H3C MSR系列路由器

SRv6典型配置举例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

目  录

1 IPv4 L3VPN over SRv6 BE ECMP典型配置举例

1.1 适用产品和版本

1.2 组网需求

1.3 配置注意事项

1.4 配置步骤

1.4.1 配置CE 1

1.4.2 配置PE 1

1.4.3 配置P 1

1.4.4 配置P 2

1.4.5 配置PE 2

1.4.6 配置CE 2

1.5 验证配置

1.6 配置文件

2 IPv4 L3VPN over SRv6 BE的VPN FRR功能配置举例

2.1 适用产品和版本

2.2 组网需求

2.3 配置注意事项

2.4 配置步骤

2.4.1 配置CE 1

2.4.2 配置PE 1

2.4.3 配置PE 2

2.4.4 配置PE 3

2.4.5 配置CE 2

2.5 验证配置

2.6 配置文件

3 跨域IPv4 L3VPN over SRv6 BE典型配置举例

3.1 适用产品和版本

3.2 组网需求

3.3 配置步骤

3.3.1 配置CE 1

3.3.2 配置PE 1

3.3.3 配置ASBR 1

3.3.4 配置ASBR 2

3.3.5 配置PE 2

3.3.6 配置CE 2

3.4 验证配置

3.5 配置文件

4 IPv4 L3VPN over SRv6 TE Policy（静态配置）典型配置举例

4.1 适用产品和版本

4.2 组网需求

4.3 配置注意事项

4.4 配置步骤

4.4.1 配置CE 1

4.4.2 配置PE 1

4.4.3 配置P

4.4.4 配置PE 2

4.4.5 配置CE 2

4.5 验证配置

4.6 配置文件

5 跨域IPv4 L3VPN over SRv6 TE Policy（静态配置）典型配置举例

5.1 适用产品和版本

5.2 组网需求

5.3 配置步骤

5.3.1 配置CE 1

5.3.2 配置PE 1

5.3.3 配置ASBR 1

5.3.4 配置ASBR 2

5.3.5 配置PE 2

5.3.6 配置CE 2

5.4 验证配置

5.5 配置文件

6 IPv4 EVPN L3VPN over SRv6 TE Policy（静态配置）典型配置举例

6.1 适用产品和版本

6.2 组网需求

6.3 配置注意事项

6.4 配置步骤

6.4.1 配置CE 1

6.4.2 配置PE 1

6.4.3 配置P

6.4.4 配置PE 2

6.4.5 配置CE 2

6.5 验证配置

6.6 配置文件

7 IPv6 EVPN L3VPN over SRv6 BE典型配置举例

7.1 适用产品和版本

7.2 组网需求

7.3 配置步骤

7.3.1 配置CE 1

7.3.2 配置PE 1

7.3.3 配置P

7.3.4 配置PE 2

7.3.5 配置CE 2

7.4 验证配置

7.5 配置文件

8 IPv6 EVPN L3VPN over SRv6 BE ECMP典型配置举例

8.1 适用产品和版本

8.2 组网需求

8.3 配置注意事项

8.4 配置步骤

8.4.1 配置CE 1

8.4.2 配置PE 1

8.4.3 配置P 1

8.4.4 配置P 2

8.4.5 配置PE 2

8.4.6 配置CE 2

8.5 验证配置

8.6 配置文件

9 IPv6 EVPN L3VPN over SRv6 BE快速重路由典型配置举例

9.1 适用产品和版本

9.2 组网需求

9.3 配置步骤

9.3.1 配置CE 1

9.3.2 配置PE 1

9.3.3 配置PE 2

9.3.4 配置PE 3

9.3.5 配置CE 2

9.4 验证配置

9.5 配置文件

10 IPv6 EVPN L3VPN over SRv6 TE Policy（静态配置）典型配置举例

10.1 适用产品和版本

10.2 组网需求

10.3 配置注意事项

10.4 配置步骤

10.4.1 配置CE 1

10.4.2 配置PE 1

10.4.3 配置P

10.4.4 配置PE 2

10.4.5 配置CE 2

10.5 验证配置

10.6 配置文件

11 EVPN VPWS over SRv6 BE（CE双归单活）典型配置举例

11.1 适用产品和版本

11.2 组网需求

11.3 配置步骤

11.3.1 配置CE 1

11.3.2 配置PE 1

11.3.3 配置PE 2

11.3.4 配置PE 3

11.3.5 配置CE 2

11.4 验证配置

11.5 配置文件

12 EVPN VPWS over SRv6 TE Policy（静态配置）配置举例

12.1 适用产品和版本

12.2 组网需求

12.3 组网图

12.4 配置步骤

12.4.1 配置CE 1

12.4.2 配置PE 1

12.4.3 配置PE 2

12.4.4 配置P

12.4.5 配置CE 2

12.5 验证配置

12.6 配置文件

13 EVPN VPLS over SRv6 TE Policy（静态配置）配置举例

13.1 适用产品和版本

13.2 组网需求

13.3 组网图

13.4 配置步骤

13.4.1 配置CE 1

13.4.2 配置PE 1

13.4.3 配置PE 2

13.4.4 配置P

13.4.5 配置CE 2

13.5 验证配置

13.6 配置文件

 

1  IPv4 L3VPN over SRv6 BE ECMP典型配置举例

1.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

1.2  组网需求

如图1所示，承载网为IPv6网络，私网为IPv4网络。PE 1、P 1、P 2和PE 2属于同一自治系统，它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间建立两条等价的SRv6隧道，用来承载IPv4 L3VPN业务。

图1 IPv4 L3VPN over SRv6 BE ECMP配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/1	20.1.1.1/24
PE 1	Loop1	1::1/128	PE 2	Loop1	4::4/128
	GE1/0/1	10.1.1.2/24		GE1/0/1	20.1.1.2/24
	GE1/0/2	2001::1/96		GE1/0/2	2002::1/96
	GE1/0/3	3001::1/96		GE1/0/3	3002::1/96
P 1	Loop1	2::2/128	P 2	Loop1	3::3/128
	GE1/0/1	2001::2/96		GE1/0/1	3001::2/96
	GE1/0/2	2002::2/96		GE1/0/2	3002::2/96

 

1.3  配置注意事项

SRv6 BE ECMP依赖于网络中的等价路由，所以为了确保配置成功，用户需要合理规划链路的IGP cost。在本例中，各个链路采用缺省cost值（10）。

1.4  配置步骤

1.4.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

1.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。同时配置IS-IS与BFD联动，提高链路状态变化时IS-IS的收敛速度。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] isis ipv6 bfd enable

[PE1-GigabitEthernet1/0/2] quit

[PE1] interface gigabitethernet 1/0/3

[PE1-GigabitEthernet1/0/3] ipv6 address 3001::1 96

[PE1-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/3] isis ipv6 bfd enable

[PE1-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立MP-IBGP对等体。

[PE1-bgp-default] peer 4::4 as-number 100

[PE1-bgp-default] peer 4::4 connect-interface loopback 1

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT4 SID，同时允许将私网路由迭代到End.DT4 SID的路由条目上。

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

1.4.3  配置P 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。同时配置IS-IS与BFD联动，提高链路状态变化时IS-IS的收敛速度。

<Sysname> system-view

[Sysname] sysname P1

[P1] isis 1

[P1-isis-1] cost-style wide

[P1-isis-1] network-entity 00.0000.0000.0002.00

[P1-isis-1] address-family ipv6 unicast

[P1-isis-1-ipv6] quit

[P1-isis-1] quit

[P1] interface loopback 1

[P1-LoopBack1] ipv6 address 2::2 128

[P1-LoopBack1] isis ipv6 enable 1

[P1-LoopBack1] quit

[P1] interface gigabitethernet 1/0/1

[P1-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[P1-GigabitEthernet1/0/1] isis ipv6 enable 1

[P1-GigabitEthernet1/0/1] isis ipv6 bfd enable

[P1-GigabitEthernet1/0/1] quit

[P1] interface gigabitethernet 1/0/2

[P1-GigabitEthernet1/0/2] ipv6 address 2002::2 96

[P1-GigabitEthernet1/0/2] isis ipv6 enable 1

[P1-GigabitEthernet1/0/2] isis ipv6 bfd enable

[P1-GigabitEthernet1/0/2] quit

1.4.4  配置P 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。同时配置IS-IS与BFD联动，提高链路状态变化时IS-IS的收敛速度。

<Sysname> system-view

[Sysname] sysname P2

[P2] isis 1

[P2-isis-1] cost-style wide

[P2-isis-1] network-entity 00.0000.0000.0003.00

[P2-isis-1] address-family ipv6 unicast

[P2-isis-1-ipv6] quit

[P2-isis-1] quit

[P2] interface loopback 1

[P2-LoopBack1] ipv6 address 3::3 128

[P2-LoopBack1] isis ipv6 enable 1

[P2-LoopBack1] quit

[P2] interface gigabitethernet 1/0/1

[P2-GigabitEthernet1/0/1] ipv6 address 3001::2 96

[P2-GigabitEthernet1/0/1] isis ipv6 enable 1

[P2-GigabitEthernet1/0/1] isis ipv6 bfd enable

[P2-GigabitEthernet1/0/1] quit

[P2] interface gigabitethernet 1/0/2

[P2-GigabitEthernet1/0/2] ipv6 address 3002::2 96

[P2-GigabitEthernet1/0/2] isis ipv6 enable 1

[P2-GigabitEthernet1/0/2] isis ipv6 bfd enable

[P2-GigabitEthernet1/0/2] quit

1.4.5  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。同时配置IS-IS与BFD联动，提高链路状态变化时IS-IS的收敛速度。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0004.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 4::4 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2002::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] isis ipv6 bfd enable

[PE2-GigabitEthernet1/0/2] quit

[PE2] interface gigabitethernet 1/0/3

[PE2-GigabitEthernet1/0/3] ipv6 address 3002::1 96

[PE2-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/3] isis ipv6 bfd enable

[PE2-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 4.4.4.4

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立MP-IBGP对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 4::4

# 在PE设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT4 SID，同时允许将私网路由迭代到End.DT4 SID的路由条目上。

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

1.4.6  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/1] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 20.1.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

1.5  验证配置

# 在PE 1执行命令display ip routing-table vpn-instance查看VPN路由信息，可以看出VPN路由20.1.1.1/24具有两个出接口，转发时将形成ECMP。

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11       Routes : 11

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

10.1.1.0/24        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.0/32        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       InLoop0

10.1.1.255/32      Direct  0   0           10.1.1.2        GE1/0/1

20.1.1.0/24        BGP     255 0           200:1::         GE1/0/2

                   BGP     255 0           200:1::         GE1/0/3

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1和CE 2之间能够ping通。

[CE1] ping -a 10.1.1.1 20.1.1.1

Ping 20.1.1.1 (20.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL+C to break

56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

1.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 200

 router-id 11.11.11.11

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 2001::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 3001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 4::4 as-number 100

 peer 4::4 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 4::4 enable

  peer 4::4 prefix-sid

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 200

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 10.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator abc ipv6-prefix 100:1:: 64 static 16

#

·     P 1：

#

 sysname P1

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 2001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 2002::2/96

#

·     P 2：

#

 sysname P2

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 3001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 3002::2/96

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0004.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 4::4/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 2002::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 isis ipv6 enable 1

 isis ipv6 bfd enable

 ipv6 address 3002::1/96

#

bgp 100

 router-id 4.4.4.4

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 prefix-sid

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 300

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 20.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 4::4

 #

 locator abc ipv6-prefix 200:1:: 64 static 16

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 20.1.1.1 255.255.255.0

#

bgp 300

 router-id 22.22.22.22

 peer 20.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

2  IPv4 L3VPN over SRv6 BE的VPN FRR功能配置举例

2.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

2.2  组网需求

如图2所示，核心网为IPv6网络，私网为IPv4网络。PE 1、PE 2和PE 3属于同一自治系统，它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间、PE 1和PE 3之间建立SRv6隧道，用来承载IPv4 L3VPN业务。CE 2双归属到PE 2和PE 3上，为了实现VPN路由快速切换，PE 1上的IPv4 L3VPN业务开启VPN FRR功能。当VPN FRR主路径故障时，VPN业务可以快速切换到VPN FRR备路径。

图2 IPv4 L3VPN over SRv6 BE的VPN FRR功能组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/1	20.1.1.1/24
	Loop0	11.11.11.11/32		GE1/0/2	30.1.1.1/24
PE 1	Loop1	1::1/128		Loop0	22.22.22.22/32
	GE1/0/1	10.1.1.2/24	PE 3	Loop1	3::3/128
	GE1/0/2	2001::1/96		GE1/0/2	30.1.1.2/24
	GE1/0/3	3001::1/96		GE1/0/3	3001::2/96
PE 2	Loop1	2::2/128
	GE1/0/1	20.1.1.2/24
	GE1/0/2	2001::2/96

 

2.3  配置注意事项

IPv4 L3VPN over SRv6 BE的VPN FRR功能需要PE 1从PE 2、PE 3分别学习到VPNv4路由，且学习到的路由不能是等价路由。为了确保VPN FRR功能配置成功，用户需要合理规划链路的IGP cost。在本例中，各个链路采用缺省cost值（10）。

2.4  配置步骤

2.4.1  配置CE 1

<CE1> system-view

[CE1] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 11.11.11.11 32

[CE1-LoopBack0] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<PE1> system-view

[PE1] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

[PE1] interface gigabitethernet 1/0/3

[PE1-GigabitEthernet1/0/3] ipv6 address 3001::1 96

[PE1-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE 1接入PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE 1与CE 1之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE 1和PE 2、PE 1和PE 3之间建立MP-IBGP对等体。

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 1

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2::2 enable

[PE1-bgp-default-vpnv4] peer 3::3 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 在PE 1设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 在PE 1设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

# 在PE 1设备上配置IS-IS引用并发布Locator。

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# 在PE 1设备上配置IPv6对等体之间交换End.DT4 SID，同时允许将私网路由迭代到End.DT4 SID的路由条目上。

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2::2 prefix-sid

[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 在PE 1上开启VPN FRR功能，并配置静态BFD检测从PE 1到PE 2发布的Locator是否可达，如果Locator不可达（即主路径故障），则触发VPN FRR功能，切换到备路径。

[PE1] bgp 100

[PE1-bgp-default] primary-path-detect bfd ctrl

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] pic

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

[PE1] bfd static ToPE2 peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 100 remote 200

[PE1-bfd-static-session-ToPE2] quit

2.4.3  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<PE2> system-view

[PE2] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 2::2 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2001::2 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 2接入PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/1] quit

# 在PE 2与CE 2之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE 1和PE 2之间建立MP-IBGP对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# 在PE 2设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

# 在PE 2设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

# 在PE 2设备上配置IS-IS引用并发布Locator。

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# 在PE 2设备上配置IPv6对等体之间交换End.DT4 SID，同时允许将私网路由迭代到End.DT4 SID的路由条目上。

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 在PE 2上配置静态BFD会话，检测PE 2到PE 1发布的Locator是否可达。

[PE2] bfd static ToPE1 peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 200 remote 100

[PE2-bfd-static-session-ToPE1] quit

2.4.4  配置PE 3

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<PE3> system-view

[PE3] sysname PE3

[PE3] isis 1

[PE3-isis-1] cost-style wide

[PE3-isis-1] network-entity 00.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

[PE3] interface loopback 1

[PE3-LoopBack1] ipv6 address 3::3 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

[PE3] interface gigabitethernet 1/0/3

[PE3-GigabitEthernet1/0/2] ipv6 address 3001::2 96

[PE3-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE3-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 2接入PE 3。

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 100:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface gigabitethernet 1/0/2

[PE3-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE3-GigabitEthernet1/0/1] ip address 30.1.1.2 24

[PE3-GigabitEthernet1/0/1] quit

# 在PE 3与CE 2之间建立EBGP对等体，引入VPN路由。

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 30.1.1.1 as-number 300

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv6-vpn1] peer 30.1.1.1 enable

[PE3-bgp-default-ipv6-vpn1] import-route direct

[PE3-bgp-default-ipv6-vpn1] quit

[PE3-bgp-default-vpn1] quit

# 在PE 1和PE 3之间建立MP-IBGP对等体。

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 1

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 1::1 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# 在PE 3设备上配置IP L3VPN over SRv6封装的IPv6报文头的源地址。

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

# 在PE 3设备上配置IP L3VPN over SRv6封装的IPv6报文头的目的地址End.DT4 SID所属的Locator。

[PE3-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[PE3-segment-routing-ipv6-locator-abc] quit

