华为运营商级路由器配置示例 | SRv6 SFC承载IPv4业务功能(SFF到SF使用三层转发)
Posted 一个热爱编程的通信人
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了华为运营商级路由器配置示例 | SRv6 SFC承载IPv4业务功能(SFF到SF使用三层转发)相关的知识,希望对你有一定的参考价值。
组网需求
如图1所示,SF1双归到SFF1和SFF2,SF2是SF1的Bypass SF,为SF1提供Bypass保护。IPv4业务流向是从SC到Tail End,要求在网络里配置SRv6 SFC功能,同时需要保证IPv4业务的可靠性。
图1 配置SRv6 SFC承载IPv4业务功能组网图(SFF到SF使用三层转发)
配置思路
- 使能各节点的接口IPv6转发能力,配置各接口的IPv6地址。
- 在各节点上使能IS-IS,配置Level级别,指定网络实体。
- 在各节点上配置SRv6基本功能。
- 在SFF设备上配置接入SF。
- 在SFF上配置SFC功能。
- 在SC上配置SRv6 TE Policy。
- 在SC上配置流策略,将业务流量重定向到SRv6 TE Policy。
- 在SFF1和SFF2上配置备份链路保护和Bypass保护功能。
- 在SFF1和SFF2配置单臂BFD功能,检测到达SF1的连通性。
操作步骤
1.使能各接口的IPv6转发能力,配置各接口的IP地址
# 配置SFF1。其他设备的配置过程相同,不再赘述,详情可参考配置文件。
<HUAWEI> system-view
[~HUAWEI] sysname SFF1
[*HUAWEI] commit
[~SFF1] interface gigabitethernet 1/0/1
[~SFF1-GigabitEthernet1/0/1] ipv6 enable
[*SFF1-GigabitEthernet1/0/1] ipv6 address 2001:db8:1::2 96
[*SFF1-GigabitEthernet1/0/1] quit
[*SFF1] interface gigabitethernet 1/0/2
[*SFF1-GigabitEthernet1/0/2] ipv6 enable
[*SFF1-GigabitEthernet1/0/2] ipv6 address 2001:db8:2::1 96
[*SFF1-GigabitEthernet1/0/2] quit
[*SFF1] interface gigabitethernet 1/0/4
[*SFF1-GigabitEthernet1/0/4] ipv6 enable
[*SFF1-GigabitEthernet1/0/4] ipv6 address 2001:db8:6::1 96
[*SFF1-GigabitEthernet1/0/4] quit
[*SFF1] interface loopback1
[*SFF1-LoopBack1] ipv6 enable
[*SFF1-LoopBack1] ipv6 address 2::2 128
[*SFF1-LoopBack1] commit
[~SFF1-LoopBack1] quit2.配置IS-IS
# 配置SFF1。其他设备的配置过程相同,不再赘述。
[~SFF1] isis 1
[*SFF1-isis-1] is-level level-1
[*SFF1-isis-1] cost-style wide
[*SFF1-isis-1] network-entity 10.0000.0000.0002.00
[*SFF1-isis-1] ipv6 enable topology ipv6
[*SFF1-isis-1] quit
[*SFF1] interface gigabitethernet 1/0/1
[*SFF1-GigabitEthernet1/0/1] isis ipv6 enable 1
[*SFF1-GigabitEthernet1/0/1] quit
[*SFF1] interface gigabitethernet 1/0/2
[*SFF1-GigabitEthernet1/0/2] isis ipv6 enable 1
[*SFF1-GigabitEthernet1/0/2] quit
[*SFF1] interface gigabitethernet 1/0/4
[*SFF1-GigabitEthernet1/0/4] isis ipv6 enable 1
[*SFF1-GigabitEthernet1/0/4] quit
[*SFF1] interface loopback1
[*SFF1-LoopBack1] isis ipv6 enable 1
[*SFF1-LoopBack1] commit
[~SFF1-LoopBack1] quit3.配置SRv6 SID,同时使能IS-IS SRv6
# 配置SC。
[~SC] ip vpn-instance vpna
[*SC-vpn-instance-vpna] ipv4-family
[*SC-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*SC-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*SC-vpn-instance-vpna-af-ipv4] quit
[*SC-vpn-instance-vpna] quit
[*SC] segment-routing ipv6
[*SC-segment-routing-ipv6] encapsulation source-address 1::1
[*SC-segment-routing-ipv6] locator as1 ipv6-prefix 2001:db8:11:: 64 static 32
[*SC-segment-routing-ipv6-locator] opcode ::1 end psp
[*SC-segment-routing-ipv6-locator] opcode ::100 end-dt4 vpn-instance vpna
