34-SRv6典型配置举例
本章节下载 (1.08 MB)
1 IPv4 L3VPN over SRv6 BE ECMP典型配置举例
2 IPv4 L3VPN over SRv6 BE的VPN FRR功能配置举例
3 跨域IPv4 L3VPN over SRv6 BE典型配置举例
4 IPv4 L3VPN over SRv6 TE Policy(静态配置)典型配置举例
5 跨域IPv4 L3VPN over SRv6 TE Policy(静态配置)典型配置举例
6 IPv4 EVPN L3VPN over SRv6 TE Policy(静态配置)典型配置举例
7 IPv6 EVPN L3VPN over SRv6 BE典型配置举例
8 IPv6 EVPN L3VPN over SRv6 BE ECMP典型配置举例
9 IPv6 EVPN L3VPN over SRv6 BE快速重路由典型配置举例
10 IPv6 EVPN L3VPN over SRv6 TE Policy(静态配置)典型配置举例
11 EVPN L3VPN与EVPN L3VPN over SRv6互通典型配置举例
11.5.2 验证EVPN L3VPN到EVPN L3VPN over SRv6网络的报文转发
11.5.3 验证EVPN L3VPN over SRv6到EVPN L3VPN网络的报文转发
12 EVPN VPWS over SRv6 BE(CE双归单活)典型配置举例
13 EVPN VPWS over SRv6 TE Policy(静态配置)配置举例
14 EVPN VPLS over SRv6 TE Policy(静态配置)配置举例
如图1所示,承载网为IPv6网络,私网为IPv4网络。PE 1、P 1、P 2和PE 2属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间建立两条等价的SRv6隧道,用来承载IPv4 L3VPN业务。
图1 IPv4 L3VPN over SRv6 BE ECMP配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/1 |
20.1.1.1/24 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
4::4/128 |
|
XGE3/1/1 |
10.1.1.2/24 |
|
XGE3/1/1 |
20.1.1.2/24 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
2002::1/96 |
|
XGE3/1/3 |
3001::1/96 |
|
XGE3/1/3 |
3002::1/96 |
P 1 |
Loop1 |
2::2/128 |
P 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
2001::2/96 |
|
XGE3/1/1 |
3001::2/96 |
|
XGE3/1/2 |
2002::2/96 |
|
XGE3/1/2 |
3002::2/96 |
SRv6 BE ECMP依赖于网络中的等价路由,所以为了确保配置成功,用户需要合理规划链路的IGP cost。在本例中,各个链路采用缺省cost值(10)。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 bfd enable
[PE1-Ten-GigabitEthernet3/1/2] quit
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ipv6 address 3001::1 96
[PE1-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/3] isis ipv6 bfd enable
[PE1-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 4::4 as-number 100
[PE1-bgp-default] peer 4::4 connect-interface loopback 1
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname P1
[P1] isis 1
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface loopback 1
[P1-LoopBack1] ipv6 address 2::2 128
[P1-LoopBack1] isis ipv6 enable 1
[P1-LoopBack1] quit
[P1] interface ten-gigabitethernet 3/1/1
[P1-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[P1-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P1-Ten-GigabitEthernet3/1/1] isis ipv6 bfd enable
[P1-Ten-GigabitEthernet3/1/1] quit
[P1] interface ten-gigabitethernet 3/1/2
[P1-Ten-GigabitEthernet3/1/2] ipv6 address 2002::2 96
[P1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P1-Ten-GigabitEthernet3/1/2] isis ipv6 bfd enable
[P1-Ten-GigabitEthernet3/1/2] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname P2
[P2] isis 1
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface loopback 1
[P2-LoopBack1] ipv6 address 3::3 128
[P2-LoopBack1] isis ipv6 enable 1
[P2-LoopBack1] quit
[P2] interface ten-gigabitethernet 3/1/1
[P2-Ten-GigabitEthernet3/1/1] ipv6 address 3001::2 96
[P2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P2-Ten-GigabitEthernet3/1/1] isis ipv6 bfd enable
[P2-Ten-GigabitEthernet3/1/1] quit
[P2] interface ten-gigabitethernet 3/1/2
[P2-Ten-GigabitEthernet3/1/2] ipv6 address 3002::2 96
[P2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P2-Ten-GigabitEthernet3/1/2] isis ipv6 bfd enable
[P2-Ten-GigabitEthernet3/1/2] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0004.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 4::4 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2002::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 bfd enable
[PE2-Ten-GigabitEthernet3/1/2] quit
[PE2] interface ten-gigabitethernet 3/1/3
[PE2-Ten-GigabitEthernet3/1/3] ipv6 address 3002::1 96
[PE2-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/3] isis ipv6 bfd enable
[PE2-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 4.4.4.4
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 4::4
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行命令display ip routing-table vpn-instance查看VPN路由信息,可以看出VPN路由20.1.1.1/24具有两个出接口,转发时将形成ECMP。
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/1/1
20.1.1.0/24 BGP 255 0 200:1:: XGE3/1/2
BGP 255 0 200:1:: XGE3/1/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# CE 1和CE 2之间能够ping通。
[CE1] ping -a 10.1.1.1 20.1.1.1
Ping 20.1.1.1 (20.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL+C to break
56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms
--- Ping statistics for 20.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
bgp 200
router-id 11.11.11.11
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2001::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3001::1/96
#
bgp 100
router-id 1.1.1.1
peer 4::4 as-number 100
peer 4::4 connect-interface LoopBack1
#
address-family vpnv4
peer 4::4 enable
peer 4::4 prefix-sid
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 100:1:: 64 static 16
#
· P 1:
#
sysname P1
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2002::2/96
#
· P 2:
#
sysname P2
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3002::2/96
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0004.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 4::4/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2002::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3002::1/96
#
bgp 100
router-id 4.4.4.4
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 4::4
#
locator abc ipv6-prefix 200:1:: 64 static 16
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 20.1.1.1 255.255.255.0
#
bgp 300
router-id 22.22.22.22
peer 20.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
如图2所示,核心网为IPv6网络,私网为IPv4网络。PE 1、PE 2和PE 3属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间、PE 1和PE 3之间建立SRv6隧道,用来承载IPv4 L3VPN业务。CE 2双归属到PE 2和PE 3上,为了实现VPN路由快速切换,PE 1上的IPv4 L3VPN业务开启VPN FRR功能。当VPN FRR主路径故障时,VPN业务可以快速切换到VPN FRR备路径。
图2 IPv4 L3VPN over SRv6 BE的VPN FRR功能组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/1 |
20.1.1.1/24 |
|
Loop0 |
11.11.11.11/32 |
|
XGE3/1/2 |
30.1.1.1/24 |
PE 1 |
Loop1 |
1::1/128 |
|
Loop0 |
22.22.22.22/32 |
|
XGE3/1/1 |
10.1.1.2/24 |
PE 3 |
Loop1 |
3::3/128 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
30.1.1.2/24 |
|
XGE3/1/3 |
3001::1/96 |
|
XGE3/1/3 |
3001::2/96 |
PE 2 |
Loop1 |
2::2/128 |
|
|
|
|
XGE3/1/1 |
20.1.1.2/24 |
|
|
|
|
XGE3/1/2 |
2001::2/96 |
|
|
|
IPv4 L3VPN over SRv6 BE的VPN FRR功能需要PE 1从PE 2、PE 3分别学习到VPNv4路由,且学习到的路由不能是等价路由。为了确保VPN FRR功能配置成功,用户需要合理规划链路的IGP cost。在本例中,各个链路采用缺省cost值(10)。
<CE1> system-view
[CE1] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 11.11.11.11 32
[CE1-LoopBack0] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<PE1> system-view
[PE1] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ipv6 address 3001::1 96
[PE1-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE 1接入PE 1。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1与CE 1之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE 1和PE 2、PE 1和PE 3之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 1
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2::2 enable
[PE1-bgp-default-vpnv4] peer 3::3 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE 1设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE 1设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
# 在PE 1设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE 1设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2::2 prefix-sid
[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 在PE 1上开启VPN FRR功能,并配置静态BFD检测从PE 1到PE 2发布的Locator是否可达,如果Locator不可达(即主路径故障),则触发VPN FRR功能,切换到备路径。
[PE1] bgp 100
[PE1-bgp-default] primary-path-detect bfd ctrl
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] pic
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
[PE1] bfd static ToPE2 peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 100 remote 200
[PE1-bfd-static-session-ToPE2] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<PE2> system-view
[PE2] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0002.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 2::2 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2001::2 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 2接入PE 2。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 2与CE 2之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE 1和PE 2之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE 2设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
# 在PE 2设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
# 在PE 2设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE 2设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 在PE 2上配置静态BFD会话,检测PE 2到PE 1发布的Locator是否可达。
[PE2] bfd static ToPE1 peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 200 remote 100
[PE2-bfd-static-session-ToPE1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<PE3> system-view
[PE3] sysname PE3
[PE3] isis 1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 00.0000.0000.0003.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
[PE3] interface loopback 1
[PE3-LoopBack1] ipv6 address 3::3 128
[PE3-LoopBack1] isis ipv6 enable 1
[PE3-LoopBack1] quit
[PE3] interface ten-gigabitethernet 3/1/3
[PE3-Ten-GigabitEthernet3/1/2] ipv6 address 3001::2 96
[PE3-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 2接入PE 3。
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 100:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/1/2
[PE3-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/1/1] ip address 30.1.1.2 24
[PE3-Ten-GigabitEthernet3/1/1] quit
# 在PE 3与CE 2之间建立EBGP对等体,引入VPN路由。
[PE3] bgp 100
[PE3-bgp-default] router-id 3.3.3.3
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 30.1.1.1 as-number 300
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv6-vpn1] peer 30.1.1.1 enable
[PE3-bgp-default-ipv6-vpn1] import-route direct
[PE3-bgp-default-ipv6-vpn1] quit
[PE3-bgp-default-vpn1] quit
# 在PE 1和PE 3之间建立MP-IBGP对等体。
[PE3-bgp-default] peer 1::1 as-number 100
[PE3-bgp-default] peer 1::1 connect-interface loopback 1
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1::1 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
# 在PE 3设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
# 在PE 3设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE3-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[PE3-segment-routing-ipv6-locator-abc] quit
[PE3-segment-routing-ipv6] quit
# 在PE 3设备上配置IS-IS引用并发布Locator。
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator abc
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# 在PE 3设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE3] bgp 100
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
<CE2> system-view
[CE2] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] interface ten-gigabitethernet 3/1/2
[CE2-Ten-GigabitEthernet3/1/2] ip address 30.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 22.22.22.22 32
[CE2-LoopBack0] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] peer 30.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] peer 30.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行display ip routing-table vpn-instance vpn1 22.22.22.22 verbose命令查看VPN路由的详细信息,可以看出VPN路由22.22.22.22/32具有主备出接口,转发时将形成VPN FRR。
[PE1] display ip routing-table vpn-instance vpn1 22.22.22.22 verbose
Summary count : 1
Destination: 22.22.22.22/32
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x1 Age: 00h32m17s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 300
NibID: 0x16000003 LastAs: 300
AttrID: 0x2 Neighbor: 2::2
Flags: 0x80010060 OrigNextHop: 200:1::
Label: NULL RealNextHop: FE80::62F5:1BFF:FEE0:307
BkLabel: NULL BkNextHop: FE80::62F5:20FF:FEC4:408
SRLabel: NULL Interface: Ten-GigabitEthernet3/1/2
BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/1/3
SIDIndex: NULL InLabel: NULL
Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/1/2
BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/1/3
FtnIndex: 0x0 ColorInterface: N/A
TrafficIndex: N/A BkColorInterface: N/A
Connector: N/A VpnPeerId: N/A
Dscp: N/A Exp: N/A
SRTunnelID: Invalid StatFlags: 0x0
SID Type: N/A SID: 200:1::1:4
BkSID: 300:1::1:4 NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid PathID: 0x0
CommBlockLen: 0
OrigLinkID: 0x0 RealLinkID: 0x0
# 将主路径上PE 1的转发出接口Ten-GigabitEthernet3/1/2关闭,CE 1和CE 2之间能够ping通。
[CE1] ping -a 11.11.11.11 22.22.22.22
Ping 22.22.22.22 (22.22.22.22) from 11.11.11.11: 56 data bytes, press CTRL_C to break
56 bytes from 22.22.22.22: icmp_seq=0 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 22.22.22.22: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=4 ttl=253 time=1.000 ms
--- Ping statistics for 22.22.22.22 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable fiber
ip address 10.1.1.1 255.255.255.0
#
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
#
bgp 200
router-id 11.11.11.11
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 2001::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 3001::1/96
#
bfd static ToPE2 peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 100 remote 200
#
bgp 100
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
primary-path-detect bfd ctrl
#
address-family vpnv4
peer 2::2 enable
peer 2::2 prefix-sid
peer 3::3 enable
peer 3::3 prefix-sid
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
pic
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
locator abc ipv6-prefix 100:1:: 64 static 16
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 2001::2/96
#
bfd static ToPE1 peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 200 remote 100
#
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 2::2
locator abc ipv6-prefix 200:1:: 64 static 16
#
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 30.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 3001::2/96
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family ipv4 unicast
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
ip vpn-instance vpn1
peer 30.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 30.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 3::3
locator abc ipv6-prefix 300:1:: 64 static 16
#
· CE 2:
#
sysname CE2
#
interface LoopBack0
ip address 22.22.22.22 255.255.255.255
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
ip address 20.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
ip address 30.1.1.1 255.255.255.0
#
bgp 300
router-id 22.22.22.22
peer 20.1.1.2 as-number 100
peer 30.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
peer 30.1.1.2 enable
#
如图3所示,核心网为IPv6网络,私网为IPv4网络。PE 1和ASBR 1属于AS 100,PE 2和ASBR 2属于AS 200,AS 100和AS 200内通过IS-IS协议达到IPv6网络互连的目的。在PE 1和PE 2之间建立双向跨域SRv6 BE路径,承载IPv4 L3VPN业务。
图3 跨域IPv4 L3VPN over SRv6 BE配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/1 |
20.1.1.1/24 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
4::4/128 |
|
XGE3/1/1 |
10.1.1.2/24 |
|
XGE3/1/1 |
20.1.1.2/24 |
|
XGE3/1/2 |
101::1/96 |
|
XGE3/1/2 |
303::2/96 |
ASBR 1 |
Loop1 |
2::2/128 |
ASBR 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
101::2/96 |
|
XGE3/1/1 |
303::1/96 |
|
XGE3/1/2 |
202::1/96 |
|
XGE3/1/2 |
202::2/96 |
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 101::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立MP-EBGP对等体。
[PE1-bgp-default] peer 4::4 as-number 200
[PE1-bgp-default] peer 4::4 connect-interface loopback 1
[PE1-bgp-default] peer 4::4 ebgp-max-hop 255
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 1
[PE1-bgp-default] address-family ipv6
[PE1-bgp-default-ipv6] peer 2::2 enable
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# 在PE之间建立SRv6 BE路径。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 10:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname ASBR1
[ASBR1] isis 1
[ASBR1-isis-1] cost-style wide
[ASBR1-isis-1] network-entity 00.0000.0000.0002.00
[ASBR1-isis-1] address-family ipv6 unicast
[ASBR1-isis-1-ipv6] quit
[ASBR1-isis-1] quit
[ASBR1] interface loopback 1
[ASBR1-LoopBack1] ipv6 address 2::2 128
[ASBR1-LoopBack1] isis ipv6 enable 1
[ASBR1-LoopBack1] quit
[ASBR1] interface ten-gigabitethernet 3/1/1
[ASBR1-Ten-GigabitEthernet3/1/1] ipv6 address 101::2 96
[ASBR1-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[ASBR1-Ten-GigabitEthernet3/1/1] quit
[ASBR1] interface ten-gigabitethernet 3/1/2
[ASBR1-Ten-GigabitEthernet3/1/2] ipv6 address 201::1 96
[ASBR1-Ten-GigabitEthernet3/1/2] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[ASBR1] bgp 100
[ASBR1-bgp-default] router-id 2.2.2.2
[ASBR1-bgp-default] peer 1::1 as-number 100
[ASBR1-bgp-default] peer 1::1 connect-interface loopback 1
[ASBR1-bgp-default] address-family ipv6
[ASBR1-bgp-default-ipv6] peer 1::1 enable
[ASBR1-bgp-default-ipv6] peer 1::1 next-hop-local
[ASBR1-bgp-default-ipv6] quit
# 配置BGP引入IS-IS发布的Locator路由,并且发布给ASBR 2。
[ASBR1-bgp-default] peer 202::2 as-number 200
[ASBR1-bgp-default] peer 202::2 ebgp-max-hop 255
[ASBR1-bgp-default] address-family ipv6
[ASBR1-bgp-default-ipv6] peer 202::2 enable
[ASBR1-bgp-default-ipv6] import-route isisv6 1
[ASBR1-bgp-default-ipv6] quit
[ASBR1-bgp-default] quit
# 配置IS-IS引入BGP发布的Locator路由。
[ASBR1] ipv6 prefix-list as100 index 10 permit 40:: 64
[ASBR1] ipv6 prefix-list as100 index 20 permit 4::4 128
[ASBR1] route-policy as100 permit node 1
[ASBR1-route-policy-as100-1] if-match ipv6 address prefix-list as100
[ASBR1-route-policy-as100-1] quit
[ASBR1] isis 1
[ASBR1-isis-1] address-family ipv6 unicast
[ASBR1-isis-1-ipv6] import-route bgp4+ route-policy as100
[ASBR1-isis-1-ipv6] quit
[ASBR1-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname ASBR2
[ASBR2] isis 1
[ASBR2-isis-1] cost-style wide
