The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
Cisco NX-OS supports a hierarchy of virtualization that can divide the physical system resources into multiple virtual device contexts (VDCs). Each VDC acts as a standalone device with both Layer 2 and Layer 3 services available. You can configure up to 4 VDCs, including the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for more information on VDCs.
Cisco NX-OS further virtualizes each VDC to support virtual routing and forwarding instances (VRFs). You can configure multiple VRFs in a VDC. Each VRF contains a separate address space with unicast and multicast route tables for IPv4 and IPv6 and makes routing decisions independent of any other VRF.
The figure shows multiple independent VRFs in two different VDCs.
A VRF name is local to a VDC, so you can configure two VRFs with the same name if the VRFs exist in different VDCs. In Figure 14-1, VRF A in VDC 2 is independent of VRF B and VRF A in VDC n.
Each router has a default VRF and a management VRF. All Layer 3 interfaces and routing protocols exist in the default VRF until you assign them to another VRF. The mgmt0 interface exists in the management VRF and is shared among multiple VDCs. Each VDC has a unique IP address for the mgmt0 interface (see the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x).
Management VRF
The management VRF is for management purposes only.
Only the mgmt 0 interface can be in the management VRF.
The mgmt 0 interface cannot be assigned to another VRF.
The mgmt 0 interface is shared among multiple VDCs.
No routing protocols can run in the management VRF (static only).
All Layer 3 interfaces exist in the default VRF until they are assigned to another VRF.
Routing protocols run in the default VRF context unless another VRF context is specified.
The default VRF uses the default routing context for all show commands.
The default VRF is similar to the global routing table concept in Cisco IOS.
All unicast and multicast routing protocols support VRFs. When you configure a routing protocol in a VRF, you set routing parameters for the VRF that are independent of routing parameters in another VRF for the same routing protocol instance.
You can assign interfaces and route protocols to a VRF to create virtual Layer 3 networks. An interface exists in only one VRF. Figure 9-1 shows one physical network split into two virtual networks with two VRFs. Routers Z, A, and B exist in VRF Red and form one address domain. These routers share route updates that do not include router C because router C is configured in a different VRF.
By default, Cisco NX-OS uses the VRF of the incoming interface to select which routing table to use for a route lookup. You can configure a route policy to modify this behavior and set the VRF that Cisco NX-OS uses for incoming packets.
 Note |
Do not use the export map command in the VRF mode for prefix filtering. When a route-target export is configured, all routes are exported and then imported to VRFs with a matching route-target import. In this case, the export map does not filter routes, but it can be used to set attributes for the selected routes. If you need to export only the selected routes, remove the route-target export and use the export map to filter routes; and set the route-target-ext-community so that the VRFs with the matching route-target import imports these routes. |
A fundamental feature of the Cisco NX-OS architecture is that every IP-based feature is VRF aware.
The following VRF-aware services can select a particular VRF to reach a remote server or to filter information based on the selected VRF:
AAA
Call Home
DNS
GLBP
HSRP
HTTP
NetFlow
NTP
RADIUS
Ping and Traceroute
SSH
SNMP
Syslog
TACACS+
TFTP
VRRP
XML
See the appropriate configuration guide for each service for more information on configuring VRF support in that service.
Reachability indicates which VRF contains the routing information necessary to get to the server providing the service. For example, you can configure an SNMP server that is reachable on the management VRF. When you configure that server address on the router, you also configure which VRF that Cisco NX-OS must use to reach the server.
Th figure shows an SNMP server that is reachable over the management VRF. You configure router A to use the management VRF for SNMP server host 192.0.2.1.
Filtering allows you to limit the type of information that goes to a VRF-aware service based on the VRF. For example, you can configure a syslog server to support a particular VRF. The figure shows two syslog servers with each server supporting one VRF. syslog server A is configured in VRF Red, so Cisco NX-OS sends only system messages generated in VRF Red to syslog server A.
You can combine reachability and filtering for VRF-aware services. You configure the VRF that Cisco NX-OS uses to connect to that service as well as the VRF that the service supports. If you configure a service in the default VRF, you can optionally configure the service to support all VRFs.
The figure shows an SNMP server that is reachable on the management VRF. You can configure the SNMP server to support only the SNMP notifications from VRF Red, for example.
To completely disable selective VRF download in F3 modules in all VDCs, use the no hardware forwarding selective-vrf command in global configuration mode. You must reload the device after applying this command.
