Skip to main content

Virtual Routing and Forwarding

Equinix Metal™ Virtual Routing and Forwarding (VRF) provides a virtual router for Layer 3 network connectivity between a Metal Gateway Layer 2 private network and remote destinations.

To create and configure Virtual Routing and Forwarding, you need three components:

Limitations

Before you create a VRF, consider the following limitations:

  • There is a limit of 8 VRFs per Project.
  • There is a limit of one /64 IPv6 IP Reservation per VRF.

Preparing for Your VRF

Before you create a VRF, be aware of the subnets you plan to use and how you are going to use them. This information is important because you will need to specify the IP address range when you create a VRF.

In your Allowed IP Ranges (ip_ranges) include the following:

  • Subnets that your Metal Gateway and the servers connected to the Metal Gateway will use. A VRF’s IP address range must be defined to create the VRF IP address reservations, which are then used to make the VRF’s Metal Gateways.

  • Subnets that you will use as the peering information of the VRF and the remote side of the connection. See Using VRF with Interconnections for more information.

Creating a Virtual Router

To create a VRF, open the Project's Virtual Routing and Forwarding page found in the Project's Networking section. Click Create Virtual Router.

Virtual Routing and Forwarding in the Console

In the Create Virtual Router pane, enter a name for your router and an optional description. Select the Metro where your servers, VLANs, the Metal Gateway, and this VRF are all located. All of these are required to be in the same Metro.

In the Allowed IP Ranges field, enter a list of CIDR network addresses. IPv4 address blocks must be between /8 and /29 in size. An IPv6 address block must be between /59 and /64 in size. You can also optionally specify a local ASN.

Creating a VRF in the Console

Click Create Virtual Router.

Creating a VRF IP Address Reservation

Next, create an IP address reservation specifically for your VRF that you will assign to your Metal Gateway. The subnet must be from a block that you specified in the Allowed IP Ranges (ip_ranges) when you created the VRF.

Click on the VRF you want to reserve IP addresses for. From the Overview tab, click Add IP Reservation.

Making an IP Reservation in the Console

In the panel, enter the subnet in CIDR notation. The maximum size IPv4 subnet is /22 and the minimum size subnet is /29. The only size IPv6 subnet is /64.

The Add IP Reservation pane in the Console

The Metro for the IP address reservation is inferred from the associated VRF. Click Submit Request.

As a result, you will get a subnet of reserved IP addresses in the same Metro as your VRF that is ready to be used by your VRF's Metal Gateway.

Creating the VRF Metal Gateway

Note: If you have not already created one, you will need to create a VLAN in the same Metro as your VRF. This VLAN provides the Layer 2 Network between your VRF's Metal Gateway and your servers.

Create a Metal Gateway in the same Metro as your VRF, selecting the VLAN you'll use to connect the gateway and your servers.

Creating a VRF's Metal Gateway in the Console

In the IP Block section, select VRF IP. Click the drop-downs to select the VRF and the VRF IP Address Reservation to associate with this Metal Gateway. Click Create Gateway.

As a result, you will get a Metal Gateway in the same Metro as your VRF, which uses the IP addresses in your VRF IP address reservation that you can assign to servers connected to the Metal Gateway's VLAN.

Connecting to Your VRF

To connect your VRF and Metal network to external peer networks, you also need to provision and configure one of the following:

Managing VRF

Once your VRFs are provisioned, you can view them in your Project's Networking section, on the Virtual Routing and Forwarding page.

List of a Project's VRFs in the Console

Click on a VRF to view its Overview.

Example Overview of a VRF in the Console

To update the VRF, click Edit Virtual Router Details.

Edit Virtual Router Details in the Console

In the pane, you can update fields for Name and Description.

You can also update the ASN if the VRF is not currently in use. The ASN can not be updated if there are active Virtual Circuits associated with the VRF, or if any of the VLANs of the VRF's Metal Gateway are attached to servers.

Updating the Virtual Router Details in the Console

This pane is also where you can add and remove Allowed IP Ranges.

The BGP Table

Once traffic is flowing and routing has started, you can monitor the BGP Neighbors and Learned Routes of your VRF. The BGP table displays all of the routes present in the VRF.