[*SC-segment-routing-ipv6-locator] quit
[*SC-segment-routing-ipv6] quit
[*SC] isis 1
[*SC-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*SC-isis-1] commit
[~SC-isis-1] quit# 配置SFF1。
[~SFF1] ip vpn-instance vpna
[*SFF1-vpn-instance-vpna] ipv4-family
[*SFF1-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*SFF1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*SFF1-vpn-instance-vpna-af-ipv4] quit
[*SFF1-vpn-instance-vpna] quit
[*SFF1] segment-routing ipv6
[*SFF1-segment-routing-ipv6] encapsulation source-address 2::2
[*SFF1-segment-routing-ipv6] locator as1 ipv6-prefix 2001:db8:12:: 64 static 32
[*SFF1-segment-routing-ipv6-locator] opcode ::1 end psp
[*SFF1-segment-routing-ipv6-locator] quit
[*SFF1-segment-routing-ipv6] quit
[*SFF1] isis 1
[*SFF1-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*SFF1-isis-1] commit
[~SFF1-isis-1] quit# 配置SFF2。
[~SFF2] ip vpn-instance vpna
[*SFF2-vpn-instance-vpna] ipv4-family
[*SFF2-vpn-instance-vpna-af-ipv4] route-distinguisher 300:1
[*SFF2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*SFF2-vpn-instance-vpna-af-ipv4] quit
[*SFF2-vpn-instance-vpna] quit
[*SFF2] segment-routing ipv6
[*SFF2-segment-routing-ipv6] encapsulation source-address 3::3
[*SFF2-segment-routing-ipv6] locator as1 ipv6-prefix 2001:db8:13:: 64 static 32
[*SFF2-segment-routing-ipv6-locator] opcode ::1 end psp
[*SFF2-segment-routing-ipv6-locator] quit
[*SFF2-segment-routing-ipv6] quit
[*SFF2] isis 1
[*SFF2-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*SFF2-isis-1] commit
[~SFF2-isis-1] quit# 配置SFF3。
[~SFF3] ip vpn-instance vpna
[*SFF3-vpn-instance-vpna] ipv4-family
[*SFF3-vpn-instance-vpna-af-ipv4] route-distinguisher 400:1
[*SFF3-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*SFF3-vpn-instance-vpna-af-ipv4] quit
[*SFF3-vpn-instance-vpna] quit
[*SFF3] segment-routing ipv6
[*SFF3-segment-routing-ipv6] encapsulation source-address 4::4
[*SFF3-segment-routing-ipv6] locator as1 ipv6-prefix 2001:db8:14:: 64 static 32
[*SFF3-segment-routing-ipv6-locator] opcode ::1 end psp
[*SFF3-segment-routing-ipv6-locator] quit
[*SFF3-segment-routing-ipv6] quit
[*SFF3] isis 1
[*SFF3-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*SFF3-isis-1] commit
[~SFF3-isis-1] quit# 配置Tail End。
[~Tail] ip vpn-instance vpna
[*Tail-vpn-instance-vpna] ipv4-family
[*Tail-vpn-instance-vpna-af-ipv4] route-distinguisher 500:1
[*Tail-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*Tail-vpn-instance-vpna-af-ipv4] quit
[*Tail-vpn-instance-vpna] quit
[*Tail] interface gigabitethernet 1/0/2
[*Tail-GigabitEthernet1/0/2] ip binding vpn-instance vpna
[*Tail-GigabitEthernet1/0/2] ip address 10.1.5.2 30
