华为NE40E路由器实验配置示例 | 配置L3VdPdNdv4 over SRv6 BE的VdPdNd FRR功能
Posted COCOgsta
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了华为NE40E路由器实验配置示例 | 配置L3VdPdNdv4 over SRv6 BE的VdPdNd FRR功能相关的知识,希望对你有一定的参考价值。
组网需求
如图1所示:
-
路由器PE1、PE2和PE3属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。
-
PE1、PE2和PE3属于IS-IS进程1,都是Level-2设备。
要求在PE之间建立双向SRv6 BE路径,承载L3VPNv4业务。同时为了提升网络可靠性,要求在PE1上配置VPN FRR功能。
图1 配置L3VPNv4 over SRv6 BE的VPN FRR功能组网图
配置思路
-
使能PE各个接口的IPv6转发能力,配置各接口的IPv6地址。
-
在各PE上使能IS-IS,配置Level级别,指定网络实体。
-
在各PE上配置VPN实例。
-
在PE和CE之间建立EBGP对等体关系。
-
在PE之间建立MP-IBGP对等体关系。
-
在各PE上配置SRv6。配置IS-IS的SRv6能力。
- 在PE1上使能VPN FRR功能,同时配置BFD检测Locator可达性,提升VPN FRR切换速度。
操作步骤
1. 使能各接口的IPv6转发能力,配置IPv6地址,以PE1为例,其他路由器的配置过程相同,不再赘述
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:db8:1::1 96
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ipv6 enable
[*PE1-GigabitEthernet2/0/0] ipv6 address 2001:db8:3::1 96
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] interface LoopBack 1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 1::1 128
[*PE1-LoopBack1] quit
[*PE1] commit2. 配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0002.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] commit
[~PE2-LoopBack1] quit# 配置PE3。
[~PE3] isis 1
[*PE3-isis-1] is-level level-2
[*PE3-isis-1] cost-style wide
[*PE3-isis-1] network-entity 10.0000.0000.0004.00
[*PE3-isis-1] ipv6 enable topology ipv6
[*PE3-isis-1] quit
[*PE3] interface gigabitethernet 1/0/0
[*PE3-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE3-GigabitEthernet1/0/0] quit
[*PE3] interface loopback1
[*PE3-LoopBack1] isis ipv6 enable 1
[*PE3-LoopBack1] commit
[~PE3-LoopBack1] quit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0004* GE2/0/0 0000.0000.0004.02 Up 7s L2 64
0000.0000.0002* GE1/0/0 0000.0000.0002.02 Up 9s L2 64
Total Peer(s): 2# 显示IS-IS路由表信息。以PE1为例。
[~PE1] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags
--------------------------------------------------------------------------------
1::/128 Loop1 Direct 0 D/-/L/-
2::/128 GE1/0/0 FE80::3A92:6CFF:FE31:307 10 A/-/-/-
3::/128 GE2/0/0 FE80::3A92:6CFF:FE41:305 10 A/-/-/-
2001:DB8:1::/96 GE1/0/0 Direct 10 D/-/L/-
2001:DB8:3::/96 GE2/0/0 Direct 10 D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, LP-Local Prefix-Sid
Protect Type: L-Link Protect, N-Node Protect3. 在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface gigabitethernet 3/0/0
[*PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet3/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet3/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit# 配置PE3。
[~PE3] ip vpn-instance vpna
[*PE3-vpn-instance-vpna] ipv4-family
[*PE3-vpn-instance-vpna-af-ipv4] route-distinguisher 300:1
[*PE3-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE3-vpn-instance-vpna-af-ipv4] quit
[*PE3-vpn-instance-vpna] quit
[*PE3] interface gigabitethernet 2/0/0
[*PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE3-GigabitEthernet2/0/0] ip address 10.3.1.1 24
[*PE3-GigabitEthernet2/0/0] quit
[*PE3] commit# 按图1配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
