Virtual routing and forwarding (VRF) has been around for years as a technology. However, for those in charge of monitoring a network, there has never been a solution capable of providing full visibility into the end-to-end VRF traffic that flows in and out of a network.
Kentik is changing that. We now offer an industry-first VRF visibility solution to show where VRF traffic will exit your network. This functionality goes beyond the local device VRF configurations and utilizes route tables, BGP peering, and other sources to bring end-to-end visibility of VRFs that no other network monitoring tool can provide.
Virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to coexist within the same router at the same time. You can think of VRFs as “logical routers” residing in one physical router, serving to automatically segregate the traffic.
VRF is one of the earliest networking virtualization techniques that creates multiple virtual networks within a single network entity (as illustrated above). In a single network component, multiple VRF resources create isolation between virtual networks. That’s why VRF is widely used in the infrastructure of ISPs, enterprises, research & education, and many other verticals, as the technique supports the data center, peering, interconnection, and traffic engineering.
Network engineers across industries often struggle with visibility into VRF. As just one example: Consider the case of ISPs. ISPs use the same physical router-to-router traffic for various customers, and they configure VRF to separate their various customers’ traffic in order to achieve multi-tenancy.
As a network engineer, there are many challenges to solve in order to make sure all end customers transmit business data through the pipe without any possible traffic leaking.
Without VRF visibility, network engineers struggle to answer questions such as:
Kentik is set to solve end-to-end VRF visibility challenges with comprehensive coverage:
2. VRF Manual API & Alerting Capability: To give users programmatic control of VRF attributes associated with each interface, we added support for VRF attributes in the interface methods of our device API, which can be experimented with in the Kentik API tester. Moreover, all these VRF dimensions are also supported in alert policies.
3. Associate VRF with BGP Attributes: Recently, we also added the functions to correlate information of VRF with BGP, which is true differentiation. This means we can now calculate various BGP and Ultimate Exit attributes correctly in VRF L3VPN configurations.
A quick recap on Kentik-patented feature Ultimate Exit (UE): Ultimate Exit enables end-to-end visibility of the traffic, providing an easy way to visualize what volumes of traffic are flowing in and out of your network, from any source to any destination network. You can then use that information to cut costs (e.g., peering) and to more accurately estimate the cost of carrying any set of traffic for any given customer.
Now, you can do even more with VRF visibility, such as (1) obtain VRF routing table via BGP peering, (2) enhance flow records with correct BGP UE and AS path from VRF routing tables, and (3) associate VRF information with the right routing tables to correctly associated UE.
With this capability, Kentik customers can now see, on a per-VRF basis, where the traffic is entering the network, how far they are carrying it, where it is leaving, what type of interface (e.g., transit/peer/customer), and what the volume is. This enables them to figure out the cost to provide the customer service in a VRF service.
With VRF visibility supported by Kentik:
As a result, in today’s complex network deployments, end-to-end VRF traffic visibility from Kentik allows network operations teams to understand and manage traffic in networks of all types, from source to destination, so to gain more accurate calculations on cost for any given customer.