. This enables the administrator to isolate traffic using separate and independent route tables per VRF domain. This technique is similar to virtual LANs (VLAN), which partitions a network at layer 2, where the operating system uses different VLAN tags to isolate traffic sharing the same physical medium.

One benefit of VRF over partitioning on layer 2 is that routing scales better considering the number of peers involved.

Red Hat Enterprise Linux uses a virtual vrt device for each VRF domain and adds routes to a VRF domain by enslaving existing network devices to a VRF device. Addresses and routes previously attached to the enslaved device will be moved inside the VRF domain.

Note that each VRF domain is isolated from each other.

33.1. Temporarily reusing the same IP address on different interfaces

The procedure in this section describes how to temporarily use the same IP address on different interfaces in one server by using the virtual routing and forwarding (VRF) feature. Use this procedure only for testing purposes, because the configuration is temporary and lost after you reboot the system.

Important

To enable remote peers to contact both VRF interfaces while reusing the same IP address, the network interfaces must belong to different broadcasting domains. A broadcast domain in a network is a set of nodes which receive broadcast traffic sent by any of them. In most configurations, all nodes connected to the same switch belong to the same broadcasting domain.

Prerequisites

  • You are logged in as the root user.
  • The network interfaces are not configured.

Procedure

  1. Create and configure the first VRF device:

    1. Create the VRF device and assign it to a routing table. For example, to create a VRF device named blue that is assigned to the 1001 routing table:

      # ip link add dev blue type vrf table 1001
    2. Enable the blue device:

      # ip link set dev blue up
    3. Assign a network device to the VRF device. For example, to add the enp1s0 Ethernet device to the blue VRF device:

      # ip link set dev enp1s0 master blue
    4. Enable the enp1s0 device:

      # ip link set dev enp1s0 up
    5. Assign an IP address and subnet mask to the enp1s0 device. For example, to set it to 192.0.2.1/24:

      # ip addr add dev enp1s0 192.0.2.1/24
  2. Create and configure the next VRF device:

    1. Create the VRF device and assign it to a routing table. For example, to create a VRF device named red that is assigned to the 1002 routing table:

      # ip link add dev red type vrf table 1002
    2. Enable the red device:

      # ip link set dev red up
    3. Assign a network device to the VRF device. For example, to add the enp7s0 Ethernet device to the red VRF device:

      # ip link set dev enp7s0 master red
    4. Enable the enp7s0 device:

      # ip link set dev enp7s0 up
    5. Assign the same IP address and subnet mask to the enp7s0 device as you used for enp1s0 in the blue VRF domain:

      # ip addr add dev enp7s0 192.0.2.1/24
  3. Optionally, create further VRF devices as described above.