华为运营商级路由器配置示例 | EVdPdNd L3VdPdNdv4 over SRv6 TE Policy网络切片(静态配置)
2023-09-14 09:09:07 时间
组网需求
如图1所示:PE1、P和PE2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。在PE1和PE2之间通过建立双向SRv6 TE Policy承载EVPN L3VPNv4业务。此外,为了满足保障CE1和CE2之间VPN实例vpn1的业务SLA,可以在公网上创建网络切片20,专门承载vpn1的业务;为了满足保障CE3和CE4之间VPN实例vpn2的业务SLA,可以在公网上创建网络切片30,专门承载vpn2的业务。
图1 配置EVPN L3VPNv4 over SRv6 TE Policy网络切片组网图
配置思路
- 使能PE1、P和PE2各接口的IPv6转发能力,配置各接口的IPv6地址。
- 在PE1、P和PE2上使能IS-IS,配置Level级别,指定网络实体。
- 在PE1、P和PE2上创建网络切片实例,并指定基础接口和创建网络切片接口。
- 在PE设备上配置IPv4 L3VPN实例并将IPv4 L3VPN实例绑定到接入侧接口。
- 在PE和CE之间建立EBGP对等体关系。
- 在PE设备之间建立BGP EVPN对等体关系。
- 在PE1、P和PE2上配置SRv6 SID,配置IS-IS的SRv6能力。同时在PE1和PE2上配置VPN私网路由携带SID属性。
- 在PE1和PE2上配置SRv6 TE Policy,同时在SRv6 TE Policy候选路径下指定Slice ID。
- 在PE1和PE2上配置隧道策略,引入私网流量。
操作步骤
1.使能各接口的IPv6转发能力,配置各接口的IPv6地址
# 配置PE1。P和PE2的配置过程与PE1类似,不再赘述,详情可参考配置文件。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:DB8:10::1 64
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface LoopBack 1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 128
[*PE1-LoopBack1] quit
[*PE1] commit2.配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] quit
[*PE1] commit# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-1
[*P-isis-1] cost-style wide
[*P-isis-1] network-entity 10.0000.0000.0002.00
[*P-isis-1] ipv6 enable topology ipv6
[*P-isis-1] quit
[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] interface loopback1
[*P-LoopBack1] isis ipv6 enable 1
[*P-LoopBack1] quit
[*P] commit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] quit
[*PE2] commit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0002* GE1/0/0 0000.0000.0002.01 Up 8s L1 64
Total Peer(s): 13.在PE1、P和PE2上创建网络切片实例,并指定基础接口和创建网络切片接口
# 配置PE1。
[~PE1] network-slice instance 10
[*PE1-network-slice-instance-10] description Basic
[*PE1-network-slice-instance-10] quit
[*PE1] network-slice instance 20
[*PE1-network-slice-instance-20] description vpn1
[*PE1-network-slice-instance-20] quit
[*PE1] network-slice instance 30
[*PE1-network-slice-instance-30] description vpn2
[*PE1-network-slice-instance-30] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] network-slice 10 data-plane
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 1/0/0.1
[*PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 11
[*PE1-GigabitEthernet1/0/0.1] ipv6 enable
[*PE1-GigabitEthernet1/0/0.1] ipv6 address auto link-local
[*PE1-GigabitEthernet1/0/0.1] mode channel enable
[*PE1-GigabitEthernet1/0/0.1] mode channel bandwidth 500
[*PE1-GigabitEthernet1/0/0.1] basic-slice 10
[*PE1-GigabitEthernet1/0/0.1] network-slice 20 data-plane
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] interface gigabitethernet 1/0/0.2
[*PE1-GigabitEthernet1/0/0.2] vlan-type dot1q 22
[*PE1-GigabitEthernet1/0/0.2] ipv6 enable
[*PE1-GigabitEthernet1/0/0.2] ipv6 address auto link-local
[*PE1-GigabitEthernet1/0/0.2] mode channel enable
[*PE1-GigabitEthernet1/0/0.2] mode channel bandwidth 500
[*PE1-GigabitEthernet1/0/0.2] basic-slice 10
[*PE1-GigabitEthernet1/0/0.2] network-slice 30 data-plane
[*PE1-GigabitEthernet1/0/0.2] quit
[*PE1] commit# 配置P。
[~P] network-slice instance 10
[*P-network-slice-instance-10] description Basic
[*P-network-slice-instance-10] quit
[*P] network-slice instance 20
[*P-network-slice-instance-20] description vpn1
[*P-network-slice-instance-20] quit
[*P] network-slice instance 30