[*Tail-GigabitEthernet1/0/2] quit
[*Tail] segment-routing ipv6
[*Tail-segment-routing-ipv6] encapsulation source-address 5::5
[*Tail-segment-routing-ipv6] locator as1 ipv6-prefix 2001:db8:15:: 64 static 32
[*Tail-segment-routing-ipv6-locator] opcode ::1 end psp
[*Tail-segment-routing-ipv6-locator] opcode ::100 end-dt4 vpn-instance vpna
[*Tail-segment-routing-ipv6-locator] quit
[*Tail-segment-routing-ipv6] quit
[*Tail] isis 1
[*Tail-isis-1] segment-routing ipv6 locator as1 auto-sid-disable
[*Tail-isis-1] commit
[~Tail-isis-1] quit配置完成后,执行命令display segment-routing ipv6 locator [ locator-name ] verbose查看SRv6的Locator信息。
4.在SFF设备上配置接入SF
# 配置SFF1。
[~SFF1] bridge-domain 1
[*SFF1-bd1] quit
[*SFF1] interface gigabitethernet 1/0/3.1 mode l2
[*SFF1-GigabitEthernet1/0/3.1] encapsulation dot1q vid 1
[*SFF1-GigabitEthernet1/0/3.1] rewrite pop single
[*SFF1-GigabitEthernet1/0/3.1] bridge-domain 1
[*SFF1-GigabitEthernet1/0/3.1] quit
[*SFF1] interface Vbdif1
[*SFF1-Vbdif1] ip binding vpn-instance vpna
[*SFF1-Vbdif1] ip address 10.1.1.2 30
[*SFF1-Vbdif1] commit
[~SFF1-Vbdif1] quit# 配置SFF2。
[~SFF2] bridge-domain 1
[*SFF2-bd1] quit
[*SFF2] interface gigabitethernet 1/0/3.1 mode l2
[*SFF2-GigabitEthernet1/0/3.1] encapsulation dot1q vid 1
[*SFF2-GigabitEthernet1/0/3.1] rewrite pop single
[*SFF2-GigabitEthernet1/0/3.1] bridge-domain 1
[*SFF2-GigabitEthernet1/0/3.1] quit
[*SFF2] interface Vbdif1
[*SFF2-Vbdif1] ip binding vpn-instance vpna
[*SFF2-Vbdif1] ip address 10.1.1.2 30
[*SFF2-Vbdif1] commit
[~SFF2-Vbdif1] quit# 配置SFF3。
[~SFF3] bridge-domain 1
[*SFF3-bd1] quit
[*SFF3] interface gigabitethernet 1/0/3.1 mode l2
[*SFF3-GigabitEthernet1/0/3.1] encapsulation dot1q vid 1
[*SFF3-GigabitEthernet1/0/3.1] rewrite pop single
[*SFF3-GigabitEthernet1/0/3.1] bridge-domain 1
[*SFF3-GigabitEthernet1/0/3.1] quit
[*SFF3] interface Vbdif1
[*SFF3-Vbdif1] ip binding vpn-instance vpna
[*SFF3-Vbdif1] ip address 10.2.1.2 30
[*SFF3-Vbdif1] commit
[~SFF3-Vbdif1] quit5.在SFF设备上配置SFC基本功能
# 配置SFF1。
[~SFF1] segment-routing ipv6
[~SFF1-segment-routing-ipv6] locator as2 ipv6-prefix 2001:db8:9999:: 64 static 32
[*SFF1-segment-routing-ipv6-locator] opcode ::1 end-as
[*SFF1-segment-routing-ipv6-locator-endas-::1] inner-type ipv4
[*SFF1-segment-routing-ipv6-locator-endas-::1] encapsulation ipv4 nexthop 10.1.1.1 out-interface Vbdif1 in-interface Vbdif1
[*SFF1-segment-routing-ipv6-locator-endas-::1] cache source-address 1::1
[*SFF1-segment-routing-ipv6-locator-endas-::1] cache list 2001:db8:15::100 2001:db8:15::1 2001:db8:9999::1
[*SFF1-segment-routing-ipv6-locator-endas-::1] quit
[*SFF1-segment-routing-ipv6-locator] quit
[*SFF1-segment-routing-ipv6] quit
[*SFF1] isis 1
