Login
- Table of Contents
-
- 10-Segment Routing Configuration Guide
- 00-Preface
- 01-SR-MPLS configuration
- 02-SR-MPLS TE policy configuration
- 03-SRv6 configuration
- 04-SRv6 TE policy configuration
- 05-SRv6 VPN overview
- 06-IP L3VPN over SRv6 configuration
- 07-EVPN L3VPN over SRv6 configuration
- 08-EVPN VPWS over SRv6 configuration
- 09-EVPN VPLS over SRv6 configuration
- 10-Public network IP over SRv6 configuration
- 11-SRv6 OAM configuration
- 12-SRv6 network slicing configuration
- 13-SRv6 service chain configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-EVPN L3VPN over SRv6 configuration | 1.27 MB |
Configuring EVPN L3VPN over SRv6
Intercommunication between SRv6 and MPLS L3VPN networks
SRv6 VPN cross-AS intercommunication
Cross-AS Option B (without requiring VPN instance deployment for the border device)
Intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
Restrictions and guidelines: EVPN L3VPN over SRv6 configuration
EVPN L3VPN over SRv6 tasks at a glance
Configuring SRv6 SIDs for a COC16-type locator
Applying a locator to a BGP VPN instance
Configuring SRv6-encapsulated EVPN route advertisement
Configuring PEs to exchange BGP EVPN routes
Configuring next hop-based dynamic End.DX4 or End.DX6 SID allocation for BGP routes
Configuring BGP EVPN route settings
Restrictions and guidelines for BGP EVPN route configuration
Configuring BGP route reflection
Configuring attributes of BGP EVPN routes
Applying the next hop address type of BGP EVPN routes to optimal route selection
Configuring the BGP Additional Paths feature
Configuring the route recursion mode
Specifying a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets
Enabling SRv6 VPN compatibility for a peer or peer group
Configuring inter-AS option B VPN
Configuring intercommunication between SRv6 and MPLS L3VPN networks
Configuring intercommunication between SRv6 and MPLS L3VPN networks (through End.T SIDs)
Configuring intercommunication between SRv6 and MPLS L3VPN networks (through route reorigination)
Configuring transit proxies for SRv6 SIDs in cross-AS EVPN L3VPN over SRv6 networks
Configuring intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
Configuring SRv6 VPN Option B cross-AS intercommunication
Configuring EVPN L3VPN over SRv6 FRR
Configuring SBFD for SRv6 locators
Configuring a TTL processing mode for tunnels associated with a VPN instance
Display and maintenance commands for EVPN L3VPN over SRv6
Displaying and maintaining the running status of EVPN L3VPN over SRv6
EVPN L3VPN over SRv6 configuration examples
Example: Configuring IPv4 EVPN L3VPN over SRv6 in SRv6 BE mode
Example: Configuring IPv4 EVPN L3VPN over G-SRv6 (with COC32 locators of 32-bit G-SRv6 compression)
Example: Configuring IPv4 EVPN L3VPN over G-SRv6 (with COC16 locators of 16-bit G-SRv6 compression)
Example: Configuring inter-AS option B VPN
Configuring EVPN L3VPN over SRv6
About EVPN L3VPN over SRv6
EVPN L3VPN over SRv6 uses SRv6 tunnels to carry EVPN L3VPN services. This technology establishes SRv6 tunnels among geographically dispersed customer sites over the IPv6 backbone network and transparently forwards EVPN L3VPN customer traffic through the tunnels. For more information about EVPN L3VPN configuration, see EVPN Configuration Guide.
Basic principle
Figure 1 shows a typical EVPN L3VPN over SRv6 network.
· PE 1 and PE 2 use MP-BGP to advertise EVPN IP advertisement routes to each other over the IPv6 backbone network. The EVPN IP advertisement routes contain IPv4 or IPv6 VPN routing information and SID information.
· The PEs have a single-hop SRv6 tunnel between them and they use the SRv6 tunnel to forward EVPN L3VPN traffic across sites.
· The devices in the IPv6 backbone network forward the SRv6-encapsulated EVPN L3VPN traffic through the optimal path calculated by IGP.
EVPN L3VPN over SRv6 connects geographically dispersed sites that belong to the same VPN over the IPv6 backbone network.
Route advertisement
The route advertisement process of IPv4 EVPN L3VPN over SRv6 is similar to that of IPv6 EVPN L3VPN over SRv6. This section uses IPv4 EVPN L3VPN over SRv6 to illustrate the process.
As shown in Figure 1, local routes of CE 1 are advertised to CE 2 by using the following process:
1. CE 1 uses static routing, RIP, OSPF, IS-IS, EBGP, or IBGP to advertise routes of the local site to PE 1.
2. PE 1 stores the routes advertised by CE 1 to the routing table of VPN 1. Then, PE 1 converts the routes to BGP EVPN IP advertisement routes and advertises the IP advertisement routes to PE 2 by using MP-BGP. The IP advertisement routes carry RD, RT, and SID attributes (the SID attribute is used as the private network label).
¡ If next hop-based dynamic SID allocation is not used, all private network routes of the VPN instance are allocated the same End.DT4 or End.DT46 SID.
¡ If next hop-based dynamic SID allocation is used, private network routes with the same next hop are allocated the same End.DX4 SID in the VPN instance.
3. PE 2 adds the IP advertisement routes to the routing table of VPN 1, converts the IP advertisement routes to IPv4 routes, and advertises the IPv4 routes to CE 2.
4. By adding the received IPv4 routes to the routing table, CE 2 learns the private network routes of CE 1.
Packet forwarding
EVPN L3VPN over SRv6 supports the following route recursion modes:
· SRv6 BE mode.
· SRv6 TE mode.
· SRv6 TE and SRv6 BE hybrid mode.
· SRv6 TE and SRv6 BE FRR mode.
The packet forwarding process differs by the route recursion mode in use.
SRv6 BE mode
This mode is also called SID-based forwarding mode. In this mode, a PE forwards an SRv6 packet by searching the IPv6 routing table based on the SRv6 SID encapsulated in the packet.
The packet forwarding process of IPv4 EVPN L3VPN over SRv6 is similar to that of IPv6 EVPN L3VPN over SRv6. This section uses IPv4 EVPN L3VPN over SRv6 to illustrate the process.
As shown in Figure 1, CE 2 forwards an IPv4 packet to CE 1 as follows:
1. CE 2 sends the IPv4 packet to PE 2.
2. PE 2 receives the packet on an interface associated with VPN 1. PE 2 searches for a route that matches the destination IPv4 address of the packet in the routing table of VPN 1. The corresponding End.DT4, End.DT46, or End.DX4 SID is found. Then, PE 2 encapsulates an outer IPv6 header for the packet. The End.DT4, End.DT46, or End.DX4 SID is encapsulated in the outer IPv6 header as the destination address.
3. PE 2 searches the IPv6 routing table based on the End.DT4, End.DT46, or End.DX4 SID for the optimal IGP route and forwards the packet to P through the route.
4. P searches the IPv6 routing table based on the End.DT4, End.DT46, or End.DX4 SID for the optimal IGP route and forwards the packet to PE 1 through the route.
5. When PE 1 receives the packet, it processes the packet as follows:
¡ If the packet header contains an End.DT4 or End.DT46 SID, PE 1 searches the local SID forwarding table for the SID and removes the outer IPv6 header. Then, PE 1 matches the packet to VPN 1 based on the SID, searches the routing table of VPN 1 for the optimal route and forwards the packet to CE 1.
¡ If the packet header contains an End.DX4 SID, PE 1 searches the local SID forwarding table for the SID and removes the outer IPv6 header. Then, PE 1 forwards the packet to CE 1 according to the next hop and output interface bound to the SID.
SRv6 TE mode
This mode is also called SRv6 TE policy-based forwarding mode. In this mode, when a PE forwards a customer packet, it first searches for a matching SRv6 TE policy based on the packet attributes. Then, the PE adds an SRH to the packet. The SRH includes the destination SRv6 SID and the SID list of the SRv6 TE policy. Finally, the PE forwards the encapsulated packet based on the SRv6 TE policy.
The following modes are available to steer traffic to an SRv6 TE policy:
· Color—The device searches for an SRv6 TE policy that has the same color and endpoint address as the color and nexthop address of a BGP EVPN route. If a matching SRv6 TE policy exists, the device recurses the BGP EVPN route to that SRv6 TE policy. When the device receives packets that match the BGP EVPN route, it forwards the packets through the SRv6 TE policy.
· Tunnel policy—The device searches the tunnel policies for a matching SRv6 TE policy based on the next hop of a matching route. Configure a preferred tunnel or load sharing tunnel policy that uses the SRv6 TE policy. In this way, the SRv6 TE policy will be used as the public tunnel to forward the packets of private network packets.
For more information about tunnel policies, see MPLS Configuration Guide. For more information about SRv6 TE policies, see "Configuring SRv6 TE policies."
SRv6 TE and SRv6 BE hybrid mode
In this mode, the PE preferentially uses the SRv6 TE mode to forward a packet. If no SRv6 TE policy is available for the packet, the PE performs IPv6 routing table lookup based on the encapsulated SRv6 SID, and forwards the packet in SRv6 BE mode.
SRv6 TE and SRv6 BE FRR mode
This mode implements FRR by using the SRv6 TE path (primary path) and SRv6 BE path (backup path). If the SRv6 TE path fails or does not exist, traffic is immediately switched to the SRv6 BE path to ensure service continuity.
SRv6 TE and SRv6 BE multilevel FRR mode (primary SRv6 TE path -> backup SRv6 TE path -> primary SRv6 BE path -> backup SRv6 BE path)
This mode implements multilevel FRR by using multiple SRv6 TE and SRv6 BE paths to ensure service continuity. The primary path contains a primary SRv6 TE path and a backup SRv6 TE path. The backup path contains a primary SRv6 BE path and a backup SRv6 BE path. The device selects a forwarding path in the order of primary SRv6 TE path, backup SRv6 TE path, primary SRv6 BE path, and backup SRv6 BE path.
SRv6 TE and SRv6 BE multilevel FRR mode (primary SRv6 TE path -> primary SRv6 BE path -> backup SRv6 TE path -> backup SRv6 BE path)
This mode implements multilevel FRR by using multiple SRv6 TE and SRv6 BE paths to ensure service continuity. The primary path contains a primary SRv6 TE path and a primary SRv6 BE path. The backup path contains a backup SRv6 TE path and a backup SRv6 BE path. The device selects a forwarding path in the order of primary SRv6 TE path, primary SRv6 BE path, backup SRv6 TE path, and backup SRv6 BE path.
Inter-AS option B VPN
About inter-AS option B VPN
If the EVPN routes at one site must pass through both SRv6 and MPLS networks to reach another site, ensure that the SRv6 and MPLS networks can communicate with each other. For this purpose, you can use inter-AS option B VPN.
As shown in Figure 2, an MPLS network and an SRv6 network are in different ASs. For inter-AS communication, the devices must support SRv6 SID and MPLS label exchange.
Figure 2 Inter-AS option B VPN network diagram
End.T SID
The ASBR in the SRv6 network allocates End.T SIDs based on FECs and advertises the SIDs to other SRv6 nodes through an IGP. An FEC is a destination IP address/mask or destination IPv6 address/prefix length.
The function of an End.T SID is removing the outer IPv6 header and looking up the IPv6 FIB table based on the End.T SID to forward packets.
The ASBR in the SRv6 network encapsulates an End.T SID to the packets forwarded from the SRv6 network to the MPLS network.
Route advertisement
As shown in Figure 2, the route of CE 1 is advertised to CE 2 in the following process:
1. After PE 1 learns the private network route of CE 1, it assigns MPLS label L1 to the private network route. Then, PE 1 advertises the route to ASBR 1 through MP-IBGP.
2. ASBR 1 receives the EVPN IP prefix advertisement route from PE 1 and reoriginates the route. ASBR 1 changes the next hop address of the route to its address, assign MPLS label L2 to the route, and maps MPLS label L2 and MPLS label L1. Then, the ASBR advertises the EVPN IP prefix advertisement route to ASBR 2 through MP-EBGP.
3. ASBR 2 receives the EVPN IP prefix advertisement route from ASBR 1 and reoriginates the route. ASBR 2 changes the next hop address of the route to its address, allocates an End.T SID to the route, and maps the End.T SID and MPLS label L2. Then, the ASBR advertises the route to PE 2 through MP-IBGP.
4. PE 2 advertises the route to CE 2.
As shown in Figure 2, the route of CE 2 is advertised to CE 1 in the following process:
5. After PE 2 learns the private network route of CE 2, it assigns an SRv6 SID to the private network route. Then, PE 2 advertises the route to ASBR 2 through MP-IBGP. The supported SRv6 SIDs include End.DT4, End.DT6, End.DT46, End.DX4, and End.DX6 SIDs.
6. ASBR 2 receives the EVPN IP prefix advertisement route from PE 2 and reoriginates the route. ASBR 2 changes the next hop address of the route to its address, assign MPLS label L2 to the route, and maps MPLS label L2 and the SRv6 SID. Then, the ASBR advertises the EVPN IP prefix advertisement route to ASBR 1 through MP-EBGP.
7. ASBR 1 receives the EVPN IP prefix advertisement route from ASBR 2 and reoriginates the route. ASBR 1 changes the next hop address of the route to its address, allocates MPLS label L1 to the route, and maps MPLS label 1 and MPLS label L2. Then, the ASBR advertises the route to PE 1 through MP-IBGP.
8. PE 1 advertises the route to CE 1.
In the inter-AS option B VPN scenario, the ASBRs need to receive all inter-AS VPN routes. On the ASBRs, do not filter received EVPN IP prefix advertisement routes based on route targets.
Traffic forwarding
As shown in Figure 2, packets are forwarded from CE 2 to CE 1 in the following process:
1. When PE 2 receives a packet from CE 2, it encapsulates an End.T SID to the packet and forwards the packet to ASBR 2.
2. When ASBR 2 receives the packet, it removes the outer IPv6 header and looks up the IPv6 FIB table based on the End.T SID. ASBR 2 finds that the out label is L2. Then, the ASBR reencapsulates MPLS label 2 to the packet and forwards the packet to ASBR 1. The packet includes only one layer of MPLS label.
3. ASBR 1 replaces MPLS label L2 with MPLS label L1 and adds the public label that identifies the public tunnel from ASBR 1 to PE 1 to the packet. Then, ASBR 1 forwards the packet to PE 1.
4. PE 1 removes the public and private labels from the packet and forwards the packet to CE 1.
Packets are forwarded from CE 1 to CE 2 in the following process:
5. When PE 1 receives a packet from CE 1, it encapsulates two layers of MPLS labels to the packet and forwards the packet to ASBR 1. The private label is L1 and the public label identifies the public tunnel from PE 1 to ASBR 1.
6. When ASBR 1 receives the packet, it removes the public label from the packet and replaces private label L1 with private label L2. Then, ASBR 1 forwards the packet to ASBR 2. The packet includes only one layer of MPLS label.
7. ASBR 2 replaces private label L2 with an SRv6 SID and forwards the packet to PE 2 according to the SRv6 SID.
8. PE 2 executes the function of the SRv6 SID and forwards the packet to CE 2.
Intercommunication between SRv6 and MPLS L3VPN networks
As shown in Figure 3, MPLS L3VPN networks are deployed for the data centers connected through an EVPN L3VPN over SRv6 network. For communication between the data centers, you need to implement intercommunication between SRv6 and MPLS L3VPN networks on the ASBRs of the data centers.
Figure 3 Intercommunication between SRv6 and MPLS L3VPN networks
After you configure intercommunication between SRv6 and MPLS L3VPN networks on the ASBR, the ASBR performs the following operations:
· After receiving BGP VPNv4 routes from the MPLS L3VPN network, the ASBR performs the following operations:
a. Matches the route targets of the routes with the import route targets of local VPN instances.
b. Adds the routes to the routing tables of the VPN instances, and reoriginates EVPN IP prefix advertisement routes. In addition, the ASBR adds an SRv6 SID to the routes.
c. Advertises the reoriginated EVPN IP prefix advertisement routes with the SRv6 SID to the EVPN L3VPN over SRv6 network.
· After receiving EVPN IP prefix advertisement routes from the EVPN L3VPN over SRv6 network, the ASBR performs the following operations:
d. Matches the route targets of the routes with the import route targets of local VPN instances.
e. Adds the routes to the routing tables of the VPN instances, and reoriginates VPNv4 routes. In addition, the ASBR adds an MPLS label to the routes.
f. Advertises the reoriginated VPNv4 routes with the MPLS label to the MPLS L3VPN network.
After route reorigination, you need to enable intercommunication between SRv6 and MPLS networks on the ASBR to associate SRv6 SIDs with MPLS labels.
Figure 4 Packet forwarding between SRv6 and MPLS L3VPN networks
As shown in Figure 4, after the PEs and ASBRs complete route learning, packets between site 1 and site 2 are forwarded as follows:
1. Upon receiving a packet from site 2, PE 2 adds a private network label to the packet, and forwards the packet to ASBR 2 through the public network tunnel.
2. ASBR 2 performs a routing table lookup in the VPN instance associated with the private network label of the packet, encapsulates an SRv6 SID, and forwards the packet to ASBR 1 in SRv6 BE or SRv6 TE mode.
3. ASBR 1 determines the VPN instance associated with the SRv6 SID of the packet, removes the SRv6 SID, performs a routing table lookup in the VPN instance, and adds a private network label to the packet. Then ASBR 1 forwards the packet to PE 1 through the public network tunnel.
4. Upon receiving the packet, PE 1 performs a routing table lookup in the VPN instance associated with the private network label of the packet, locates the output interface, removes the private network label, and forwards the packet to site 1.
SRv6 VPN cross-AS intercommunication
Transit proxies for SRv6 SIDs in cross-AS EVPN L3VPN over SRv6 networks (with VPN instance deployment on the border device)
In a cross-AS SRv6 VPN network where SRv6 is deployed in multiple ASs, to implement cross-AS communication, you typically need to advertise locator routes across the ASs. (For example, you can redistribute the locator routes advertised by IGP into BGP for cross-AS route advertisement.) After cross-AS advertisement for the locator routes, the PEs in different ASs can establish an SRv6 forwarding path. For security purposes, if you do not want to transmit locator routes across ASs, you can configure the ASBRs as transit proxy devices to change the SRv6 SIDs carried in routes to the SRv6 SIDs in the local VPN instances. This avoids locator route advertisement to another AS. The PEs in different ASs can establish a cross-AS SRv6 forwarding path.
Figure 5 Transit proxies for SRv6 SIDs in a cross-AS EVPN L3VPN over SRv6 network
As shown in Figure 5, to disable forwarding of locator routes on PE 1 to PE 2 and implement communication between site 1 and site 2, configure ASBR 2 to change the SRv6 SIDs carried in BGP routes. ASBR 2 then process BGP routes as follows:
· Upon receiving an IP prefix route carrying an SRv6 SID from ASBR 1, ASBR 2 adds the route to the routing table of the VPN instance matching the local RT, and delete SRv6 SID from the route. ASBR 2 then re-applies for an SRv6 SID for the IP prefix route in the VPN instance matching the local RT. The re-applied SRv6 SID is the same type as the original SID.
|
|
IMPORTANT: End.DX4 SIDs and End.DX6 SIDs cannot be re-applied. |
· When forwarding received IP prefix routes to PE 2, ASBR 2 forwards only the routes with new SRv6 SIDs.
As shown in Figure 6, after route learning, packets are forwarded from site 2 to site 1 as follows:
1. Upon receiving a packet from site 2, PE 2 looks up in the VPN routing table for route-associated SRv6 SID. Then it encapsulates the SRv6 SID (re-applied by ASBR 2 for the BGP route in the local VPN instance) for the packet, and sends the packet to ASBR 2 in SRv6 BE or SRv6 TE mode.
2. ASBR 2 determines the VPN instance of the received packet based on the SRv6 SID, removes the SRv6 encapsulation, and looks up in the routing table of the associated VPN instance. After obtaining the route-associated SRv6 SID, it encapsulates the SRv6 SID (original SRv6 SID advertised by PE 1) for the packet, and sends the packet to PE 1 in SRv6 BE or SRv6 TE mode.
3. Upon receiving the packet, PE 1 determines the VPN instance of the received packet based on the SRv6 SID, removes the SRv6 encapsulation, looks up in the routing table of the associated VPN instance, and forwards the packet to site 1.
The packet forwarding procedure requires the ASBR to obtain the PE-advertised locator route in the peer AS. The PE does not need to obtain the PE-advertised locator route in the peer AS. It only requires the ASBR-advertised locator route in the local AS. The transit proxy behavior of the ASBR resolves the communication issues between SRv6 sites when locator routes are not advertised across ASs.
Cross-AS Option B (without requiring VPN instance deployment for the border device)
The biggest challenge in achieving inter-AS intercommunication in SRv6 networks is establishing inter-AS SRv6 forwarding paths. A currently feasible method is to advertise SRv6 SID information of intermediate nodes to another AS. Different ASs typically belong to separate ISPs, who do not want leakage of too much node information to other networks.
To address this issue, H3C introduced the SRv6 VPN Option B cross-AS solution. The solution does not require the advertisement of locator routes in the AS to another AS, or the deployment of VPN instances on the ASBR. By enabling SRv6 network cross-AS intercommunication on the ASBRs, the solution can enable the following intercommunications between private network users in different ASs:
· Intercommunication between an IP L3VPN over SRv6 network and an EVPN L3VPN over SRv6 network.
· Intercommunication between IP L3VPN over SRv6 networks.
· Intercommunication between EVPN L3VPN networks.
For more information about the operating mechanisms of Option B cross-AS and SRv6 VPN cross-AS intercommunication, see IP L3VPN over SRv6 configuration.
Intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
As shown in Figure 7, the ASBR connects both the EVPN L3VPN over SRv6 network and the IP L3VPN over SRv6 network. The ASBR advertises BGP routes between different networks by converting between IP prefix routes and BGP VPNv4/VPNv6 routes for intercommunication between the EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks.
Figure 7 Intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
With intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks configured, the ASBR process BGP routes as follows:
· Upon receiving an IP prefix route from the EVPN L3VPN over SRv6 network, the ASBR reoriginates a BGP VPNv4/VPNv6 route with the same prefix in the VPN instance matching the RT of the IP prefix route. In addition, it re-applies for an SRv6 SID for the reoriginated BGP VPNv4 route in the VPN instance. The ASBR advertises the reoriginated BGP VPNv4/VPNv6 route to the PE in the IP L3VPN over SRv6 network.
