NSX-T 3.0 Design Considerations for VRF-Lite

VRF-Lite is the latest capability added part of the NSX-T 3.0 release. Through this blog post “NSX-T 3.0 design consideration for VRF-lite”, let’s explore the benefits of VRF lite and its considerations from design and implementation perspectives.

VRF-Lite Advantages

Server virtualization admins usually struggle with the core networking concepts like VRF lite. Therefore, I recommend getting familiar with these networking concepts before proceeding. To give you a quick bite on the advantage, the VRF lite allows the coexistence of multiple routing instances in one routing device. While it maintains independent routing and forwarding tables for each instance. Furthermore, different routing domains can have the same network address coexisting with VRF lite. This helps to deal with the overlapping of network IP ranges in the same routing domain between business units or after a merger.

Existing network installations can make use of feature compatibility to extend the routing to the NSX-T datacenter. Additionally, the multiple routing instances in the same gateway results in resource optimization as well.

Each tenant required to have multiple T0 gateway to separate routing instances in earlier versions. This resulted in scale issues as only a single T0 can be deployed per edge node, in particular for deployments based on bare metal edges.

VRF lite allows multiple routing instances without deploying additional T0 gateways and edge nodes. This allows, the separation between tenants and applications. Moreover, VRF lite provides logical routing isolation and also allows to spans across the external peer devices

VRF-Lite: T0 Requirements & Considerations

T0 gateway is a mandatory component for VRF lite. And will require to be the parent gateway for the VRF gateways.  Please note that an existing T0 gateway with connected T1 gateways can be also used. Obviously, external connectivity requires layer 3 peer devices; and it should support 80.1Q protocol/VLAN tagging.  

VRF lite can be deployed in a single-tier or multi-tier topologies. However, VRF gateways can only be deployed as T0 gateways. Datacenter gateway use trunk to interconnect different VRFs. Additionally, the data center gateway and the underlying infrastructure like vSphere distributed port groups have to support trunking.

VRF-Lite Design: 802.1Q Requirements & Considerations

VLAN tagging, otherwise called 802.1Q protocol, in the uplink trunk segment, provides isolation for each VRF. VLAN is the channel for the data plane. Each VRF particular transport traffics are handles using VLAN to VRF mapping. BGP protocol instance in each VRF provides the control plane functionality. This helps to dynamically propagate and update routing information to all VRF peers. Also to note, in VRF lite there is no need to use MP-BGP extension to exchange routing information, compared to other VRF implementations

Summary

I hope this blog gives you an insight into the benefits of VRF lite and also generic consideration when doing design and configuration. For further reading please use the following link: NSX-T Data Center Administration Guide and the blog post: NSX-T 3.0 key features. Happy learning