[PE3-segment-routing-ipv6] quit

# 在PE 3设备上配置IS-IS引用并发布Locator。

[PE3] isis 1

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator abc

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

# 在PE 3设备上配置IPv6对等体之间交换End.DT4 SID，同时允许将私网路由迭代到End.DT4 SID的路由条目上。

[PE3] bgp 100

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

2.4.5  配置CE 2

<CE2> system-view

[CE2] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/1] quit

[CE2] interface gigabitethernet 1/0/2

[CE2-GigabitEthernet1/0/2] ip address 30.1.1.1 24

[CE2-GigabitEthernet1/0/2] quit

[CE2] interface loopback 0

[CE2-LoopBack0] ip address 22.22.22.22 32

[CE2-LoopBack0] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 20.1.1.2 as-number 100

[CE2-bgp-default] peer 30.1.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] peer 30.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

2.5  验证配置

# 在PE 1执行display ip routing-table vpn-instance vpn1 22.22.22.22 verbose命令查看VPN路由的详细信息，可以看出VPN路由22.22.22.22/32具有主备出接口，转发时将形成VPN FRR。

[PE1] display ip routing-table vpn-instance vpn1 22.22.22.22 verbose

 

Summary count : 1

 Destination: 22.22.22.22/32

    Protocol: BGP instance default

  Process ID: 0

   SubProtID: 0x1                       Age: 00h32m17s

        Cost: 0                  Preference: 255

       IpPre: N/A                QosLocalID: N/A

         Tag: 0                       State: Active Adv

   OrigTblID: 0x0                   OrigVrf: default-vrf

     TableID: 0x102                  OrigAs: 300

       NibID: 0x16000003             LastAs: 300

      AttrID: 0x2                  Neighbor: 2::2

       Flags: 0x80010060        OrigNextHop: 200:1::

       Label: NULL              RealNextHop: FE80::62F5:1BFF:FEE0:307

     BkLabel: NULL                BkNextHop: FE80::62F5:20FF:FEC4:408

     SRLabel: NULL                Interface: GigabitEthernet1/0/2

   BkSRLabel: NULL              BkInterface: GigabitEthernet1/0/3

    SIDIndex: NULL                  InLabel: NULL

   Tunnel ID: Invalid           IPInterface: GigabitEthernet1/0/2

 BkTunnel ID: Invalid         BkIPInterface: GigabitEthernet1/0/3

    FtnIndex: 0x0            ColorInterface: N/A

TrafficIndex: N/A          BkColorInterface: N/A

   Connector: N/A                 VpnPeerId: N/A

        Dscp: N/A                       Exp: N/A

  SRTunnelID: Invalid             StatFlags: 0x0

    SID Type: N/A                       SID: 200:1::1:4

       BkSID: 300:1::1:4                NID: Invalid

    FlushNID: Invalid                 BkNID: Invalid

  BkFlushNID: Invalid                PathID: 0x0

CommBlockLen: 0

  OrigLinkID: 0x0                RealLinkID: 0x0

# 将主路径上PE 1的转发出接口GigabitEthernet1/0/2关闭，CE 1和CE 2之间能够ping通。

[CE1] ping -a 11.11.11.11 22.22.22.22

Ping 22.22.22.22 (22.22.22.22) from 11.11.11.11: 56 data bytes, press CTRL_C to break

56 bytes from 22.22.22.22: icmp_seq=0 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=1 ttl=253 time=2.000 ms

56 bytes from 22.22.22.22: icmp_seq=2 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=3 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=4 ttl=253 time=1.000 ms

--- Ping statistics for 22.22.22.22 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

2.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable fiber

 ip address 10.1.1.1 255.255.255.0

#

#

interface LoopBack0

 ip address 11.11.11.11 255.255.255.255

#

bgp 200

 router-id 11.11.11.11

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 3001::1/96

#

bfd static ToPE2 peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 100 remote 200

#

bgp 100

 router-id 1.1.1.1

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 primary-path-detect bfd ctrl

 #

 address-family vpnv4

  peer 2::2 enable

  peer 2::2 prefix-sid

  peer 3::3 enable

  peer 3::3 prefix-sid

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 200

  #

  address-family ipv4 unicast

   pic

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 10.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 locator abc ipv6-prefix 100:1:: 64 static 16

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

bfd static ToPE1 peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 200 remote 100

#

bgp 100

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 prefix-sid

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 300

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 20.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 2::2

 locator abc ipv6-prefix 200:1:: 64 static 16

#

·     PE 3：

#

 sysname PE3

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 ip binding vpn-instance vpn1

 ip address 30.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/3

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 3001::2/96

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family ipv4 unicast

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 prefix-sid

 #

 ip vpn-instance vpn1

  peer 30.1.1.1 as-number 300

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 30.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 3::3

 locator abc ipv6-prefix 300:1:: 64 static 16

#

·     CE 2：

#

 sysname CE2

#

interface LoopBack0

 ip address 22.22.22.22 255.255.255.255

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 ip address 20.1.1.1 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 ip address 30.1.1.1 255.255.255.0

#

bgp 300

 router-id 22.22.22.22

 peer 20.1.1.2 as-number 100

 peer 30.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

  peer 30.1.1.2 enable

#

3  跨域IPv4 L3VPN over SRv6 BE典型配置举例

3.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

3.2  组网需求

如图3所示，核心网为IPv6网络，私网为IPv4网络。PE 1和ASBR 1属于AS 100，PE 2和ASBR 2属于AS 200，AS 100和AS 200内通过IS-IS协议达到IPv6网络互连的目的。在PE 1和PE 2之间建立双向跨域SRv6 BE路径，承载IPv4 L3VPN业务。

图3 跨域IPv4 L3VPN over SRv6 BE配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/1	20.1.1.1/24
PE 1	Loop1	1::1/128	PE 2	Loop1	4::4/128
	GE1/0/1	10.1.1.2/24		GE1/0/1	20.1.1.2/24
	GE1/0/2	101::1/96		GE1/0/2	303::2/96
ASBR 1	Loop1	2::2/128	ASBR 2	Loop1	3::3/128
	GE1/0/1	101::2/96		GE1/0/1	303::1/96
	GE1/0/2	202::1/96		GE1/0/2	202::2/96

 

3.3  配置步骤

3.3.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3.3.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 101::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立MP-EBGP对等体。

[PE1-bgp-default] peer 4::4 as-number 200

[PE1-bgp-default] peer 4::4 connect-interface loopback 1

[PE1-bgp-default] peer 4::4 ebgp-max-hop 255

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 1

[PE1-bgp-default] address-family ipv6

[PE1-bgp-default-ipv6] peer 2::2 enable

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# 在PE之间建立SRv6 BE路径。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 10:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3.3.3  配置ASBR 1

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname ASBR1

[ASBR1] isis 1

[ASBR1-isis-1] cost-style wide

[ASBR1-isis-1] network-entity 00.0000.0000.0002.00

[ASBR1-isis-1] address-family ipv6 unicast

[ASBR1-isis-1-ipv6] quit

[ASBR1-isis-1] quit

[ASBR1] interface loopback 1

[ASBR1-LoopBack1] ipv6 address 2::2 128

[ASBR1-LoopBack1] isis ipv6 enable 1

[ASBR1-LoopBack1] quit

[ASBR1] interface gigabitethernet 1/0/1

[ASBR1-GigabitEthernet1/0/1] ipv6 address 101::2 96

[ASBR1-GigabitEthernet1/0/1] isis ipv6 enable 1

[ASBR1-GigabitEthernet1/0/1] quit

[ASBR1] interface gigabitethernet 1/0/2

[ASBR1-GigabitEthernet1/0/2] ipv6 address 201::1 96

[ASBR1-GigabitEthernet1/0/2] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[ASBR1] bgp 100

[ASBR1-bgp-default] router-id 2.2.2.2

[ASBR1-bgp-default] peer 1::1 as-number 100

[ASBR1-bgp-default] peer 1::1 connect-interface loopback 1

[ASBR1-bgp-default] address-family ipv6

[ASBR1-bgp-default-ipv6] peer 1::1 enable

[ASBR1-bgp-default-ipv6] peer 1::1 next-hop-local

[ASBR1-bgp-default-ipv6] quit

# 配置BGP引入IS-IS发布的Locator路由，并且发布给ASBR 2。

[ASBR1-bgp-default] peer 202::2 as-number 200

[ASBR1-bgp-default] peer 202::2 ebgp-max-hop 255

[ASBR1-bgp-default] address-family ipv6

[ASBR1-bgp-default-ipv6] peer 202::2 enable

[ASBR1-bgp-default-ipv6] import-route isisv6 1

[ASBR1-bgp-default-ipv6] quit

[ASBR1-bgp-default] quit

# 配置IS-IS引入BGP发布的Locator路由。

[ASBR1] ipv6 prefix-list as100 index 10 permit 40:: 64

[ASBR1] ipv6 prefix-list as100 index 20 permit 4::4 128

[ASBR1] route-policy as100 permit node 1

[ASBR1-route-policy-as100-1] if-match ipv6 address prefix-list as100

[ASBR1-route-policy-as100-1] quit

[ASBR1] isis 1

[ASBR1-isis-1] address-family ipv6 unicast

[ASBR1-isis-1-ipv6] import-route bgp4+ route-policy as100

[ASBR1-isis-1-ipv6] quit

[ASBR1-isis-1] quit

3.3.4  配置ASBR 2

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname ASBR2

[ASBR2] isis 1

[ASBR2-isis-1] cost-style wide

[ASBR2-isis-1] network-entity 00.0000.0000.0003.00

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

[ASBR2] interface loopback 1

[ASBR2-LoopBack1] ipv6 address 3::3 128

[ASBR2-LoopBack1] isis ipv6 enable 1

[ASBR2-LoopBack1] quit

[ASBR2] interface gigabitethernet 1/0/1

[ASBR2-GigabitEthernet1/0/1] ipv6 address 303::1 96

[ASBR2-GigabitEthernet1/0/1] isis ipv6 enable 1

[ASBR2-GigabitEthernet1/0/1] quit

[ASBR2] interface gigabitethernet 1/0/2

[ASBR2-GigabitEthernet1/0/2] ipv6 address 202::2 96

[ASBR2-GigabitEthernet1/0/2] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[ASBR2] bgp 200

[ASBR2-bgp-default] router-id 3.3.3.3

[ASBR2-bgp-default] peer 4::4 as-number 200

[ASBR2-bgp-default] peer 4::4 connect-interface loopback 1

[ASBR2-bgp-default] address-family ipv6

[ASBR2-bgp-default-ipv6] peer 4::4 enable

[ASBR2-bgp-default-ipv6] peer 4::4 next-hop-local

[ASBR2-bgp-default-ipv6] quit

# 配置BGP引入IS-IS发布的Locator路由，并且发布给ASBR 2。

[ASBR2-bgp-default] peer 202::1 as-number 100

[ASBR2-bgp-default] peer 202::1 ebgp-max-hop 255

[ASBR2-bgp-default] address-family ipv6

[ASBR2-bgp-default-ipv6] peer 202::1 enable

[ASBR2-bgp-default-ipv6] import-route isisv6 1

[ASBR2-bgp-default-ipv6] quit

[ASBR2-bgp-default] quit

# 配置IS-IS引入BGP发布的Locator路由。

[ASBR2] ipv6 prefix-list as200 index 10 permit 10:: 64

[ASBR2] ipv6 prefix-list as200 index 20 permit 1::1 128

[ASBR2] route-policy as200 permit node 1

[ASBR2-route-policy-as200-1] if-match ipv6 address prefix-list as200

[ASBR2-route-policy-as200-1] quit

[ASBR2] isis 1

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] import-route bgp4+ route-policy as200

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

3.3.5  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0004.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 4::4 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 303::2 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 200

[PE2-bgp-default] router-id 4.4.4.4

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 65420

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立MP-EBGP对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] peer 1::1 ebgp-max-hop 255

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[PE2-bgp-default] peer 3::3 as-number 200

[PE2-bgp-default] peer 3::3 connect-interface LoopBack1

[PE2-bgp-default] address-family ipv6

[PE2-bgp-default-ipv6] peer 3::3 enable

[PE2-bgp-default-ipv6] quit

# 在PE之间建立SRv6 BE路径。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 4::4

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 40:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

3.3.6  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/1] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 20.1.1.2 as-number 200

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

3.4  验证配置

# 在PE设备上执行display bgp routing-table vpnv4命令查看对端PE发送的路由详细信息，可以看到对端PE发送的路由携带SID属性数据。

以PE 1为例：

[PE1] display bgp routing-table vpnv4 20.1.1.0 24

 

 BGP local router ID: 1.1.1.1

 Local AS number: 100

 

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 1

 Paths:   1 available, 1 best

 

 BGP routing table information of 20.1.1.0/24:

 From            : 4::4 (4.4.4.4)

 Rely nexthop    : FE80::3419:41FF:FE28:331

 Original nexthop: 4::4

 Out interface   : GigabitEthernet1/0/2

 Route age       : 00h07m07s

 OutLabel        : 3

 Ext-Community   : <RT: 100:1>

 RxPathID        : 0x0

 TxPathID        : 0x0

 PrefixSID       : End.DT4 SID <40::1:2>

 AS-path         : 200

 Origin          : incomplete

 Attribute value : MED 0, pref-val 0

 State           : valid, external, best

 Source type     : local

 IP precedence   : N/A

 QoS local ID    : N/A

 Traffic index   : N/A

 Tunnel policy   : NULL

 Rely tunnel IDs : N/A

# 在PE设备上执行display ip routing-table vpn-instance命令，可以看到去往对端CE的路由，并且路由下一跳值为路由携带的End.DT4 SID。

以PE 1为例：

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 11       Routes : 11

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

10.1.1.0/24        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.0/32        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       InLoop0

10.1.1.255/32      Direct  0   0           10.1.1.2        GE1/0/1

20.1.1.0/24        BGP     255 0           40::            GE1/0/2

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1和CE 2之间能够ping通。

[CE1] ping 20.1.1.1

Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms

56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms

 

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/2.600/3.000/0.490 ms

3.5  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 101::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack1

 peer 4::4 as-number 200

 peer 4::4 connect-interface LoopBack1

 peer 4::4 ebgp-max-hop 255

 #

 address-family vpnv4

  peer 4::4 enable

  peer 4::4 prefix-sid

 #

 address-family ipv6 unicast

  peer 2::2 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 10.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator abc ipv6-prefix 10:: 64 static 16

#

·     ASBR 1：

#

 sysname ASBR1

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  import-route bgp4+ route-policy as100

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 101::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ipv6 address 202::1/96

#

bgp 100

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 peer 202::2 as-number 200

 peer 202::2 ebgp-max-hop 255

 #

 address-family ipv6 unicast

  import-route isisv6 1

  network 10:: 64

  peer 1::1 enable

  peer 1::1 next-hop-local

  peer 202::2 enable

#

route-policy as100 permit node 1

 if-match ipv6 address prefix-list as100

#

 ipv6 prefix-list as100 index 10 permit 40:: 64

 ipv6 prefix-list as100 index 20 permit 4::4 128

#

·     ASBR 2：

#

 sysname ASBR2

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  import-route bgp4+ route-policy as200

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 303::1/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ipv6 address 202::2/96

#

bgp 200

 router-id 3.3.3.3

 peer 4::4 as-number 200

 peer 4::4 connect-interface LoopBack1

 peer 202::1 as-number 100

 peer 202::1 ebgp-max-hop 255

 #

 address-family ipv6 unicast

  import-route isisv6 1

  network 40:: 64

  peer 4::4 enable

  peer 4::4 next-hop-local

  peer 202::1 enable

#

route-policy as200 permit node 1

 if-match ipv6 address prefix-list as200

#

 ipv6 prefix-list as200 index 10 permit 10:: 64

 ipv6 prefix-list as200 index 20 permit 1::1 128

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0004.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 4::4/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 303::2/96

#

bgp 200

 router-id 4.4.4.4

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 peer 1::1 ebgp-max-hop 255

 peer 3::3 as-number 200

 peer 3::3 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 prefix-sid

 #

 address-family ipv6 unicast

  peer 3::3 enable

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 65420

  #

  address-family ipv4 unicast

   segment-routing ipv6 best-effort

   segment-routing ipv6 locator abc

   import-route direct

   peer 20.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 4::4

 #

 locator abc ipv6-prefix 40:: 64 static 16

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 20.1.1.1 255.255.255.0

#

bgp 65420

 peer 20.1.1.2 as-number 200

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

4  IPv4 L3VPN over SRv6 TE Policy（静态配置）典型配置举例

4.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

4.2  组网需求

如图4所示，承载网为IPv6网络，私网为IPv4网络。PE 1、P和PE 2属于同一自治系统，它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间建立正向和反向两条SRv6 TE Policy来承载IPv4 L3VPN业务。在PE 1和PE 2上通过路由策略来设置VPNv4路由的Color属性，将VPN私网流量引流到指定的SRv6 TE Policy中。