Figure 8 Packet forwarding between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
As shown in Figure 8, after route learning, IPv4 packets are forwarded from site 2 to site 1 as follows:
1. Upon receiving a packet from site 2, PE 2 looks up in the VPN routing table for route-associated SRv6 SID. Then it encapsulates the SRv6 SID (re-applied by the ASBR for the BGP VPNv4 route in the local VPN instance) for the packet, and sends the packet to the ASBR in SRv6 BE or SRv6 TE mode.
2. The ASBR determines the VPN instance of the received packet based on the SRv6 SID, removes the SRv6 encapsulation, and looks up in the routing table of the associated VPN instance. After obtaining the route-associated SRv6 SID, it encapsulates the SRv6 SID (original SRv6 SID in the IP prefix route advertised by PE 1) for the packet, and sends the packet to PE 1 in SRv6 BE or SRv6 TE mode.
3. Upon receiving the packet, PE 1 determines the VPN instance of the received packet based on the SRv6 SID, removes the SRv6 encapsulation, looks up in the routing table of the associated VPN instance, and forwards the packet to site 1.
EVPN L3VPN over SRv6 FRR
EVPN L3VPN over SRv6 Fast Reroute (FRR) is applicable to a dualhomed scenario, as shown in Figure 9. By using static BFD to detect the primary link, FRR enables a PE to use the backup link when the primary link fails. The PE then selects a new optimal route, and uses the new optimal route to forward traffic.
EVPN L3VPN over SRv6 uses EVPN route backup for an EVPN route.
Figure 9 Network diagram of EVPN route backup for an EVPN route
As shown in Figure 9, configure FRR on the ingress node PE 1, and specify the backup next hop for VPN 1 as PE 3. When PE 1 receives an EVPN route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary link, and the route from PE 3 as the backup link.
Configure static BFD for public tunnels on PE 1 to detect the connectivity of the public tunnel from PE 1 to PE 2. When the tunnel PE 1—PE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2. When the tunnel fails, the traffic goes through the path CE 1—PE 1—PE 3—CE 2.
In this scenario, PE 1 is responsible for primary link detection and traffic switchover.
For more information about static BFD, see BFD configuration in High Availability Configuration Guide.
Restrictions and guidelines: EVPN L3VPN over SRv6 configuration
In an EVPN L3VPN over SRv6 network, you cannot configure the MPLS DiffServ mode. For more information about the MPLS DiffServ mode, see MPLS QoS configuration in ACL and QoS Configuration Guide.
In an EVPN L3VPN over SRv6 network, route output interfaces do not support load balancing between GRE tunnel interfaces and common physical interfaces. Avoid such configurations to prevent uneven load balancing.
EVPN L3VPN over SRv6 tasks at a glance
To configure EVPN L3VPN over SRv6, perform the following tasks:
1. Configuring a VPN instance and associating interfaces connected to CEs with the VPN instance
Perform this task on PEs. For more information, see MPLS L3VPN in MPLS Configuration Guide.
2. Configuring route exchange between a PE and a CE
Configure an IPv4 routing protocol (static routing, RIP, OSPF, IS-IS, EBGP, or IBGP) or an IPv6 routing protocol (IPv6 static routing, RIPng, OSPFv3, IPv6 IS-IS, EBGP, or IBGP) to exchange routes between a PE and a CE
On the CE, configure an IPv4 or IPv6 routing protocol to advertise routes of the local site to the PE. On the PE, associate the routing protocol with the VPN instance. For more information about routing protocol configurations, see Layer 3—IP Routing Configuration Guide.
3. Configuring route exchange between PEs
Perform this task to manually configure an End.DT4, End.DT6, End.DT46, End.DX4, or End.DX6 SID.
b. Applying a locator to a BGP VPN instance
BGP can advertise SRv6 SIDs through BGP routes only after you apply a locator to BGP.
c. Configuring SRv6-encapsulated EVPN route advertisement
Perform this task to advertise VPN routes as EVPN routes to a peer or peer group in the EVPN L3VPN over SRv6 network.
d. Configuring PEs to exchange BGP EVPN routes
e. (Optional.) Configuring next hop-based dynamic End.DX4 or End.DX6 SID allocation for BGP routes
This feature enables a PE to dynamically allocate End.DX4 or End.DX6 SIDs to BGP private network routes based on the route next hops.
f. (Optional.) Configuring BGP EVPN route settings
4. Configuring the route recursion mode
5. Specifying a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets
This feature specifies the source address of the outer IPv6 header for SRv6 packets forwarded between two private network sites over the backbone network.
6. (Optional.) Enabling SRv6 VPN compatibility for a peer or peer group
7. (Optional.) Configuring inter-AS option B VPN
8. (Optional.) Configuring intercommunication between SRv6 and MPLS L3VPN networks (through End.T SIDs)
9. (Optional.) Configuring intercommunication between SRv6 and MPLS L3VPN networks (through route reorigination)
10. (Optional.) Configuring SRv6 VPN cross-AS intercommunication
¡ Configuring transit proxies for SRv6 SIDs in cross-AS EVPN L3VPN over SRv6 networks
¡ Configuring intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
¡ Configuring SRv6 VPN Option B cross-AS intercommunication
11. (Optional.) Configuring EVPN L3VPN over SRv6 FRR
12. (Optional.) Configuring SBFD for SRv6 locators
13. (Optional.) Configuring a TTL processing mode for tunnels associated with a VPN instance
Configuring an SRv6 SID
Configuring a common SRv6 SID
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
3. Configure a locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length [ args args-length | static static-length ] * ]
4. Configure an opcode. Perform one of the following tasks:
¡ Configure an End.DT4 SID.
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name evpn
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name l3vpn-evpn
The specified VPN instance must exist. An End.DT4 SID cannot be configured in different VPN instances.
¡ Configure an End.DT6 SID.
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name evpn
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name l3vpn-evpn
The specified VPN instance must exist. An End.DT6 SID cannot be configured in different VPN instances.
¡ Configure an End.DT46 SID.
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name evpn
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name l3vpn-evpn
The specified VPN instance must exist. An End.DT46 SID cannot be configured in different VPN instances.
¡ Configure an End.DX4 SID.
opcode { opcode | hex hex-opcode } end-dx4 interface interface-type interface-number nexthop nexthop-ipv4-address vpn-instance vpn-instance-name evpn
The specified VPN instance must exist. An End.DX4 SID cannot be configured with different output interfaces or next hops.
¡ Configure an End.DX6 SID.
opcode { opcode | hex hex-opcode } end-dx6 interface interface-type interface-number nexthop nexthop-ipv6-address vpn-instance vpn-instance-name evpn
The specified VPN instance must exist. An End.DX6 SID cannot be configured with different output interfaces or next hops.
Configuring SRv6 SIDs for a COC16-type locator
About this task
A locator specified with the compress-16 keyword is a COC16-type locator. Such locators are used for assigning SIDs in the 16-bit G-SRv6 scenario. COC16 locators can be divided into the following types:
· Default-mode locator—A locator without the next keyword specified. You can assign a G-SID with the COC flavor, NEXT flavor, and COC&NEXT flavor, or a common SID without COC or NEXT flavors. This locator applies to all 16-bit compression G-SRv6 encapsulation solutions.
· Next-mode locator—A locator with the next keyword specified. Use this feature to assign a G-SID that carries only the NEXT flavor, or a common SID that does not carry the COC or NEXT flavor. When the H3C device interoperates with a third-party device that supports the 16-bit compression G-SRv6 encapsulation solution with only the move action, configure a Next-mode locator to allocate SIDs.
· Wlib-mode locator—A locator with the next-wlib keyword specified. It can allocate G-SIDs with the NEXT flavor from the extended W-LIB space or from the compressed function. In the current software version, the Wlib-mode locator typically uses the W-LIB space to allocate SIDs for VPN services.
Restrictions and guidelines
For a Wlib-mode locator, to allocate an opcode from the W-LIB space, follow these guidelines when you execute the opcode command to configure VPN-related SIDs such as End.DT4 SIDs: 1. First, make sure the specified opcode or hexadecimal hex-opcode includes one of the values in the range of wlib-static-value to wlib-start-value+7 specified in the locator command. 2. Then, specify the opcode in the W-LIB space. As a best practice, use the hexadecimal hex-opcode argument to configure the opcode. For example, if the value for the wlib-start-value argument is 0xFFF3 and the value for the wlib-static-value argument is 0xFFF7, you must first specify a value between FFF7 and FFFA for the hex-opcode argument, and then then assign an opcode in the W-LIB space.
Configuring SRv6 SIDs for a default locator
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
3. Enable SRv6 compression.
srv6 compress enable
By default, SRv6 compression is disabled.
4. Configure a default-mode locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length compress-16 [ non-compress-static non-compress-static-length ] [ args args-length | static static-length ] * ]
5. Configure an opcode to statically specify an SRv6 SID and the SID-associated function and flavor.
¡ Assign a common SRv6 SID that does not carry the COC or NEXT flavor from the non-compressed Function portion. The configuration steps are omitted here.
¡ Assign an SRv6 SID that carries the COC or NEXT flavor from the compressed Function portion.
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name evpn compress { next | coc-next }
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name l3vpn-evpn compress { next | coc-next }
Configure an End.DT4 SID.
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name evpn compress { next | coc-next }
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name l3vpn-evpn compress { next | coc-next }
vpn-instance-name [ evpn | l3vpn-evpn ] ] compress { next | coc-next }
Configure an End.DT46 SID.
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name evpn compress { next | coc-next }
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name l3vpn-evpn compress { next | coc-next }
Configure an End.DT6 SID.
opcode { opcode | hex hex-opcode } end-dx4 interface interface-type interface-number nexthop nexthop-ipv4-address vpn-instance vpn-instance-name evpn compress { next | coc-next }
Configure an End.DX4 SID.
opcode { opcode | hex hex-opcode } end-dx6 interface interface-type interface-number nexthop nexthop-ipv4-address vpn-instance vpn-instance-name evpn compress { next | coc-next }
Configure an End.DX6 SID.
Configuring SRv6 SIDs for a Next-mode locator
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
3. Enable SRv6 compression.
srv6 compress enable
By default, SRv6 compression is disabled.
4. Configure a Next-mode locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length compress-16 next [ non-compress-static non-compress-static-length ] [ args args-length | static static-length ] * ]
5. Configure an opcode to statically specify an SRv6 SID and the SID-associated function and flavor.
¡ Assign a common SRv6 SID that does not carry the COC or NEXT flavor from the non-compressed Function portion. The configuration steps are omitted here.
¡ Assign an SRv6 SID that carries the NEXT flavor from the compressed Function portion.
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT4 SID.
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT46 SID.
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT6 SID.
opcode { opcode | hex hex-opcode } end-dx4 interface interface-type interface-number nexthop nexthop-ipv4-address vpn-instance vpn-instance-name evpn compress next
Configure an End.DX4 SID.
opcode { opcode | hex hex-opcode } end-dx6 interface interface-type interface-number nexthop nexthop-ipv4-address vpn-instance vpn-instance-name evpn compress next
Configure an End.DX6 SID.
Configuring SRv6 SIDs for a Wlib-mode locator
1. Enter system view.
system-view
2. Enable SRv6 and enter SRv6 view.
segment-routing ipv6
3. Enable SRv6 compression.
srv6 compress enable
By default, SRv6 compression is disabled.
4. Configure a Wlib-mode locator and enter SRv6 locator view.
locator locator-name [ ipv6-prefix ipv6-address prefix-length compress-16 next-wlib [ wlib-start wlib-start-value ] [ wlib-static-start wlib-static-value ] [ args args-length | static static-length ] * ]
5. Configure an opcode to statically specify an SRv6 SID and the SID-associated function and flavor.
¡ Assign an SRv6 SID that carries the NEXT flavor from the extended W-LIB space.
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt4 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT4 SID.
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt46 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT46 SID.
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name evpn compress next
opcode { opcode | hex hex-opcode } end-dt6 vpn-instance vpn-instance-name l3vpn-evpn compress next
Configure an End.DT6 SID.
opcode { opcode | hex hex-opcode } end-dx4 interface interface-type interface-number nexthop nexthop-ipv4-address [ vpn-instance vpn-instance-name [ evpn ] ] compress next
Configure an End.DX4 SID.
opcode { opcode | hex hex-opcode } end-dx6 interface interface-type interface-number nexthop nexthop-ipv4-address [ vpn-instance vpn-instance-name [ evpn ] ] compress next
Configure an End.DX6 SID.
Applying a locator to a BGP VPN instance
About this task
This feature is applicable to an EVPN L3VPN over SRv6 network with VPN sites. Use this feature in BGP-VPN IPv4 or IPv6 unicast address family view of a VPN instance to enable the PE to apply for SRv6 SIDs for the private network routes of the VPN instance.
Use this feature if the device will use End.DT4, End.DT6, End.DT46, End.DX4, or End.DX6 SIDs to deliver EVPN traffic across sites. In addition, this feature enables the PE to carry the Prefix SID attribute in BGP routes of the specified address family for advertising SIDs of the locator.
In the 16-bit compression G-SRv6 scenario, use this feature to specify a locator of the COC16 type and specify the compress-16 keyword. This allows allocation of VPN SIDs such as End.DT4, End.DT6, End.DT46, End.DX4, and End.DX6 SIDs from that locator, which carry the COC&NEXT or NEXT flavor. When encapsulating SRv6 packets, the source node can compress the previous VPN SIDs to 16 bits before encapsulating them into the SRv6 packets, reducing the length of the SRv6 packet header. Upon receiving a 16-bit compressed SRv6 packet, the PE acting as the endpoint node performs the replace or move action based on the COC or NEXT flavor carried by the VPN SID. For more information about the replace and move actions, see SRv6 configuration in Segment Routing Configuration Guide.
Restrictions and guidelines
Before you perform this task, make sure the following conditions are met:
· The specified locator must already exist.
· The VPN instance of the specified locator must be the same as the VPN instance of the private network. To specify a VPN instance for a locator, use the opcode end-dt4, opcode end-dt6, opcode end-dt46, opcode end-dx4, or opcode end-dx6 command in SRv6 locator view.
If you execute the segment-routing ipv6 locator command and specify the compress-16 keyword, you must specify the COC16-type locator for the segment-routing ipv6 locator command. Without this configuration, SID allocation from the locator might not be as expected.
· If you execute the segment-routing ipv6 locator command to specify a non-COC16-type locator, specifying the compress-16 keyword will not take effect. That is, you cannot allocate SIDs from that locator.
· If you execute the segment-routing ipv6 locator command to specify a COC16-type locator in default or Next mode, and do not specify the compress-16 keyword, common SIDs can be allocated from the non-compressed Function portion of that locator. Common SIDs do not carry the COC or NEXT flavor.
· If you execute the segment-routing ipv6 locator command to specify a COC16-type locator in Wlib mode, and do not specify the compress-16 keyword, SIDs cannot be allocated from that locator.
If you execute the segment-routing ipv6 locator command and specify the compress-16 keyword, you can also execute the segment-routing ipv6 apply-sid compress command to edit the flavor for the SIDs allocated from the locator.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Apply a locator to the BGP VPN instance.
segment-routing ipv6 locator locator-name evpn [ auto-sid-disable | auto-sid-dt46 ] [ compress-16 ]
By default, no locator is applied to a BGP VPN instance.
6. (Optional) Configure the flavor carried in the SIDs dynamically allocated from the COC16-type locator specified for BGP.
segment-routing ipv6 apply-sid compress { coc-next | next [ wlib ] } evpn [ end-dt46 ]
By default, for a COC16-type locator in default mode, SRv6 SIDs are allocated with the COC and NEXT flavors from the compressed Function portion. For a COC16-type locator in Next mode, SRv6 SIDs are allocated with the NEXT flavor from the compressed Function portion. For a COC16-type locator in Wlib mode, SRv6 SIDs are allocated with the NEXT flavor from the W-LIB space.
Configuring SRv6-encapsulated EVPN route advertisement
About this task
Perform this task to ensure that a PE can advertise VPN routes as EVPN routes to a peer or peer group in an EVPN L3VPN over SRv6 network.
Restrictions and guidelines
Perform this task on the edge nodes of the EVPN L3VPN network and RRs.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable SRv6 encapsulation for the EVPN IP prefix advertisement routes advertised to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise encap-type srv6
By default, IP prefix advertisement routes use VXLAN encapsulation.
Configuring PEs to exchange BGP EVPN routes
Restrictions and guidelines
To ensure optimal route selection and SRv6 tunnel traffic forwarding, make sure a pair of PEs are not both IPv4 and IPv6 peers to each other.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Configure an IPv6 peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } as-number as-number
4. Specify the source interface of TCP connections to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } connect-interface interface-type interface-number
By default, BGP uses the IPv6 address of the output interface in the optimal route to the BGP peer or peer group as the source address of TCP connections to the peer or peer group.
5. Enter BGP EVPN address family view.
address-family l2vpn evpn
6. Enable BGP to exchange EVPN routes with an IPv6 peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } enable
By default, BGP cannot exchange EVPN routes with an IPv6 peer or peer group.
Configuring next hop-based dynamic End.DX4 or End.DX6 SID allocation for BGP routes
About this task
Perform this task to forward an SRv6 decapsulated VPN packet to the next hop without looking up the routing table of the VPN instance.
If you assign an End.DT4 SID, End.DT6 SID, or End.DT46 SID to a BGP VPN instance, all BGP private network routes of the instance are allocated that SID. When a PE removes the SRv6 encapsulation from a received packet, it looks up the routing table of the VPN instance based on the SID for an optimal route. Then, the PE forwards the packet to a CE. To forward the packet to the next hop without looking up the routing table of the VPN instance, perform this task.
This task dynamically allocates End.DX4 or End.DX6 SIDs to specific next hops or all next hops of the BGP private network routes in a VPN instance based on the next hop addresses. When forwarding a packet, the PE searches for the output interface and next hop based on the End.DX4 or End.DX6 SID of the packet. Then, the PE directly forwards the packet out of the output interface to the next hop.
Restrictions and guidelines
Before you perform this task in BGP-VPN IPv4 or IPv6 unicast address family view, execute the segment-routing ipv6 locator command in the same view to apply a locator to the view. This ensures successful dynamic End.DX4 or End.DX6 SID allocation.
This feature does not allocate End.DX4 or End.DX6 SIDs to direct routes.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Configure next hop-based dynamic End.DX4 or End.DX6 SID allocation for BGP private network routes. Choose one of the following tasks:
¡ Automatically allocate an End.DX4 or End.DX6 SID to each next hop of BGP private network routes.
segment-routing ipv6 apply-sid all-nexthop evpn
¡ Execute the following commands in sequence to automatically allocate an End.DX4 or End.DX6 SID to the specified next hop of BGP private network routes:
segment-routing ipv6 apply-sid specify-nexthop evpn
nexthop nexthop-address interface interface-type interface-number
By default, VPN instance-based SID allocation is used for private network routes.
Configuring BGP EVPN route settings
Restrictions and guidelines for BGP EVPN route configuration
For more information about the commands in this section, see BGP commands in Layer 3—IP Routing Command Reference.
Configuring BGP route reflection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the device as an RR and specify a peer or peer group as its client.
peer { group-name | ipv6-address [ prefix-length ] } reflect-client
By default, no RR or client is configured.
5. (Optional.) Enable BGP EVPN route reflection between clients.
reflect between-clients
By default, BGP EVPN route reflection between clients is enabled.
6. (Optional.) Configure the cluster ID of the RR.
reflector cluster-id { cluster-id | ip-address }
By default, an RR uses its own router ID as the cluster ID.
7. (Optional.) Create a reflection policy for the RR to filter reflected BGP EVPN routes.
rr-filter { ext-comm-list-number | ext-comm-list-name }
By default, an RR does not filter reflected BGP EVPN routes.
8. (Optional.) Enable the RR to change the attributes of routes to be reflected.
reflect change-path-attribute
By default, an RR cannot change the attributes of routes to be reflected.
Configuring attributes of BGP EVPN routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Set the local router as the next hop for routes advertised to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } next-hop-local
By default, BGP sets the local router as the next hop for all routes advertised to a peer or peer group.
5. Permit the local AS number to appear in routes from a peer or peer group and set the number of appearances.
peer { group-name | ipv6-address [ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed in routes from peers.
6. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise-community
By default, the device does not advertise the COMMUNITY attribute to peers or peer groups.
7. Advertise the Large community attribute to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise-large-community
By default, the Large community attribute is not advertised to a peer or peer group.
Filtering BGP EVPN routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Filter routes advertised to a peer or peer group.
filter-policy { mac-acl-number | name mac-acl-name } export
By default, routes advertised to peers or peer groups are not filtered.
5. Filter routes received from a peer or peer group.
filter-policy { mac-acl-number | name mac-acl-name } import
By default, routes received from peers or peer groups are not filtered.
6. Apply a routing policy to routes received from or advertised to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } route-policy route-policy-name { export | import }
By default, no routing policies are applied to routes received from or advertised to peers or peer groups.
7. Enable route target filtering for BGP EVPN routes.
policy vpn-target
By default, route target filtering is enabled for BGP EVPN routes.
Applying the next hop address type of BGP EVPN routes to optimal route selection
About this task
In scenarios where multiple network types exist, the device might learn BGP routes with the same destination address with different next hop address types (IPv4 address and IPv6 address). Assume a device can reach the same destination address through both an SRv6 network and an MPLS network. In this case, the device learns a route with an IPv6 next hop address from the SRv6 network and a route with an IPv4 next hop address from the MPLS network. By default, the route through the MPLS network is preferred. To prefer the route through the SRv6 network, configure additional route attributes to change the route selection result. After configuring this command, BGP can select routes with IPv4 or IPv6 next hop addresses as the optimal routes. This helps you flexibly plan BGP route selection.
For more information about BGP route selection, see BGP overview in Layer 3—IP Routing Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable BGP to preferentially select routes with IPv6 next hop addresses.
bestroute nexthop-priority ipv6 [ preferred ]
By default, BGP preferentially select routes with IPv4 next hop addresses.
Configuring the BGP Additional Paths feature
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the BGP Additional Paths capabilities.
peer { group-name | ipv6-address [ prefix-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured.
5. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } advertise additional-paths best number
By default, a maximum of one Add-Path optimal route can be advertised to a peer or peer group.
6. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.
additional-paths select-best best-number
By default, a maximum number of one Add-Path optimal route can be advertised to all peers.
7. (Optional.) Set the optimal route selection delay timer.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.
Configuring the route recursion mode
About this task
After a PE receives a customer packet destined for an SRv6 SID, it forwards the packet according to the route recursion mode.
· SRv6 BE mode—This mode is also called SID-based forwarding mode. In this mode, the PE first encapsulates the End.DT4, End.DT6, or End.DT46 SID into the packet. Then, the PE searches the IPv6 routing table based on the SID encapsulated in the packet to forward the packet.
· SRv6 TE mode—This mode is also called SRv6 TE policy-based forwarding mode. In this mode, the PE first searches for a matching SRv6 TE policy based on the packet attributes. Then, the PE adds an SRH to the packet. The SRH includes the End.DT4, End.DT6, or End.DT46 SID and the SID list of the SRv6 TE policy. Finally, the PE forwards the encapsulated packet through the SRv6 TE policy. For more information, see "Configuring SRv6 TE policies."
· SRv6 TE and SRv6 BE hybrid mode—To use this mode, specify the best-effort keyword for the command in BGP EVPN address family view. In this mode, the PE preferentially uses the SRv6 TE mode to forward the packet. If no SRv6 TE policy is available for the packet, the PE forwards the packet in SRv6 BE mode.
· SRv6 TE and SRv6 BE FRR mode—To use this mode, specify the best-effort keyword for the command in BGP-VPN IPv4/IPv6 address family view. This mode implements FRR by using the SRv6 TE path (primary path) and SRv6 BE path (backup path). If the SRv6 TE path fails or does not exist, traffic is immediately switched to the SRv6 BE path to ensure service continuity.
· SRv6 TE and SRv6 BE multilevel FRR modes—The following modes are supported:
¡ If you specify the best-effort keyword but do not specify the local-preference keyword for the command in BGP-VPN IPv4/IPv6 address family view: Implement multilevel FRR by using multiple SRv6 TE and SRv6 BE paths to ensure service continuity. The primary path contains a primary SRv6 TE path and a backup SRv6 TE path. The backup path contains a primary SRv6 BE path and a backup SRv6 BE path. The device selects a forwarding path in the order of primary SRv6 TE path, backup SRv6 TE path, primary SRv6 BE path, and backup SRv6 BE path. This mode is applicable to dual-homing scenarios.
¡ If you specify both the best-effort and local-preference keywords for the command in BGP-VPN IPv4/IPv6 address family view: Implement multilevel FRR by using multiple SRv6 TE and SRv6 BE paths to ensure service continuity. The primary path contains a primary SRv6 TE path and a primary SRv6 BE path. The backup path contains a backup SRv6 TE path and a backup SRv6 BE path. The device selects a forwarding path in the order of primary SRv6 TE path, primary SRv6 BE path, backup SRv6 TE path, and backup SRv6 BE path. This mode is applicable to dual-homing scenarios.
When the route recursion mode is SRv6 BE, SRv6 TE and SRv6 BE FRR, or SRv6 TE and SRv6 BE multilevel FRR, if the locator associated with the SIDs assigned by BGP to routes matches multiple IGP routes (that is, the IGP-advertised locator route has multiple next hops), the BGP route can recurse to multiple SRv6 BE paths. If multiple IGP routes matching the locator form FRR, the multiple SRv6 BE paths obtained through recursion for the BGP route also form the same type of FRR. The rules to form FRR vary by IGP. For more information, see the associated IGP configuration guide.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Configure the route recursion mode.
segment-routing ipv6 { best-effort | traffic-engineering | traffic-engineering best-effort [ local-preference ] } evpn
By default, a PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Specifying a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets
Restrictions and guidelines
To ensure correct VPN traffic forwarding in an EVPN L3VPN over SRv6 network, you must specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets.
You cannot specify a loopback address, link-local address, multicast address, or unspecified address as the source IPv6 address. You must specify an IPv6 address of the local device as the source IPv6 address, and make sure the IPv6 address has been advertised by a routing protocol. As a best practice, specify a loopback interface address of the local device as the source IPv6 address.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets.
encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
By default, no source address is specified for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets.
Enabling SRv6 VPN compatibility for a peer or peer group
About this task
In an EVPN L3VPN over SRv6 network, PE devices from different vendors might use different formats to encrypt SRv6 SIDs in the EVPN routes. As a result, the PE devices might fail to identify the received EVPN routes, causing route advertisement failure. To resolve this issue, you can perform this task to change the SRv6 SID encryption format for BGP routes sent by H3C devices for interoperability with devices from other vendors.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable SRv6 VPN compatibility for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } srv6-vpn compatible srv6-sid-transposition
By default, SRv6 VPN compatibility is disabled for a peer or peer group. The device encapsulates SRv6 SIDs for sent BGP routes in the non-Transposition-Scheme format as defined in RFC 9252.
Configuring inter-AS option B VPN
About this task
For intercommunication between an MPLS network in one AS and an SRv6 network in another AS, enable SRv6 and MPLS interworking on the ASBR in the SRv6 network. This feature enables End.T SID allocation and establishes mappings between End.T SIDs and MPLS labels.
Restrictions and guidelines
After you enable SRv6 and MPLS interworking, the per-next-hop label allocation mode applies to routes forwarded from SRv6 networks to MPLS networks. The label allocation mode is not affected by the label-allocation-mode or apply-label command. For more information about the label-allocation-mode command, see BGP commands in Layer 3—IP Routing Command Reference. For more information about the apply-label command, see MPLS L3VPN commands in MPLS Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable the device to reoriginate BGP EVPN routes based on the BGP EVPN routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } re-originated [ replace-rt ]
By default, the device does not reoriginate BGP EVPN routes based on received BGP EVPN routes.
5. (Optional.) Enable the device to advertise original BGP EVPN routes to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise original-route
By default, the device advertises only reoriginated BGP EVPN routes to peers and peer groups after the peer re-originated command is executed.
6. (Optional.) Suppress advertisement of reoriginated BGP EVPN routes to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } suppress re-originated ip-prefix
By default, the device advertises reoriginated BGP EVPN routes to peers and peer groups after the peer re-originated command is executed.
7. Enable SRv6 and MPLS interworking.
srv6-mpls-interworking enable
By default, SRv6 and MPLS interworking is disabled.
8. Apply a locator to the BGP VPN instance.
segment-routing ipv6 locator locator-name evpn
By default, no locator is applied to a BGP VPN instance.
9. Configure the route recursion mode.
segment-routing ipv6 { best-effort | traffic-engineering | traffic-engineering best-effort } evpn
By default, a PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Configuring intercommunication between SRv6 and MPLS L3VPN networks
Configuring intercommunication between SRv6 and MPLS L3VPN networks (through End.T SIDs)
About this task
For communication between the data centers deployed with MPLS L3VPN networks and connected through an EVPN L3VPN over SRv6 network, configure this feature on the ASBRs of data centers.
The route reorigination method can also implement intercommunication between SRv6 and MPLS L3VPN networks. You can configure route reorigination for the border devices in heterogeneous networks to enable BGP to automatically assign End.T SIDs for service routes and establish mappings between End.T SIDs and MPLS labels.
Prerequisites
Before you perform this task, enable SRv6 and MPLS interworking on the ASBR.
Reoriginating VPNv4/VPNv6 routes as EVPN IP prefix advertisement routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP VPNv4 address family view or BGP VPNv6 address family view.
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
4. Reoriginate routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } re-originated stitch-evpn
By default, routes received from a peer or peer group are not reoriginated.
5. Enable SRv6 and MPLS interworking.
srv6-mpls-interworking enable
By default, SRv6 and MPLS interworking is disabled.
6. Apply a locator to the BGP VPN instance.
segment-routing ipv6 locator locator-name evpn
By default, no locator is applied to a BGP VPN instance.
7. Configure the route recursion mode.
segment-routing ipv6 { best-effort | traffic-engineering | traffic-engineering best-effort } evpn
By default, a PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Reoriginating EVPN IP prefix advertisement routes as VPNv4/VPNv6 routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Reoriginate routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } re-originated [ ip-prefix ] stitch-l3vpn
By default, routes received from a peer or peer group are not reoriginated.
5. Enable SRv6 and MPLS interworking.
srv6-mpls-interworking enable
By default, SRv6 and MPLS interworking is disabled.
6. Apply a locator to the BGP VPN instance.
segment-routing ipv6 locator locator-name evpn
By default, no locator is applied to a BGP VPN instance.
7. Configure the route recursion mode.
segment-routing ipv6 { best-effort | traffic-engineering | traffic-engineering best-effort } evpn
By default, a PE searches the IPv6 routing table based on the next hop of a matching route to forward traffic.
Configuring intercommunication between SRv6 and MPLS L3VPN networks (through route reorigination)
About this task
In SRv6 networks, BGP EVPN is used to advertise service routes. In MPLS L3VPN networks, VPNv4/VPNv6 is used to advertise service routes. On the border devices of the SRv6 and MPLS L3VPN networks, you can perform the following operations to enable intercommunication between these heterogeneous networks:
· Advertise BGP EVPN routes from the SRv6 network to the VPNv4/VPNv6 address family.
· Advertise VPNv4/VPNv6 routes from the MPLS L3VPN network to the BGP EVPN address family.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable advertisement of BGP VPNv4 or VPNv6 routes through the BGP EVPN address family to peer.
advertise l3vpn route [ replace-rt ] [ advertise-policy policy-name ]
By default, the device does not send BGP VPNv4 or VPNv6 routes through the EVPN address family.
For more information about this command, see EVPN commands in EVPN Command Reference.
5. Return to BGP instance view.
quit
6. Enter BGP VPNv4 or BGP VPNv6 address family view.
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
7. Enable advertisement of BGP EVPN routes through the BGP VPNv4 or VPNv6 address family to peer.
advertise evpn route [ replace-rt ] [ advertise-policy policy-name ]
By default, the device does not send BGP EVPN routes through the BGP VPNv4 or VPNv6 address family.
For more information about this command, see EVPN commands in EVPN Command Reference.
Configuring transit proxies for SRv6 SIDs in cross-AS EVPN L3VPN over SRv6 networks
About this task
In a cross-AS SRv6 network, you can configure this feature on the ASBR to disable locator route advertisement to another AS. The feature implements transit proxy for cross-AS SRv6 network communication by changing the SRv6 SIDs carried in BGP routes.
Upon receiving an IP prefix route carrying an SRv6 SID from the peer, the device adds the route to the routing table of the VPN instance matching the local RT, and delete SRv6 SID from the route. The device then re-applies for an SRv6 SID for the IP prefix route in the VPN instance matching the local RT. The re-applied SRv6 SID is the same type as the original SID. When forwarding received IP prefix routes, the device only needs to send routes with the new SRv6 SID.
Restrictions and guidelines
End.DX4 SIDs and End.DX6 SIDs cannot be re-applied
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Change the SRv6 SIDs of the routes received from the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } re-originated [ ip-prefix ] [ replace-rt ] replace-sid
By default, the device does not change information about IP prefix routes received from the peer or peer group.
Configuring intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks
About this task
To implement intercommunication between EVPN L3VPN over SRv6 and IP L3VPN over SRv6 networks, you need to configure this feature on the ASBR connecting the two networks.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable advertisement of BGP VPNv4 or VPNv6 routes through the BGP EVPN address family to peer.
advertise l3vpn route [ replace-rt ] replace-sid [ advertise-policy policy-name ]
By default, the device does not send BGP VPNv4 or VPNv6 routes through the EVPN address family.
For more information about this command, see EVPN commands in EVPN Command Reference.
5. Return to BGP instance view.
quit
6. Enter BGP VPNv4 or BGP VPNv6 address family view.
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
7. Enable advertisement of BGP EVPN routes through the BGP VPNv4 or VPNv6 address family to peer.
advertise evpn route [ replace-rt ] replace-sid [ advertise-policy policy-name ]
By default, the device does not send BGP EVPN routes through the BGP VPNv4 or VPNv6 address family.
For more information about this command, see EVPN commands in EVPN Command Reference.
Configuring SRv6 VPN Option B cross-AS intercommunication
Overview
End.R SID is a proprietary implementation designed to enable devices from other vendors to identify routes carrying the End.R SID sent by H3C devices in the SRv6 VPN Option B cross-AS scenario. To achieve this purpose, configure the peer srv6-endr-type command to change the endpoint behavior value associated with the End.R SID to match the endpoint behavior value used by other vendors' SRv6 SIDs in the SRv6 VPN Option B cross-AS scenario.
In the SRv6 VPN Option B cross-AS intercommunication scenario, if the ASBR receives private network routes with the same prefix from multiple neighbors, multiple paths exist in the intercommunication scenario. By default, the ASBR selects only one route. As a result, cross-AS traffic can be forwarded through only a single path, which does not fully utilize the network path bandwidth and redundant paths.
After you configure the srv6-inter-as balance command on the ASBR, the ASBR can select up to two optimal private network routes with the same prefix for load balancing. The ASBR requests the same End.R SID for these routes. As a result, an IPv6 FIB entry generated based on the End.R SID has two next hops that also form load-balanced paths. The ASBR can forward packets through the load-balanced paths.
Restrictions and guidelines
When implementing intercommunication between an IP L3VPN over SRv6 network and an EVPN L3VPN over SRv6 network, follow these restrictions and guidelines:
· If two ASBRs establish BGP VPNv4 or BGP VPNv6 sessions, you must configure the peer re-originated stitch-evpn command on the ASBR in the EVPN L3VPN over SRv6 network, and specify the peer in the command as the peer ASBR. In addition, configure the peer re-originated stitch-l3vpn command on the PE of the local AS. This enables the ASBR to convert BGP VPNv4/VPNv6 and BGP EVPN routes, ensuring the transmission of private network routes across ASs.
· If two ASBRs establish BGP EVPN sessions, you must configure the peer re-originated stitch-l3vpn command on the ASBR in the IP L3VPN over SRv6 network, and specify the peer in the command as the peer ASBR. In addition, configure the peer re-originated stitch-evpn command on the PE of the local AS. This enables the ASBR to convert BGP VPNv4/VPNv6 and BGP EVPN routes, ensuring the transmission of private network routes across ASs.
Configuring the ASBR for intercommunication between IP L3VPN over SRv6 networks
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Specify a locator for BGP.
segment-routing ipv6 locator locator-name evpn
By default, no locator is specified.
5. Enable SRv6 network cross-AS intercommunication.
srv6-inter-as enable
By default, SRv6 network cross-AS intercommunication is disabled.
6. (Optional.) Configure the endpoint behavior value corresponding to the End.R SID carried in the route sent to the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } srv6-endr-type type-value
By default, the endpoint behavior value corresponding to the End.R SID carried in the route sent to the specified peer or peer group is 0x8018.
7. (Optional.) Configure the number of routes for load balancing supported by the ASBR in the SRv6 VPN Option B cross-AS scenario.
srv6-inter-as balance balance-value
By default, the ASBR does not perform load balancing for BGP VPNv4 or VPNv6 routes in the SRv6 VPN Option B cross-AS scenario.
Configuring the ASBR for intercommunication between an IP L3VPN over SRv6 network and an EVPN L3VPN over SRv6 network
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP VPNv4 address family view, BGP VPNv6 address family view, or BGP EVPN address family view.
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
¡ Enter BGP EVPN address family view.
address-family l2vpn evpn
For the ASBR in an IP L3VPN over SRv6 network, enter BGP VPNv4 address family view or BGP VPNv6 address family view. For the ASBR in an EVPN L3VPN over SRv6 network, enter BGP EVPN address family view.
4. Specify a locator for BGP.
segment-routing ipv6 locator locator-name evpn
By default, no locator is specified.
You need to specify the evpn keyword only in BGP EVPN address family view.
5. Enable SRv6 network cross-AS intercommunication.
srv6-inter-as enable
By default, SRv6 network cross-AS intercommunication is disabled.
6. Reoriginate IP prefix routes received from a peer or peer group as BGP VPNv4 or VPNv6 routes.
peer { group-name | ipv6-address [ prefix-length ] } re-originated ip-prefix stitch-l3vpn
By default, the EVPN routes received from a peer or peer group are not reoriginated.
Only BGP EVPN address family view supports this command.
If the ASBRs establish a BGP VPNv4 or BGP VPNv6 session, you must configure this command on the ASBR in the EVPN L3VPN over SRv6 network to specify the peer in the command as the PE in the local AS.
If the ASBRs establish a BGP EVPN session, you must configure this command on the ASBR in the IP L3VPN over SRv6 network to specify the peer in the command as the peer ASBR.
7. Reoriginate BGP VPNv4 or VPNv6 routes received from a peer or peer group as IP prefix routes.
peer { group-name | ipv6-address [ prefix-length ] } re-originated stitch-evpn
By default, the BGP VPNv4 or VPNv6 routes received from a peer or peer group are not reoriginated.
Only BGP VPNv4 or VPNv6 address family view supports this command.
If the ASBRs establish a BGP VPNv4 or BGP VPNv6 session, you must configure this command on the ASBR in the EVPN L3VPN over SRv6 network to specify the peer in the command as the peer ASBR.
If the ASBRs establish a BGP EVPN session, you must configure this command on the ASBR in the IP L3VPN over SRv6 network to specify the peer in the command as the PE in the local AS.
8. (Optional.) Configure the endpoint behavior value corresponding to the End.R SID carried in the route sent to the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } srv6-endr-type type-value
By default, the endpoint behavior value corresponding to the End.R SID carried in the route sent to the specified peer or peer group is 0x8018.
9. (Optional.) Configure the number of routes for load balancing supported by the ASBR in the SRv6 VPN Option B cross-AS scenario.
srv6-inter-as balance balance-value
By default, the ASBR does not perform load balancing for BGP VPNv4 or VPNv6 routes in the SRv6 VPN Option B cross-AS scenario.
Configuring EVPN L3VPN over SRv6 FRR
About this task
EVPN L3VPN over SRv6 FRR enables the device to calculate backup routes for all routes of the current address family to reduce the traffic interruption caused by link or device failures on the backbone. If the device learns two unequal-cost routes destined for the same network from different peers, the optimal route is backed up by the other route. When the optimal route becomes unavailable, the device uses the backup route to forward traffic. At the same time, the device calculates a new optimal route and then uses it to direct traffic forwarding.
By default, the IP routing table of a VPN instance does not have SRv6 SID route information. As a result, to use BFD to detect the primary path between PEs, FRR can only use the static BFD session for the locator network address. If the address families of multiple VPN instances have used the same locator, FRR in these address families might use the same static BFD session to detect the primary path. Once the BFD session detects that the path is not available, the BGP routes in all these address families will perform path switching simultaneously.
For refined FRR management, use the segment-routing ipv6 primary-path-detect sid-bfd evpn command in BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view. After this command is executed, when the device adds an IP prefix advertisement route that contains an SRv6 SID to the IP routing table of a VPN instance, it adds the SRv6 SID as the next hop of the route. This allows FRR to automatically and preferentially associate the static BFD session for the SRv6 SID to detect the primary path. Once BFD detects that an SRv6 SID is not reachable, it triggers the BGP routes in only one address family to perform path switching. This mechanism provides a smaller control granularity for FRR.
Restrictions and guidelines
This feature might cause routing loops in certain conditions. Make sure you are fully aware of this feature when you use it on a live network.
The segment-routing ipv6 primary-path-detect sid-bfd evpn command applies only to routes that use the SRv6 BE route recursion mode. If the route recursion mode is SRv6 TE and SRv6 BE hybrid, SRv6 TE and SRv6 BE FRR, or SRv6 TE and SRv6 BE multilevel FRR, this command takes effect only when the SRv6 TE path is not available.
Procedure
1. Enter system view.
system-view
2. Configure static BFD.
bfd static session-name [ peer-ipv6 ipv6-address [ vpn-instance vpn-instance-name ] source-ipv6 ipv6-address [ discriminator local local-value remote remote-value ] [ track-interface interface-type interface-number ] ]
If the segment-routing ipv6 primary-path-detect sid-bfd command is not used, you must specify the locator addresses advertised by the two ends of the detected link as the peer IPv6 address and source IPv6 address.
If the segment-routing ipv6 primary-path-detect sid-bfd command is used, you can specify the SRv6 SIDs allocated in the specified VPN instance for the devices at the two ends of the detected link as the peer IPv6 address and source IPv6 address.
For more information about the bfd static command, see BFD commands in High Availability Command Reference.
3. Return to system view.
quit
4. Enter BGP instance view.
bgp as-number [ instance instance-name ]
5. Configure BGP FRR to use BFD to detect next hop connectivity for the primary route in control packet mode or echo packet mode.
primary-path-detect bfd { ctrl | echo }
By default, BGP FRR uses ARP to detect the connectivity to the next hop of the primary route.
For more information about this command, see BGP commands in Layer 3—IP Routing Command Reference.
6. (Optional.) Enable using the static BFD session for the SRv6 SID to detect the reachability of the primary path for SRv6 VPN FRR.
¡ Execute the following commands in sequence to enable using the static BFD session for the SRv6 SID to detect the reachability of the primary path for SRv6 VPN FRR in BGP-VPN IPv4 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
segment-routing ipv6 primary-path-detect sid-bfd evpn
¡ Execute the following commands in sequence to enable using the static BFD session for the SRv6 SID to detect the reachability of the primary path for SRv6 VPN FRR in BGP-VPN IPv6 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
segment-routing ipv6 primary-path-detect sid-bfd evpn
By default, the device uses the static BFD session for the locator to detect the reachability of the primary path for SRv6 VPN FRR.
7. (Optional.) Return to BGP instance view.
quit
quit
8. Enter BGP-VPN IPv4 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP EVPN address family view.
¡ Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP EVPN address family view.
address-family l2vpn evpn
9. Enable FRR for the address family.
pic
By default, FRR is disabled.
On a PE deployed with a VPN instance, as a best practice, configure this command in BGP-VPN IPv4 unicast address family view or BGP-VPN IPv6 unicast address family view.
On the ASBR not deployed with a VPN instance, as a best practice, configure this command in BGP EVPN address family view.
For more information about this command, see BGP commands in Layer 3—IP Routing Command Reference.