4. 在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.11.11.11 32
[*CE1-LoopBack1] quit
[*CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.1 as-number 100
[*CE1-bgp] network 11.11.11.11 32
[*CE1-bgp] quit
[*CE1] commit# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.2 as-number 65410
[*PE1-bgp-vpna] import-route direct
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit# 配置CE2。
[~CE2] interface loopback 1
[*CE2-LoopBack1] ip address 22.22.22.22 32
[*CE2-LoopBack1] quit
[*CE2] bgp 65420
[*CE2-bgp] peer 10.2.1.1 as-number 100
[*CE2-bgp] peer 10.3.1.1 as-number 100
[*CE2-bgp] network 22.22.22.22 32
[*CE2-bgp] quit
[*CE2] commit# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] router-id 2.2.2.2
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] peer 10.2.1.2 as-number 65420
[*PE2-bgp-vpna] import-route direct
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit# 配置PE3。
[~PE3] bgp 100
[*PE3-bgp] router-id 3.3.3.3
[*PE3-bgp] ipv4-family vpn-instance vpna
[*PE3-bgp-vpna] peer 10.3.1.2 as-number 65420
[*PE3-bgp-vpna] import-route direct
[*PE3-bgp-vpna] commit
[~PE3-bgp-vpna] quit
[~PE3-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.1
Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 1695 1704 0 24:37:20 Established 15. 在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 2::2 as-number 100
[*PE1-bgp] peer 2::2 connect-interface loopback 1
[*PE1-bgp] peer 3::3 as-number 100
[*PE1-bgp] peer 3::3 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2::2 enable
[*PE1-bgp-af-vpnv4] peer 3::3 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 1::1 as-number 100
[*PE2-bgp] peer 1::1 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1::1 enable
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit# 配置PE3。
[~PE3] bgp 100
[~PE3-bgp] peer 1::1 as-number 100
[*PE3-bgp] peer 1::1 connect-interface loopback 1
[*PE3-bgp] ipv4-family vpnv4
[*PE3-bgp-af-vpnv4] peer 1::1 enable
[*PE3-bgp-af-vpnv4] commit
[~PE3-bgp-af-vpnv4] quit
[~PE3-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
6. 在PE之间建立SRv6 BE路径
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 1::1
[*PE1-segment-routing-ipv6] locator as1 ipv6-prefix 10:: 64 static 32
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 2::2 prefix-sid
[*PE1-bgp-af-vpnv4] peer 3::3 prefix-sid
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] segment-routing ipv6 best-effort
[*PE1-bgp-vpna] segment-routing ipv6 locator as1
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit
[~PE1] isis 1
[~PE1-isis-1] segment-routing ipv6 locator as1
[*PE1-isis-1] commit
[~PE1-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2::2
[*PE2-segment-routing-ipv6] locator as1 ipv6-prefix 20:: 64 static 32
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] bgp 100
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1::1 prefix-sid
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] segment-routing ipv6 best-effort
[*PE2-bgp-vpna] segment-routing ipv6 locator as1
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit
[~PE2] isis 1
[~PE2-isis-1] segment-routing ipv6 locator as1