图4 IPv4 L3VPN over SRv6 TE Policy组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/2	20.1.1.1/24
	Loop0	11.11.11.11/32		Loop0	22.22.22.22/32
PE 1	Loop1	1::1/128	P	Loop1	2::2/128
	GE1/0/1	10.1.1.2/24		GE1/0/1	3001::2/96
	GE1/0/2	2001::1/96		GE1/0/2	2001::2/96
PE 2	Loop1	3::3/128
	GE1/0/1	3001::1/96
	GE1/0/2	30.1.1.2/24

 

4.3  配置注意事项

如果网络中存在多种隧道，例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy，且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时，需要配置路由策略来设置路由的Color属性，并配置隧道策略来保证迭代隧道时，优先选择指定的SRv6 TE Policy。

4.4  配置步骤

4.4.1  配置CE 1

<CE1> system-view

[CE1] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 11.11.11.11 32

[CE1-LoopBack0] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

4.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<PE1> system-view

[PE1] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 1接入PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE 1与CE 1之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE 1和PE 2之间建立MP-IBGP对等体。

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] opcode 1 end

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 在PE 1上配置SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator abc

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1

[PE1-srv6-te-sl-s1] quit

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 在PE 1上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE1] route-policy a permit node 10

[PE1-route-policy-a-10] apply extcommunity color 00:10

[PE1-route-policy-a-10] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 route-policy a import

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

[PE1] tunnel-policy a

[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE1-tunnel-policy-a] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy a

[PE1-vpn-instance-vpn1] quit

4.4.3  配置P

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<P> system-view

[P] sysname P

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 00.0000.0000.0002.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 1

[P-LoopBack1] ipv6 address 2::2 128

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 2001::2 96

[P-GigabitEthernet1/0/2] isis ipv6 enable 1

[P-GigabitEthernet1/0/2] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 3001::2 96

[P-GigabitEthernet1/0/1] isis ipv6 enable 1

[P-GigabitEthernet1/0/1] quit

# 在P上配置Locator，并由IS-IS发布该Locator。

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[P-segment-routing-ipv6-locator-abc] opcode 1 end

[P-segment-routing-ipv6-locator-abc] quit

[P-segment-routing-ipv6] quit

[P] isis 1

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator abc

[P-isis-1-ipv6] quit

[P-isis-1] quit

4.4.4  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<PE2> system-view

[PE2] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0003.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 3::3 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ipv6 address 3001::1 96

[PE2-GigabitEthernet1/0/1] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/1] quit

# 配置VPN实例，将CE 2接入PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/2] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/2] quit

# 在PE 2与CE 2之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 3.3.3.3

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv4-vpn1] import-route direct

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE 1和PE 2之间建立MP-IBGP对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] opcode 1 end

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 在PE 2上配置SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator abc

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1

[PE2-srv6-te-sl-s1] quit

[PE2-srv6-te] policy p1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 在PE 2上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE2] route-policy a permit node 10

[PE2-route-policy-a-10] apply extcommunity color 00:10

[PE2-route-policy-a-10] quit

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 route-policy a import

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

[PE2] tunnel-policy a

[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE2-tunnel-policy-a] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy a

[PE2-vpn-instance-vpn1] quit

4.4.5  配置CE 2

<CE2> system-view

[CE2] sysname CE2

[CE2] interface gigabitethernet 1/0/2

[CE2-GigabitEthernet1/0/2] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/2] quit

[CE2] interface loopback 0

[CE2-LoopBack0] ip address 22.22.22.22 32

[CE2-LoopBack0] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 20.1.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

4.5  验证配置

# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息，可以看到SRv6 TE Policy的Status字段为Up。

[PE1] display segment-routing ipv6 te policy

 

Name/ID: p1/0

 Color: 10

 End-point: 3::3

 Name from BGP:

 BSID:

  Mode: Dynamic             Type: Type_2              Request state: Succeeded

  Current BSID: 100:1::1:0  Explicit BSID: -          Dynamic BSID: 100:1::1:0

 Reference counts: 4

 Flags: A/BS/NC

 Status: Up

 AdminStatus: Up

 Up time: 2021-11-17 16:21:17

 Down time: 2021-11-17 15:54:22

 Hot backup: Not configured

 Statistics: Not configured

  Statistics by service class: Not configured

 Drop-upon-invalid: Disabled

 BFD trigger path-down: Disabled

 SBFD: Not configured

 BFD Echo: Not configured

 Forwarding index: 2150629377

 Service-class: -

 Rate-limit: -

 Encapsulation mode: -

 Candidate paths state: Configured

 Candidate paths statistics:

  CLI paths: 1          BGP paths: 0          PCEP paths: 0

 Candidate paths:

  Preference : 10

   CPathName:

   Instance ID: 0          ASN: 0          Node address: 0.0.0.0

   Peer address:  ::

   Optimal: Y              Flags: V/A

   Explicit SID list:

    ID: 1                     Name: s1

    Weight: 1                 Forwarding index: 2149580802

    State: Up                 State(-): -

Active path MTU: 1428 bytes

# 在PE 1执行display ip routing-table vpn-instance vpn1 22.22.22.22 verbose命令查看VPN路由的详细信息，可以看出VPN路由22.22.22.22/32的出接口为SRv6 TE Policy p1。

[PE1] display ip routing-table vpn-instance vpn1 22.22.22.22 verbose

Summary count : 1

 

 Destination: 22.22.22.22/32

    Protocol: BGP instance default

  Process ID: 0

   SubProtID: 0x1                       Age: 00h30m45s

        Cost: 0                  Preference: 255

       IpPre: N/A                QosLocalID: N/A

         Tag: 0                       State: Active Adv

   OrigTblID: 0x0                   OrigVrf: default-vrf

     TableID: 0x102                  OrigAs: 300

       NibID: 0x16000003             LastAs: 300

      AttrID: 0x5                  Neighbor: 3::3

       Flags: 0x80010060        OrigNextHop: 3::3

       Label: NULL              RealNextHop: FE80::6033:29FF:FEAE:307

     BkLabel: NULL                BkNextHop: N/A

     SRLabel: NULL                Interface: p1

   BkSRLabel: NULL              BkInterface: N/A

    SIDIndex: NULL                  InLabel: NULL

   Tunnel ID: 0x80300001        IPInterface: GigabitEthernet1/0/2

 BkTunnel ID: Invalid         BkIPInterface: N/A

    FtnIndex: 0x0            ColorInterface: N/A

TrafficIndex: N/A          BkColorInterface: N/A

   Connector: N/A                 VpnPeerId: N/A

        Dscp: N/A                       Exp: N/A

  SRTunnelID: 0x80300001          StatFlags: 0x0

    SID Type: N/A                       SID: 300:1::1:0

       BkSID: N/A                       NID: Invalid

    FlushNID: 0x80300001              BkNID: Invalid

  BkFlushNID: Invalid                PathID: 0x0

CommBlockLen: 0

  OrigLinkID: 0x0                RealLinkID: 0x0

# CE 1和CE 2之间能够ping通。

[CE1] ping -a 11.11.11.11 22.22.22.22

Ping 22.22.22.22 (22.22.22.22) from 11.11.11.11: 56 data bytes, press CTRL_C to break

56 bytes from 22.22.22.22: icmp_seq=0 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=1 ttl=253 time=2.000 ms

56 bytes from 22.22.22.22: icmp_seq=2 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=3 ttl=253 time=1.000 ms

56 bytes from 22.22.22.22: icmp_seq=4 ttl=253 time=1.000 ms

--- Ping statistics for 22.22.22.22 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

4.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable fiber

 ip address 10.1.1.1 255.255.255.0

#

interface LoopBack0

 ip address 11.11.11.11 255.255.255.255

#

bgp 200

 router-id 11.11.11.11

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 non-stop-routing

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

tunnel-policy a

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 3::3 enable

  peer 3::3 route-policy a import

  peer 3::3 prefix-sid

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 200

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering

   segment-routing ipv6 locator abc

   import-route direct

   peer 10.1.1.1 enable

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 locator abc ipv6-prefix 100:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 300:1::1

  policy p1

   color 10 end-point ipv6 3::3

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 3001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

segment-routing ipv6

 locator abc ipv6-prefix 200:1:: 64 static 16

  opcode 1 end

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 combo enable copper

 isis ipv6 enable 1

 ipv6 address 3001::1/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 prefix-sid

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 300

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering

   segment-routing ipv6 locator abc

   import-route direct

   peer 20.1.1.1 enable

#

segment-routing ipv6

 encapsulation source-address 3::3

 locator abc ipv6-prefix 300:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 100:1::1

  policy p1

   color 10 end-point ipv6 1::1

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE2

#

interface LoopBack0

 ip address 22.22.22.22 255.255.255.255

#

interface GigabitEthernet1/0/2

 port link-mode route

 combo enable copper

 ip address 20.1.1.1 255.255.255.0

#

bgp 300

 router-id 22.22.22.22

 peer 20.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

5  跨域IPv4 L3VPN over SRv6 TE Policy（静态配置）典型配置举例

5.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

5.2  组网需求

如图5所示，核心网为IPv6网络，私网为IPv4网络。PE 1和ASBR 1属于AS 100，PE 2和ASBR 2属于AS 200，AS 100和AS 200内通过IS-IS协议达到IPv6网络互连的目的。在PE 1和PE 2之间静态配置跨域SRv6 TE Policy路径，承载IPv4 L3VPN业务。

图5 跨域IPv4 L3VPN over SRv6 TE Policy配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/1	20.1.1.1/24
PE 1	Loop1	1::1/128	PE 2	Loop1	4::4/128
	GE1/0/1	10.1.1.2/24		GE1/0/1	20.1.1.2/24
	GE1/0/2	1001::1/96		GE1/0/2	2002::1/96
ASBR 1	Loop1	2::2/128	ASBR 2	Loop1	3::3/128
	GE1/0/1	1001::2/96		GE1/0/1	2002::2/96
	GE1/0/2	3003::1/96		GE1/0/2	3003::2/96

 

5.3  配置步骤

5.3.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

5.3.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 1001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立MP-EBGP对等体。

[PE1-bgp-default] peer 4::4 as-number 200

[PE1-bgp-default] peer 4::4 connect-interface loopback 1

[PE1-bgp-default] peer 4::4 ebgp-max-hop 255

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 1

[PE1-bgp-default] address-family ipv6

[PE1-bgp-default-ipv6] peer 2::2 enable

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] opcode hex ::100 end-x interface gigabitethernet 1/0/2 nexthop 1001::2 no-psp

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc auto-sid-disable

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 在PE 1上配置SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator abc

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 1 ipv6 100:1::100

[PE1-srv6-te-sl-s1] index 2 ipv6 200:1::100

[PE1-srv6-te-sl-s1] index 3 ipv6 300:1::100

[PE1-srv6-te-sl-s1] quit

[PE1-srv6-te] policy policy1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 4::4

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 在PE 1上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE1] route-policy as100 permit node 10

[PE1-route-policy-as100-10] apply extcommunity color 00:10

[PE1-route-policy-as100-10] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4::4 route-policy as100 import

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

[PE1] tunnel-policy as100

[PE1-tunnel-policy-as100] select-seq srv6-policy load-balance-number 1

[PE1-tunnel-policy-as100] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy as100

[PE1-vpn-instance-vpn1] quit

5.3.3  配置ASBR 1

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname ASBR1

[ASBR1] isis 1

[ASBR1-isis-1] cost-style wide

[ASBR1-isis-1] network-entity 00.0000.0000.0002.00

[ASBR1-isis-1] address-family ipv6 unicast

[ASBR1-isis-1-ipv6] quit

[ASBR1-isis-1] quit

[ASBR1] interface loopback 1

[ASBR1-LoopBack1] ipv6 address 2::2 128

[ASBR1-LoopBack1] isis ipv6 enable 1

[ASBR1-LoopBack1] quit

[ASBR1] interface gigabitethernet 1/0/1

[ASBR1-GigabitEthernet1/0/1] ipv6 address 1001::2 96

[ASBR1-GigabitEthernet1/0/1] isis ipv6 enable 1

[ASBR1-GigabitEthernet1/0/1] quit

[ASBR1] interface gigabitethernet 1/0/2

[ASBR1-GigabitEthernet1/0/2] ipv6 address 3003::1 96

[ASBR1-GigabitEthernet1/0/2] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[ASBR1] bgp 100

[ASBR1-bgp-default] router-id 2.2.2.2

[ASBR1-bgp-default] peer 1::1 as-number 100

[ASBR1-bgp-default] peer 1::1 connect-interface loopback 1

[ASBR1-bgp-default] address-family ipv6

[ASBR1-bgp-default-ipv6] peer 1::1 enable

[ASBR1-bgp-default-ipv6] peer 1::1 next-hop-local

[ASBR1-bgp-default-ipv6] quit

# 配置BGP引入IS-IS发布的Locator路由，并且发布给ASBR 2。

[ASBR1-bgp-default] peer 3003::2 as-number 200

[ASBR1-bgp-default] peer 3003::2 ebgp-max-hop 255

[ASBR1-bgp-default] address-family ipv6

[ASBR1-bgp-default-ipv6] peer 3003::2 enable

[ASBR1-bgp-default-ipv6] import-route isisv6 1

[ASBR1-bgp-default-ipv6] quit

[ASBR1-bgp-default] quit

# 在ASBR上配置SRv6 BGP EPE，配置ASBR之间的静态End.X SID。

[ASBR1] segment-routing ipv6

[ASBR1-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[ASBR1-segment-routing-ipv6-locator-abc] opcode hex ::200 end-x interface GigabitEthernet1/0/1 nexthop 1001::1

[ASBR1-segment-routing-ipv6-locator-abc] quit

[ASBR1-segment-routing-ipv6] quit

[ASBR1] bgp 100

[ASBR1-bgp-default] segment-routing ipv6 egress-engineering locator abc

[ASBR1-bgp-default] peer 3003::2 egress-engineering srv6 static-sid no-psp-usp 200:1::100

[ASBR1-bgp-default] quit

# 配置IS-IS引入BGP发布的Locator路由。

[ASBR1] ipv6 prefix-list as100 index 10 permit 400:1:: 64

[ASBR1] ipv6 prefix-list as100 index 20 permit 4::4 128

[ASBR1] route-policy as100 permit node 1

[ASBR1-route-policy-as100-1] if-match ipv6 address prefix-list as100

[ASBR1-route-policy-as100-1] quit

[ASBR1] isis 1

[ASBR1-isis-1] address-family ipv6 unicast

[ASBR1-isis-1-ipv6] import-route bgp4+ route-policy as100

[ASBR1-isis-1-ipv6] quit

[ASBR1-isis-1] quit

5.3.4  配置ASBR 2

# 配置IPv6 IS-IS，实现骨干网PE和ASBR的互通。

<Sysname> system-view

[Sysname] sysname ASBR2

[ASBR2] isis 1

[ASBR2-isis-1] cost-style wide

[ASBR2-isis-1] network-entity 00.0000.0000.0003.00

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

[ASBR2] interface loopback 1

[ASBR2-LoopBack1] ipv6 address 3::3 128

[ASBR2-LoopBack1] isis ipv6 enable 1

[ASBR2-LoopBack1] quit

[ASBR2] interface gigabitethernet 1/0/1

[ASBR2-GigabitEthernet1/0/1] ipv6 address 2002::2 96

[ASBR2-GigabitEthernet1/0/1] isis ipv6 enable 1

[ASBR2-GigabitEthernet1/0/1] quit

[ASBR2] interface gigabitethernet 1/0/2

[ASBR2-GigabitEthernet1/0/2] ipv6 address 3003::2 96

[ASBR2-GigabitEthernet1/0/2] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[ASBR2] bgp 200

[ASBR2-bgp-default] router-id 3.3.3.3

[ASBR2-bgp-default] peer 4::4 as-number 200

[ASBR2-bgp-default] peer 4::4 connect-interface loopback 1

[ASBR2-bgp-default] address-family ipv6

[ASBR2-bgp-default-ipv6] peer 4::4 enable

[ASBR2-bgp-default-ipv6] peer 4::4 next-hop-local

[ASBR2-bgp-default-ipv6] quit

# 配置BGP引入IS-IS发布的Locator路由，并且发布给ASBR 2。

[ASBR2-bgp-default] peer 3003::1 as-number 100

[ASBR2-bgp-default] peer 3003::1 ebgp-max-hop 255

[ASBR2-bgp-default] address-family ipv6

[ASBR2-bgp-default-ipv6] peer 3003::1 enable

[ASBR2-bgp-default-ipv6] import-route isisv6 1

[ASBR2-bgp-default-ipv6] quit

[ASBR2-bgp-default] quit

# 在ASBR上配置SRv6 BGP EPE，配置ASBR之间的静态End.X SID。

[ASBR2] segment-routing ipv6

[ASBR2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[ASBR2-segment-routing-ipv6-locator-abc] opcode hex ::100 end-x interface GigabitEthernet1/0/1 nexthop 2002::1

