Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

CE and PE VRFs

CE and PE VRFs

To complete the picture, we need to introduce one more piece of terminology. We define the following types of VRFs on the SD-WAN nodes:

  • CE VRF is a Customer VRF to which the actual LAN segment is attached. Each LAN-facing interface is assigned to one of the CE VRFs.

  • PE VRF is an Edge VRF in which the VRF-Aware Overlays (with vpn-id-ipip encapsulation) are located. The tunnel interfaces are assigned to the PE VRF.

Thus, in a typical multi-VRF deployment, we will have one PE VRF and multiple CE VRFs.

Note

The maximum number of VRFs supported by FOS 7.2.4 and later is 252 (from 0 to 251). We put VRF=0 aside. (It is a special case, as will be pointed out below.) In a typical multi-VRF deployment this means 1 PE VRF + up to 250 CE VRFs.

The following diagram summarizes the above:

Now when we have explained the design, let us list some of the important Planning guidelines.

Previous
Next

CE and PE VRFs

To complete the picture, we need to introduce one more piece of terminology. We define the following types of VRFs on the SD-WAN nodes:

  • CE VRF is a Customer VRF to which the actual LAN segment is attached. Each LAN-facing interface is assigned to one of the CE VRFs.

  • PE VRF is an Edge VRF in which the VRF-Aware Overlays (with vpn-id-ipip encapsulation) are located. The tunnel interfaces are assigned to the PE VRF.

Thus, in a typical multi-VRF deployment, we will have one PE VRF and multiple CE VRFs.

Note

The maximum number of VRFs supported by FOS 7.2.4 and later is 252 (from 0 to 251). We put VRF=0 aside. (It is a special case, as will be pointed out below.) In a typical multi-VRF deployment this means 1 PE VRF + up to 250 CE VRFs.

The following diagram summarizes the above:

Now when we have explained the design, let us list some of the important Planning guidelines.

Previous
Next