[*PE2-isis-1] commit
[~PE2-isis-1] quit# 配置PE3。
[~PE3] segment-routing ipv6
[*PE3-segment-routing-ipv6] encapsulation source-address 3::3
[*PE3-segment-routing-ipv6] locator as1 ipv6-prefix 30:: 64 static 32
[*PE3-segment-routing-ipv6-locator] quit
[*PE3-segment-routing-ipv6] quit
[*PE3] bgp 100
[*PE3-bgp] ipv4-family vpnv4
[*PE3-bgp-af-vpnv4] peer 1::1 prefix-sid
[*PE3-bgp-af-vpnv4] quit
[*PE3-bgp] ipv4-family vpn-instance vpna
[*PE3-bgp-vpna] segment-routing ipv6 best-effort
[*PE3-bgp-vpna] segment-routing ipv6 locator as1
[*PE3-bgp-vpna] commit
[~PE3-bgp-vpna] quit
[~PE3-bgp] quit
[~PE3] isis 1
[~PE3-isis-1] segment-routing ipv6 locator as1
[*PE3-isis-1] commit
[~PE3-isis-1] quit7. 配置VPN FRR
配置VPN FRR,使用BFD检测Locator路由。如果Locator路由不可达,触发VPN FRR进行路径切换。
# 配置PE1。
[~PE1] ip vpn-instance vpna
[~PE1-vpn-instance-vpna] ipv4-family
[~PE1-vpn-instance-vpna-af-ipv4] vpn frr
[*PE1-vpn-instance-vpna-af-ipv4] commit
[~PE1-vpn-instance-vpna-af-ipv4] quit
[~PE1-vpn-instance-vpna] quit
[~PE1] bgp 100
[~PE1-bgp] ipv4-family vpn-instance vpna
[~PE1-bgp-vpna] route-select delay 300
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit
[~PE1] bfd
[*PE1-bfd] quit
[*PE1] bfd pe1tope2 bind peer-ipv6 20::
[*PE1-bfd-session-pe1tope2] discriminator local 100
[*PE1-bfd-session-pe1tope2] discriminator remote 200
[*PE1-bfd-session-pe1tope2] commit
[~PE1-bfd-session-pe1tope2] quit# 配置PE2。
[~PE2] bfd
[*PE2-bfd] quit
[*PE2] bfd pe2tope1 bind peer-ipv6 10::
[*PE2-bfd-session-pe2tope1] discriminator local 200
[*PE2-bfd-session-pe2tope1] discriminator remote 100
[*PE2-bfd-session-pe2tope1] commit
[~PE2-bfd-session-pe2tope1] quit8. 检查配置结果
执行命令display ip routing-table vpn-instance vpna ip-address verbose查看VPN路由信息。以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpna 22.22.22.22 32 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1
Destination: 22.22.22.22/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 20::1:0:1E Neighbour: 2::2
State: Active Adv Relied Age: 00h10m54s
Tag: 0 Priority: low
Label: 3 QoSInfo: 0x0
IndirectID: 0x10000CC Instance:
RelayNextHop: 20::1:0:1E TunnelID: 0x0
Interface: SRv6 BE Flags: RD
BkNextHop: 30::1:0:1F BkInterface: SRv6 BE
BkLabel: 3 SecTunnelID: 0x0
BkPETunnelID: 0x0 BkPESecTunnelID: 0x0
BkIndirectID: 0x10000D2从以上显示信息可以看出,VPN路由22.22.22.22/32具有备份出接口,VPN FRR路由表项已经生成。
同一VPN的CE能够相互Ping通,例如:
[~CE1] ping -a 11.11.11.11 22.22.22.22
PING 22.22.22.22: 56 data bytes, press CTRL_C to break
Reply from 22.22.22.22: bytes=56 Sequence=1 ttl=253 time=7 ms
Reply from 22.22.22.22: bytes=56 Sequence=2 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=3 ttl=253 time=4 ms
Reply from 22.22.22.22: bytes=56 Sequence=4 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=5 ttl=253 time=5 ms
--- 22.22.22.22 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/7 ms以上是关于华为NE40E路由器实验配置示例 | 配置L3VdPdNdv4 over SRv6 BE的VdPdNd FRR功能的主要内容,如果未能解决你的问题,请参考以下文章
华为NE40E路由器实验配置示例 | 配置SR-MPLS BE隧道的TI-LFA FRR功能
华为NE40E路由器实验配置示例 | 配置EVdPdNd VPLS over SR-MPLS BE(BD EVdPdNd)
华为NE40E路由器实验配置示例 | 配置L3VdPdNd over OSPF SR-MPLS BE
华为NE40E路由器实验配置示例 | 配置L3VdPdNd over OSPF SR-MPLS BE