About Virtual Routing and Forwarding
About VRF
Virtual routing and forwarding (VRF) allow multiple instances of a routing table to exist in a router. Firepower Version 6.6 introduces the ability to have a default VRF table and user-created VRF tables. A single VRF table can handle multiple types of varying routing protocols, such as EX, OSPF, BGP, IGRP, etc. Each routing protocol within a VRF table is listed as an entry. In addition to handling multiple types of common routing protocols, you can configure a routing protocol to reference an interface from another VRF. This allows you to segment network paths without using multiple devices.
See About Virtual Routers and Virtual Routing and Forwarding (VRF) for more information.
VRF in Security Cloud Control
This feature is new to Firepower Version 6.6. When the FDM-managed device is onboarded to Security Cloud Control, the device routing page reads and supports only the VRFs defined on the global router of the FDM-managed device. To view the global VRF in Security Cloud Control, select the device from the Security Devices page and select Routing from the Management pane located to the right of the window. From here, you can view, modify, and delete the global VRF; note that Security Cloud Control retains the name of the VRF when reading the configuration from FDM.
Security Cloud Control firewall device manager doesn't read VRFs configured in the user-defined virtual routers. You must create and manage VRF tables through firewall device manager.
For information on global and user-defined routes, see the "Managing Virtual Routers" section in the "Virtual Routers" chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 7.0 or later.