Although originally designed as a highly critical component in L3VPNs, the VPN routing and forwarding (VRF) instance has become an important component in BGP-signaled L2VPNs, specifically, in Juniper BGP-signaled L2VPNs. Both VPN architectures use Multiprotocol Border Gateway Protocol as their signaling protocol.
VRF tables allow for separate and private VPN forwarding decisions to co-exist within a PE device. A VRF is created on a per VPN basis within each PE and can support multiple sites per subscriber VPN. The VRF is the fundamental mechanism that enables the partitioning of individual customers over the shared IP routed infrastructure.
A VRF is maintained by a PE device and contains the routing information that defines a customer VPN site. A PE device maintains a VRF for each of its directly connected customer VPN sites. Multiple VRFs on multiple PE devices compose a VPN.
A VRF consists of the following components:
-
An IP routing table
-
A derived VPN-specific forwarding table
-
A set of PE device interfaces (tied to the locally attached customer VPN site) that use the forwarding table
-
A set of rules and routing protocols that determine what goes into the forwarding table
The VRF stores packet forwarding information for the routes that are particular to the VPN to which the VRF belongs. Each route in the VRF is associated with two labels: an outer label that is used to route the packet through the MPLS network to the appropriate egress PE device, and an inner label that is used to deliver the packet to the correct VRF and correct end user.
Note that because a PE device might have the same IP address on multiple interfaces, the IP Availability Manager source for MPLS Manager tags each of the IP addresses with a route distinguisher (RD) value that is unique to a particular VRF, to form unique VRF IP addresses. The route distinguisher is the means by which the PE device and MPLS Manager keep track of overlapping customer IP address spaces.