Configuring SBFD for SRv6 locators
About this task
As shown in Figure 10, in the EVPN L3VPN over SRv6 BE scenario, CE 2 is dual homed to PE 2 and PE 3. After you enable FRR on PE 1, a primary path and a backup path are generated on PE 1. When the primary path fails, you can configure this feature for fast traffic switchover to the backup path. Use SBFD to detect connectivity of the SRv6 locator (next hop address obtained through route recursion for the private network route) advertised by PE 2 to fast locate primary path failures and switch traffic over to the backup path.
Figure 10 Using SBFD to detect SRv6 locators in a dual-homed network
SBFD detects the connectivity of SRv6 locators advertised by BGP as follows:
1. PE 1 sends SBFD packets as the initiator. The SRv6 locators are the destination addresses of the SBFD packets. The IP address specified in the sbfd source-ipv6 command is used as the source IP address of SBFD packets.
2. When PE 2 and PE 3 receive the SBFD packets as reflectors, they compare the remote discriminators in the packets with the locally configured discriminators.
¡ If they are consistent, the reflectors send SBFD response packets to the initiator through IPv6 routes.
¡ If they are inconsistent, the reflectors drop the received SBFD packets.
3. If the initiator can receive SBFD response packets before the detection timer expires, it determines that the SRv6 locators are reachable. If not, the initiator determines that the SRv6 locators are unreachable, and switches over to the backup path.
Restrictions and guidelines
To have this feature take effect, execute the sbfd destination ipv6 remote-discriminator command on PE 1 to configure the mappings between the detected SRv6 locators and remote discriminators. In addition, execute the sbfd local-discriminator command on PE 2 and PE 3 to configure the local discriminators on the reflector end. Make sure PE 1 have consistent discriminator settings with PE 2 and PE 3. For more information about the sbfd destination ipv6 remote-discriminator and sbfd local-discriminator commands, see BFD commands in High Availability Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter SRv6 view.
segment-routing ipv6
3. Configure SBFD for SRv6 locators.
locator-sbfd enable [ template template-name ] [ prefix-list prefix-list-name ]
By default, SBFD is not configured for SRv6 locators.
Configuring a TTL processing mode for tunnels associated with a VPN instance
About this task
A tunnel associated with a VPN instance supports the following TTL processing modes:
· Pipe—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node sets the TTL value or hop limit in the new header to 255 or the value specified by using the encapsulation source-address ip-ttl command in SRv6 view. When the packet leaves the tunnel of the VPN instance, the egress node removes the new header from the packet.The TTL value or hop limit in the original packet does not change when the packet is forwarded in the tunnel. Therefore, the public network nodes are invisible to user networks, and the tracert facility cannot show the real path in the public network.
· Uniform—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node copies the TTL value or the hop limit of the original packet to the TTL or hop limit field of the new header. When the packet leaves the tunnel of the VPN instance, the egress node copies the remaining TTL value or hop limit in the new header back to the original packet. The TTL value or hop limit can reflect how many hops the packet has traversed in the public network. The tracert facility can show the real path along which the packet has traveled.
Restrictions and guidelines
In the current software version, you can configure a TTL processing mode only for SRv6 tunnels associated with VPN instances.
Procedure
1. Enter system view.
system-view
2. Enter VPN instance view.
ip vpn-instance vpn-instance-name [ index vpn-index ]
3. Configure a TTL processing mode for the tunnels associated with the VPN instance.
ttl-mode { pipe | uniform }
By default, the TTL processing mode for the tunnels associated with a VPN instance is pipe.
For more information about this command, see MPLS L3VPN commands in MPLS Command Reference.
Display and maintenance commands for EVPN L3VPN over SRv6
Resetting BGP sessions
For BGP setting changes to take effect, you must reset or soft-reset BGP sessions. Soft-resetting BGP sessions updates BGP routing information without tearing down the BGP sessions. Resetting BGP sessions updates BGP routing information by tearing down and re-establishing the BGP sessions. Soft-reset requires that both the local router and the peer support ROUTE-REFRESH messages.
Execute the commands in this section in user view. For more information about the commands, see BGP in Layer 3—IP Routing Command Reference.
|
Task |
Command |
|
Soft-reset BGP sessions of the BGP VPNv4 address family. |
refresh bgp [ instance instance-name ] ipv6-address [ prefix-length ] { export | import } l2vpn evpn |
|
Reset BGP sessions of the BGP VPNv4 address family. |
reset bgp [ instance instance-name ] ipv6-address [ prefix-length ] l2vpn evpn |
Displaying and maintaining the running status of EVPN L3VPN over SRv6
Execute display commands in any view.
|
Task |
Command |
|
Display BGP EVPN route information. |
display bgp [ instance instance-name ] l2vpn evpn [ peer ipv4-address { advertised-routes | received-routes } [ statistics ] | route-distinguisher route-distinguisher [ route-type ip-prefix ] [ evpn-route route-length [ advertise-info ] ] | route-type { auto-discovery | es | imet | ip-prefix | mac-ip } | statistics ] |
|
Display information about SRv6 SIDs carried in the BGP EVPN routes advertised by the local device or received from the peer. |
display bgp [ instance instance-name ] l2vpn evpn { local-sids | received-sids } |
EVPN L3VPN over SRv6 configuration examples
Example: Configuring IPv4 EVPN L3VPN over SRv6 in SRv6 BE mode
Network configuration
As shown in Figure 11, the backbone network is an IPv6 network, and VPN 1 is an IPv4 network. Deploy EVPN L3VPN over SRv6 in SRv6 BE mode between PE 1 and PE 2 and use an SRv6 tunnel to transmit EVPN traffic between the PEs.
· Configure EBGP to exchange VPN routing information between the CEs and PEs.
· Configure IPv6 IS-IS on the PEs in the same AS to realize IPv6 network connectivity.
· Configure MP-IBGP to exchange EVPN routing information between the PEs.
Table 1 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
PE 2 |
Loop0 |
3::3/128 |
|
PE 1 |
Loop0 |
1::1/128 |
|
XGE0/0/15 |
10.2.1.1/24 |
|
|
XGE0/0/15 |
10.1.1.1/24 |
|
XGE0/0/16 |
2002::1/96 |
|
|
XGE0/0/16 |
2001::1/96 |
CE 2 |
XGE0/0/15 |
10.2.1.2/24 |
|
P |
Loop0 |
2::2/128 |
|
|
|
|
|
XGE0/0/15 |
2001::2/96 |
|
|
|
|
|
XGE0/0/16 |
2002::2/96 |
|
|
|
Procedure
1. Configure IPv6 IS-IS on the PEs and device P for network connectivity between the devices:
# Configure PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ipv6 address 2001::1 96
[PE1-Ten-GigabitEthernet0/0/16] isis ipv6 enable
[PE1-Ten-GigabitEthernet0/0/16] quit
# Configure P.
<P> system-view
[P] isis
[P-isis-1] is-level level-1
[P-isis-1] cost-style wide
[P-isis-1] network-entity 10.2222.2222.2222.00
[P-isis-1] address-family ipv6 unicast
[P-isis-1-ipv6] quit
[P-isis-1] quit
[P] interface loopback 0
[P-LoopBack0] ipv6 address 2::2 128
[P-LoopBack0] isis ipv6 enable
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 0/0/15
[P-Ten-GigabitEthernet0/0/15] ipv6 address 2001::2 96
[P-Ten-GigabitEthernet0/0/15] isis ipv6 enable
[P-Ten-GigabitEthernet0/0/15] quit
[P] interface ten-gigabitethernet 0/0/16
[P-Ten-GigabitEthernet0/0/16] ipv6 address 2002::2 96
[P-Ten-GigabitEthernet0/0/16] isis ipv6 enable
[P-Ten-GigabitEthernet0/0/16] quit
# Configure PE 2.
<PE2> system-view
[PE2] isis
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.3333.3333.3333.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 3::3 128
[PE2-LoopBack0] isis ipv6 enable
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 2002::1 96
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable
[PE2-Ten-GigabitEthernet0/0/16] quit
# Verify that PE 1, P, and PE 2 have established IPv6 IS-IS neighbor relationships and the neighbor state is up with the display isis peer command.
# Verify that PE 1 and PE 2 each learn a route destined for the loopback interface of each other with the display isis route ipv6 command.
2. Configure VPN instance settings on PE 1 and PE 2 and verify that each CE can access its local PE:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet0/0/15] ip address 10.2.1.1 24
[PE2-Ten-GigabitEthernet0/0/15] quit
# Configure IP addresses for the interfaces on the CEs, as shown in Figure 11. (Details not shown.)
# Display VPN instance settings on each PE. This step uses PE 1 as an example.
[PE1] display ip vpn-instance
Total VPN-Instances configured : 1
Total IPv4 VPN-Instances configured : 1
Total IPv6 VPN-Instances configured : 1
VPN-Instance Name RD Address family Create time
vpn1 100:1 N/A 2019/08/12 13:59:39
# Verify that each PE can ping its local CE. This step uses PE 1 and CE 1 as an example.
[PE1] ping -vpn-instance vpn1 10.1.1.2
Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=2.000 ms
56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=0.000 ms
56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=0.000 ms
56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms
--- Ping statistics for 10.1.1.2 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.600/2.000/0.800 ms
3. Set up an EBGP peer relationship between each PE and its local CE and distribute VPN routes to EBGP:
# Configure CE 1.
<CE1> system-view
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2 in the same way as CE 1 is configured. (Details not shown.)
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# Configure PE 2 in the same way PE 1 is configured. (Details not shown.)
# Verify that the PEs have established BGP peer relationships with their local CEs and the peers are in established state.
[PE1] display bgp peer ipv4 vpn-instance
[PE2] display bgp peer ipv4 vpn-instance
4. Set up an MP-IBGP peer relationship between PE 1 and PE 2:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 3::3 as-number 100
[PE1-bgp-default] peer 3::3 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Verify that the PEs have established a BGP peer relationship and the peers are in established state with the display bgp peer ipv4 vpn-instance command.
5. Specify a source address for the outer IPv6 header of SRv6-encapsulated IPv4 EVPN L3VPN packets on PE 1 and PE 2:
# Configure PE 1.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# Configure PE 2.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 3::3
6. Configure SRv6 locators on PEs to be advertised through IGP:
# Configure PE 1.
[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8
[PE1-segment-routing-ipv6-locator-aaa] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Configure PE 2.
[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8
[PE2-segment-routing-ipv6-locator-bbb] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
7. Add End.DT4 SIDs to private network routes on PE 1 and PE 2:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator bbb evpn
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Verify that the PEs have distributed the End.DT4 SIDs to the routing table and generated SRv6 routes. This step uses PE 1 as an example.
[PE1] display ipv6 routing-table protocol srv6
Summary count : 1
SRv6 Routing table status : <Active>
Summary count : 1
Destination: 1:2::101/128 Protocol : SRv6
NextHop : ::1 Preference: 4
Interface : InLoop0 Cost : 0
SRv6 Routing table status : <Inactive>
Summary count : 0
8. Enable IPv6 peers on the PEs to exchange End.DT4 SIDs and enable SRv6 BE mode:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Display BGP EVPN routing information on each PE and verify that the routes advertised by the PEs have the SID attribute. This step uses PE 1 as an example.
[PE1] display bgp l2vpn evpn [5][0][24][10.2.1.0]/80
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(vpn1)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][24][10.2.1.0]/80:
From : 3::3 (3.3.3.3)
Rely nexthop : FE80::2A96:34FF:FE9D:216
Original nexthop: 3::3
Out interface : Ten-GigabitEthernet0/0/16
Route age : 00h14m23s
OutLabel : NULL
Ext-Community : <RT: 111:1>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT4 SID <6:5::101>
…
Verifying the configuration
# Display IPv4 routing table information on the PEs and verify that each PE has a route destined for the remote CE and the next hop of the route is the locator of the End.DT4 SID. This step uses PE 1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.1 XGE0/0/15
10.1.1.0/32 Direct 0 0 10.1.1.1 XGE0/0/15
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.1 XGE0/0/15
10.2.1.0/24 BGP 255 0 6:5:: XGE0/0/16
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Example: Configuring IPv4 EVPN L3VPN over G-SRv6 (with COC32 locators of 32-bit G-SRv6 compression)
Network configuration
As shown in Figure 13, the backbone network is an IPv6 network, and VPN aaa is an IPv4 network. Deploy an SRv6 TE policy tunnel between PE 1 and PE 2 in the IPv6 network and use the SRv6 TE policy tunnel to transmit end-to-end VPN traffic.
· Because a large number of devices exist in the backbone network, the SID list for the optimal candidate path of the SRv6 TE policy contains many SRv6 SIDs. To reduce the SRH length for packets, use the G-SRv6 compression solution.
· The SRv6 nodes in the backbone network use COC32 locators, and assign SIDs with the COC flag from the COC32 locators.
· As shown in Figure 12, to prevent packet forwarding issues, appropriately plan the common prefix for the locators in the AS. Specify the common prefix as A:1:1:A:: with 64-bit length for COC32 locators on all devices. In addition, specify the IPv6 address prefix length for the locators as 80 bits, the static portion length for COC32 locators as 8 bits, and the Args portion length as 16 bits. Through calculation, the dynamic portion length in COC32 locators is 8 bits, and the MBZ length is 16 bits.
Figure 12 COC32 locator plan in the AS
|
Device |
Interfaces |
IP address |
Device |
Interfaces |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.1/30 |
CE 2 |
XGE0/0/16 |
20.1.1.1/30 |
|
|
Loop0 |
11.11.11.11/32 |
|
Loop0 |
22.22.22.22/32 |
|
PE 1 |
Loop0 |
1::1/128 |
PE 2 |
Loop0 |
5::5/128 |
|
|
XGE0/0/15 |
10.1.1.2/30 |
|
XGE0/0/16 |
20.1.1.2/30 |
|
|
XGE0/0/16 |
12:1:1::1/126 |
|
XGE0/0/15 |
45:1:1::2/126 |
|
P 1 |
Loop0 |
2::2/128 |
P 2 |
Loop0 |
3::3/128 |
|
|
XGE0/0/15 |
23:1:1::1/126 |
|
XGE0/0/15 |
23:1:1::2/126 |
|
|
XGE0/0/16 |
12:1:1::2/126 |
|
XGE0/0/16 |
34:1:1::1/126 |
|
P 3 |
Loop0 |
4::4/128 |
|
|
|
|
|
XGE0/0/15 |
45:1:1::1/126 |
|
|
|
|
|
XGE0/0/16 |
34:1:1::2/126 |
|
|
|
Procedure
1. Configure CE 1:
# Configure IP addresses for the interfaces.
<CE1> system-view
[CE1] sysname CE1
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.1 30
[CE1-Ten-GigabitEthernet0/0/15] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 11.11.11.11 32
[CE1-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE1] bgp 10
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure CE 2:
# Configure IP addresses for the interfaces.
<CE2> system-view
[CE2] sysname CE2
[CE2] interface ten-gigabitethernet 0/0/16
[CE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.1 30
[CE2-Ten-GigabitEthernet0/0/16] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 22.22.22.22 32
[CE2-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE2] bgp 20
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
3. Configure PE 1:
# Configure the VPN instance on PE 1 to connect the CE to PE.
<PE1> system-view
[PE1] sysname PE1
[PE1] ip vpn-instance aaa
[PE1-vpn-instance-aaa] route-distinguisher 100:1
[PE1-vpn-instance-aaa] vpn-target 200:1 both
[PE1-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip binding vpn-instance aaa
[PE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 30
[PE1-Ten-GigabitEthernet0/0/15] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::1 126
[PE1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE1] isis 1
[PE1-isis-1] is-level level-2
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet0/0/16] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
# Configure an SRv6 locator on the PE to be advertised by IGP, and enable SRv6 compression.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] srv6 compress enable
[PE1-segment-routing-ipv6] locator a ipv6-prefix A:1:1:A:1:: 80 common-prefix 64 coc32 static 8 args 16
[PE1-segment-routing-ipv6-locator-a] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator a auto-sid-coc32
[PE1-isis-1-ipv6] srv6 compress enable
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# Configure the source address of SBFD packets on PE 1.
[PE1] sbfd source-ipv6 1::1
# Configure a static SID list on the PE that contains SRv6 SIDs with the COC flag, specify the static SID list for an SRv6 TE policy, and enable SBFD for the SRv6 TE policy, ensuring that the SRv6 TE policy tunnel can forward services correctly.
In the static SID list:
¡ The first hop is the End.X(COC32) SID of the link from P 1 to P 2. The SRv6 SID in the encapsulated SRH is still 128 bits long without being compressed. The next SID will be compressed.
¡ The second hop is the End(COC32) SID of P 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long.
¡ The third hop is the End.X(COC32) SID of the link from P 3 to PE 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long.
¡ The fourth hop is the End SID of PE 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long. The next SID will not be compressed.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator a
[PE1-srv6-te] segment-list a
[PE1-srv6-te-sl-a] index 10 coc32 ipv6 A:1:1:A:2:20:: 64
[PE1-srv6-te-sl-a] index 20 coc32 ipv6 A:1:1:A:3:10:: 64
[PE1-srv6-te-sl-a] index 30 coc32 ipv6 A:1:1:A:4:20:: 64
[PE1-srv6-te-sl-a] index 40 ipv6 A:1:1:A:5:10::
[PE1-srv6-te-sl-a] quit
[PE1-srv6-te] policy a
[PE1-srv6-te-policy-a] color 10 end-point ipv6 5::5
[PE1-srv6-te-policy-a] sbfd enable remote 1000001
[PE1-srv6-te-policy-a] candidate-paths
[PE1-srv6-te-policy-a-path] preference 200
[PE1-srv6-te-policy-a-path-pref-200] explicit segment-list a
[PE1-srv6-te-policy-a-path-pref-200] quit
[PE1-srv6-te-policy-a-path] quit
[PE1-srv6-te-policy-a] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] peer 10.1.1.1 as-number 10
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE1-bgp-default] peer 5::5 as-number 100
[PE1-bgp-default] peer 5::5 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 1, and enable recursion of VPN routes to the SRv6 TE policy tunnel.
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 locator a evpn
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 traffic-engineering evpn
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
[PE1-bgp-default] quit
# Configure a routing policy and a tunnel policy on PE 1 to steer VPN service traffic to the specified SRv6 TE policy through the routing policy and ensure that the SRv6 TE policy is the optimal tunnel.
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 route-policy a import
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
4. Configure P 1:
# Configure IP addresses for the interfaces.
[P1] interface loopback 0
[P1-LoopBack0] ipv6 address 2::2 128
[P1-LoopBack0] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::1 126
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::2 126
[P1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P1] isis 1
[P1-isis-1] is-level level-2
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/16] quit
[P1] interface loopback 0
[P1-LoopBack0] isis ipv6 enable 1
[P1-LoopBack0] quit
# Configure an SRv6 locator on P 1 to be advertised by IGP, and enable SRv6 compression.
[P1] segment-routing ipv6
[P1-segment-routing-ipv6] srv6 compress enable
[P1-segment-routing-ipv6] locator b ipv6-prefix A:1:1:A:2:: 80 common-prefix 64 coc32 static 8 args 16
[P1-segment-routing-ipv6-locator-b] opcode 32 end-x-coc32 interface Ten-GigabitEthernet0/0/15 nexthop 23:1:1::2 no-flavor
[P1-segment-routing-ipv6-locator-b] quit
[P1-segment-routing-ipv6] quit
[P1] isis 1
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] segment-routing ipv6 locator b auto-sid-coc32
[P1-isis-1-ipv6] srv6 compress enable
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
5. Configure P 2:
# Configure IP addresses for the interfaces.
[P2] interface loopback 0
[P2-LoopBack0] ipv6 address 3::3 128
[P2-LoopBack0] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::2 126
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::1 126
[P2-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P2] isis 1
[P2-isis-1] is-level level-2
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/16] quit
[P2] interface loopback 0
[P2-LoopBack0] isis ipv6 enable 1
[P2-LoopBack0] quit
# Configure an SRv6 locator on P 2 to be advertised by IGP, and enable SRv6 compression.
[P2] segment-routing ipv6
[P2-segment-routing-ipv6] srv6 compress enable
[P2-segment-routing-ipv6] locator c ipv6-prefix A:1:1:A:3:: 80 common-prefix 64 coc32 static 8 args 16
[P2-segment-routing-ipv6-locator-c] opcode 16 end-coc32 no-flavor
[P2-segment-routing-ipv6-locator-c] quit
[P2-segment-routing-ipv6] quit
[P2] isis 1
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] segment-routing ipv6 locator c auto-sid-coc32
[P2-isis-1-ipv6] srv6 compress enable
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
6. Configure P 3:
# Configure IP addresses for the interfaces.
[P3] interface loopback 0
[P3-LoopBack0] ipv6 address 4::4 128
[P3-LoopBack0] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::1 126
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::2 126
[P3-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P3] isis 1
[P3-isis-1] is-level level-2
[P3-isis-1] cost-style wide
[P3-isis-1] network-entity 00.0000.0000.0004.00
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/16] quit
[P3] interface loopback 0
[P3-LoopBack0] isis ipv6 enable 1
[P3-LoopBack0] quit
# Configure an SRv6 locator on P 3 to be advertised by IGP, and enable SRv6 compression.
[P3] segment-routing ipv6
[P3-segment-routing-ipv6] srv6 compress enable
[P3-segment-routing-ipv6] locator d ipv6-prefix A:1:1:A:4:: 80 common-prefix 64 coc32 static 8 args 16
[P3-segment-routing-ipv6-locator-d] opcode 32 end-x-coc32 interface Ten-GigabitEthernet0/0/15 nexthop 45:1:1::2 no-flavor
[P3-segment-routing-ipv6-locator-d] quit
[P3-segment-routing-ipv6] quit
[P3] isis 1
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] segment-routing ipv6 locator d auto-sid-coc32
[P3-isis-1-ipv6] srv6 compress enable
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
7. Configure PE 2:
# Configure the VPN instance on PE 2 to connect the CE to PE.
<PE2> system-view
[PE2] sysname PE2
[PE2] ip vpn-instance aaa
[PE2-vpn-instance-aaa] route-distinguisher 100:1
[PE2-vpn-instance-aaa] vpn-target 200:1 both
[PE2-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 5::5 128
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ip binding vpn-instance aaa
[PE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.2 30
[PE2-Ten-GigabitEthernet0/0/16] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::2 126
[PE2-Ten-GigabitEthernet0/0/15] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE2] isis 1
[PE2-isis-1] is-level level-2
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0005.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/15] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Configure an SRv6 locator on the PE to be advertised by IGP, and enable SRv6 compression.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] srv6 compress enable
[PE2-segment-routing-ipv6] locator e ipv6-prefix A:1:1:A:5:: 80 common-prefix 64 coc32 static 8 args 16
[PE2-segment-routing-ipv6-locator-e] opcode 16 end no-flavor
[PE2-segment-routing-ipv6-locator-e] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator e auto-sid-coc32
[PE2-isis-1-ipv6] srv6 compress enable
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 5::5
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE2] bgp 100
[PE2-bgp-default] router-id 5.5.5.5
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] peer 20.1.1.1 as-number 20
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] peer 20.1.1.1 enable
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 2, and enable recursion of VPN routes to the SRv6 BE tunnel.
