What is VRF in Networking? What is VRF Lite?

The VRF’s full form in networking is Virtual Routing and Forwarding.  To forward a received packet, a network router does a lookup in the routing table and sends the packet to the next hop. The routing table is global and applicable to all network traffic coming in.

What is Virtual Routing or VRF?

It is similar to usual IP routing, but unlike the normal router, a router with VRF technology may have multiple routing tables to separate the IP traffic. It is similar to the VLAN but works on layer 3 and segregates the network packets based on the IP address not using VLAN tagging.

This creates the virtualization of a single router into multiple routers.  A network user feels that all segmented traffic has its own dedicated routers. But the difference is that in VRF there can be only one routing table, while a router may have multiple.

By isolating network traffic,  a service provider can provide a VPN to its customers.  This cut down the requirements for authentication and encryption.

How does IP Routing work?

Network communication means transmitting data (in packets) from one host to another. The communicating hosts may be in the same or different networks. Each packet has an IP header that has source and destination IP addresses along with the user data. 

When a host needs to send data out, it sends a packet to the router. At the host, the router address is configured as the default gateway.

Once gets a packer, the router looks into the global routing table and forwards the packet to the next hope. The next-hop could be another router or destination machine. Routing using a global routing table is named default routing.

Why do we need the separation of IP traffic?

We need the separation of entities in many cases.  Suppose there are multiple departments in a company and we do not want to expose any resource from one department to another.  The option is simple, limit communication within a department.  By restricting access, the HR department can not have access to marketing servers or files.

Why do we need VRF if there is a VLAN option?

Both isolate the network traffic. But they are a distance apart. The way they work answers the difference.  VLAN works at layer two while VRF is at layer 3.   

If there are multiple VLANs in the company, over the switches. All switches are connected to the router for external network access.  This brings a problem, a host in VLAN can access another host in another VLAN.  If we have VRF, a host can access hosts in the same VRF.

Using VRF, an ISP can provide isolation of IP traffic between distant hosts.   The ISP will configure VRF on each router between the path.

Virtual Routing Tables in VRF:

These are similar to the normal routing tables associated with an interface.  If a message comes on the interface it checks for routing in the VRF table only.