华为运营商级路由器配置示例 | 跨域L3VdPdNdv4 over SRv6 BE
Posted COCOgsta
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了华为运营商级路由器配置示例 | 跨域L3VdPdNdv4 over SRv6 BE相关的知识,希望对你有一定的参考价值。
组网需求
如图1所示:
- PE1和ASBR1属于AS 100,PE2和ASBR2属于AS 200,要求AS 100和AS 200内通过IS-IS协议达到IPv6网络互连的目的。
- PE1和ASBR1的IS-IS进程是1,都是Level-1设备;PE2和ASBR2的IS-IS进程是10,都是Level-1设备。
要求在PE1和PE2之间建立双向跨域SRv6 BE路径,承载L3VPNv4业务。
图1 配置跨域L3VPNv4 over SRv6 BE组网图
配置思路
- 使能PE和ASBR各接口的IPv6转发能力,配置各接口的IPv6地址。
- 在PE和ASBR上使能IS-IS,配置Level级别,指定网络实体。
- 在PE1和PE2上配置VPN实例。
- 在PE和CE之间建立EBGP对等体关系。
- 在PE和ASBR上配置IS-IS的SRv6能力。
- 在ASBR上配置Locator路由相互引入。
- 在PE之间建立MP-EBGP对等体关系。
- 在PE上配置利用对等体关系相互发送携带SID的BGP VPNv4路由。
- 在PE1和PE2上配置SRv6转发功能。
操作步骤
1.使能各接口的IPv6转发能力,配置IPv6地址,以PE1为例,其他路由器的配置过程相同,不再赘述
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001::1 96
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 1::1 128
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit2.配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit# 配置ASBR1。
[~ASBR1] isis 1
[*ASBR1-isis-1] is-level level-1
[*ASBR1-isis-1] cost-style wide
[*ASBR1-isis-1] network-entity 10.0000.0000.0002.00
[*ASBR1-isis-1] ipv6 enable topology ipv6
[*ASBR1-isis-1] quit
[*ASBR1] interface gigabitethernet 1/0/0
[*ASBR1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*ASBR1-GigabitEthernet1/0/0] quit
[*ASBR1] interface loopback1
[*ASBR1-LoopBack1] isis ipv6 enable 1
[*ASBR1-LoopBack1] commit
[~ASBR1-LoopBack1] quit# 配置ASBR2。
[~ASBR2] isis 10
[*ASBR2-isis-10] is-level level-1
[*ASBR2-isis-10] cost-style wide
[*ASBR2-isis-10] network-entity 10.0000.0000.0003.00
[*ASBR2-isis-10] ipv6 enable topology ipv6
[*ASBR2-isis-10] quit
[*ASBR2] interface gigabitethernet 1/0/0
[*ASBR2-GigabitEthernet1/0/0] isis ipv6 enable 10
[*ASBR2-GigabitEthernet1/0/0] quit
[*ASBR2] interface loopback1
[*ASBR2-LoopBack1] isis ipv6 enable 10
[*ASBR2-LoopBack1] commit
[~ASBR2-LoopBack1] quit# 配置PE2。
[~PE2] isis 10
[*PE2-isis-10] is-level level-1
[*PE2-isis-10] cost-style wide
[*PE2-isis-10] network-entity 10.0000.0000.0004.00
[*PE2-isis-10] ipv6 enable topology ipv6
[*PE2-isis-10] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 10
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 10
[*PE2-LoopBack1] commit
[~PE2-LoopBack1] quit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0002* GE1/0/0 0000.0000.0002.01 Up 8s L1 64
Total Peer(s): 13.在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit# 按图1配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
4.在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.11.11.11 32
[*CE1-LoopBack1] quit
[*CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.1 as-number 100
[*CE1-bgp] network 11.11.11.11 32
[*CE1-bgp] quit
[*CE1] commit# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.2 as-number 65410
[*PE1-bgp-vpna] import-route direct
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit# 配置CE2。
[~CE2] interface loopback 1
[*CE2-LoopBack1] ip address 22.22.22.22 32
[*CE2-LoopBack1] quit
[*CE2] bgp 65420
[*CE2-bgp] peer 10.2.1.1 as-number 200
[*CE2-bgp] network 22.22.22.22 32
[*CE2-bgp] quit
[*CE2] commit# 配置PE2。
[~PE2] bgp 200
[*PE2-bgp] router-id 4.4.4.4
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] peer 10.2.1.2 as-number 65420
[*PE2-bgp-vpna] import-route direct
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.1
Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 11 9 0 00:06:37 Established 15.在PE上配置IS-IS发布SRv6 Locator路由
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 1::1
[*PE1-segment-routing-ipv6] locator as1 ipv6-prefix 10:: 64 static 32
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] isis 1
[*PE1-isis-1] segment-routing ipv6 locator as1
[*PE1-isis-1] commit
[~PE1-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 4::4
[*PE2-segment-routing-ipv6] locator as1 ipv6-prefix 40:: 64 static 32
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] isis 10
[*PE2-isis-10] segment-routing ipv6 locator as1
[*PE2-isis-10] commit
[~PE2-isis-10] quit6.配置Locator路由相互引入
在PE1->PE2方向,需要在ASBR1上配置BGP引入IS-IS发布的Locator路由,并且发布给ASBR2,ASBR2上配置IS-IS引入BGP路由,从而把PE1的Locator路由通过IS-IS发布给PE2。PE2->PE1方向与此类似。
# 配置ASBR1。
[~ASBR1] bgp 100
[*ASBR1-bgp] router-id 2.2.2.2