[ASBR2-segment-routing-ipv6-locator-abc] quit

[ASBR2-segment-routing-ipv6] quit

[ASBR2] bgp 200

[ASBR2-bgp-default] segment-routing ipv6 egress-engineering locator abc

[ASBR2-bgp-default]  peer 3003::1 egress-engineering srv6 static-sid no-psp-usp 300:1::200

[ASBR2-bgp-default] quit

# 配置IS-IS引入BGP发布的Locator路由。

[ASBR2] ipv6 prefix-list as200 index 10 permit 100:1:: 64

[ASBR2] ipv6 prefix-list as200 index 20 permit 1::1 128

[ASBR2] route-policy as200 permit node 1

[ASBR2-route-policy-as200-1] if-match ipv6 address prefix-list as200

[ASBR2-route-policy-as200-1] quit

[ASBR2] isis 1

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] import-route bgp4+ route-policy as200

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

5.3.5  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0004.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 4::4 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2002::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 200

[PE2-bgp-default] router-id 4.4.4.4

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 65420

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv6-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立MP-EBGP对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] peer 1::1 ebgp-max-hop 255

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# 在PE和ASBR之间建立MP-IBGP对等体。

[PE2-bgp-default] peer 3::3 as-number 200

[PE2-bgp-default] peer 3::3 connect-interface LoopBack1

[PE2-bgp-default] address-family ipv6

[PE2-bgp-default-ipv6] peer 3::3 enable

[PE2-bgp-default-ipv6] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 4::4

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 400:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] opcode hex ::200 end-x interface GigabitEthernet1/0/2 nexthop 2002::2 no-psp

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc auto-sid-disable

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 在PE 1上配置SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator abc

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 1 ipv6 400:1::200

[PE2-srv6-te-sl-s1] index 2 ipv6 300:1::200

[PE2-srv6-te-sl-s1] index 3 ipv6 200:1::200

[PE2-srv6-te-sl-s1] quit

[PE2-srv6-te] policy policy1

[PE2-srv6-te-policy-p1] binding-sid ipv6 400:1::1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 在PE 1上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE2] route-policy as200 permit node 10

[PE2-route-policy-as200-10] apply extcommunity color 00:10

[PE2-route-policy-as200-10] quit

[PE2] bgp 200

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 route-policy as200 import

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

[PE2] tunnel-policy as200

[PE2-tunnel-policy-as200] select-seq srv6-policy load-balance-number 1

[PE2-tunnel-policy-as200] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy as200

[PE2-vpn-instance-vpn1] quit

5.3.6  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/1] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 20.1.1.2 as-number 200

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

5.4  验证配置

# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息，可以看到SRv6 TE Policy的Status字段为Up。

[PE1] display segment-routing ipv6 te policy

 

Name/ID: policy1/0

 Color: 10

 End-point: 4::4

 Name from BGP:

 BSID:

  Mode: Explicit            Type: Type_2              Request state: Succeeded

  Current BSID: 100:1::1    Explicit BSID: 100:1::1   Dynamic BSID: -

 Reference counts: 4

 Flags: A/BS/NC

 Status: Up

 AdminStatus: Up

 Up time: 2021-11-27 16:26:20

 Down time: 2021-11-27 16:25:55

 Hot backup: Not configured

 Statistics: Not configured

  Statistics by service class: Not configured

 Drop-upon-invalid: Disabled

 BFD trigger path-down: Disabled

 SBFD: Not configured

 BFD Echo: Not configured

 Forwarding index: 2150629377

 Service-class: -

 Rate-limit: -

 Encapsulation mode: -

 Candidate paths state: Configured

 Candidate paths statistics:

  CLI paths: 1          BGP paths: 0          PCEP paths: 0

 Candidate paths:

  Preference : 10

   CPathName:

   Instance ID: 0          ASN: 0          Node address: 0.0.0.0

   Peer address:  ::

   Optimal: Y              Flags: V/A

   Explicit SID list:

    ID: 1                     Name: s1

    Weight: 1                 Forwarding index: 2149580802

    State: Up                 State(-): -

    Active path MTU: 1428 bytes

# 在PE 1执行display ip routing-table vpn-instance vpn1命令查看VPN路由的详细信息，可以看出VPN路由20.1.1.0/24的出接口为SRv6 TE Policy p1。

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 11       Routes : 11

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

10.1.1.0/24        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.0/32        Direct  0   0           10.1.1.2        GE1/0/1

10.1.1.2/32        Direct  0   0           127.0.0.1       InLoop0

10.1.1.255/32      Direct  0   0           10.1.1.2        GE1/0/1

20.1.1.0/24        BGP     255 0           4::4            policy1

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# CE 1和CE 2之间能够ping通。

[CE1] ping 20.1.1.1

Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms

56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=3.000 ms

56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms

 

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/2.600/3.000/0.490 ms

5.5  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 65410

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy as100

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc auto-sid-disable

#

tunnel-policy as100

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack1

 peer 4::4 as-number 200

 peer 4::4 connect-interface LoopBack1

 peer 4::4 ebgp-max-hop 255

 #

 address-family vpnv4

  peer 4::4 enable

  peer 4::4 route-policy as100 import

  peer 4::4 prefix-sid

 #

 address-family ipv6 unicast

  peer 2::2 enable

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering

   segment-routing ipv6 locator abc

   import-route direct

   peer 10.1.1.1 enable

#

route-policy as100 permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator abc ipv6-prefix 100:1:: 64 static 16

  opcode hex ::100 end-x interface GigabitEthernet1/0/2 nexthop 1001::2 no-psp

 #

 traffic-engineering

  srv6-policy locator abc

  #

  segment-list s1

   index 1 ipv6 100:1::100

   index 2 ipv6 200:1::100

   index 3 ipv6 300:1::100

  #

  policy policy1

   binding-sid ipv6 100:1::1

   color 10 end-point ipv6 4::4

   #

   candidate-paths

    #

    preference 10

     explicit segment-list s1

#

·     ASBR 1：

#

 sysname ASBR1

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  import-route bgp4+ route-policy as100

  segment-routing ipv6 locator abc auto-sid-disable

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ipv6 address 3003::1/96

#

bgp 100

 segment-routing ipv6 egress-engineering locator abc

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 peer 3003::2 as-number 200

 peer 3003::2 ebgp-max-hop 255

 peer 3003::2 egress-engineering srv6 static-sid no-psp-usp 200:1::100

 #

 address-family ipv6 unicast

  import-route isisv6 1

  peer 1::1 enable

  peer 1::1 next-hop-local

  peer 3003::2 enable

#

route-policy as100 permit node 1

 if-match ipv6 address prefix-list as100

#

 ipv6 prefix-list as100 index 10 permit 400:1:: 64

 ipv6 prefix-list as100 index 20 permit 4::4 128

#

segment-routing ipv6

 #

 locator abc ipv6-prefix 200:1:: 64 static 16

  opcode hex ::200 end-x interface GigabitEthernet1/0/1 nexthop 1001::1

#

·     ASBR 2：

#

 sysname ASBR2

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  import-route bgp4+ route-policy as200

  segment-routing ipv6 locator abc auto-sid-disable

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ipv6 address 3003::2/96

#

bgp 200

 segment-routing ipv6 egress-engineering locator abc

 router-id 3.3.3.3

 peer 4::4 as-number 200

 peer 4::4 connect-interface LoopBack1

 peer 3003::1 as-number 100

 peer 3003::1 ebgp-max-hop 255

 peer 3003::1 egress-engineering srv6 static-sid no-psp-usp 300:1::200

 #

 address-family ipv6 unicast

  import-route isisv6 1

  peer 4::4 enable

  peer 4::4 next-hop-local

  peer 3003::1 enable

#

route-policy as200 permit node 1

 if-match ipv6 address prefix-list as200

#

 ipv6 prefix-list as200 index 10 permit 100:1:: 64

 ipv6 prefix-list as200 index 30 permit 1::1 128

#

segment-routing ipv6

 #

 locator abc ipv6-prefix 300:1:: 64 static 16

  opcode hex ::100 end-x interface GigabitEthernet1/0/1 nexthop 2002::1

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy as200

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0004.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc auto-sid-disable

#

tunnel-policy as200

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 4::4/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::1/96

#

bgp 200

 router-id 4.4.4.4

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 peer 1::1 ebgp-max-hop 255

 peer 3::3 as-number 200

 peer 3::3 connect-interface LoopBack1

 #

 address-family vpnv4

  peer 1::1 enable

  peer 1::1 route-policy as200 import

  peer 1::1 prefix-sid

 #

 address-family ipv6 unicast

  peer 3::3 enable

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 65420

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering

   segment-routing ipv6 locator abc

   import-route direct

   peer 20.1.1.1 enable

#

route-policy as200 permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 4::4

 #

 locator abc ipv6-prefix 400:1:: 64 static 16

  opcode hex ::200 end-x interface GigabitEthernet1/0/2 nexthop 2002::2 no-psp

 #

 traffic-engineering

  srv6-policy locator abc

  #

  segment-list s1

   index 1 ipv6 400:1::200

   index 2 ipv6 300:1::200

   index 3 ipv6 200:1::200

  #

  policy policy1

   binding-sid ipv6 400:1::1

   color 10 end-point ipv6 1::1

   #

   candidate-paths

    #

    preference 10

     explicit segment-list astoas

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 20.1.1.1 255.255.255.0

#

bgp 65420

 peer 20.1.1.2 as-number 200

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

6  IPv4 EVPN L3VPN over SRv6 TE Policy（静态配置）典型配置举例

6.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

6.2  组网需求

如图6所示，核心网为IPv6网络，私网为IPv4网络。PE 1、P和PE 2属于同一自治系统，它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间静态配置两条SRv6 TE Policy来承载IPv4 EVPN L3VPN业务。在PE 1和PE 2上配置路由策略来设置EVPN路由的Color属性，以便将流量引入到指定的SRv6 TE Policy中。

图6 IPv4 EVPN L3VPN over SRv6 TE Policy配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10.1.1.1/24	CE 2	GE1/0/2	20.1.1.1/24
PE 1	Loop1	1::1/128	PE 2	Loop1	3::3/128
	GE1/0/1	10.1.1.2/24		GE1/0/1	20.1.1.2/24
	GE1/0/2	1001::1/96		GE1/0/2	2001::1/96
P	Loop1	2::2/128
	GE1/0/1	1001::2/96
	GE1/0/2	2001::2/96

 

6.3  配置注意事项

如果网络中存在多种隧道，例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy，且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时，需要配置路由策略来设置路由的Color属性，并配置隧道策略来保证迭代隧道时，优先选择指定的SRv6 TE Policy。

6.4  配置步骤

6.4.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

6.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 1001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 1接入PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/1] quit

# 在PE 1与CE 1之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] opcode 1 end

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering evpn

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 在PE 1上配置SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator abc

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1

[PE1-srv6-te-sl-s1] quit

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 在PE 1上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE1] route-policy a permit node 10

[PE1-route-policy-a-10] apply extcommunity color 00:10

[PE1-route-policy-a-10] quit

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 route-policy a import

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

[PE1] tunnel-policy a

[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE1-tunnel-policy-a] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy a

[PE1-vpn-instance-vpn1] quit

6.4.3  配置P

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 00.0000.0000.0002.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 1

[P-LoopBack1] ipv6 address 2::2 128

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 1001::2 96

[P-GigabitEthernet1/0/2] isis ipv6 enable 1

[P-GigabitEthernet1/0/2] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[P-GigabitEthernet1/0/1] isis ipv6 enable 1

[P-GigabitEthernet1/0/1] quit

# 在P上配置Locator，并由IS-IS发布该Locator。

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[P-segment-routing-ipv6-locator-abc] opcode 1 end

[P-segment-routing-ipv6-locator-abc] quit

[P-segment-routing-ipv6] quit

[P] isis 1

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator abc

[P-isis-1-ipv6] quit

[P-isis-1] quit

6.4.4  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0003.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 3::3 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 2接入PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ip address 20.1.1.2 24

[PE2-GigabitEthernet1/0/1] quit

# 在PE 2与CE 2之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 3.3.3.3

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable

[PE2-bgp-default-ipv4-vpn1] import-route direct

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] opcode 1 end

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering evpn

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 在PE 2上配置SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator abc

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1

[PE2-srv6-te-sl-s1] quit

[PE2-srv6-te] policy p1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 在PE 2上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE2] route-policy a permit node 10

[PE2-route-policy-a-10] apply extcommunity color 00:10

[PE2-route-policy-a-10] quit

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 route-policy a import

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] tunnel-policy a

[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE2-tunnel-policy-a] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy a

[PE2-vpn-instance-vpn1] quit

6.4.5  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/2

[CE2-GigabitEthernet1/0/2] ip address 20.1.1.1 24

[CE2-GigabitEthernet1/0/2] quit

[CE2] bgp 300

[CE2-bgp-default] peer 20.1.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

6.5  验证配置

# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息，可以看到SRv6 TE Policy的Status字段为Up。

[PE1] display segment-routing ipv6 te policy

 

Name/ID: p1/0

 Color: 10

 End-point: 3::3

 Name from BGP:

 BSID:

  Mode: Dynamic             Type: Type_2              Request state: Succeeded

  Current BSID: 100:1::1:3  Explicit BSID: -          Dynamic BSID: 100:1::1:3

 Reference counts: 4

 Flags: A/BS/NC

 Status: Up

 AdminStatus: Up

 Up time: 2021-11-23 19:31:35

 Down time: 2021-11-23 19:27:37

 Hot backup: Not configured

 Statistics: Not configured

  Statistics by service class: Not configured

 Drop-upon-invalid: Disabled

 BFD trigger path-down: Disabled

 SBFD: Not configured

 BFD Echo: Not configured

 Forwarding index: 2150629377

 Service-class: -

 Rate-limit: -

 Encapsulation mode: -

 Candidate paths state: Configured

 Candidate paths statistics:

  CLI paths: 1          BGP paths: 0          PCEP paths: 0

 Candidate paths:

  Preference : 10

   CPathName:

   Instance ID: 0          ASN: 0          Node address: 0.0.0.0

   Peer address:  ::

   Optimal: Y              Flags: V/A

   Explicit SID list:

    ID: 1                     Name: s1

    Weight: 1                 Forwarding index: 2149580802

    State: Up                 State(-): -

    Active path MTU: 1428 bytes

# 在PE 1执行display ip routing-table vpn-instance vpn1 20.1.1.0 24命令查看VPN路由的详细信息，可以看出VPN路由20.1.1.0/24的出接口为SRv6 TE Policy p1。

[PE1] display ip routing-table vpn-instance vpn1 20.1.1.0 24

 

Summary count : 1

 

Destination/Mask   Proto   Pre Cost        NextHop         Interface

20.1.1.0/24        BGP     255 0           3::3            p1

# CE 1和CE 2之间能够ping通。

[CE1] ping 20.1.1.1

Ping 20.1.1.1 (20.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 20.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms

56 bytes from 20.1.1.1: icmp_seq=1 ttl=253 time=2.000 ms

56 bytes from 20.1.1.1: icmp_seq=2 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=3 ttl=253 time=1.000 ms

56 bytes from 20.1.1.1: icmp_seq=4 ttl=253 time=2.000 ms

 

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 ms

6.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 10.1.1.1 255.255.255.0

#

bgp 200

 peer 10.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 10.1.1.2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy a

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

tunnel-policy a

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 3::3 enable

  peer 3::3 route-policy a import

  peer 3::3 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 10.1.1.1 as-number 200

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 10.1.1.1 enable

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 locator abc ipv6-prefix 100:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 300:1::1

  policy p1

   color 10 end-point ipv6 3::3

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

segment-routing ipv6

 locator abc ipv6-prefix 200:1:: 64 static 16

  opcode 1 end

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy a

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

tunnel-policy a

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 route-policy a import

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 300

  #

  address-family ipv4 unicast

   segment-routing ipv6 traffic-engineering evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 20.1.1.1 enable

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 3::3

 locator abc ipv6-prefix 300:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 100:1::1

  policy p1

   color 10 end-point ipv6 1::1

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip address 20.1.1.1 255.255.255.0

