Internet in VRF vs Internet in GRT
16 Oct 2019 - riddler63
Share on:Internet in VRF vs Internet in GRT comparison
Disclaimer: It’s not a complete list of Pros and Cons.
Here is a comparison table for “Internet in VRF” and “Internet in GRT” options
| Property/Issue | Internet in VRF | Internet in GRT | Summary |
|---|---|---|---|
| BGP Free Core | Out of the box | Have to use MPLS and /30 - /32 MPLS label allocation | VRF is better. Less action required for VRF |
| Prefix visibility at PE | Using unique RD per PE or BGP ADD-PATH 1 for VPNv4 and/or VPNv6 | Using BGP ADD-PATH 1 | Unique RD is out off the box functionality. No additional features required. |
| Optimal path selection regardless of RR hierarchy | Using unique RD per PE (increases RIB memory consumption) or BGP Optimal Route Reflection 2 for VPNv4/VPNv6 | Using BGP ADD-PATH 1 (increases RIB memory consumption) or BGP Optimal Route Reflection 2 | It depends. Unique RD might be better solution, until PE has scarce RIB resources |
| Route oscillation 3 issue | Using unique RD per PE | Using BGP ADD-PATH 1 together with Advertise the Group Best Paths 4 | VRF is better, no additional features required |
| Flexible and simple approach to distinguish End-user, Transit, IXPs and Others | Built-in by RT import/export policy | Not Available | VRF is better |
| Flexible and simple approach to distribute routes partially | Built-in by RT import/export policy | BGP-ORF based on Prefix list or BGP Community (Nokia only) policy | VRF is better. BGP-ORF introduces big configuration overhead |
| Traffic diversion for DDoS mitigation | Easy to diverse traffic by using RD and RT manipulation. BGP Flowspec also an option | Have to use BGP Flowspec and other technics using protocols like BGP-LU | It depends. Traffic diversion by RT is less granular than BGP Flowspec. BGP Flowspec for VRF might not be supported by some vendors |
| Customer isolation | Built-in | Not Available | VRF is better |
| Prefix filtration on Egress per BGP peer | Using RTC/RTF. Filtering can be done on RR | BGP-ORF based on Prefix list policy on each PE | RTC/RTF is better approach, but PE have to support certain BGP AFI/SAFI |
| Low spec devices as Internet PE. Default route + partial BGP Full View (95% of traffic belongs to less than 500 prefixes) 5 | Using RTC/RTF and different RT | BGP-ORF based on Prefix list on each PE | VRF is better. BGP-ORF introduces big configuration overhead |
| Ability to advertise Full View, local prefix, IXP prefixes or any mix of above to the BGP peers | Simple and flexible by using RT and BGP Communities | Complex BGP policies based on BGP communities | VRF is better, because it provides simple and flexible way to control prefix advertisment |
| Strong demarcation between ISP infrastructure and Public Internet service | Built-in | N/A | VRF is better. |
| IPv6 Internet | Using 6VPE (VPNv6 AFI/SAFI). Simple | Using 6PE (Complex BGP-LU configuration) and additional label in MPLS stack | VRF is better. It provides unified approach for both IPv4 and IPv6 |
| BGP Fast Reroute | BGP PIC Core and BGP PIC Edge features | BGP ADD-PATH 1 and BGP FRR | It depends on features supported by the network |
| RIB consumption | +8% + ~80% per Full View VRF 6 | No extra RIB memory consumption | GRT is better, no extra RIB resources consumption |
| FIB consumption | Some vendors might need (might not) extra X% FIB space to store VRF entries | No extra FIB space needed | GRT is better, no extra FIB resources consumption |
| BGP security features | BGP RPKI, BGP FLow-spec and other BGP security features might not be available in VRF | Most of the BGP security features works in GRT | Currently GRT is better, BGP Security features for 99% implemented in GRT |
| BGP convergence time | RTC/RTF will affect BGP convergence time | BGP ORF can affect BGP convergence time | It depends. In common case RTC/RTF will increase BGP convergence time |
| Events to trigger BGP convergence | BGP events only (might not be fast enough). | BGP and IGP events (if NH address propagated via IGP) | It depends. BGP fast convergence might affect stability |
| BGP features | Vendors might have scarce feature set for BGP in VRF | Most of the BGP features will work in GRT | Currently GRT is better. |
| MPLS label allocation | Per Prefix - not enough MPLS labels; Per NH/CE -> MPLS labels quantity depends on NH/CE quantity; Per PE in VRF -> additional IP Lookup is needed on PE | Per Prefix - not enough MPLS labels; Per NH/interface -> MPLS labels quantity depends on number of NH/interfaces | Platform depended. Different vendors uses different approach. Per NH/CE mpls label allocation works well for both options |
References
1. Advertisement of Multiple Paths in BGP ↩
2. BGP Optimal Route Reflection ↩
3. Border Gateway Protocol Persistent Route Oscillation Condition
↩
4. Advertise the Group Best Paths ↩
5. Internet Traffic 2009 2019 ↩
6. Is it safe to run Internet in a VRF? ↩
7. Peering Fabric Design -> Peering and Internet in a VRF
8. Internet routing table in a VRF
9. Service Provider Network Architecture - Internet in a VRF