Increase the number of VRFs per VDOM
In FortiOS 7.2.0 to 7.2.3, the number of VRFs per VDOM has increased from 32 to 64 to support large SD-WAN, VPN, and BGP deployments. Up to 64 VRFs can be configured per VDOM on any device.
In FortiOS 7.2.4, the number of VRFs per VDOM has increased from 64 to 252. Up to 252 VRFs can be configured per VDOM on any device.
The VRF ID range has changed to in the following commands:
config system interface
edit <name>
set vrf <integer>
next
end
config router {static | static6}
edit <id>
set vrf <integer>
next
end
config router bgp
config {vrf | vrf6}
edit <integer>
next
end
end
The following diagnostic commands have been added:
# diagnose ip router bgp set-filter vrf <vrf_id>
# diagnose ip router bgp set-filter neighbor <neighbor_address>
# diagnose ip router bgp set-filter reset
# get router info filter show
# get router info filter vrf {vrf_id | all}
Example
In this example, 64 VRFs are configured on the root VDOM. The aggregate interface, agg1, is configured on the root VDOM with VRF ID 63. The diagnostic output displays the 64 configured VRFs and filtering on a specific VRF ID (63).
To configure the interface:
config system interface
edit "agg1"
set vdom "root"
set vrf 63
set ip 172.16.203.1 255.255.255.0
set allowaccess ping
set type aggregate
set member "port11" "port12"
next
end
To view the diagnostics:
- Verify the routing table entries:
# get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 * - candidate default Routing table for VRF=0 S* 0.0.0.0/0 [5/0] via 10.100.1.249, port4, [1/0] O IA 2.2.2.2/32 [110/11000] via 172.16.200.2, port1, 00:09:45, [1/0] O 3.3.3.3/32 [110/11000] via 172.16.200.4, port1, 06:59:16, [1/0] O IA 4.4.4.4/32 [110/11100] via 172.16.200.2, port1, 00:09:51, [1/0] O 10.100.1.0/24 [110/0] is a summary, Null, 06:59:35, [1/0] C 10.100.1.0/30 is directly connected, port5 C 10.100.1.4/30 is directly connected, port7 C 10.100.1.248/29 is directly connected, port4 B 10.100.10.0/24 [20/300] via 10.100.1.1 (recursive is directly connected, port5), 06:59:30, [1/0] B 10.100.11.0/24 [20/300] via 10.100.1.1 (recursive is directly connected, port5), 06:59:30, [1/0] S 172.16.100.71/32 [10/0] via 172.16.200.254, port1, [1/0] C 172.16.200.0/24 is directly connected, port1 C 172.16.200.200/32 is directly connected, port1 S 172.16.201.0/24 [150/0] via 172.16.200.4, port1, [1/0] O IA 172.16.202.0/24 [110/1100] via 172.16.200.2, port1, 00:09:51, [1/0] O IA 172.16.203.0/24 [110/1050] via 172.16.200.2, port1, 00:09:45, [1/0] S 172.16.204.0/24 [10/0] via 172.16.200.4, port1, [1/0] [10/0] via 172.16.206.2, vlan100, [101/0] C 172.16.205.0/24 is directly connected, port2 C 172.16.206.0/24 is directly connected, vlan100 C 172.16.207.1/32 is directly connected, GRE_1 C 172.16.207.2/32 is directly connected, GRE_1 C 172.16.212.1/32 is directly connected, ipip_A_D C 172.16.212.2/32 is directly connected, ipip_A_D C 172.17.200.200/32 is directly connected, port1 S 172.27.1.0/24 [10/0] is a summary, Null, [1/0] S 172.27.2.0/24 [10/0] is a summary, Null, [1/0] S 172.27.5.0/24 [10/0] is a summary, Null, [1/0] S 172.27.6.0/24 [10/0] is a summary, Null, [1/0] S 172.27.7.0/24 [10/0] is a summary, Null, [1/0] S 172.27.8.0/24 [10/0] is a summary, Null, [1/0] S 172.29.1.0/24 [10/0] is a summary, Null, [1/0] S 172.29.2.0/24 [10/0] is a summary, Null, [1/0] O N2 172.31.4.0/22 [110/25] via 172.16.200.4, port1, 06:59:15, [1/0] C 192.168.1.0/24 is directly connected, mgmt Routing table for VRF=5 C 172.16.23.1/32 is directly connected, vlax5 Routing table for VRF=6 C 172.16.23.2/32 is directly connected, vlax6 ... Routing table for VRF=61 C 172.16.13.3/32 is directly connected, vlax61 Routing table for VRF=62 C 172.16.13.4/32 is directly connected, vlax62 Routing table for VRF=63 C 1.1.1.1/32 is directly connected, loopback1 O 2.2.2.2/32 [110/10050] via 172.16.203.2, agg1, 00:09:25, [1/0] O IA 3.3.3.3/32 [110/11050] via 172.16.203.2, agg1, 00:09:25, [1/0] O IA 4.4.4.4/32 [110/10150] via 172.16.203.2, agg1, 00:09:25, [1/0] S 10.1.100.0/24 [10/0] via 172.16.203.2, agg1, [1/0] C 172.16.14.1/32 is directly connected, vlax63 O IA 172.16.200.0/24 [110/1050] via 172.16.203.2, agg1, 00:09:25, [1/0] S 172.16.202.0/24 [10/0] via 172.16.203.2, agg1, [1/0] C 172.16.203.0/24 is directly connected, agg1 S 172.16.204.0/24 [10/0] via 172.16.203.2, agg1, [1/0] O IA 172.16.212.2/32 [110/150] via 172.16.203.2, agg1, 00:09:25, [1/0] B 172.25.