What is VRF in Networking, and what is VRF Lite?


The VRF’s full form in networking is Virtual Routing and Forwarding. Routing is the process where the network router looks up the routing table after receiving a packet and forwards the packet to the next hop. A router has a single routing table, meaning all network traffic coming in will screen the single routing information.

What is Virtual Routing?

It is similar to usual IP routing, but unlike the typical router, a router with VRF technology may have multiple routing tables to separate the IP traffic. Conceptually similar to the VLAN but works on layer three of the OSI model while VLAN is on layer two., segregating the network packets based on the IP address, not using VLAN tagging.

This creates the virtualization of a single router into multiple routers. A network user feels that all segmented traffic has its dedicated routers. But the difference is that in VRF, there can be only one routing table, while a router may have multiple.

A service provider can provide a VPN to its customers by isolating network traffic. This cut down the requirements for authentication and encryption.

How does IP Routing work?

Network communication means transmitting data (in packets) from one host to another. The communicating hosts may be in the same or different networks. Each packet has an IP header with source and destination IP addresses and user data. 

When a host needs to send data out, it sends a packet to the router. At the host, the router address is configured as the default gateway.

Once it gets a packer, the router looks into the global routing table and forwards the packet to the next hop. The next hop could be another router or destination machine. Routing using a global routing table is named default routing.

Why do we need the separation of IP traffic?

We need the separation of entities in many cases. Suppose a company has multiple departments, and we do not want to expose resources from one department to another. The option is simple, limit communication within a department. The HR department can not access marketing servers or files by restricting access.

Why do we need VRF if there is a VLAN option?

Both isolate the network traffic. But they are a distance apart. The way they work answers the difference. VLAN works at layer two, while VRF is at layer 3.   

Suppose there are multiple VLANs in the company over the switches. All switches are connected to the router for external network access. This brings a problem, a host in VLAN can access another host in another VLAN. If we have VRF, a host can access hosts in the same VRF.

Using VRF, an ISP can isolate IP traffic between distant hosts.   The ISP will configure VRF on each router between the path.

Virtual Routing Tables in VRF:

These are similar to the standard routing tables associated with an interface. If a message comes on the interface, it only checks for routing in the VRF table.