PBR and VRFs

A given physical router can be partitioned into multiple virtual routers. All frontplane ports and logical interfaces are initially in the default VRF. Any subset of frontplane ports or logical interfaces can be selectively moved into a user configured VRF, to establish a routing topology that is different from the default VRF.

Policies with PBR actions can be applied to interfaces in any VRF, and PBR action lists can be used in different policies across different VRFs. The effect of applying the same Policies/PBR action lists across different VRFs depends on the IP networks and interfaces configured in the different VRFs. For example, an action list that specifies actions of 'nexthop' and 'interface tunnel gre_10' could be used as the PBR action parameter for an entry in policy_1 and also in policy_2. If policy_1 is applied to an interface in VRF 'red', which has an interface in subnet but no GRE tunnel named 'gre_10', then only the 'nexthop' action will be relevant to VRF 'red'. If policy_2 (which contains the same action list), is applied to an interface in VRF 'blue' (which lacks the subnet configured but does have a tunnel named 'gre_10'), then only that interface tunnel action will apply in that VRF.

  • It is possible to configure the same subnet in different VRFs, however named tunnel interfaces can only exist in one, so in the example of a common action list, the 'next-hop' action could be relevant to both VRFs, but the 'interface tunnel' action may only be relevant to one. If VRFs are part of the router configuration, be mindful of them when creating and applying policies with PBR action lists and their entries.

  • VRF Route Leaking is not supported in the current release of PBR (10.4).