[*SFF1-isis-1] segment-routing ipv6 locator as2 auto-sid-disable
[*SFF1-isis-1] commit
[~SFF1-isis-1] quit# 配置SFF2。
[~SFF2] segment-routing ipv6
[~SFF2-segment-routing-ipv6] locator as2 ipv6-prefix 2001:db8:9999:: 64 static 32
[*SFF2-segment-routing-ipv6-locator] opcode ::1 end-as
[*SFF2-segment-routing-ipv6-locator-endas-::1] inner-type ipv4
[*SFF2-segment-routing-ipv6-locator-endas-::1] encapsulation ipv4 nexthop 10.1.1.1 out-interface Vbdif1 in-interface Vbdif1
[*SFF2-segment-routing-ipv6-locator-endas-::1] cache source-address 1::1
[*SFF2-segment-routing-ipv6-locator-endas-::1] cache list 2001:db8:15::100 2001:db8:15::1 2001:db8:9999::1
[*SFF2-segment-routing-ipv6-locator-endas-::1] quit
[*SFF2-segment-routing-ipv6-locator] quit
[*SFF2-segment-routing-ipv6] quit
[*SFF2] isis 1
[*SFF2-isis-1] segment-routing ipv6 locator as2 auto-sid-disable
[*SFF2-isis-1] commit
[~SFF2-isis-1] quit# 配置SFF3。
[~SFF3] segment-routing ipv6
[~SFF3-segment-routing-ipv6] locator as2 ipv6-prefix 2001:db8:24:: 64 static 32
[*SFF3-segment-routing-ipv6-locator] opcode ::1 end-as
[*SFF3-segment-routing-ipv6-locator-endas-::1] inner-type ipv4
[*SFF3-segment-routing-ipv6-locator-endas-::1] encapsulation ipv4 nexthop 10.2.1.1 out-interface Vbdif1 in-interface Vbdif1
[*SFF3-segment-routing-ipv6-locator-endas-::1] cache source-address 1::1
[*SFF3-segment-routing-ipv6-locator-endas-::1] cache list 2001:db8:15::100 2001:db8:15::1 2001:db8:24::1
[*SFF3-segment-routing-ipv6-locator-endas-::1] quit
[*SFF3-segment-routing-ipv6-locator] quit
[*SFF3-segment-routing-ipv6] quit
[*SFF3] isis 1
[*SFF3-isis-1] segment-routing ipv6 locator as2 auto-sid-disable
[*SFF3-isis-1] commit
[~SFF3-isis-1] quit6.在SC上配置SRv6 TE Policy
# 配置SC。
[~SC] segment-routing ipv6
[~SC-segment-routing-ipv6] segment-list list1
[*SC-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:db8:9999::1
[*SC-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:db8:15::1
[*SC-segment-routing-ipv6-segment-list-list1] commit
[~SC-segment-routing-ipv6-segment-list-list1] quit
[~SC-segment-routing-ipv6] srv6-te-policy locator as1
[*SC-segment-routing-ipv6] srv6-te policy policy1 endpoint 5::5 color 101
[*SC-segment-routing-ipv6-policy-policy1] binding-sid 2001:db8:11::11
[*SC-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*SC-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*SC-segment-routing-ipv6-policy-policy1-path] commit
[~SC-segment-routing-ipv6-policy-policy1-path] quit
[~SC-segment-routing-ipv6-policy-policy1] quit
[~SC-segment-routing-ipv6] quit配置完成后,执行命令display srv6-te policy查看SRv6 TE Policy信息。
7.在SC配置流策略功能,将业务重定向到SRv6 TE Policy
# 配置SC。
[~SC] traffic classifier c1
[*SC-classifier-c1] if-match any
