[j-nsp] [c-nsp] general question on VRFs and FIBs...

Keegan Holley keegan.holley at sungard.com
Tue Sep 27 10:08:28 EDT 2011 

> Now in dcef mode
> With a separate FIB+Adjacency tables per vrf
> You could copy only subset of FIB and Adjacency tables to the linecard
> based on which vrfs the interfaces on the particular line-card are asociated
> with
> -to save up some memory
> (than a proces would be needed to request FIB resend from the RP when
> interface on a line-card would be asociated with a new vrf)
>
>
This would also work with a single FIB as well as long as the routes were
marked with what vrf they belong in.

Maybe we're missing the obvious.  It's possible that there is no real reason
why it separate FIBs were used.  It's possible that this decision was made
before vrf and L3VPN were common technologies and it was considered safer to
have separate FIBs.  Also, in the event of a forwarding bug or even a
security hole it's alot easier to maintain the integrity of a VRF if it's
forwarding entries are separate from the others.


>
> adam
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:
> cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
> Sent: Tuesday, September 27, 2011 9:58 AM
> To: Derick Winkworth
> Cc: juniper-nsp at puck.nether.net; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] general question on VRFs and FIBs...
>
> Hi,
>
> On Mon, Sep 26, 2011 at 01:18:05PM -0700, Derick Winkworth wrote:
> > I'm trying to find an archived discussion or presentation discussing
> > why exactly the industry generally settled on having a separate
> > FIB table for each VRF vs having one FIB table with a column that
> > identifies the VRF instance?  I'm not finding it, but I'm guessing
> > its because of performance issues?
>
> Lookup would fail for overlapping address space if you lookup
> "address first, VRF second".
>
> How do you find the right entry if you have
>
>  10.0.0.0/8 vrf red
>  10.0.0.0/16 vrf green
>  10.0.1.0/24 vrf blue
>
> and try to look up 10.0.0.1 in vrf red?  You'll find the /24 entry, which
> is tagged "vrf blue".
>
> Alternatively, you'd need to explode the /8 entry for vrf red if *another*
> VRF adds a more specific for that /8.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>                                                           //
> www.muc.de/~gert/ <http://www.muc.de/%7Egert/>
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the juniper-nsp mailing list