[ASBR2-isis-1] network-entity 00.0000.0000.0003.00
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
[ASBR2] interface loopback 1
[ASBR2-LoopBack1] ipv6 address 3::3 128
[ASBR2-LoopBack1] isis ipv6 enable 1
[ASBR2-LoopBack1] quit
[ASBR2] interface ten-gigabitethernet 3/1/1
[ASBR2-Ten-GigabitEthernet3/1/1] ipv6 address 303::1 96
[ASBR2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[ASBR2-Ten-GigabitEthernet3/1/1] quit
[ASBR2] interface ten-gigabitethernet 3/1/2
[ASBR2-Ten-GigabitEthernet3/1/2] ipv6 address 202::2 96
[ASBR2-Ten-GigabitEthernet3/1/2] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[ASBR2] bgp 200
[ASBR2-bgp-default] router-id 3.3.3.3
[ASBR2-bgp-default] peer 4::4 as-number 200
[ASBR2-bgp-default] peer 4::4 connect-interface loopback 1
[ASBR2-bgp-default] address-family ipv6
[ASBR2-bgp-default-ipv6] peer 4::4 enable
[ASBR2-bgp-default-ipv6] peer 4::4 next-hop-local
[ASBR2-bgp-default-ipv6] quit
# 配置BGP引入IS-IS发布的Locator路由,并且发布给ASBR 2。
[ASBR2-bgp-default] peer 202::1 as-number 100
[ASBR2-bgp-default] peer 202::1 ebgp-max-hop 255
[ASBR2-bgp-default] address-family ipv6
[ASBR2-bgp-default-ipv6] peer 202::1 enable
[ASBR2-bgp-default-ipv6] import-route isisv6 1
[ASBR2-bgp-default-ipv6] quit
[ASBR2-bgp-default] quit
# 配置IS-IS引入BGP发布的Locator路由。
[ASBR2] ipv6 prefix-list as200 index 10 permit 10:: 64
[ASBR2] ipv6 prefix-list as200 index 20 permit 1::1 128
[ASBR2] route-policy as200 permit node 1
[ASBR2-route-policy-as200-1] if-match ipv6 address prefix-list as200
[ASBR2-route-policy-as200-1] quit
[ASBR2] isis 1
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] import-route bgp4+ route-policy as200
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0004.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 4::4 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 303::2 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 200
[PE2-bgp-default] router-id 4.4.4.4
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立MP-EBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] peer 1::1 ebgp-max-hop 255
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 3::3 as-number 200
[PE2-bgp-default] peer 3::3 connect-interface LoopBack1
[PE2-bgp-default] address-family ipv6
[PE2-bgp-default-ipv6] peer 3::3 enable
[PE2-bgp-default-ipv6] quit
# 在PE之间建立SRv6 BE路径。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 4::4
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 40:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] bgp 65420
[CE2-bgp-default] peer 20.1.1.2 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE设备上执行display bgp routing-table vpnv4命令查看对端PE发送的路由详细信息,可以看到对端PE发送的路由携带SID属性数据。
以PE 1为例:
[PE1] display bgp routing-table vpnv4 20.1.1.0 24
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(vpn1)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of 20.1.1.0/24:
From : 4::4 (4.4.4.4)
Rely nexthop : FE80::3419:41FF:FE28:331
Original nexthop: 4::4
Out interface : Ten-GigabitEthernet3/1/2
Route age : 00h07m07s
OutLabel : 3
Ext-Community : <RT: 100:1>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT4 SID <40::1:2>
AS-path : 200
Origin : incomplete
Attribute value : MED 0, pref-val 0
State : valid, external, best
Source type : local
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
# 在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由,并且路由下一跳值为路由携带的End.DT4 SID。
以PE 1为例:
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/1/1
20.1.1.0/24 BGP 255 0 40:: XGE3/1/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# CE 1和CE 2之间能够ping通。
[CE1] ping 20.1.1.1
Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms
--- Ping statistics for 20.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/2.600/3.000/0.490 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 101::1/96
#
bgp 100
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack1
peer 4::4 as-number 200
peer 4::4 connect-interface LoopBack1
peer 4::4 ebgp-max-hop 255
#
address-family vpnv4
peer 4::4 enable
peer 4::4 prefix-sid
#
address-family ipv6 unicast
peer 2::2 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65410
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 10:: 64 static 16
#
· ASBR 1:
#
sysname ASBR1
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
import-route bgp4+ route-policy as100
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 101::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ipv6 address 202::1/96
#
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
peer 202::2 as-number 200
peer 202::2 ebgp-max-hop 255
#
address-family ipv6 unicast
import-route isisv6 1
network 10:: 64
peer 1::1 enable
peer 1::1 next-hop-local
peer 202::2 enable
#
route-policy as100 permit node 1
if-match ipv6 address prefix-list as100
#
ipv6 prefix-list as100 index 10 permit 40:: 64
ipv6 prefix-list as100 index 20 permit 4::4 128
#
· ASBR 2:
#
sysname ASBR2
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
import-route bgp4+ route-policy as200
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 303::1/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ipv6 address 202::2/96
#
bgp 200
router-id 3.3.3.3
peer 4::4 as-number 200
peer 4::4 connect-interface LoopBack1
peer 202::1 as-number 100
peer 202::1 ebgp-max-hop 255
#
address-family ipv6 unicast
import-route isisv6 1
network 40:: 64
peer 4::4 enable
peer 4::4 next-hop-local
peer 202::1 enable
#
route-policy as200 permit node 1
if-match ipv6 address prefix-list as200
#
ipv6 prefix-list as200 index 10 permit 10:: 64
ipv6 prefix-list as200 index 20 permit 1::1 128
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0004.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 4::4/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 303::2/96
#
bgp 200
router-id 4.4.4.4
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
peer 1::1 ebgp-max-hop 255
peer 3::3 as-number 200
peer 3::3 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
address-family ipv6 unicast
peer 3::3 enable
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 65420
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 4::4
#
locator abc ipv6-prefix 40:: 64 static 16
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 20.1.1.1 255.255.255.0
#
bgp 65420
peer 20.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
如图4所示,承载网为IPv6网络,私网为IPv4网络。PE 1、P和PE 2属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间建立正向和反向两条SRv6 TE Policy来承载IPv4 L3VPN业务。在PE 1和PE 2上通过路由策略来设置VPNv4路由的Color属性,将VPN私网流量引流到指定的SRv6 TE Policy中。
图4 IPv4 L3VPN over SRv6 TE Policy组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/2 |
20.1.1.1/24 |
|
Loop0 |
11.11.11.11/32 |
|
Loop0 |
22.22.22.22/32 |
PE 1 |
Loop1 |
1::1/128 |
P |
Loop1 |
2::2/128 |
|
XGE3/1/1 |
10.1.1.2/24 |
|
XGE3/1/1 |
3001::2/96 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
2001::2/96 |
PE 2 |
Loop1 |
3::3/128 |
|
|
|
|
XGE3/1/1 |
3001::1/96 |
|
|
|
|
XGE3/1/2 |
30.1.1.2/24 |
|
|
|
如果网络中存在多种隧道,例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy,且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时,需要配置路由策略来设置路由的Color属性,并配置隧道策略来保证迭代隧道时,优先选择指定的SRv6 TE Policy。
<CE1> system-view
[CE1] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 11.11.11.11 32
[CE1-LoopBack0] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<PE1> system-view
[PE1] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 1接入PE 1。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1与CE 1之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE 1和PE 2之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3::3 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] opcode 1 end
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 在PE 1上配置SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator abc
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1
[PE1-srv6-te-sl-s1] quit
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 在PE 1上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3::3 route-policy a import
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<P> system-view
[P] sysname P
[P] isis 1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 00.0000.0000.0002.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 1
[P-LoopBack1] ipv6 address 2::2 128
[P-LoopBack1] isis ipv6 enable 1
[P-LoopBack1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 2001::2 96
[P-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/2] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 3001::2 96
[P-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/1] quit
# 在P上配置Locator,并由IS-IS发布该Locator。
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[P-segment-routing-ipv6-locator-abc] opcode 1 end
[P-segment-routing-ipv6-locator-abc] quit
[P-segment-routing-ipv6] quit
[P] isis 1
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] segment-routing ipv6 locator abc
[P-isis-1-ipv6] quit
[P-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<PE2> system-view
[PE2] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0003.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 3::3 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ipv6 address 3001::1 96
[PE2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/1] quit
# 配置VPN实例,将CE 2接入PE 2。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/2] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/2] quit
# 在PE 2与CE 2之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 3.3.3.3
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv4-vpn1] import-route direct
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE 1和PE 2之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] opcode 1 end
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 在PE 2上配置SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator abc
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1
[PE2-srv6-te-sl-s1] quit
[PE2-srv6-te] policy p1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 在PE 2上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE2] route-policy a permit node 10
[PE2-route-policy-a-10] apply extcommunity color 00:10
[PE2-route-policy-a-10] quit
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 route-policy a import
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
[PE2] tunnel-policy a
[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE2-tunnel-policy-a] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy a
[PE2-vpn-instance-vpn1] quit
<CE2> system-view
[CE2] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/2
[CE2-Ten-GigabitEthernet3/1/2] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 22.22.22.22 32
[CE2-LoopBack0] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息,可以看到SRv6 TE Policy的Status字段为Up。
[PE1] display segment-routing ipv6 te policy
Name/ID: p1/0
Color: 10
End-point: 3::3
Name from BGP:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: 100:1::1:0 Explicit BSID: - Dynamic BSID: 100:1::1:0
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2021-11-17 16:21:17
Down time: 2021-11-17 15:54:22
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Encapsulation mode: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580802
State: Up State(-): -
Active path MTU: 1428 bytes
# 在PE 1执行display ip routing-table vpn-instance vpn1 22.22.22.22 verbose命令查看VPN路由的详细信息,可以看出VPN路由22.22.22.22/32的出接口为SRv6 TE Policy p1。
[PE1] display ip routing-table vpn-instance vpn1 22.22.22.22 verbose
Summary count : 1
Destination: 22.22.22.22/32
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x1 Age: 00h30m45s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 300
NibID: 0x16000003 LastAs: 300
AttrID: 0x5 Neighbor: 3::3
Flags: 0x80010060 OrigNextHop: 3::3
Label: NULL RealNextHop: FE80::6033:29FF:FEAE:307
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: p1
BkSRLabel: NULL BkInterface: N/A
SIDIndex: NULL InLabel: NULL
Tunnel ID: 0x80300001 IPInterface: Ten-GigabitEthernet3/1/2
BkTunnel ID: Invalid BkIPInterface: N/A
FtnIndex: 0x0 ColorInterface: N/A
TrafficIndex: N/A BkColorInterface: N/A
Connector: N/A VpnPeerId: N/A
Dscp: N/A Exp: N/A
SRTunnelID: 0x80300001 StatFlags: 0x0
SID Type: N/A SID: 300:1::1:0
BkSID: N/A NID: Invalid
FlushNID: 0x80300001 BkNID: Invalid
BkFlushNID: Invalid PathID: 0x0
CommBlockLen: 0
OrigLinkID: 0x0 RealLinkID: 0x0
# CE 1和CE 2之间能够ping通。
[CE1] ping -a 11.11.11.11 22.22.22.22
Ping 22.22.22.22 (22.22.22.22) from 11.11.11.11: 56 data bytes, press CTRL_C to break
56 bytes from 22.22.22.22: icmp_seq=0 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 22.22.22.22: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 22.22.22.22: icmp_seq=4 ttl=253 time=1.000 ms
--- Ping statistics for 22.22.22.22 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable fiber
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
#
bgp 200
router-id 11.11.11.11
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
tunnel-policy a
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 2001::1/96
#
bgp 100
router-id 1.1.1.1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
#
address-family vpnv4
peer 3::3 enable
peer 3::3 route-policy a import
peer 3::3 prefix-sid
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
locator abc ipv6-prefix 100:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 300:1::1
policy p1
color 10 end-point ipv6 3::3
candidate-paths
preference 10
explicit segment-list s1
#
· P:
#
sysname P
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 3001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 2001::2/96
#
segment-routing ipv6
locator abc ipv6-prefix 200:1:: 64 static 16
opcode 1 end
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 3001::1/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 3::3
locator abc ipv6-prefix 300:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 100:1::1
policy p1
color 10 end-point ipv6 1::1
candidate-paths
preference 10
explicit segment-list s1
#
· CE 2:
#
sysname CE2
#
interface LoopBack0
ip address 22.22.22.22 255.255.255.255
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
combo enable copper
ip address 20.1.1.1 255.255.255.0
#
bgp 300
router-id 22.22.22.22
peer 20.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
如图5所示,核心网为IPv6网络,私网为IPv4网络。PE 1和ASBR 1属于AS 100,PE 2和ASBR 2属于AS 200,AS 100和AS 200内通过IS-IS协议达到IPv6网络互连的目的。在PE 1和PE 2之间静态配置跨域SRv6 TE Policy路径,承载IPv4 L3VPN业务。
图5 跨域IPv4 L3VPN over SRv6 TE Policy配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/1 |
20.1.1.1/24 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
4::4/128 |
|
XGE3/1/1 |
10.1.1.2/24 |
|
XGE3/1/1 |
20.1.1.2/24 |
|
XGE3/1/2 |
1001::1/96 |
|
XGE3/1/2 |
2002::1/96 |
ASBR 1 |
Loop1 |
2::2/128 |
ASBR 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
1001::2/96 |
|
XGE3/1/1 |
2002::2/96 |
|
XGE3/1/2 |
3003::1/96 |
|
XGE3/1/2 |
3003::2/96 |
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 1001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立MP-EBGP对等体。
[PE1-bgp-default] peer 4::4 as-number 200
[PE1-bgp-default] peer 4::4 connect-interface loopback 1
[PE1-bgp-default] peer 4::4 ebgp-max-hop 255
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 1
[PE1-bgp-default] address-family ipv6
[PE1-bgp-default-ipv6] peer 2::2 enable
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] opcode hex ::100 end-x interface ten-gigabitethernet 3/1/2 nexthop 1001::2 no-psp
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc auto-sid-disable
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 在PE 1上配置SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator abc
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 1 ipv6 100:1::100
[PE1-srv6-te-sl-s1] index 2 ipv6 200:1::100
[PE1-srv6-te-sl-s1] index 3 ipv6 300:1::100
[PE1-srv6-te-sl-s1] quit
[PE1-srv6-te] policy policy1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 4::4
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 在PE 1上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE1] route-policy as100 permit node 10
[PE1-route-policy-as100-10] apply extcommunity color 00:10
[PE1-route-policy-as100-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 route-policy as100 import
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy as100
[PE1-tunnel-policy-as100] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-as100] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy as100
[PE1-vpn-instance-vpn1] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname ASBR1
[ASBR1] isis 1
[ASBR1-isis-1] cost-style wide
[ASBR1-isis-1] network-entity 00.0000.0000.0002.00
[ASBR1-isis-1] address-family ipv6 unicast
[ASBR1-isis-1-ipv6] quit
[ASBR1-isis-1] quit
[ASBR1] interface loopback 1
[ASBR1-LoopBack1] ipv6 address 2::2 128
[ASBR1-LoopBack1] isis ipv6 enable 1
[ASBR1-LoopBack1] quit
[ASBR1] interface ten-gigabitethernet 3/1/1
[ASBR1-Ten-GigabitEthernet3/1/1] ipv6 address 1001::2 96
[ASBR1-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[ASBR1-Ten-GigabitEthernet3/1/1] quit
[ASBR1] interface ten-gigabitethernet 3/1/2
[ASBR1-Ten-GigabitEthernet3/1/2] ipv6 address 3003::1 96
[ASBR1-Ten-GigabitEthernet3/1/2] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[ASBR1] bgp 100
[ASBR1-bgp-default] router-id 2.2.2.2
[ASBR1-bgp-default] peer 1::1 as-number 100
[ASBR1-bgp-default] peer 1::1 connect-interface loopback 1
[ASBR1-bgp-default] address-family ipv6
[ASBR1-bgp-default-ipv6] peer 1::1 enable
[ASBR1-bgp-default-ipv6] peer 1::1 next-hop-local
[ASBR1-bgp-default-ipv6] quit