[*P-network-slice-instance-30] description vpn2
[*P-network-slice-instance-30] quit
[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] network-slice 10 data-plane
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 1/0/0.1
[*P-GigabitEthernet1/0/0.1] vlan-type dot1q 11
[*P-GigabitEthernet1/0/0.1] ipv6 enable
[*P-GigabitEthernet1/0/0.1] ipv6 address auto link-local
[*P-GigabitEthernet1/0/0.1] mode channel enable
[*P-GigabitEthernet1/0/0.1] mode channel bandwidth 500
[*P-GigabitEthernet1/0/0.1] basic-slice 10
[*P-GigabitEthernet1/0/0.1] network-slice 20 data-plane
[*P-GigabitEthernet1/0/0.1] quit
[*P] interface gigabitethernet 1/0/0.2
[*P-GigabitEthernet1/0/0.2] vlan-type dot1q 22
[*P-GigabitEthernet1/0/0.2] ipv6 enable
[*P-GigabitEthernet1/0/0.2] ipv6 address auto link-local
[*P-GigabitEthernet1/0/0.2] mode channel enable
[*P-GigabitEthernet1/0/0.2] mode channel bandwidth 500
[*P-GigabitEthernet1/0/0.2] basic-slice 10
[*P-GigabitEthernet1/0/0.2] network-slice 30 data-plane
[*P-GigabitEthernet1/0/0.2] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] network-slice 10 data-plane
[*P-GigabitEthernet2/0/0] quit
[*P] interface gigabitethernet 2/0/0.1
[*P-GigabitEthernet2/0/0.1] vlan-type dot1q 11
[*P-GigabitEthernet2/0/0.1] ipv6 enable
[*P-GigabitEthernet2/0/0.1] ipv6 address auto link-local
[*P-GigabitEthernet2/0/0.1] mode channel enable
[*P-GigabitEthernet2/0/0.1] mode channel bandwidth 500
[*P-GigabitEthernet2/0/0.1] basic-slice 10
[*P-GigabitEthernet2/0/0.1] network-slice 20 data-plane
[*P-GigabitEthernet2/0/0.1] quit
[*P] interface gigabitethernet 2/0/0.2
[*P-GigabitEthernet2/0/0.2] vlan-type dot1q 22
[*P-GigabitEthernet2/0/0.2] ipv6 enable
[*P-GigabitEthernet2/0/0.2] ipv6 address auto link-local
[*P-GigabitEthernet2/0/0.1] mode channel enable
[*P-GigabitEthernet2/0/0.1] mode channel bandwidth 500
[*P-GigabitEthernet2/0/0.2] basic-slice 10
[*P-GigabitEthernet2/0/0.2] network-slice 30 data-plane
[*P-GigabitEthernet2/0/0.2] quit
[*P] commit# 配置PE2。
[~PE2] network-slice instance 10
[*PE2-network-slice-instance-10] description Basic
[*PE2-network-slice-instance-10] quit
[*PE2] network-slice instance 20
[*PE2-network-slice-instance-20] description vpn1
[*PE2-network-slice-instance-20] quit
[*PE2] network-slice instance 30
[*PE2-network-slice-instance-30] description vpn2
[*PE2-network-slice-instance-30] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] network-slice 10 data-plane
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface gigabitethernet 1/0/0.1
[*PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 11
[*PE2-GigabitEthernet1/0/0.1] ipv6 enable
[*PE2-GigabitEthernet1/0/0.1] ipv6 address auto link-local
[*PE2-GigabitEthernet1/0/0.1] mode channel enable
[*PE2-GigabitEthernet1/0/0.1] mode channel bandwidth 500
[*PE2-GigabitEthernet1/0/0.1] basic-slice 10
[*PE2-GigabitEthernet1/0/0.1] network-slice 20 data-plane
[*PE2-GigabitEthernet1/0/0.1] quit
[*PE2] interface gigabitethernet 1/0/0.2
[*PE2-GigabitEthernet1/0/0.2] vlan-type dot1q 22
[*PE2-GigabitEthernet1/0/0.2] ipv6 enable
[*PE2-GigabitEthernet1/0/0.2] ipv6 address auto link-local
[*PE2-GigabitEthernet1/0/0.2] mode channel enable
[*PE2-GigabitEthernet1/0/0.2] mode channel bandwidth 500
[*PE2-GigabitEthernet1/0/0.2] basic-slice 10
[*PE2-GigabitEthernet1/0/0.2] network-slice 30 data-plane
[*PE2-GigabitEthernet1/0/0.2] quit
