This topic is closely related to Virtualization and VLANs. Consider studying those first, if you haven’t.

Virtual Routing & Forwarding (VRF) is used to divide a single router into multiple virtual routers, similar to how VLANs are used to divide a single switch (LAN) into multiple switches (VLANs).

VRFs allow a single router to have multiple routing domains. This is accomplished by allowing a router to build multiple separate routing tables. Interfaces1 will be configured to be in a specific VRF (aka VRF instance). The router will not be able to forward traffic received on an interface assigned to VRF A out of an interface assigned to VRF B 2.


VRF is commonly used to facilitate MPLS, but for now we’ll cover VRF-lite (VRF without MPLS).

VRF is commonly used by service providers to allow one device to carry traffic from multiple customers. VRF keeps each customer’s traffic isolated from the other’s, and customer IP addresses can overlap without issues. Remember that customers are likely to be using private IP addresses, so there is likely to be overlap between any two customers.


  1. Layer 3 interfaces, specifically. Only router interfaces, SVIs, & routed ports on multilayer switches can be configured in a VRF.

  2. VRF Leaking can be configured to allow traffic to pas between VRFs on the same device, but we’ll save that for another time.