How to Create Virtual Routing & Forwarding (VRF) for Multiple Customer Groups in a FusionHub

firmware-8
#1

Starting from Firmware 8, VRF is supported on FusionHub. In IP-based computer networks, virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

Each VRF has its own SpeedFusion local ID acting independently from other VRF’s as illustrated in the network diagram below.

You can create multiple VRF in one FusionHub. In each VRF, you can create SpeedFusion peers where you can serve multiple customers using a single instance of FusionHub, and they will have their own isolated network.

For example, both customer A and customer B use subnet 192.168.1.0/24 and need a Speedfusion VPN to the same FusionHub without causing the subnets to clash.

Customer A won’t be able to communicate with customer B, they both have isolated networks while connected to the same FusionHub.

Steps to configure VRF on FusionHub.

Create a new VFR for each customer group. For our example, we have created 3 customer VRF Groups, as shown in the screenshot below:

Go to the bottom of the browser window, you can choose the different VRF that you created in order to enter the selected VRF, so that you can create its own SpeedFusion profile for that particular VRF.

From inside the VRF, you can choose VRF “Customer-A”, and define the Local ID of Customer-A VFR

Create the SpeedFusion Profile for branches as usual.

Repeat the steps above to create multiple VRF, and SpeedFusion profiles for each VRF. Then from the Dashboard, you can see the status for all SpeedFusion tunnels for each different VRF.

Setting up the branch unit (Balance/MAX) of Customer A

Setup the Local ID

Setup the SpeedFusion Profile

8 Likes

Integrating Peplink into legacy MPLS with FusionHub at the core
#2

Hi,

This seems to work fine when configuring pepvpn’s manually in remote peers.

Will it be possible in a future ICA version to manage this with automatic pepvpn’s ?

Thank you in advance.

Sven

1 Like

#5

Hello @Lai,
We would like to test this with InControl2 & SD-WAN platforms, how is this configured using the InControl2 & also the SD-WAN platforms?
Happy to Help,
Marcus :slight_smile:

0 Likes

#6

@mldowling “SD-WAN platforms”, do you mean SDWC ? :+1:

0 Likes

#9

Hello @Venn,

To clarify

Platform Peplink Forum Reference
InControl2 https://forum.peplink.com/t/incontrol-2-initial-setup-guide/8483 (for Everyone to access)
SDWC https://forum.peplink.com/t/sd-wan-controller-overview/18316 (for Peplink Partners Only)

Happy to Help,
Marcus :slight_smile:

0 Likes