[*PE2] commit配置完成后,可按如下指导查看切片实例下基础接口与切片接口绑定关系。以PE1的显示为例:
[~PE1] display network-slice 10 binding-list
Slice-ID Basic-Interface Slicing-Interface
10 GigabitEthernet1/0/0 GigabitEthernet1/0/0.1
GigabitEthernet1/0/0.24.在PE设备上配置IPv4 L3VPN实例并将IPv4 L3VPN实例绑定到接入侧接口
# 配置PE1。
[~PE1] ip vpn-instance vpn1
[*PE1-vpn-instance-vpn1] ipv4-family
[*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 evpn
[*PE1-vpn-instance-vpn1-af-ipv4] quit
[*PE1-vpn-instance-vpn1] quit
[*PE1] interface gigabitethernet2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
[*PE1-GigabitEthernet2/0/0] ip address 10.11.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] ip vpn-instance vpn2
[*PE1-vpn-instance-vpn2] ipv4-family
[*PE1-vpn-instance-vpn2-af-ipv4] route-distinguisher 100:2
[*PE1-vpn-instance-vpn2-af-ipv4] vpn-target 2:2 evpn
[*PE1-vpn-instance-vpn2-af-ipv4] quit
[*PE1-vpn-instance-vpn2] quit
[*PE1] interface gigabitethernet3/0/0
[*PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpn2
[*PE1-GigabitEthernet3/0/0] ip address 10.33.1.1 24
[*PE1-GigabitEthernet3/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpn1
[*PE2-vpn-instance-vpn1] ipv4-family
[*PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 evpn
[*PE2-vpn-instance-vpn1-af-ipv4] quit
[*PE2-vpn-instance-vpn1] quit
[*PE2] interface gigabitethernet2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
[*PE2-GigabitEthernet2/0/0] ip address 10.22.1.1 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] ip vpn-instance vpn2
[*PE2-vpn-instance-vpn2] ipv4-family
[*PE2-vpn-instance-vpn2-af-ipv4] route-distinguisher 200:2
[*PE2-vpn-instance-vpn2-af-ipv4] vpn-target 2:2 evpn
[*PE2-vpn-instance-vpn2-af-ipv4] quit
[*PE2-vpn-instance-vpn2] quit
[*PE2] interface gigabitethernet3/0/0
[*PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpn2
[*PE2-GigabitEthernet3/0/0] ip address 10.44.1.1 24
[*PE2-GigabitEthernet3/0/0] quit
[*PE2] commit5.在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.1.1.1 32
[*CE1-LoopBack1] quit
[*CE1] bgp 65410
[*CE1-bgp] router-id 11.1.1.1
[*CE1-bgp] peer 10.11.1.1 as-number 100
[*CE1-bgp] import-route direct
[*CE1-bgp] quit
[*CE1] commit# 配置CE3。
[~CE3] interface loopback 1
[*CE3-LoopBack1] ip address 33.3.3.3 32
[*CE3-LoopBack1] quit
[*CE3] bgp 65430
[*CE3-bgp] router-id 33.3.3.3
[*CE3-bgp] peer 10.33.1.1 as-number 100
[*CE3-bgp] import-route direct
[*CE3-bgp] quit
[*CE3] commit# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] ipv4-family vpn-instance vpn1
[*PE1-bgp-vpn1] peer 10.11.1.2 as-number 65410
[*PE1-bgp-vpn1] import-route direct
[*PE1-bgp-vpn1] advertise l2vpn evpn
[*PE1-bgp-vpn1] quit
[*PE1-bgp] ipv4-family vpn-instance vpn2
[*PE1-bgp-vpn2] peer 10.33.1.2 as-number 65430
[*PE1-bgp-vpn2] import-route direct
[*PE1-bgp-vpn2] advertise l2vpn evpn
[*PE1-bgp-vpn2] quit
[*PE1-bgp] quit
[*PE1] commit# 配置CE2。
[~CE2] interface loopback 1
[*CE2-LoopBack1] ip address 22.2.2.2 32
[*CE2-LoopBack1] quit
[*CE2] bgp 65420
[*CE2-bgp] router-id 22.2.2.2
[*CE2-bgp] peer 10.22.1.1 as-number 100
[*CE2-bgp] import-route direct
[*CE2-bgp] quit
[*CE2] commit# 配置CE4。
[~CE4] interface loopback 1
[*CE4-LoopBack1] ip address 44.4.4.4 32
[*CE4-LoopBack1] quit
[*CE4] bgp 65440
[*CE4-bgp] router-id 44.4.4.4
[*CE4-bgp] peer 10.44.1.1 as-number 100
[*CE4-bgp] import-route direct
[*CE4-bgp] quit
[*CE4] commit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] router-id 3.3.3.3
