Cisco Catalyst 8000V Edge Software Installation And Configuration Guide

Configure VRF Route Sharing

Updated: March 5, 2026

Want to summarize with AI?

On this page

Overview

VRF Route Sharing in Cisco Catalyst 8000V

Prerequisites for VRF Route Sharing

Restrictions for VRF Route Sharing

Sample topology and use cases

Sample topology for VRF Route Sharing
Use cases

Configure VRF Route Sharing

Verify VRF Route Sharing

Overview

Describes how to configure VRF Route Sharing across VxLAN peers to deploy shared services across the cloud.

VRF Route Sharing is a functionality that allows intentional sharing of route information between separate, isolated Virtual Routing and Forwarding (VRF) instances on a router. This functionality allows traffic to be forwarded between an On-Premise site and a public cloud site.

Configure the VRF Route Sharing functionality to deploy shared services across hybrid clouds. Endpoints on the On-Premise site can consume shared services that run on the public cloud.

VRF Route Sharing in Cisco Catalyst 8000V

In a hybrid cloud solution where there is an APIC layer (On-Premise) and a public cloud site, the Cisco Catalyst 8000V instance connects the data centers through Layer-3 boundaries. The Cisco Catalyst 8000V instance has a VRF instance configured with two sets of import and export route-targets. One set of import and export route targets is associated with the BGP EVPN session that uses VXLAN encapsulation and provides L3 routing information in the On-Premise router.

The other set of import and export route targets is associated with the L3VPN BGP neighbour in the service provider network. The Cisco Catalyst 8000V instance enables the L3 traffic movement across the EVPN by stitching the route between the On-Premise site and the service provider network.

The Cisco Catalyst 8000V instance forwards traffic across the EVPN even if the VRFs have the same VTEP IP (VxLAN tunnel endpoint) and RMAC (router MAC address). With this feature, the Cisco Catalyst 8000V instance uses a binding label to setup the routing and forwarding chain.

The Cisco Catalyst 8000V instance shares the L3 prefix with multiple VRFs on the On-Premise site, and the On-Premise site shares its L3 prefixes with the Cisco Catalyst 8000V instance. The APIC layer imports the addresses and the services are thus consumed in the APIC side.

Before you configure the VRF Route Sharing functionality to enable the traffic between the ACI and the public cloud, ensure that:

You configure VRF1 and VRF2 on the vPC pair of ACI.
VRF3 and VRF4 on the Cisco Catalyst 8000V instance, which peers with VGW, have two RTs for each VRF.
The Cisco Catalyst 8000V instance imports EVPN routes of VRF1 and VRF2 from ACI into VRF3 and VRF4.
The IP BGP on the Cisco Catalyst 8000V side redistributes the routes to the gateway in the public cloud.
The next-hop for routes from ACI is the spine or the border leaf of the ACI.
There are no overlaps of prefix across the route sharing VRF.
You advertise the L3 VPN routing to forward the VRF prefixes to the EVPN neighbours. Run the advertise l2vpn evpn command and export the stitching RTs to push the native routes towards the EVPN.

Review these restrictions before configuring the VRF Route Sharing functionality in Cisco Catalyst 8000V

The VRF Sharing functionality supports up to 32 common VRFs and 1000 customer VRF combinations.
This functionality does not support RT filters.
VRF Route Sharing only supports IPv4 addresses. This functionality does not support IPv6 addresses.

Sample topology and use cases

Sample topology for VRF Route Sharing

Consider this sample topology which explains the VRF Route Sharing functionality in a hybrid cloud. In this sample topology, assume the Cisco Catalyst 8000V instance is deployed on the VM of the public cloud. Site A is an ACI deployment site, while Site B is the public cloud.

Leaf 1 and Leaf 2 form the Virtual Port Channel (vPC) pair for ACI. Both vPCs have different Route Distinguishers (RD). VRF1 and VRF2 are configured on the vPC pair for ACI. For example:

VRF1 – RT:RT-EVPN-1, prefix:192.168.1.1
VRF2 – RT:RT-EVPN-2, prefix:192.168.2.2

VRF3 and VRF4 are configured on the Cisco Catalyst 8000V instance. These two VRFs connect to the Voice Gateway (VGW). Each VRF uses a different Route Target (RT). For example:

VRF3 – RT for EVPN: RT-EVPN-3, RT for IP BGP: RT-3, prefix:192.168.3.3
VRF4 – RT for EVPN: RT-EVPN-4, RT for IP BGP: RT-4, prefix:192.168.4.4

In this topology, assume the BGP-EVPN fabric is present between the ACI and the Cisco Catalyst 8000V instance in the public cloud. The IP BGP protocol is used between the Cisco Catalyst 8000V instance and a cloud service provider, such as Microsoft Azure. The BGP-EVPN fabric redistributes the stitching routes between the EVPN and the IP BGP.