#

bgp 300

 peer 20.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

7  IPv6 EVPN L3VPN over SRv6 BE典型配置举例

7.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

7.2  组网需求

如图7所示，核心网为IPv6网络，私网为IPv6网络，在核心网中PE设备之间部署EVPN L3VPN over SRv6 BE，通过SRv6隧道传递私网数据。

·     CE 1和CE 2均属于VPN 1。

·     CE与PE之间配置EBGP交换VPN路由信息。

·     同一自治系统内的PE设备之间运行IS-IS实现IPv6网络互通，配置MP-IBGP交换EVPN路由信息。

图7 IPv6 EVPN L3VPN over SRv6 BE配置组网图

‌

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	1000::1/96	CE 2	GE1/0/1	3000::1/96
PE 1	Loop1	1::1/128	PE 2	Loop1	3::3/128
	GE1/0/1	1000::2/96		GE1/0/1	3000::2/96
	GE1/0/2	2001::1/96		GE1/0/2	2002::1/96
P	Loop1	2::2/128
	GE1/0/1	2001::2/96
	GE1/0/2	2002::2/96

 

7.3  配置步骤

7.3.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 1000::1 96

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 1000::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 1000::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

7.3.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ipv6 address 1000::2 96

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 1000::1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE1-segment-routing-ipv6] locator evpn ipv6-prefix 1:2:: 96 static 16

[PE1-segment-routing-ipv6-locator-evpn] quit

[PE1-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator evpn

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator evpn evpn

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

7.3.3  配置P

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 00.0000.0000.0002.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 1

[P-LoopBack1] ipv6 address 2::2 128

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[P-GigabitEthernet1/0/1] isis ipv6 enable 1

[P-GigabitEthernet1/0/1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 2002::2 96

[P-GigabitEthernet1/0/2] isis ipv6 enable 1

[P-GigabitEthernet1/0/2] quit

7.3.4  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0003.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 3::3 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2002::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ipv6 address 3000::2 96

[PE2-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 3000::1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 3000::1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE2-segment-routing-ipv6] locator evpn ipv6-prefix 3:4:: 96 static 16

[PE2-segment-routing-ipv6-locator-evpn] quit

[PE2-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator evpn

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator evpn evpn

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

7.3.5  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 3000::1 96

[CE2-GigabitEthernet1/0/1] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 3000::2 as-number 100

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 3000::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

7.4  验证配置

# 在PE设备上执行display bgp l2vpn evpn命令查看对端PE发送的路由详细信息，可以看到对端PE发送的路由携带SID属性数据。

以PE 1为例：

[PE1] display bgp l2vpn evpn [5][0][96][3000::]/176

 

 BGP local router ID: 1.1.1.1

 Local AS number: 100

 

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 1

 Paths:   1 available, 1 best

 

 BGP routing table information of [5][0][96][3000::]/176:

 From            : 3::3 (2.2.2.2)

 Rely nexthop    : FE80::A06E:DBFF:FEFC:316

 Original nexthop: 3::3

 Out interface   : GigabitEthernet1/0/2

 Route age       : 00h00m29s

 OutLabel        : 3

 Ext-Community   : <RT: 100:1>

 RxPathID        : 0x0

 TxPathID        : 0x0

 PrefixSID       : End.DT6 SID <3:4::1:4>

 AS-path         : (null)

 Origin          : incomplete

 Attribute value : MED 0, localpref 100, pref-val 0

 State           : valid, internal, best

 Source type     : local

 IP precedence   : N/A

 QoS local ID    : N/A

 Traffic index   : N/A

 EVPN route type : IP prefix advertisement route

 ESI             : 0000.0000.0000.0000.0000

 Ethernet tag ID : 0

 IP prefix       : 3000::/96

 Gateway address : ::

 MPLS label      : 3

 Tunnel policy   : NULL

 Rely tunnel IDs : N/A

 Re-orignination : Disable

# CE 1和CE 2之间能够ping通。

[CE1] ping ipv6 3000::1

Ping6(56 data bytes) 1000::1 --> 3000::1, press CTRL_C to break

56 bytes from 3000::1, icmp_seq=0 hlim=62 time=3.000 ms

56 bytes from 3000::1, icmp_seq=1 hlim=62 time=2.000 ms

56 bytes from 3000::1, icmp_seq=2 hlim=62 time=2.000 ms

56 bytes from 3000::1, icmp_seq=3 hlim=62 time=2.000 ms

56 bytes from 3000::1, icmp_seq=4 hlim=62 time=2.000 ms

 

--- Ping6 statistics for 3000::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/2.200/3.000/0.400 ms

7.5  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 1000::1/96

#

bgp 200

 router-id 11.11.11.11

 peer 1000::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 1000::2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator evpn

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 1000::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 3::3 enable

  peer 3::3 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 1000::1 as-number 200

  #

  address-family ipv6 unicast

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator evpn evpn

   import-route direct

   peer 1000::1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator evpn ipv6-prefix 1:2:: 96 static 16

#

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::2/96

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator evpn

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 3000::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::1/96

#

bgp 100

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 3000::1 as-number 300

  #

  address-family ipv6 unicast

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator evpn evpn

   import-route direct

   peer 3000::1 enable

#

segment-routing ipv6

 encapsulation source-address 3::3

 #

 locator evpn ipv6-prefix 3:4:: 96 static 16

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 3000::1/96

#

bgp 300

 router-id 22.22.22.22

 peer 3000::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 3000::2 enable

#

8  IPv6 EVPN L3VPN over SRv6 BE ECMP典型配置举例

8.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

8.2  组网需求

如图8所示，核心网为IPv6网络，私网为IPv6网络。PE 1、P 1、P 2和PE 2属于同一自治系统，要求它们之间通过IS-IS协议达到IPv6网络互连的目的。要求在PE 1和PE 2之间建立双向SRv6 BE路径，承载IPv6 EVPN L3VPN业务。为了充分利用网络资源，要求业务流量在PE 1和PE 2之间的SRv6 BE上进行ECMP。

图8 IPv6 EVPN L3VPN over SRv6 BE ECMP配置组网图

‌

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	1000::1/96	CE 2	GE1/0/1	4000::1/96
PE 1	Loop1	1::1/128	PE 2	Loop1	4::4/128
	GE1/0/1	1000::2/96		GE1/0/1	4000::2/96
	GE1/0/2	2001::1/96		GE1/0/2	2002::1/96
	GE1/0/3	3001::1/96		GE1/0/3	3002::1/96
P 1	Loop1	2::2/128	P 2	Loop1	2::2/128
	GE1/0/1	2001::2/96		GE1/0/1	3001::2/96
	GE1/0/2	2002::2/96		GE1/0/2	3002::2/96

 

8.3  配置注意事项

SRv6 BE ECMP依赖于网络中的等价路由，所以为了确保配置成功，用户需要合理规划链路的IGP cost。在本例中，各个链路采用缺省cost值（10）。

8.4  配置步骤

8.4.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 1000::1 96

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 1000::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 1000::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

8.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

[PE1] interface gigabitethernet 1/0/3

[PE1-GigabitEthernet1/0/3] ipv6 address 3001::1 96

[PE1-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ipv6 address 1000::2 96

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 1000::1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE1-bgp-default] peer 4::4 as-number 100

[PE1-bgp-default] peer 4::4 connect-interface loopback 1

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 4::4 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 4::4 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

8.4.3  配置P 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname P1

[P1] isis 1

[P1-isis-1] cost-style wide

[P1-isis-1] network-entity 00.0000.0000.0002.00

[P1-isis-1] address-family ipv6 unicast

[P1-isis-1-ipv6] quit

[P1-isis-1] quit

[P1] interface loopback 1

[P1-LoopBack1] ipv6 address 2::2 128

[P1-LoopBack1] isis ipv6 enable 1

[P1-LoopBack1] quit

[P1] interface gigabitethernet 1/0/1

[P1-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[P1-GigabitEthernet1/0/1] isis ipv6 enable 1

[P1-GigabitEthernet1/0/1] quit

[P1] interface gigabitethernet 1/0/2

[P1-GigabitEthernet1/0/2] ipv6 address 2002::2 96

[P1-GigabitEthernet1/0/2] isis ipv6 enable 1

[P1-GigabitEthernet1/0/2] quit

8.4.4  配置P 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname P2

[P2] isis 1

[P2-isis-1] cost-style wide

[P2-isis-1] network-entity 00.0000.0000.0003.00

[P2-isis-1] address-family ipv6 unicast

[P2-isis-1-ipv6] quit

[P2-isis-1] quit

[P2] interface loopback 1

[P2-LoopBack1] ipv6 address 2::2 128

[P2-LoopBack1] isis ipv6 enable 1

[P2-LoopBack1] quit

[P2] interface gigabitethernet 1/0/1

[P2-GigabitEthernet1/0/1] ipv6 address 3001::2 96

[P2-GigabitEthernet1/0/1] isis ipv6 enable 1

[P2-GigabitEthernet1/0/1] quit

[P2] interface gigabitethernet 1/0/2

[P2-GigabitEthernet1/0/2] ipv6 address 3002::2 96

[P2-GigabitEthernet1/0/2] isis ipv6 enable 1

[P2-GigabitEthernet1/0/2] quit

8.4.5  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0004.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 4::4 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2002::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

[PE2] interface gigabitethernet 1/0/3

[PE2-GigabitEthernet1/0/3] ipv6 address 3002::1 96

[PE2-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ipv6 address 4000::2 96

[PE2-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 4.4.4.4

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 4000::1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 4000::1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 4::4

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

8.4.6  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 4000::1 96

[CE2-GigabitEthernet1/0/1] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 4000::2 as-number 100

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 4000::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

8.5  验证配置

# 执行命令display ipv6 routing-table vpn-instance查看VPN路由信息，可以看出VPN路由4000::1/96具有两个出接口，转发时将形成ECMP。

以PE 1为例：

[PE1] display ipv6 routing-table vpn-instance vpn1 4000::1 96

 

Summary count : 1

 

Destination: 4000::/96                                   Protocol  : BGP4+

NextHop    : 200:1::                                     Preference: 255

Interface  : GE1/0/2                                     Cost      : 0

 

Destination: 4000::/96                                   Protocol  : BGP4+

NextHop    : 200:1::                                     Preference: 255

Interface  : GE1/0/3                                     Cost      : 0

# CE 1和CE 2之间能够ping通。

[CE1] ping ipv6 4000::1

Ping6(56 data bytes) 1000::1 --> 4000::1, press CTRL_C to break

56 bytes from 4000::1, icmp_seq=0 hlim=62 time=2.000 ms

56 bytes from 4000::1, icmp_seq=1 hlim=62 time=2.000 ms

56 bytes from 4000::1, icmp_seq=2 hlim=62 time=2.000 ms

56 bytes from 4000::1, icmp_seq=3 hlim=62 time=1.000 ms

56 bytes from 4000::1, icmp_seq=4 hlim=62 time=1.000 ms

 

--- Ping6 statistics for 4000::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 ms

8.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 1000::1/96

#

bgp 200

 router-id 11.11.11.11

 peer 1000::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 1000::2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 1000::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 4::4 as-number 100

 peer 4::4 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 4::4 enable

  peer 4::4 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 1000::1 as-number 200

  #

  address-family ipv6 unicast

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 1000::1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator abc ipv6-prefix 100:1:: 64 static 16

#

·     P 1：

#

 sysname P1

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::2/96

#

·     P 2：

#

 sysname P2

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3002::2/96

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0004.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 4::4/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 4000::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2002::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3002::1/96

#

bgp 100

 router-id 4.4.4.4

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 4000::1 as-number 300

  #

  address-family ipv6 unicast

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 4000::1 enable

#

segment-routing ipv6

 encapsulation source-address 4::4

 #

 locator abc ipv6-prefix 200:1:: 64 static 16

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 4000::1/96

#

bgp 300

 router-id 22.22.22.22

 peer 4000::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 4000::2 enable

#

9  IPv6 EVPN L3VPN over SRv6 BE快速重路由典型配置举例

9.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

9.2  组网需求

如图9所示，核心网为IPv6网络，私网为IPv6网络。PE 1、P 1、P 2和PE 2属于同一自治系统，要求它们之间通过IS-IS协议达到IPv6网络互连的目的。要求在PE 1和PE 2之间建立双向SRv6 BE路径，承载IPv6 EVPN L3VPN业务。为了提升网络可靠性，要求在PE 1上配置快速重路由功能，实现当主路径出现故障时，将流量迅速切换到备份路径，大大缩短故障恢复时间。

图9 IPv6 EVPN L3VPN over SRv6 BE快速重路由配置组网图

‌

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop1	1::1/128	PE 2	Loop1	2::2/128
	GE1/0/1	1000::2/96		GE1/0/1	2001::2/96
	GE1/0/2	2001::1/96		GE1/0/2	2002::2/96
	GE1/0/3	3001::1/96	PE 3	Loop1	3::3/128
				GE1/0/1	3001::2/96
				GE1/0/2	3002::2/96
CE 1	Loop1	11::11/128	CE 2	Loop1	22::22/128
	GE1/0/1	1000::1/96		GE1/0/1	2002::1/96
				GE1/0/2	3002::1/96

 

9.3  配置步骤

9.3.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface loopback 1

[CE1-LoopBack1] ipv6 address 11::11 128

[CE1-LoopBack1] quit

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 1000::1 96

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 1000::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 1000::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

9.3.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

[PE1] interface gigabitethernet 1/0/3

[PE1-GigabitEthernet1/0/3] ipv6 address 3001::1 96

[PE1-GigabitEthernet1/0/3] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/3] quit

# 配置VPN实例，将CE接入PE。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ipv6 address 1000::2 96

[PE1-GigabitEthernet1/0/1] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 1000::1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 1000::1 enable

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 1

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

# 配置快速重路由功能。

[PE1-bgp-default-ipv6-vpn1] pic

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 使用静态BFD检测Locator路由。如果Locator路由不可达，触发快速重路由进行路径切换。

[PE1] bfd static test peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 10 remote 20

[PE1-bfd-static-session-test] bfd multi-hop min-transmit-interval 100

[PE1-bfd-static-session-test] bfd multi-hop min-receive-interval 100

[PE1-bfd-static-session-test] bfd multi-hop detect-multiplier 3

[PE1-bfd-static-session-test] quit

[PE1] bgp 100

[PE1-bgp-default] primary-path-detect bfd ctrl

[PE1-bgp-default] quit

9.3.3  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 2::2 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[PE2-GigabitEthernet1/0/1] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/1] quit

# 配置VPN实例，将CE接入PE。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/2] ipv6 address 2002::2 96

[PE2-GigabitEthernet1/0/2] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 2002::1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 2002::1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 使用静态BFD检测Locator路由。如果Locator路由不可达，触发快速重路由进行路径切换。

[PE2] bfd static test peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 20 remote 10

[PE2-bfd-static-session-test] bfd multi-hop min-transmit-interval 100

[PE2-bfd-static-session-test] bfd multi-hop min-receive-interval 100

[PE2-bfd-static-session-test] bfd multi-hop detect-multiplier 3

[PE2-bfd-static-session-test] quit

9.3.4  配置PE 3

# 配置IPv6 IS-IS，实现骨干网PE和P的互通。

<Sysname> system-view

[Sysname] sysname PE3

[PE3] isis 1

[PE3-isis-1] cost-style wide

[PE3-isis-1] network-entity 00.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

[PE3] interface loopback 1

[PE3-LoopBack1] ipv6 address 3::3 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

[PE3] interface gigabitethernet 1/0/1

[PE3-GigabitEthernet1/0/1] ipv6 address 3001::2 96

[PE3-GigabitEthernet1/0/1] isis ipv6 enable 1

[PE3-GigabitEthernet1/0/1] quit

# 配置VPN实例，将CE接入PE。

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 300:1

[PE3-vpn-instance-vpn1] vpn-target 100:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface gigabitethernet 1/0/2

[PE3-GigabitEthernet1/0/2] ip binding vpn-instance vpn1

[PE3-GigabitEthernet1/0/2] ipv6 address 3002::2 96

[PE3-GigabitEthernet1/0/2] quit

# 在PE与CE之间建立EBGP对等体，引入VPN路由。

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 3002::1 as-number 300

[PE3-bgp-default-vpn1] address-family ipv6 unicast

[PE3-bgp-default-ipv6-vpn1] peer 3002::1 enable

[PE3-bgp-default-ipv6-vpn1] import-route direct

[PE3-bgp-default-ipv6-vpn1] quit

[PE3-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 1

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址。

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

# 在PE设备上配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址End.DT6 SID所属的Locator。

[PE3-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[PE3-segment-routing-ipv6-locator-abc] quit

[PE3-segment-routing-ipv6] quit

# 在PE设备上配置IS-IS引用并发布Locator。

[PE3] isis 1

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator abc

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

# 在PE设备上配置IPv6对等体之间交换End.DT6 SID，同时允许将私网路由迭代到End.DT6 SID的路由条目上。

[PE3] bgp 100

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] address-family ipv6 unicast