[*PE2-bgp] ipv4-family vpn-instance vpn1
[*PE2-bgp-vpn1] peer 10.22.1.2 as-number 65420
[*PE2-bgp-vpn1] import-route direct
[*PE2-bgp-vpn1] advertise l2vpn evpn
[*PE2-bgp-vpn1] quit
[*PE2-bgp] ipv4-family vpn-instance vpn2
[*PE2-bgp-vpn2] peer 10.44.1.2 as-number 65440
[*PE2-bgp-vpn2] import-route direct
[*PE2-bgp-vpn2] advertise l2vpn evpn
[*PE2-bgp-vpn2] quit
[*PE2-bgp] quit
[*PE2] commit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.1
Local AS number : 100
VPN-Instance vpn1, Router ID 1.1.1.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.11.1.2 4 65410 16 19 0 00:10:44 Established 2 6.在PE设备之间建立BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 2001:DB8:3::3 as-number 100
[*PE1-bgp] peer 2001:DB8:3::3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 2001:DB8:1::1 as-number 100
[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit配置完成后,在PE设备上执行display bgp evpn peer命令,可以看到PE之间的BGP EVPN对等体关系已建立,并达到Established状态。
以PE1的显示为例:
[~PE1] display bgp evpn peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001:DB8:3::3 4 100 49 49 0 00:30:41 Established 27.配置SRv6 SID,同时在PE上配置VPN私网路由携带SID属性
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1
[*PE1-segment-routing-ipv6] locator PE1 ipv6-prefix 2001:DB8:100:: 64 static 32
[*PE1-segment-routing-ipv6-locator] opcode ::10 end psp
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 advertise encap-type srv6
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] ipv4-family vpn-instance vpn1
[*PE1-bgp-vpn1] segment-routing ipv6 traffic-engineer best-effort evpn
[*PE1-bgp-vpn1] segment-routing ipv6 locator PE1 evpn
[*PE1-bgp-vpn1] quit
[*PE1-bgp] ipv4-family vpn-instance vpn2
[*PE1-bgp-vpn2] segment-routing ipv6 traffic-engineer best-effort evpn
[*PE1-bgp-vpn2] segment-routing ipv6 locator PE1 evpn
[*PE1-bgp-vpn2] quit
[*PE1-bgp] quit
[*PE1] isis 1
[*PE1-isis-1] segment-routing ipv6 locator PE1 auto-sid-disable
[*PE1-isis-1] quit
[*PE1] commit# 配置P。
[~P] segment-routing ipv6
[*P-segment-routing-ipv6] encapsulation source-address 2001:DB8:2::2
[*P-segment-routing-ipv6] locator P ipv6-prefix 2001:DB8:120:: 64 static 32
[*P-segment-routing-ipv6-locator] opcode ::20 end psp
[*P-segment-routing-ipv6-locator] quit
[*P-segment-routing-ipv6] quit
[*P] isis 1
[*P-isis-1] segment-routing ipv6 locator P auto-sid-disable
[*P-isis-1] commit
[~P-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:3::3
[*PE2-segment-routing-ipv6] locator PE2 ipv6-prefix 2001:DB8:130:: 64 static 32
[*PE2-segment-routing-ipv6-locator] opcode ::30 end psp
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] bgp 100
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 advertise encap-type srv6
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] ipv4-family vpn-instance vpn1
[*PE2-bgp-vpn1] segment-routing ipv6 traffic-engineer best-effort evpn
[*PE2-bgp-vpn1] segment-routing ipv6 locator PE2 evpn
[*PE2-bgp-vpn1] quit
[*PE2-bgp] ipv4-family vpn-instance vpn2
[*PE2-bgp-vpn2] segment-routing ipv6 traffic-engineer best-effort evpn
[*PE2-bgp-vpn2] segment-routing ipv6 locator PE2 evpn
[*PE2-bgp-vpn2] quit
[*PE2-bgp] quit
[*PE2] isis 1
[*PE2-isis-1] segment-routing ipv6 locator PE2 auto-sid-disable
[*PE2-isis-1] quit
[*PE2] commit执行命令display segment-routing ipv6 local-sid end forwarding查看SRv6的Local SID表信息。
