[c-nsp] general question on VRFs and FIBs...

Keegan Holley keegan.holley at sungard.com
Tue Sep 27 10:00:54 EDT 2011


2011/9/27 Gert Doering <gert at greenie.muc.de>

> Hi,
>
> On Mon, Sep 26, 2011 at 01:18:05PM -0700, Derick Winkworth wrote:
> > I'm trying to find an archived discussion or presentation discussing
> > why exactly the industry generally settled on having a separate
> > FIB table for each VRF vs having one FIB table with a column that
> > identifies the VRF instance?  I'm not finding it, but I'm guessing
> > its because of performance issues?
>
> Lookup would fail for overlapping address space if you lookup
> "address first, VRF second".
>
> How do you find the right entry if you have
>
>  10.0.0.0/8 vrf red
>  10.0.0.0/16 vrf green
>  10.0.1.0/24 vrf blue
>
> and try to look up 10.0.0.1 in vrf red?  You'll find the /24 entry, which
> is tagged "vrf blue".
>
> Alternatively, you'd need to explode the /8 entry for vrf red if *another*
> VRF adds a more specific for that /8.
>


I'm not claiming to understand why equipment manufacturers chose one method
over another.  However, if the vrf's all have separate tables in the real
world then that should require the table lookup to come before the prefix
lookup.  If not there would be no way to figure out which fib to search.  If
you apply the same logic to routes in the same FIB it works, at least in
theory.


More information about the cisco-nsp mailing list