Dell Networking SONiC: How to Configure Virtual Routing and Forwarding
Summary: This article explains how to configure Virtual Routing and Forwarding (VRF) in Dell Networking SONiC. This article uses a switch running Dell SONiC 4.1.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
|
Prerequisites
We are using standard interface naming to demonstrate the Concepts. See Dell article Dell Networking S-Series: Basic Interface Configuration - SONiC 4.0 for more information regarding interface naming |
Index:
Introduction
Sample Configuration
Introduction
Virtual Routing and Forwarding (VRF) partitions a physical router into multiple virtual routers. The control and data plane are isolated in each virtual router; traffic does not flow across virtual routers. VRF allows multiple instances of independent routing tables to co-exist within the same router simultaneously.- The number of maximum configurable VRFs in a Dell SONiC switch depends on the platform.
- Remove any existing IP address from an L3 interface before assigning it to a VRF
Dell SONiC supports the following VRF instances:
- Default VRF instance
- Nondefault VRF instances
- Management VRF instance
| Feature | Management VRF | Default VRF | Nondefault VRF |
|---|---|---|---|
| BGP | No | Yes | Yes |
| ICMP or PING | Yes | Yes | Yes |
| NTP client | Yes | Yes | Yes |
| NTP server | Yes | Yes | No |
| SCP client | Yes | Yes | Yes |
| Traceroute | Yes | Yes | Yes |
Default VRF
In Dell SONiC, by default, the system initially assigns all physical interfaces including management interface and all logical interfaces to the default VRF instance.Management VRF
The management VRF provides a separate mgmt routing table for an out-of-band management network that is different from the default in-band data-plane network. A dedicated management VRF provides an isolated routing table for the management interface when accessing the switch using SSH.- NTP uses the management VRF by default; if the management VRF is not configured, NTP uses the default VRF.
- The management VRF does not support IP services, such as TFTP and FTP.
- DNS is supported.
Management VRF Configuration Syntax:
Enable Management VRF and move Management port to Management VRF mgmt. admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# ip vrf mgmt |
Verify
DELLSONiC# show ip vrf mgmt VRF-NAME INTERFACES ---------------------------------------------------------------- mgmt Management0 |
Delete Management VRF and return the management interface to default VRF.
admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# no ip vrf mgmt |
Non-default VRF
To separate traffic, we can configure nondefault VRFs in DELL SONiC. We can bind physical Ethernet, loopback, port channel, and VLAN interfaces to a nondefault VRF.- Non-default vrf-name is up to 15 alphanumeric characters
- VRF name should start with the prefix Vrf; for example, VrfRED, Vrf10, Vrf_BLUE.
- Management port cannot be configured as part of Non-default VRF
Non-default VRF Configuration Syntax
Create VRF
admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# ip vrf Vrf_NAME |
Bind a Layer 3 interface, vlan, portchannel, loopback to VRF:
admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# interface <Eth slot/port><Vlan ID><PortChannel ID><Eth slot/port.subport><Loopback ID> DELLSONiC(config-if-XXXX)# ip vrf forwarding Vrf_NAME |
Verify VRF
admin@DELLSONiC:~$ sonic-cli DELLSONiC# show ip vrf VRF-NAME INTERFACES ---------------------------------------------------------------- Vrf_NAME Vlan10 default |
Unbind an interface from a VRF.
admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# interface <Eth slot/port><Vlan ID><PortChannel ID><Eth slot/port.subport><Loopback ID> DELLSONiC(config-if-XXXX)# no ip vrf forwarding Vrf_NAME |
Delete a VRF.
admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure DELLSONiC(config)# no ip vrf Vrf_NAME |
Sample Configuration
To understand the basic VRF configuration, let us review the following topology as shown.
Goal: Our goal is to ensure traffic of VLAN 10 can only communicate with VLAN 20 and vice versa. VLAN 30 only communicates with VLAN 40 and vice versa.
The VLANs are already created, respective ports are already assigned to the VLANs, and interfaces are unshut in Dell Networking SONiC Switch.
