11th February 2012

You are here: Home / Blog / Network Dictionary – VRF

Network Dictionary – VRF

17th July 2010 By 7 Comments

Possibly the worst acronym the networking industry has ever invented.

VRF = VPN Routing and Forwarding as per IETF RFC4026.

Why is it the worst ?

  • Because VPN is often confused with IPSec or SSL encrypted Virtual Private Networks and it’s isn’t encrypted or otherwise secure
  • Because is has an acronym in the acronym
  • Because Forwarding is correctly used when discussing bridging / Layer 2 frames not IP packets at Layer 3.
    • This post is copyright of Thropos Ltd ©2008-2011 at Etherealmind.com - contact | email: greg.ferro@packetpushers.net - twitter: @etherealmind | All rights reserved
    Filed Under: Blog, Dictionary Tagged With:
    About Greg Ferro

    Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

    He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

    • http://www.larsenconsulting.net Robert Larsen

      Most people (myself included) use “Virtual Routing and Forwarding”.

      • http://etherealmind.com Greg Ferro

        I tend to do the same, but the RFC is very clear that it’s “VPN Routing and Forwarding”

    • #21217

      You need to read Ivan’s MPLS books again ;)

      VPN only implies IPSec/encryption to those who don’t think of a Frame Relay or ATM circuit as a VPN. The VPN acronym only really became popular when IPSec VPNs became popular, that’s why many people automatically associate a VPN with IPSec and encryption.

      The “Private” part of VPN means that someone on another VPN can’t see your traffic from their VPN. It doesn’t imply that it’s encrypted (though it obviously can be if you chose to). This is described very well in MPLS VPN Security by Cisco Press, another must read along with Ivan’s MPLS books if you are interested in MPLS.

      • http://etherealmind.com Greg Ferro

        VPN Encryption came before MPLS and VRFs and it’s bad practice to reuse terminology that is not the same because of the confusion it causes. Without doubt, the term VPN implies encryption and security for most people, and MPLS VRF in fact do neither, at least not intentionally.

        • #21217

          Perhaps you should argue the point with Ivan and read Chapter 7 of his first MPLS book. I quote: “…VPN is a concept that is more than
          10-years old and is well known in the service provider market space” and “The first virtual private networks were based on such technologies as X.25 and Frame Relay, and, later, SMDS and ATM”

    • http://na fmp

      I agree with Robert.

    • http://twitter.com/TheParadiso Paul Paradiso

      Greg, you’re too funny. I’m looking to read up on VRF, and come across a semantics war. Even more entertaining if Ivan has to get involved. Love it!