Fortinet black logo

Administration Guide

Virtual routing and forwarding

Copy Link
Copy Doc ID f65c09ce-240d-11ed-9eba-fa163e15d75b:626303
Download PDF

Virtual routing and forwarding

NOTE: You must have an advanced features license to use virtual routing and forwarding (VRF).

You can use the VRF feature to create multiple routing tables within the same router.

Use the following steps to configure VRF:

  1. Creating a VRF instance
  2. Assigning the VRF instance to a SVI
  3. Assigning the VRF instance to a static route
  4. Checking the VRF configuration

Starting in FortiSwitchOS 7.0.0, OSPF supports VRF. To use VRF with OSPF, create a VRF instance and then use the same VRF identifier in the config vrf commands under config router ospf.

Starting in FortiSwitchOS 7.2.1, you can configure port-based VRF for an RVI.

NOTE: This feature is supported only on the switch virtual interface (SVI).

Creating a VRF instance

You create a VRF instance by assigning a name and an identifier.

  • The VRF name cannot match any SVI name.
  • The VRF identifier is a number in the range of 1-1023, except for 252, 253, 254, and 255. You cannot assign the same VRF identifier to more than one VRF instance. After the VRF instance is created, the VRF identifier cannot be changed.
Using the GUI:
  1. Go to Router > Config > VRF.

  2. Click Add VRF.

  3. In the Name field, enter a name for your VRF instance.

  4. In the VRFID field, enter a VRF identifier.

  5. Click Add.

Using the CLI:

config router vrf

edit <string>

set vrfid <VRF_ID>

end

For example:

config router vrf

edit vrfv4

set vrfid 1

next

edit vrfv6

set vrfid 2

next

end

Assigning the VRF instance to a SVI

You assign the VRF instance to an SVI when you create the SVI. After the SVI is created, the VRF instance cannot be changed or unset.

You can assign the same VRF instance to more than one SVI. The VRF instance cannot be assigned to an internal SVI.

Using the GUI:
  1. Go to System > Network > Interface > VLAN.

  2. Click Add VLAN.

  3. From the VRF dropdown list, select the VRF instance.

  4. Configure the other fields as required.

  5. Click Add.

Using the CLI:

config system interface

edit <interface_name>

set vrf <string>

end

For example:

config system interface

edit v40

set vlanid 40

set vrf vrfv4

next

edit v50

set vlanid 50

set vrf vrfv4

next

end

Assigning the VRF instance to a static route

You assign the VRF instance to an IPv4 or IPv6 static route when you create the static route. After the static route is created, the VRF instance cannot be changed or unset.

You can assign the same VRF instance to more than one static route.

Using the GUI:
  1. Go to Router > Config > Static or Router > Config > IPv6 Static.

  2. Click Add Route.

  3. From the VRF dropdown list, select the VRF instance.

  4. Configure the other fields as required.

  5. Click Add.

Using the CLI:

config router static

edit <seq-num>

set vrf <string>

end

config router static6

edit <seq-num>

set vrf <string>

end

For example:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set status enable

set vrf vrfv4

end

config router static6

edit 2

set dst 5555::/64

set gateway 4000::2

set status enable

set vrf vrfv6

end

Checking the VRF configuration

Using the GUI:

Go to Router > Config > Static, Router > Config > IPv6 Static, or System > Network > Interface > VLAN.

Using the CLI:
  • get router info routing-table vrf <VRF_name>
  • get router info6 routing-table vrf <VRF_name>

Virtual routing and forwarding

NOTE: You must have an advanced features license to use virtual routing and forwarding (VRF).

You can use the VRF feature to create multiple routing tables within the same router.

Use the following steps to configure VRF:

  1. Creating a VRF instance
  2. Assigning the VRF instance to a SVI
  3. Assigning the VRF instance to a static route
  4. Checking the VRF configuration

Starting in FortiSwitchOS 7.0.0, OSPF supports VRF. To use VRF with OSPF, create a VRF instance and then use the same VRF identifier in the config vrf commands under config router ospf.

Starting in FortiSwitchOS 7.2.1, you can configure port-based VRF for an RVI.

NOTE: This feature is supported only on the switch virtual interface (SVI).

Creating a VRF instance

You create a VRF instance by assigning a name and an identifier.

  • The VRF name cannot match any SVI name.
  • The VRF identifier is a number in the range of 1-1023, except for 252, 253, 254, and 255. You cannot assign the same VRF identifier to more than one VRF instance. After the VRF instance is created, the VRF identifier cannot be changed.
Using the GUI:
  1. Go to Router > Config > VRF.

  2. Click Add VRF.

  3. In the Name field, enter a name for your VRF instance.

  4. In the VRFID field, enter a VRF identifier.

  5. Click Add.

Using the CLI:

config router vrf

edit <string>

set vrfid <VRF_ID>

end

For example:

config router vrf

edit vrfv4

set vrfid 1

next

edit vrfv6

set vrfid 2

next

end

Assigning the VRF instance to a SVI

You assign the VRF instance to an SVI when you create the SVI. After the SVI is created, the VRF instance cannot be changed or unset.

You can assign the same VRF instance to more than one SVI. The VRF instance cannot be assigned to an internal SVI.

Using the GUI:
  1. Go to System > Network > Interface > VLAN.

  2. Click Add VLAN.

  3. From the VRF dropdown list, select the VRF instance.

  4. Configure the other fields as required.

  5. Click Add.

Using the CLI:

config system interface

edit <interface_name>

set vrf <string>

end

For example:

config system interface

edit v40

set vlanid 40

set vrf vrfv4

next

edit v50

set vlanid 50

set vrf vrfv4

next

end

Assigning the VRF instance to a static route

You assign the VRF instance to an IPv4 or IPv6 static route when you create the static route. After the static route is created, the VRF instance cannot be changed or unset.

You can assign the same VRF instance to more than one static route.

Using the GUI:
  1. Go to Router > Config > Static or Router > Config > IPv6 Static.

  2. Click Add Route.

  3. From the VRF dropdown list, select the VRF instance.

  4. Configure the other fields as required.

  5. Click Add.

Using the CLI:

config router static

edit <seq-num>

set vrf <string>

end

config router static6

edit <seq-num>

set vrf <string>

end

For example:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set status enable

set vrf vrfv4

end

config router static6

edit 2

set dst 5555::/64

set gateway 4000::2

set status enable

set vrf vrfv6

end

Checking the VRF configuration

Using the GUI:

Go to Router > Config > Static, Router > Config > IPv6 Static, or System > Network > Interface > VLAN.

Using the CLI:
  • get router info routing-table vrf <VRF_name>
  • get router info6 routing-table vrf <VRF_name>