标签:quit isis 示例 over PE1 PE2 ECMP bgp ipv6
组网需求
如图1所示:
-
路由器PE1、P1、P2和PE2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。
-
PE1、P1、P2和PE2属于IS-IS进程1,都是Level-2设备。
要求在PE1和PE2之间建立双向SRv6 BE路径,承载L3VPNv4业务。同时为了充分利用网络资源,要求PE1和PE2之间SRv6 BE承载的L3VPNv4业务可以进行等值负载分担(ECMP)。
图1 配置L3VPNv4 over SRv6 BE ECMP组网图
配置思路
-
使能PE1、P1、P2和PE2各接口的IPv6转发能力,配置各接口的IPv6地址。
-
在PE1、P1、P2和PE2上使能IS-IS,配置Level级别,指定网络实体。同时配置动态BFD for IPv6 IS-IS。
-
在PE1和PE2上配置VPN实例。
-
在PE和CE之间建立EBGP对等体关系。
-
在PE之间建立MP-IBGP对等体关系。
-
在PE1和PE2上配置SRv6。配置IS-IS的SRv6能力。
操作步骤
1. 使能各接口的IPv6转发能力,配置IPv6地址,以PE1为例,其他路由器的配置过程相同,不再赘述
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:db8:1::1 96
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ipv6 enable
[*PE1-GigabitEthernet2/0/0] ipv6 address 2001:db8:3::1 96
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] interface LoopBack 1
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 1::1 128
[*PE1-LoopBack1] quit
[*PE1] commit2. 配置IS-IS
配置IS-IS时,同时使能动态BFD功能,提高链路状态变化时IS-IS的收敛速度。
# 配置PE1。
[~PE1] bfd
[*PE1-bfd] quit
[*PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] ipv6 bfd all-interfaces enable
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] commit
[~PE1-LoopBack1] quit# 配置P1。
[~P1] bfd
[*P1-bfd] quit
[*P1] isis 1
[*P1-isis-1] is-level level-2
[*P1-isis-1] cost-style wide
[*P1-isis-1] network-entity 10.0000.0000.0002.00
[*P1-isis-1] ipv6 enable topology ipv6
[*P1-isis-1] ipv6 bfd all-interfaces enable
[*P1-isis-1] quit
[*P1] interface gigabitethernet 1/0/0
[*P1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P1-GigabitEthernet1/0/0] quit
[*P1] interface gigabitethernet 2/0/0
[*P1-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P1-GigabitEthernet2/0/0] quit
[*P1] interface loopback1
[*P1-LoopBack1] isis ipv6 enable 1
[*P1-LoopBack1] commit
[~P1-LoopBack1] quit# 配置P2。
[~P2] bfd
[*P2-bfd] quit
[*P2] isis 1
[*P2-isis-1] is-level level-2
[*P2-isis-1] cost-style wide
[*P2-isis-1] network-entity 10.0000.0000.0004.00
[*P2-isis-1] ipv6 enable topology ipv6
[*P2-isis-1] ipv6 bfd all-interfaces enable
[*P2-isis-1] quit
[*P2] interface gigabitethernet 1/0/0
[*P2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P2-GigabitEthernet1/0/0] quit
[*P2] interface gigabitethernet 2/0/0
[*P2-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P2-GigabitEthernet2/0/0] quit
[*P2] interface loopback1
[*P2-LoopBack1] isis ipv6 enable 1
[*P2-LoopBack1] commit
[~P2-LoopBack1] quit# 配置PE2。
[~PE2] bfd
[*PE2-bfd] quit
[*PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] ipv6 bfd all-interfaces enable
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] commit
[~PE2-LoopBack1] quit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0004* GE2/0/0 0000.0000.0004.02 Up 7s L2 64
0000.0000.0002* GE1/0/0 0000.0000.0002.02 Up 9s L2 64
Total Peer(s): 2# 显示IS-IS路由表信息。以PE1为例。
[~PE1] display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags
--------------------------------------------------------------------------------
1::/128 Loop1 Direct 0 D/-/L/-
2::/128 GE1/0/0 FE80::3A92:6CFF:FE31:307 10 A/-/-/-
3::/128 GE1/0/0 FE80::3A92:6CFF:FE31:307 20 A/-/-/-
GE2/0/0 FE80::3A92:6CFF:FE41:305
4::/128 GE2/0/0 FE80::3A92:6CFF:FE41:305 10 A/-/-/-
2001:DB8:1::/96 GE1/0/0 Direct 10 D/-/L/-
2001:DB8:2::/96 GE1/0/0 FE80::3A92:6CFF:FE31:307 20 A/-/-/-
2001:DB8:3::/96 GE2/0/0 Direct 10 D/-/L/-
2001:DB8:4::/96 GE2/0/0 FE80::3A92:6CFF:FE41:305 20 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, LP-Local Prefix-Sid
Protect Type: L-Link Protect, N-Node Protect3. 在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface gigabitethernet 3/0/0
[*PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet3/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet3/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface gigabitethernet 3/0/0
[*PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet3/0/0] ip address 10.2.1.1 24
[*PE2-GigabitEthernet3/0/0] quit
[*PE2] commit# 按图1配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
4. 在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.11.11.11 32
[*CE1-LoopBack1] quit
[*CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.1 as-number 100
[*CE1-bgp] network 11.11.11.11 32
[*CE1-bgp] quit
[*CE1] commit# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.2 as-number 65410
[*PE1-bgp-vpna] import-route direct
