Virtual routing and forwarding (VRF) is a technology that allows multiple routing table instances to co-exist within the same router at the same time. VRF increases network security and improves deployment efficiency because network paths can now be segmented without requiring multiple routers.
VRF is widely deployed across service provider and enterprise networks, for example:
Wholesale carriers/providers utilize VRF for service and operational differentiation.
Cloud connectivity providers utilize VRFs for connectivity isolation between public and private cloud services.
VRF-based services deliver significant revenue streams. VRF visibility is critical:
Today, many enterprises buy managed VRF-based services from service providers.
Service providers continue to have a high run-rate of revenue which depends on VRF-based services and DDoS protection.
DDoS mitigation methods may utilize VRFs for scrubbing or rate-limiting services, with Flowspec to reduce the business impact.
Kentik provides comprehensive visibility into traffic using VRFs for insights not only for service providers or enterprises that deploy VRFs themselves, but also for end service-consumers who buy the VRF-based services from service providers. Kentik enables multiple VRF-related use cases in order to optimize network assets and availability:
A network engineer can verify that VRF network partitions are functioning correctly and ensure no traffic leakage.
An infrastructure/network planner can see inbound or outbound traffic at the provider edge (PE) segmented by VRFs to optimize utilization.
A network operator can see all traffic associated with a specific route distinguisher (RD) or verify the names of the VRFs that are associated with a specific RD correctly and reduce the chance of misconfiguration.
Services providers can understand where VRFs are provisioned (i.e. which routers or links) and what traffic volumes are generated per VRF (e.g. capacity planning use case), including a topology visualization to help fast troubleshooting when an issue arises.
Kentik has introduced VRF visibility in the form of the following new capabilities:
VRF awareness for vendors that support L3VPN and VRF-lite and are RFC4382 compliant
New VRF dimensions - source and destination VRF Name, VRF Route Distinguisher, VRF Route Target
New VRF dimensions in alerting policies
API that manages VRF attributes
Industry-only per-VRF correlation of traffic with BGP routing data, giving customers complete visibility into end-to-end traffic flows across L3VPN topologies, including BGP paths and Ultimate Exit attributes.
Image 1: Sankey diagram that maps how traffic exits the network based on the incoming VRF
With Kentik’s VRF visibility, network teams can gain a comprehensive understanding of the status of their VRF-based services, resolve issues faster and easily answer questions about how traffic maps to VRFs for capacity planning and customer reporting purposes.