How to: Configure VRF

Overview

The Virtual Routing and Forwarding (VRF) improves network functionality by allowing traffic segregation and reutilization of IP addresses on the network provided the addresses reside in different VRFs. Using VRF, the BIG-IP Next can isolate network traffic for a particular application and add routes for destinations that are not located on a directly connected network and drop all traffic sent to a specific destination.

Use the static routes for flexible routing behavior of the network. Only one default route domain is allowed. Do not add a VLAN in two different route domains, a validation error is displayed if same VLAN is added in two route domains. Also, you cannot have the same self IP in the two VLANs in the same route domain, with in route domain the self IP must be unique.

A default VRF is available by default. You can create a non-default VRF and assign VLANs to it based on your requirment. By default, all VLANs, both internal and external VLANS are assigned to the Default VRF, you can uncehck the default VRF option at a VLAN and assign that VLAN to a non-default VRF.

Procedure

Prerequisites

  • Ensure that an external and an internal VLAN exist on the BIG-IP Next.

  • To manage BIG-IP Next instances, you must have Administrator or Instance Manager user credentials. Users with Application Manager and Auditor credentials have read-only access to all application service information. For more information about user roles, see How to: Assign standard roles to users.

Add a non-default VRF

Use this procedure to add a non-default VRFs, a default VRF is available by default:

1. Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Infrastructure.

  1. Click on the instance name. The instance properties display.

  2. Select the Routing & Forwarding tab. The Default VRF is available by default.

  3. Click Add to add a new VRF.

  4. In the Name field, specify the name of the VRF.

  5. From the VLANs drop-down, select the VLANs to associate with the VRF. The BIG-IP Next Central Manager adds a Layer 2 network to the VRF based on the VLANs selected.

    Note: A validation error displays if the VLAN selected is being used in another VRF. If the VLAN is already used in Default VRF, then you must remove the VLAN from the Default VRF for it to be used in another VRF. Navigate to Networking & Proxy tab. Click Edit, in Networking VLANS, uncheck the Default VRF option against the VLAN to remove it from default VRF.

  6. Click Save. The Routing & Forwarding tab displays the list of VRFs.

    Note: The Default VRF field is disabled for all VRFs.

Configure VRF in an application

Use this procedure to deploy an application with VRF:

1. Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.

  1. Click on the application name. The application properties display.

  2. Click Review and Deploy. The Instance/Locations screen opens with a list of available instance or locations or click Start Adding to specify an instance or location.

  3. In the Members column, the number specifies the added pool members, click the down arrow and select Pool Members. The pool members page displays the properties and list of added pool members endpoints.

  4. Enter details in all required fields for the pool member.

  5. In the Virtual Routing & Forwarding (VRFs), choose default or non-default VRF.

  6. If no pool members are available, click on Add Row button to start adding a pool member endpoint.

  7. Click Save.

  8. Click the Edit icon under Configure.

  9. In the Ingress Virtual Routing & Forwarding (VRF), for the Client-Side, choose default or non-default VRF.

    Note: The filed Ingress Virtual Routing & Forwarding (VRF), for the Client-Side is available only when Enable VLANs the Client-Side will listen on field is disbaled.

  10. Click Save.

  11. Click Deploy Changes.