When you make an interface a member of an existing VRF, Cisco NX-OS removes all Layer 3 configurations. You should configure all Layer 3 parameters after adding an interface to a VRF.
You should add the mgmt0 interface to the management VRF and configure the mgmt0 IP address and other parameters after you add it to the management VRF.
If you configure an interface for a VRF before the VRF exists, the interface is operationally down until you create the VRF.
Cisco NX-OS creates the default and management VRFs by default. You should make the mgmt0 interface a member of the management VRF.
The write erase boot command does not remove the management VRF configurations. You must use the write erase command and then the write erase boot command.
If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
|
Parameters |
Default |
|---|---|
|
Configured VRFs |
Default, management |
|
routing context |
Default VRF |
Configuring VRFs
Commands available in global configuration mode are also available in VRF configuration mode.
Ensure that you are in the correct VDC (or use the switchto vdc command).
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# configure terminal |
|
|
Step 2 |
switch(config)# vrf context name |
Creates a new VRF and enters VRF configuration mode. The name can be any case-sensitive, alphanumeric string up to 32 characters. |
|
Step 3 |
(Optional) switch(config-vrf)# ip route {ip-prefix | ip-addr ip-mask} {[next-hop | nh-prefix] | [interface next-hop | nh-prefix]} [tag tag-value [pref] |
(Optional)
Configures a static route and the interface for this static route. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1. |
|
Step 4 |
(Optional) switch(config-vrf)# show vrf [vrf-name] |
(Optional)
Displays VRF information. |
|
Step 5 |
switch(config-vrf)# exit |
Exists the current configuration mode. |
|
Step 6 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to create a VRF and add a static route to the VRF:
switch# configure terminal
switch(config)# vrf context Enterprise
switch(config-vrf)# ip route 192.0.2.0/8 ethernet 1/2
switch(config-vrf)# exit
switch(config)# copy running-config startup-configEnsure that you are in the correct VDC or use switchto vdc command).
Assign the IP address for an interface after you have configured the interface for a VRF
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# configure terminal |
|
|
Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
|
Step 3 |
switch(config-if)# vrf member vrf-name |
Adds this interface to a VRF. |
|
Step 4 |
switch(config-if)# ip address ip-prefix/length |
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF. |
|
Step 5 |
(Optional) switch(config-vrf)# show vrf vrf-name interface interface-type number |
(Optional)
Displays VRF information. |
|
Step 6 |
switch(config-vrf)# exit |
Exits the current configuration mode. |
|
Step 7 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to add an interface to the VRF:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# vrf member RemoteOfficeVRF
switch(config-if)# ip address 192.0.2.1/16
switch(config-if)# copy running-config startup-configYou can associate a routing protocol with one or more VRFs. See the appropriate chapter for information on how to configure VRFs for routing protocol. This section uses OSPFv2 as an example protocol for the detailed configuration steps.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# configure terminal |
|
|
Step 2 |
switch(config)# router osfp instance tag |
Creates a new OSFPv2 instance with the configured instance tag. |
|
Step 3 |
switch(config-router)# vrf vrf-name |
Enters VRF configuration mode. |
|
Step 4 |
switch(config-router-vrf)# maximum-paths paths |
(Optional) Configures the maximum number of equal OSPFv2 paths to a destination in the route table for this VRF. Used for load balancing. |
|
Step 5 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
|
Step 6 |
switch(config-if)# ip address ip-prefix/length |
Assigns this interface to the OSPFv2 instance and area configured. |
|
Step 7 |
switch(config-if)# ip address ip-prefix/length |
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF. |
|
Step 8 |
switch(config-if)# ip router ospf area area-id instance-tag area area-id |
Assigns this interface to the OSPFv2 instance and area configured. |
|
Step 9 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to add an interface to the VRF:
switch# configure terminal
switch(config)# vrf context RemoteOfficeVRF
switch(config-vrf)# exit
switch(config)# router ospf 201
switch(config-router)# vrf RemoteOfficeVRF
switch(config-router-vrf)# maximum-paths 4
switch(config-router-vrf)# interface ethernet 1/2
switch(config-if)# vrf member RemoteOfficeVRF
switch(config-if)# ip address 192.0.2.1/16
