The purpose of VRF-lite is to extend the logical separation of two different networks from a MPLS network down to a single CE router, connected to both these networks. It’s called VRF-lite because it is done without running MPLS (LDP/TDP) or MP-BGP between the PE and CE. Traffic is mapped to the VRF assigned to the ingress interface on the CE router.
But VRF-lite could be used without connecting to a MPLS network entirely! Consider what a VRF is?
A VRF is a mechanism used to provide logical separation between routing tables on the same router. It is locally significant to the router. Each interface on a router can only be assigned to one VRF, but a VRF can have multiple interfaces.
So VRF-lite could be used to separate multiple networks using the same equipment. (Not exactly something you should ever plan in a design, but it could be useful to know)
Once you have the separation you needed, you might need a way to selectively bridge that separation to allow communication between the VRF’s.
Assume the following scenario:
Continue reading “VRF-lite route leaking”