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 locator e evpn
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
[PE2-bgp-default] quit
# Specify the local discriminator for the SBFD session on PE 2, and make sure it is the same as the remote discriminator on PE 1.
[PE2] sbfd local-discriminator 1000001
Verifying the configuration
# On PE 1, execute the display segment-routing ipv6 te policy command to display detailed SRv6 TE policy information. Verify that the Status field for the SRv6 TE policy is Up, and the SID list state is Up.
<PE1> display segment-routing ipv6 te policy
Name/ID: a/0
Color: 10
End-point: 5::5
Name from BGP:
Name from PCE:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: A:1:1:A:1:104:: Explicit BSID: - Dynamic BSID: A:1:1:A:1:104::
Reference counts: 5
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2023-08-04 16:21:25
Down time: 2023-08-04 16:13:02
Hot backup: Disabled
Statistics: Disabled
Statistics by service class: Disabled
Path verification: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Enabled
Encapsulation mode: -
Remote: 1000001
SBFD template name: -
SBFD backup template name: -
OAM SID: -
Reverse path type: None
BFD Echo: Disabled
BFD no-bypass: Disabled
Forward no-bypass: Disabled
Forwarding index: 2150629377
Association ID: 0
Service-class: -
Rate-limit: -
PCE delegation: Disabled
PCE delegate report-only: Disabled
Reoptimization: Disabled
Encapsulation mode: -
Flapping suppression Remaining interval: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0
Candidate paths:
Preference : 200
Network slice ID: -
CPathName:
CPathPolicyName:
ProtoOrigin: CLI Discriminator: 200
Instance ID: 0 Node address: 0.0.0.0
Originator: 0, ::
Optimal: Y Flags: V/A
Dynamic: Not configured
PCEP: Not configured
Explicit SID list:
ID: 1 Name: a
Weight: 1 Forwarding index: 2149580802
State: Up State(SBFD): Up
Verification State: -
Path MTU: 1500 Path MTU Reserved: 0
SID list flags: None
Local BSID: -
Reverse BSID: -
# On PE 1, execute the display bgp l2vpn evpn command to display detailed information about the route sent by PE 2. Verify that the route sent by PE 2 carries the PrefixSID attribute data.
<PE1> display bgp l2vpn evpn [5][0][32][22.22.22.22] 80
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(aaa)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][32][22.22.22.22]/80:
From : 5::5 (5.5.5.5)
Rely nexthop : FE80::1AF8:23FF:FE50:207
Original nexthop: 5::5
Out interface : Ten-GigabitEthernet0/0/16
Route age : 00h00m39s
OutLabel : 3
Ext-Community : <RT: 200:1>, <CO-Flag:Color(00:10)>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT4 SID <A:1:1:A:5:104::>
SRv6 Service TLV (37 bytes):
Type: SRV6 L3 Service TLV (5)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes):
Type: 1 Length: 30, Rsvdl: 0x0
SID Flags: 0x0 Endpoint behavior: 0x13 Rsvd2: 0x0
SRv6 SID Sub-Sub-TLV:
Type: 1 Len: 6
BL: 64 NL: 16 FL: 16 AL: 16 TL: 0 TO: 0
AS-path : 20
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
Source type : local
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 22.22.22.22/32
Gateway address : 0.0.0.0
MPLS label : 3
Tunnel policy : NULL
Rely tunnel IDs : N/A
Re-origination : Disable
# On PE 1, execute the display ip routing-table vpn-instance command. Verify that VPN route 22.22.22.22 is available to CE 2, and the output interface for the route is SRv6 TE policy tunnel a.
Take PE 1 as an example:
<PE1> display ip routing-table vpn-instance aaa
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/30 Direct 0 0 10.1.1.2 XGE0/0/15
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE0/0/15
10.1.1.3/32 Direct 0 0 10.1.1.2 XGE0/0/15
11.11.11.11/32 BGP 255 0 10.1.1.1 XGE0/0/15
20.1.1.0/30 BGP 255 0 5::5 a
22.22.22.22/32 BGP 255 0 5::5 a
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# From source IP address 11.11.11.11 on CE 1, ping destination IP address 22.22.22.22 on CE 2. Verify that the ping operation is successful. Capture packets on the forwarding interfaces of the devices such as PE 1 to verify that the second-, third-, and fourth-hop SIDs are all compressed to 32 bits in the static SID list of the SRH. Compression is implemented through G-SRv6.
Example: Configuring IPv4 EVPN L3VPN over G-SRv6 (with COC-both locators of 32-bit G-SRv6 compression)
Network configuration
As shown in Figure 15, the backbone network is an IPv6 network, and VPN aaa is an IPv4 network. Deploy an SRv6 TE policy tunnel between PE 1 and PE 2 in the IPv6 network and use the SRv6 TE policy tunnel to transmit end-to-end VPN traffic.
· Because a large number of devices exist in the backbone network, the SID list for the optimal candidate path of the SRv6 TE policy contains many SRv6 SIDs. To reduce the SRH length for packets, use the G-SRv6 compression solution.
· The SRv6 nodes in the backbone network use COC-both locators, and dynamically assign various types of SRv6 SIDs from the COC-both locators. Execute the display segment-routing ipv6 local-sid command on each SRv6 node to display local Srv6 SIDs. Add the SRv6 SIDs in the appropriate order to the SID list of the SRv6 TE policy.
· As shown in Figure 14, to prevent packet forwarding issues, appropriately plan the common prefix for the locators in the AS. Specify the common prefix as A:2:2:A:: with 64-bit length for COC-both locators on all devices. In addition, specify the IPv6 address prefix length for the locators as 80 bits, the compressible static portion length (C-SID Static) for COC-both locators as 8 bits, the non-compressible static portion length (NC-SID Static) as 8 bits, and the Args portion length as 16 bits. Through calculation, the compressible dynamic portion length (C-SID Dynamic) is 8 bits, and the non-compressible static portion length (NC-SID Static) is 8 bits.
· In the compressible SID (C-SID) range, you can dynamically assign or statically specify SIDs with the COC flag, for example, End(COC32) SIDs and End.X(COC32) SIDs. You can also dynamically assign or statically specify SIDs without the COC flag, for example, End(COCNONE) SIDs and End.X(COCNONE) SIDs. In the non-compressible SID (NC-SID) range, you can assign common SIDs, for example, End SIDs and End.X SIDs.
Figure 14 COC-both locator plan in the AS
|
Device |
Interfaces |
IP address |
Device |
Interfaces |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.1/30 |
CE 2 |
XGE0/0/16 |
20.1.1.1/30 |
|
|
Loop0 |
11.11.11.11/32 |
|
Loop0 |
22.22.22.22/32 |
|
PE 1 |
Loop0 |
1::1/128 |
PE 2 |
Loop0 |
5::5/128 |
|
|
XGE0/0/15 |
10.1.1.2/30 |
|
XGE0/0/16 |
20.1.1.2/30 |
|
|
XGE0/0/16 |
12:1:1::1/126 |
|
XGE0/0/15 |
45:1:1::2/126 |
|
P 1 |
Loop0 |
2::2/128 |
P 2 |
Loop0 |
3::3/128 |
|
|
XGE0/0/15 |
23:1:1::1/126 |
|
XGE0/0/15 |
23:1:1::2/126 |
|
|
XGE0/0/16 |
12:1:1::2/126 |
|
XGE0/0/16 |
34:1:1::1/126 |
|
P 3 |
Loop0 |
4::4/128 |
|
|
|
|
|
XGE0/0/15 |
45:1:1::1/126 |
|
|
|
|
|
XGE0/0/16 |
34:1:1::2/126 |
|
|
|
Procedure
1. Configure CE 1:
# Configure IP addresses for the interfaces.
<CE1> system-view
[CE1] sysname CE1
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.1 30
[CE1-Ten-GigabitEthernet0/0/15] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 11.11.11.11 32
[CE1-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE1] bgp 10
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure CE 2:
# Configure IP addresses for the interfaces.
<CE2> system-view
[CE2] sysname CE2
[CE2] interface ten-gigabitethernet 0/0/16
[CE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.1 30
[CE2-Ten-GigabitEthernet0/0/16] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 22.22.22.22 32
[CE2-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE2] bgp 20
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
3. Configure PE 1:
# Configure the VPN instance on PE 1 to connect the CE to PE.
<PE1> system-view
[PE1] sysname PE1
[PE1] ip vpn-instance aaa
[PE1-vpn-instance-aaa] route-distinguisher 100:1
[PE1-vpn-instance-aaa] vpn-target 200:1 both
[PE1-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip binding vpn-instance aaa
[PE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 30
[PE1-Ten-GigabitEthernet0/0/15] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::1 126
[PE1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE1] isis 1
[PE1-isis-1] is-level level-2
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet0/0/16] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
# Configure an SRv6 locator on the PE to be advertised by IGP, and enable SRv6 compression.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] srv6 compress enable
[PE1-segment-routing-ipv6] locator ax ipv6-prefix A:2:2:A:1:: 80 common-prefix 64 coc-both non-compress-static 8 static 8 args 16
[PE1-segment-routing-ipv6-locator-ax] quit
[PE1-segment-routing-ipv6] quit
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator ax auto-sid-coc-both coc32
[PE1-isis-1-ipv6] srv6 compress enable
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# Configure the source address of SBFD packets on PE 1.
[PE1] sbfd source-ipv6 1::1
# Configure a static SID list on the PE that contains SRv6 SIDs with the COC flag, specify the static SID list for an SRv6 TE policy, and enable SBFD for the SRv6 TE policy, ensuring that the SRv6 TE policy tunnel can forward services correctly.
In the static SID list:
¡ The first hop is the End.X(COC32) SID of the link from P 1 to P 2. The SRv6 SID in the encapsulated SRH is still 128 bits long without being compressed. The next SID will be compressed. After configuring P1, you can execute the display segment-routing ipv6 local-sid command to obtain information about dynamically allocated End.X(COC32) SIDs.
¡ The second hop is the End(COC32) SID of P 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long. After configuring P 2, you can execute the display segment-routing ipv6 local-sid command to obtain information about dynamically allocated End(COC32) SIDs.
¡ The third hop is the End.X(COC32) SID of the link from P 3 to PE 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long. After configuring P 3, you can execute the display segment-routing ipv6 local-sid command to obtain information about dynamically allocated End.X(COC32) SIDs.
¡ The fourth hop is the End SID of PE 2. The SRv6 SID in the encapsulated SRH is compressed to 32 bits long. The next SID will not be compressed. After configuring PE 2, you can execute the display segment-routing ipv6 local-sid command to obtain information about dynamically allocated End(COCNONE) SIDs.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator ax
[PE1-srv6-te] segment-list b
[PE1-srv6-te-sl-b] index 10 coc32 ipv6 A:2:2:A:2:10A:: 64
[PE1-srv6-te-sl-b] index 20 coc32 ipv6 A:2:2:A:3:101:: 64
[PE1-srv6-te-sl-b] index 30 coc32 ipv6 A:2:2:A:4:104:: 64
[PE1-srv6-te-sl-b] index 40 ipv6 A:2:2:A:5:103::
[PE1-srv6-te-sl-b] quit
[PE1-srv6-te] policy a
[PE1-srv6-te-policy-a] color 10 end-point ipv6 5::5
[PE1-srv6-te-policy-a] sbfd enable remote 1000001
[PE1-srv6-te-policy-a] candidate-paths
[PE1-srv6-te-policy-a-path] preference 200
[PE1-srv6-te-policy-a-path-pref-200] explicit segment-list b
[PE1-srv6-te-policy-a-path-pref-200] quit
[PE1-srv6-te-policy-a-path] quit
[PE1-srv6-te-policy-a] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] peer 10.1.1.1 as-number 10
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE1-bgp-default] peer 5::5 as-number 100
[PE1-bgp-default] peer 5::5 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 1, and enable recursion of VPN routes to the SRv6 TE policy tunnel.
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 locator ax evpn
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 traffic-engineering evpn
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
[PE1-bgp-default] quit
# Configure a routing policy and a tunnel policy on PE 1 to steer VPN service traffic to the specified SRv6 TE policy through the routing policy and ensure that the SRv6 TE policy is the optimal tunnel.
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 route-policy a import
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
4. Configure P 1:
# Configure IP addresses for the interfaces.
[P1] interface loopback 0
[P1-LoopBack0] ipv6 address 2::2 128
[P1-LoopBack0] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::1 126
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::2 126
[P1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P1] isis 1
[P1-isis-1] is-level level-2
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/16] quit
[P1] interface loopback 0
[P1-LoopBack0] isis ipv6 enable 1
[P1-LoopBack0] quit
# Configure an SRv6 locator on P 1 to be advertised by IGP, and enable SRv6 compression.
[P1] segment-routing ipv6
[P1-segment-routing-ipv6] srv6 compress enable
[P1-segment-routing-ipv6] locator bx ipv6-prefix A:2:2:A:2:: 80 common-prefix 64 coc-both non-compress-static 8 static 8 args 16
[P1-segment-routing-ipv6-locator-bx] quit
[P1-segment-routing-ipv6] quit
[P1] isis 1
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] segment-routing ipv6 locator bx auto-sid-coc-both coc32-all
[P1-isis-1-ipv6] srv6 compress enable
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
5. Configure P 2:
# Configure IP addresses for the interfaces.
[P2] interface loopback 0
[P2-LoopBack0] ipv6 address 3::3 128
[P2-LoopBack0] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::2 126
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::1 126
[P2-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P2] isis 1
[P2-isis-1] is-level level-2
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/16] quit
[P2] interface loopback 0
[P2-LoopBack0] isis ipv6 enable 1
[P2-LoopBack0] quit
# Configure an SRv6 locator on P 2 to be advertised by IGP, and enable SRv6 compression.
[P2] segment-routing ipv6
[P2-segment-routing-ipv6] srv6 compress enable
[P2-segment-routing-ipv6] locator cx ipv6-prefix A:2:2:A:3:: 80 common-prefix 64 coc-both non-compress-static 8 static 8 args 16
[P2-segment-routing-ipv6-locator-cx] quit
[P2-segment-routing-ipv6] quit
[P2] isis 1
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] segment-routing ipv6 locator cx auto-sid-coc-both all
[P2-isis-1-ipv6] srv6 compress enable
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
6. Configure P 3:
# Configure IP addresses for the interfaces.
[P3] interface loopback 0
[P3-LoopBack0] ipv6 address 4::4 128
[P3-LoopBack0] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::1 126
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::2 126
[P3-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P3] isis 1
[P3-isis-1] is-level level-2
[P3-isis-1] cost-style wide
[P3-isis-1] network-entity 00.0000.0000.0004.00
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/16] quit
[P3] interface loopback 0
[P3-LoopBack0] isis ipv6 enable 1
[P3-LoopBack0] quit
# Configure an SRv6 locator on P 3 to be advertised by IGP, and enable SRv6 compression.
[P3] segment-routing ipv6
[P3-segment-routing-ipv6] srv6 compress enable
[P3-segment-routing-ipv6] locator dx ipv6-prefix A:2:2:A:4:: 80 common-prefix 64 coc-both non-compress-static 8 static 8 args 16
[P3-segment-routing-ipv6-locator-dx] quit
[P3-segment-routing-ipv6] quit
[P3] isis 1
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] segment-routing ipv6 locator dx auto-sid-coc-both coc32
[P3-isis-1-ipv6] srv6 compress enable
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
7. Configure PE 2:
# Configure the VPN instance on PE 2 to connect the CE to PE.
<PE2> system-view
[PE2] sysname PE2
[PE2] ip vpn-instance aaa
[PE2-vpn-instance-aaa] route-distinguisher 100:1
[PE2-vpn-instance-aaa] vpn-target 200:1 both
[PE2-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 5::5 128
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ip binding vpn-instance aaa
[PE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.2 30
[PE2-Ten-GigabitEthernet0/0/16] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::2 126
[PE2-Ten-GigabitEthernet0/0/15] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE2] isis 1
[PE2-isis-1] is-level level-2
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0005.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/15] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Configure an SRv6 locator on the PE to be advertised by IGP, and enable SRv6 compression.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] srv6 compress enable
[PE2-segment-routing-ipv6] locator ex ipv6-prefix A:2:2:A:5:: 80 common-prefix 64 coc-both non-compress-static 8 static 8 args 16
[PE2-segment-routing-ipv6-locator-e] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator ex auto-sid-coc-both all
[PE2-isis-1-ipv6] srv6 compress enable
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 5::5
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE2] bgp 100
[PE2-bgp-default] router-id 5.5.5.5
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] peer 20.1.1.1 as-number 20
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] peer 20.1.1.1 enable
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 2, and enable recursion of VPN routes to the SRv6 BE tunnel.
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 locator ex evpn
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
[PE2-bgp-default] quit
# Specify the local discriminator for the SBFD session on PE 2, and make sure it is the same as the remote discriminator on PE 1.
[PE2] sbfd local-discriminator 1000001
Verifying the configuration
# On PE 1, execute the display segment-routing ipv6 te policy command to display detailed SRv6 TE policy information. Verify that the Status field for the SRv6 TE policy is Up, and the SID list state is Up.
<PE1> display segment-routing ipv6 te policy
Name/ID: a/0
Color: 10
End-point: 5::5
Name from BGP:
Name from PCE:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: A:2:2:A:1:0:101:0 Explicit BSID: - Dynamic BSID: A:2:2:A:1:0:101:0
Reference counts: 5
Flags: A/BS/NC
Status: Up
AdminStatus: Up
Up time: 2023-08-06 16:31:34
Down time: 2023-08-06 16:29:20
Hot backup: Disabled
Statistics: Disabled
Statistics by service class: Disabled
Path verification: Not configured
Drop-upon-invalid: Disabled
BFD trigger path-down: Disabled
SBFD: Enabled
Encapsulation mode: -
Remote: 1000001
SBFD template name: -
SBFD backup template name: -
OAM SID: -
Reverse path type: None
BFD Echo: Disabled
BFD no-bypass: Disabled
Forward no-bypass: Disabled
Forwarding index: 2150629378
Association ID: 0
Service-class: -
Rate-limit: -
PCE delegation: Disabled
PCE delegate report-only: Disabled
Reoptimization: Disabled
Encapsulation mode: -
Flapping suppression Remaining interval: -
Candidate paths state: Configured
Candidate paths statistics:
CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0
Candidate paths:
Preference : 100
Network slice ID: -
CPathName:
CPathPolicyName:
ProtoOrigin: CLI Discriminator: 100
Instance ID: 0 Node address: 0.0.0.0
Originator: 0, ::
Optimal: Y Flags: V/A
Dynamic: Not configured
PCEP: Not configured
Explicit SID list:
ID: 2 Name: b
Weight: 1 Forwarding index: 2149580805
State: Up State(SBFD): Up
Verification State: -
Path MTU: 1500 Path MTU Reserved: 0
SID list flags: None
Local BSID: -
Reverse BSID: -
# On PE 1, execute the display bgp l2vpn evpn command to display detailed information about the route sent by PE 2. Verify that the route sent by PE 2 carries the PrefixSID attribute data.
<PE1> display bgp l2vpn evpn [5][0][32][22.22.22.22] 80
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(aaa)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][32][22.22.22.22]/80:
From : 5::5 (5.5.5.5)
Rely nexthop : FE80::1AF8:23FF:FE50:207
Original nexthop: 5::5
Out interface : Ten-GigabitEthernet0/0/16
Route age : 00h00m39s
OutLabel : 3
Ext-Community : <RT: 200:1>, <CO-Flag:Color(00:10)>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT4 SID <<A:2:2:A:5:0:107:0>
SRv6 Service TLV (37 bytes):
Type: SRV6 L3 Service TLV (5)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes):
Type: 1 Length: 30, Rsvdl: 0x0
SID Flags: 0x0 Endpoint behavior: 0x13 Rsvd2: 0x0
SRv6 SID Sub-Sub-TLV:
Type: 1 Len: 6
BL: 64 NL: 16 FL: 16 AL: 16 TL: 0 TO: 0
AS-path : 20
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
Source type : local
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 22.22.22.22/32
Gateway address : 0.0.0.0
MPLS label : 3
Tunnel policy : NULL
Rely tunnel IDs : N/A
Re-origination : Disable
# On PE 1, execute the display ip routing-table vpn-instance command. Verify that VPN route 22.22.22.22 is available to CE 2, and the output interface for the route is SRv6 TE policy tunnel a.
Take PE 1 as an example:
<PE1> display ip routing-table vpn-instance aaa
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/30 Direct 0 0 10.1.1.2 XGE0/0/15
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE0/0/15
10.1.1.3/32 Direct 0 0 10.1.1.2 XGE0/0/15
11.11.11.11/32 BGP 255 0 10.1.1.1 XGE0/0/15
20.1.1.0/30 BGP 255 0 5::5 a
22.22.22.22/32 BGP 255 0 5::5 a
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# From source IP address 11.11.11.11 on CE 1, ping destination IP address 22.22.22.22 on CE 2. Verify that the ping operation is successful. Capture packets on the forwarding interfaces of the devices such as PE 1 to verify that the second-, third-, and fourth-hop SIDs are all compressed to 32 bits in the static SID list of the SRH. Compression is implemented through G-SRv6.