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit# 配置CE2。
[~CE2] interface loopback 1
[*CE2-LoopBack1] ip address 22.22.22.22 32
[*CE2-LoopBack1] quit
[*CE2] bgp 65420
[*CE2-bgp] peer 10.2.1.1 as-number 100
[*CE2-bgp] network 22.22.22.22 32
[*CE2-bgp] quit
[*CE2] commit# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] router-id 2.2.2.2
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] peer 10.2.1.2 as-number 65420
[*PE2-bgp-vpna] import-route direct
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.1
Local AS number : 100
VPN-Instance vpna, Router ID 1.1.1.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 11 9 0 00:06:37 Established 15. 在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 3::3 as-number 100
[*PE1-bgp] peer 3::3 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 3::3 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 1::1 as-number 100
[*PE2-bgp] peer 1::1 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1::1 enable
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
6. 在PE之间建立SRv6 BE路径
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 1::1
[*PE1-segment-routing-ipv6] locator as1 ipv6-prefix 10:: 64 static 32
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] bgp 100
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 3::3 prefix-sid
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] segment-routing ipv6 best-effort
[*PE1-bgp-vpna] segment-routing ipv6 locator as1
[*PE1-bgp-vpna] commit
[~PE1-bgp-vpna] quit
[~PE1-bgp] quit
[~PE1] isis 1
[~PE1-isis-1] segment-routing ipv6 locator as1
[*PE1-isis-1] commit
[~PE1-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 3::3
[*PE2-segment-routing-ipv6] locator as1 ipv6-prefix 30:: 64 static 32
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] bgp 100
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1::1 prefix-sid
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] ipv4-family vpn-instance vpna
[*PE2-bgp-vpna] segment-routing ipv6 best-effort
[*PE2-bgp-vpna] segment-routing ipv6 locator as1
[*PE2-bgp-vpna] commit
[~PE2-bgp-vpna] quit
[~PE2-bgp] quit
[~PE2] isis 1
[~PE2-isis-1] segment-routing ipv6 locator as1
[*PE2-isis-1] commit
[~PE2-isis-1] quit7. 检查配置结果
执行命令display ip routing-table vpn-instance vpna ip-address verbose查看VPN路由信息。以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpna 22.22.22.22 32 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1
Destination: 22.22.22.22/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 30::1:0:20 Neighbour: 3::3
State: Active Adv Relied Age: 00h00m23s
Tag: 0 Priority: low
Label: 3 QoSInfo: 0x0
IndirectID: 0x10000C7 Instance:
RelayNextHop: 30::1:0:20 Interface: SRv6 BE
TunnelID: 0x0 Flags: RD从以上显示信息可以看出,VPN路由22.22.22.22/32迭代到SRv6 BE路径。
以路由下一跳30::1:0:20为目的地址查看IPv6路由的详细信息。
[~PE1] display ipv6 routing-table 30::1:0:20 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Summary Count : 2
Destination : 30:: PrefixLength : 64
NextHop : FE80::3A92:6CFF:FE31:307 Preference : 15
Neighbour : :: ProcessID : 1
Label : NULL Protocol : ISIS-L2
State : Active Adv Cost : 20
Entry ID : 0 EntryFlags : 0x00000000
Reference Cnt: 0 Tag : 0
Priority : medium Age : 132sec
IndirectID : 0x1000085 Instance :
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet1/0/0 Flags : D
Destination : 30:: PrefixLength : 64
NextHop : FE80::3A92:6CFF:FE41:305 Preference : 15
Neighbour : :: ProcessID : 1
Label : NULL Protocol : ISIS-L2
State : Active Adv Cost : 20
Entry ID : 0 EntryFlags : 0x00000000
Reference Cnt: 0 Tag : 0
Priority : medium Age : 132sec
IndirectID : 0x1000087 Instance :
RelayNextHop : :: TunnelID : 0x0
Interface : GigabitEthernet2/0/0 Flags : D从以上显示信息可以看出,路由30::1:0:20具有两个出接口,转发时将形成ECMP。
同一VPN的CE能够相互Ping通,例如:
[~CE1] ping -a 11.11.11.11 22.22.22.22
PING 22.22.22.22: 56 data bytes, press CTRL_C to break
Reply from 22.22.22.22: bytes=56 Sequence=1 ttl=253 time=7 ms
Reply from 22.22.22.22: bytes=56 Sequence=2 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=3 ttl=253 time=4 ms
Reply from 22.22.22.22: bytes=56 Sequence=4 ttl=253 time=5 ms
Reply from 22.22.22.22: bytes=56 Sequence=5 ttl=253 time=5 ms
--- 22.22.22.22 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/7 ms标签:quit,isis,示例,over,PE1,PE2,ECMP,bgp,ipv6 来源: https://blog.csdn.net/guolianggsta/article/details/122678900
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。