Keeping it all separate with VRFs

Where do you start?
It's important to realize that as each new "greatest" technology is unveiled, those CIOs and business people out there will find reasons -- and good ones -- to change the face and focus of their business through new technology. As always, it's up to the engineers and architects to find ways to make the technology work while decreasing the impact of the initial investment. This could mean possibly consolidating the newer technologies on your current infrastructure without adding costly and unneeded circuits. Is your network ready? Forget for a second that we're heading towards service consolidation. Let's focus on a common task, which can serve as the foundation for bigger and better things in the future: separation.

Scenario
Here's the scenario: You're a small service provider with just two customers. Because of your size, you have chosen to pay for only one physical connection to the Internet (through another provider) which your customers will have to share.

Both customers A and B have chosen to use OSPF to exchange routing information with your router. This will allow each customer's networks to be known by all the routers in the Internet. But if you use OSPF for both customers, won't they be able to see each other's routes -- and potentially, everything in each other's networks? Well, maybe -- if you don't choose to separate them!

So how do you, as the provider of services, keep sensitive information between customers separate from each other? Enter the VRF.

More on this topic Crash Course: Routers Crash Course: VPNs More routing and switching links

The VRF
A Virtual Routing and Forwarding (VRF) instance is, for all intents and purposes, a logical router. A VRF consists of an IP routing table, a forwarding table, a set of interfaces that use the forwarding table and a set of rules and routing protocols that determine what goes into the forwarding table.

With this "logical router" you -- as "the little provider that could" -- can keep customers A and B completely separate from one another. You also simplify management, troubleshooting and future enhancements to each client. In this scenario the provider router, which I will now refer to as the Provider Edge (PE) router, will use two different instances of OSPF to peer with each customer. The figure below illustrates what this might look like:

This solves the first phase of your separation. The situation is made a little easier from the fact that there are two physical interfaces connecting each customer. The harder task is figuring out how to keep A and B separate on the link which connects to the Internet. In my next tip, I will show you how to configure this scenario and give you some alternatives to handling the Internet link.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Routing and Switching Routing with NAT traversal and UPnP Secure Cisco routers against IOS flaw attack Configure WAN protocols on a Layer 3 switch How routers work Network summarization -- Supernetting and wildcard masks Routing: Five common, easily avoided errors Router Expert: Building a WLAN proxy server, implementing ASR Router Expert: Building a WLAN proxy server, implementing WPAD Cisco IOS IP routing -- dynamic routing Cisco IOS IP routing: Static routes Router and Switch Management How many more users will 802.11n wireless access points support? How to connect wireless networks for printing capabilities How can I prevent collisions on my network? How to upgrade an Input/Output Supervisor (IOS) router Inter-VLAN routing with a LAN and WAN on a single router Troubleshooting IP Routing -- 'CCNA Official Exam Certification Library, 3rd Edition,' Chapter 7 How can I load balance between DSLs and LLs? How can I configure 10 VLANs with 5 unmanaged switches? Cisco's ISR inches the company toward openness How do I configure two leased lines in one router? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 32-bit IP addressing  (SearchNetworking.com) autotrunking  (SearchNetworking.com) delay-tolerant network  (SearchNetworking.com) Internet Routing in Space (IRIS)  (SearchNetworking.com) logical router  (SearchNetworking.com) routing table  (SearchNetworking.com) subnet  (SearchNetworking.com) subnet mask  (SearchNetworking.com) virtual routing and forwarding  (SearchNetworking.com) weighted fair queueing  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.