VRF Lite Configuration Validation

In last post I covered the steps of configuring VRF gateways and attached Tier-1 gateway to VRF. In this post I am going to test my configuration to ensure things are working as expected. 

Following configuration was done in vSphere prior to VRF validation:

  • Tenant A VM is deployed and connected to segment ‘Tenant-A-App-LS’ and have IP 172.16.70.2
  • Tenant B VM is deployed and connected to segment ‘Tenant-B-App-LS’ and have IP 172.16.80.2

Connectivity Test

To test connectivity, I first picked Tenant-A vm and performed following tests:

A: Pinged default gateway and got ping result.

B: Pinged default gateway of Tenant-B segment and got the result.

C: Pinged Tenant-B VM and got result.

D: Pinged a server on physical network and got ping response.

Same set of tests I performed for Tenant-B VM and all test results passed.

Traceflow

Traceflow is another way of testing connectivity between vm’s. Below are my traceflow results for the 2 vm’s:

Here is the topology diagram created by NSX-T to show path taken by packet from Tenant-A-App01 vm to Tenant-B-App01 vm.

And here is the actual packet flow.

Traceflow from Tenant-B-App01 > Tenant-A-App01

Lets connect to edge nodes and perform additional validations.

1: Let’s have a look into SR-DR components that gets created with VRF

From above table, we can see SR components for Tenant A & B VRF’s got created. 

Since we have attached Tier-1 gateways to VRF, DR components also got created for the VRF’s. 

Let’s connects to logical router SR-VRF-Tenant-A-VRF Logical and verify the BGP neighbor connectivity.

BGP Routing Table for Tenant-A

So things looks good from BGP prospective in my lab. 

And that’s it for this post. In next post I will show how to configure Inter-VRF routing.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂

Leave a Reply