- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-SRv6典型配置举例
本章节下载: 01-SRv6典型配置举例 (242.90 KB)
本文档介绍SRv6的典型应用场景和配置举例。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解SRv6特性。
如图1所示,承载网为IPv6网络,私网为IPv4网络。PE 1、P 1、P 2和PE 2属于同一自治系统,它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间建立两条等价的SRv6隧道,用来承载IPv4 L3VPN业务。
图1 IPv4 L3VPN over SRv6 BE ECMP配置组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
CE 1 |
Vlan-int12 |
10.1.1.1/24 |
CE 2 |
Vlan-int17 |
20.1.1.1/24 |
|
PE 1 |
Loop1 |
1::1/128 |
PE 2 |
Loop1 |
4::4/128 |
|
|
Vlan-int12 |
10.1.1.2/24 |
|
Vlan-int17 |
20.1.1.2/24 |
|
|
Vlan-int13 |
2001::1/96 |
|
Vlan-int15 |
2002::1/96 |
|
|
Vlan-int14 |
3001::1/96 |
|
Vlan-int16 |
3002::1/96 |
|
P 1 |
Loop1 |
2::2/128 |
P 2 |
Loop1 |
3::3/128 |
|
|
Vlan-int13 |
2001::2/96 |
|
Vlan-int14 |
3001::2/96 |
|
|
Vlan-int15 |
2002::2/96 |
|
Vlan-int16 |
3002::2/96 |
表1 适用产品及版本
|
产品 |
软件版本 |
|
S6550X-HI系列 |
R1330P07及以上版本 |
|
S6880系列 |
R1330P07及以上版本 |
|
S9820-8M |
R1330P07及以上版本 |
|
S5580X-HI系列 |
R1330P07及以上版本 |
|
S5580X-EI系列 |
不支持 |
|
S5580S-EI系列 |
不支持 |
SRv6 BE ECMP依赖于网络中的等价路由,所以为了确保配置成功,用户需要合理规划链路的IGP cost。在本例中,各个链路采用缺省cost值(10)。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] bgp 200
[CE1-bgp-default] router-id 11.11.11.11
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ipv6 address 1::1 128
[PE1-LoopBack1] isis ipv6 enable 1
[PE1-LoopBack1] quit
[PE1] interface vlan-interface 13
[PE1-Vlan-interface13] isis ipv6 enable
[PE1-Vlan-interface13] isis ipv6 bfd enable
[PE1-Vlan-interface13] quit
[PE1] interface vlan-interface 14
[PE1-Vlan-interface14] isis ipv6 enable
[PE1-Vlan-interface14] isis ipv6 bfd enable
[PE1-Vlan-interface14] quit
# 配置VPN实例,将CE接入PE。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface vlan-interface 12
[PE1-Vlan-interface12] ip binding vpn-instance vpn1
[PE1-Vlan-interface12] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 100
[PE1-bgp-default] router-id 1.1.1.1
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# 在PE之间建立MP-IBGP对等体。
[PE1-bgp-default] peer 4::4 as-number 100
[PE1-bgp-default] peer 4::4 connect-interface loopback 1
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。
[PE1] segment-routing ipv6
[PE1-segment-routing-ipv6] encapsulation source-address 1::1
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16
[PE1-segment-routing-ipv6-locator-abc] quit
[PE1-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE1] isis 1
[PE1-isis-1] address-family ipv6 unicast
[PE1-isis-1-ipv6] segment-routing ipv6 locator abc
[PE1-isis-1-ipv6] quit
[PE1-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname P1
[P1] isis 1
[P1-isis-1] cost-style wide
[P1-isis-1] network-entity 00.0000.0000.0002.00
[P1-isis-1] address-family ipv6 unicast
[P1-isis-1-ipv6] quit
[P1-isis-1] quit
[P1] interface loopback 1
[P1-LoopBack1] ipv6 address 2::2 128
[P1-LoopBack1] isis ipv6 enable 1
[P1-LoopBack1] quit
[P1] interface vlan-interface 13
[P1-Vlan-interface13] isis ipv6 enable
[P1-Vlan-interface13] isis ipv6 bfd enable
[P1-Vlan-interface13] quit
[P1] interface vlan-interface 15
[P1-Vlan-interface15] isis ipv6 enable
[P1-Vlan-interface15] isis ipv6 bfd enable
[P1-Vlan-interface15] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname P2
[P2] isis 1
[P2-isis-1] cost-style wide
[P2-isis-1] network-entity 00.0000.0000.0003.00
[P2-isis-1] address-family ipv6 unicast
[P2-isis-1-ipv6] quit
[P2-isis-1] quit
[P2] interface loopback 1
[P2-LoopBack1] ipv6 address 3::3 128
[P2-LoopBack1] isis ipv6 enable 1
[P2-LoopBack1] quit
[P2] interface vlan-interface 14
[P2-Vlan-interface14] isis ipv6 enable
[P2-Vlan-interface14] isis ipv6 bfd enable
[P2-Vlan-interface14] quit
[P2] interface vlan-interface 16
[P2-Vlan-interface16] isis ipv6 enable
[P2-Vlan-interface16] isis ipv6 bfd enable
[P2-Vlan-interface16] quit
# 配置IPv6 IS-IS,实现骨干网PE和P的互通。同时配置IS-IS与BFD联动,提高链路状态变化时IS-IS的收敛速度。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] network-entity 00.0000.0000.0004.00
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ipv6 address 4::4 128
[PE2-LoopBack1] isis ipv6 enable 1
[PE2-LoopBack1] quit
[PE2] interface vlan-interface 15
[PE2-Vlan-interface15] isis ipv6 enable
[PE2-Vlan-interface15] isis ipv6 bfd enable
[PE2-Vlan-interface15] quit
[PE2] interface vlan-interface 16
[PE2-Vlan-interface16] isis ipv6 enable
[PE2-Vlan-interface16] isis ipv6 bfd enable
[PE2-Vlan-interface16] quit
# 配置VPN实例,将CE接入PE。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlan-interface 17
[PE2-Vlan-interface17] ip binding vpn-instance vpn1
[PE2-Vlan-interface17] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 100
[PE2-bgp-default] router-id 4.4.4.4
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
# 在PE之间建立MP-IBGP对等体。
[PE2-bgp-default] peer 1::1 as-number 100
[PE2-bgp-default] peer 1::1 connect-interface loopback 1