Note: Before monitoring, you must set up and enable all networking configurations. All the servers must be attached to the Metal Gateway's VLAN, and the Metal Gateway must display an "Active" status.

The BGP Neighbors table displays the peer information and status of your VRF's BGP neighbors.

The Learned Routes table displays information about all the VRF's learned routes, which it has built through BGP and other routers in the network.

Example BGP Tables Tab in the Console

Adding More IP Address Space to Your VRF

If needed, you can add IP Address space to your VRF after you have provisioned it.

Note: If you do not use all the initial IP address space allocated in the Allowed IP Range, you can make additional IP Address Reservations and Gateways using that IP Range. You do not have to create new Allowed IP Ranges if there is still space in your existing IP Range.

Adding More Allowed IP Ranges

Under the current list of Allowed IP Ranges, click Edit Virtual Router Details.

Edit Virtual Router Details in the Console

In the Allowed IP Ranges section, click Add New IP Range, and enter the new CIDR network address into the field. The IPv4 address blocks must be between /8 and /29 in size. An IPv6 address block must be between /59 and /64 in size, and only one IPv6 block per VRF is allowed. Click Add New IP Range to add more than one IP range.

Adding Allowed IP Ranges in the Console

Click Update Virtual Router.

Adding IP Address Reservations

In the IP Address Reservation section of the VRF's Overview, you can add Click Add IP Reservation and fill in the IP Subnet field with the subnets in CIDR notation. The subnets you request must be from the ip_ranges block that is associated with your VRF. Click Submit Request.

Adding IP Reservation to a VRF in the Console

Creating Additional Metal Gateways

Once you have made the IP address reservations, you can use them to create additional Metal Gateways for your virtual router. The procedure is the same as the initial Metal Gateway you created for the VRF.

Create a Metal Gateway in the same Metro as your VRF. Select the VLAN you will use to connect the gateway and your servers.

Creating a VRF's Metal Gateway in the Console

In the IP Block section, select VRF IP. Click the drop-downs to select the VRF and the VRF IP Address Reservation to associate with this Metal Gateway. Note: If the Select VRF IP Reservation drop-down is unavailable, then there are no usable IP Address Reservations associated with the VRF. You will need to create at least one new IP address reservation for the gateway.

Once you have the VRF and an IP address reservation selected, click Create Gateway.

You will now get a Metal Gateway in the same Metro as your VRF. The Metal Gateway uses the IP addresses in your VRF's IP address reservation, allowing you to assign them to servers connected to the Metal Gateway's VLAN.

Removing Gateways, IP Address Reservations, and IP Ranges

You can remove IP address space and gateways from your VRF. Note: You cannot remove IP Address Reservations used by a gateway or an Allowed IP Range with an IP Address Reservation in it.

First, delete the Metal Gateway. You can delete the gateway at any time. Use caution as this will disrupt any traffic that was being routed through the gateway and your VRF.

Then you can delete the IP Address Reservation.

To delete an IP Address Reservation, click the trash can icon next to the IP address you want to delete.

Deleting an IP Address Reservation from a VRF

If the trash can icon is not available, then the IP Address is still associated with a gateway and can not be modified or deleted.

Once the Metal Gateway and all the IP Address Reservations in an Allowed IP Range are removed, you can delete an Allowed IP Range.

Under the current list of Allowed IP Ranges, click Edit Virtual Router Details. In the Allowed IP Ranges section, click the trash can icon next to the IP range you want to delete.

Deleting an Allowed IP Range in the Console

If the trash can icon is not available, then the IP range still has IP Address Reservations associated with it and it can not be modified or deleted.

Click Update Virtual Router.

Deleting VRFs

warning

Deleting a VRF is permanent. You will not be able to recover this VRF once deleted.

All associated data will be removed from this VRF upon deletion, including the deletion of any VRF IP Reservations associated with the VRF, as well as the VRF's associated Metal Gateways and Virtual Circuits.

From the VRF's Overview tab, click Delete Virtual Router.

Deleting a VRF in the Console

You can also delete the VRF or multiple VRFs from the list by selecting them, and clicking Delete.

Deleting a VRF from the List