To enable the traffic flow between the ACI Site and the Public Cloud, both ACI and the Cisco Catalyst 8000V instance need to support VRF Route Sharing.

The Cisco Catalyst 8000V instance must be able to import the EVPN routes of VRF1 and VRF2 from ACI into VRF3 and VRF4. The IP BGP on the Cisco Catalyst 8000V side then redistributes the routes to the VGW in the public cloud.

Note

When the VTEP (VxLAN Tunnel Endpoint) IP and the RMAC (Route MAC addrress) are the same for two leafs, and the VNIC alone differs, theCisco Catalyst 8000V instance can forward the traffic across the tunnel.

Use cases

Using the same sample topology, here are the use cases for configuring VRF Route Sharing in a Cisco Catalyst 8000V instance:

When VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 cannot talk to each other.

vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4

When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 cannot talk to each other.

vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching

When VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 can talk to each other.

vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target import RT-3
route-target export RT-4

When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 can talk to each other.

vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target import RT-3
route-target export RT-4

For this use case, the Cisco Catalyst 8000V instance must configure EVPN on both VRF3 and VRF4.

Although IP BGP imports all the routes from VRF3 and VRF4, BGP does not advertise the imported routes of the VRF to the EVPN peer.

Note

Use the Stitching keyword in the configuration only when the sharing happens across the EVPN.

Perform this configuration to set up VRF Route Sharing in a hybrid cloud.

Procedure

	1.	Run the vrf definition command to define the VRFs.
	2.	Create each VRF instance with a unique route distinguisher (RD). For each VRF, specify route-targets for both import and export using the route-target import and route-target export commands. Example: In this sample solution, VRF 1 and VRF 2 (on-premise) can talk to VRF 3 and VRF 4 (in the public cloud). However, VRF3 and VRF4 cannot talk to each other. `Router(config)# vrf definition vrf3 Router(config-vrf)# rd 3:3 address-family ipv4 Route-target export 100:3 Route-target import 100:4 route-target export 3:3 stitching route-target import 1:1 stitching route-target import 2:2 stitching exit-address-family ! ! vrf definition vrf4 rd 4:4 address-family ipv4 Route-target import 100:3 Route-target export 100:4 route-target export 4:4 stitching route-target import 1:1 stitching route-target import 2:2 stitching exit-address-family ! !`
	3.	Assign interfaces to the VRFs. This configuration sets up each interface to use the correct VRF, configures the IP settings, and activates the interface. `Router(config)# interface BDI100 no shutdown vrf forwarding vrf3 ip address 10.1.1.1 255.255.255.224 ! interface GigabitEthernet4.2 encapsulation dot1Q 2 vrf forwarding vrf3 ip address 10.4.4.1 255.255.255.224 bridge-domain 100 member vni 10100 ! interface nve1 source-interface loopback0 host-reachability protocol bgp member vni 10100 vrf vrf3 !`
	4.	Configure BGP on the router. Redistribute routes using this configuration. router bgp 100 bgp router-id 10.11.11.11 no bgp default ipv4-unicast neighbor 192.168.22.22 remote-as 200 neighbor 198.162.22.22 update-source loopback0 neighbor 198.162.22.22 ebgp-multihop 255 address-family ipv4 vrf vrf3 redistribute connected neighbor 10.0.0.2 remote-as 300 neighbor 10.0.0.2 activate neighbor 10.0.0.2 send-community both advertise l2vpn evpn exit-address-family ! address-family l2vpn evpn neighbor 198.162.22.22 activate neighbor 198.162.22.22 send-community both exit-address-family end

Run the commands in this task to check if the VRF Route Sharing feature is enabled.

Procedure

show ip bgp l2vpn evpn summary .

Provides the BGP summary information for the VRF default address family (L2VPN EVPN).

Example:

show ip bgp l2vpn evpn summary
BGP router identifier 10.11.11.11, local AS number 100
BGP table version is 8, main routing table version 8
7 network entries using 2408 bytes of memory
......
BGP activity 14/0 prefixes, 16/0 paths, scan interval 60 secs
7 networks peaked at 17:34:38 Aug 14 2019 CST (00:00:26.895 ago)
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
198.162.22.22   4          200       6       5        4    0    0 00:01:23        4
Device#

show ip route vrf vrf3 bgp | in binding .

Displays IP routing tables for the VRF. If a binding label appears in the output, the configuration is successful and BGP uses the binding label as the next hop.

Example:

+++ 17:35:05 Minuet(default) exec +++
show ip route vrf vrf3 bgp | in binding
B     10.2.1.0/24 [20/0] via binding label: 0x3000001, 00:00:26
B     10.2.2.0/24 [20/0] via binding label: 0x3000002, 00:00:26
B     192.168.1.0/24 [20/0] via binding label: 0x3000001, 00:00:26
B     192.168.2.0/24 [20/0] via binding label: 0x3000002, 00:00:26

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.