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 4::4
# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。
[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16
[PE2-segment-routing-ipv6-locator-abc] quit
[PE2-segment-routing-ipv6] quit
# 在PE设备上配置IS-IS引用并发布Locator。
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator abc
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 在PE设备上配置IPv6对等体之间交换End.DT4 SID,同时允许将私网路由迭代到End.DT4 SID的路由条目上。
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc
[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
<Sysname> system-view
[Sysname] sysname CE2
[CE2] bgp 300
[CE2-bgp-default] router-id 22.22.22.22
[CE2-bgp-default] peer 20.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 在PE 1执行命令display ip routing-table vpn-instance查看VPN路由信息,可以看出VPN路由20.1.1.1/24具有两个出接口,转发时将形成ECMP。
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.2 VLAN12
10.1.1.0/32 Direct 0 0 10.1.1.2 VLAN12
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.255/32 Direct 0 0 10.1.1.2 VLAN12
20.1.1.0/24 BGP 255 0 200:1:: VLAN13
BGP 255 0 200:1:: VLAN14
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# CE 1和CE 2之间能够ping通。
[CE1] ping -a 10.1.1.1 20.1.1.1
Ping 20.1.1.1 (20.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL+C to break
56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=1.000 ms
56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms
--- Ping statistics for 20.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms
· CE 1:
#
sysname CE1
#
vlan 12
#
interface Vlan-interface12
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 12
#
bgp 200
router-id 11.11.11.11
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
· PE 1:
#
sysname PE1
#
vlan 12
#
vlan 13
#
vlan 14
#
interface Vlan-interface12
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Vlan-interface13
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2001::1/96
#
interface Vlan-interface14
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3001::1/96
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0001.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 1::1/128
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 12
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 14
#
bgp 100
router-id 1.1.1.1
peer 4::4 as-number 100
peer 4::4 connect-interface LoopBack1
#
address-family vpnv4
peer 4::4 enable
peer 4::4 prefix-sid
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 200
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 10.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 1::1
#
locator abc ipv6-prefix 100:1:: 64 static 16
#
· P 1:
#
sysname P1
#
vlan 13
#
vlan 15
#
interface Vlan-interface13
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2001::2/96
#
interface Vlan-interface15
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2002::2/96
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0002.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 2::2/128
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 13
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 15
#
· P 2:
#
sysname P2
#
vlan 14
#
vlan 16
#
interface Vlan-interface14
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3001::2/96
#
interface Vlan-interface16
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3002::2/96
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 3::3/128
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 14
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 16
#
· PE 2:
#
sysname PE2
#
vlan 15
#
vlan 16
#
vlan 17
#
interface Vlan-interface15
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 2002::1/96
#
interface Vlan-interface16
isis ipv6 enable 1
isis ipv6 bfd enable
ipv6 address 3002::1/96
#
interface Vlan-interface17
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
isis 1
non-stop-routing
cost-style wide
network-entity 00.0000.0000.0004.00
#
address-family ipv6 unicast
segment-routing ipv6 locator abc
#
interface LoopBack1
isis ipv6 enable 1
ipv6 address 4::4/128
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 17
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 15
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 16
#
bgp 100
router-id 4.4.4.4
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack1
#
address-family vpnv4
peer 1::1 enable
peer 1::1 prefix-sid
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 300
#
address-family ipv4 unicast
segment-routing ipv6 best-effort
segment-routing ipv6 locator abc
import-route direct
peer 20.1.1.1 enable
#
segment-routing ipv6
encapsulation source-address 4::4
#
locator abc ipv6-prefix 200:1:: 64 static 16
#
· CE 2:
#
sysname CE2
#
vlan 17
#
interface Vlan-interface17
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 17
#
bgp 300
router-id 22.22.22.22
peer 20.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
