Contact Us

Contact us today for more information on how we can help your company with its information security needs including PCI Compliance, Network Security Assessments, Risk Assessments, and more.

Name *
Select your Industry
Job Title
Phone *
Easing Network Migration with Cisco VRF-Lite


Easing Network Migration with Cisco VRF-Lite

Dani Mill

Learn how to merge networks or migrate to a new network design using Cisco's virtual routing and forwarding tool.

Organizations have come to view networking and IT as a service: something they expect will always be available. Accomplishing this goal requires continuous planning, maintenance, and periodic hardware upgrades. In a previous article, I discussed signs that indicate when it's time to upgrade your network. In this article, I'll explain how to merge two networks or how to migrate to a new network design using a tool that you may not know you have.

Imagine you have two towns next to each other. Over the years, they grow  closer together until at some point they decide to merge. However, when they merge they have some problems to overcome. Each town has some of the same street names, such as Main Street, First Street, and Second Street. During the merger, some of those streets will need to be renamed. This is similar to a typical problem we face when merging two networks or when redesigning an existing one.

The most unappreciated yet most powerful tool I have found to accomplish these tasks is VRF-Lite from Cisco. VRF stands for Virtual Routing and Forwarding. If you are familiar with virtual machines, think of a VRF as a virtual machine for routers.

Each VRF not only has its own routing table, but treats each IP address or network as independent from the same range in another VRF. If you have two VRFs -- RED and BLUE -- on the same router, you could have an interface with the same IP address of in each and they would route and pass traffic independently of each other.

Network migration

So, what exactly can VRF-Lite do for a network migration project? If you have a solid network design -- hardware and configuration standardization, WAN connectivity standards, and global IP address design --  you can pre-configure your network devices with a VRF and a VPN and then overlay your standardized network onto the existing infrastructure at the institution you are acquiring. 

(Click on image for larger view)

In our town example, we would keep the old street signs for local traffic, but build an express lane over the top of these streets with the new street names. The existing network can continue to function, but any device plugged in behind your new design will be on your new network and segmented from the old network. By doing this, you gain several advantages:

  • You don't have to try and fit the old IP address design into your existing network.
  • You don't have to worry about the security policies for old existing network devices. The old devices will continue to function, but be limited to the old environment until retirement.
  • You don't worry about circuit-delivery timelines as a bottleneck for network hardware deployment.
  • You can have secure network connectivity almost from day one.

The final step is the actual site migration. As your new WAN circuits land, you connect and test them, disconnect your new network device from the old network, and remove the VRF.  You can then retire the old network hardware.

Redesign your existing network

Oftentimes, companies need to  clean up and redesign a network that has grown organically: In other words, an existing network where little thought was given to planning and design.

In many cases, we can treat this just like a network merger and leverage the same process. We build our global IP design, hardware, and configuration standards. We test the design in the lab. Next, we roll out the network devices as a network overlay on top of the existing infrastructure. Finally, we migrate the site; the only real difference is that our WAN circuit is already available.

When planning a network merger or your next network upgrade, take a look at VRF-Lite or an equivalent tool. Using a tool like this can remove a large amount of pain, and streamline your future networking projects.

Originally Posted on Network Computing: View article