[PE3-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE3-bgp-default-ipv6-vpn1] segment-routing ipv6 best-effort evpn

[PE3-bgp-default-ipv6-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

9.3.5  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface loopback 1

[CE2-LoopBack1] ipv6 address 22::22 128

[CE2-LoopBack1] quit

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 2002::1 96

[CE2-GigabitEthernet1/0/1] quit

[CE2] interface gigabitethernet 1/0/2

[CE2-GigabitEthernet1/0/2] ipv6 address 3002::1 96

[CE2-GigabitEthernet1/0/2] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 2002::2 as-number 100

[CE2-bgp-default] peer 3002::2 as-number 100

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 2002::2 enable

[CE2-bgp-default-ipv6] peer 3002::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

9.4  验证配置

# 执行命令display ipv6 routing-table vpn-instance verbose查看VPN路由信息，可以看出VPN路由22::22/128具有备份出接口。

以PE 1为例：

[PE1] display ipv6 routing-table vpn-instance vpn1 22::22 128 verbose

 

Summary count : 1

 

 Destination: 22::22/128

    Protocol: BGP4+ instance default

  Process ID: 0

   SubProtID: 0x8                       Age: 00h27m38s

  FlushedAge: 00h27m38s

        Cost: 0                  Preference: 255

       IpPre: N/A                QosLocalID: N/A

         Tag: 0                       State: Active Adv

   OrigTblID: 0x0                   OrigVrf: default-vrf

     TableID: 0x10a                  OrigAs: 300

       NibID: 0x2600000a             LastAs: 300

      AttrID: 0x0

    BkAttrID: 0x7                  Neighbor: 2::2

       Flags: 0x80010060        OrigNextHop: 200:1::

       Label: NULL              RealNextHop: FE80::8099:2EFF:FE26:316

     BkLabel: NULL                BkNextHop: FE80::8099:32FF:FEB6:416

     SRLabel: NULL                Interface: GigabitEthernet1/0/2

   BkSRLabel: NULL              BkInterface: GigabitEthernet1/0/3

   Tunnel ID: Invalid           IPInterface: GigabitEthernet1/0/2

 BkTunnel ID: Invalid         BkIPInterface: GigabitEthernet1/0/3

     InLabel: 0              ColorInterface: N/A

    SIDIndex: 0            BkColorInterface: N/A

    FtnIndex: 0x0           TunnelInterface: N/A

TrafficIndex: N/A         BkTunnelInterface: N/A

   Connector: N/A                    PathID: 0x0

      UserID: 0x0                SRTunnelID: Invalid

    SID Type: N/A                       NID: Invalid

    FlushNID: Invalid                 BkNID: Invalid

  BkFlushNID: Invalid             StatFlags: 0x0

         SID: 200:1::1:4

       BkSID: 300:1::1:4

CommBlockLen: 0                    Priority: Low

# CE 1和CE 2之间能够ping通。

[CE1] ping ipv6 22::22

Ping6(56 data bytes) 1000::1 --> 22::22, press CTRL_C to break

56 bytes from 22::22, icmp_seq=0 hlim=62 time=2.000 ms

56 bytes from 22::22, icmp_seq=1 hlim=62 time=2.000 ms

56 bytes from 22::22, icmp_seq=2 hlim=62 time=1.000 ms

56 bytes from 22::22, icmp_seq=3 hlim=62 time=1.000 ms

56 bytes from 22::22, icmp_seq=4 hlim=62 time=1.000 ms

 

--- Ping6 statistics for 22::22 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms

# 关闭PE 1的接口GigabitEthernet1/0/2。

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] shutdown

[PE1-GigabitEthernet1/0/2] quit

# 在PE 1上执行命令display ipv6 routing-table vpn-instance verbose查看VPN路由信息，可以看出VPN路由22::22/128的出接口变为GigabitEthernet1/0/3。

[PE1] display ipv6 routing-table vpn-instance vpn1 22::22 128 verbose

 

Summary count : 1

 

 Destination: 22::22/128

    Protocol: BGP4+ instance default

  Process ID: 0

   SubProtID: 0x8                       Age: 01h24m03s

        Cost: 0                  Preference: 255

       IpPre: N/A                QosLocalID: N/A

         Tag: 0                       State: Active Adv

   OrigTblID: 0x0                   OrigVrf: default-vrf

     TableID: 0x10a                  OrigAs: 300

       NibID: 0x26000007             LastAs: 300

      AttrID: 0x3                  Neighbor: 3::3

       Flags: 0x80010060        OrigNextHop: 300:1::

       Label: NULL              RealNextHop: FE80::843:49FF:FE7B:506

     BkLabel: NULL                BkNextHop: N/A

     SRLabel: NULL                Interface: GigabitEthernet1/0/3

   BkSRLabel: NULL              BkInterface: N/A

    SIDIndex: NULL                  InLabel: NULL

   Tunnel ID: Invalid           IPInterface: GigabitEthernet1/0/3

 BkTunnel ID: Invalid         BkIPInterface: N/A

    FtnIndex: 0x0            ColorInterface: N/A

TrafficIndex: N/A          BkColorInterface: N/A

   Connector: N/A                 VpnPeerId: N/A

        Dscp: N/A                       Exp: N/A

  SRTunnelID: Invalid             StatFlags: 0x0

    SID Type: N/A                       SID: 300:1::1:2

       BkSID: N/A                       NID: Invalid

    FlushNID: Invalid                 BkNID: Invalid

  BkFlushNID: Invalid                PathID: 0x0

CommBlockLen: 0

  OrigLinkID: 0x0                RealLinkID: 0x0

9.5  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 1000::1/96

#

bgp 200

 router-id 11.11.11.11

 peer 1000::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 1000::2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 1000::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

interface GigabitEthernet1/0/3

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3001::1/96

#

bfd static test peer-ipv6 200:1:: source-ipv6 100:1:: discriminator local 10 remote 20

 bfd multi-hop min-transmit-interval 100

 bfd multi-hop min-receive-interval 100

 bfd multi-hop detect-multiplier 3

#

bgp 100

 primary-path-detect bfd ctrl

 router-id 1.1.1.1

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 2::2 enable

  peer 2::2 advertise encap-type srv6

  peer 3::3 enable

  peer 3::3 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 1000::1 as-number 200

  #

  address-family ipv6 unicast

   pic

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 1000::1 enable

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator abc ipv6-prefix 100:1:: 64 static 16

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 200:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 2002::2/96

#

bfd static test peer-ipv6 100:1:: source-ipv6 200:1:: discriminator local 20 remote 10

 bfd multi-hop min-transmit-interval 100

 bfd multi-hop min-receive-interval 100

 bfd multi-hop detect-multiplier 3

#

bgp 100

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 2002::1 as-number 300

  #

  address-family ipv6 unicast

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 2002::1 enable

#

segment-routing ipv6

 encapsulation source-address 2::2

 #

 locator abc ipv6-prefix 200:1:: 64 static 16

#

·     PE 3：

#

 sysname PE3

#

ip vpn-instance vpn1

 route-distinguisher 300:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 3001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 3002::2/96

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 3002::1 as-number 300

  #

  address-family ipv6 unicast

   undo advertise l2vpn evpn

   segment-routing ipv6 best-effort evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 3002::1 enable

#

segment-routing ipv6

 encapsulation source-address 3::3

 #

 locator abc ipv6-prefix 300:1:: 64 static 16

#

·     CE 2：

#

 sysname CE2

#

interface LoopBack1

 ipv6 address 22::22/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 2002::1/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 ipv6 address 3002::1/96

#

bgp 300

 router-id 22.22.22.22

 peer 2002::2 as-number 100

 peer 3002::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 2002::2 enable

  peer 3002::2 enable

#

10  IPv6 EVPN L3VPN over SRv6 TE Policy（静态配置）典型配置举例

10.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

10.2  组网需求

如图10所示，核心网为IPv6网络，私网为IPv6网络。PE 1、P和PE 2属于同一自治系统，它们之间通过IS-IS协议达到IPv6网络互通。在PE 1和PE 2之间静态配置两条SRv6 TE Policy来承载IPv6 EVPN L3VPN业务。在PE 1和PE 2上配置路由策略来设置EVPN路由的Color属性来引流到指定的SRv6 TE Policy中。

图10 IPv6 EVPN L3VPN over SRv6 TE Policy配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	100::1/96	CE 2	GE1/0/2	200::1/96
PE 1	Loop1	1::1/128	PE 2	Loop1	3::3/128
	GE1/0/1	100::2/96		GE1/0/1	200::2/96
	GE1/0/2	1001::1/96		GE1/0/2	2001::1/96
P	Loop1	2::2/128
	GE1/0/1	1001::2/96
	GE1/0/2	2001::2/96

 

10.3  配置注意事项

如果网络中存在多种隧道，例如网络中存在多个SRv6 TE Policy和多个SR-MPLS TE Policy，且SRv6 TE Policy和SR-MPLS TE Policy存在相同Color值时，需要配置路由策略来设置路由的Color属性，并配置隧道策略来保证迭代隧道时，优先选择指定的SRv6 TE Policy。

10.4  配置步骤

10.4.1  配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 100::1 96

[CE1-GigabitEthernet1/0/1] quit

[CE1] bgp 200

[CE1-bgp-default] router-id 11.11.11.11

[CE1-bgp-default] peer 100::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 100::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

10.4.2  配置PE 1

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 00.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ipv6 address 1::1 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 1001::1 96

[PE1-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE1-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 1接入PE 1。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE1-GigabitEthernet1/0/1] ipv6 address 100::2 96

[PE1-GigabitEthernet1/0/1] quit

# 在PE 1与CE 1之间建立EBGP对等体，引入VPN路由。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 100::1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 100::1 enable

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 1

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator abc ipv6-prefix 100:1:: 64 static 16

[PE1-segment-routing-ipv6-locator-abc] opcode 1 end

[PE1-segment-routing-ipv6-locator-abc] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator abc

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE1-bgp-default-ipv6-vpn1] segment-routing ipv6 traffic-engineering evpn

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 在PE 1上配置SRv6 TE Policy。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator abc

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE1-srv6-te-sl-s1] index 20 ipv6 300:1::1

[PE1-srv6-te-sl-s1] quit

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 在PE 1上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE1] route-policy a permit node 10

[PE1-route-policy-a-10] apply extcommunity color 00:10

[PE1-route-policy-a-10] quit

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 route-policy a import

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

[PE1] tunnel-policy a

[PE1-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE1-tunnel-policy-a] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy a

[PE1-vpn-instance-vpn1] quit

10.4.3  配置P

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname P

[P] isis 1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 00.0000.0000.0002.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 1

[P-LoopBack1] ipv6 address 2::2 128

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 1001::2 96

[P-GigabitEthernet1/0/2] isis ipv6 enable 1

[P-GigabitEthernet1/0/2] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 2001::2 96

[P-GigabitEthernet1/0/1] isis ipv6 enable 1

[P-GigabitEthernet1/0/1] quit

# 在P上配置Locator，并由IS-IS发布该Locator。

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator abc ipv6-prefix 200:1:: 64 static 16

[P-segment-routing-ipv6-locator-abc] opcode 1 end

[P-segment-routing-ipv6-locator-abc] quit

[P-segment-routing-ipv6] quit

[P] isis 1

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator abc

[P-isis-1-ipv6] quit

[P-isis-1] quit

10.4.4  配置PE 2

# 配置IPv6 IS-IS，实现骨干网PE之间的互通。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 00.0000.0000.0003.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ipv6 address 3::3 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 2001::1 96

[PE2-GigabitEthernet1/0/2] isis ipv6 enable 1

[PE2-GigabitEthernet1/0/2] quit

# 配置VPN实例，将CE 2接入PE 2。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[PE2-GigabitEthernet1/0/1] ipv6 address 200::2 96

[PE2-GigabitEthernet1/0/1] quit

# 在PE 2与CE 2之间建立EBGP对等体，引入VPN路由。

[PE2] bgp 100

[PE2-bgp-default] router-id 3.3.3.3

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 200::1 as-number 300

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 200::1 enable

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

# 在PE之间建立BGP EVPN对等体。

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 1

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在PE 1和PE 2之间VPN路由迭代到SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 300:1:: 64 static 16

[PE2-segment-routing-ipv6-locator-abc] opcode 1 end

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 locator abc evpn

[PE2-bgp-default-ipv6-vpn1] segment-routing ipv6 traffic-engineering evpn

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 在PE 2上配置SRv6 TE Policy。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator abc

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 10 ipv6 200:1::1

[PE2-srv6-te-sl-s1] index 20 ipv6 100:1::1

[PE2-srv6-te-sl-s1] quit

[PE2-srv6-te] policy p1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 在PE 2上配置路由策略及隧道策略，将VPN业务流量通过路由策略引流到指定的SRv6 TE Policy，并保证SRv6 TE Policy为优选隧道。

[PE2] route-policy a permit node 10

[PE2-route-policy-a-10] apply extcommunity color 00:10

[PE2-route-policy-a-10] quit

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 route-policy a import

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] tunnel-policy a

[PE2-tunnel-policy-a] select-seq srv6-policy load-balance-number 1

[PE2-tunnel-policy-a] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy a

[PE2-vpn-instance-vpn1] quit

10.4.5  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/2

[CE2-GigabitEthernet1/0/2] ipv6 address 200::1 96

[CE2-GigabitEthernet1/0/2] quit

[CE2] bgp 300

[CE2-bgp-default] router-id 22.22.22.22

[CE2-bgp-default] peer 200::2 as-number 100

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 200::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

10.5  验证配置

# 在PE 1执行display segment-routing ipv6 te policy命令查看SRv6 TE Policy的详细信息，可以看到SRv6 TE Policy的Status字段为Up。

[PE1] display segment-routing ipv6 te policy

 

Name/ID: p1/0

 Color: 10

 End-point: 3::3

 Name from BGP:

 BSID:

  Mode: Dynamic             Type: Type_2              Request state: Succeeded

  Current BSID: 100:1::1:3  Explicit BSID: -          Dynamic BSID: 100:1::1:3

 Reference counts: 4

 Flags: A/BS/NC

 Status: Up

 AdminStatus: Up

 Up time: 2021-11-23 19:31:35

 Down time: 2021-11-23 19:27:37

 Hot backup: Not configured

 Statistics: Not configured

  Statistics by service class: Not configured

 Drop-upon-invalid: Disabled

 BFD trigger path-down: Disabled

 SBFD: Not configured

 BFD Echo: Not configured

 Forwarding index: 2150629377

 Service-class: -

 Rate-limit: -

 Encapsulation mode: -

 Candidate paths state: Configured

 Candidate paths statistics:

  CLI paths: 1          BGP paths: 0          PCEP paths: 0

 Candidate paths:

  Preference : 10

   CPathName:

   Instance ID: 0          ASN: 0          Node address: 0.0.0.0

   Peer address:  ::

   Optimal: Y              Flags: V/A

   Explicit SID list:

    ID: 1                     Name: s1

    Weight: 1                 Forwarding index: 2149580802

    State: Up                 State(-): -

    Active path MTU: 1428 bytes

# 在PE 1执行display ip routing-table vpn-instance vpn1 200::1 96命令查看VPN路由的详细信息，可以看出VPN路由200::1/96的出接口为SRv6 TE Policy p1。

[PE1] display ipv6 routing-table vpn-instance vpn1 200::1 96

 

Summary count : 1

 

Destination: 200::/96                                    Protocol  : BGP4+

NextHop    : 3::3                                        Preference: 255

Interface  : p1                                          Cost      : 0

# CE 1和CE 2之间能够ping通。

[CE1] >ping ipv6 200::1

Ping6(56 data bytes) 100::1 --> 200::1, press CTRL_C to break

56 bytes from 200::1, icmp_seq=0 hlim=62 time=2.000 ms

56 bytes from 200::1, icmp_seq=1 hlim=62 time=1.000 ms

56 bytes from 200::1, icmp_seq=2 hlim=62 time=2.000 ms

56 bytes from 200::1, icmp_seq=3 hlim=62 time=2.000 ms

56 bytes from 200::1, icmp_seq=4 hlim=62 time=1.000 ms

 

--- Ping6 statistics for 200::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.600/2.000/0.490 mss

10.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 100::1/96

#

bgp 200

 router-id 11.11.11.11

 peer 100::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 100::2 enable

#

·     PE 1：

#

 sysname PE1

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy a

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0001.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

tunnel-policy a

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 100::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::1/96

#

bgp 100

 router-id 1.1.1.1

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 3::3 enable

  peer 3::3 route-policy a import

  peer 3::3 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 100::1 as-number 200

  #

  address-family ipv6 unicast

   segment-routing ipv6 traffic-engineering evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 100::1 enable