[~PE1] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:100::10/128 FuncType : End
Flavor : PSP
LocatorName : PE1 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:46:05.713
Total SID(s): 1
[~PE2] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:130::30/128 FuncType : End
Flavor : PSP
LocatorName : PE2 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:47:26.426
Total SID(s): 1
[~P] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:120::20/128 FuncType : End
Flavor : PSP
LocatorName : P LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:49:44.292
Total SID(s): 18.配置SRv6 TE Policy,同时在SRv6 TE Policy候选路径下指定Slice ID
# 配置PE1。
[~PE1] segment-routing ipv6
[~PE1-segment-routing-ipv6] segment-list list1
[*PE1-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:120::20
[*PE1-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:130::30
[*PE1-segment-routing-ipv6-segment-list-list1] commit
[~PE1-segment-routing-ipv6-segment-list-list1] quit
[~PE1-segment-routing-ipv6] srv6-te-policy locator PE1
[*PE1-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:3::3 color 101
[*PE1-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE1-segment-routing-ipv6-policy-policy1-path] network-slice 20 data-plane
[*PE1-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE1-segment-routing-ipv6-policy-policy1-path] quit
[*PE1-segment-routing-ipv6-policy-policy1] quit
[*PE1-segment-routing-ipv6] srv6-te policy policy2 endpoint 2001:DB8:3::3 color 202
[*PE1-segment-routing-ipv6-policy-policy2] candidate-path preference 100
[*PE1-segment-routing-ipv6-policy-policy2-path] network-slice 30 data-plane
[*PE1-segment-routing-ipv6-policy-policy2-path] segment-list list1
[*PE1-segment-routing-ipv6-policy-policy2-path] quit
[*PE1-segment-routing-ipv6-policy-policy2] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] commit# 配置PE2。
[~PE2] segment-routing ipv6
[~PE2-segment-routing-ipv6] segment-list list1
[*PE2-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:120::20
[*PE2-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:100::10
[*PE2-segment-routing-ipv6-segment-list-list1] commit
[~PE2-segment-routing-ipv6-segment-list-list1] quit
[~PE2-segment-routing-ipv6] srv6-te-policy locator PE2
[*PE2-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:1::1 color 101
[*PE2-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE2-segment-routing-ipv6-policy-policy1-path] network-slice 20 data-plane
[*PE2-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE2-segment-routing-ipv6-policy-policy1-path] quit
[*PE2-segment-routing-ipv6-policy-policy1] quit
[*PE2-segment-routing-ipv6] srv6-te policy policy2 endpoint 2001:DB8:1::1 color 202
[*PE2-segment-routing-ipv6-policy-policy2] candidate-path preference 100
[*PE2-segment-routing-ipv6-policy-policy2-path] network-slice 30 data-plane
[*PE2-segment-routing-ipv6-policy-policy2-path] segment-list list1
[*PE2-segment-routing-ipv6-policy-policy2-path] quit
[*PE2-segment-routing-ipv6-policy-policy2] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] commit配置完成后,执行命令display srv6-te policy查看SRv6 TE Policy信息。
以PE1的显示为例:
[~PE1] display srv6-te policy
PolicyName : policy1
Color : 101 Endpoint : 2001:DB8:3::3
TunnelId : 1 Binding SID : -
TunnelType : SRv6-TE Policy DelayTimerRemain : -
Policy State : Up State Change Time : 2021-02-05 07:04:45
Admin State : Up Traffic Statistics : Disable
