华为运营商级路由器配置示例 | 公网IPv4 over SRv6 BE
Posted COCOgsta
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了华为运营商级路由器配置示例 | 公网IPv4 over SRv6 BE相关的知识,希望对你有一定的参考价值。
组网需求
如图1所示:路由器PE1、P和PE2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。PE1、P和PE2属于IS-IS进程1,都是Level-1设备。PE1与PE2之间部署IBGP邻居,PE和Device之间部署EBGP邻居。
要求在PE1和PE2之间建立双向SRv6 BE路径,承载公网IPv4业务。
图1 配置公网IPv4 over SRv6 BE组网图
配置思路
- 使能PE1、P和PE2各接口的IPv6转发能力,配置各接口的IPv6地址。
- 在PE1、P和PE2上使能IS-IS,配置Level级别,指定网络实体。
- 在PE和Device之间建立EBGP对等体关系。
- 在PE之间建立MP-IBGP对等体关系。
- 在PE1和PE2上配置SRv6。配置IS-IS的SRv6能力。
操作步骤
1.使能各接口的IPv6转发能力,配置IPv6地址,以PE1为例,其他路由器的配置过程相同,不再赘述
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:DB8:10::1 96
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 128
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit2.配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-1
[*P-isis-1] cost-style wide
[*P-isis-1] network-entity 10.0000.0000.0002.00
[*P-isis-1] ipv6 enable topology ipv6
[*P-isis-1] quit
[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P-GigabitEthernet2/0/0] commit
[~P-GigabitEthernet2/0/0] quit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] commit
[~PE2-LoopBack1] quit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0002* GE1/0/0 0000.0000.0002.01 Up 8s L1 64
Total Peer(s): 1# 显示IS-IS路由表信息。以PE1为例。
[~PE1] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags
--------------------------------------------------------------------------------
2001:DB8:1::1/128 Loop1 Direct 0 D/-/L/-
2001:DB8:2::2/128 GE1/0/0 FE80::3A92:6CFF:FE21:10 10 A/-/-/-
2001:DB8:10::/96 GE1/0/0 Direct 10 D/-/L/-
2001:DB8:20::/96 GE1/0/0 FE80::3A92:6CFF:FE21:10 20 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, LP-Local Prefix-Sid
Protect Type: L-Link Protect, N-Node Protect3.在PE与Device之间建立EBGP对等体关系
# 配置DeviceA。
[~DeviceA] interface gigabitethernet 1/0/0
[~DeviceA-GigabitEthernet1/0/0] ip address 192.168.1.1 24
[*DeviceA-GigabitEthernet1/0/0] quit
[*DeviceA] bgp 200
[*DeviceA-bgp] router-id 4.4.4.4
[*DeviceA-bgp] peer 192.168.1.2 as-number 100
[*DeviceA-bgp] quit
[*DeviceA] commit# 配置PE1。
[~PE1] interface gigabitethernet 2/0/0
[~PE1-GigabitEthernet2/0/0] ip address 192.168.1.2 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] peer 192.168.1.1 as-number 200
[*PE1-bgp] ipv4-family unicast
[*PE1-bgp-af-ipv4] peer 192.168.1.1 enable
[*PE1-bgp-af-ipv4] network 192.168.1.0 24
[*PE1-bgp-af-ipv4] commit
[~PE1-bgp-af-ipv4] quit
[~PE1-bgp] quit# 配置DeviceB。
[~DeviceB] interface gigabitethernet 1/0/0
[~DeviceB-GigabitEthernet1/0/0] ip address 192.168.2.1 24
[*DeviceB-GigabitEthernet1/0/0] quit
[*DeviceB] bgp 300
[*DeviceB-bgp] router-id 5.5.5.5
[*DeviceB-bgp] peer 192.168.2.2 as-number 100
[*DeviceB-bgp] quit
[*DeviceB] commit# 配置PE2。
[~PE2] interface gigabitethernet 2/0/0
[~PE2-GigabitEthernet2/0/0] ip address 192.168.2.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] bgp 100
[*PE2-bgp] router-id 2.2.2.2
[*PE2-bgp] peer 192.168.2.1 as-number 300
[*PE2-bgp] ipv4-family unicast
[*PE2-bgp-af-ipv4] peer 192.168.2.1 enable
[*PE2-bgp-af-ipv4] network 192.168.2.0 24
[*PE2-bgp-af-ipv4] commit
[~PE2-bgp-af-ipv4] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp peer命令,可以看到PE与Device之间的BGP对等体关系已建立,并达到Established状态。
以PE1与DeviceA的对等体关系为例:
4.在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 2001:DB8:2::2 as-number 100
[*PE1-bgp] peer 2001:DB8:2::2 connect-interface loopback1
[*PE1-bgp] ipv4-family unicast
[*PE1-bgp-af-ipv4] peer 2001:DB8:2::2 enable
[*PE1-bgp-af-ipv4] commit
[~PE1-bgp-af-ipv4] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 2001:DB8:1::1 as-number 100
[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback1
[*PE2-bgp] ipv4-family unicast
[*PE2-bgp-af-ipv4] peer 2001:DB8:1::1 enable
[*PE2-bgp-af-ipv4] commit
[~PE2-bgp-af-ipv4] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。以PE1的显示为例:
[~PE1] display bgp peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
192.168.1.1 4 200 10 11 0 00:05:15 Established 2
2001:DB8:2::2 4 100 10 11 0 00:05:15 Established 2 5.在PE之间建立SRv6 BE路径
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1
[*PE1-segment-routing-ipv6] locator aa ipv6-prefix 2001:DB8:100:: 64 static 32
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] isis 1
[*PE1-isis-1] segment-routing ipv6 locator aa
[*PE1-isis-1] commit
[~PE1-isis-1] quit
[~PE1] bgp 100
[~PE1-bgp] ipv4-family unicast
[*PE1-bgp-af-ipv4] peer 2001:DB8:2::2 prefix-sid
[*PE1-bgp-af-ipv4] segment-routing ipv6 best-effort
[*PE1-bgp-af-ipv4] segment-routing ipv6 locator aa
[*PE1-bgp-af-ipv4] commit
[~PE1-bgp-af-ipv4] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:2::2
[*PE2-segment-routing-ipv6] locator aa ipv6-prefix 2001:DB8:200:: 64 static 32
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] isis 1
[*PE2-isis-1] segment-routing ipv6 locator aa
[*PE2-isis-1] commit
[~PE2-isis-1] quit
[~PE2] bgp 100
[~PE2-bgp] ipv4-family unicast
[*PE2-bgp-af-ipv4] peer 2001:DB8:1::1 prefix-sid
[*PE2-bgp-af-ipv4] segment-routing ipv6 best-effort
[*PE2-bgp-af-ipv4] segment-routing ipv6 locator aa
[*PE2-bgp-af-ipv4] commit
[~PE2-bgp-af-ipv4] quit
[~PE2-bgp] quit6.检查配置结果
执行display segment-routing ipv6 local-sid end-dt4 forwarding命令查看SRv6的Local SID表信息。以PE1为例:
[~PE1] display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : 2001:DB8:100::1:0:1/128 FuncType : End.DT4
VPN Name : _public_ VPN ID : 0
LocatorName: aa LocatorID: 1
Total SID(s): 1执行display bgp routing-table命令,可以看到BGP路由表信息。以PE2的显示为例:
[~PE2] display bgp routing-table 192.168.1.0
BGP local router ID : 2.2.2.2
Local AS number : 100
Paths: 1 available, 1 best, 1 select, 0 best-external, 0 add-path
BGP routing table entry information of 192.168.1.0/24:
From: 2001:DB8:1::1 (1.1.1.1)
Route Duration: 2d02h11m33s
Relay IP Nexthop: FE80::3ABD:6CFF:FE31:300
Relay IP Out-Interface: GigabitEthernet1/0/0
Original nexthop: 2001:DB8:1::1
Qos information : 0x0
Prefix-sid: 2001:DB8:100::1:0:1
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Advertised to such 1 peers:
192.168.2.1Device之间能够相互Ping通,例如:
[~DeviceA] ping 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=253 time=7 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=253 time=5 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=253 time=4 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=253 time=5 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=253 time=5 ms
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/7 ms以上是关于华为运营商级路由器配置示例 | 公网IPv4 over SRv6 BE的主要内容,如果未能解决你的问题,请参考以下文章
华为运营商级路由器配置示例 | 动态BFD检测IPv4静态路由
华为运营商级路由器配置示例 | NQA for IPv4静态路由