# 配置BGP引入IS-IS发布的Locator路由,并且发布给ASBR 2。
[ASBR1-bgp-default] peer 3003::2 as-number 200
[ASBR1-bgp-default] peer 3003::2 ebgp-max-hop 255
[ASBR1-bgp-default] address-family ipv6
[ASBR1-bgp-default-ipv6] peer 3003::2 enable
[ASBR1-bgp-default-ipv6] import-route isisv6 1
[ASBR1-bgp-default-ipv6] quit
[ASBR1-bgp-default] quit
# 在ASBR上配置SRv6 BGP EPE,配置ASBR之间的静态End.X SID。
[ASBR1] segment-routing ipv6
[ASBR1-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[ASBR1-segment-routing-ipv6-locator-abc] opcode hex ::200 end-x interface Ten-GigabitEthernet3/1/1 nexthop 1001::1
[ASBR1-segment-routing-ipv6-locator-abc] quit
[ASBR1-segment-routing-ipv6] quit
[ASBR1] bgp 100
[ASBR1-bgp-default] segment-routing ipv6 egress-engineering locator abc
[ASBR1-bgp-default] peer 3003::2 egress-engineering srv6 static-sid no-psp-usp 200:1::100
[ASBR1-bgp-default] quit
# 配置IS-IS引入BGP发布的Locator路由。
[ASBR1] ipv6 prefix-list as100 index 10 permit 400:1:: 64
[ASBR1] ipv6 prefix-list as100 index 20 permit 4::4 128
[ASBR1] route-policy as100 permit node 1
[ASBR1-route-policy-as100-1] if-match ipv6 address prefix-list as100
[ASBR1-route-policy-as100-1] quit
[ASBR1] isis 1
[ASBR1-isis-1] address-family ipv6 unicast
[ASBR1-isis-1-ipv6] import-route bgp4+ route-policy as100
[ASBR1-isis-1-ipv6] quit
[ASBR1-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE和ASBR的互通。
<Sysname> system-view
[Sysname] sysname ASBR2
[ASBR2] isis 1
[ASBR2-isis-1] cost-style wide
[ASBR2-isis-1] network-entity 00.0000.0000.0003.00
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
[ASBR2] interface loopback 1
[ASBR2-LoopBack1] ipv6 address 3::3 128
[ASBR2-LoopBack1] isis ipv6 enable 1
[ASBR2-LoopBack1] quit
[ASBR2] interface ten-gigabitethernet 3/1/1
[ASBR2-Ten-GigabitEthernet3/1/1] ipv6 address 2002::2 96
[ASBR2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[ASBR2-Ten-GigabitEthernet3/1/1] quit
[ASBR2] interface ten-gigabitethernet 3/1/2
[ASBR2-Ten-GigabitEthernet3/1/2] ipv6 address 3003::2 96
[ASBR2-Ten-GigabitEthernet3/1/2] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[ASBR2] bgp 200
[ASBR2-bgp-default] router-id 3.3.3.3
[ASBR2-bgp-default] peer 4::4 as-number 200
[ASBR2-bgp-default] peer 4::4 connect-interface loopback 1
[ASBR2-bgp-default] address-family ipv6
[ASBR2-bgp-default-ipv6] peer 4::4 enable
[ASBR2-bgp-default-ipv6] peer 4::4 next-hop-local
[ASBR2-bgp-default-ipv6] quit
# 配置BGP引入IS-IS发布的Locator路由,并且发布给ASBR 2。
[ASBR2-bgp-default] peer 3003::1 as-number 100
[ASBR2-bgp-default] peer 3003::1 ebgp-max-hop 255
[ASBR2-bgp-default] address-family ipv6
[ASBR2-bgp-default-ipv6] peer 3003::1 enable
[ASBR2-bgp-default-ipv6] import-route isisv6 1
[ASBR2-bgp-default-ipv6] quit
[ASBR2-bgp-default] quit
# 在ASBR上配置SRv6 BGP EPE,配置ASBR之间的静态End.X SID。
[ASBR2] segment-routing ipv6
[ASBR2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[ASBR2-segment-routing-ipv6-locator-abc] opcode hex ::100 end-x interface Ten-GigabitEthernet3/1/1 nexthop 2002::1
[ASBR2-segment-routing-ipv6-locator-abc] quit
[ASBR2-segment-routing-ipv6] quit
[ASBR2] bgp 200
[ASBR2-bgp-default] segment-routing ipv6 egress-engineering locator abc
[ASBR2-bgp-default] peer 3003::1 egress-engineering srv6 static-sid no-psp-usp 300:1::200
[ASBR2-bgp-default] quit
# 配置IS-IS引入BGP发布的Locator路由。
[ASBR2] ipv6 prefix-list as200 index 10 permit 100:1:: 64
[ASBR2] ipv6 prefix-list as200 index 20 permit 1::1 128
[ASBR2] route-policy as200 permit node 1
[ASBR2-route-policy-as200-1] if-match ipv6 address prefix-list as200
[ASBR2-route-policy-as200-1] quit
[ASBR2] isis 1
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] import-route bgp4+ route-policy as200
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0004.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 4::4 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2002::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 200
[PE2-bgp-default] router-id 4.4.4.4
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立MP-EBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] peer 1::1 ebgp-max-hop 255
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE和ASBR之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 3::3 as-number 200
[PE2-bgp-default] peer 3::3 connect-interface LoopBack1
[PE2-bgp-default] address-family ipv6
[PE2-bgp-default-ipv6] peer 3::3 enable
[PE2-bgp-default-ipv6] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 4::4
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 400:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] opcode hex ::200 end-x interface Ten-GigabitEthernet3/1/2 nexthop 2002::2 no-psp
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc auto-sid-disable
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 在PE 1上配置SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator abc
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 1 ipv6 400:1::200
[PE2-srv6-te-sl-s1] index 2 ipv6 300:1::200
[PE2-srv6-te-sl-s1] index 3 ipv6 200:1::200
[PE2-srv6-te-sl-s1] quit
[PE2-srv6-te] policy policy1
[PE2-srv6-te-policy-p1] binding-sid ipv6 400:1::1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 在PE 1上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE2] route-policy as200 permit node 10
[PE2-route-policy-as200-10] apply extcommunity color 00:10
[PE2-route-policy-as200-10] quit
[PE2] bgp 200
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 route-policy as200 import
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
[PE2] tunnel-policy as200
[PE2-tunnel-policy-as200] select-seq srv6-policy load-balance-number 1
[PE2-tunnel-policy-as200] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy as200
[PE2-vpn-instance-vpn1] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] bgp 65420
[CE2-bgp-default] peer 20.1.1.2 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息,可以看到SRv6 TE Policy的Status字段为Up。
[PE1] display segment-routing ipv6 te policy
Name/ID: policy1/0
Color: 10
End-point: 4::4
Name from BGP:
BSID:
Mode: Explicit Type: Type_2 Request state: Succeeded
Current BSID: 100:1::1 Explicit BSID: 100:1::1 Dynamic BSID: -
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2021-11-27 16:26:20
Down time: 2021-11-27 16:25:55
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Encapsulation mode: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580802
State: Up State(-): -
Active path MTU: 1428 bytes
# 在PE 1执行display ip routing-table vpn-instance vpn1命令查看VPN路由的详细信息,可以看出VPN路由20.1.1.0/24的出接口为SRv6 TE Policy p1。
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/1/1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/1/1
20.1.1.0/24 BGP 255 0 4::4 policy1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# CE 1和CE 2之间能够ping通。
[CE1] ping 20.1.1.1
Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=3.000 ms
56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms
--- Ping statistics for 20.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/2.600/3.000/0.490 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy as100
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc auto-sid-disable
#
tunnel-policy as100
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::1/96
#
bgp 100
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack1
peer 4::4 as-number 200
peer 4::4 connect-interface LoopBack1
peer 4::4 ebgp-max-hop 255
#
address-family vpnv4
peer 4::4 enable
peer 4::4 route-policy as100 import
peer 4::4 prefix-sid
#
address-family ipv6 unicast
peer 2::2 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65410
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
route-policy as100 permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 100:1:: 64 static 16
opcode hex ::100 end-x interface Ten-GigabitEthernet3/1/2 nexthop 1001::2 no-psp
#
traffic-engineering
srv6-policy locator abc
#
segment-list s1
index 1 ipv6 100:1::100
index 2 ipv6 200:1::100
index 3 ipv6 300:1::100
#
policy policy1
binding-sid ipv6 100:1::1
color 10 end-point ipv6 4::4
#
candidate-paths
#
preference 10
explicit segment-list s1
#
· ASBR 1:
#
sysname ASBR1
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
import-route bgp4+ route-policy as100
segment-routing ipv6 locator abc auto-sid-disable
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ipv6 address 3003::1/96
#
bgp 100
segment-routing ipv6 egress-engineering locator abc
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
peer 3003::2 as-number 200
peer 3003::2 ebgp-max-hop 255
peer 3003::2 egress-engineering srv6 static-sid no-psp-usp 200:1::100
#
address-family ipv6 unicast
import-route isisv6 1
peer 1::1 enable
peer 1::1 next-hop-local
peer 3003::2 enable
#
route-policy as100 permit node 1
if-match ipv6 address prefix-list as100
#
ipv6 prefix-list as100 index 10 permit 400:1:: 64
ipv6 prefix-list as100 index 20 permit 4::4 128
#
segment-routing ipv6
#
locator abc ipv6-prefix 200:1:: 64 static 16
opcode hex ::200 end-x interface Ten-GigabitEthernet3/1/1 nexthop 1001::1
#
· ASBR 2:
#
sysname ASBR2
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
import-route bgp4+ route-policy as200
segment-routing ipv6 locator abc auto-sid-disable
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ipv6 address 3003::2/96
#
bgp 200
segment-routing ipv6 egress-engineering locator abc
router-id 3.3.3.3
peer 4::4 as-number 200
peer 4::4 connect-interface LoopBack1
peer 3003::1 as-number 100
peer 3003::1 ebgp-max-hop 255
peer 3003::1 egress-engineering srv6 static-sid no-psp-usp 300:1::200
#
address-family ipv6 unicast
import-route isisv6 1
peer 4::4 enable
peer 4::4 next-hop-local
peer 3003::1 enable
#
route-policy as200 permit node 1
if-match ipv6 address prefix-list as200
#
ipv6 prefix-list as200 index 10 permit 100:1:: 64
ipv6 prefix-list as200 index 30 permit 1::1 128
#
segment-routing ipv6
#
locator abc ipv6-prefix 300:1:: 64 static 16
opcode hex ::100 end-x interface Ten-GigabitEthernet3/1/1 nexthop 2002::1
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy as200
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0004.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc auto-sid-disable
#
tunnel-policy as200
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 4::4/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::1/96
#
bgp 200
router-id 4.4.4.4
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
peer 1::1 ebgp-max-hop 255
peer 3::3 as-number 200
peer 3::3 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 route-policy as200 import
peer 1::1 prefix-sid
#
address-family ipv6 unicast
peer 3::3 enable
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 65420
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
route-policy as200 permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 4::4
#
locator abc ipv6-prefix 400:1:: 64 static 16
opcode hex ::200 end-x interface Ten-GigabitEthernet3/1/2 nexthop 2002::2 no-psp
#
traffic-engineering
srv6-policy locator abc
#
segment-list s1
index 1 ipv6 400:1::200
index 2 ipv6 300:1::200
index 3 ipv6 200:1::200
#
policy policy1
binding-sid ipv6 400:1::1
color 10 end-point ipv6 1::1
#
candidate-paths
#
preference 10
explicit segment-list astoas
explicit segment-list s1
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 20.1.1.1 255.255.255.0
#
bgp 65420
peer 20.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
如图6所示,核心网为IPv6网络,私网为IPv4网络。PE 1、P和PE 2属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间静态配置两条SRv6 TE Policy来承载IPv4 EVPN L3VPN业务。在PE 1和PE 2上配置路由策略来设置EVPN路由的Color属性,以便将流量引入到指定的SRv6 TE Policy中。
图6 IPv4 EVPN L3VPN over SRv6 TE Policy配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10.1.1.1/24 |
CE 2 |
XGE3/1/2 |
20.1.1.1/24 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
10.1.1.2/24 |
|
XGE3/1/1 |
20.1.1.2/24 |
|
XGE3/1/2 |
1001::1/96 |
|
XGE3/1/2 |
2001::1/96 |
P |
Loop1 |
2::2/128 |
|
|
|
|
XGE3/1/1 |
1001::2/96 |
|
|
|
|
XGE3/1/2 |
2001::2/96 |
|
|
|
如果网络中存在多种隧道,例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy,且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时,需要配置路由策略来设置路由的Color属性,并配置隧道策略来保证迭代隧道时,优先选择指定的SRv6 TE Policy。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 1001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 1接入PE 1。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1与CE 1之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] opcode 1 end
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering evpn
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 在PE 1上配置SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator abc
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1
[PE1-srv6-te-sl-s1] quit
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 在PE 1上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 route-policy a import
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname P
[P] isis 1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 00.0000.0000.0002.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 1
[P-LoopBack1] ipv6 address 2::2 128
[P-LoopBack1] isis ipv6 enable 1
[P-LoopBack1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 1001::2 96
[P-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/2] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[P-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/1] quit
# 在P上配置Locator,并由IS-IS发布该Locator。
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[P-segment-routing-ipv6-locator-abc] opcode 1 end
[P-segment-routing-ipv6-locator-abc] quit
[P-segment-routing-ipv6] quit
[P] isis 1
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] segment-routing ipv6 locator abc
[P-isis-1-ipv6] quit
[P-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0003.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 3::3 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 2接入PE 2。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 2与CE 2之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 3.3.3.3
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv4-vpn1] import-route direct
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] opcode 1 end
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering evpn
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 在PE 2上配置SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator abc
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1
[PE2-srv6-te-sl-s1] quit
[PE2-srv6-te] policy p1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 在PE 2上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE2] route-policy a permit node 10
[PE2-route-policy-a-10] apply extcommunity color 00:10
[PE2-route-policy-a-10] quit
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 route-policy a import
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
[PE2] tunnel-policy a
[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE2-tunnel-policy-a] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy a
[PE2-vpn-instance-vpn1] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/2
[CE2-Ten-GigabitEthernet3/1/2] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/1/2] quit
[CE2] bgp 300
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息,可以看到SRv6 TE Policy的Status字段为Up。
[PE1] display segment-routing ipv6 te policy
Name/ID: p1/0
Color: 10
End-point: 3::3
Name from BGP:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: 100:1::1:3 Explicit BSID: - Dynamic BSID: 100:1::1:3
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2021-11-23 19:31:35
Down time: 2021-11-23 19:27:37
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Encapsulation mode: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580802
State: Up State(-): -
Active path MTU: 1428 bytes
# 在PE 1执行display ip routing-table vpn-instance vpn1 20.1.1.0 24命令查看VPN路由的详细信息,可以看出VPN路由20.1.1.0/24的出接口为SRv6 TE Policy p1。
[PE1] display ip routing-table vpn-instance vpn1 20.1.1.0 24
Summary count : 1
Destination/Mask Proto Pre Cost NextHop Interface
20.1.1.0/24 BGP 255 0 3::3 p1
# CE 1和CE 2之间能够ping通。
[CE1] ping 20.1.1.1
Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms
--- Ping statistics for 20.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
bgp 200
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy a
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
tunnel-policy a
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::1/96
#
bgp 100
router-id 1.1.1.1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 3::3 enable
peer 3::3 route-policy a import
peer 3::3 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 10.1.1.1 enable
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
locator abc ipv6-prefix 100:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 300:1::1
policy p1
color 10 end-point ipv6 3::3
candidate-paths
preference 10
explicit segment-list s1
#
· P:
#
sysname P
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::2/96
#
segment-routing ipv6
locator abc ipv6-prefix 200:1:: 64 static 16
opcode 1 end
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy a
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
tunnel-policy a
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::1/96
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 route-policy a import
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 traffic-engineering evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 20.1.1.1 enable
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 3::3
locator abc ipv6-prefix 300:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 100:1::1
policy p1
color 10 end-point ipv6 1::1
candidate-paths