[*SC-classifier-c1] commit
[~SC-classifier-c1] quit
[~SC] traffic behavior b1
[*SC-behavior-b1] redirect srv6-te policy 5::5 101 vpnsid 2001:db8:15::100
[*SC-behavior-b1] commit
[~SC-behavior-b1] quit
[~SC] traffic policy p1
[*SC-trafficpolicy-p1] classifier c1 behavior b1
[*SC-trafficpolicy-p1] statistic enable
[*SC-trafficpolicy-p1] commit
[~SC-trafficpolicy-p1] quit
[~SC] bridge-domain 1
[*SC-bd1] quit
[*SC] interface gigabitethernet 1/0/1.1 mode l2
[*SC-GigabitEthernet1/0/1.1] encapsulation dot1q vid 1
[*SC-GigabitEthernet1/0/1.1] rewrite pop single
[*SC-GigabitEthernet1/0/1.1] bridge-domain 1
[*SC-GigabitEthernet1/0/1.1] quit
[*SC] interface Vbdif1
[*SC-Vbdif1] ip binding vpn-instance vpna
[*SC-Vbdif1] ip address 10.0.0.1 30
[*SC-Vbdif1] traffic-policy p1 inbound
[*SC-Vbdif1] commit
[~SC-Vbdif1] quit8.在SFF1和SFF2上配置备份链路保护和Bypass保护功能
# 配置SFF1。
[~SFF1] segment-routing ipv6
[~SFF1-segment-routing-ipv6] proxy peer-sid 2001:db8:13::1
[*SFF1-segment-routing-ipv6] locator as2
[*SFF1-segment-routing-ipv6-locator] opcode ::1 end-as
[*SFF1-segment-routing-ipv6-locator-endas-::1] backup-opcode ::2
[*SFF1-segment-routing-ipv6-locator-endas-::1] bypass sid 2001:db8:24::1
[*SFF1-segment-routing-ipv6-locator-endas-::1] quit
[*SFF1-segment-routing-ipv6-locator] quit
[*SFF1-segment-routing-ipv6] quit
[*SFF1] commit# 配置SFF2。
[~SFF2] segment-routing ipv6
[~SFF2-segment-routing-ipv6] proxy peer-sid 2001:db8:12::1
[*SFF2-segment-routing-ipv6] locator as2
[*SFF2-segment-routing-ipv6-locator] opcode ::1 end-as
[*SFF2-segment-routing-ipv6-locator-endas-::1] backup-opcode ::2
[*SFF2-segment-routing-ipv6-locator-endas-::1] bypass sid 2001:db8:24::1
[*SFF2-segment-routing-ipv6-locator-endas-::1] quit
[*SFF2-segment-routing-ipv6-locator] quit
[*SFF2-segment-routing-ipv6] quit
[*SFF2] commit9.SFF1和SFF2还要配置单臂BFD
# 配置SFF1。
[~SFF1] bfd
[*SFF1-bfd] quit
[*SFF1] bfd tosf1 bind peer-ip 10.1.1.1 vpn-instance vpna interface Vbdif1 one-arm-echo destination-ip 2.2.2.9
[*SFF1-bfd-session-tosf1] discriminator local 10
[*SFF1-bfd-session-tosf1] process-pst
[*SFF1-bfd-session-tosf1] commit
[~SFF1-bfd-session-tosf1] quit # 配置SFF2。
[~SFF2] bfd
[*SFF2-bfd] quit
[*SFF2] bfd tosf1 bind peer-ip 10.1.1.1 vpn-instance vpna interface Vbdif1 one-arm-echo destination-ip 3.3.3.9
[*SFF2-bfd-session-tosf1] discriminator local 10
[*SFF2-bfd-session-tosf1] process-pst
[*SFF2-bfd-session-tosf1] commit
[~SFF2-bfd-session-tosf1] quit以上是关于华为运营商级路由器配置示例 | SRv6 SFC承载IPv4业务功能(SFF到SF使用三层转发)的主要内容,如果未能解决你的问题,请参考以下文章
华为运营商级路由器配置示例 | 公网IPv6 over SRv6 TE Policy
华为运营商级路由器配置示例 | 公网IPv4 over SRv6 TE Policy
华为运营商级路由器配置示例 | EVdPdNd VPLS over SRv6 BE
华为运营商级路由器配置示例 | EVdPdNd VPWS over SRv6 BE