On this post, I will be exploring another important topic which can allow us to create multiple OSPF Area 0 (Backbone Area) in a router. This can be accomplished by using VRF-Lite. VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface cannot belong to more than one VRF at any time.

I have prepared a simple topology illustrating the concepts of VRF-Lite and I will be running an OSPF as my layer 3 routing protocols. In my scenarios, I have a fictitious company called Koala and Kangaroo. Koala have an office located both in Melbourne and Sydney while Kangaroo have an office located both in Singapore and Manila. All of them are connected via an ISP router. I will be configuring two VRF instances or separate VPN to established the connectivity  of the respective company locations. 

Here is my topology,

 Laboratory Objective:

1. Configure the routers as per the topology above and used OSPF as the routing protocol.

2. Verify the connectivity between Singapore and Manila Router

3. Verify the connectivity between Melbourne and Sydney router.

4. Check the content of ISP router routing information.


Here are my routers configuration ( I did not include here all the interfaces configs)

Kangaroo VRF

 Manila(config)#router ospf 1
Manila(config-router)#network 10.10.11.0 0.0.0.255 area 1
Manila(config-router)#network 192.168.15.0 0.0.0.255 area 0
 Manila(config-router)#exit

Singapore(config)#router ospf 1
Singapore(config-router)#network 10.10.13.3 0.0.0.0 area 2
ningapore(config-router)#network 192.168.35.0 0.0.0.255 area 0
Singapore(config-router)#^Z

ISP(config)#ip vrf Kangaroo
ISP(config-vrf)#exit

ISP(config)#int s2/0
ISP(config-if)#ip vrf forwarding Kangaroo
% Interface Serial2/0 IPv4 disabled and address(es) removed due to disabling VRF Kangaroo  << I have initially configure the IP address on Serial 2/0 and it does removed when ip vrf was applied.
ISP(config-if)#ip add 192.168.35.5 255.255.255.0
ISP(config-if)#no shut

ISP(config)#router ospf 1 vrf Kangaroo   <<  I have used process 1 for Kangaroo
ISP(config-router)#network 192.168.15.0 0.0.0.255 area 0
ISP(config-router)#network 192.168.35.0 0.0.0.255 area 0
ISP(config-router)#^Z

 Koala VRF (Let’s extract the configuration from the routers)


Melbourne#sh run | sec ospf
router ospf 1
 network 10.10.12.2 0.0.0.0 area 1
 network 192.168.25.0 0.0.0.255 area 0
Melbourne#

Sydney#sh run | sec ospf
router ospf 1
 network 10.10.14.4 0.0.0.0 area 2
 network 192.168.45.0 0.0.0.255 area 0
Sydney#

ISP#sh run interface fa1/0
Building configuration…

Current configuration : 122 bytes
!
interface FastEthernet1/0
 ip vrf forwarding Koala
 ip address 192.168.25.5 255.255.255.0
 speed auto
 duplex auto

ISP#sh run int s2/1
Building configuration…

Current configuration : 115 bytes
!
interface Serial2/1
 ip vrf forwarding Koala
 ip address 192.168.45.5 255.255.255.0
 serial restart-delay 0
end

ISP#sh run | sec  vrf Koala
ip vrf Koala  <<< This can be added in global configurations mode
router ospf 2 vrf Koala
 network 192.168.25.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0

Verification:

1. Let’s check the whether OSPF adjacency were formed (Actually I have already seen they were up in the background)

ISP#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.14.4        0   FULL/  –        00:00:33    192.168.45.4    Serial2/1
10.10.12.2        1   FULL/DR         00:00:33    192.168.25.2    FastEthernet1/0
10.10.13.3        0   FULL/  –        00:00:30    192.168.35.3    Serial2/0
10.10.11.1        1   FULL/DR         00:00:30    192.168.15.1    FastEthernet0/0
ISP#

2. Let’s check the routing table that belongs to Koala VRF.

ISP#show ip route vrf Koala

      10.0.0.0/32 is subnetted, 2 subnets
O IA     10.10.12.2 [110/2] via 192.168.25.2, 01:34:12, FastEthernet1/0
O IA     10.10.14.4 [110/65] via 192.168.45.4, 01:33:45, Serial2/1
      192.168.25.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.25.0/24 is directly connected, FastEthernet1/0
L        192.168.25.5/32 is directly connected, FastEthernet1/0
      192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.45.0/24 is directly connected, Serial2/1
L        192.168.45.5/32 is directly connected, Serial2/1
ISP#

Observation:

a. As observed, the ISP have both the Sydney and Melbourne loopback interface address. We can also check from the LSDB of ISP that it contained a Type 3 Summary LSA in Area 0 for both Melbourne and Sydney Loopback interfaces.