preference 10
explicit segment-list s1
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip address 20.1.1.1 255.255.255.0
#
bgp 300
peer 20.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
如图7所示,核心网为IPv6网络,私网为IPv6网络,在核心网中PE设备之间部署EVPN L3VPN over SRv6 BE,通过SRv6隧道传递私网数据。
· CE 1和CE 2均属于VPN 1。
· CE与PE之间配置EBGP交换VPN路由信息。
· 同一自治系统内的PE设备之间运行IS-IS实现IPv6网络互通,配置MP-IBGP交换EVPN路由信息。
图7 IPv6 EVPN L3VPN over SRv6 BE配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
1000::1/96 |
CE 2 |
XGE3/1/1 |
3000::1/96 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
1000::2/96 |
|
XGE3/1/1 |
3000::2/96 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
2002::1/96 |
P |
Loop1 |
2::2/128 |
|
|
|
|
XGE3/1/1 |
2001::2/96 |
|
|
|
|
XGE3/1/2 |
2002::2/96 |
|
|
|
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::1 96
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 1000::2 as-number 100
[CE1-bgp-default] address-family ipv6 unicast
[CE1-bgp-default-ipv6] peer 1000::2 enable
[CE1-bgp-default-ipv6] import-route direct
[CE1-bgp-default-ipv6] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::2 96
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 1000::1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable
[PE1-bgp-default-ipv6-vpn1] import-route direct
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE1-segment-routing-ipv6] locator evpn ipv6-prefix 1:2:: 96 static 16
[PE1-segment-routing-ipv6-locator-evpn] quit
[PE1-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator evpn
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator evpn evpn
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname P
[P] isis 1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 00.0000.0000.0002.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 1
[P-LoopBack1] ipv6 address 2::2 128
[P-LoopBack1] isis ipv6 enable 1
[P-LoopBack1] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[P-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 2002::2 96
[P-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/2] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0003.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 3::3 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2002::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ipv6 address 3000::2 96
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 3000::1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] peer 3000::1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE2-segment-routing-ipv6] locator evpn ipv6-prefix 3:4:: 96 static 16
[PE2-segment-routing-ipv6-locator-evpn] quit
[PE2-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator evpn
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator evpn evpn
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 3000::1 96
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 3000::2 as-number 100
[CE2-bgp-default] address-family ipv6 unicast
[CE2-bgp-default-ipv6] peer 3000::2 enable
[CE2-bgp-default-ipv6] import-route direct
[CE2-bgp-default-ipv6] quit
[CE2-bgp-default] quit
# 在PE设备上执行display bgp l2vpn evpn命令查看对端PE发送的路由详细信息,可以看到对端PE发送的路由携带SID属性数据。
以PE 1为例:
[PE1] display bgp l2vpn evpn [5][0][96][3000::]/176
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(vpn1)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][96][3000::]/176:
From : 3::3 (2.2.2.2)
Rely nexthop : FE80::A06E:DBFF:FEFC:316
Original nexthop: 3::3
Out interface : Ten-GigabitEthernet3/1/2
Route age : 00h00m29s
OutLabel : 3
Ext-Community : <RT: 100:1>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT6 SID <3:4::1:4>
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
Source type : local
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 3000::/96
Gateway address : ::
MPLS label : 3
Tunnel policy : NULL
Rely tunnel IDs : N/A
Re-orignination : Disable
# CE 1和CE 2之间能够ping通。
[CE1] ping ipv6 3000::1
Ping6(56 data bytes) 1000::1 --> 3000::1, press CTRL_C to break
56 bytes from 3000::1, icmp_seq=0 hlim=62 time=3.000 ms
56 bytes from 3000::1, icmp_seq=1 hlim=62 time=2.000 ms
56 bytes from 3000::1, icmp_seq=2 hlim=62 time=2.000 ms
56 bytes from 3000::1, icmp_seq=3 hlim=62 time=2.000 ms
56 bytes from 3000::1, icmp_seq=4 hlim=62 time=2.000 ms
--- Ping6 statistics for 3000::1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/2.200/3.000/0.400 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 1000::1/96
#
bgp 200
router-id 11.11.11.11
peer 1000::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 1000::2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator evpn
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 1000::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::1/96
#
bgp 100
router-id 1.1.1.1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 3::3 enable
peer 3::3 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 1000::1 as-number 200
#
address-family ipv6 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator evpn evpn
import-route direct
peer 1000::1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator evpn ipv6-prefix 1:2:: 96 static 16
#
· P:
#
sysname P
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::2/96
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator evpn
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 3000::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::1/96
#
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 3000::1 as-number 300
#
address-family ipv6 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator evpn evpn
import-route direct
peer 3000::1 enable
#
segment-routing ipv6
encapsulation source-address 3::3
#
locator evpn ipv6-prefix 3:4:: 96 static 16
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 3000::1/96
#
bgp 300
router-id 22.22.22.22
peer 3000::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 3000::2 enable
#
如图8所示,核心网为IPv6网络,私网为IPv6网络。PE 1、P 1、P 2和PE 2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。要求在PE 1和PE 2之间建立双向SRv6 BE路径,承载IPv6 EVPN L3VPN业务。为了充分利用网络资源,要求业务流量在PE 1和PE 2之间的SRv6 BE上进行ECMP。
图8 IPv6 EVPN L3VPN over SRv6 BE ECMP配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
1000::1/96 |
CE 2 |
XGE3/1/1 |
4000::1/96 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
4::4/128 |
|
XGE3/1/1 |
1000::2/96 |
|
XGE3/1/1 |
4000::2/96 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
2002::1/96 |
|
XGE3/1/3 |
3001::1/96 |
|
XGE3/1/3 |
3002::1/96 |
P 1 |
Loop1 |
2::2/128 |
P 2 |
Loop1 |
2::2/128 |
|
XGE3/1/1 |
2001::2/96 |
|
XGE3/1/1 |
3001::2/96 |
|
XGE3/1/2 |
2002::2/96 |
|
XGE3/1/2 |
3002::2/96 |
SRv6 BE ECMP依赖于网络中的等价路由,所以为了确保配置成功,用户需要合理规划链路的IGP cost。在本例中,各个链路采用缺省cost值(10)。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::1 96
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 1000::2 as-number 100
[CE1-bgp-default] address-family ipv6 unicast
[CE1-bgp-default-ipv6] peer 1000::2 enable
[CE1-bgp-default-ipv6] import-route direct
[CE1-bgp-default-ipv6] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ipv6 address 3001::1 96
[PE1-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::2 96
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 1000::1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable
[PE1-bgp-default-ipv6-vpn1] import-route direct
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE1-bgp-default] peer 4::4 as-number 100
[PE1-bgp-default] peer 4::4 connect-interface loopback 1
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 4::4 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 4::4 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname P1
[P1] isis 1
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface loopback 1
[P1-LoopBack1] ipv6 address 2::2 128
[P1-LoopBack1] isis ipv6 enable 1
[P1-LoopBack1] quit
[P1] interface ten-gigabitethernet 3/1/1
[P1-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[P1-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P1-Ten-GigabitEthernet3/1/1] quit
[P1] interface ten-gigabitethernet 3/1/2
[P1-Ten-GigabitEthernet3/1/2] ipv6 address 2002::2 96
[P1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P1-Ten-GigabitEthernet3/1/2] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname P2
[P2] isis 1
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface loopback 1
[P2-LoopBack1] ipv6 address 2::2 128
[P2-LoopBack1] isis ipv6 enable 1
[P2-LoopBack1] quit
[P2] interface ten-gigabitethernet 3/1/1
[P2-Ten-GigabitEthernet3/1/1] ipv6 address 3001::2 96
[P2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P2-Ten-GigabitEthernet3/1/1] quit
[P2] interface ten-gigabitethernet 3/1/2
[P2-Ten-GigabitEthernet3/1/2] ipv6 address 3002::2 96
[P2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P2-Ten-GigabitEthernet3/1/2] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0004.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 4::4 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2002::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
[PE2] interface ten-gigabitethernet 3/1/3
[PE2-Ten-GigabitEthernet3/1/3] ipv6 address 3002::1 96
[PE2-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ipv6 address 4000::2 96
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 4.4.4.4
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 4000::1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] peer 4000::1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 4::4
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 4000::1 96
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 4000::2 as-number 100
[CE2-bgp-default] address-family ipv6 unicast
[CE2-bgp-default-ipv6] peer 4000::2 enable
[CE2-bgp-default-ipv6] import-route direct
[CE2-bgp-default-ipv6] quit
[CE2-bgp-default] quit
# 执行命令display ipv6 routing-table vpn-instance查看VPN路由信息,可以看出VPN路由4000::1/96具有两个出接口,转发时将形成ECMP。
以PE 1为例:
[PE1] display ipv6 routing-table vpn-instance vpn1 4000::1 96
Summary count : 1
Destination: 4000::/96 Protocol : BGP4+
NextHop : 200:1:: Preference: 255
Interface : XGE3/1/2 Cost : 0
Destination: 4000::/96 Protocol : BGP4+
NextHop : 200:1:: Preference: 255
Interface : XGE3/1/3 Cost : 0
# CE 1和CE 2之间能够ping通。
[CE1] ping ipv6 4000::1
Ping6(56 data bytes) 1000::1 --> 4000::1, press CTRL_C to break
56 bytes from 4000::1, icmp_seq=0 hlim=62 time=2.000 ms
56 bytes from 4000::1, icmp_seq=1 hlim=62 time=2.000 ms
56 bytes from 4000::1, icmp_seq=2 hlim=62 time=2.000 ms
56 bytes from 4000::1, icmp_seq=3 hlim=62 time=1.000 ms
56 bytes from 4000::1, icmp_seq=4 hlim=62 time=1.000 ms
--- Ping6 statistics for 4000::1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 ms
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 1000::1/96
#
bgp 200
router-id 11.11.11.11
peer 1000::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 1000::2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 1000::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
isis ipv6 enable 1
ipv6 address 3001::1/96
#
bgp 100
router-id 1.1.1.1
peer 4::4 as-number 100
peer 4::4 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 4::4 enable
peer 4::4 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 1000::1 as-number 200
#
address-family ipv6 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 1000::1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 100:1:: 64 static 16
#
· P 1:
#
sysname P1
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::2/96
#
· P 2:
#
sysname P2
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 3001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 3002::2/96
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0004.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 4::4/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 4000::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2002::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
isis ipv6 enable 1
ipv6 address 3002::1/96
#
bgp 100
router-id 4.4.4.4
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 4000::1 as-number 300
#
address-family ipv6 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 4000::1 enable
#
segment-routing ipv6
encapsulation source-address 4::4
#
locator abc ipv6-prefix 200:1:: 64 static 16
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 4000::1/96
#
bgp 300
router-id 22.22.22.22
peer 4000::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 4000::2 enable
#
如图9所示,核心网为IPv6网络,私网为IPv6网络。PE 1、P 1、P 2和PE 2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。要求在PE 1和PE 2之间建立双向SRv6 BE路径,承载IPv6 EVPN L3VPN业务。为了提升网络可靠性,要求在PE 1上配置快速重路由功能,实现当主路径出现故障时,将流量迅速切换到备份路径,大大缩短故障恢复时间。
图9 IPv6 EVPN L3VPN over SRv6 BE快速重路由配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
2::2/128 |
|
XGE3/1/1 |
1000::2/96 |
|
XGE3/1/1 |
2001::2/96 |
|
XGE3/1/2 |
2001::1/96 |
|
XGE3/1/2 |
2002::2/96 |
|
XGE3/1/3 |
3001::1/96 |
PE 3 |
Loop1 |
3::3/128 |
|
|
|
|
XGE3/1/1 |
3001::2/96 |
|
|
|
|
XGE3/1/2 |
3002::2/96 |
CE 1 |
Loop1 |
11::11/128 |
CE 2 |
Loop1 |
22::22/128 |
|
XGE3/1/1 |
1000::1/96 |
|
XGE3/1/1 |
2002::1/96 |
|
|
|
|
XGE3/1/2 |
3002::1/96 |
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface loopback 1
[CE1-LoopBack1] ipv6 address 11::11 128
[CE1-LoopBack1] quit
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::1 96
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 1000::2 as-number 100
[CE1-bgp-default] address-family ipv6 unicast
[CE1-bgp-default-ipv6] peer 1000::2 enable
[CE1-bgp-default-ipv6] import-route direct
[CE1-bgp-default-ipv6] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ipv6 address 3001::1 96
[PE1-Ten-GigabitEthernet3/1/3] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/3] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ipv6 address 1000::2 96
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 1000::1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable
[PE1-bgp-default-ipv6-vpn1] import-route direct
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 1
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2::2 enable
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
# 配置快速重路由功能。
[PE1-bgp-default-ipv6-vpn1] pic
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 使用静态BFD检测Locator路由。如果Locator路由不可达,触发快速重路由进行路径切换。
[PE1] bfd static test peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 10 remote 20
[PE1-bfd-static-session-test] bfd multi-hop min-transmit-interval 100
[PE1-bfd-static-session-test] bfd multi-hop min-receive-interval 100
[PE1-bfd-static-session-test] bfd multi-hop detect-multiplier 3
[PE1-bfd-static-session-test] quit
[PE1] bgp 100
[PE1-bgp-default] primary-path-detect bfd ctrl
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0002.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 2::2 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[PE2-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/1] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2002::2 96
[PE2-Ten-GigabitEthernet3/1/2] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 2002::1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] peer 2002::1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 使用静态BFD检测Locator路由。如果Locator路由不可达,触发快速重路由进行路径切换。
[PE2] bfd static test peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 20 remote 10
[PE2-bfd-static-session-test] bfd multi-hop min-transmit-interval 100
[PE2-bfd-static-session-test] bfd multi-hop min-receive-interval 100
[PE2-bfd-static-session-test] bfd multi-hop detect-multiplier 3
[PE2-bfd-static-session-test] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。
<Sysname> system-view
[Sysname] sysname PE3
[PE3] isis 1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 00.0000.0000.0003.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
[PE3] interface loopback 1
[PE3-LoopBack1] ipv6 address 3::3 128
[PE3-LoopBack1] isis ipv6 enable 1
[PE3-LoopBack1] quit
[PE3] interface ten-gigabitethernet 3/1/1
[PE3-Ten-GigabitEthernet3/1/1] ipv6 address 3001::2 96
[PE3-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet3/1/1] quit
# 配置VPN实例,将CE接入PE。
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 300:1
[PE3-vpn-instance-vpn1] vpn-target 100:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/1/2
[PE3-Ten-GigabitEthernet3/1/2] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/1/2] ipv6 address 3002::2 96
[PE3-Ten-GigabitEthernet3/1/2] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE3] bgp 100
[PE3-bgp-default] router-id 3.3.3.3
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 3002::1 as-number 300
[PE3-bgp-default-vpn1] address-family ipv6 unicast
[PE3-bgp-default-ipv6-vpn1] peer 3002::1 enable
[PE3-bgp-default-ipv6-vpn1] import-route direct
[PE3-bgp-default-ipv6-vpn1] quit
[PE3-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE3-bgp-default] peer 1::1 as-number 100
[PE3-bgp-default] peer 1::1 connect-interface loopback 1
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 1::1 enable
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。
[PE3-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[PE3-segment-routing-ipv6-locator-abc] quit
[PE3-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator abc
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT6 SID,同时允许将私网路由迭代到End.DT6 SID的路由条目上。
[PE3] bgp 100
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv6 unicast
[PE3-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE3-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn
[PE3-bgp-default-ipv6-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface loopback 1
