Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding Layer 3 Overlay VRF support in cRPD


Starting in Junos OS Release 19.4R1, virtual routing and forwarding (VRF) instances are supported in cRPD along with the support of MPLS and Multiprotocol BGP to provide overlay functionality.

A routing instance is a collection of routing tables, interfaces, and routing protocol parameters. To implement Layer 3 VPNs, you configure one routing instance for each VPN. A VRF is a network device in the Linux kernel and the device is associated with table-id. You configure the routing instances on PE routers only. You can create VRFs in the Linux network. VRF device implementation impacts only Layer 3 and above. Each VPN routing instance consists of the following components:

  • VRF table—On each PE router, you configure one VRF table for each VPN.

  • Policy rules—These control the import of routes into and the export of routes from the VRF table.

  • One or more routing protocols that install routes from CE routers into the VRF table—You can use the BGP, OSPF, and RIP routing protocols, and you can use static routes.

When a VRF device is created, it is associated with a routing table. Packets that come in through enslaved devices to the VRF are looked up in the routing table associated with the VRF device. Similarly egress routing rules are used to send packets to the VRF driver before sending it out on the actual interface.

VRF is used to manage routes and to forward traffic based on independent forwarding tables in VRF. RPD creates multiple routing tables for every routing instance of type vrf. The tables are one for each address family. You need to configure a routing instance for each VPN on each of the PE routers participating in the VPN. You can configure routing instances using the [edit routing-instances] hierarchy. The routing instance of type vrf is only supported on cRPD.

You can create multiple instances of BFD, BGP, IS-IS, OSPF version 2 (referred as OSPF), OSPF version 3 (OSPFv3), and ICMP router discovery under a VRF using the [edit routing-instances routing-instance-name protocols] hierarchy. You can configure protocol independent routing using the edit routing-instances instance-name routing-options hierarchy.

Layer-3 Overlay supports the following tunneling protocols in cRPD:

  • Static routes in inet.3

  • BGP labeled unicast

  • GRE tunneling

  • MPLS static LSPs

  • Routes programmed using programmable-rpd APIs

  • direct-ebgp-peering on MPLS enabled interface

Moving the Interfaces under a VRF

The enslavement of devices is done by RPD that is interfaces configured under the routing instance are migrated (enslaved) to the vrf-device by RPD using a netlink message sent to the kernel.

When an interface is configured under the routing instance of type vrf, if such a link has been learnt from the kernel and the link is not associated to the correct table, RPD sends a netlink notification to enslave the link. If the link does not exist or RPD has not learnt about the link, whenever the link is created or RPD learns about it then the link will be enslaved correctly based on the configuration.