ISP#show ip ospf database

Link ID         ADV Router      Age         Seq#       Checksum
10.10.12.2      10.10.12.2      474         0x80000004 0x00EE06
10.10.14.4      10.10.14.4      1593        0x80000003 0x00AC41


3. Let’s check the routing table for Kangroo VRF instance.

ISP#show ip route vrf Kangaroo

      10.0.0.0/32 is subnetted, 2 subnets
O IA     10.10.11.1 [110/2] via 192.168.15.1, 01:44:57, FastEthernet0/0
O IA     10.10.13.3 [110/65] via 192.168.35.3, 01:44:57, Serial2/0
      192.168.15.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.15.0/24 is directly connected, FastEthernet0/0
L        192.168.15.5/32 is directly connected, FastEthernet0/0
      192.168.35.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.35.0/24 is directly connected, Serial2/0
L        192.168.35.5/32 is directly connected, Serial2/0
ISP#

Observation:

a. We can see that the same Inter-Area Routes from ISP for the Loopback address advertise by both Manila (Area 1)and Singapore (Area 2).


4. Let’s check the Manila and Singapore routing table.

Manila#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
       E1 – OSPF external type 1, E2 – OSPF external type 2
       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
       ia – IS-IS inter area, * – candidate default, U – per-user static route
       o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
       + – replicated route, % – next hop override

      10.0.0.0/32 is subnetted, 2 subnets
O IA     10.10.13.3 [110/66] via 192.168.15.5, 01:48:47, FastEthernet0/0
O     192.168.35.0/24 [110/65] via 192.168.15.5, 01:48:47, FastEthernet0/0
Manila#

Singapore#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
       E1 – OSPF external type 1, E2 – OSPF external type 2
       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
       ia – IS-IS inter area, * – candidate default, U – per-user static route
       o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
       + – replicated route, % – next hop override

      10.0.0.0/32 is subnetted, 2 subnets
O IA     10.10.11.1 [110/66] via 192.168.35.5, 01:49:38, Serial2/0
O     192.168.15.0/24 [110/65] via 192.168.35.5, 01:49:38, Serial2/0
Singapore#

 Observation:

a. As as we notice both routers have the details on how to reach their respective loopback interfaces and is shown as Inter-Area routes.

b. We can also notice that we have an OSPF routes for the network address joining the routers towards \the ISP router. 

O     192.168.15.0/24
O     192.168.35.0/24

 c. Let’s try to ping from Singapore to Manila.

 Singapore#ping 10.10.11.1 source 10.10.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.11.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.13.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/72/84 ms
Singapore#


5. Let’s check Sydney and Melbourne router.

Melbourne#show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
       E1 – OSPF external type 1, E2 – OSPF external type 2
       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
       ia – IS-IS inter area, * – candidate default, U – per-user static route
       o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
       + – replicated route, % – next hop override

      10.0.0.0/32 is subnetted, 2 subnets
C        10.10.12.2 is directly connected, Loopback2
O IA     10.10.14.4 [110/66] via 192.168.25.5, 01:44:53, FastEthernet1/0
      192.168.25.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.25.0/24 is directly connected, FastEthernet1/0
L        192.168.25.2/32 is directly connected, FastEthernet1/0
O     192.168.45.0/24 [110/65] via 192.168.25.5, 01:49:38, FastEthernet1/0
Melbourne#

Now, let’s ping from Melbourne to Sydney.

Melbourne#ping 10.10.14.4 source 10.10.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.14.4, timeout is 2 seconds:
Packet sent with a source address of 10.10.12.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/55/56 ms
Melbourne#

Summary of this Lab,

Below are the steps required to enable VRF-Lite

1. Create VRF name(s)

    ip vrf

    ip vrf

2. Associate the VRF with any layer 3 interface

int   
ip vrf  forwarding

Below are the steps to enable Multiple OSPF Backbone 0 using VRF-Lite

1. Create separate process of the VRF instances

     router ospf 1 vrf   
   
     router osp 2 vrf