[CE2-LoopBack1] ipv6 address 22::22 128
[CE2-LoopBack1] quit
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 2002::1 96
[CE2-Ten-GigabitEthernet3/1/1] quit
[CE2] interface ten-gigabitethernet 3/1/2
[CE2-Ten-GigabitEthernet3/1/2] ipv6 address 3002::1 96
[CE2-Ten-GigabitEthernet3/1/2] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 2002::2 as-number 100
[CE2-bgp-default] peer 3002::2 as-number 100
[CE2-bgp-default] address-family ipv6 unicast
[CE2-bgp-default-ipv6] peer 2002::2 enable
[CE2-bgp-default-ipv6] peer 3002::2 enable
[CE2-bgp-default-ipv6] import-route direct
[CE2-bgp-default-ipv6] quit
[CE2-bgp-default] quit
# 执行命令display ipv6 routing-table vpn-instance verbose查看VPN路由信息,可以看出VPN路由22::22/128具有备份出接口。
以PE 1为例:
[PE1] display ipv6 routing-table vpn-instance vpn1 22::22 128 verbose
Summary count : 1
Destination: 22::22/128
Protocol: BGP4+ instance default
Process ID: 0
SubProtID: 0x8 Age: 00h27m38s
FlushedAge: 00h27m38s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x10a OrigAs: 300
NibID: 0x2600000a LastAs: 300
AttrID: 0x0
BkAttrID: 0x7 Neighbor: 2::2
Flags: 0x80010060 OrigNextHop: 200:1::
Label: NULL RealNextHop: FE80::8099:2EFF:FE26:316
BkLabel: NULL BkNextHop: FE80::8099:32FF:FEB6:416
SRLabel: NULL Interface: Ten-GigabitEthernet3/1/2
BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/1/3
Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/1/2
BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/1/3
InLabel: 0 ColorInterface: N/A
SIDIndex: 0 BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid StatFlags: 0x0
SID: 200:1::1:4
BkSID: 300:1::1:4
CommBlockLen: 0 Priority: Low
# CE 1和CE 2之间能够ping通。
[CE1] ping ipv6 22::22
Ping6(56 data bytes) 1000::1 --> 22::22, press CTRL_C to break
56 bytes from 22::22, icmp_seq=0 hlim=62 time=2.000 ms
56 bytes from 22::22, icmp_seq=1 hlim=62 time=2.000 ms
56 bytes from 22::22, icmp_seq=2 hlim=62 time=1.000 ms
56 bytes from 22::22, icmp_seq=3 hlim=62 time=1.000 ms
56 bytes from 22::22, icmp_seq=4 hlim=62 time=1.000 ms
--- Ping6 statistics for 22::22 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
# 关闭PE 1的接口Ten-GigabitEthernet3/1/2。
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] shutdown
[PE1-Ten-GigabitEthernet3/1/2] quit
# 在PE 1上执行命令display ipv6 routing-table vpn-instance verbose查看VPN路由信息,可以看出VPN路由22::22/128的出接口变为Ten-GigabitEthernet3/1/3。
[PE1] display ipv6 routing-table vpn-instance vpn1 22::22 128 verbose
Summary count : 1
Destination: 22::22/128
Protocol: BGP4+ instance default
Process ID: 0
SubProtID: 0x8 Age: 01h24m03s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x10a OrigAs: 300
NibID: 0x26000007 LastAs: 300
AttrID: 0x3 Neighbor: 3::3
Flags: 0x80010060 OrigNextHop: 300:1::
Label: NULL RealNextHop: FE80::843:49FF:FE7B:506
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: Ten-GigabitEthernet3/1/3
BkSRLabel: NULL BkInterface: N/A
SIDIndex: NULL InLabel: NULL
Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/1/3
BkTunnel ID: Invalid BkIPInterface: N/A
FtnIndex: 0x0 ColorInterface: N/A
TrafficIndex: N/A BkColorInterface: N/A
Connector: N/A VpnPeerId: N/A
Dscp: N/A Exp: N/A
SRTunnelID: Invalid StatFlags: 0x0
SID Type: N/A SID: 300:1::1:2
BkSID: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid PathID: 0x0
CommBlockLen: 0
OrigLinkID: 0x0 RealLinkID: 0x0
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 1000::1/96
#
bgp 200
router-id 11.11.11.11
peer 1000::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 1000::2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 1000::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::1/96
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
isis ipv6 enable 1
ipv6 address 3001::1/96
#
bfd static test peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 10 remote 20
bfd multi-hop min-transmit-interval 100
bfd multi-hop min-receive-interval 100
bfd multi-hop detect-multiplier 3
#
bgp 100
primary-path-detect bfd ctrl
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 2::2 enable
peer 2::2 advertise encap-type srv6
peer 3::3 enable
peer 3::3 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 1000::1 as-number 200
#
address-family ipv6 unicast
pic
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 1000::1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 100:1:: 64 static 16
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 2002::2/96
#
bfd static test peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 20 remote 10
bfd multi-hop min-transmit-interval 100
bfd multi-hop min-receive-interval 100
bfd multi-hop detect-multiplier 3
#
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 2002::1 as-number 300
#
address-family ipv6 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 2002::1 enable
#
segment-routing ipv6
encapsulation source-address 2::2
#
locator abc ipv6-prefix 200:1:: 64 static 16
#
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 300:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 3001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 3002::2/96
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 3002::1 as-number 300
#
address-family ipv6 unicast
undo advertise l2vpn evpn
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 3002::1 enable
#
segment-routing ipv6
encapsulation source-address 3::3
#
locator abc ipv6-prefix 300:1:: 64 static 16
#
· CE 2:
#
sysname CE2
#
interface LoopBack1
ipv6 address 22::22/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 2002::1/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ipv6 address 3002::1/96
#
bgp 300
router-id 22.22.22.22
peer 2002::2 as-number 100
peer 3002::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 2002::2 enable
peer 3002::2 enable
#
如图10所示,核心网为IPv6网络,私网为IPv6网络。PE 1、P和PE 2属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间静态配置两条SRv6 TE Policy来承载IPv6 EVPN L3VPN业务。在PE 1和PE 2上配置路由策略来设置EVPN路由的Color属性来引流到指定的SRv6 TE Policy中。
图10 IPv6 EVPN L3VPN over SRv6 TE Policy配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
100::1/96 |
CE 2 |
XGE3/1/2 |
200::1/96 |
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
3::3/128 |
|
XGE3/1/1 |
100::2/96 |
|
XGE3/1/1 |
200::2/96 |
|
XGE3/1/2 |
1001::1/96 |
|
XGE3/1/2 |
2001::1/96 |
P |
Loop1 |
2::2/128 |
|
|
|
|
XGE3/1/1 |
1001::2/96 |
|
|
|
|
XGE3/1/2 |
2001::2/96 |
|
|
|
如果网络中存在多种隧道,例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy,且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时,需要配置路由策略来设置路由的Color属性,并配置隧道策略来保证迭代隧道时,优先选择指定的SRv6 TE Policy。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 100::1 96
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 100::2 as-number 100
[CE1-bgp-default] address-family ipv6 unicast
[CE1-bgp-default-ipv6] peer 100::2 enable
[CE1-bgp-default-ipv6] import-route direct
[CE1-bgp-default-ipv6] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 1001::1 96
[PE1-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 1接入PE 1。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/1] ipv6 address 100::2 96
[PE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1与CE 1之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 100::1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] peer 100::1 enable
[PE1-bgp-default-ipv6-vpn1] import-route direct
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 1
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] opcode 1 end
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 traffic-engineering evpn
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 在PE 1上配置SRv6 TE Policy。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator abc
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1
[PE1-srv6-te-sl-s1] quit
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 在PE 1上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 route-policy a import
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname P
[P] isis 1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 00.0000.0000.0002.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 1
[P-LoopBack1] ipv6 address 2::2 128
[P-LoopBack1] isis ipv6 enable 1
[P-LoopBack1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 1001::2 96
[P-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/2] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 2001::2 96
[P-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[P-Ten-GigabitEthernet3/1/1] quit
# 在P上配置Locator,并由IS-IS发布该Locator。
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[P-segment-routing-ipv6-locator-abc] opcode 1 end
[P-segment-routing-ipv6-locator-abc] quit
[P-segment-routing-ipv6] quit
[P] isis 1
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] segment-routing ipv6 locator abc
[P-isis-1-ipv6] quit
[P-isis-1] quit
# 配置IPv6 IS-IS,实现骨干网PE之间的互通。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0003.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 3::3 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 2001::1 96
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
# 配置VPN实例,将CE 2接入PE 2。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/1/1] ipv6 address 200::2 96
[PE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 2与CE 2之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 3.3.3.3
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 200::1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] peer 200::1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立BGP EVPN对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] opcode 1 end
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn
[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 traffic-engineering evpn
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# 在PE 2上配置SRv6 TE Policy。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator abc
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1
[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1
[PE2-srv6-te-sl-s1] quit
[PE2-srv6-te] policy p1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 在PE 2上配置路由策略及隧道策略,将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy,并保证SRv6 TE Policy为优选隧道。
[PE2] route-policy a permit node 10
[PE2-route-policy-a-10] apply extcommunity color 00:10
[PE2-route-policy-a-10] quit
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 route-policy a import
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
[PE2] tunnel-policy a
[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE2-tunnel-policy-a] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy a
[PE2-vpn-instance-vpn1] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/2
[CE2-Ten-GigabitEthernet3/1/2] ipv6 address 200::1 96
[CE2-Ten-GigabitEthernet3/1/2] quit
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 200::2 as-number 100
[CE2-bgp-default] address-family ipv6 unicast
[CE2-bgp-default-ipv6] peer 200::2 enable
[CE2-bgp-default-ipv6] import-route direct
[CE2-bgp-default-ipv6] quit
[CE2-bgp-default] quit
# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息,可以看到SRv6 TE Policy的Status字段为Up。
[PE1] display segment-routing ipv6 te policy
Name/ID: p1/0
Color: 10
End-point: 3::3
Name from BGP:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: 100:1::1:3 Explicit BSID: - Dynamic BSID: 100:1::1:3
Reference counts: 4
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2021-11-23 19:31:35
Down time: 2021-11-23 19:27:37
Hot backup: Not configured
Statistics: Not configured
Statistics by service class: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Not configured
BFD Echo: Not configured
Forwarding index: 2150629377
Service-class: -
Rate-limit: -
Encapsulation mode: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0
Candidate paths:
Preference : 10
CPathName:
Instance ID: 0 ASN: 0 Node address: 0.0.0.0
Peer address: ::
Optimal: Y Flags: V/A
Explicit SID list:
ID: 1 Name: s1
Weight: 1 Forwarding index: 2149580802
State: Up State(-): -
Active path MTU: 1428 bytes
# 在PE 1执行display ip routing-table vpn-instance vpn1 200::1 96命令查看VPN路由的详细信息,可以看出VPN路由200::1/96的出接口为SRv6 TE Policy p1。
[PE1] display ipv6 routing-table vpn-instance vpn1 200::1 96
Summary count : 1
Destination: 200::/96 Protocol : BGP4+
NextHop : 3::3 Preference: 255
Interface : p1 Cost : 0
# CE 1和CE 2之间能够ping通。
[CE1] >ping ipv6 200::1
Ping6(56 data bytes) 100::1 --> 200::1, press CTRL_C to break
56 bytes from 200::1, icmp_seq=0 hlim=62 time=2.000 ms
56 bytes from 200::1, icmp_seq=1 hlim=62 time=1.000 ms
56 bytes from 200::1, icmp_seq=2 hlim=62 time=2.000 ms
56 bytes from 200::1, icmp_seq=3 hlim=62 time=2.000 ms
56 bytes from 200::1, icmp_seq=4 hlim=62 time=1.000 ms
--- Ping6 statistics for 200::1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 mss
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 100::1/96
#
bgp 200
router-id 11.11.11.11
peer 100::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 100::2 enable
#
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy a
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
tunnel-policy a
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 100::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::1/96
#
bgp 100
router-id 1.1.1.1
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 3::3 enable
peer 3::3 route-policy a import
peer 3::3 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 100::1 as-number 200
#
address-family ipv6 unicast
segment-routing ipv6 traffic-engineering evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 100::1 enable
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
locator abc ipv6-prefix 100:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 300:1::1
policy p1
color 10 end-point ipv6 3::3
candidate-paths
preference 10
explicit segment-list s1
#
· P:
#
sysname P
#
isis 1
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
isis ipv6 enable 1
ipv6 address 1001::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::2/96
#
segment-routing ipv6
locator abc ipv6-prefix 200:1:: 64 static 16
opcode 1 end
#
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy a
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
tunnel-policy a
select-seq srv6-policy load-balance-number 1
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ip binding vpn-instance vpn1
ipv6 address 200::2/96
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
isis ipv6 enable 1
ipv6 address 2001::1/96
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 route-policy a import
peer 1::1 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 200::1 as-number 300
#
address-family ipv6 unicast
segment-routing ipv6 traffic-engineering evpn
segment-routing ipv6 locator abc evpn
import-route direct
peer 200::1 enable
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 3::3
locator abc ipv6-prefix 300:1:: 64 static 16
opcode 1 end
traffic-engineering
srv6-policy locator abc
segment-list s1
index 10 ipv6 200:1::1
index 20 ipv6 100:1::1
policy p1
color 10 end-point ipv6 1::1
candidate-paths
preference 10
explicit segment-list s1
#
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 200::1/96
#
bgp 300
router-id 22.22.22.22
peer 200::2 as-number 100
#
address-family ipv6 unicast
import-route direct
peer 200::2 enable
#
如图11所示,PE 1和PE 2属于EVPN L3VPN网络;PE 2和PE 3属于EVPN L3VPN over SRv6网络;PE 2为EVPN L3VPN和EVPN L3VPN over SRv6网络的边界设备。不同VPN的CE设备跨越EVPN L3VPN和EVPN L3VPN over SRv6网络互通。
具体需求为:
· PE 1和PE 2之间采用SR-MPLS BE隧道作为公网隧道。
· PE 2和PE 3之间采用SRv6 BE隧道作为公网隧道。
· PE 1、PE 2和PE 3位于同一个AS。
· EVPN L3VPN与EVPN L3VPN over SRv6网络采用Option B方式进行域内互通。
· CE 1和CE 4属于VPN 1;CE 2、CE 3、CE 5属于VPN 2。
图11 EVPN L3VPN与EVPN L3VPN over SRv6互通配置组网图
为了实现EVPN L3VPN与EVPN L3VPN over SRv6网络采用Option B方式进行域内互通,需要执行以下配置:
· 在PE 1和PE 2上配置EVPN L3VPN,并通过隧道策略指定公网隧道为SR-MPLS BE隧道。
· 在PE 2和PE 3上配置EVPN L3VPN over SRv6,并指定封装End.DT4 SID的报文迭代到SRv6 BE隧道。
· 边界节点PE 2上开启SRv6网络与MPLS网络互通功能,指定BGP引用的Locator段,以便为SRv6网络转发到MPLS网络的报文分配End.T SID,并建立End.T SID与MPLS标签的关联。
开启SRv6网络与MPLS网络互通功能后,路由从SRv6网络发布到MPLS网络时,会按照每下一跳方式分配标签,不受label-allocation-mode命令和apply-label命令的影响。
在EVPN L3VPN over SRv6组网中,需要注意的是:
· 两台PE之间不能同时建立IPv4和IPv6对等体,否则影响路由优选,无法通过SRv6隧道转发流量。
· IS-IS和BGP只能引用已经创建的Locator。
· 配置的SRv6封装的源地址时,不能为环回地址、链路本地地址、组播地址和未指定地址。指定的源地址必须为本机地址,且已经由路由协议发布。建议将源地址指定为本设备上的Loopback接口地址。
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] cost-style wide
[PE1-isis-1] quit
# 配置接口Loopback0和Ten-GigabitEthernet3/1/1的IP地址,并在接口上开启IS-IS协议。
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255
[PE1-LoopBack0] ipv6 address 11::11 128
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] port link-mode route
[PE1-Ten-GigabitEthernet3/1/1] ip address 11.0.1.1 24
[PE1-Ten-GigabitEthernet3/1/1] isis enable 1
[PE1-Ten-GigabitEthernet3/1/1] quit
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls te
[PE1-te] quit
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] mpls enable
[PE1-Ten-GigabitEthernet3/1/1] mpls te enable
[PE1-Ten-GigabitEthernet3/1/1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 1111:1
[PE1-vpn-instance-vpn1] vpn-target 1111:1000 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 1111:1000 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# 创建VPN实例vpn2,并配置VPN实例的RD和RT。
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 2222:1
[PE1-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE1-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE1-vpn-instance-vpn2] quit
# 配置接口Ten-GigabitEthernet3/1/2绑定VPN实例vpn1。
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/1/2] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置接口Ten-GigabitEthernet3/1/3绑定VPN实例vpn2。