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:01:54, [1/0] B 172.26.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:01:54, [1/0] B 172.26.2.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:01:54, [1/0] B 172.28.0.0/16 [200/0] is a summary, Null, 00:03:25, [1/0] B 172.28.1.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:03:25, [1/0] B 172.28.2.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:03:25, [1/0] B 172.28.5.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:03:25, [1/0] B 172.28.6.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:03:25, [1/0] O E2 172.31.4.0/22 [110/25] via 172.16.203.2, agg1, 00:09:24, [1/0] - Verify the routing table entries filtered on VRF ID 63:
# get router info filter vrf 63
BGP routing table:
# get router info routing-table bgp Routing table for VRF=63 B 172.25.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:44, [1/0] B 172.26.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:44, [1/0] B 172.26.2.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:44, [1/0] B 172.28.0.0/16 [200/0] is a summary, Null, 00:04:15, [1/0] B 172.28.1.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:15, [1/0] B 172.28.2.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:15, [1/0] B 172.28.5.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:15, [1/0] B 172.28.6.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:15, [1/0]
All routing table entries:
# get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 * - candidate default Routing table for VRF=63 C 1.1.1.1/32 is directly connected, loopback1 O 2.2.2.2/32 [110/10050] via 172.16.203.2, agg1, 00:10:18, [1/0] O IA 3.3.3.3/32 [110/11050] via 172.16.203.2, agg1, 00:10:18, [1/0] O IA 4.4.4.4/32 [110/10150] via 172.16.203.2, agg1, 00:10:18, [1/0] S 10.1.100.0/24 [10/0] via 172.16.203.2, agg1, [1/0] C 172.16.14.1/32 is directly connected, vlax63 O IA 172.16.200.0/24 [110/1050] via 172.16.203.2, agg1, 00:10:18, [1/0] S 172.16.202.0/24 [10/0] via 172.16.203.2, agg1, [1/0] C 172.16.203.0/24 is directly connected, agg1 S 172.16.204.0/24 [10/0] via 172.16.203.2, agg1, [1/0] O IA 172.16.212.2/32 [110/150] via 172.16.203.2, agg1, 00:10:18, [1/0] B 172.25.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:47, [1/0] B 172.26.1.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:47, [1/0] B 172.26.2.0/24 [200/0] via 2.2.2.2 [2] (recursive via 172.16.203.2, agg1), 00:02:47, [1/0] B 172.28.0.0/16 [200/0] is a summary, Null, 00:04:18, [1/0] B 172.28.1.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:18, [1/0] B 172.28.2.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:18, [1/0] B 172.28.5.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:18, [1/0] B 172.28.6.0/24 [200/0] via 3.3.3.3 (recursive via 172.16.203.2, agg1), 00:04:18, [1/0] O E2 172.31.4.0/22 [110/25] via 172.16.203.2, agg1, 00:10:17, [1/0]
- Run debugs on the VRF:
# diagnose ip router bgp set-filter vrf 63 # diagnose ip router bgp level info # diagnose ip router bgp all enable BGP: 2003::3:3:3:3-Outgoing [DECODE] Msg-Hdr: type 4, length 19 BGP: 2003::3:3:3:3-Outgoing [DECODE] KAlive: Received! BGP: 2003::3:3:3:3-Outgoing [FSM] State: Established Event: 26 BGP: 2003::2:2:2:2-Outgoing [FSM] State: Established Event: 34 BGP: 2003::2:2:2:2-Outgoing [DECODE] Msg-Hdr: type 4, length 19 BGP: 2003::2:2:2:2-Outgoing [DECODE] KAlive: Received! BGP: 2003::2:2:2:2-Outgoing [FSM] State: Established Event: 26 BGP: 2.2.2.2-Outgoing [FSM] State: Established Event: 34 BGP: 2003::3:3:3:3-Outgoing [FSM] State: Established Event: 34 BGP: 2.2.2.2-Outgoing [ENCODE] Msg-Hdr: Type 4 BGP: 2.2.2.2-Outgoing [ENCODE] Keepalive: 963 KAlive msg(s) sent BGP: 2003::3:3:3:3-Outgoing [ENCODE] Msg-Hdr: Type 4 BGP: 2003::3:3:3:3-Outgoing [ENCODE] Keepalive: 965 KAlive msg(s) sent BGP: 2003::3:3:3:3-Outgoing [FSM] State: Established Event: 34 BGP: 2003::2:2:2:2-Outgoing [FSM] State: Established Event: 34 BGP: 2.2.2.2-Outgoing [FSM] State: Established Event: 34 BGP: 3.3.3.3-Outgoing [DECODE] Msg-Hdr: type 4, length 19 BGP: 3.3.3.3-Outgoing [DECODE] KAlive: Received! BGP: 3.3.3.3-Outgoing [FSM] State: Established Event: 26 BGP: [RIB] Scanning BGP Network Routes for VRF 63... BGP: 2003::2:2:2:2-Outgoing [FSM] State: Established Event: 34 BGP: 2003::3:3:3:3-Outgoing [FSM] State: Established Event: 34