[*ASBR1-bgp] peer 2020::2 as-number 200
[*ASBR1-bgp] peer 2020::2 ebgp-max-hop 255
[*ASBR1-bgp] ipv6-family unicast
[*ASBR1-bgp-af-ipv6] peer 2020::2 enable
[*ASBR1-bgp-af-ipv6] network 10:: 64
[*ASBR1-bgp-af-ipv6] network 1::1 128
[*ASBR1-bgp-af-ipv6] quit
[*ASBR1-bgp] quit
[*ASBR1] ip ipv6-prefix p1 permit 40:: 64
[*ASBR1] ip ipv6-prefix p1 permit 4::4 128
[*ASBR1] route-policy rp1 permit node 10
[*ASBR1-route-policy] if-match ipv6 address prefix-list p1
[*ASBR1-route-policy] quit
[*ASBR1] isis 1
[*ASBR1-isis-1] ipv6 import-route bgp route-policy rp1 level-1
[*ASBR1-isis-1] quit
[*ASBR1] commit# 配置ASBR2。
[~ASBR2] bgp 200
[*ASBR2-bgp] router-id 3.3.3.3
[*ASBR2-bgp] peer 2020::1 as-number 100
[*ASBR2-bgp] peer 2020::1 ebgp-max-hop 255
[*ASBR2-bgp] ipv6-family unicast
[*ASBR2-bgp-af-ipv6] peer 2020::1 enable
[*ASBR2-bgp-af-ipv6] network 40:: 64
[*ASBR2-bgp-af-ipv6] network 4::4 128
[*ASBR2-bgp-af-ipv6] quit
[*ASBR2-bgp] quit
[*ASBR2] ip ipv6-prefix p1 permit 10:: 64
[*ASBR2] ip ipv6-prefix p1 permit 1::1 128
[*ASBR2] route-policy rp1 permit node 10
[*ASBR2-route-policy] if-match ipv6 address prefix-list p1
[*ASBR2-route-policy] quit
[*ASBR2] isis 10
[*ASBR2-isis-10] ipv6 import-route bgp route-policy rp1 level-1
[*ASBR2-isis-10] quit
[*ASBR2] commit7.在PE之间建立MP-EBGP对等体关系,并且配置利用对等体关系相互发送携带SID的BGP VPNv4路由,然后使能SRv6 BE转发功能
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 4::4 as-number 200
[*PE1-bgp] peer 4::4 ebgp-max-hop 255
[*PE1-bgp] peer 4::4 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 4::4 enable
[*PE1-bgp-af-vpnv4] peer 4::4 prefix-sid
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] segment-routing ipv6 best-effort
[*PE1-bgp-vpna] segment-routing ipv6 locator as1
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 200
[~PE2-bgp] peer 1::1 as-number 100
[*PE2-bgp] peer 1::1 ebgp-max-hop 255
[*PE2-bgp] peer 1::1 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1::1 enable
[*PE2-bgp-af-vpnv4] peer 1::1 prefix-sid
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] segment-routing ipv6 best-effort
[*PE2-bgp-vpna] segment-routing ipv6 locator as1
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。以PE1的显示为例:
[~PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4::4 4 200 1512 1520 0 21:55:19 Established 2
Peer of IPv4-family for vpn instance :
VPN-Instance vpna, Router ID 1.1.1.1:
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 1790 1812 0 0026h03m Established 1 8.检查配置结果
执行命令display segment-routing ipv6 locator [ locator-name ] verbose查看SRv6的Locator信息。以PE1为例:
[~PE1] display segment-routing ipv6 locator verbose
Locator Configuration Table
---------------------------
LocatorName : as1 LocatorID : 4
IPv6Prefix : 10:: PrefixLength : 64
Block : -- BlockLength : 0
NodeID : -- NodeIdLength : 0
ComprStaticLen: 0 StaticLength : 32
ArgsLength : 0 Reference : 0
AutoCSIDPoolID: 0 ComprDynLength: 0
AutoCSIDBegin : --
AutoCSIDEnd : --
StaticCSIDBegin: --
StaticCSIDEnd : --
AutoSIDPoolID : 8195 DynLength : 32
AutoSIDBegin : 10::1:0:0
AutoSIDEnd : 10::FFFF:FFFF:FFFF:FFFF
StaticSIDBegin: 10::1
StaticSIDEnd : 10::FFFF:FFFF
Total Locator(s): 1执行命令display segment-routing ipv6 local-sid end-dt4 forwarding查看SRv6的Local SID表信息。以PE1为例:
[~PE1] display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : 10::1:0:20/128 FuncType : End.DT4
VPN Name : vpna VPN ID : 3
LocatorName: as1 LocatorID: 1
Total SID(s): 1同一VPN的CE能够相互Ping通,例如:
[~CE1] ping -a 11.11.11.11 22.22.22.22
PING 22.22.22.22: 56 data bytes, press CTRL_C to break
Reply from 22.22.22.22: bytes=56 Sequence=1 ttl=253 time=22 ms
Reply from 22.22.22.22: bytes=56 Sequence=2 ttl=253 time=13 ms
Reply from 22.22.22.22: bytes=56 Sequence=3 ttl=253 time=14 ms
Reply from 22.22.22.22: bytes=56 Sequence=4 ttl=253 time=15 ms
Reply from 22.22.22.22: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 22.22.22.22 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 13/19/34 ms 以上是关于华为运营商级路由器配置示例 | 跨域L3VdPdNdv4 over SRv6 BE的主要内容,如果未能解决你的问题,请参考以下文章
华为运营商级路由器配置示例 | 配置OptionC方式跨域LDP VPLS示例
华为运营商级路由器配置示例 | 配置OptionC方式跨域BGP VPLS示例
华为运营商级路由器配置示例 | 配置OptionB方式跨域BGP VPLS示例
华为运营商级路由器配置示例 | 配置OptionA方式跨域BGP VPLS示例