================
Routing and VRFs
================

In SD-WAN, routing is handled through a combination of VRFs, routes, and
nexthops to create flexible network routing configurations.

**VRFs** provide logical separation of routing tables within a node. Each
interface can be assigned a VRF, which determines which table will be used to
route or forward traffic. Routes are always associated with a specific VRF,
meaning they only apply to traffic entering through interfaces assigned to that
VRF.

**Routes** define destination networks and specify how traffic should be
forwarded using nexthops. Each route has:

- A destination network
- One or more nexthops (ordered by preference)
- A VRF assignment

**Nexthops** are the forwarding waypoints within routes, determining where
traffic should be sent next. They come in four types (peer, interface, gateway,
and blackhole) with different forwarding behaviors. Multiple nexthops per route
enable automatic failover based on their preference values.

Here's how they work together:

.. graphviz::

    graph {
        rankdir=LR;
        fontname="Arial";
        splines=ortho;
        bgcolor="transparent";
        nodesep=0.5;
        ranksep=0.5;

        node [
            shape=box,
            style="filled,rounded",
            fontname="Arial",
            fontsize=12
        ];
        edge [
            penwidth=1.5,
            fontname="Arial",
            fontsize=10
        ];

        subgraph cluster_vrf {
            label="VRF Red";
            style="filled,rounded";
            fillcolor="#FFE0E0";
            color="#C0392B";

            route [style="filled", label="Route\n10.1.1.0/24", fillcolor="#FFF2F2"];
            nh1 [label="Nexthop (Peer 1)\nPreference: 500", fillcolor="#FEF9E7"];
            nh2 [label="Nexthop (Peer 2)\nPreference: 400", fillcolor="#FEF9E7"];
        }

        interface [label="Interface\neth0", fillcolor="#FFFFFF", color="666666"];
        destination [label="Destination\n10.1.1.0/24", fillcolor="#FFFFFF", color="666666"];

        interface -- route [label="Traffic enters\nvia interface"];
        route -- nh1 [label="\nActive", weight=5];
        route -- nh2 [style=dashed, label="\n\n\nBackup", weight=3];
        nh1 -- destination [label="Traffic is\nforwarded\nvia peer\n\n"];
        nh2 -- destination [style=dashed];
    }

|

1. Traffic enters through an interface assigned to a VRF ("VRF Red" in this
   example)
2. The routing table for that VRF is consulted, matching the destination
   host address to the longest prefix match
3. The route selects the highest-priority available nexthop ("Peer 1" in this
   case)
4. Traffic is forwarded according to the nexthop's type (through the peer
   tunnel)

If the primary nexthop becomes unavailable, traffic automatically fails over to
the secondary nexthop ("Peer 2" in this case). This combination of VRFs for
segmentation, routes for destination matching, and nexthops for forwarding
provides flexible routing control in SD-WAN.

For more information on each component, as well as routing command line tools,
consult the following links:

.. toctree::
    :glob:
    :maxdepth: 1

    nexthops/index
    routes/index
    vrfs/index
    cli