Example: Configuring IPv4 EVPN L3VPN over G-SRv6 (with COC16 locators of 16-bit G-SRv6 compression)
Network configuration
As shown in Figure 17, the backbone network is an IPv6 network, and VPN aaa is an IPv4 network. Deploy an SRv6 TE policy tunnel between PE 1 and PE 2 in the IPv6 network and use the SRv6 TE policy tunnel to transmit end-to-end VPN traffic. EVPN routes are used at the control plane to transmit private network routes.
· The SID list for the optimal candidate path of the SRv6 TE policy contains many SRv6 SIDs. To reduce the SRH length for packets, use the 16-bit G-SRv6 compression solution.
· The SRv6 nodes in the backbone network use locators that support assigning 16-bit G-SIDs, and dynamically assign various types of SRv6 SIDs from the locators. Execute the display segment-routing ipv6 local-sid command on each SRv6 node to display local Srv6 SIDs. Add the SRv6 SIDs in the appropriate order to the SID list of the SRv6 TE policy.
· As shown in Figure 16, to prevent packet forwarding issues, appropriately plan the common prefix for the locators in the AS. Specify the common prefix as A:2:2:A:: with 64-bit length for locators on all devices. In addition, specify the IPv6 address prefix length for the locators as 80 bits, the compressible static portion length (C-SID Static) for the locators as 8 bits, the non-compressible static portion length (NC-SID Static) as 16 bits, and the Args portion length as 0 bits. Through calculation, the compressible dynamic portion length (C-SID Dynamic) is 8 bits, and the non-compressible static portion length (NC-SID Static) is 16 bits.
· In the compressible SID (C-SID) range, you can dynamically assign or statically specify SIDs with the COC flag. You can also dynamically assign or statically specify SIDs without the COC flag. In the non-compressible SID (NC-SID) range, you can assign only common SIDs.
Figure 16 Locator plan in the AS
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.1/30 |
CE 2 |
XGE0/0/16 |
20.1.1.1/30 |
|
|
Loop0 |
11.11.11.11/32 |
|
Loop0 |
22.22.22.22/32 |
|
PE 1 |
Loop0 |
1::1/128 |
PE 2 |
Loop0 |
5::5/128 |
|
|
XGE0/0/15 |
10.1.1.2/30 |
|
XGE0/0/16 |
20.1.1.2/30 |
|
|
XGE0/0/16 |
12:1:1::1/126 |
|
XGE0/0/15 |
45:1:1::2/126 |
|
P 1 |
Loop0 |
2::2/128 |
P 2 |
Loop0 |
3::3/128 |
|
|
XGE0/0/15 |
23:1:1::1/126 |
|
XGE0/0/15 |
23:1:1::2/126 |
|
|
XGE0/0/16 |
12:1:1::2/126 |
|
XGE0/0/16 |
34:1:1::1/126 |
|
P 3 |
Loop0 |
4::4/128 |
|
|
|
|
|
XGE0/0/15 |
45:1:1::1/126 |
|
|
|
|
|
XGE0/0/16 |
34:1:1::2/126 |
|
|
|
Procedures
1. Configuring CE 1
# Configure IP addresses for the interfaces.
<CE1> system-view
[CE1] sysname CE1
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.1 30
[CE1-Ten-GigabitEthernet0/0/15] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 11.11.11.11 32
[CE1-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE1] bgp 10
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configuring CE 2
# Configure IP addresses for the interfaces.
<CE2> system-view
[CE2] sysname CE2
[CE2] interface ten-gigabitethernet 0/0/16
[CE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.1 30
[CE2-Ten-GigabitEthernet0/0/16] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 22.22.22.22 32
[CE2-LoopBack0] quit
# Create EBGP peers between the PE and CE, and import direct routes.
[CE2] bgp 20
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
3. Configuring PE 1
# Configure the VPN instance on PE 1 to connect the CE to PE.
<PE1> system-view
[PE1] sysname PE1
[PE1] ip vpn-instance aaa
[PE1-vpn-instance-aaa] route-distinguisher 100:1
[PE1-vpn-instance-aaa] vpn-target 200:1 both
[PE1-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE1] interface loopback 0
[PE1-LoopBack0] ipv6 address 1::1 128
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip binding vpn-instance aaa
[PE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 30
[PE1-Ten-GigabitEthernet0/0/15] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::1 126
[PE1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE1] isis 1
[PE1-isis-1] is-level level-2
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE1-Ten-GigabitEthernet0/0/16] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis ipv6 enable 1
[PE1-LoopBack0] quit
# Configure an SRv6 locator on the PE, and enable SRv6 compression.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] srv6 compress enable
[PE1-segment-routing-ipv6] locator ax ipv6-prefix A:2:2:A:1:: 80 compress-16 non-compress-static 16 static 8
# Configure static compressible End.X SIDs on the PE.
[PE1-segment-routing-ipv6-locator-ax] opcode 32 end-x interface ten-gigabitethernet 0/0/16 nexthop 12:1:1::2 compress coc-next
[PE1-segment-routing-ipv6-locator-ax] quit
[PE1-segment-routing-ipv6] quit
# Execute the display segment-routing ipv6 local-sid end-x command to identify whether the configured static compressible End.X SIDs are successfully allocated, and examine the value for the 16-bit C-SID portion in the End.X SIDs. Note that the value range for the highest 4 bits of a 16-bit G-SID in the LIB is fixed at 0xE to 0xF.
[PE1] display segment-routing ipv6 local-sid end-x
Local SID forwarding table (End.X)
Total SIDs: 5
SID : A:2:2:A:1:E020::/80
Function type : End.X Flavor : COC,NEXT
Locator name : ax Allocation type: Static
Flag : - State : Active
Owner : SIDMGR Paths : 1
Path Index : 0
Interface : 错误!未提供文档变量。 Interface index: 0x2
Next hop : 12:1:1::2 Weight : 1
Create Time : Feb 10 11:22:17.360 2025
…
# Configure IS-IS to advertise the compressible SRv6 locator, and enable SRv6 compression.
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator ax
[PE1-isis-1-ipv6] srv6 compress enable
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# Configure the source address of SBFD packets on PE 1.
[PE1] sbfd source-ipv6 1::1
# Configure a static SID list on the PE, specify the static SID list for an SRv6 TE policy, and enable SBFD for the SRv6 TE policy, ensuring that the SRv6 TE policy tunnel can forward services correctly.
In the static SID list:
¡ The first hop is the End.X SID of the link from PE 1 to P 1. The End.X SID carries the COC&NEXT flavor. When the SRv6 packet is encapsulated, the 16-bit C-SID portion in the End.X SID is encapsulated in the packet to implement G-SID compression, and the next SID will continue to be compressed.
¡ The second hop is the End SID of P 2. This SID carries the COC&NEXT flavor. The 16-bit Node ID in the End SID is encapsulated in the SRv6 packet, and the next SID will continue to be compressed.
¡ The third hop is the End SID of P 3. The SID carries the COC&NEXT flavor. The 16-bit Node ID in the End SID is encapsulated in the SRv6 packet, and the next SID will continue to be compressed.
¡ The fourth hop is the End SID of PE 2. This SID carries the COC&NEXT flavor. The 16-bit Node ID in the End SID is encapsulated in the SRv6 packet. The next SID is an End.DT4 SID assigned by BGP to VPN routes, which can also be compressed.
¡ When encapsulating the compressed SRv6 packet, the device encapsulates the following items in sequence in the destination IPv6 address: 64-bit common prefix, first-hop 16-bit C-SID, second-hop 16-bit Node ID, third-hop 16-bit Node ID, and fourth-hop 16-bit Node ID. The total length of the previous items is 128 bits. The End.DT4 SID assigned by BGP to VPN routes is encapsulated in SID[0] of the SID list in the SRH.
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] traffic-engineering
[PE1-srv6-te] srv6-policy locator ax
[PE1-srv6-te] segment-list b
[PE1-srv6-te-sl-b] index 10 compress-16 ipv6 A:2:2:A:E020:: block 64 node-length 0 function-length 16 compress-flavor coc-next
[PE1-srv6-te-sl-b] index 20 compress-16 ipv6 A:2:2:A:3:: block 64 node-length 16 function-length 0 compress-flavor coc-next
[PE1-srv6-te-sl-b] index 30 compress-16 ipv6 A:2:2:A:4:: block 64 node-length 16 function-length 0 compress-flavor coc-next
[PE1-srv6-te-sl-b] index 40 compress-16 ipv6 A:2:2:A:5:: block 64 node-length 16 function-length 0 compress-flavor coc-next
[PE1-srv6-te-sl-b] quit
[PE1-srv6-te] policy a
[PE1-srv6-te-policy-a] color 10 end-point ipv6 5::5
[PE1-srv6-te-policy-a] sbfd enable remote 1000001
[PE1-srv6-te-policy-a] candidate-paths
[PE1-srv6-te-policy-a-path] preference 200
[PE1-srv6-te-policy-a-path-pref-200] explicit segment-list b
[PE1-srv6-te-policy-a-path-pref-200] quit
[PE1-srv6-te-policy-a-path] quit
[PE1-srv6-te-policy-a] quit
[PE1-srv6-te] quit
[PE1-segment-routing-ipv6] quit
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] peer 10.1.1.1 as-number 10
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE1-bgp-default] peer 5::5 as-number 100
[PE1-bgp-default] peer 5::5 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 enable
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 1, and enable recursion of VPN routes to the SRv6 TE policy tunnel.
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 advertise encap-type srv6
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance aaa
[PE1-bgp-default-aaa] address-family ipv4 unicast
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 locator ax evpn compress-16
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 traffic-engineering evpn
[PE1-bgp-default-ipv4-aaa] segment-routing ipv6 apply-sid compress coc-next evpn
[PE1-bgp-default-ipv4-aaa] quit
[PE1-bgp-default-aaa] quit
[PE1-bgp-default] quit
# Configure a routing policy and a tunnel policy on PE 1 to steer VPN service traffic to the specified SRv6 TE policy through the routing policy and ensure that the SRv6 TE policy is the optimal tunnel.
[PE1] route-policy a permit node 10
[PE1-route-policy-a-10] apply extcommunity color 00:10
[PE1-route-policy-a-10] quit
[PE1] bgp 100
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 5::5 route-policy a import
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy a
[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1
[PE1-tunnel-policy-a] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy a
[PE1-vpn-instance-vpn1] quit
4. Configure P 1:
# Configure IP addresses for the interfaces.
[P1] interface loopback 0
[P1-LoopBack0] ipv6 address 2::2 128
[P1-LoopBack0] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::1 126
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] ipv6 address 12:1:1::2 126
[P1-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P1] isis 1
[P1-isis-1] is-level level-2
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface ten-gigabitethernet 0/0/15
[P1-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/15] quit
[P1] interface ten-gigabitethernet 0/0/16
[P1-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P1-Ten-GigabitEthernet0/0/16] quit
[P1] interface loopback 0
[P1-LoopBack0] isis ipv6 enable 1
[P1-LoopBack0] quit
# Configure an SRv6 locator on P 1 to be advertised by IGP, and enable SRv6 compression.
[P1] segment-routing ipv6
[P1-segment-routing-ipv6] srv6 compress enable
[P1-segment-routing-ipv6] locator bx ipv6-prefix A:2:2:A:2:: 80 compress-16 non-compress-static 16 static 8
[P1-segment-routing-ipv6-locator-bx] quit
[P1-segment-routing-ipv6] quit
[P1] isis 1
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] segment-routing ipv6 locator bx
[P1-isis-1-ipv6] srv6 compress enable
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
5. Configure P 2:
# Configure IP addresses for the interfaces.
[P2] interface loopback 0
[P2-LoopBack0] ipv6 address 3::3 128
[P2-LoopBack0] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] ipv6 address 23:1:1::2 126
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::1 126
[P2-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P2] isis 1
[P2-isis-1] is-level level-2
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface ten-gigabitethernet 0/0/15
[P2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/15] quit
[P2] interface ten-gigabitethernet 0/0/16
[P2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P2-Ten-GigabitEthernet0/0/16] quit
[P2] interface loopback 0
[P2-LoopBack0] isis ipv6 enable 1
[P2-LoopBack0] quit
# Configure an SRv6 locator on P 2 to be advertised by IGP, and enable SRv6 compression.
[P2] segment-routing ipv6
[P2-segment-routing-ipv6] srv6 compress enable
[P2-segment-routing-ipv6] locator cx ipv6-prefix A:2:2:A:3:: 80 compress-16 non-compress-static 16 static 8
[P2-segment-routing-ipv6-locator-cx] quit
[P2-segment-routing-ipv6] quit
[P2] isis 1
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] segment-routing ipv6 locator cx
[P2-isis-1-ipv6] srv6 compress enable
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
6. Configure P 3:
# Configure IP addresses for the interfaces.
[P3] interface loopback 0
[P3-LoopBack0] ipv6 address 4::4 128
[P3-LoopBack0] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::1 126
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] ipv6 address 34:1:1::2 126
[P3-Ten-GigabitEthernet0/0/16] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[P3] isis 1
[P3-isis-1] is-level level-2
[P3-isis-1] cost-style wide
[P3-isis-1] network-entity 00.0000.0000.0004.00
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
[P3] interface ten-gigabitethernet 0/0/15
[P3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/15] quit
[P3] interface ten-gigabitethernet 0/0/16
[P3-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[P3-Ten-GigabitEthernet0/0/16] quit
[P3] interface loopback 0
[P3-LoopBack0] isis ipv6 enable 1
[P3-LoopBack0] quit
# Configure an SRv6 locator on P 3 to be advertised by IGP, and enable SRv6 compression.
[P3] segment-routing ipv6
[P3-segment-routing-ipv6] srv6 compress enable
[P3-segment-routing-ipv6] locator dx ipv6-prefix A:2:2:A:4:: 80 compress-16 non-compress-static 16 static 8
[P3-segment-routing-ipv6-locator-dx] quit
[P3-segment-routing-ipv6] quit
[P3] isis 1
[P3-isis-1] address-family ipv6 unicast
[P3-isis-1-ipv6] segment-routing ipv6 locator dx auto-sid-coc-both coc32
[P3-isis-1-ipv6] srv6 compress enable
[P3-isis-1-ipv6] quit
[P3-isis-1] quit
7. Configuring PE 2
# Configure the VPN instance on PE 2 to connect the CE to PE.
<PE2> system-view
[PE2] sysname PE2
[PE2] ip vpn-instance aaa
[PE2-vpn-instance-aaa] route-distinguisher 100:1
[PE2-vpn-instance-aaa] vpn-target 200:1 both
[PE2-vpn-instance-aaa] quit
# Configure IP addresses for the interfaces.
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 5::5 128
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ip binding vpn-instance aaa
[PE2-Ten-GigabitEthernet0/0/16] ip address 20.1.1.2 30
[PE2-Ten-GigabitEthernet0/0/16] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ipv6 address 45:1:1::2 126
[PE2-Ten-GigabitEthernet0/0/15] quit
# Configure IPv6 IS-IS to implement backbone network intercommunication.
[PE2] isis 1
[PE2-isis-1] is-level level-2
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0005.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/15] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Configure an SRv6 locator on the PE to be advertised by IGP, and enable SRv6 compression.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] srv6 compress enable
[PE2-segment-routing-ipv6] locator ex ipv6-prefix A:2:2:A:5:: 80 compress-16 non-compress-static 16 static 8
[PE2-segment-routing-ipv6-locator-ex] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator ex
[PE2-isis-1-ipv6] srv6 compress enable
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify a source address for the outer IPv6 header of SRv6-encapsulated EVPN L3VPN packets on the PE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 5::5
# Create EBGP peers between the PE and CE, and import VPN routes.
[PE2] bgp 100
[PE2-bgp-default] router-id 5.5.5.5
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] peer 20.1.1.1 as-number 20
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] peer 20.1.1.1 enable
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
# Create MP-IBGP peers between PE 1 and PE 2.
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Enable exchange of SRv6-encapsulated EVPN routes between MP-IBGP peers on PE 2, and enable recursion of VPN routes to the SRv6 BE tunnel.
[PE2] bgp 100
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] ip vpn-instance aaa
[PE2-bgp-default-aaa] address-family ipv4 unicast
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 locator ex evpn compress-16
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 apply-sid compress coc-next evpn
[PE2-bgp-default-ipv4-aaa] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-aaa] quit
[PE2-bgp-default-aaa] quit
[PE2-bgp-default] quit
# Specify the local discriminator for the SBFD session on PE 2, and make sure it is the same as the remote discriminator on PE 1.
[PE2] sbfd local-discriminator 1000001
Verifying the configuration
# On PE 1, execute the display segment-routing ipv6 te policy command to display detailed SRv6 TE policy information. Verify that the Status field for the SRv6 TE policy is Up, and the SID list state is Up.
<PE1> display segment-routing ipv6 te policy
Name/ID: a/0
Color: 10
End-point: 5::5
Name from BGP:
Name from PCE:
BSID:
Mode: Dynamic Type: Type_2 Request state: Succeeded
Current BSID: A:2:2:A:1:0:101:0 Explicit BSID: - Dynamic BSID: A:2:2:A:1:0:101:0
Reference counts: 5
Flags: A/BS/NC
Status: Up
AdminStatus: Up
…
Explicit SID list:
ID: 2 Name: b
Weight: 1 Forwarding index: 2149580805
State: Up State(SBFD): Up
Verification State: -
Path MTU: 1500 Path MTU Reserved: 0
SID list flags: None
Local BSID: -
Reverse BSID: -
# On PE 1, execute the display bgp l2vpn evpn command to display detailed information about the route sent by PE 2. Verify that the route sent by PE 2 carries the PrefixSID attribute data.
<PE1> display bgp l2vpn evpn [5][0][32][22.22.22.22] 80
BGP local router ID: 1.1.1.1
Local AS number: 100
Route distinguisher: 100:1(aaa)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][32][22.22.22.22]/80:
From : 5::5 (5.5.5.5)
Rely nexthop : FE80::1AF8:23FF:FE50:207
Original nexthop: 5::5
Out interface : Ten-GigabitEthernet0/0/16
Route age : 00h00m39s
OutLabel : 3
Ext-Community : <RT: 200:1>, <CO-Flag:Color(00:10)>
RxPathID : 0x0
TxPathID : 0x0
PrefixSID : End.DT4 SID <<A:2:2:A:5:107:0:0>
SRv6 Service TLV (37 bytes):
Type: SRV6 L3 Service TLV (5)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes):
Type: 1 Length: 30, Rsvdl: 0x0
SID Flags: 0x0 Endpoint behavior: 0x13 Rsvd2: 0x0
SRv6 SID Sub-Sub-TLV:
Type: 1 Len: 6
BL: 64 NL: 16 FL: 16 AL: 0 TL: 0 TO: 0
AS-path : 20
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
Source type : local
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 22.22.22.22/32
Gateway address : 0.0.0.0
MPLS label : 3
Tunnel policy : NULL
Rely tunnel IDs : N/A
Re-origination : Disable
# On PE 1, execute the display ip routing-table vpn-instance command. Verify that VPN route 22.22.22.22 is available to CE 2, and the output interface for the route is SRv6 TE policy tunnel a.
Take PE 1 as an example:
[PE1] display ip routing-table vpn-instance aaa
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/30 Direct 0 0 10.1.1.2 XGE0/0/15
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE0/0/15
10.1.1.3/32 Direct 0 0 10.1.1.2 XGE0/0/15
11.11.11.11/32 BGP 255 0 10.1.1.1 XGE0/0/15
20.1.1.0/30 BGP 255 0 5::5 a
22.22.22.22/32 BGP 255 0 5::5 a
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# From source IP address 11.11.11.11 on CE 1, ping destination IP address 22.22.22.22 on CE 2. Verify that the ping operation is successful. Capture packets on the forwarding interfaces of the devices such as PE 1 to verify that the second-, third-, and fourth-hop SIDs are all compressed to 16 bits in the static SID list of the SRH. Compression is implemented through G-SRv6.
Example: Configuring inter-AS intercommunication between an MPLS L3VPN network and an EVPN L3VPN over SRv6 network (through route reorigination)
Network configuration
As shown in Figure 18, PE 2 acts as a border device that connected to both an MPLS L3VPN network and an EVPN L3VPN over SRv6 network. PE 1 and PE 2 belong to AS 10, and PE 3 belongs to AS 20. Configure the devices for intercommunication between the two sites.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
CE 2 |
XGE0/0/15 |
10.2.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.1/32 |
PE 2 |
Loop0 |
2.2.2.2/32 2::2/128 |
|
|
XGE0/0/15 |
12.1.1.1/24 |
|
XGE0/0/15 |
12.1.1.2/24 |
|
|
XGE0/0/16 |
10.1.1.1/24 |
|
XGE0/0/16 |
2233::2/112 |
|
PE 3 |
Loop0 |
3::3/128 |
|
|
|
|
|
XGE0/0/15 |
2233::3/112 |
|
|
|
|
|
XGE0/0/16 |
10.2.1.1/24 |
|
|
|
Procedure
1. Configure CE 1:
# Assign an IP address to the interface.
<CE1> system-view
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 10.1.1.1 as-number 10
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Run IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# On interface Ten-GigabitEthernet 0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip address 12.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] isis enable 1
[PE1-Ten-GigabitEthernet0/0/15] mpls enable
[PE1-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE1-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/16] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 1.
[PE1] bgp 10
[PE1-bgp-default] router-id 1.1.1.1
# Configure PE 1 to exchange BGP VPNv4 routes with peer 2.2.2.2.
[PE1-bgp-default] peer 2.2.2.2 as-number 10
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
3. Configuring PE 2
# Run IPv6 IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.2222.2222.2222.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
# On interface Ten-GigabitEthernet 0/0/16, specify an IPv6 address, and run IPv6 IS-IS.
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 2233::2 112
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/16] quit
# On interface Ten-GigabitEthernet 0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip address 12.1.1.2 24
[PE2-Ten-GigabitEthernet0/0/15] isis enable 1
[PE2-Ten-GigabitEthernet0/0/15] mpls enable
[PE2-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE2-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address and an IPv6 address for the interface, and run both IS-IS and IPv6 IS-IS on the interface.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Run BGP on PE 2.
