How to Create Virtual Routing & Forwarding (VRF) for Multiple Customer Groups in a FusionHub

Lai · January 16, 2019, 7:22pm

Starting from Firmware 8, VRF is supported on FusionHub. In IP-based computer networks, virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

Each VRF has its own SpeedFusion local ID acting independently from other VRF’s as illustrated in the network diagram below.

You can create multiple VRF in one FusionHub. In each VRF, you can create SpeedFusion peers where you can serve multiple customers using a single instance of FusionHub, and they will have their own isolated network.

For example, both customer A and customer B use subnet 192.168.1.0/24 and need a Speedfusion VPN to the same FusionHub without causing the subnets to clash.

Customer A won’t be able to communicate with customer B, they both have isolated networks while connected to the same FusionHub.

Steps to configure VRF on FusionHub.

Create a new VFR for each customer group. For our example, we have created 3 customer VRF Groups, as shown in the screenshot below:

Go to the bottom of the browser window, you can choose the different VRF that you created in order to enter the selected VRF, so that you can create its own SpeedFusion profile for that particular VRF.

From inside the VRF, you can choose VRF “Customer-A”, and define the Local ID of Customer-A VFR

Create the SpeedFusion Profile for branches as usual.

Repeat the steps above to create multiple VRF, and SpeedFusion profiles for each VRF. Then from the Dashboard, you can see the status for all SpeedFusion tunnels for each different VRF.

Setting up the branch unit (Balance/MAX) of Customer A

Setup the Local ID

Setup the SpeedFusion Profile

svenbijvoet · February 12, 2019, 3:05am

Hi,

This seems to work fine when configuring pepvpn’s manually in remote peers.

Will it be possible in a future ICA version to manage this with automatic pepvpn’s ?

Thank you in advance.

Sven

mldowling · March 13, 2019, 2:00pm

Hello @Lai,
We would like to test this with InControl2 & SD-WAN platforms, how is this configured using the InControl2 & also the SD-WAN platforms?
Happy to Help,
Marcus

Venn · March 13, 2019, 2:23pm

@mldowling “SD-WAN platforms”, do you mean SDWC ?

mldowling · March 13, 2019, 4:44pm

Hello @Venn,

To clarify

Platform	Peplink Forum Reference
InControl2	https://forum.peplink.com/t/incontrol-2-initial-setup-guide/8483 (for Everyone to access)
SDWC	https://forum.peplink.com/t/sd-wan-controller-overview/18316 (for Peplink Partners Only)

Happy to Help,
Marcus

mldowling · April 30, 2019, 2:28pm

Hello @Lai & @Jason,
Any updates on how to do this with InControl2 and SDWC platforms?
Happy to Help,
Marcus

Erik_deBie · April 30, 2019, 11:50pm

@mldowling There are no immediate plans to implement VRF in the SDWC platform. If there is a large demand for this we will add it to our list of items to implement, but at this stage it will have a low priority (ie, dont expect it anytime soon)
Our InControl developers will comment if tVRF is in the planning to be added to IC2, but I suspect the reply will be similar.

xsand.be · May 7, 2019, 8:11am

I notice that the portforwarding setting is only avaible when “no VRF” is selected.
When you have multiple VRF with same ip ranges, how is Port- Forwarding managed ?
Customer A uses 192.168.50.1
Customer B uses 192.168.50.1

dennis.hofheinz · May 10, 2019, 12:32am

Hi,

if you have a look to the first picture in the First Post …

There a different tunnels, so the FusionHub knows what to do

Regards
Dennis

xsand.be · May 16, 2019, 9:43am

Hi,

thanks for the answer Dennis (not sure if meant for my message, anyway )
I get that subnets don’t clash (and it actually works well), but port forwarding is not working on my FH.
Actualy, only port forwarding to SpeedFusion outside VRF are working.
I just tested it again with subnets in and out a VRF.

Thanks,
Xavier

Erik_deBie · May 17, 2019, 4:21am

Hi xsand.be,

Could you open a support ticket to allow us to check if this is a bug or a configuration issue?

Thanks,

Erik

svenbijvoet · August 25, 2019, 6:01am

Hi Eric,

I created a lab and opened a ticket for this issue (ticket #9080611). In my opinion this would only be possible if we would be able to apply multiple Public IP’s on the FusionHub WAN but that’s not possible if I am not wrong. Any suggestion welcome. Thank you in advance.

MWT · November 5, 2019, 9:33am

What is the maximum number of VRF’s and VLANS a FusionHub can have on Firmware 8.0.0 RC4 ?

liammonroe · December 21, 2019, 6:26am

Hi everyone, I’m a little confused with this. FusionHub would only have 1 public IP address, so when you are having multiple customers all connected to the same FusionHub instance, would that not mean any of their outbound traffic through SF would all be coming from the same IP address? I’m just trying to understand where this solution would be useful as if you have multiple customers bonding multiple SIMs all through the same FusionHub, that’s not an issue that multiple people are all routing traffic via the same public IP address?