Backup Hot-Standby : Disable BFD : Disable
Interface Index : - Interface Name : -
Interface State : - Encapsulation Mode : Insert
Candidate-path Count : 1
Candidate-path Preference : 100
Path State : Active Path Type : Primary
Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0
Discriminator : 100 Binding SID : -
GroupId : 1 Policy Name : policy1
Template ID : 0 Path Verification : Disable
DelayTimerRemain : - Network Slice ID : 20 (data-plane)
Segment-List Count : 1
Segment-List : list1
Segment-List ID : 2 XcIndex : 2
List State : Up DelayTimerRemain : -
Verification State : - SuppressTimeRemain : -
PMTU : 9600 Active PMTU : 9600
Weight : 1 BFD State : -
Network Slice ID : 20 (data-plane)
SID :
2001:DB8:120::20
2001:DB8:130::30
PolicyName : policy2
Color : 202 Endpoint : 2001:DB8:3::3
TunnelId : 2 Binding SID : -
TunnelType : SRv6-TE Policy DelayTimerRemain : -
Policy State : Up State Change Time : 2021-02-07 04:01:24
Admin State : Up Traffic Statistics : Disable
Backup Hot-Standby : Disable BFD : Disable
Interface Index : - Interface Name : -
Interface State : - Encapsulation Mode : Insert
Candidate-path Count : 1
Candidate-path Preference : 100
Path State : Active Path Type : Primary
Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0
Discriminator : 100 Binding SID : -
GroupId : 2 Policy Name : policy2
Template ID : 0 Path Verification : Disable
DelayTimerRemain : - Network Slice ID : 30 (data-plane)
Segment-List Count : 1
Segment-List : list1
Segment-List ID : 129 XcIndex : 129
List State : Up DelayTimerRemain : -
Verification State : - SuppressTimeRemain : -
PMTU : 9600 Active PMTU : 9600
Weight : 1 BFD State : -
Network Slice ID : 30 (data-plane)
SID :
2001:DB8:120::20
2001:DB8:130::309.配置隧道策略,引入私网流量
# 配置PE1。
[~PE1] ip ip-prefix p2 index 10 permit 22.2.2.2 32
[*PE1] ip ip-prefix p2 index 20 permit 10.22.1.0 24
[*PE1] ip ip-prefix p4 index 10 permit 44.4.4.4 32
[*PE1] ip ip-prefix p4 index 20 permit 10.44.1.0 24
[*PE1] route-policy rp1234 permit node 10
[*PE1-route-policy] if-match ip-prefix p2
[*PE1-route-policy] apply extcommunity color 0:101
[*PE1-route-policy] quit
[*PE1] route-policy rp1234 permit node 20
[*PE1-route-policy] if-match ip-prefix p4
[*PE1-route-policy] apply extcommunity color 0:202
[*PE1-route-policy] quit
[*PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 route-policy rp1234 import
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] tunnel-policy tp1234
[*PE1-tunnel-policy-tp1234] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE1-tunnel-policy-tp1234] quit
[*PE1] ip vpn-instance vpn1
[*PE1-vpn-instance-vpn1] ipv4-family
[*PE1-vpn-instance-vpn1-af-ipv4] tnl-policy tp1234 evpn
[*PE1-vpn-instance-vpn1-af-ipv4] quit
[*PE1-vpn-instance-vpn1] quit
[*PE1] ip vpn-instance vpn2
[*PE1-vpn-instance-vpn2] ipv4-family
[*PE1-vpn-instance-vpn2-af-ipv4] tnl-policy tp1234 evpn
[*PE1-vpn-instance-vpn2-af-ipv4] quit
[*PE1-vpn-instance-vpn2] quit
[*PE1] commit# 配置PE2。
[~PE2] ip ip-prefix p1 index 10 permit 11.1.1.1 32
[*PE2] ip ip-prefix p1 index 20 permit 10.11.1.0 24
[*PE2] ip ip-prefix p3 index 10 permit 33.3.3.3 32
[*PE2] ip ip-prefix p3 index 20 permit 10.33.1.0 24
[*PE2] route-policy rp1234 permit node 10
[*PE2-route-policy] if-match ip-prefix p1
[*PE2-route-policy] apply extcommunity color 0:101
[*PE2-route-policy] quit
[*PE2] route-policy rp1234 permit node 20