[PE2] bgp 10
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1.1.1.1 as-number 10
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 as-number 20
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 ebgp-max-hop 10
# Configure PE 2 to exchange VPNv4 routes with IBGP peer 1.1.1.1.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
# Enable the device to reoriginate VPNv4 routes based on EVPN routes and carry the RT of the local VPN instance.
[PE2-bgp-default-vpnv4] advertise evpn route replace-rt
[PE2-bgp-default-vpnv4] quit
# Enable exchange of SRv6-encapsulated EVPN routes with EBGP peer 3::3.
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
# Enable the device to reoriginate EVPN routes based on VPNv4 routes and carry the RT of the local VPN instance.
[PE2-bgp-default-evpn] advertise l3vpn route replace-rt
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:2:: 64 static 8 args 16
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 10
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Apply a locator to IS-IS.
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
4. Configuring PE 3
# Run IPv6 IS-IS on PE 3.
<PE3> system-view
[PE3] isis 1
[PE3-isis-1] is-level level-1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 10.3333.3333.3333.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# On interface Ten-GigabitEthernet 0/0/15, specify an IPv6 address, and run IPv6 IS-IS.
[PE3] interface ten-gigabitethernet 0/0/15
[PE3-Ten-GigabitEthernet0/0/15] ipv6 address 2233::3 112
[PE3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 3::3 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE3] interface ten-gigabitethernet 0/0/16
[PE3-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet0/0/16] ip address 10.2.1.1 24
[PE3-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 3.
[PE3] bgp 20
[PE3-bgp-default] router-id 3.3.3.3
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peer 2::2.
[PE3-bgp-default] peer 2::2 as-number 10
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] peer 2::2 ebgp-max-hop 10
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:3:3:: 64 static 8 args 16
[PE3-segment-routing-ipv6-locator-aaa] quit
[PE3-segment-routing-ipv6] quit
[PE3] bgp 20
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE3-bgp-default-ipv4-vpn1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE3-bgp-default-vpn1] peer 10.2.1.2 as-number 65002
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Apply a locator to IS-IS.
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
5. Configure CE 2:
# Assign an IP address to the interface.
<CE2> system-view
[CE2] interface ten-gigabitethernet 0/0/15
[CE2-Ten-GigabitEthernet0/0/15] ip address 10.2.1.2 24
[CE2-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 10.2.1.1 as-number 20
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# View the BGP VPNv4 and BGP EVPN routing tables on PE 2. The output shows that PE 2 reoriginates VPNv4 route 10.1.1.0/24 received from PE 1 as an EVPN route, and reoriginates EVPN route 10.2.1.0/24 received from PE 3 as a VPNv4 route.
[PE2] display bgp l2vpn evpn
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 100:1
Total number of routes: 2
* >i Network : [5][0][24][10.1.1.0]/80
NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : 1407
MED : 0
Path/Ogn: 65001?
* >e Network : [5][0][24][10.2.1.0]/80
NextHop : 3::3 LocPrf :
PrefVal : 0 OutLabel : 3
MED :
Path/Ogn: 20 65002?
[PE2] display bgp routing-table vpnv4
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 4
Total number of routes from all PEs: 2
Route distinguisher: 100:1
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 10.1.1.0/24 1.1.1.1 0 100 0 65001?
* >e 10.2.1.0/24 3::3 0 20 65002?
Route distinguisher: 100:1(vpn1)
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 10.1.1.0/24 1.1.1.1 0 100 0 65001?
* >e 10.2.1.0/24 3::3 0 20 65002?
# Verify that CE 1 and CE 2 can ping each other.
[CE1] ping 10.2.1.2
Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.2.1.2: icmp_seq=0 ttl=252 time=3.175 ms
56 bytes from 10.2.1.2: icmp_seq=1 ttl=252 time=2.785 ms
56 bytes from 10.2.1.2: icmp_seq=2 ttl=252 time=3.206 ms
56 bytes from 10.2.1.2: icmp_seq=3 ttl=252 time=2.087 ms
56 bytes from 10.2.1.2: icmp_seq=4 ttl=252 time=2.108 ms
--- Ping statistics for 10.2.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.087/2.672/3.206/0.492 ms
Example: Configuring inter-AS intercommunication between an MPLS L3VPN network and an EVPN L3VPN over SRv6 network (through End.T SIDs)
Network configuration
As shown in Figure 19, PE 2 acts as a border device that connected to both an MPLS L3VPN network and an EVPN L3VPN over SRv6 network. PE 1 and PE 2 belong to AS 10, and PE 3 belongs to AS 20. Configure the devices for intercommunication between the two sites.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
CE 2 |
XGE0/0/15 |
10.2.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.1/32 |
PE 2 |
Loop0 |
2.2.2.2/32 2::2/128 |
|
|
XGE0/0/15 |
12.1.1.1/24 |
|
XGE0/0/15 |
12.1.1.2/24 |
|
|
XGE0/0/16 |
10.1.1.1/24 |
|
XGE0/0/16 |
2233::2/112 |
|
PE 3 |
Loop0 |
3::3/128 |
|
|
|
|
|
XGE0/0/15 |
2233::3/112 |
|
|
|
|
|
XGE0/0/16 |
10.2.1.1/24 |
|
|
|
Procedure
1. Configure CE 1:
# Assign an IP address to the interface.
<CE1> system-view
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 10.1.1.1 as-number 10
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Run IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip address 12.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] isis enable 1
[PE1-Ten-GigabitEthernet0/0/15] mpls enable
[PE1-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE1-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/16] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 1.
[PE1] bgp 10
[PE1-bgp-default] router-id 1.1.1.1
# Configure PE 1 to exchange BGP VPNv4 routes with peer 2.2.2.2.
[PE1-bgp-default] peer 2.2.2.2 as-number 10
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
3. Configuring PE 2
# Run IPv6 IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.2222.2222.2222.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
# On interface Ten-GigabitEthernet0/0/16, specify an IPv6 address, and run IPv6 IS-IS.
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 2233::2 112
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/16] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip address 12.1.1.2 24
[PE2-Ten-GigabitEthernet0/0/15] isis enable 1
[PE2-Ten-GigabitEthernet0/0/15] mpls enable
[PE2-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE2-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address and an IPv6 address for the interface, and run both IS-IS and IPv6 IS-IS on the interface.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Run BGP on PE 2.
[PE2] bgp 10
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1.1.1.1 as-number 10
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 as-number 20
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 ebgp-max-hop 10
# Configure PE 2 to exchange VPNv4 routes with IBGP peer 1.1.1.1.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
# Disable route target filtering for received VPNv4 routes.
[PE2-bgp-default-vpnv4] undo policy vpn-target
# Reoriginate VPNv4 routes received from peer PE 1 as EVPN IP prefix advertisement routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-vpnv4] peer 1.1.1.1 re-originated stitch-evpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the VPNv4 routes reoriginated based on EVPN routes received from PE 3, PE 2 advertises the VPNv4 routes to PE 1 only when SRv6 and MPLS interworking is enabled for the VPNv4 address family on PE 2. |
[PE2-bgp-default-vpnv4] srv6-mpls-interworking enable
[PE2-bgp-default-vpnv4] quit
# Enable exchange of SRv6-encapsulated EVPN routes with EBGP peer 3::3.
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
# Disable route target filtering for received EVPN routes.
[PE2-bgp-default-evpn] undo policy vpn-target
# Reoriginate EVPN routes received from peer PE 3 as VPNv4 routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-evpn] peer 3::3 re-originated ip-prefix stitch-l3vpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the EVPN routes reoriginated based on VPNv4 routes received from PE 1, PE 2 advertises the EVPN routes to PE 3 only when SRv6 and MPLS interworking is enabled for the L2VPN EVPN address family on PE 2. |
[PE2-bgp-default-evpn] srv6-mpls-interworking enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:2:: 64 static 8 args 16
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 10
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] segment-routing ipv6 traffic-engineering best-effort
[PE2-bgp-default-vpnv4] segment-routing ipv6 locator aaa
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] segment-routing ipv6 traffic-engineering best-effort evpn
[PE2-bgp-default-evpn] segment-routing ipv6 locator aaa evpn
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Apply a locator to IS-IS.
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
4. Configuring PE 3
# Run IPv6 IS-IS on PE 3.
<PE3> system-view
[PE3] isis 1
[PE3-isis-1] is-level level-1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 10.3333.3333.3333.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IPv6 address, and run IPv6 IS-IS.
[PE3] interface ten-gigabitethernet 0/0/15
[PE3-Ten-GigabitEthernet0/0/15] ipv6 address 2233::3 112
[PE3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 3::3 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE3] interface ten-gigabitethernet 0/0/16
[PE3-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet0/0/16] ip address 10.2.1.1 24
[PE3-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 3.
[PE3] bgp 20
[PE3-bgp-default] router-id 3.3.3.3
# Enable exchange of SRv6-encapsulated EVPN routes with EBGP peer 2::2.
[PE3-bgp-default] peer 2::2 as-number 10
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] peer 2::2 ebgp-max-hop 10
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:3:3:: 64 static 8 args 16
[PE3-segment-routing-ipv6-locator-aaa] quit
[PE3-segment-routing-ipv6] quit
[PE3] bgp 20
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE3-bgp-default-ipv4-vpn1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE3-bgp-default-vpn1] peer 10.2.1.2 as-number 65002
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Apply a locator to IS-IS.
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
5. Configure CE 2:
# Assign an IP address to the interface.
<CE2> system-view
[CE2] interface ten-gigabitethernet 0/0/15
[CE2-Ten-GigabitEthernet0/0/15] ip address 10.2.1.2 24
[CE2-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 10.2.1.1 as-number 20
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# View the BGP VPNv4 and BGP EVPN routing tables on PE 2. The output shows that PE 2 reoriginates VPNv4 route 10.1.1.0/24 received from PE 1 as an EVPN route, and reoriginates EVPN route 10.2.1.0/24 received from PE 3 as a VPNv4 route.
[PE2] display bgp l2vpn evpn
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 100:1
Total number of routes: 2
* >i Network : [5][0][24][10.1.1.0]/80
NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: 65001?
* >e Network : [5][0][24][10.2.1.0]/80
NextHop : 3::3 LocPrf :
PrefVal : 0 OutLabel : 3
MED :
Path/Ogn: 20 65002?
[PE2] display bgp routing-table vpnv4
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 2
Total number of routes from all PEs: 2
Route distinguisher: 100:1
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 10.1.1.0/24 1.1.1.1 0 100 0 65001?
* >e 10.2.1.0/24 3::3 0 20 65002?
# Verify that CE 1 and CE 2 can ping each other.
[CE1] ping 10.2.1.2
Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.2.1.2: icmp_seq=0 ttl=252 time=3.175 ms
56 bytes from 10.2.1.2: icmp_seq=1 ttl=252 time=2.785 ms
56 bytes from 10.2.1.2: icmp_seq=2 ttl=252 time=3.206 ms
56 bytes from 10.2.1.2: icmp_seq=3 ttl=252 time=2.087 ms
56 bytes from 10.2.1.2: icmp_seq=4 ttl=252 time=2.108 ms
--- Ping statistics for 10.2.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.087/2.672/3.206/0.492 ms
Example: Configuring inter-AS intercommunication between an MPLS L3VPN network and an EVPN L3VPN over SRv6 network (through End.T SIDs and SRv6 intra-AS route reflection)
Network configuration
As shown in Figure 20, PE 2 acts as a border device that connected to both an MPLS L3VPN network and an EVPN L3VPN over SRv6 network. PE 1 belongs to AS 10. PE 2, PE 3, and PE 4 belong to AS 20.
· PE 1 and PE 2 in the MPLS network are interconnected across different ASs.
· PE 2, PE 3, and PE 4 in the SRv6 network are interconnected within the same AS. PE 2 acts as the route reflector for PE 3 and PE 4.
Configure the devices for intercommunication between the two sites.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
CE 2 |
XGE0/0/15 |
10.2.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.1/32 |
PE 2 |
Loop0 |
2.2.2.2/32 2::2/128 |
|
|
XGE0/0/15 |
12.1.1.1/24 |
|
XGE0/0/15 |
12.1.1.2/24 |
|
|
XGE0/0/16 |
10.1.1.1/24 |
|
XGE0/0/16 |
2233::2/112 |
|
CE 3 |
XGE0/0/15 |
10.3.1.2/24 |
|
错误!未提供文档变量。 |
2244::2/112 |
|
PE 3 |
Loop0 |
3::3/128 |
PE 4 |
Loop0 |
4::4/128 |
|
|
XGE0/0/15 |
2233::3/112 |
|
XGE0/0/15 |
2244::4/112 |
|
|
XGE0/0/16 |
10.2.1.1/24 |
|
XGE0/0/16 |
10.3.1.1/24 |
Procedure
1. Configure CE 1:
# Assign an IP address to the interface.
<CE1> system-view
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 10.1.1.1 as-number 10
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Run IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip address 12.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] isis enable 1
[PE1-Ten-GigabitEthernet0/0/15] mpls enable
[PE1-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE1-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/16] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 1.
[PE1] bgp 10
[PE1-bgp-default] router-id 1.1.1.1
# Configure PE 1 to exchange BGP VPNv4 routes with peer 2.2.2.2.
[PE1-bgp-default] peer 2.2.2.2 as-number 20
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] peer 2.2.2.2 ebgp-max-hop 10
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
3. Configuring PE 2
# Run IPv6 IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.2222.2222.2222.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
# On interface Ten-GigabitEthernet0/0/16, specify an IPv6 address, and run IPv6 IS-IS.
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 2233::2 112
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/16] quit
# On interface 错误!未提供文档变量。, specify an IPv6 address, and run IPv6 IS-IS.
[PE2] interface 错误!未提供文档变量。
[PE2-错误!未提供文档变量。] ipv6 address 2244::2 112
[PE2-错误!未提供文档变量。] isis ipv6 enable 1
[PE2-错误!未提供文档变量。] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip address 12.1.1.2 24
[PE2-Ten-GigabitEthernet0/0/15] isis enable 1
[PE2-Ten-GigabitEthernet0/0/15] mpls enable
[PE2-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE2-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address and an IPv6 address for the interface, and run both IS-IS and IPv6 IS-IS on the interface.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Run BGP on PE 2.
[PE2] bgp 20
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1.1.1.1 as-number 10
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] peer 1.1.1.1 ebgp-max-hop 10
[PE2-bgp-default] peer 3::3 as-number 20
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] peer 4::4 as-number 20
[PE2-bgp-default] peer 4::4 connect-interface loopback 0
# Configure PE 2 to exchange VPNv4 routes with EBGP peer 1.1.1.1.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
# Disable route target filtering for received VPNv4 routes.
[PE2-bgp-default-vpnv4] undo policy vpn-target
# Reoriginate VPNv4 routes received from peer PE 1 as EVPN IP prefix advertisement routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-vpnv4] peer 1.1.1.1 re-originated stitch-evpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the VPNv4 routes reoriginated based on EVPN routes received from PE 3 and PE 4, PE 2 advertises the VPNv4 routes to PE 1 only when SRv6 and MPLS interworking is enabled for the VPNv4 address family on PE 2. |
[PE2-bgp-default-vpnv4] srv6-mpls-interworking enable
[PE2-bgp-default-vpnv4] quit
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peers 3::3 and 4::4, and specify PE 2 as the route reflector.
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE2-bgp-default-evpn] peer 3::3 reflect-client
[PE2-bgp-default-evpn] peer 4::4 enable
[PE2-bgp-default-evpn] peer 4::4 advertise encap-type srv6
[PE2-bgp-default-evpn] peer 4::4 reflect-client
# Disable route target filtering for received EVPN routes.
[PE2-bgp-default-evpn] undo policy vpn-target
# Reoriginate EVPN routes received from peer PE 3 and PE 4 as VPNv4 routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-evpn] peer 3::3 re-originated ip-prefix stitch-l3vpn
[PE2-bgp-default-evpn] peer 4::4 re-originated ip-prefix stitch-l3vpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the EVPN routes reoriginated based on VPNv4 routes received from PE 1, PE 2 advertises the EVPN routes to PE 3 and PE 4 only when SRv6 and MPLS interworking is enabled for the L2VPN EVPN address family on PE 2. |
[PE2-bgp-default-evpn] srv6-mpls-interworking enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:2:: 64 static 8 args 16
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 20
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] segment-routing ipv6 traffic-engineering best-effort
[PE2-bgp-default-vpnv4] segment-routing ipv6 locator aaa
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] segment-routing ipv6 traffic-engineering best-effort evpn
[PE2-bgp-default-evpn] segment-routing ipv6 locator aaa evpn
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Apply a locator to IS-IS.
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Configure routing policies mpls-to-mpls and mpls-to-evpn.
¡ Configure routing policy mpls-to-mpls to add the extended community attribute 12345:12345 to the BGP routes that PE 2 receives from peer PE 1 in the MPLS network.
¡ Configure routing policy mpls-to-evpn to change the next hop attribute to the local IP address used for BGP session establishment when PE 2 advertises BGP routes received from peer PE 1 in the MPLS network to peers PE 3 and PE 4 in the SRv6 network. In addition, configure the routing policy to change the next hop attribute to the IP address of the remote BGP peer for the routes received from peers PE 3 and PE 4 in the SRv6 network.
[PE2] route-policy mpls-to-mpls permit node 10 // Routing policy mpls-to-mpls
[PE2-route-policy-mpls-to-mpls-10] apply community 12345:12345 additive
[PE2-route-policy-mpls-to-mpls-10] quit
[PE2] bgp 20
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 route-policy mpls-to-mpls import
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
[PE2] ip community-list 100 permit 12345:12345
[PE2] route-policy mpls-to-evpn permit node 10 // Routing policy mpls-to-evpn
[PE2-route-policy-mpls-to-evpn-10] if-match community 100
[PE2-route-policy-mpls-to-evpn-10] apply ipv6 next-hop advertiser-address
[PE2-route-policy-mpls-to-evpn-10] quit
[PE2] route-policy mpls-to-evpn permit node 20
[PE2-route-policy-mpls-to-evpn-20] quit
[PE2] bgp 20
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 route-policy mpls-to-evpn export
[PE2-bgp-default-evpn] peer 3::3 advertise-community
[PE2-bgp-default-evpn] peer 4::4 route-policy mpls-to-evpn export
[PE2-bgp-default-evpn] peer 4::4 advertise-community
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
4. Configuring PE 3
# Run IPv6 IS-IS on PE 3.
<PE3> system-view
[PE3] isis 1
[PE3-isis-1] is-level level-1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 10.3333.3333.3333.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IPv6 address, and run IPv6 IS-IS.
[PE3] interface ten-gigabitethernet 0/0/15
[PE3-Ten-GigabitEthernet0/0/15] ipv6 address 2233::3 112
[PE3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 3::3 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE3] interface ten-gigabitethernet 0/0/16
[PE3-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet0/0/16] ip address 10.2.1.1 24
[PE3-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 3.
[PE3] bgp 20
[PE3-bgp-default] router-id 3.3.3.3
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peer 2::2.
[PE3-bgp-default] peer 2::2 as-number 20
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:3:3:: 64 static 8 args 16
[PE3-segment-routing-ipv6-locator-aaa] quit
[PE3-segment-routing-ipv6] quit
[PE3] bgp 20
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE3-bgp-default-ipv4-vpn1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE3-bgp-default-vpn1] peer 10.2.1.2 as-number 65002
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Apply a locator to IS-IS.
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
5. Configure PE 4:
# Run IPv6 IS-IS on PE 4.
<PE4> system-view
[PE4] isis 1
[PE4-isis-1] is-level level-1
[PE4-isis-1] cost-style wide
[PE4-isis-1] network-entity 10.4444.4444.4444.00
[PE4-isis-1] address-family ipv6 unicast
[PE4-isis-1-ipv6] quit
[PE4-isis-1] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IPv6 address, and run IPv6 IS-IS.
[PE4] interface ten-gigabitethernet 0/0/15
[PE4-Ten-GigabitEthernet0/0/15] ipv6 address 2244::4 112
[PE4-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE4-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[PE4] interface loopback 0
[PE4-LoopBack0] ipv6 address 4::4 128
[PE4-LoopBack0] isis ipv6 enable 1
[PE4-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE4] ip vpn-instance vpn1
[PE4-vpn-instance-vpn1] route-distinguisher 100:1
[PE4-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE4-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE4-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE4] interface ten-gigabitethernet 0/0/16
[PE4-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE4-Ten-GigabitEthernet0/0/16] ip address 10.3.1.1 24
[PE4-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 4.
[PE4] bgp 20
[PE4-bgp-default] router-id 4.4.4.4
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peer 2::2.
[PE4-bgp-default] peer 2::2 as-number 20
[PE4-bgp-default] peer 2::2 connect-interface loopback 0
[PE4-bgp-default] address-family l2vpn evpn
[PE4-bgp-default-evpn] peer 2::2 enable
[PE4-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE4-bgp-default-evpn] quit
[PE4-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE4] segment-routing ipv6
[PE4-segment-routing-ipv6] encapsulation source-address 4::4
[PE4-segment-routing-ipv6] locator aaa ipv6-prefix 4:4:4:: 64 static 8 args 16
[PE4-segment-routing-ipv6-locator-aaa] quit
[PE4-segment-routing-ipv6] quit
[PE4] bgp 20
[PE4-bgp-default] ip vpn-instance vpn1
[PE4-bgp-default-vpn1] address-family ipv4 unicast
[PE4-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE4-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE4-bgp-default-ipv4-vpn1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE4-bgp-default-vpn1] peer 10.3.1.2 as-number 65003
[PE4-bgp-default-vpn1] address-family ipv4 unicast
[PE4-bgp-default-ipv4-vpn1] peer 10.3.1.2 enable
[PE4-bgp-default-ipv4-vpn1] quit
[PE4-bgp-default-vpn1] quit
[PE4-bgp-default] quit
# Apply a locator to IS-IS.
[PE4] isis 1
[PE4-isis-1] address-family ipv6 unicast
[PE4-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE4-isis-1-ipv6] quit
[PE4-isis-1] quit
6. Configure CE 2:
# Assign an IP address to the interface.
<CE2> system-view
[CE2] interface ten-gigabitethernet 0/0/15
[CE2-Ten-GigabitEthernet0/0/15] ip address 10.2.1.2 24
[CE2-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 10.2.1.1 as-number 20
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
7. Configure CE 3:
# Assign an IP address to the interface.
<CE3> system-view
[CE3] interface ten-gigabitethernet 0/0/15
[CE3-Ten-GigabitEthernet0/0/15] ip address 10.3.1.2 24
[CE3-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE3] bgp 65003
[CE3-bgp-default] peer 10.3.1.1 as-number 20
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 10.3.1.1 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
Verifying the configuration
# View the BGP VPNv4 and BGP EVPN routing tables on PE 2. The output shows that PE 2 reoriginates VPNv4 route 10.1.1.0/24 received from PE 1 as an EVPN route, and reoriginates EVPN routes 10.2.1.0/24 and 10.3.1.0/24 received from PE 3 and PE 4 as VPNv4 routes.