To know more regarding VLAN configuration, see article Dell Networking SONiC: How to Create a VLAN and Assign it to Trunk and Access Switchports
Vrf_RED Configuration |
Vrf_BLUE Configuration |
|---|---|
Enter Dell Management framework CLI and configure mode admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure |
Enter Dell Management framework CLI and configure mode admin@DELLSONiC:~$ sonic-cli DELLSONiC# configure |
Create VRF Vrf_RED DELLSONiC(config)# ip vrf Vrf_RED |
Create VRF Vrf_BLUE DELLSONiC(config)# ip vrf Vrf_BLUE |
Bind VLAN 10 to Vrf_BLUE and assign IP address DELLSONiC(config)# interface Vlan 10 DELLSONiC(config-if-Vlan10)# ip vrf forwarding Vrf_RED DELLSONiC(config-if-Vlan10)# ip address 10.0.0.1/24 DELLSONiC(config-if-Vlan10)# exit |
Bind VLAN 30 to Vrf_BLUE and assign IP address DELLSONiC(config)# interface Vlan 30 DELLSONiC(config-if-Vlan30)# ip vrf forwarding Vrf_BLUE DELLSONiC(config-if-Vlan30)# ip address 30.0.0.1/24 DELLSONiC(config-if-Vlan30)# exit |
Bind VLAN 20 to Vrf_BLUE and assign IP address DELLSONiC(config)# interface Vlan 20 DELLSONiC(config-if-Vlan20)# ip vrf forwarding Vrf_RED DELLSONiC(config-if-Vlan20)# ip address 20.0.0.1/24 DELLSONiC(config-if-Vlan20)# end |
Bind VLAN 40 to Vrf_BLUE and assign IP address DELLSONiC(config)# interface Vlan 40 DELLSONiC(config-if-Vlan40)# ip vrf forwarding Vrf_BLUE DELLSONiC(config-if-Vlan40)# ip address 40.0.0.1/24 DELLSONiC(config-if-Vlan40)# end |
Let us verify the configuration.
DELLSONiC# show ip vrf
VRF-NAME INTERFACES
----------------------------------------------------------------
Vrf_BLUE Vlan30
Vlan40
Vrf_RED Vlan10
Vlan20 |
DELLSONiC# show ip interfaces Flags: U-Unnumbered interface, A-Anycast IP ----------------------------------------------------------------------------------------------------------------- Interface IP address/mask VRF Admin/Oper Flags ----------------------------------------------------------------------------------------------------------------- Vlan10 10.0.0.1/24 Vrf_RED up/up Vlan20 20.0.0.1/24 Vrf_RED up/up Vlan30 30.0.0.1/24 Vrf_BLUE up/up Vlan40 40.0.0.1/24 Vrf_BLUE up/up |
We can see Vrf_BLUE has VLAN 30 and VLAN 40. Vrf_RED has VLAN 10 and VLAN 20.
Let us compare the routing table for both VRF:
| Vrf_RED |
|---|
DELLSONiC# show ip route vrf Vrf_RED
Codes: K - kernel route, C - connected, S - static, B - BGP, O - OSPF
> - selected route, * - FIB route, q - queued route, r - rejected route
Destination Gateway Dist/Metric Last Update
--------------------------------------------------------------------------------------------------------------------------------
C>* 10.0.0.0/24 Direct Vlan10 0/0 00:31:42 ago
C>* 20.0.0.0/24 Direct Vlan20 0/0 00:31:31 ago |
| Vrf_BLUE |
|---|
DELLSONiC# show ip route vrf Vrf_BLUE
Codes: K - kernel route, C - connected, S - static, B - BGP, O - OSPF
> - selected route, * - FIB route, q - queued route, r - rejected route
Destination Gateway Dist/Metric Last Update
--------------------------------------------------------------------------------------------------------------------------------
C>* 30.0.0.0/24 Direct Vlan30 0/0 00:24:28 ago
C>* 40.0.0.0/24 Direct Vlan40 0/0 00:10:56 ago
|
Affected Products
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON
, PowerSwitch Z9432F-ON
...
Article Properties
Article Number: 000218893
Article Type: How To
Last Modified: 10 Nov 2023
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.