Add VRF Interface

  • Published on Jul 31, 2025
  • 1 minute(s) read
Prev Next

VRF (Virtual Routing Forward) is a technology that allows multiple instances of a routing table to co-exist within same Linux Operating System.

A VRF connection can be created to restrict network traffic going through selected interfaces to a specific routing table.

Limitations

This feature currently supports limited use cases. For example, the Linux commands ip vrf exec … can be used by processes after configuring a VRF connection.

However, the VRF configuration does not guarantee that all processes in the system will use the routing tables. For example:

  • Managed devices will try to establish connections looking at default VRF routes only

  • VPN tunnels will be running on default VRF by default

    • IPSec can be configured to use a different VRF to establish tunnels

  • Network failover is not prepared to handle a VRF slave connection

  • Static routes page only adds routes in default VRF

  • ZPE Cloud, TACACS+, LDAP, RADIUS and Kerberos can only look up routes in default VRF

  1. Go to Network :: Connections.
  2. Click Add (displays dialog).
  3. Enter Name.
  4. On Type drop-down, select VRF (dialog changes).
  5. Enter Description.
  6. If the Connect Automatically checkbox is selected, the connection is automatically established at startup.
  7. If Block Unsolicited Incoming Packets checkbox is selected, firewall rules will be created to automatically block all inbound connections on the interface.
  8. In the VRF Connectionmenu:
    1. Enter Interface to select the name of the new interface that will be created for this VRF. If empty, interface will be called vrfN, where N is a number starting at 0 and automatically incremented as needed.
    2. Table ID defines the identificator of the routing table associated to this VRF interface
    3. VRF Interfaces is a space-separated list of other OS interfaces that will be slaves to the created VRF interface, having traffic respecting the specified routing table
  9. In IPv4 Mode menu, enter details:
    1. No IPv4 Address radio button
    2. Static radio button (if selected, expands dialog). Enter IP Address, BitMask. and (optional) Gateway IP
    3. (optional) IPv4 DNS Server
    4. IPv4 DNS Search (defines a domain name for DNS lookups)
    5. IPv4 Default Route Metric
    6. Ignore obtained IPv4 Default Gateway checkbox
    7. Ignore obtained DNS server checkbox
  10. In IPv6 Mode menu, enter details:
    1. No IPv6 Address radio button
    2. Link local Only radio button.
    3. If Static radio button is selected (displays menu). Enter IP AddressPrefix Length, and (optional) Gateway IP. 
  11. Click Save.