[PE2] display bgp l2vpn evpn
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 100:1
Total number of routes: 3
* >i Network : [5][0][24][10.3.1.0]/80
NextHop : 4::4 LocPrf : 100
PrefVal : 0 OutLabel : 3
MED : 0
Path/Ogn: 65003?
* >e Network : [5][0][24][10.1.1.0]/80
NextHop : 1.1.1.1 LocPrf :
PrefVal : 0 OutLabel : 1407
MED :
Path/Ogn: 10 65001?
* >i Network : [5][0][24][10.2.1.0]/80
NextHop : 3::3 LocPrf : 100
PrefVal : 0 OutLabel : 3
MED : 0
Path/Ogn: 65002?
[PE2] display bgp routing-table vpnv4
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 3
Total number of routes from all PEs: 3
Route distinguisher: 100:1
Total number of routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 10.3.1.0/24 4::4 0 100 0 65003?
* >e 10.1.1.0/24 1.1.1.1 0 10 65001?
* >i 10.2.1.0/24 3::3 0 100 0 65002?
# Verify that CE 1 and CE 2 can ping each other.
[CE1] ping 10.2.1.2
Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.2.1.2: icmp_seq=0 ttl=252 time=3.175 ms
56 bytes from 10.2.1.2: icmp_seq=1 ttl=252 time=2.785 ms
56 bytes from 10.2.1.2: icmp_seq=2 ttl=252 time=3.206 ms
56 bytes from 10.2.1.2: icmp_seq=3 ttl=252 time=2.087 ms
56 bytes from 10.2.1.2: icmp_seq=4 ttl=252 time=2.108 ms
--- Ping statistics for 10.2.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.087/2.672/3.206/0.492 ms
Example: Configuring intra-AS intercommunication between an MPLS L3VPN network and an EVPN L3VPN over SRv6 network (through End.T SIDs)
Network configuration
As shown in Figure 21, PE 2 acts as a border device that connected to both an MPLS L3VPN network and an EVPN L3VPN over SRv6 network. PE 1, PE 2, and PE 3 belong to AS 10. PE 2 acts as the route reflector for PE 1 and PE 3. Configure the devices for intercommunication between the two sites.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
CE 2 |
XGE0/0/15 |
10.2.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.1/32 |
PE 2 |
Loop0 |
2.2.2.2/32 2::2/128 |
|
|
XGE0/0/15 |
12.1.1.1/24 |
|
XGE0/0/15 |
12.1.1.2/24 |
|
|
XGE0/0/16 |
10.1.1.1/24 |
|
XGE0/0/16 |
2233::2/112 |
|
PE 3 |
Loop0 |
3::3/128 |
|
|
|
|
|
XGE0/0/15 |
2233::3/112 |
|
|
|
|
|
XGE0/0/16 |
10.2.1.1/24 |
|
|
|
Procedure
1. Configure CE 1:
# Assign an IP address to the interface.
<CE1> system-view
[CE1] interface ten-gigabitethernet 0/0/15
[CE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 10.1.1.1 as-number 10
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Run IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] is-level level-1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip address 12.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] isis enable 1
[PE1-Ten-GigabitEthernet0/0/15] mpls enable
[PE1-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE1-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/16] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 1.
[PE1] bgp 10
[PE1-bgp-default] router-id 1.1.1.1
# Configure PE 1 to exchange BGP VPNv4 routes with peer 2.2.2.2.
[PE1-bgp-default] peer 2.2.2.2 as-number 10
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
3. Configuring PE 2
# Run IPv6 IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] is-level level-1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.2222.2222.2222.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
# On interface Ten-GigabitEthernet0/0/16, specify an IPv6 address, and run IPv6 IS-IS.
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 2233::2 112
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/16] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip address 12.1.1.2 24
[PE2-Ten-GigabitEthernet0/0/15] isis enable 1
[PE2-Ten-GigabitEthernet0/0/15] mpls enable
[PE2-Ten-GigabitEthernet0/0/15] mpls ldp enable
[PE2-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IP address and an IPv6 address for the interface, and run both IS-IS and IPv6 IS-IS on the interface.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] ipv6 address 2::2 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Run BGP on PE 2.
[PE2] bgp 10
[PE2-bgp-default] router-id 2.2.2.2
[PE2-bgp-default] peer 1.1.1.1 as-number 10
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] peer 3::3 as-number 10
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
# Configure PE 2 to exchange VPNv4 routes with IBGP peer 1.1.1.1.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
# Disable route target filtering for received VPNv4 routes.
[PE2-bgp-default-vpnv4] undo policy vpn-target
# Configure PE 2 as a route reflector and specify IBGP peer PE 1 as a client.
[PE2-bgp-default-vpnv4] peer 1.1.1.1 reflect-client
# Reoriginate VPNv4 routes received from peer PE 1 as EVPN IP prefix advertisement routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-vpnv4] peer 1.1.1.1 re-originated stitch-evpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the VPNv4 routes reoriginated based on EVPN routes received from PE 3, PE 2 advertises the VPNv4 routes to PE 1 only when SRv6 and MPLS interworking is enabled for the VPNv4 address family on PE 2. |
[PE2-bgp-default-vpnv4] srv6-mpls-interworking enable
# Set the local router as the next hop for VPNv4 routes advertised to peer PE 1.
|
|
NOTE: You must set the next hop to the local router for the VPNv4 routes advertised by the route reflector to peers in the MPLS L3VPN network. Without this configuration, the route reflector cannot correctly forward the packets received from the MPLS network destined to the SRv6 network. |
[PE2-bgp-default-vpnv4] peer 1.1.1.1 next-hop-local
[PE2-bgp-default-vpnv4] quit
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peer 3::3.
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
# Disable route target filtering for received EVPN routes.
[PE2-bgp-default-evpn] undo policy vpn-target
# Configure PE 2 as a route reflector and specify IBGP peer PE 3 as a client.
[PE2-bgp-default-evpn] peer 3::3 reflect-client
# Reoriginate EVPN routes received from peer PE 3 as VPNv4 routes without modifying the RD and RT information of the routes.
[PE2-bgp-default-evpn] peer 3::3 re-originated ip-prefix stitch-l3vpn
# Enable SRv6 and MPLS interworking.
|
|
NOTE: For the EVPN routes reoriginated based on VPNv4 routes received from PE 1, PE 2 advertises the EVPN routes to PE 3 only when SRv6 and MPLS interworking is enabled for the L2VPN EVPN address family on PE 2. |
[PE2-bgp-default-evpn] srv6-mpls-interworking enable
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:2:: 64 static 8 args 16
[PE2-segment-routing-ipv6-locator-aaa] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 10
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] segment-routing ipv6 traffic-engineering best-effort
[PE2-bgp-default-vpnv4] segment-routing ipv6 locator aaa
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] segment-routing ipv6 traffic-engineering best-effort evpn
[PE2-bgp-default-evpn] segment-routing ipv6 locator aaa evpn
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Apply a locator to IS-IS.
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
4. Configuring PE 3
# Run IPv6 IS-IS on PE 3.
<PE3> system-view
[PE3] isis 1
[PE3-isis-1] is-level level-1
[PE3-isis-1] cost-style wide
[PE3-isis-1] network-entity 10.3333.3333.3333.00
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# On interface Ten-GigabitEthernet0/0/15, specify an IPv6 address, and run IPv6 IS-IS.
[PE3] interface ten-gigabitethernet 0/0/15
[PE3-Ten-GigabitEthernet0/0/15] ipv6 address 2233::3 112
[PE3-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[PE3-Ten-GigabitEthernet0/0/15] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[PE3] interface loopback 0
[PE3-LoopBack0] ipv6 address 3::3 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
# Create a VPN instance named vpn1.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE3] interface ten-gigabitethernet 0/0/16
[PE3-Ten-GigabitEthernet0/0/16] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet0/0/16] ip address 10.2.1.1 24
[PE3-Ten-GigabitEthernet0/0/16] quit
# Run BGP on PE 3.
[PE3] bgp 10
[PE3-bgp-default] router-id 3.3.3.3
# Enable exchange of SRv6-encapsulated EVPN routes with IBGP peer 2::2.
[PE3-bgp-default] peer 2::2 as-number 10
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:3:3:: 64 static 8 args 16
[PE3-segment-routing-ipv6-locator-aaa] quit
[PE3-segment-routing-ipv6] quit
[PE3] bgp 10
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort evpn
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn
[PE3-bgp-default-ipv4-vpn1] quit
# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.
[PE3-bgp-default-vpn1] peer 10.2.1.2 as-number 65002
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Apply a locator to IS-IS.
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
5. Configure CE 2:
# Assign an IP address to the interface.
<CE2> system-view
[CE2] interface ten-gigabitethernet 0/0/15
[CE2-Ten-GigabitEthernet0/0/15] ip address 10.2.1.2 24
[CE2-Ten-GigabitEthernet0/0/15] quit
# Establish EBGP peer relationship with PE 2 and import VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 10.2.1.1 as-number 10
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# View the BGP VPNv4 and BGP EVPN routing tables on PE 2. The output shows that PE 2 reoriginates VPNv4 route 10.1.1.0/24 received from PE 1 as an EVPN route, and reoriginates EVPN route 10.2.1.0/24 received from PE 3 as a VPNv4 route.
[PE2] display bgp l2vpn evpn
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 100:1
Total number of routes: 2
* >i Network : [5][0][24][10.1.1.0]/80
NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: 65001?
* >i Network : [5][0][24][10.2.1.0]/80
NextHop : 3::3 LocPrf : 100
PrefVal : 0 OutLabel : 3
MED : 0
Path/Ogn: 65002?
[PE2] display bgp routing-table vpnv4
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 2
Total number of routes from all PEs: 2
Route distinguisher: 100:1
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 10.1.1.0/24 1.1.1.1 0 100 0 65001?
* >i 10.2.1.0/24 3::3 0 100 0 65002?
# Verify that CE 1 and CE 2 can ping each other.
[CE1] ping 10.2.1.2
Ping 10.2.1.2 (10.2.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.2.1.2: icmp_seq=0 ttl=252 time=3.175 ms
56 bytes from 10.2.1.2: icmp_seq=1 ttl=252 time=2.785 ms
56 bytes from 10.2.1.2: icmp_seq=2 ttl=252 time=3.206 ms
56 bytes from 10.2.1.2: icmp_seq=3 ttl=252 time=2.087 ms
56 bytes from 10.2.1.2: icmp_seq=4 ttl=252 time=2.108 ms
--- Ping statistics for 10.2.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.087/2.672/3.206/0.492 ms
Example: Configuring inter-AS option B VPN
Network configuration
As shown in Figure 22, an EVPN L3VPN network is deployed in AS 100 and an EVPN L3VPN over SRv6 network is deployed in AS 200. Configure inter-AS option B VPN to permit users in the same VPN instance to communicate with each other across the EVPN L3VPN and EVPN L3VPN over SRv6 networks.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE0/0/15 |
10.1.1.2/24 |
CE 2 |
XGE0/0/15 |
20.1.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.1/32 |
PE 2 |
Loop0 |
1::1/128 |
|
|
XGE0/0/15 |
10.1.1.1/24 |
|
XGE0/0/15 |
20.1.1.1/24 |
|
|
XGE0/0/16 |
11.1.1.1/24 |
|
XGE0/0/16 |
100::1/96 |
|
ASBR 1 |
Loop0 |
2.2.2.2/32 |
ASBR 2 |
Loop0 |
2::2/128 |
|
|
XGE0/0/15 |
11.1.1.2/24 |
|
XGE0/0/15 |
100::2/96 |
|
|
XGE0/0/16 |
12.1.1.1/24 |
|
XGE0/0/16 |
12.1.1.2/24 |
Procedure
1. Configure CE 1:
# Establish EBGP peer relationship with PE 1 and import VPN routes.
<CE1> system-view
[CE1] bgp 101
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Run IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# On interface Ten-GigabitEthernet 0/0/16, specify an IP address, run IS-IS, and enable MPLS and LDP.
[PE1] interface ten-gigabitethernet 0/0/16
[PE1-Ten-GigabitEthernet0/0/16] ip address 11.1.1.1 255.0.0.0
[PE1-Ten-GigabitEthernet0/0/16] isis enable 1
[PE1-Ten-GigabitEthernet0/0/16] mpls enable
[PE1-Ten-GigabitEthernet0/0/16] mpls ldp enable
[PE1-Ten-GigabitEthernet0/0/16] quit
# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create a VPN instance named vpn1, enable EVPN to advertise the routes of the VPN instance, and configure a RD and route target for the VPN instance.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] address-family ipv4
[PE1-vpn-ipv4-vpn1] evpn mpls routing-enable
[PE1-vpn-ipv4-vpn1] quit
[PE1-vpn-instance-vpn1] quit
# Associate the interface connected to CE 1 with VPN instance vpn1.
[PE1] interface ten-gigabitethernet 0/0/15
[PE1-Ten-GigabitEthernet0/0/15] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet0/0/15] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet0/0/15] quit
# Run BGP on PE 1.
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
# Configure PE 1 to exchange BGP EVPN routes with peer 2.2.2.2.
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2.2.2.2 enable
[PE1-bgp-default-evpn] peer 2.2.2.2 advertise encap-type mpls
[PE1-bgp-default-evpn] quit
# Establish EBGP peer relationship with CE 1 and import VPN routes.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 101
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
3. Configure ASBR 1:
# Run IS-IS on ASBR 1.
<ASBR1> system-view
[ASBR1] isis 1
[ASBR1-isis-1] cost-style wide
[ASBR1-isis-1] network-entity 10.2222.2222.2222.00
[ASBR1-isis-1] quit
# Specify an LSR ID and enable MPLS and LDP.
[ASBR1] mpls lsr-id 2.2.2.2
[ASBR1] mpls ldp
[ASBR1-ldp] quit
# On interface Ten-GigabitEthernet 0/0/15, specify an IP address, run IS-IS, and enable MPLS and LDP.
[ASBR1] interface ten-gigabitethernet 0/0/15
[ASBR1-Ten-GigabitEthernet0/0/15] ip address 11.1.1.2 255.0.0.0
[ASBR1-Ten-GigabitEthernet0/0/15] isis enable 1
[ASBR1-Ten-GigabitEthernet0/0/15] mpls enable
[ASBR1-Ten-GigabitEthernet0/0/15] mpls ldp enable
[ASBR1-Ten-GigabitEthernet0/0/15] quit
# On interface Ten-GigabitEthernet 0/0/16, specify an IP address and enable MPLS.
[ASBR1] interface ten-gigabitethernet 0/0/16
[ASBR1-Ten-GigabitEthernet0/0/16] ip address 12.1.1.1 255.0.0.0
[ASBR1-Ten-GigabitEthernet0/0/16] mpls enable
[ASBR1-Ten-GigabitEthernet0/0/16] quit
# Create interface Loopback 0, specify an IP address and run IS-IS on the interface.
[ASBR1] interface loopback 0
[ASBR1-LoopBack0] ip address 2.2.2.2 32
[ASBR1-LoopBack0] isis enable 1
[ASBR1-LoopBack0] quit
# Run BGP on ASBR 1.
[ASBR1] bgp 100
[ASBR1-bgp-default] router-id 2.2.2.2
[ASBR1-bgp-default] peer 1.1.1.1 as-number 100
[ASBR1-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[ASBR1-bgp-default] peer 12.1.1.2 as-number 200
# Configure BGP to not filter received BGP EVPN routes based on route targets.
[ASBR1-bgp-default] address-family l2vpn evpn
[ASBR1-bgp-default-evpn] undo policy vpn-target
# Configure ASBR 1 to exchange BGP EVPN routes with IBGP peer 1.1.1.1 and EBGP peer 12.1.1.2.
[ASBR1-bgp-default-evpn] peer 12.1.1.2 enable
[ASBR1-bgp-default-evpn] peer 12.1.1.2 advertise encap-type mpls
[ASBR1-bgp-default-evpn] peer 1.1.1.1 enable
[ASBR1-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[ASBR1-bgp-default-evpn] peer 1.1.1.1 advertise encap-type mpls
[ASBR1-bgp-default-evpn] quit
[ASBR1-bgp-default] quit
4. Configure ASBR 2:
# Run IPv6 IS-IS on ASBR 2.
<ASBR2> system-view
[ASBR2] isis 1
[ASBR2-isis-1] cost-style wide
[ASBR2-isis-1] network-entity 10.3333.3333.3333.00
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
# On interface Ten-GigabitEthernet 0/0/15, specify an IPv6 address and run IPv6 IS-IS.
[ASBR2] interface ten-gigabitethernet 0/0/15
[ASBR2-Ten-GigabitEthernet0/0/15] ipv6 address 100::2 96
[ASBR2-Ten-GigabitEthernet0/0/15] isis ipv6 enable 1
[ASBR2-Ten-GigabitEthernet0/0/15] quit
# On interface Ten-GigabitEthernet 0/0/16, specify an IP address and enable MPLS.
[ASBR2] interface ten-gigabitethernet 0/0/16
[ASBR2-Ten-GigabitEthernet0/0/16] ip address 12.1.1.2 255.0.0.0
[ASBR2-Ten-GigabitEthernet0/0/16] mpls enable
[ASBR2-Ten-GigabitEthernet0/0/16] quit
# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.
[ASBR2] interface loopback 0
[ASBR2-LoopBack0] ipv6 address 2::2 128
[ASBR2-LoopBack0] isis ipv6 enable 1
[ASBR2-LoopBack0] quit
# Run BGP on ASBR 2.
[ASBR2] bgp 200
[ASBR2-bgp-default] router-id 3.3.3.3
[ASBR2-bgp-default] peer 12.1.1.1 as-number 100
[ASBR2-bgp-default] peer 1::1 as-number 200
[ASBR2-bgp-default] peer 1::1 connect-interface loopback 0
# Configure BGP to not filter received BGP EVPN routes based on route targets.
[ASBR2-bgp-default] address-family l2vpn evpn
[ASBR2-bgp-default-evpn] undo policy vpn-target
# Configure ASBR 2 to exchange BGP EVPN routes with IBGP peer 1::1 and EBGP peer 12.1.1.1.
[ASBR2-bgp-default-evpn] peer 12.1.1.1 enable
[ASBR2-bgp-default-evpn] peer 12.1.1.1 advertise encap-type mpls
[ASBR2-bgp-default-evpn] peer 1::1 enable
[ASBR2-bgp-default-evpn] peer 1::1 next-hop-local
[ASBR2-bgp-default-evpn] quit
[ASBR2-bgp-default] quit
# Configure EVPN L3VPN over SRv6 BE.
[ASBR2] segment-routing ipv6
[ASBR2-segment-routing-ipv6] encapsulation source-address 2::2
[ASBR2-segment-routing-ipv6] locator abc ipv6-prefix 43:1:: 64 static 32
[ASBR2-segment-routing-ipv6-locator-abc] quit
[ASBR2-segment-routing-ipv6] quit
[ASBR2] bgp 200
[ASBR2-bgp-default] address-family l2vpn evpn
[ASBR2-bgp-default-evpn] peer 1::1 advertise encap-type srv6
[ASBR2-bgp-default-evpn] segment-routing ipv6 best-effort evpn
[ASBR2-bgp-default-evpn] segment-routing ipv6 locator abc evpn
# Enable SRv6 and MPLS interworking.
[ASBR2-bgp-default-evpn] srv6-mpls-interworking enable
[ASBR2-bgp-default-evpn] quit
[ASBR2-bgp-default] quit
# Apply a locator to IPv6 IS-IS.
[ASBR2] isis 1
[ASBR2-isis-1] address-family ipv6 unicast
[ASBR2-isis-1-ipv6] segment-routing ipv6 locator abc
[ASBR2-isis-1-ipv6] quit
[ASBR2-isis-1] quit
5. Configure PE 2:
# Run IPv6 IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 10.4444.4444.4444.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# On interface Ten-GigabitEthernet 0/0/16, specify an IPv6 address and run IPv6 IS-IS.
[PE2] interface ten-gigabitethernet 0/0/16
[PE2-Ten-GigabitEthernet0/0/16] ipv6 address 100::1 96
[PE2-Ten-GigabitEthernet0/0/16] isis ipv6 enable 1
[PE2-Ten-GigabitEthernet0/0/16] quit
# Create interface Loopback 0, specify an IPv6 address and run IPv6 IS-IS on the interface.
[PE2] interface loopback 0
[PE2-LoopBack0] ipv6 address 1::1 128
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
# Create a VPN instance named vpn1 and configure a RD and route target for the VPN instance.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
# Associate the interface connected to CE 2 with VPN instance vpn1.
[PE2] interface ten-gigabitethernet 0/0/15
[PE2-Ten-GigabitEthernet0/0/15] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet0/0/15] ip address 20.1.1.1 24
[PE2-Ten-GigabitEthernet0/0/15] quit
# Run BGP on PE 2.
[PE2] bgp 200
[PE2-bgp-default] router-id 4.4.4.4
# Configure PE 2 to exchange BGP EVPN routes with IBGP peer 2::2.
[PE2-bgp-default] peer 2::2 as-number 200
[PE2-bgp-default] peer 2::2 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 2::2 enable
[PE2-bgp-default-evpn] quit
# Establish EBGP peer relationship with CE 2 and import VPN routes.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.2 as-number 201
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
# Configure L3VPN over SRv6 BE.
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 1::1
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 42:1:: 64 static 32
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
[PE2] bgp 200
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
# Apply a locator to IPv6 IS-IS.
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
6. Configure CE 2:
# Establish EBGP peer relationship with PE 2 and import VPN routes.
<CE2> system-view
[CE2] bgp 201
[CE2-bgp-default] peer 20.1.1.1 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# On ASBR 2, verify that the MPLS label and SRv6 SID have established mapping relationship. The LSP out label is the SRv6 SID.
[ASBR2] display mpls lsp srv6-mpls-interworking
FEC : 3::3/43:1::1:0:2
Protocol : BGP
In Label : 600127
Out SRv6 SID : 43:1::1:0:2
Path ID : 0x16000000.1
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