switch(config-if)# ip router ospf 201 area 0
switch(config-if)# exit
switch(config)# copy running-config startup-configYou can configure a VRF-aware service for reachability and filtering. See the “VRF-Aware Services” section for links to the appropriate chapter or configuration guide for information on how to configure the service for VRFs. This section uses SNMP and IP domain lists as example services for the detailed configuration steps.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
switch# configure terminal |
|
|
Step 2 |
switch(config)# snmp-server host ip-address[filter-vrf vrf-name] [use-vrf vrf-name] |
Configures a global SNMP server and configures the VRF that Cisco NX-OS uses to reach the service. Use the filter-vrf keyword to filter information from the selected VRF to this server. |
|
Step 3 |
switch(config)# vrf context vrf-name |
Creates a new VRF. |
|
Step 4 |
switch(config-vrf)# ip domain-list domain-name [all-vrfs] [use-vrf vrf-name]] |
Configures the domain list in the VRF and optionally configures the VRF that Cisco NX-OS uses to reach the domain name listed. |
|
Step 5 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to send SNMP information for all VRFs to SNMP host 192.0.2.1, reachable on VRF Red:
switch# configure terminal
switch(config)# snmp-server host 192.0.2.1 for-all-vrfs use-vrf Red
switch(config)# copy running-config startup-configThis example shows how to filter SNMP information for VRF Blue to SNMP host 192.0.2.12, reachable on VRF Red:
switch# configure terminal
switch(config)# vrf context Blue
switch(config-vrf)# snmp-server host 192.0.2.12 use-vrf Red
switch(config)# copy running-config startup-configYou can set the VRF scope for all EXEC commands (for example, show commands). This automatically restricts the scope of the output of EXEC commands to the configured VRF. You can override this scope by using the VRF keywords available for some EXEC commands.
To set the VRF scope, use the following command in EXEC mode:
| Command or Action | Purpose | ||
|---|---|---|---|
|
switch# routing-context vrf vrf-name |
Sets the routing context for all EXEC commands. Default routing context is the default VRF.
|
To display VRF configuration information, perform one of the following tasks:
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
show vrf [vrf-name] |
Displays the information for all or one VRF. |
|
Step 2 |
show vrf [vrf-name] detail |
Displays detailed information for all or one VRF. |
|
Step 3 |
show vrf [vrf-name] [interface interface-typeslot/port] |
Displays the VRF status for an interface. |
This example shows how to configure VRF Red, add an SNMP server to that VRF, and add an instance of OSPF to VRF Red:
configure terminal
vrf context Red
snmp-server host 192.0.2.12 use-vrf Red
router ospf 201
vrf Red
interface ethernet 1/2
vrf member Red
ip address 192.0.2.1/16
ip router ospf 201 area 0This example shows how to configure VRF Red and Blue, add an instance of OSPF to each VRF, and create an SNMP context for each OSPF instance in each VRF:
configure terminal
!Create the VRFs
vrf context Red
vrf context Blue
vrf context Green
!Create the OSPF instances and associate them with a single VRF or multiple VRFs
(recommended)
feature ospf
router ospf Lab
vrf Red
!
router ospf Production
vrf Blue
router-id 1.1.1.1
vrf Green
router-id 2.2.2.2
!Configure one interface to use ospf Lab on VRF Red
interface ethernet 1/2
vrf member Red
ip address 192.0.2.1/16
ip router ospf Lab area 0
no shutdown
!Configure another interface to use ospf Production on VRF Blue
interface ethernet 10/2
vrf member Blue
ip address 192.0.2.1/16
ip router ospf Production area 0
no shutdown
!
interface ethernet 10/3
vrf member Green
ip address 192.0.2.1/16
ip router ospf Production area 0
no shutdown
!configure the SNMP server
snmp-server user admin network-admin auth md5 nbv-12345
snmp-server community public ro
!Create the SNMP contexts for each VRF
snmp-server context lab instance Lab vrf Red
snmp-server context production instance Production vrf Blue
!Use the SNMP context lab to access the OSPF-MIB values for the OSPF instance Lab in VRF Red in this example. Use the SNMP context lab to access the OSPF-MIB values for the OSPF instance Lab in VRF Red in this example.
|
Related Topic |
Document Title |
|---|---|
|
VRF CLI |
Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference |
|
VRFs |
Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide Cisco Nexus 7000 Series NX-OS System Management Configuration Guide |
|
VDCs |
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide |
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
| Feature Name | Release | Feature Information |
|---|---|---|
|
VRF |
4.0(1) |
This feature was introduced. |
Feedback