Multiple distinct routers are supported within a single router, which allows service providers to configure multiple, separate, secure routers within a single chassis. These routers are identified as virtual routers (VRs). Applications for this function include the creation of individual routers dedicated to wholesale customers, corporate virtual private network (VPN) users, or a specific traffic type.

Default Virtual Router

When you first boot your router, it creates a default virtual router. The only difference between the default VR and any other router is that you cannot create or delete the default VR. Just like any other router, the default VR gets its IP addresses when you add interfaces to it.

Virtual Router Instances

E Series routers can support up to 1,000 forwarding tables; that is, up to a total of 1,000 VRs and VPN routing and forwarding (VRF) instances. Each VRF has a forwarding table. A network device attaching to a router detects a router interface. The attaching device has no notion of the virtual router behind the interface.

For example, a physical ATM link may have circuits that are connected to different VRs. The physical and data link layers are not aware that there are multiple router instances. See Figure 28.

Figure 28: Virtual Routers

Virtual Routers

VRs and VRFs are tools for implementing VPNs.

Routing Protocols

Your router implements the VRs by maintaining a separate instance of each data structure for each VR and allowing each protocol (for example, TCP/UDP, RIP, OSPF, and IS-IS) to be enabled on a case-by-case basis. A table of router interfaces associates user connections (for example, PPP or ATM) with one or more IP interfaces within a VR.

VPNs and VRFs

Your router supports VPNs and VRFs. For information about VPNs and VRFs, see JunosE BGP and MPLS Configuration Guide.


A VPN is a set of sites attached to a common network, but whose data is handled separately from that common network.

VPNs enable private IP traffic to travel over a public TCP/IP network by tunneling that traffic between VPN member sites. Different levels of security are available depending on the security of the tunnel used between sites.

Your router supports VPNs consisting of VRs or VRFs. See RFC 2547—BGP/MPLS VPNs (March 1999). Additionally, your router supports tunnels built from GRE, IPsec, L2TP, MPLS, and tunnels built from layer 2 circuits, such as Frame Relay and ATM.


A VRF is a virtual routing and forwarding instance that exists within the context of a VR. The VRF provides forwarding information to your router. The system looks up a packet’s destination in the VRF associated with the interface on which the packet is received. In general, any application that can be enabled in a VR can be enabled in a VRF. VRFs are generally associated with the VPN behavior described in RFC 4364—BGP/MPLS IP Virtual Private Networks (VPNs).

When a VRF receives an update message, it needs to know whether it should add the route to its routing table. Similarly, when a VRF sends update messages, it needs to identify the VPNs that it wants to receive the updates. See JunosE BGP and MPLS Configuration Guide.