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 locator abc ipv6-prefix 100:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 300:1::1

  policy p1

   color 10 end-point ipv6 3::3

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     P：

#

 sysname P

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0002.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 1001::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::2/96

#

segment-routing ipv6

 locator abc ipv6-prefix 200:1:: 64 static 16

  opcode 1 end

#

·     PE 2：

#

 sysname PE2

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 tnl-policy a

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

isis 1

 cost-style wide

 network-entity 00.0000.0000.0003.00

 #

 address-family ipv6 unicast

  segment-routing ipv6 locator abc

#

tunnel-policy a

 select-seq srv6-policy load-balance-number 1

#

interface LoopBack1

 isis ipv6 enable 1

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ip binding vpn-instance vpn1

 ipv6 address 200::2/96

#

interface GigabitEthernet1/0/2

 port link-mode route

 isis ipv6 enable 1

 ipv6 address 2001::1/96

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack1

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 route-policy a import

  peer 1::1 advertise encap-type srv6

 #

 ip vpn-instance vpn1

  peer 200::1 as-number 300

  #

  address-family ipv6 unicast

   segment-routing ipv6 traffic-engineering evpn

   segment-routing ipv6 locator abc evpn

   import-route direct

   peer 200::1 enable

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 3::3

 locator abc ipv6-prefix 300:1:: 64 static 16

  opcode 1 end

 traffic-engineering

  srv6-policy locator abc

  segment-list s1

   index 10 ipv6 200:1::1

   index 20 ipv6 100:1::1

  policy p1

   color 10 end-point ipv6 1::1

   candidate-paths

    preference 10

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 200::1/96

#

bgp 300

 router-id 22.22.22.22

 peer 200::2 as-number 100

 #

 address-family ipv6 unicast

  import-route direct

  peer 200::2 enable

#

11  EVPN VPWS over SRv6 BE（CE双归单活）典型配置举例

11.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

11.2  组网需求

用户网络有两个站点，站点边缘设备分别为CE 1和CE 2。PE之间运行OSPFv3协议达到IPv6网络互连的目的。CE 1通过聚合链路多归属于PE 1和PE 2，CE 2为PE 3下的单归属设备。CE 1和CE 2希望通过在骨干网上建立的SRv6隧道，实现站点1与站点2之间二层互通。

图11 EVPN VPWS over SRv6多归属配置组网图

 

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	1::1/128	CE 1	RAGG1	100::1/64
	GE1/0/1	-	CE 2	GE1/0/1	100::2/64
	GE1/0/2	10::1/64	PE 3	Loop0	3::3/128
	GE1/0/3	20::1/64		GE1/0/1	-
PE 2	Loop0	2::2/128		GE1/0/2	10::3/64
	GE1/0/1	-		GE1/0/3	30::3/64
	GE1/0/2	30::2/64
	GE1/0/3	20::2/64

 

11.3  配置步骤

11.3.1  配置CE 1

# 创建三层聚合接口1，采用动态聚合模式，并为其配置IP地址和子网掩码。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] interface route-aggregation 1

[CE1-Route-Aggregation1] link-aggregation mode dynamic

[CE1-Route-Aggregation1] ipv6 address 100::1 64

[CE1-Route-Aggregation1] quit

# 将接口GigabitEthernet1/0/1至GigabitEthernet1/0/2加入到聚合组1中。

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] port link-aggregation group 1

[CE1-GigabitEthernet1/0/1] quit

[CE1] interface gigabitethernet 1/0/2

[CE1-GigabitEthernet1/0/2] port link-aggregation group 1

[CE1-GigabitEthernet1/0/2] quit

11.3.2  配置PE 1

# 在PE 1上运行OSPFv3。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# 配置Loopback0接口。

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# 开启L2VPN功能。

[PE1] l2vpn enable

# 配置连接PE 3的接口GigabitEthernet1/0/2。

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 10::1/64

[PE1-GigabitEthernet1/0/2] ospfv3 1 area 0

[PE1-GigabitEthernet1/0/2] quit

# 配置连接PE 2的接口GigabitEthernet1/0/3。

[PE1] interface gigabitethernet 1/0/3

[PE1-GigabitEthernet1/0/3] ipv6 address 20::1/64

[PE1-GigabitEthernet1/0/3] ospfv3 1 area 0

[PE1-GigabitEthernet1/0/3] quit

# 在PE 1，PE 2和PE 3之间建立IBGP连接，并配置通过BGP EVPN发布路由信息。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 在接入站点的接口GigabitEthernet1/0/1下配置ESI值和接口的冗余备份模式。

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] esi 1.1.1.1.1

[PE1-GigabitEthernet1/0/1] evpn redundancy-mode all-active

[PE1-GigabitEthernet1/0/1] quit

# 创建交叉连接组vpna和交叉连接组EVPN实例，指定EVPN采用SRv6封装，配置交叉连接组EVPN实例的RD与RT，并配置根据路由携带的SID属性进行迭代。

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-xcg-vpna-evpn-srv6] quit

# 创建交叉连接pw1，将接口GigabitEthernet1/0/1与此交叉连接关联，并在交叉连接内创建SRv6隧道，以实现AC和SRv6隧道关联。

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] ac interface gigabitethernet 1/0/1

[PE1-xcg-vpna-pw1-GigabitEthernet1/0/1] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE1-xcg-vpna-pw1-1-2] quit

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# 配置SRv6封装的IPv6报文头的源地址。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# 配置Locator段，用于申请End.DX2 SID。

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

11.3.3  配置PE 2

# 在PE 2上运行OSPFv3。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# 配置Loopback0接口。

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# 开启L2VPN功能。

[PE2] l2vpn enable

# 配置连接PE 1的接口GigabitEthernet1/0/3。

[PE2] interface gigabitethernet 1/0/3

[PE2-GigabitEthernet1/0/3] ipv6 address 20::2 64

[PE2-GigabitEthernet1/0/3] ospfv3 1 area 0

[PE2-GigabitEthernet1/0/3] quit

# 配置连接PE 3的接口GigabitEthernet1/0/2。

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 30::2 64

[PE2-GigabitEthernet1/0/2] ospfv3 1 area 0

[PE2-GigabitEthernet1/0/2] quit

# 在PE 1，PE 2和PE 3之间建立IBGP连接，并配置通过BGP EVPN发布路由信息。

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 在接入站点的接口GigabitEthernet1/0/1下配置ESI值和接口的冗余备份模式。

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] esi 1.1.1.1.1

[PE2-GigabitEthernet1/0/1] evpn redundancy-mode all-active

[PE2-GigabitEthernet1/0/1] quit

# 创建交叉连接组vpna和交叉连接组EVPN实例，并指定EVPN采用SRV6封装，配置交叉连接组EVPN实例的RD与RT，并配置根据路由携带的SID属性进行迭代。

[PE2] xconnect-group vpna

[PE2-xcg-vpna] evpn encapsulation srv6

[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-xcg-vpna-evpn-srv6] quit

# 创建交叉连接pw1，将接口GigabitEthernet1/0/1与此交叉连接关联，并在交叉连接内创建SRv6隧道，以实现AC和SRv6隧道关联。

[PE2-xcg-vpna] connection pw1

[PE2-xcg-vpna-pw1] ac interface gigabitethernet 1/0/1

[PE2-xcg-vpna-pw1-GigabitEthernet1/0/1] quit

[PE2-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE2-xcg-vpna-pw1-1-2] quit

[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE2-xcg-vpna-pw1] quit

[PE2-xcg-vpna] quit

# 配置SRv6封装的IPv6报文头的源地址。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

# 配置Locator段，用于申请End.DX2 SID。

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

11.3.4  配置PE 3

# 在PE 3上运行OSPFv3。

<Sysname> system-view

[Sysname] sysname PE3

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.3

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# 配置LoopBack0接口。

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# 开启L2VPN功能。

[PE3] l2vpn enable

# 配置连接PE 1的接口GigabitEthernet1/0/2。

[PE3] interface gigabitethernet 1/0/2

[PE3-GigabitEthernet1/0/2] ipv6 address 10::3 64

[PE3-GigabitEthernet1/0/2] ospfv3 1 area 0

[PE3-GigabitEthernet1/0/2] quit

# 配置连接PE 2的接口GigabitEthernet1/0/3。

[PE3] interface gigabitethernet 1/0/3

[PE3-GigabitEthernet1/0/3] ipv6 address 30::3 64

[PE3-GigabitEthernet1/0/3] ospfv3 1 area 0

[PE3-GigabitEthernet1/0/3] quit

# 在PE 1，PE 2和PE 3之间建立IBGP连接，并配置通过BGP EVPN发布路由信息。

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

# 创建交叉连接组vpna和交叉连接组EVPN实例，并指定EVPN采用SRV6封装，配置交叉连接组EVPN实例的RD与RT，并配置根据路由携带的SID属性进行迭代。

[PE3] xconnect-group vpna

[PE3-xcg-vpna] evpn encapsulation srv6

[PE3-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-xcg-vpna-evpn-srv6] quit

# 创建交叉连接pw1，将接口GigabitEthernet1/0/1与此交叉连接关联，并在交叉连接内创建SRv6隧道，以实现AC和SRv6隧道关联。

[PE3-xcg-vpna] connection pw1

[PE3-xcg-vpna-pw1] ac interface gigabitethernet 1/0/1

[PE3-xcg-vpna-pw1-GigabitEthernet1/0/1] quit

[PE3-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1

[PE3-xcg-vpna-pw1-1-2] quit

[PE3-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE3-xcg-vpna-pw1] quit

[PE3-xcg-vpna] quit

# 配置SRv6封装的IPv6报文头的源地址。

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

# 配置Locator段，用于申请End.DX2 SID。

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

11.3.5  配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 100::2 64

[CE2-GigabitEthernet1/0/1] quit

11.4  验证配置

# 在PE 1上查看L2VPN的SRv6相关信息，可以看到PE 1和PE 3之间建立了SRv6隧道。

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

 

Xconnect-group Name: vpna

   Peer            : 3::3

   Flag            : Main

   State           : Up

   Remote SrvID    : 2

# 在PE 1上查看SRv6转发信息，可以看到SRv6隧道的入SID和出SID等信息。

[PE1] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name     : pw1

Link ID             : 0x1         Type: BE    State: Up

In SID              : 111::1:0:3

Out SID             : 333::1:0:3

# CE 1与CE 2之间能够ping通。当CE 1和PE 1或CE 1和PE 2之间的链路出现故障时，CE 1与CE 2之间仍然能够ping通。

11.5  配置文件

·     CE1：

#

 sysname CE1

#

interface Route-Aggregation1

 link-aggregation mode dynamic

 ipv6 address 100::1/64

#

interface GigabitEthernet1/0/1

 port link-mode route

 port link-aggregation group 1

#

interface GigabitEthernet1/0/2

 port link-mode route

 port link-aggregation group 1

·     PE1：

#

 sysname PE1

#

ospfv3 1

 segment-routing ipv6 locator aaa

 area 0.0.0.0

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 esi 0001.0001.0001.0001.0001

 evpn redundancy-mode single-active

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 10::1/64

#

interface GigabitEthernet1/0/3

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::1/64

#

bgp 100

 router-id 1.1.1.1

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack0

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 2::2 enable

  peer 2::2 advertise encap-type srv6

  peer 3::3 enable

  peer 3::3 advertise encap-type srv6

#

xconnect-group vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 best-effort

 connection pw1

  segment-routing ipv6 locator aaa

  evpn local-service-id 1 remote-service-id 2

  ac interface GigabitEthernet1/0/1

#

segment-routing ipv6

 encapsulation source-address 1::1

 locator aaa ipv6-prefix 111:: 64 static 32

·     PE2：

#

 sysname PE2

#

ospfv3 1

 segment-routing ipv6 locator aaa

 area 0.0.0.0

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 esi 0001.0001.0001.0001.0001

 evpn redundancy-mode single-active

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::2/64

#

interface GigabitEthernet1/0/3

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::2/64

#

bgp 100

 router-id 2.2.2.2

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack0

 peer 3::3 as-number 100

 peer 3::3 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

  peer 3::3 enable

  peer 3::3 advertise encap-type srv6

#

xconnect-group vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 best-effort

 connection pw1

  segment-routing ipv6 locator aaa

  evpn local-service-id 1 remote-service-id 2

  ac interface GigabitEthernet1/0/1

#

segment-routing ipv6

 encapsulation source-address 2::2

 locator aaa ipv6-prefix 222:: 64 static 32

·     PE3：

#

 sysname PE3

#

ospfv3 1

 segment-routing ipv6 locator aaa

 area 0.0.0.0

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 10::3/64

#

interface GigabitEthernet1/0/3

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::3/64

#

bgp 100

 router-id 3.3.3.3

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack0

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

  peer 2::2 enable

  peer 2::2 advertise encap-type srv6

#

xconnect-group vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 best-effort

 connection pw1

  segment-routing ipv6 locator aaa

  evpn local-service-id 2 remote-service-id 1

  ac interface GigabitEthernet1/0/1

#

segment-routing ipv6

 encapsulation source-address 3::3

 locator aaa ipv6-prefix 333:: 64 static 32

·     CE2：

#

 sysname CE2

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 100::2/64

12  EVPN VPWS over SRv6 TE Policy（静态配置）配置举例

12.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

12.2  组网需求

用户网络有两个站点，分别为CE 1和CE 2。CE 1和CE 2通过以太网接口的方式分别接入PE 1和PE 2，并希望通过IPv6骨干网建立的SRv6 PW隧道实现互通。通过在IGP网络中部署SRv6 TE Policy，SRv6 PW迭代到SRv6 TE Policy上进行流量转发。

12.3  组网图

图12 EVPN VPWS over SRv6 TE Policy配置组网图

‌

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10::1/64	P	Loop0	3::3/128
PE 1	Loop0	1::1/128		GE1/0/1	20::2/64
	GE1/0/1	-		GE1/0/2	30::1/64
	GE1/0/2	20::1/64	PE 2	Loop0	2::2/128
CE 2	GE1/0/1	10::2/64		GE1/0/1	-
				GE1/0/2	30::2/64

 

12.4  配置步骤

12.4.1  配置CE 1

<CE1> system-view

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 10::1 64

[CE1-GigabitEthernet1/0/1] quit

12.4.2  配置PE 1

# 在PE 1上运行OSPFv3，通过OSPFv3发布SID。

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0.0.0.0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# 配置Loopback0接口。

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# 开启L2VPN功能。

[PE1] l2vpn enable

# 配置连接P的接口GigabitEthernet1/0/2。

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 20::1 64

[PE1-GigabitEthernet1/0/2] ospfv3 1 area 0

[PE1-GigabitEthernet1/0/2] quit

# 在PE 1和PE 2之间建立IBGP连接，并配置在二者之间通过BGP EVPN发布路由信息。

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 创建交叉连接组vpna和交叉连接组EVPN实例，指定EVPN采用SRv6封装，配置交叉连接组EVPN实例的RD与RT，并配置采用SR-TE方式进行路由迭代。

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer

[PE1-xcg-vpna-evpn-srv6] quit

# 创建交叉连接pw1，将接口GigabitEthernet1/0/1与此交叉连接关联，并在交叉连接内创建SRv6隧道，以实现AC和SRv6隧道关联。

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] ac interface gigabitethernet 1/0/1

[PE1-xcg-vpna-pw1-GigabitEthernet1/0/1] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE1-xcg-vpna-pw1-1-2] quit

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# 配置SID列表。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 5000:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator aaa

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 10 ipv6 6000::1

[PE1-srv6-te-sl-s1] index 20 ipv6 7000::1

[PE1-srv6-te-sl-s1] quit

# 创建SRv6 TE Policy，并配置SRv6 TE Policy属性。

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 2::2

# 配置SRv6 TE Policy的候选路径，并引用SID列表

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 配置基于Color方式将报文引流到SRv6 TE Policy上。

[PE1] route-policy a permit node 10

[PE1-route-policy-a-10] apply extcommunity color 00:10

[PE1-route-policy-a-10] quit

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] import route-policy a

[PE1-xcg-vpna-evpn-srv6] quit

[PE1-xcg-vpna] quit

12.4.3  配置PE 2

# 在PE 2上运行OSPFv3，通过OSPFv3发布SID。

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# 配置Loopback0接口。

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# 开启L2VPN功能。

[PE2] l2vpn enable

# 配置连接P的接口GigabitEthernet1/0/2。

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 30::2 64

[PE2-GigabitEthernet1/0/2] ospfv3 1 area 0.0.0.0

[PE2-GigabitEthernet1/0/2] quit

# 在PE 1和PE 2之间建立IBGP连接，并配置在二者之间通过BGP EVPN发布路由信息。

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 创建交叉连接组vpna和交叉连接组EVPN实例，指定EVPN采用SRV6封装，配置交叉连接组EVPN实例的RD与RT，并配置采用SR-TE方式进行路由迭代。

