VRF Lite (Virtual Routing & Forwarding)

- technology similar to VLANs but working at Layer 3.

- implemented in IP network router that allows two or more VPNs, where same IP Subnet can be overlapped among VPNs without conflicting each other

Key Concept - Each VRF instance is a separate route

- another term for VRF is VPN Routing and Forwarding, key element in Cisco MPLS VPN technology.

Lab Topology

Command Guide

1) To configure vrf --> ip vrf NAME (name is case sensitive)

2) Associate the interface with vrf --> ip vrf forwarding NAME

3) To check vrf routing table --> sh ip route vrf NAME

4) To verify the connectivity --> ping vrf NAME ip address

OSI 7 Layers Visualized

Symbols Generated in Ping Output

!:       Each exclamation point indicates receipt of a reply.

.:       Each period indicates the network server timed out while waiting for a reply.

U:     A destination unreachable error PDU was received.

Q:     Source quench (destination too busy).

M:    Could not fragment.

?:      Unknown packet type.

&:     Packet lifetime exceeded

EIGRP Authentication

I would like to highlight how EIGRP did authentication when we used keychain. Please go through the below scenario before we explain how it work,

IP Addressing :

--------------------

R1 - s0/0.12 point-to-point = 131.1.12.1/24 ; lo1 = 1.1.1.1/8

R2 - s0/0.21 point-to-point = 131.1.12.2/24 ; lo1 = 2.2.2.2/8

Configure EIGRP Authentication on R1

------------------------------------------------

! 

key chain EIGRP

key 1

key-string ABC

key 2

key-string cisco

!

!

interface Serial0/0.12 point-to-point

ip address 131.1.12.1 255.255.255.0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 EIGRP

frame-relay interface-dlci 102

!

Configure EIGRP Authentication on R2

------------------------------------------------

! 

key chain EIGRP

key 1

key-string DEF

key 2

key-string cisco

!

!

interface Serial0/0.21 point-to-point

ip address 131.1.12.2 255.255.255.0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 EIGRP

frame-relay interface-dlci 201

!

!

According to the above configuration, will R1 and R2 form EIGRP neighbors?

!

!

!

!

!

!

!

!

Answer is no. The reason is EIGRP use LOWEST key number among all currently valid keys when SENDING EIGRP message but it use ALL currently valid keys when RECEIVING EIGRP message. Please learn the below picture for better understanding.

Reference : RHC blog & CCNP Route

Route Summarization for IGPs