How to Configure Basic VRF Management
VRF Management
Objective
This document explains how to configure Basic VRF (Virtual Routing and Forwarding) Management on SONiC-OS-4.4.2-Enterprise_Base. Management VRF provides a separate routing table specifically for out-of-band management traffic, isolating it from the in-band data plane network and ensuring dedicated management connectivity.
Prerequisites
Hardware:
Switches or routers that support VLANs
(e.g., edgecore, ufispace)
Software:
Network operating systems that support VLAN configuration
(e.g., SONiC-OS-4.4.0-Enterprise_Base, SONiC-OS-4.4.2-Enterprise_Base)
Access:
Administrative or privileged CLI access
Network:
Ethernet management port (typically mgmt0 or equivalent).
Management IP address, subnet, gateway, DNS servers.
Topology Diagram
Example:
Management VRF routes only through mgmt Ethernet interface, separate from data-plane ports.
Basic Configuration Steps
1. Define the Management VRF
Enable or confirm the presence of the mgmt VRF, which is usually a special.
Syntax:
sonic# configure terminal
sonic(config)# vrf mgmt
Example:
sonic(config)# vrf mgmt
2. Assign IP to Management Interface
Configure the IP address on the dedicated management Ethernet port under the mgmt VRF.
Syntax:
sonic# configure terminal
sonic(config)# interface Management 0
sonic(config-if-Management0)# ip address <mgmt_ip>
Example:
sonic(config)# interface Management 0
sonic(config-if-Management0)# ip address 172.26.1.1/24
3. Set Default Gateway for Management VRF
Assign the management default route (0.0.0.0/0) through the mgmt VRF.
Syntax:
sonic# configure terminal
sonic(config)# ip route vrf mgmt 0.0.0.0/0 <next_hop> interface <interface_name>
Example:
sonic# configure terminal
sonic(config)# ip route vrf mgmt 0.0.0.0/0 172.26.1.100 interface Management 0
Example Configuration (DUT_1 and DUT_2)
DUT_1
configure terminal
vrf mgmt
interface Management 0
ip address 172.26.1.1/24
exit
ip route vrf mgmt 0.0.0.0/0 172.26.1.100 interface Management 0
Verification
show vrf #shows list of vrf present in that device
show ip route vrf mgmt #shows routes present under mgmt vrf
ping vrf mgmt 8.8.8.8 #Check the internet is accessible.
Troubleshooting Tips
Verify that the management port is physically connected and link is up.
Ensure the mgmt VRF has the correct IP and subnet configured.
Use traceroute with the VRF context to diagnose routing problems.
Related Articles
Basic show commands
Basic Show Commands Objective This document explains how to use basic show commands on community sonic to retrieve system information, hardware details, software versions, and transceiver status. These commands help network administrators quickly ...How to add static route globally and under the vrf
Static Routing Static routing is a method where routes are manually configured in the routing table by a network administrator, as opposed to being learned dynamically via routing protocols. It is commonly used in simple or controlled environments ...Basic Show Commands in Broadcom sonic
Basic Show Commands Objective This document explains how to use basic show commands on broadcom sonic to retrieve system information, hardware details, software versions, and transceiver status. These commands help network administrators quickly ...How to configure BGP
BGP (Border Gateway Protocol) Objective BGP (Border Gateway Protocol) is the protocol that enables the global routing system of the internet. It manages how packets get routed from network to network by exchanging routing and reachability information ...How to Configure MC-LAG (Multi-Chassis Link Aggregation)
MC-LAG (Multi-Chassis Link Aggregation) Objective This document explains how to configure MC-LAG (Multi-Chassis Link Aggregation) between two switches and a host. MC-LAG provides link redundancy and load balancing by allowing two physical switches to ...