[PE2] xconnect-group vpna

[PE2-xcg-vpna] evpn encapsulation srv6

[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer

[PE2-xcg-vpna-evpn-srv6] quit

# 创建交叉连接pw1，将接口GigabitEthernet1/0/1与此交叉连接关联，并在交叉连接内创建SRv6隧道，以实现AC和SRv6隧道关联。

[PE2-xcg-vpna] connection pw1

[PE2-xcg-vpna-pw1] ac interface gigabitethernet 1/0/1

[PE2-xcg-vpna-pw1-GigabitEthernet1/0/1] quit

[PE2-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1

[PE2-xcg-vpna-pw1-2-1] quit

[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE2-xcg-vpna-pw1] quit

[PE2-xcg-vpna] quit

# 配置SID列表。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 7000:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] opcode 1 end

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator aaa

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 10 ipv6 6000::1

[PE2-srv6-te-sl-s1] index 20 ipv6 5000::1

[PE2-srv6-te-sl-s1] quit

# 在PE 2上配置SRv6 TE Policy。

[PE2-srv6-te] policy p1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 配置基于Color方式将报文引流到SRv6 TE Policy上。

[PE2] route-policy a permit node 10

[PE2-route-policy-a-10] apply extcommunity color 00:10

[PE2-route-policy-a-10] quit

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] import route-policy a

[PE1-xcg-vpna-evpn-srv6] quit

[PE1-xcg-vpna] quit

12.4.4  配置P

# 配置SRv6 End.SID。

<P> system-view

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32

[P-segment-routing-ipv6-locator-b] opcode 1 end

[P-segment-routing-ipv6-locator-b] quit

[P-segment-routing-ipv6] quit

# 在P上运行OSPFv3。

[P] ospfv3

[P-ospfv3-1] router-id 3.3.3.3

[P-ospfv3-1] segment-routing ipv6 locator b

[P-ospfv3-1] area 0.0.0.0

[P-ospfv3-1-area-0.0.0.0] quit

[P-ospfv3-1] quit

# 配置接口的IPv6地址，并在接口上运行OSPFv3。

[P] interface loopback 0

[P-LoopBack0] ipv6 address 3::3 128

[P-LoopBack0] ospfv3 1 area 0

[P-LoopBack0] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 20::2 64

[P-GigabitEthernet1/0/1] ospfv3 1 area 0

[P-GigabitEthernet1/0/1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 30::1 64

[P-GigabitEthernet1/0/2] ospfv3 1 area 0

[P-GigabitEthernet1/0/2] quit

12.4.5  配置CE 2

<CE2> system-view

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 10::2 64

[CE2-GigabitEthernet1/0/1] quit

12.5  验证配置

# 在PE 1上查看L2VPN的SRv6相关信息，可以看到PE 1和PE 2之间建立了SRv6隧道。

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

 

Xconnect-group Name: vpna

   Peer            : 2::2

   Flag            : Main

   State           : Up

   Remote SrvID    : 2

# 在PE 1上查看SRv6转发信息，可以看到SRv6隧道的入SID和出SID等信息。

[PE1] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name     : pw1

Link ID             : 0x1         Type: BE    State: Up

In SID              : 100::1:0:2

Out SID             : 200::1:0:2

# CE 1与CE 2之间能够ping通。

12.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 10::1/64

#

·     PE 1：

#

 sysname PE1

#

ospfv3 1

 router-id 1.1.1.1

 segment-routing ipv6 locator aaa

 area 0.0.0.0

#

 l2vpn enable

#

xconnect-group vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 locator aaa

  segment-routing ipv6 traffic-engineer

  import route-policy a

 connection pw1

  segment-routing ipv6 locator aaa

  evpn local-service-id 1 remote-service-id 2

  ac interface GigabitEthernet1/0/1

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::1/64

#

bgp 100

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 2::2 enable

  peer 2::2 advertise encap-type srv6

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator aaa ipv6-prefix 100:: 64 static 32

  opcode 1 end #

 traffic-engineering

  srv6-policy locator aaa

  #

  segment-list s1

   index 10 ipv6 6000::1

   index 20 ipv6 7000::1

  #

  policy p1

   color 10 end-point ipv6 2::2

   #

   candidate-paths

    #

    preference 10

     explicit segment-list s1

#

·     P：

#

 sysname P

#

ospfv3 1

 router-id 3.3.3.3

 segment-routing ipv6 locator b

 area 0.0.0.0

#

interface LoopBack0

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::2/64

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::1/64

#

segment-routing ipv6

 #

 locator b ipv6-prefix 6000:: 64 static 32

  opcode 1 end

#

·     PE 2：

#

 sysname PE2

#

ospfv3 1

 router-id 2.2.2.2

 segment-routing ipv6 locator aaa

 segment-routing ipv6 locator d

 area 0.0.0.0

#

 l2vpn enable

#

xconnect-group vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 locator aaa

  segment-routing ipv6 traffic-engineer

  import route-policy a

 connection pw1

  segment-routing ipv6 locator aaa

  evpn local-service-id 2 remote-service-id 1

  ac interface GigabitEthernet1/0/1

 

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::2/64

#

bgp 100

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 2::2

 #

 locator aaa ipv6-prefix 200:: 64 static 32

 #

 locator d ipv6-prefix 7000:: 64 static 32

  opcode 1 end

 #

 traffic-engineering

  srv6-policy locator aaa

  #

  segment-list s1

   index 10 ipv6 6000::1

   index 20 ipv6 5000::1

  #

  policy p1

   color 10 end-point ipv6 1::1

   #

   candidate-paths

    #

    preference 10

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 10::2/64

#

 

13  EVPN VPLS over SRv6 TE Policy（静态配置）配置举例

13.1  适用产品和版本

适用于8048、8062产品系列R6728版本。

13.2  组网需求

用户网络有两个站点，分别为CE 1和CE 2。CE 1和CE 2通过以太网接口分别接入PE 1和PE 2。通过在IGP网络中部署SRv6 TE Policy，SRv6 PW迭代到SRv6 TE Policy上进行流量转发，实现二层互通。

13.3  组网图

图13 EVPN VPLS over SRv6 TE Policy配置组网图

‌

设备	接口	IP地址	设备	接口	IP地址
CE 1	GE1/0/1	10::1/64	P	Loop0	3::3/128
PE 1	Loop0	1::1/128		GE1/0/1	20::2/64
	GE1/0/1	-		GE1/0/2	30::1/64
	GE1/0/2	20::1/64	PE 2	Loop0	2::2/128
CE 2	GE1/0/1	10::2/64		GE1/0/1	-
				GE1/0/2	30::2/64

 

13.4  配置步骤

13.4.1  配置CE 1

<CE1> system-view

[CE1] interface gigabitethernet 1/0/1

[CE1-GigabitEthernet1/0/1] ipv6 address 10::1 64

[CE1-GigabitEthernet1/0/1] quit

13.4.2  配置PE 1

# 在PE 1上运行OSPFv3，通过OSPFv3发布SID。

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0.0.0.0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# 配置Loopback0接口。

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# 开启L2VPN功能。

[PE1] l2vpn enable

# 配置连接P的接口GigabitEthernet1/0/2。

[PE1] interface gigabitethernet 1/0/2

[PE1-GigabitEthernet1/0/2] ipv6 address 20::1 64

[PE1-GigabitEthernet1/0/2] ospfv3 1 area 0

[PE1-GigabitEthernet1/0/2] quit

# 在PE 1和PE 2之间建立IBGP连接，并配置在二者之间通过BGP EVPN发布路由信息。

[PE1] bgp 100

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# 创建VSI和EVPN实例，并指定EVPN采用SRv6封装，配置EVPN实例的RD与RT，配置采用SR-TE方式进行路由迭代，并指定EVPN实例引用的Locator段。

[PE1] vsi vpna

[PE1-vsi-vpna] evpn encapsulation srv6

[PE1-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE1-vsi-vpna-evpn-srv6] quit

# 将接口GigabitEthernet1/0/1与VSI关联。

[PE1] interface gigabitethernet 1/0/1

[PE1-GigabitEthernet1/0/1] xconnect vsi vpna

[PE1-GigabitEthernet1/0/1] quit

# 配置SID列表。

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 5000:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator aaa

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-sl-s1] index 10 ipv6 6000::1

[PE1-srv6-te-sl-s1] index 20 ipv6 7000::1

[PE1-srv6-te-sl-s1] quit

# 创建SRv6 TE Policy，并配置SRv6 TE Policy属性。

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 2::2

# 配置SRv6 TE Policy的候选路径，并引用SID列表。

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

# 配置基于Color方式将报文引流到SRv6 TE Policy上。

[PE1] route-policy a permit node 10

[PE1-route-policy-a-10] apply extcommunity color 00:10

[PE1-route-policy-a-10] quit

[PE1] vsi vpna

[PE1-vsi-vpna] evpn encapsulation srv6

[PE1-vsi-vpna-evpn-srv6] import route-policy a

[PE1-vsi-vpna-evpn-srv6] quit

[PE1-vsi-vpna] quit

13.4.3  配置PE 2

# 在PE 2上运行OSPFv3，通过OSPFv3发布SID。

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# 配置Loopback0接口。

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# 开启L2VPN功能。

[PE2] l2vpn enable

# 配置连接P的接口GigabitEthernet1/0/2。

[PE2] interface gigabitethernet 1/0/2

[PE2-GigabitEthernet1/0/2] ipv6 address 30::2 64

[PE2-GigabitEthernet1/0/2] ospfv3 1 area 0.0.0.0

[PE2-GigabitEthernet1/0/2] quit

# 在PE 1和PE 2之间建立IBGP连接，并配置在二者之间通过BGP EVPN发布路由信息。

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# 创建VSI和EVPN实例，并指定EVPN采用SRV6封装，配置EVPN实例的RD与RT，配置采用SR-TE方式进行路由迭代，并指定EVPN实例引用的Locator段。

[PE2] vsi vpna

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 traffic-engineer

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE2-vsi-vpna-evpn-srv6] quit

# 将接口GigabitEthernet1/0/1与VSI关联。

[PE2] interface gigabitethernet 1/0/1

[PE2-GigabitEthernet1/0/1] xconnect vsi vpna

[PE2-GigabitEthernet1/0/1] quit

# 配置SID列表。

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 7000:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] opcode 1 end

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] traffic-engineering

[PE2-srv6-te] srv6-policy locator aaa

[PE2-srv6-te] segment-list s1

[PE2-srv6-te-sl-s1] index 10 ipv6 6000::1

[PE2-srv6-te-sl-s1] index 20 ipv6 5000::1

[PE2-srv6-te-sl-s1] quit

# 在PE 2上配置SRv6 TE Policy。

[PE2-srv6-te] policy p1

[PE2-srv6-te-policy-p1] color 10 end-point ipv6 1::1

# 配置SRv6 TE Policy的候选路径，并引用SID列表。

[PE2-srv6-te-policy-p1] candidate-paths

[PE2-srv6-te-policy-p1-path] preference 10

[PE2-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE2-srv6-te-policy-p1-path-pref-10] quit

[PE2-srv6-te-policy-p1-path] quit

[PE2-srv6-te-policy-p1] quit

[PE2-srv6-te] quit

[PE2-segment-routing-ipv6] quit

# 配置基于Color方式将报文引流到SRv6 TE Policy上。

[PE2] route-policy a permit node 10

[PE2-route-policy-a-10] apply extcommunity color 00:10

[PE2-route-policy-a-10] quit

[PE2] vsi vpna

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] import route-policy a

[PE2-vsi-vpna-evpn-srv6] quit

[PE2-vsi-vpna] quit

13.4.4  配置P

# 配置SRv6 End.SID。

<P> system-view

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32

[P-segment-routing-ipv6-locator-b] opcode 1 end

[P-segment-routing-ipv6-locator-b] quit

[P-segment-routing-ipv6] quit

# 在P上运行OSPFv3。

[P] ospfv3

[P-ospfv3-1] router-id 3.3.3.3

[P-ospfv3-1] segment-routing ipv6 locator b

[P-ospfv3-1] area 0.0.0.0

[P-ospfv3-1-area-0.0.0.0] quit

[P-ospfv3-1] quit

# 配置接口的IPv6地址，并在接口上运行OSPFv3。

[P] interface loopback 0

[P-LoopBack0] ipv6 address 3::3 128

[P-LoopBack0] ospfv3 1 area 0

[P-LoopBack0] quit

[P] interface gigabitethernet 1/0/1

[P-GigabitEthernet1/0/1] ipv6 address 20::2 64

[P-GigabitEthernet1/0/1] ospfv3 1 area 0

[P-GigabitEthernet1/0/1] quit

[P] interface gigabitethernet 1/0/2

[P-GigabitEthernet1/0/2] ipv6 address 30::1 64

[P-GigabitEthernet1/0/2] ospfv3 1 area 0

[P-GigabitEthernet1/0/2] quit

13.4.5  配置CE 2

<CE2> system-view

[CE2] interface gigabitethernet 1/0/1

[CE2-GigabitEthernet1/0/1] ipv6 address 10::2 64

[CE2-GigabitEthernet1/0/1] quit

13.5  验证配置

# 在PE 1上查看L2VPN的SRv6相关信息，可以看到PE 1和PE 2之间建立了SRv6隧道。

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

 

VSI Name: vpna

   Peer            : 2::2

   Flag            : Main

   State           : Up

# 在PE 1上查看SRv6转发信息。

[PE1] display l2vpn forwarding srv6

Total number of VSIs: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

 

VSI Name : vpna

Link ID             : 0x9000000   Type: BE    State: Up

In SID   : 100::1:0:1

Out SID  : 200::1:0:0

# CE 1与CE 2之间能够ping通。

13.6  配置文件

·     CE 1：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 10::1/64

#

·     PE 1：

#

 sysname PE1

#

ospfv3 1

 router-id 1.1.1.1

 segment-routing ipv6 locator aaa

 area 0.0.0.0

#

 l2vpn enable

#

vsi vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 locator aaa

  segment-routing ipv6 traffic-engineer

  import route-policy a

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 1::1/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 xconnect vsi vpna

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::1/64

#

bgp 100

 peer 2::2 as-number 100

 peer 2::2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 2::2 enable

  peer 2::2 advertise encap-type srv6

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 1::1

 #

 locator aaa ipv6-prefix 100:: 64 static 32

  opcode 1 end

 #

 traffic-engineering

  srv6-policy locator aaa

  #

  segment-list s1

   index 10 ipv6 6000::1

   index 20 ipv6 7000::1

  #

  policy p1

   color 10 end-point ipv6 2::2

   #

   candidate-paths

    #

    preference 10

     explicit segment-list s1

#

·     P：

#

 sysname P

#

ospfv3 1

 router-id 3.3.3.3

 segment-routing ipv6 locator b

 area 0.0.0.0

#

interface LoopBack0

 ipv6 address 3::3/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 20::2/64

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::1/64

#

segment-routing ipv6

 #

 locator b ipv6-prefix 6000:: 64 static 32

  opcode 1 end

#

·     PE 2：

#

 sysname PE2

#

ospfv3 1

 router-id 2.2.2.2

 segment-routing ipv6 locator aaa

 segment-routing ipv6 locator d

 area 0.0.0.0

#

 l2vpn enable

#

vsi vpna

 evpn encapsulation srv6

  route-distinguisher 1:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

  segment-routing ipv6 locator aaa

  segment-routing ipv6 traffic-engineer

  import route-policy a

#

interface LoopBack0

 ospfv3 1 area 0.0.0.0

 ipv6 address 2::2/128

#

interface GigabitEthernet1/0/1

 port link-mode route

 xconnect vsi vpna

#

interface GigabitEthernet1/0/2

 port link-mode route

 ospfv3 1 area 0.0.0.0

 ipv6 address 30::2/64

#

bgp 100

 peer 1::1 as-number 100

 peer 1::1 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1::1 enable

  peer 1::1 advertise encap-type srv6

#

route-policy a permit node 10

 apply extcommunity color 00:10

#

segment-routing ipv6

 encapsulation source-address 2::2

 #

 locator aaa ipv6-prefix 200:: 64 static 32

 #

 locator d ipv6-prefix 7000:: 64 static 32

  opcode 1 end

 #

 traffic-engineering

  srv6-policy locator aaa

  #

  segment-list s1

   index 10 ipv6 6000::1

   index 20 ipv6 5000::1

  #

  policy p1

   color 10 end-point ipv6 1::1

   #

   candidate-paths

    #

    preference 10

     explicit segment-list s1

#

·     CE 2：

#

 sysname CE1

#

interface GigabitEthernet1/0/1

 port link-mode route

 ipv6 address 10::2/64

#