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ip binding vpn-instance vpn2
[PE1-Ten-GigabitEthernet3/1/3] ip address 20.1.1.1 24
[PE1-Ten-GigabitEthernet3/1/3] quit
# 配置IS-IS SR的SRGB,并使能MPLS TE能力,同时在IS-IS IPv4单播地址族视图下开启SR-MPLS功能。
[PE1] isis 1
[PE1-isis-1] mpls te enable
[PE1-isis-1] segment-routing global-block 16000 16999
[PE1-isis-1] address-family ipv4
[PE1-isis-1-ipv4] segment-routing mpls
[PE1-isis-1-ipv4] segment-routing adjacency enable
[PE1-isis-1-ipv4] quit
[PE1-isis-1] quit
# 配置接口Loopback0的前缀SID索引。
[PE1] interface loopback 0
[PE1-LoopBack0] isis prefix-sid index 10
[PE1-LoopBack0] quit
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2.2.2.2 enable
[PE1-bgp-default-evpn] peer 2.2.2.2 advertise encap-type mpls
[PE1-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] peer 20.1.1.2 as-number 65420
[PE1-bgp-default-vpn2] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn2] peer 20.1.1.2 enable
[PE1-bgp-default-ipv4-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy srbe
[PE1-tunnel-policy-srbe] select-seq sr-lsp load-balance-number 1
[PE1-tunnel-policy-srbe] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy srbe
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] tnl-policy srbe
[PE1-vpn-instance-vpn2] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] address-family ipv4
[PE1-vpn-ipv4-vpn1] evpn mpls routing-enable
[PE1-vpn-ipv4-vpn1] quit
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] address-family ipv4
[PE1-vpn-ipv4-vpn2] evpn mpls routing-enable
[PE1-vpn-ipv4-vpn2] quit
[PE1-vpn-instance-vpn2] quit
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 00.0000.0000.0002.00
[PE2-isis-1] cost-style wide
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 配置接口Loopback0、Ten-GigabitEthernet3/1/1和Ten-GigabitEthernet3/1/2的IP地址,并在接口上开启IS-IS协议。
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE2-LoopBack0] ipv6 address 22::22 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] port link-mode route
[PE2-Ten-GigabitEthernet3/1/1] ip address 11.0.1.2 24
[PE2-Ten-GigabitEthernet3/1/1] isis enable 1
[PE2-Ten-GigabitEthernet3/1/1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] port link-mode route
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 61::1 64
[PE2-Ten-GigabitEthernet3/1/2] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet3/1/2] quit
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls te
[PE2-te] quit
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] mpls enable
[PE2-Ten-GigabitEthernet3/1/1] mpls te enable
[PE2-Ten-GigabitEthernet3/1/1] quit
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] mpls enable
[PE2-Ten-GigabitEthernet3/1/2] mpls te enable
[PE2-Ten-GigabitEthernet3/1/2] quit
# 创建VPN实例vpn2,并配置VPN实例的RD和RT。
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 2222:2
[PE2-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE2-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE2-vpn-instance-vpn2] quit
# 配置接口Ten-GigabitEthernet3/1/3绑定VPN实例vpn2。
[PE2] interface ten-gigabitethernet 3/1/3
[PE2-Ten-GigabitEthernet3/1/3] ip binding vpn-instance vpn2
[PE2-Ten-GigabitEthernet3/1/3] ip address 30.1.1.1 24
[PE2-Ten-GigabitEthernet3/1/3] quit
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] peer 30.1.1.2 as-number 65430
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] peer 30.1.1.2 enable
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
[PE2-bgp-default] quit
(1) 配置IS-IS SR
# 配置IS-IS SR的SRGB,并使能MPLS TE能力,同时在IS-IS IPv4单播地址族视图下开启SR-MPLS功能。
[PE2] isis 1
[PE2-isis-1] mpls te enable
[PE2-isis-1] segment-routing global-block 17000 17999
[PE2-isis-1] address-family ipv4
[PE2-isis-1-ipv4] segment-routing mpls
[PE2-isis-1-ipv4] segment-routing adjacency enable
[PE2-isis-1-ipv4] quit
[PE2-isis-1] quit
(2) 配置前缀SID索引
# 配置接口Loopback0的前缀SID索引。
[PE2] interface loopback 0
[PE2-LoopBack0] isis prefix-sid index 20
[PE2-LoopBack0] quit
(3) 配置PE 1与PE 2建立MP-IBGP对等体,交互BGP EVPN路由
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.1 as-number 100
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] undo policy vpn-target
[PE2-bgp-default-evpn] peer 1.1.1.1 enable
[PE2-bgp-default-evpn] peer 1.1.1.1 advertise encap-type mpls
[PE2-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[PE2-bgp-default-evpn] peer 1.1.1.1 reflect-client
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
(4) 开启EVPN通告VPN路由功能
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] address-family ipv4
[PE2-vpn-ipv4-vpn2] evpn mpls routing-enable
[PE2-vpn-ipv4-vpn2] quit
[PE2-vpn-instance-vpn2] quit
(5) 配置隧道策略,使得EVPN L3VPN优选SR-MPLS BE隧道作为公网隧道
[PE2] tunnel-policy srbe
[PE2-tunnel-policy-srbe] select-seq sr-lsp load-balance-number 1
[PE2-tunnel-policy-srbe] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] tnl-policy srbe
[PE2-vpn-instance-vpn2] quit
(1) 配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
(2) 配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址,即End.DT4 SID
[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 200:: 64 static 32
[PE2-segment-routing-ipv6-locator-bbb] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
(3) 配置为私网路由添加End.DT4 SID
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] segment-routing ipv6 locator bbb evpn
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
(4) 在PE 2和PE 3之间建立MP-IBGP对等体
[PE2-bgp-default] peer 3::3 as-number 100
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 nexthop-local
[PE2-bgp-default-evpn] peer 3::3 reflect-client
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
(5) 配置允许将私网路由迭代到End.DT4 SID的路由条目上
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
(1) 开启SRv6网络与MPLS网络互通功能
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] srv6-mpls-interworking enable
(2) 配置BGP引用Locator段
[PE2-bgp-default-evpn] segment-routing ipv6 locator bbb evpn
(3) 配置路由迭代方式
[PE2-bgp-default-evpn] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-evpn] quit
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE3
[PE3] isis 1
[PE3-isis-1] network-entity 00.0000.0000.0003.00
[PE3-isis-1] cost-style wide
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# 配置接口Loopback0和Ten-GigabitEthernet3/1/1的IP地址,并在接口上开启IS-IS协议。
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE3-LoopBack0] ipv6 address 33::33 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/1/1
[PE3-Ten-GigabitEthernet3/1/1] port link-mode route
[PE3-Ten-GigabitEthernet3/1/1] ipv6 address 61::2 64
[PE3-Ten-GigabitEthernet3/1/1] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet3/1/1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 1111:3
[PE3-vpn-instance-vpn1] vpn-target 1111:1000 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 1111:1000 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# 创建VPN实例vpn2,并配置VPN实例的RD和RT。
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 2222:3
[PE3-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE3-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE3-vpn-instance-vpn2] quit
# 配置接口Ten-GigabitEthernet3/1/2绑定VPN实例vpn1。
[PE3] interface ten-gigabitethernet 3/1/2
[PE3-Ten-GigabitEthernet3/1/2] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/1/2] ip address 40.1.1.1 24
[PE3-Ten-GigabitEthernet3/1/2] quit
# 配置接口Ten-GigabitEthernet3/1/3绑定VPN实例vpn2。
[PE3] interface ten-gigabitethernet 3/1/3
[PE3-Ten-GigabitEthernet3/1/3] ip binding vpn-instance vpn2
[PE3-Ten-GigabitEthernet3/1/3] ip address 50.1.1.1 24
[PE3-Ten-GigabitEthernet3/1/3] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 40.1.1.2 as-number 65440
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 40.1.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] peer 50.1.1.2 as-number 65450
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] peer 50.1.1.2 enable
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
[PE3-bgp-default] quit
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator ccc ipv6-prefix 401:: 64 static 32
[PE3-segment-routing-ipv6-locator-ccc] quit
[PE3-segment-routing-ipv6] quit
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator ccc
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator ccc evpn
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] segment-routing ipv6 locator ccc evpn
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
[PE3-bgp-default] peer 2::2 as-number 100
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 nexthop-local
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] segment-routing ipv6 best-effort evpn
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] port link-mode route
[CE1-Ten-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] port link-mode route
[CE2-Ten-GigabitEthernet3/1/1] ip address 20.1.1.2 24
[CE2-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE2] bgp 65420
[CE2-bgp-default] peer 20.1.1.1 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/1/1
[CE3-Ten-GigabitEthernet3/1/1] port link-mode route
[CE3-Ten-GigabitEthernet3/1/1] ip address 30.1.1.2 24
[CE3-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE3] bgp 65430
[CE3-bgp-default] peer 30.1.1.1 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 30.1.1.1 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/1/1
[CE4-Ten-GigabitEthernet3/1/1] port link-mode route
[CE4-Ten-GigabitEthernet3/1/1] ip address 40.1.1.2 24
[CE4-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE4] bgp 65440
[CE4-bgp-default] peer 40.1.1.1 as-number 100
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 40.1.1.1 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE5
[CE5] interface ten-gigabitethernet 3/1/1
[CE5-Ten-GigabitEthernet3/1/1] port link-mode route
[CE5-Ten-GigabitEthernet3/1/1] ip address 50.1.1.2 24
[CE5-Ten-GigabitEthernet3/1/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE5] bgp 65450
[CE5-bgp-default] peer 50.1.1.1 as-number 100
[CE5-bgp-default] address-family ipv4 unicast
[CE5-bgp-default-ipv4] peer 50.1.1.1 enable
[CE5-bgp-default-ipv4] import-route direct
[CE5-bgp-default-ipv4] quit
[CE5-bgp-default] quit
# 在PE设备上查看IS-IS邻居信息,可以看到PE 1与PE 2、PE 2与PE 3之间建立了IS-IS邻居关系。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: GE1/0/1 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0001
Interface: GE1/0/1 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System ID: 0000.0000.0003
Interface: GE1/0/2 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 7s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0003
Interface: GE1/0/2 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 7s Type: L2(L1L2) PRI: 64
# 在PE设备上查看BGP L2VPN对等体信息,可以看到PE 1与PE 2、PE 2与PE 3之间BGP L2VPN对等体为Established状态。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 23 21 0 2 00:13:02 Established
33::33 100 20 20 0 2 00:13:09 Established
# 在PE设备上查看VPN实例内的BGP IPv4单播对等体信息,可以看到PE与各自的CE之间BGP对等体为Established状态。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display bgp peer ipv4 vpn-instance vpn2
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
30.1.1.2 65430 22 24 0 1 00:16:48 Established
以VPN 2内CE 2(20.1.1.2)发送报文给CE 5(50.1.1.2)为例,验证EVPN L3VPN到EVPN L3VPN over SRv6网络的报文转发过程。
# 在PE 1上查看VPN实例vpn2的FIB表,可以看出发送到50.1.1.0/24网络的报文需要添加私网标签1279,外层公网隧道对应的NHLFE ID为1。
[PE1] display fib vpn-instance vpn2 50.1.1.0
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
50.1.1.0/24 2.2.2.2 UGR 1 1279
# 在PE 1上查看NHLFE表项信息,可以看到ID为1的NHLFE表项为SRLSP,说明路由50.1.1.0/24迭代到SR-MPLS BE隧道。
[PE1] display mpls forwarding nhlfe 1
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
B - Backup forwarding information
A - Active forwarding information
M - P2MP forwarding information
NID Tnl-Type Flag OutLabel Forwarding Info
--------------------------------------------------------------------------------
1 SRLSP NA 3 GE1/0/1 11.0.1.2
# 在PE 3上查看SRv6的Local SID转发表信息,可以看到PE 3为VPN实例vpn2(路由50.1.1.0/24属于vpn2)分配的End.DT4 SID为401::1:0:3。
[PE3] display segment-routing ipv6 local-sid end-dt4
Local SID forwarding table (End.DT4)
Total SIDs: 2
SID : 401::1:0:1/64
Function type : End.DT4 Flavor : PSP
VPN instance : vpn1 Allocation type: Dynamic
Network type : EVPN L3VPN
Locator name : ccc
Owner : BGP State : Active
Create Time : Apr 08 17:53:27.808 2022
SID : 401::1:0:3/64
Function type : End.DT4 Flavor : PSP
VPN instance : vpn2 Allocation type: Dynamic
Network type : EVPN L3VPN
Locator name : ccc
Owner : BGP State : Active
Create Time : Apr 08 17:53:27.811 2022
# 在PE 2上执行display mpls lsp srv6-mpls-interworking命令和display mpls forwarding ilm命令,可以看到MPLS标签1279和End.DT4 SID(401::1:0:3)建立了映射关系,PE 2接收到私网标签为1279的报文后,将私网标签替换为End.DT4 SID。
[PE2] display mpls lsp srv6-mpls-interworking
FEC : 33::33/401::1:0:3
Protocol : BGP
In Label : 1279
Out SRv6 SID : 401::1:0:3
Path ID : 0x26000000.1
[PE2] display mpls forwarding ilm 1279
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
B - Backup forwarding information
A - Active forwarding information
M - P2MP forwarding information
InLabel Oper VRF Flag SwapInfo Forwarding Info
--------------------------------------------------------------------------------
1279 SWAP 0 NA 401::1:0:3
GE1/0/2
FE80::3261:2FF:FE0A:306
# 在PE 2上查看VPN实例vpn2的路由表和FIB表项,可以看到50.1.1.0/24的路由下一跳为End.DT4 SID(401::1:0:3),该路由迭代到SRv6 BE隧道,迭代下一跳地址为FE80::3261:2FF:FE0A:306。
[PE2] display ip routing-table vpn-instance vpn2 50.1.1.0 verbose
Summary count : 1
Destination: 50.1.1.0/24
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x8 Age: 00h10m19s
FlushedAge: 00h10m19s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 65450
NibID: 0x16000000 LastAs: 100
AttrID: 0x5
BkAttrID: 0xffffffff Neighbor: 33::33
Flags: 0x80010060 OrigNextHop: 401::
Label: NULL RealNextHop: FE80::3261:2FF:FE0A:306
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: GigabitEthernet1/0/2
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: GigabitEthernet1/0/2
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: 0 ColorInterface: N/A
SIDIndex: 0 BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid StatFlags: 0x0
SID: 401::1:0:3
BkSID: N/A
CommBlockLen: 0 Priority: Low
[PE2] display fib vpn-instance vpn2 50.1.1.0
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
50.1.1.0/24 FE80::3261:2FF: UGR GE1/0/2 Null
FE0A:306
以VPN 2内CE 5(50.1.1.2)发送报文给CE 2(20.1.1.2)为例,验证EVPN L3VPN over SRv6到EVPN L3VPN网络的报文转发过程。
# 在PE 3上查看VPN实例vpn2的路由表和FIB表项,可以看到20.1.1.0/24的路由下一跳为End.T SID(200::1:0:7),该路由迭代到SRv6 BE隧道,迭代下一跳地址为FE80::3260:E5FF:FEA1:207。
[PE3] display ip routing-table vpn-instance vpn2 20.1.1.0 verbose
Summary count : 1
Destination: 20.1.1.0/24
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x8 Age: 01h14m41s
FlushedAge: 01h14m41s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x202 OrigAs: 100
NibID: 0x16000002 LastAs: 100
AttrID: 0x5
BkAttrID: 0xffffffff Neighbor: 22::22
Flags: 0x80010060 OrigNextHop: 200::
Label: NULL RealNextHop: FE80::3260:E5FF:FEA1:207
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: GigabitEthernet1/0/1
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: GigabitEthernet1/0/1
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: 0 ColorInterface: N/A
SIDIndex: 0 BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid StatFlags: 0x0
SID: 200::1:0:7
BkSID: N/A
CommBlockLen: 0 Priority: Low
[PE3] display fib vpn-instance vpn2 20.1.1.0
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
20.1.1.0/24 FE80::3260:E5FF UGR GE1/0/1 Null
:FEA1:207
# 在PE 2上查看SRv6的Local SID转发表信息,可以看到PE 2分配的End.T SID为200::1:0:7。
[PE2] display segment-routing ipv6 local-sid end-t
Local SID forwarding table (End.T)
Total SIDs: 1
SID : 200::1:0:7/64
Function type : End.T Flavor : PSP
Interface : GE1/0/1 Interface Index: 0x2
Nexthop : 11.0.1.1
VPN instance : public instance Allocation type: Dynamic
Locator name : bbb
Owner : BGP State : Active
Create Time : May 06 16:39:46.513 2022
# 在PE 2上查看IPv6 FIB表项,可以看到End.T SID对应的私网标签为1151,外层公网隧道对应的NHLFE ID为1。
[PE2] display ipv6 fib 200::1:0:7
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination: 200::1:0:7 Prefix length: 128
Nexthop : 0.0.0.0 Flags: UGH
Time stamp : 0x18 Label: 1151
Interface : NULL0 Token: 1
# 在PE 2上查看VPN实例vpn2的FIB表项和路由表,可以看到路由20.1.1.0/24迭代到MPLS隧道,内层私网标签为1151,外层公网隧道对应的NHLFE ID为1。
[PE2] display fib vpn-instance vpn2 20.1.1.0
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
20.1.1.0/24 1.1.1.1 UGR 1 1151
# 在PE 2上查看NHLFE表项信息,可以看到ID为1的NHLFE表项为SRLSP,说明公网隧道SR-MPLS BE隧道。
[PE2] display mpls forwarding nhlfe 1
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
B - Backup forwarding information
A - Active forwarding information
M - P2MP forwarding information
NID Tnl-Type Flag OutLabel Forwarding Info
--------------------------------------------------------------------------------
1 SRLSP NA 3 GE1/0/1 11.0.1.1
# VPN 1内的CE 1和CE 4之间可以互相ping通;VPN 2内的CE 2、CE 3和CE 5之间可以互相ping通。
[CE1] ping 40.1.1.2
Ping 40.1.1.2 (40.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 40.1.1.2: icmp_seq=0 ttl=253 time=1.000 ms
56 bytes from 40.1.1.2: icmp_seq=1 ttl=253 time=2.000 ms
56 bytes from 40.1.1.2: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 40.1.1.2: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 40.1.1.2: icmp_seq=4 ttl=253 time=1.000 ms
--- Ping statistics for 40.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
[CE2] ping 30.1.1.2
Ping 30.1.1.2 (30.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 30.1.1.2: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 30.1.1.2: icmp_seq=1 ttl=253 time=1.000 ms
