Virtual routing and forwarding (VRF) makes it possible to instantiate isolated routing and forwarding tables within a router. VRFs are supported by deploying tier-0 VRF gateways. A tier-0 VRF gateway must be linked to a parent tier-0 gateway and inherits some of the tier-0 gateway settings, such as HA mode, Edge cluster, internal transit subnet, T0-T1 transit subnets, and BGP routing configuration.
Multiple tier-0 VRF instances can be created under the same parent tier-0, which allows the separation of segments and tier-1 gateways into multiple isolated tenants. With tier-0 VRF gateways, tenants can use overlapping IP addresses without any interference or communication with each other.
NSX tier-0 VRF gateways can be used to connect tenant networks to external routers using static routes or BGP [RFC4364]. This is also known as VRF-Lite.
NSX tier-0 VRF gateways can also be deployed with EVPN. For more information, see Ethernet VPN (EVPN).
NSX Federation support:
- Tier-0 VRF gateway is not supported with NSX Federation and therefore it cannot be configured on Global Manager.
- Tier-0 VRF gateway is not supported on stretched tier-0 gateways in NSX Federation.
Note that even though a tier-0 VRF gateway has an HA mode, it does not have a mechanism to respond to a communication failure that is independent of the parent tier-0 gateway's mechanism. If a tier-0 VRF gateway loses connectivity to a neighbor but the criteria for the tier-0 gateway to fail over is not met, the VRF gateway will not fail over. The only time a VRF gateway will fail over is when the parent tier-0 gateway does a failover.