Overview

Multiple distinct routers are supported within a single system, which allows service providers to configure multiple, separate, secure routers within a single chassis. These routers are identified as virtual routers (VRs). Applications for this function include the creation of individual routers dedicated to wholesale customers, corporate virtual private network (VPN) users, or a specific traffic type.

Default Virtual Router

When you first boot your system, it creates a default virtual router. The only difference between the default VR and any other router is that you cannot create or delete the default VR. Just like any other router, the default VR gets its IP addresses when you add interfaces to it.

Virtual Router Instances

Your system can support up to 1,000 forwarding tables; that is, up to a total of 1,000VRs and VPN routing and forwarding (VRF) instances. Each VRF has a forwarding table. A network device attaching to a system sees a router interface. The attaching device has no notion of the virtual router behind the interface.

For example, a physical ATM link may have circuits that are connected to different VRs. The physical and data link layers are not aware that there are multiple router instances. See Figure 10-1.

Figure 10-1 Virtual routers

VRs and VRFs are tools for implementing VPNs.

Routing Protocols

Your system implements the VRs by maintaining a separate instance of each data structure for each VR and allowing each protocol (for example, TCP/UDP, RIP, OSPF, and IS-IS) to be enabled on a case-by-case basis. A table of router interfaces associates user connections (for example, PPP or ATM) with one or more IP interfaces within a VR.

VPNs and VRFs

Your system supports VPNs and VRFs. For information on VPNs and VRFs, see Configuring BGP VPN Services and Monitoring BGP/MPLS VPNs in ERX Routing Protocols Configuration Guide, Vol. 2, Chapter 3, Configuring BGP/MPLS VPNs.

VPNs

A VPN is a set of sites attached to a common network, but whose data is handled separately from that common network.

VPNs enable private IP traffic to travel over a public TCP/IP network by tunneling that traffic between VPN member sites. Different levels of security are available depending on the security of the tunnel used between sites.

Your system supports VPNs consisting of VRs or VRFs. See RFC 2547 - BGP/MPLS VPNs. Additionally, your system supports tunnels built from GRE, IPSec, L2TP, MPLS, and tunnels built from layer 2 circuits, such as Frame Relay and ATM.

VRFs

A VRF is a virtual routing and forwarding instance that exists within the context of a VR. The VRF provides forwarding information to your system. The system looks up a packet's destination in the VRF associated with the interface on which the packet is received. In general, any application that can be enabled in a VR can be enabled in a VRF. VRFs are generally associated with the VPN behavior described in RFC 2547.

When a VRF receives an update message, it needs to know whether it should add the route to its routing table. Similarly, when a VRF sends update messages, it needs to identify the VPNs that it wants to receive the updates. See ERX Routing Protocols Configuration Guide, Vol. 2, Chapter 3, Configuring BGP/MPLS VPNs.