

You might think that there is no difference between an IP routing table and an IP forwarding table?and usually that's true. The combination of the VPN IP routing table and associated VPN IP forwarding table is called VPN routing and forwarding instance (VRF). The usage of these structures is explained in the rest of this chapter, and the detailed operation of each of them is explained in the next chapters. Router variables associated with the routing protocol that is used to populate the VPN routing table.įigure 8-2.

These rules were introduced to support overlapping VPNs and are explained later in this chapter.Ī set of routing protocols/peers, which inject information into the VPN routing table. Rules that control the import and export of routes from and into the VPN routing table.

More structures are associated with each virtual router than just the virtual IP routing table:Ī forwarding table that is derived from the routing table and is based on CEF technology.Ī set of interfaces that use the derived forwarding table. Uniqueness of addresses is not required among VPNs except where two VPNs that share the same private address space want to communicate. Each customer site belongs to a particular VPN, so the only requirement is that the address space be unique within that VPN. The concept of virtual routers allows the customers to use either global or private IP address space in each VPN. The additional complexity introduced by overlapping VPNs or sites belonging to more than one VPN is explained in the section "Overlapping Virtual Private Networks," later in this chapter. Nevertheless, it is true in cases where each site (or customer) belongs only to one VPN. The relationship between virtual private networks and VPN routing and forwarding tables as explained in the previous paragraph is a slight simplification of the actual relationship between these two concepts.