56 bytes from 30.1.1.2: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 30.1.1.2: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 30.1.1.2: icmp_seq=4 ttl=253 time=1.000 ms
--- Ping statistics for 30.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
[CE2] ping 50.1.1.2
Ping 50.1.1.2 (50.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 50.1.1.2: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 50.1.1.2: icmp_seq=1 ttl=253 time=1.000 ms
56 bytes from 50.1.1.2: icmp_seq=2 ttl=253 time=2.000 ms
56 bytes from 50.1.1.2: icmp_seq=3 ttl=253 time=2.000 ms
56 bytes from 50.1.1.2: icmp_seq=4 ttl=253 time=1.000 ms
--- Ping statistics for 50.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 ms
# VPN 1内的CE和VPN 2内的CE无法互相ping通,例如CE 2无法ping通CE 4。
[CE2] ping 40.1.1.2
Ping 40.1.1.2 (40.1.1.2): 56 data bytes, press CTRL+C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 40.1.1.2 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
· PE 1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 1111:1
tnl-policy srbe
vpn-target 1111:1000 import-extcommunity
vpn-target 1111:1000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
ip vpn-instance vpn2
route-distinguisher 2222:1
tnl-policy srbe
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
isis 1
cost-style wide
mpls te enable
segment-routing global-block 16000 16999
network-entity 00.0000.0000.0001.00
#
address-family ipv4 unicast
segment-routing mpls
segment-routing adjacency enable
#
mpls lsr-id 1.1.1.1
#
mpls te
#
tunnel-policy srbe
select-seq sr-lsp load-balance-number 1
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
isis prefix-sid index 10
ipv6 address 11::11/128
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 11.0.1.1 255.255.255.0
isis enable 1
mpls enable
mpls te enable
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 20.1.1.1 255.255.255.0
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2.2.2.2 enable
peer 2.2.2.2 next-hop-local
peer 2.2.2.2 advertise encap-type mpls
#
ip vpn-instance vpn1
peer 10.1.1.2 as-number 65410
#
address-family ipv4 unicast
peer 10.1.1.2 enable
#
ip vpn-instance vpn2
peer 20.1.1.2 as-number 65420
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
return
· PE 2
#
sysname PE2
#
ip vpn-instance vpn2
route-distinguisher 2222:2
tnl-policy srbe
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
isis 1
cost-style wide
mpls te enable
segment-routing global-block 17000 17999
network-entity 00.0000.0000.0002.00
#
address-family ipv4 unicast
segment-routing mpls
segment-routing adjacency enable
#
address-family ipv6 unicast
segment-routing ipv6 locator bbb
#
mpls lsr-id 2.2.2.2
#
mpls te
#
tunnel-policy srbe
select-seq sr-lsp load-balance-number 1
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
isis ipv6 enable 1
isis prefix-sid index 20
ipv6 address 22::22/128
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 11.0.1.2 255.255.255.0
isis enable 1
mpls enable
mpls te enable
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
isis ipv6 enable 1
mpls enable
mpls te enable
ipv6 address 61::1/64
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 30.1.1.1 255.255.255.0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 33::33 as-number 100
peer 33::33 connect-interface LoopBack0
#
address-family l2vpn evpn
undo policy vpn-target
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator bbb evpn
srv6-mpls-interworking enable
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-local
peer 1.1.1.1 reflect-client
peer 1.1.1.1 advertise encap-type mpls
peer 33::33 enable
peer 33::33 next-hop-local
peer 33::33 reflect-client
peer 33::33 advertise encap-type srv6
#
ip vpn-instance vpn2
peer 30.1.1.2 as-number 65430
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator bbb evpn
peer 30.1.1.2 enable
#
segment-routing ipv6
encapsulation source-address 2::2
#
locator bbb ipv6-prefix 200:: 64 static 32
#
return
· PE 3
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 1111:3
vpn-target 1111:1000 import-extcommunity
vpn-target 1111:1000 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 2222:3
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator ccc
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis ipv6 enable 1
ipv6 address 33::33/128
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 61::2/64
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 40.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 50.1.1.1 255.255.255.0
#
bgp 100
peer 22::22 as-number 100
peer 22::22 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 22::22 enable
peer 22::22 next-hop-local
peer 22::22 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 40.1.1.2 as-number 65440
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator ccc evpn
peer 40.1.1.2 enable
#
ip vpn-instance vpn2
peer 50.1.1.2 as-number 65450
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator ccc evpn
peer 50.1.1.2 enable
#
segment-routing ipv6
encapsulation source-address 3::3
#
locator ccc ipv6-prefix 401:: 64 static 32
#
return
· CE 1
#
sysname CE1
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
#
bgp 65410
peer 10.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.1 enable
#
return
· CE 2
#
sysname CE2
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 20.1.1.2 255.255.255.0
#
bgp 65420
peer 20.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.1 enable
#
return
· CE 3
#
sysname CE3
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 30.1.1.2 255.255.255.0
#
bgp 65430
peer 30.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.1.1.1 enable
#
return
· CE 4
#
sysname CE4
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 40.1.1.2 255.255.255.0
#
bgp 65440
peer 40.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 40.1.1.1 enable
#
return
· CE 5
#
sysname CE5
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 50.1.1.2 255.255.255.0
#
bgp 65450
peer 50.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 50.1.1.1 enable
#
return
用户网络有两个站点,站点边缘设备分别为CE 1和CE 2。PE之间运行OSPFv3协议达到IPv6网络互连的目的。CE 1通过聚合链路多归属于PE 1和PE 2,CE 2为PE 3下的单归属设备。CE 1和CE 2希望通过在骨干网上建立的SRv6隧道,实现站点1与站点2之间二层互通。
图12 EVPN VPWS over SRv6多归属配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
PE 1 |
Loop0 |
1::1/128 |
CE 1 |
RAGG1 |
100::1/64 |
|
XGE3/1/1 |
- |
CE 2 |
XGE3/1/1 |
100::2/64 |
|
XGE3/1/2 |
10::1/64 |
PE 3 |
Loop0 |
3::3/128 |
|
XGE3/1/3 |
20::1/64 |
|
XGE3/1/1 |
- |
PE 2 |
Loop0 |
2::2/128 |
|
XGE3/1/2 |
10::3/64 |
|
XGE3/1/1 |
- |
|
XGE3/1/3 |
30::3/64 |
|
XGE3/1/2 |
30::2/64 |
|
|
|
|
XGE3/1/3 |
20::2/64 |
|
|
|
# 创建三层聚合接口1,采用动态聚合模式,并为其配置IP地址和子网掩码。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface route-aggregation 1
[CE1-Route-Aggregation1] link-aggregation mode dynamic
[CE1-Route-Aggregation1] ipv6 address 100::1 64
[CE1-Route-Aggregation1] quit
# 将接口Ten-GigabitEthernet3/1/1至Ten-GigabitEthernet3/1/2加入到聚合组1中。
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] port link-aggregation group 1
[CE1-Ten-GigabitEthernet3/1/1] quit
[CE1] interface ten-gigabitethernet 3/1/2
[CE1-Ten-GigabitEthernet3/1/2] port link-aggregation group 1
[CE1-Ten-GigabitEthernet3/1/2] quit
# 在PE 1上运行OSPFv3。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] ospfv3
[PE1-ospfv3-1] router-id 1.1.1.1
[PE1-ospfv3-1] segment-routing ipv6 locator aaa
[PE1-ospfv3-1] area 0
[PE1-ospfv3-1-area-0.0.0.0] quit
[PE1-ospfv3-1] quit
# 配置Loopback0接口。
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] ospfv3 1 area 0
[PE1-LoopBack0] quit
# 开启L2VPN功能。
[PE1] l2vpn enable
# 配置连接PE 3的接口Ten-GigabitEthernet3/1/2。
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 10::1/64
[PE1-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[PE1-Ten-GigabitEthernet3/1/2] quit
# 配置连接PE 2的接口Ten-GigabitEthernet3/1/3。
[PE1] interface ten-gigabitethernet 3/1/3
[PE1-Ten-GigabitEthernet3/1/3] ipv6 address 20::1/64
[PE1-Ten-GigabitEthernet3/1/3] ospfv3 1 area 0
[PE1-Ten-GigabitEthernet3/1/3] quit
# 在PE 1,PE 2和PE 3之间建立IBGP连接,并配置通过BGP EVPN发布路由信息。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 0
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2::2 enable
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 在接入站点的接口Ten-GigabitEthernet3/1/1下配置ESI值和接口的冗余备份模式。
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] esi 1.1.1.1.1
[PE1-Ten-GigabitEthernet3/1/1] evpn redundancy-mode all-active
[PE1-Ten-GigabitEthernet3/1/1] quit
# 创建交叉连接组vpna和交叉连接组EVPN实例,指定EVPN采用SRv6封装,配置交叉连接组EVPN实例的RD与RT,并配置根据路由携带的SID属性进行迭代。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] evpn encapsulation srv6
[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1
[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort
[PE1-xcg-vpna-evpn-srv6] quit
# 创建交叉连接pw1,将接口Ten-GigabitEthernet3/1/1与此交叉连接关联,并在交叉连接内创建SRv6隧道,以实现AC和SRv6隧道关联。
[PE1-xcg-vpna] connection pw1
[PE1-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/1/1
[PE1-xcg-vpna-pw1-Ten-GigabitEthernet3/1/1] quit
[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2
[PE1-xcg-vpna-pw1-1-2] quit
[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa
[PE1-xcg-vpna-pw1] quit
[PE1-xcg-vpna] quit
# 配置SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 配置Locator段,用于申请End.DX2 SID。
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] quit
# 在PE 2上运行OSPFv3。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] ospfv3
[PE2-ospfv3-1] router-id 2.2.2.2
[PE2-ospfv3-1] segment-routing ipv6 locator aaa
[PE2-ospfv3-1] area 0.0.0.0
[PE2-ospfv3-1-area-0.0.0.0] quit
[PE2-ospfv3-1] quit
# 配置Loopback0接口。
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] ospfv3 1 area 0
[PE2-LoopBack0] quit
# 开启L2VPN功能。
[PE2] l2vpn enable
# 配置连接PE 1的接口Ten-GigabitEthernet3/1/3。
[PE2] interface ten-gigabitethernet 3/1/3
[PE2-Ten-GigabitEthernet3/1/3] ipv6 address 20::2 64
[PE2-Ten-GigabitEthernet3/1/3] ospfv3 1 area 0
[PE2-Ten-GigabitEthernet3/1/3] quit
# 配置连接PE 3的接口Ten-GigabitEthernet3/1/2。
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 30::2 64
[PE2-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[PE2-Ten-GigabitEthernet3/1/2] quit
# 在PE 1,PE 2和PE 3之间建立IBGP连接,并配置通过BGP EVPN发布路由信息。
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 as-number 100
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 在接入站点的接口Ten-GigabitEthernet3/1/1下配置ESI值和接口的冗余备份模式。
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] esi 1.1.1.1.1
[PE2-Ten-GigabitEthernet3/1/1] evpn redundancy-mode all-active
[PE2-Ten-GigabitEthernet3/1/1] quit
# 创建交叉连接组vpna和交叉连接组EVPN实例,并指定EVPN采用SRV6封装,配置交叉连接组EVPN实例的RD与RT,并配置根据路由携带的SID属性进行迭代。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] evpn encapsulation srv6
[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1
[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort
[PE2-xcg-vpna-evpn-srv6] quit
# 创建交叉连接pw1,将接口Ten-GigabitEthernet3/1/1与此交叉连接关联,并在交叉连接内创建SRv6隧道,以实现AC和SRv6隧道关联。
[PE2-xcg-vpna] connection pw1
[PE2-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/1/1
[PE2-xcg-vpna-pw1-Ten-GigabitEthernet3/1/1] quit
[PE2-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2
[PE2-xcg-vpna-pw1-1-2] quit
[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa
[PE2-xcg-vpna-pw1] quit
[PE2-xcg-vpna] quit
# 配置SRv6封装的IPv6报文头的源地址。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
# 配置Locator段,用于申请End.DX2 SID。
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] quit
# 在PE 3上运行OSPFv3。
<Sysname> system-view
[Sysname] sysname PE3
[PE3] ospfv3
[PE3-ospfv3-1] router-id 3.3.3.3
[PE3-ospfv3-1] segment-routing ipv6 locator aaa
[PE3-ospfv3-1] area 0
[PE3-ospfv3-1-area-0.0.0.0] quit
[PE3-ospfv3-1] quit
# 配置LoopBack0接口。
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 3::3 128
[PE3-LoopBack0] ospfv3 1 area 0
[PE3-LoopBack0] quit
# 开启L2VPN功能。
[PE3] l2vpn enable
# 配置连接PE 1的接口Ten-GigabitEthernet3/1/2。
[PE3] interface ten-gigabitethernet 3/1/2
[PE3-Ten-GigabitEthernet3/1/2] ipv6 address 10::3 64
[PE3-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[PE3-Ten-GigabitEthernet3/1/2] quit
# 配置连接PE 2的接口Ten-GigabitEthernet3/1/3。
[PE3] interface ten-gigabitethernet 3/1/3
[PE3-Ten-GigabitEthernet3/1/3] ipv6 address 30::3 64
[PE3-Ten-GigabitEthernet3/1/3] ospfv3 1 area 0
[PE3-Ten-GigabitEthernet3/1/3] quit
# 在PE 1,PE 2和PE 3之间建立IBGP连接,并配置通过BGP EVPN发布路由信息。
[PE3] bgp 100
[PE3-bgp-default] router-id 3.3.3.3
[PE3-bgp-default] peer 1::1 as-number 100
[PE3-bgp-default] peer 1::1 connect-interface loopback 0
[PE3-bgp-default] peer 2::2 as-number 100
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 1::1 enable
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# 创建交叉连接组vpna和交叉连接组EVPN实例,并指定EVPN采用SRV6封装,配置交叉连接组EVPN实例的RD与RT,并配置根据路由携带的SID属性进行迭代。
[PE3] xconnect-group vpna
[PE3-xcg-vpna] evpn encapsulation srv6
[PE3-xcg-vpna-evpn-srv6] route-distinguisher 1:1
[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE3-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort
[PE3-xcg-vpna-evpn-srv6] quit
# 创建交叉连接pw1,将接口Ten-GigabitEthernet3/1/1与此交叉连接关联,并在交叉连接内创建SRv6隧道,以实现AC和SRv6隧道关联。
[PE3-xcg-vpna] connection pw1
[PE3-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/1/1
[PE3-xcg-vpna-pw1-Ten-GigabitEthernet3/1/1] quit
[PE3-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1
[PE3-xcg-vpna-pw1-1-2] quit
[PE3-xcg-vpna-pw1] segment-routing ipv6 locator aaa
[PE3-xcg-vpna-pw1] quit
[PE3-xcg-vpna] quit
# 配置SRv6封装的IPv6报文头的源地址。
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
# 配置Locator段,用于申请End.DX2 SID。
[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32
[PE3-segment-routing-ipv6-locator-aaa] quit
[PE3-segment-routing-ipv6] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 100::2 64
[CE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 1上查看L2VPN的SRv6相关信息,可以看到PE 1和PE 3之间建立了SRv6隧道。
[PE1] display l2vpn peer srv6
Total number of SRv6 Tunnels: 1
1 up, 0 blocked, 0 down
Xconnect-group Name: vpna
Peer : 3::3
Flag : Main
State : Up
Remote SrvID : 2
# 在PE 1上查看SRv6转发信息,可以看到SRv6隧道的入SID和出SID等信息。
[PE1] display l2vpn forwarding srv6
Total number of cross-connections: 1
Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down
Xconnect-group Name : vpna
Connection Name : pw1
Link ID : 0x1 Type: BE State: Up
In SID : 111::1:0:3
Out SID : 333::1:0:3
# CE 1与CE 2之间能够ping通。当CE 1和PE 1或CE 1和PE 2之间的链路出现故障时,CE 1与CE 2之间仍然能够ping通。
· CE1:
#
sysname CE1
#
interface Route-Aggregation1
link-aggregation mode dynamic
ipv6 address 100::1/64
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
port link-aggregation group 1
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
port link-aggregation group 1
· PE1:
#
sysname PE1
#
ospfv3 1
segment-routing ipv6 locator aaa
area 0.0.0.0
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
esi 0001.0001.0001.0001.0001
evpn redundancy-mode single-active
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 10::1/64
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::1/64
#
bgp 100
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2::2 enable
peer 2::2 advertise encap-type srv6
peer 3::3 enable
peer 3::3 advertise encap-type srv6
#
xconnect-group vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 best-effort
connection pw1
segment-routing ipv6 locator aaa
evpn local-service-id 1 remote-service-id 2
ac interface Ten-GigabitEthernet3/1/1
#
segment-routing ipv6
encapsulation source-address 1::1
locator aaa ipv6-prefix 111:: 64 static 32
· PE2:
#
sysname PE2
#
ospfv3 1
segment-routing ipv6 locator aaa
area 0.0.0.0
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
esi 0001.0001.0001.0001.0001
evpn redundancy-mode single-active
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::2/64
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::2/64
#
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack0
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
peer 3::3 enable
peer 3::3 advertise encap-type srv6
#
xconnect-group vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 best-effort
connection pw1
segment-routing ipv6 locator aaa
evpn local-service-id 1 remote-service-id 2
ac interface Ten-GigabitEthernet3/1/1
#
segment-routing ipv6
encapsulation source-address 2::2
locator aaa ipv6-prefix 222:: 64 static 32
· PE3:
#
sysname PE3
#
ospfv3 1
segment-routing ipv6 locator aaa
area 0.0.0.0
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 10::3/64
#
interface Ten-GigabitEthernet3/1/3
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::3/64
#
bgp 100
router-id 3.3.3.3
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack0
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
peer 2::2 enable
peer 2::2 advertise encap-type srv6
#
xconnect-group vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 best-effort
connection pw1
segment-routing ipv6 locator aaa
evpn local-service-id 2 remote-service-id 1
ac interface Ten-GigabitEthernet3/1/1
#
segment-routing ipv6
encapsulation source-address 3::3
locator aaa ipv6-prefix 333:: 64 static 32
· CE2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 100::2/64
用户网络有两个站点,分别为CE 1和CE 2。CE 1和CE 2通过以太网接口的方式分别接入PE 1和PE 2,并希望通过IPv6骨干网建立的SRv6 PW隧道实现互通。通过在IGP网络中部署SRv6 TE Policy,SRv6 PW迭代到SRv6 TE Policy上进行流量转发。
图13 EVPN VPWS over SRv6 TE Policy配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10::1/64 |
P |
Loop0 |
3::3/128 |
PE 1 |
Loop0 |
1::1/128 |
|
XGE3/1/1 |
20::2/64 |
|
XGE3/1/1 |
- |
|
XGE3/1/2 |
30::1/64 |
|
XGE3/1/2 |
20::1/64 |
PE 2 |
Loop0 |
2::2/128 |
CE 2 |
XGE3/1/1 |
10::2/64 |
|
XGE3/1/1 |
- |
|
|
|
|
XGE3/1/2 |
30::2/64 |
<CE1> system-view
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 10::1 64
[CE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1上运行OSPFv3,通过OSPFv3发布SID。
