This is the documentation for the 21.07 version. Looking for the documentation of the latest version? Have a look here.

Virtual Routing and Forwarding

Virtual Routing and Forwarding (VRF) is a feature which uses isolated L3 domains with alternate routing tables for specific interfaces and dynamic routing purposes.

When a VRF route table is created and assigned to interfaces, those interfaces effectively belong to a separate virtual “router” on its own layer 3 domain. A VRF entry may also be assigned to dynamic routing instances (e.g. BGP, OSPF) so that they may handle routing for that VRF.

When routing packets, TNSR consults the contents of the VRF route table for the interface the packet enters (ingress). The VRF route table may contain entries which direct traffic to egress through an interface in the same VRF or even a different VRF.


To egress through a different VRF, add entries to the VRF route table which use a next-hop located in a different VRF.

If an interface or routing daemon is not configured for a specific VRF, TNSR uses the default VRF. For IPv4, the default VRF routing table is ipv4-VRF:0. For IPv6, the default is ipv6-VRF:0. Though this default VRF has separate tables for IPv4 and IPv6, user-defined VRF route tables use the same name for IPv4 and IPv6.

Identical routes can have different destination paths in separate VRFs, and identical networks can even be directly connected to multiple interfaces in different VRFs, provided that the route table entries do not result in traffic crossing into a conflicting VRF.

Managing VRFs

A VRF must be created before it can be used by TNSR. To create a VRF, start in config mode and use the route table <name> command, which enters config-route-table mode. The VRF name must be between 2 and 15 characters in length. From within config-route-table mode, the new route table requires a non-zero ID.

tnsr(config)# route table myroutes
tnsr(config-route-table)# id 10

For more information about options available in this mode, see Managing Routes.

Utilizing VRFs

To utilize VRFs, specify them on interfaces and in dynamic routing daemons as needed.


To set a VRF on an interface, use the vrf <vrf-name> command from within config-interface mode.

tnsr(config)# interface LAN
tnsr(config-interface)# vrf myroutes

See also

See Interface Configuration Options for more on configuring interface options.

Dynamic Routing

Use of VRF entries varies by dynamic routing types. Look in the type-specific sections of Dynamic Routing for details about using VRFs.

VRF Example

This brief example demonstrates the basics of creating and using a VRF with static routing.

First, create a new route table for the VRF:

tnsr(config)# route table myroutes
tnsr(config-route-table)# description My VRF
tnsr(config-route-table)# id 10
tnsr(config-route-table)# exit

Next, add a default route to the new table:

tnsr(config)# route table myroutes
tnsr(config-route-table)# route
tnsr(config-rttbl4-next-hop)# next-hop 0 via
tnsr(config-rttbl4-next-hop)# exit
tnsr(config-route-table)# exit

Finally, assign the route table to an interface as a VRF:

tnsr(config)# interface LAN
tnsr(config-interface)# vrf myroutes
tnsr(config-interface)# exit

Traffic entering the LAN interface will now use the default route specified in this VRF route table instead of the default route in the default VRF route table.