Lesson 10: Virtual Routing and Forwarding (VRF)

Virtual Routing and ForwardING

When designing a network in a multi-tenant environment, security becomes a huge concern, especially when multiple untrusted external users share the same physical hardware. Developing a design that will keep traffic isolated not only enhances security by ensuring that two separate networks do not share routes with each other, but it also allows for each user to maintain their own dedicated path to reach their destination. To achieve this goal, that’s where VRFs come into play. Virtual routing and forwarding is a layer 3 technology that allows multiple routing tables to exist on a single device. Why is this important? Having separate routing tables not only allows privacy and network segmentation, but it also allows for independent routing decisions to be made within each virtual network. This is an important consideration to factor in because of how network routing decisions are made. This segregation of traffic ensures that traffic from one VRF instance remains invisible to another, maintaining privacy and security across the network. There are two versions of VRFs, VRF-Lite and Full VRF. The differences between the two technologies are outside the scope of this article, just know that each flavor shares common characteristics but serves different network purposes, and configuration parameters.