[*PE2-route-policy] if-match ip-prefix p3
[*PE2-route-policy] apply extcommunity color 0:202
[*PE2-route-policy] quit
[*PE2] bgp 100
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 route-policy rp1234 import
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] tunnel-policy tp1234
[*PE2-tunnel-policy-tp1234] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE2-tunnel-policy-tp1234] quit
[*PE2] ip vpn-instance vpn1
[*PE2-vpn-instance-vpn1] ipv4-family
[*PE2-vpn-instance-vpn1-af-ipv4] tnl-policy tp1234 evpn
[*PE2-vpn-instance-vpn1-af-ipv4] quit
[*PE2-vpn-instance-vpn1] quit
[*PE2] ip vpn-instance vpn2
[*PE2-vpn-instance-vpn2] ipv4-family
[*PE2-vpn-instance-vpn2-af-ipv4] tnl-policy tp1234 evpn
[*PE2-vpn-instance-vpn2-af-ipv4] quit
[*PE2-vpn-instance-vpn2] quit
[*PE2] commit配置完成后,执行命令display ip routing-table vpn-instance vpn1查看VPN实例IPv4路由表信息,可以看到私网路由已经成功迭代到SRv6 TE Policy。
以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.11.1.0/24 Direct 0 0 D 10.11.1.1 GigabitEthernet2/0/0
10.11.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.11.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.22.1.0/24 IBGP 255 0 RD 2001:DB8:3::3 policy1
11.1.1.1/32 EBGP 255 0 RD 10.11.1.2 GigabitEthernet2/0/0
22.2.2.2/32 IBGP 255 0 RD 2001:DB8:3::3 policy1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~PE1] display ip routing-table vpn-instance vpn1 22.2.2.2 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Summary Count : 1
Destination: 22.2.2.2/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 2001:DB8:3::3 Neighbour: 2001:DB8:3::3
State: Active Adv Relied Age: 01h41m01s
Tag: 0 Priority: low
Label: NULL QoSInfo: 0x0
IndirectID: 0x10000DF Instance:
RelayNextHop: :: Interface: policy1
TunnelID: 0x000000003400000001 Flags: RD 10.检查配置结果
同一VPN的CE能够相互Ping通,例如:
[~CE1] ping -a 11.1.1.1 22.2.2.2
PING 22.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 22.2.2.2: bytes=56 Sequence=1 ttl=253 time=7 ms
Reply from 22.2.2.2: bytes=56 Sequence=2 ttl=253 time=4 ms
Reply from 22.2.2.2: bytes=56 Sequence=3 ttl=253 time=3 ms
Reply from 22.2.2.2: bytes=56 Sequence=4 ttl=253 time=4 ms
Reply from 22.2.2.2: bytes=56 Sequence=5 ttl=253 time=3 ms
--- 22.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/7 ms
[~CE3] ping -a 33.3.3.3 44.4.4.4
PING 44.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 44.4.4.4: bytes=56 Sequence=1 ttl=253 time=9 ms
Reply from 44.4.4.4: bytes=56 Sequence=2 ttl=253 time=5 ms
Reply from 44.4.4.4: bytes=56 Sequence=3 ttl=253 time=4 ms
Reply from 44.4.4.4: bytes=56 Sequence=4 ttl=253 time=5 ms
Reply from 44.4.4.4: bytes=56 Sequence=5 ttl=253 time=4 ms
--- 44.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/9 ms
相关文章
- H3C : S6550XE-56HF-HI 25G+100G光口交换机配置动静态端口聚合
- nginx静态资源服务器简单配置[通俗易懂]
- ubuntu添加静态路由表_Ubuntu配置静态ip
- 静态vlan的配置方式_实例方法与静态方法的区别
- idea中如何配置maven项目_idea配置maven环境
- 【Linux】配置静态IP
- 【Android NDK 开发】Android.mk 配置静态库 ( Android Studio 配置静态库 | 配置动态库与静态库区别 | 动态库与静态库打包对比 )
- Oracle 参数 USE_LARGE_PAGES 官方解释,作用,如何配置最优化建议
- Linux云主机配置:尽情享受体验(linux云主机配置)
- Linux下静态IP地址配置指南(linux配置静态地址)
- 实战攻略:Linux下静态路由配置(linux静态路由配置)
- Linux设置静态IP实现稳定连网(配置静态iplinux)
- Linux多路径配置提升系统性能(linux多路径配置)
- 如何在linux上配置svn版本控制系统?(linux配置svn)
- 高可用集群!(Linux配置ha)
- win2008 Iis7伪静态配置方法
- 你所不了解的静态路由特点及配置
- AWS改变MySQL配置,创建更加美好的未来(aws改mysql配置)
- SSSM中Redis配置的快速指南(sssm中redis配置)
- 如何快速轻松地更改Redis配置(redis配置更改)
- Apache配置伪静态详细步骤