7.1. VRF¶

VRF support allows to create multiple independent routing tables on the same device.

The traffic is distributed between the VRFs according to the binding of the data interfaces. Initially, only the default VRF exists on the device, and all data interfaces are bound to it. To create a new VRF, use the command:

vrf NAME¶: When executing this command, a new VRF will be created and you will enter its configuration mode.

After creating a VRF, you need to bind the interfaces which traffic you want to route in this VRF. This is done using the vrf VRFNAME command in the interface configuration mode.

Show Commands:¶

show vrf NAME¶: Display the information about created VRF (its name and index number). Index number is useful for searching this VRF in the NAT logs.

show vrf NAME counters [<ip|ipv6>]¶

Display counters for specified VRF. Counters for IPv4 and IPv6 are the same.

Counters	Description
`Fragment No Memory Drops`	Fragmentation is required when the IP packet size exceeds the MTU value of a network interface. The IP fragmentation is proceeded at the packet sending stage. vCGNAT creates N new packets, which are taken from the packet pool. If there are not enough packets, then we drop the whole packet and add 1 to the counter. To see packet-pool load, use the command `show debugging packets-pools`
`Packet Too Big Drops`	The IP packet size is exceeded MTU of the interface and the fragmentation cannot be done. For IPv4 case the fragmentation is not performed if DF flag (Don’t fragment” flag) is set. For IPv6 the fragmentation is not performed at all. The exception is NAT64. If fragmentation is needed after address translation from IPv4 to IPv6, it will be done if the DF flag was not set
`TTL Drops`	Time to live is expired which indicates a loop in your network or TTL value of the IP packet is set very low
`No Neighbor Drops`	Failed to find next-hop MAC address in ARP table
`No Route Drops`	Cannot find the path to the destination host in the route table
`No Source Address Drops`	The source IPv4/IPv6 node address field cannot be filled during packet generation. These types of errors occur only for locally generated packets such NAT logs or ICMP errors
`Invalid Packet Length Drops`	Invalid IPv4/IPv6 header length

clear vrf NAME counters [<ip|ipv6>]¶: Clear all VRF counters. You can specify counters for IPv4 or IPv6 to be cleared.