What is VRF? What is VRF Lite?

The VRF’s full form in networking is Virtual Routing and Forwarding.  To send the packet, a network router does a lookup in the routing table and forwards the packet to the next hop. The routing table is global and applicable to all network traffic coming in.

But what is Virtual Routing or VRF? It is similar to IP routing, but unlike the normal router, a router with VRF technology may have multiple routing tables to separate the IP traffic. It is similar to the VLAN but works on layer 3 and segregates the network packets.

This brings virtualization of the routers.  Feels that all segmented traffic has its own dedicated routers. But the difference is that in VRF there can be only one routing table, while a router may have multiple.

By isolating network traffic,  a service provider can provide a VPN to its customers.  This brings fewer requirements for authentication and encryption.

Default IP Routing?

Routing is the process of transmitting data from one host to another. The communicating hosts may be in the same or different networks. Data have an IP header with source and destination IP addresses.  When a host needs to send data out, it sends a packet to the router. At the host, the router address is configured as the default gateway.

Once gets a packer, the router looks into the global routing table and forwards the packet to the next hope. Routing using a global routing table is named default routing.

Why do we need the separation of IP traffic?

We need the separation of entities in many cases.  Suppose there are multiple departments in a company and we do not want to expose any resource from one department to another.  The option is simple, limit communication within a department.  By restricting access, the HR department can not have access to marketing servers or files.

Why do we need VRF if there is a VLAN option?

Both isolate the network traffic. But they are a distance apart. The way they work answers the difference.  VLAN works at layer two while VRF is at layer 3.   If there are multiple VLANs in the company, over the switches.  All switches are connected to the router for external network access.  This brings a problem, a host in VLAN can access another host in another VLAN.  If we have VRF, a host can access hosts in the same VRF.

Using VRF, an ISP can provide isolation of IP traffic between distant hosts.   The ISP will configure VRF on each router between the path.

Virtual Routing Tables in VRF:

These are similar to the normal routing tables associated with an interface.  If a message comes on the interface it checks for routing in the VRF table only.