<PE1> system-view
[PE1] ospfv3
[PE1-ospfv3-1] router-id 1.1.1.1
[PE1-ospfv3-1] segment-routing ipv6 locator aaa
[PE1-ospfv3-1] area 0.0.0.0
[PE1-ospfv3-1-area-0.0.0.0] quit
[PE1-ospfv3-1] quit
# 配置Loopback0接口。
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] ospfv3 1 area 0
[PE1-LoopBack0] quit
# 开启L2VPN功能。
[PE1] l2vpn enable
# 配置连接P的接口Ten-GigabitEthernet3/1/2。
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 20::1 64
[PE1-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[PE1-Ten-GigabitEthernet3/1/2] quit
# 在PE 1和PE 2之间建立IBGP连接,并配置在二者之间通过BGP EVPN发布路由信息。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2::2 enable
[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 创建交叉连接组vpna和交叉连接组EVPN实例,指定EVPN采用SRv6封装,配置交叉连接组EVPN实例的RD与RT,并配置采用SR-TE方式进行路由迭代。
[PE1] xconnect-group vpna
[PE1-xcg-vpna] evpn encapsulation srv6
[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1
[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer
[PE1-xcg-vpna-evpn-srv6] quit
# 创建交叉连接pw1,将接口Ten-GigabitEthernet3/1/1与此交叉连接关联,并在交叉连接内创建SRv6隧道,以实现AC和SRv6隧道关联。
[PE1-xcg-vpna] connection pw1
[PE1-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/1/1
[PE1-xcg-vpna-pw1-Ten-GigabitEthernet3/1/1] quit
[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2
[PE1-xcg-vpna-pw1-1-2] quit
[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa
[PE1-xcg-vpna-pw1] quit
[PE1-xcg-vpna] quit
# 配置SID列表。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 5000:: 64 static 32
[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator aaa
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 10 ipv6 6000::1
[PE1-srv6-te-sl-s1] index 20 ipv6 7000::1
[PE1-srv6-te-sl-s1] quit
# 创建SRv6 TE Policy,并配置SRv6 TE Policy属性。
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 2::2
# 配置SRv6 TE Policy的候选路径,并引用SID列表
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 配置基于Color方式将报文引流到SRv6 TE Policy上。
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] xconnect-group vpna
[PE1-xcg-vpna] evpn encapsulation srv6
[PE1-xcg-vpna-evpn-srv6] import route-policy a
[PE1-xcg-vpna-evpn-srv6] quit
[PE1-xcg-vpna] quit
# 在PE 2上运行OSPFv3,通过OSPFv3发布SID。
<PE2> system-view
[PE2] ospfv3
[PE2-ospfv3-1] router-id 2.2.2.2
[PE2-ospfv3-1] segment-routing ipv6 locator aaa
[PE2-ospfv3-1] area 0.0.0.0
[PE2-ospfv3-1-area-0.0.0.0] quit
[PE2-ospfv3-1] quit
# 配置Loopback0接口。
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] ospfv3 1 area 0
[PE2-LoopBack0] quit
# 开启L2VPN功能。
[PE2] l2vpn enable
# 配置连接P的接口Ten-GigabitEthernet3/1/2。
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 30::2 64
[PE2-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0.0.0.0
[PE2-Ten-GigabitEthernet3/1/2] quit
# 在PE 1和PE 2之间建立IBGP连接,并配置在二者之间通过BGP EVPN发布路由信息。
[PE2] bgp 100
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 创建交叉连接组vpna和交叉连接组EVPN实例,指定EVPN采用SRV6封装,配置交叉连接组EVPN实例的RD与RT,并配置采用SR-TE方式进行路由迭代。
[PE2] xconnect-group vpna
[PE2-xcg-vpna] evpn encapsulation srv6
[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1
[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer
[PE2-xcg-vpna-evpn-srv6] quit
# 创建交叉连接pw1,将接口Ten-GigabitEthernet3/1/1与此交叉连接关联,并在交叉连接内创建SRv6隧道,以实现AC和SRv6隧道关联。
[PE2-xcg-vpna] connection pw1
[PE2-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/1/1
[PE2-xcg-vpna-pw1-Ten-GigabitEthernet3/1/1] quit
[PE2-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1
[PE2-xcg-vpna-pw1-2-1] quit
[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa
[PE2-xcg-vpna-pw1] quit
[PE2-xcg-vpna] quit
# 配置SID列表。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 7000:: 64 static 32
[PE2-segment-routing-ipv6-locator-aaa] opcode 1 end
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator aaa
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 10 ipv6 6000::1
[PE2-srv6-te-sl-s1] index 20 ipv6 5000::1
[PE2-srv6-te-sl-s1] quit
# 在PE 2上配置SRv6 TE Policy。
[PE2-srv6-te] policy p1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 配置基于Color方式将报文引流到SRv6 TE Policy上。
[PE2] route-policy a permit node 10
[PE2-route-policy-a-10] apply extcommunity color 00:10
[PE2-route-policy-a-10] quit
[PE1] xconnect-group vpna
[PE1-xcg-vpna] evpn encapsulation srv6
[PE1-xcg-vpna-evpn-srv6] import route-policy a
[PE1-xcg-vpna-evpn-srv6] quit
[PE1-xcg-vpna] quit
# 配置SRv6 End.SID。
<P> system-view
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32
[P-segment-routing-ipv6-locator-b] opcode 1 end
[P-segment-routing-ipv6-locator-b] quit
[P-segment-routing-ipv6] quit
# 在P上运行OSPFv3。
[P] ospfv3
[P-ospfv3-1] router-id 3.3.3.3
[P-ospfv3-1] segment-routing ipv6 locator b
[P-ospfv3-1] area 0.0.0.0
[P-ospfv3-1-area-0.0.0.0] quit
[P-ospfv3-1] quit
# 配置接口的IPv6地址,并在接口上运行OSPFv3。
[P] interface loopback 0
[P-LoopBack0] ipv6 address 3::3 128
[P-LoopBack0] ospfv3 1 area 0
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 20::2 64
[P-Ten-GigabitEthernet3/1/1] ospfv3 1 area 0
[P-Ten-GigabitEthernet3/1/1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 30::1 64
[P-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[P-Ten-GigabitEthernet3/1/2] quit
<CE2> system-view
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 10::2 64
[CE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 1上查看L2VPN的SRv6相关信息,可以看到PE 1和PE 2之间建立了SRv6隧道。
[PE1] display l2vpn peer srv6
Total number of SRv6 Tunnels: 1
1 up, 0 blocked, 0 down
Xconnect-group Name: vpna
Peer : 2::2
Flag : Main
State : Up
Remote SrvID : 2
# 在PE 1上查看SRv6转发信息,可以看到SRv6隧道的入SID和出SID等信息。
[PE1] display l2vpn forwarding srv6
Total number of cross-connections: 1
Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down
Xconnect-group Name : vpna
Connection Name : pw1
Link ID : 0x1 Type: BE State: Up
In SID : 100::1:0:2
Out SID : 200::1:0:2
# CE 1与CE 2之间能够ping通。
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 10::1/64
#
· PE 1:
#
sysname PE1
#
ospfv3 1
router-id 1.1.1.1
segment-routing ipv6 locator aaa
area 0.0.0.0
#
l2vpn enable
#
xconnect-group vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 locator aaa
segment-routing ipv6 traffic-engineer
import route-policy a
connection pw1
segment-routing ipv6 locator aaa
evpn local-service-id 1 remote-service-id 2
ac interface Ten-GigabitEthernet3/1/1
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::1/64
#
bgp 100
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2::2 enable
peer 2::2 advertise encap-type srv6
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator aaa ipv6-prefix 100:: 64 static 32
opcode 1 end #
traffic-engineering
srv6-policy locator aaa
#
segment-list s1
index 10 ipv6 6000::1
index 20 ipv6 7000::1
#
policy p1
color 10 end-point ipv6 2::2
#
candidate-paths
#
preference 10
explicit segment-list s1
#
· P:
#
sysname P
#
ospfv3 1
router-id 3.3.3.3
segment-routing ipv6 locator b
area 0.0.0.0
#
interface LoopBack0
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::2/64
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::1/64
#
segment-routing ipv6
#
locator b ipv6-prefix 6000:: 64 static 32
opcode 1 end
#
· PE 2:
#
sysname PE2
#
ospfv3 1
router-id 2.2.2.2
segment-routing ipv6 locator aaa
segment-routing ipv6 locator d
area 0.0.0.0
#
l2vpn enable
#
xconnect-group vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 locator aaa
segment-routing ipv6 traffic-engineer
import route-policy a
connection pw1
segment-routing ipv6 locator aaa
evpn local-service-id 2 remote-service-id 1
ac interface Ten-GigabitEthernet3/1/1
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::2/64
#
bgp 100
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 2::2
#
locator aaa ipv6-prefix 200:: 64 static 32
#
locator d ipv6-prefix 7000:: 64 static 32
opcode 1 end
#
traffic-engineering
srv6-policy locator aaa
#
segment-list s1
index 10 ipv6 6000::1
index 20 ipv6 5000::1
#
policy p1
color 10 end-point ipv6 1::1
#
candidate-paths
#
preference 10
explicit segment-list s1
#
· CE 2:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 10::2/64
#
用户网络有两个站点,分别为CE 1和CE 2。CE 1和CE 2通过以太网接口分别接入PE 1和PE 2。通过在IGP网络中部署SRv6 TE Policy,SRv6 PW迭代到SRv6 TE Policy上进行流量转发,实现二层互通。
图14 EVPN VPLS over SRv6 TE Policy配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
CE 1 |
XGE3/1/1 |
10::1/64 |
P |
Loop0 |
3::3/128 |
PE 1 |
Loop0 |
1::1/128 |
|
XGE3/1/1 |
20::2/64 |
|
XGE3/1/1 |
- |
|
XGE3/1/2 |
30::1/64 |
|
XGE3/1/2 |
20::1/64 |
PE 2 |
Loop0 |
2::2/128 |
CE 2 |
XGE3/1/1 |
10::2/64 |
|
XGE3/1/1 |
- |
|
|
|
|
XGE3/1/2 |
30::2/64 |
<CE1> system-view
[CE1] interface ten-gigabitethernet 3/1/1
[CE1-Ten-GigabitEthernet3/1/1] ipv6 address 10::1 64
[CE1-Ten-GigabitEthernet3/1/1] quit
# 在PE 1上运行OSPFv3,通过OSPFv3发布SID。
<PE1> system-view
[PE1] ospfv3
[PE1-ospfv3-1] router-id 1.1.1.1
[PE1-ospfv3-1] segment-routing ipv6 locator aaa
[PE1-ospfv3-1] area 0.0.0.0
[PE1-ospfv3-1-area-0.0.0.0] quit
[PE1-ospfv3-1] quit
# 配置Loopback0接口。
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] ospfv3 1 area 0
[PE1-LoopBack0] quit
# 开启L2VPN功能。
[PE1] l2vpn enable
# 配置连接P的接口Ten-GigabitEthernet3/1/2。
[PE1] interface ten-gigabitethernet 3/1/2
[PE1-Ten-GigabitEthernet3/1/2] ipv6 address 20::1 64
[PE1-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[PE1-Ten-GigabitEthernet3/1/2] quit
# 在PE 1和PE 2之间建立IBGP连接,并配置在二者之间通过BGP EVPN发布路由信息。
[PE1] bgp 100
[PE1-bgp-default] peer 2::2 as-number 100
[PE1-bgp-default] peer 2::2 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2::2 enable
[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# 创建VSI和EVPN实例,并指定EVPN采用SRv6封装,配置EVPN实例的RD与RT,配置采用SR-TE方式进行路由迭代,并指定EVPN实例引用的Locator段。
[PE1] vsi vpna
[PE1-vsi-vpna] evpn encapsulation srv6
[PE1-vsi-vpna-evpn-srv6] route-distinguisher 1:1
[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer
[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa
[PE1-vsi-vpna-evpn-srv6] quit
# 将接口Ten-GigabitEthernet3/1/1与VSI关联。
[PE1] interface ten-gigabitethernet 3/1/1
[PE1-Ten-GigabitEthernet3/1/1] xconnect vsi vpna
[PE1-Ten-GigabitEthernet3/1/1] quit
# 配置SID列表。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 5000:: 64 static 32
[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator aaa
[PE1-srv6-te] segment-list s1
[PE1-srv6-te-sl-s1] index 10 ipv6 6000::1
[PE1-srv6-te-sl-s1] index 20 ipv6 7000::1
[PE1-srv6-te-sl-s1] quit
# 创建SRv6 TE Policy,并配置SRv6 TE Policy属性。
[PE1-srv6-te] policy p1
[PE1-srv6-te-policy-p1] color 10 end-point ipv6 2::2
# 配置SRv6 TE Policy的候选路径,并引用SID列表。
[PE1-srv6-te-policy-p1] candidate-paths
[PE1-srv6-te-policy-p1-path] preference 10
[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE1-srv6-te-policy-p1-path-pref-10] quit
[PE1-srv6-te-policy-p1-path] quit
[PE1-srv6-te-policy-p1] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# 配置基于Color方式将报文引流到SRv6 TE Policy上。
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] vsi vpna
[PE1-vsi-vpna] evpn encapsulation srv6
[PE1-vsi-vpna-evpn-srv6] import route-policy a
[PE1-vsi-vpna-evpn-srv6] quit
[PE1-vsi-vpna] quit
# 在PE 2上运行OSPFv3,通过OSPFv3发布SID。
<PE2> system-view
[PE2] ospfv3
[PE2-ospfv3-1] router-id 2.2.2.2
[PE2-ospfv3-1] segment-routing ipv6 locator aaa
[PE2-ospfv3-1] area 0.0.0.0
[PE2-ospfv3-1-area-0.0.0.0] quit
[PE2-ospfv3-1] quit
# 配置Loopback0接口。
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] ospfv3 1 area 0
[PE2-LoopBack0] quit
# 开启L2VPN功能。
[PE2] l2vpn enable
# 配置连接P的接口Ten-GigabitEthernet3/1/2。
[PE2] interface ten-gigabitethernet 3/1/2
[PE2-Ten-GigabitEthernet3/1/2] ipv6 address 30::2 64
[PE2-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0.0.0.0
[PE2-Ten-GigabitEthernet3/1/2] quit
# 在PE 1和PE 2之间建立IBGP连接,并配置在二者之间通过BGP EVPN发布路由信息。
[PE2] bgp 100
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# 创建VSI和EVPN实例,并指定EVPN采用SRV6封装,配置EVPN实例的RD与RT,配置采用SR-TE方式进行路由迭代,并指定EVPN实例引用的Locator段。
[PE2] vsi vpna
[PE2-vsi-vpna] evpn encapsulation srv6
[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1
[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity
[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity
[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer
[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa
[PE2-vsi-vpna-evpn-srv6] quit
# 将接口Ten-GigabitEthernet3/1/1与VSI关联。
[PE2] interface ten-gigabitethernet 3/1/1
[PE2-Ten-GigabitEthernet3/1/1] xconnect vsi vpna
[PE2-Ten-GigabitEthernet3/1/1] quit
# 配置SID列表。
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 7000:: 64 static 32
[PE2-segment-routing-ipv6-locator-aaa] opcode 1 end
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] traffic-engineering
[PE2-srv6-te] srv6-policy locator aaa
[PE2-srv6-te] segment-list s1
[PE2-srv6-te-sl-s1] index 10 ipv6 6000::1
[PE2-srv6-te-sl-s1] index 20 ipv6 5000::1
[PE2-srv6-te-sl-s1] quit
# 在PE 2上配置SRv6 TE Policy。
[PE2-srv6-te] policy p1
[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1
# 配置SRv6 TE Policy的候选路径,并引用SID列表。
[PE2-srv6-te-policy-p1] candidate-paths
[PE2-srv6-te-policy-p1-path] preference 10
[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1
[PE2-srv6-te-policy-p1-path-pref-10] quit
[PE2-srv6-te-policy-p1-path] quit
[PE2-srv6-te-policy-p1] quit
[PE2-srv6-te] quit
[PE2-segment-routing-ipv6] quit
# 配置基于Color方式将报文引流到SRv6 TE Policy上。
[PE2] route-policy a permit node 10
[PE2-route-policy-a-10] apply extcommunity color 00:10
[PE2-route-policy-a-10] quit
[PE2] vsi vpna
[PE2-vsi-vpna] evpn encapsulation srv6
[PE2-vsi-vpna-evpn-srv6] import route-policy a
[PE2-vsi-vpna-evpn-srv6] quit
[PE2-vsi-vpna] quit
# 配置SRv6 End.SID。
<P> system-view
[P] segment-routing ipv6
[P-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32
[P-segment-routing-ipv6-locator-b] opcode 1 end
[P-segment-routing-ipv6-locator-b] quit
[P-segment-routing-ipv6] quit
# 在P上运行OSPFv3。
[P] ospfv3
[P-ospfv3-1] router-id 3.3.3.3
[P-ospfv3-1] segment-routing ipv6 locator b
[P-ospfv3-1] area 0.0.0.0
[P-ospfv3-1-area-0.0.0.0] quit
[P-ospfv3-1] quit
# 配置接口的IPv6地址,并在接口上运行OSPFv3。
[P] interface loopback 0
[P-LoopBack0] ipv6 address 3::3 128
[P-LoopBack0] ospfv3 1 area 0
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 3/1/1
[P-Ten-GigabitEthernet3/1/1] ipv6 address 20::2 64
[P-Ten-GigabitEthernet3/1/1] ospfv3 1 area 0
[P-Ten-GigabitEthernet3/1/1] quit
[P] interface ten-gigabitethernet 3/1/2
[P-Ten-GigabitEthernet3/1/2] ipv6 address 30::1 64
[P-Ten-GigabitEthernet3/1/2] ospfv3 1 area 0
[P-Ten-GigabitEthernet3/1/2] quit
<CE2> system-view
[CE2] interface ten-gigabitethernet 3/1/1
[CE2-Ten-GigabitEthernet3/1/1] ipv6 address 10::2 64
[CE2-Ten-GigabitEthernet3/1/1] quit
# 在PE 1上查看L2VPN的SRv6相关信息,可以看到PE 1和PE 2之间建立了SRv6隧道。
[PE1] display l2vpn peer srv6
Total number of SRv6 Tunnels: 1
1 up, 0 blocked, 0 down
VSI Name: vpna
Peer : 2::2
Flag : Main
State : Up
# 在PE 1上查看SRv6转发信息。
[PE1] display l2vpn forwarding srv6
Total number of VSIs: 1
Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down
VSI Name : vpna
Link ID : 0x9000000 Type: BE State: Up
In SID : 100::1:0:1
Out SID : 200::1:0:0
# CE 1与CE 2之间能够ping通。
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 10::1/64
#
· PE 1:
#
sysname PE1
#
ospfv3 1
router-id 1.1.1.1
segment-routing ipv6 locator aaa
area 0.0.0.0
#
l2vpn enable
#
vsi vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 locator aaa
segment-routing ipv6 traffic-engineer
import route-policy a
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 1::1/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
xconnect vsi vpna
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::1/64
#
bgp 100
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2::2 enable
peer 2::2 advertise encap-type srv6
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator aaa ipv6-prefix 100:: 64 static 32
opcode 1 end
#
traffic-engineering
srv6-policy locator aaa
#
segment-list s1
index 10 ipv6 6000::1
index 20 ipv6 7000::1
#
policy p1
color 10 end-point ipv6 2::2
#
candidate-paths
#
preference 10
explicit segment-list s1
#
· P:
#
sysname P
#
ospfv3 1
router-id 3.3.3.3
segment-routing ipv6 locator b
area 0.0.0.0
#
interface LoopBack0
ipv6 address 3::3/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 20::2/64
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::1/64
#
segment-routing ipv6
#
locator b ipv6-prefix 6000:: 64 static 32
opcode 1 end
#
· PE 2:
#
sysname PE2
#
ospfv3 1
router-id 2.2.2.2
segment-routing ipv6 locator aaa
segment-routing ipv6 locator d
area 0.0.0.0
#
l2vpn enable
#
vsi vpna
evpn encapsulation srv6
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6 locator aaa
segment-routing ipv6 traffic-engineer
import route-policy a
#
interface LoopBack0
ospfv3 1 area 0.0.0.0
ipv6 address 2::2/128
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
xconnect vsi vpna
#
interface Ten-GigabitEthernet3/1/2
port link-mode route
ospfv3 1 area 0.0.0.0
ipv6 address 30::2/64
#
bgp 100
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1::1 enable
peer 1::1 advertise encap-type srv6
#
route-policy a permit node 10
apply extcommunity color 00:10
#
segment-routing ipv6
encapsulation source-address 2::2
#
locator aaa ipv6-prefix 200:: 64 static 32
#
locator d ipv6-prefix 7000:: 64 static 32
opcode 1 end
#
traffic-engineering
srv6-policy locator aaa
#
segment-list s1
index 10 ipv6 6000::1
index 20 ipv6 5000::1
#
policy p1
color 10 end-point ipv6 1::1
#
candidate-paths
#
preference 10
explicit segment-list s1
#
· CE 2:
#
sysname CE1
#
interface Ten-GigabitEthernet3/1/1
port link-mode route
ipv6 address 10::2/64
#
· H3C SR8800-X路由器 Segment Routing配置指导-R8260PXX
· H3C SR8800-X路由器 Segment Routing命令参考-R8260PXX
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!