- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-EVPN L3VPN与EVPN L3VPN over SRv6互通典型配置举例
本章节下载: 01-EVPN L3VPN与EVPN L3VPN over SRv6互通典型配置举例 (359.83 KB)
本文档介绍EVPN L3VPN over SRv6特性的配置举例。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EVPN L3VPN over SRv6特性。
缺省情况下,本设备的接口处于ADM(Administratively Down)状态,请根据实际需要在对应接口视图下使用undo shutdown命令开启接口。
如图4-1所示,PE 1和PE 2属于EVPN L3VPN网络;PE 2和PE 3属于EVPN L3VPN over SRv6网络;PE 2为EVPN L3VPN和EVPN L3VPN over SRv6网络的边界设备。不同VPN的CE设备跨越EVPN L3VPN和EVPN L3VPN over SRv6网络互通。
具体需求为:
· PE 1和PE 2之间采用SR-MPLS BE隧道作为公网隧道。
· PE 2和PE 3之间采用SRv6 BE隧道作为公网隧道。
· PE 1、PE 2和PE 3位于同一个AS。
· EVPN L3VPN与EVPN L3VPN over SRv6网络采用Option B方式进行域内互通。
· CE 1和CE 4属于VPN 1;CE 2、CE 3、CE 5属于VPN 2。
图4-1 EVPN L3VPN与EVPN L3VPN over SRv6互通配置组网图
为了实现EVPN L3VPN与EVPN L3VPN over SRv6网络采用Option B方式进行域内互通,需要执行以下配置:
· 在PE 1和PE 2上配置EVPN L3VPN,并通过隧道策略指定公网隧道为SR-MPLS BE隧道。
· 在PE 2和PE 3上配置EVPN L3VPN over SRv6,并指定封装End.DT4 SID的报文迭代到SRv6 BE隧道。
· 边界节点PE 2上开启SRv6网络与MPLS网络互通功能,指定BGP引用的Locator段,以便为SRv6网络转发到MPLS网络的报文分配End.T SID,并建立End.T SID与MPLS标签的关联。
表4-1 适用产品及版本
|
产品 |
软件版本 |
|
S12500R |
Release 5210及以上版本 |
开启SRv6网络与MPLS网络互通功能后,路由从SRv6网络发布到MPLS网络时,会按照每下一跳方式分配标签,不受label-allocation-mode命令和apply-label命令的影响。
在EVPN L3VPN over SRv6组网中,需要注意的是:
· 两台PE之间不能同时建立IPv4和IPv6对等体,否则影响路由优选,无法通过SRv6隧道转发流量。
· IS-IS和BGP只能引用已经创建的Locator。
· 配置的SRv6封装的源地址时,不能为环回地址、链路本地地址、组播地址和未指定地址。指定的源地址必须为本机地址,且已经由路由协议发布。建议将源地址指定为本设备上的Loopback接口地址。
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 00.0000.0000.0001.00
[PE1-isis-1] cost-style wide
[PE1-isis-1] quit
# 配置接口Loopback0和HundredGigE1/0/1的IP地址,并在接口上开启IS-IS协议。
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255
[PE1-LoopBack0] ipv6 address 11::11 128
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
[PE1] interface hundredgige 1/0/1
[PE1-HundredGigE1/0/1] port link-mode route
[PE1-HundredGigE1/0/1] ip address 11.0.1.1 24
[PE1-HundredGigE1/0/1] isis enable 1
[PE1-HundredGigE1/0/1] quit
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls te
[PE1-te] quit
[PE1] interface hundredgige 1/0/1
[PE1-HundredGigE1/0/1] mpls enable
[PE1-HundredGigE1/0/1] mpls te enable
[PE1-HundredGigE1/0/1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 1111:1
[PE1-vpn-instance-vpn1] vpn-target 1111:1000 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 1111:1000 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# 创建VPN实例vpn2,并配置VPN实例的RD和RT。
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 2222:1
[PE1-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE1-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE1-vpn-instance-vpn2] quit
# 配置接口HundredGigE1/0/2绑定VPN实例vpn1。
[PE1] interface hundredgige 1/0/2
[PE1-HundredGigE1/0/2] ip binding vpn-instance vpn1
[PE1-HundredGigE1/0/2] ip address 10.1.1.1 24
[PE1-HundredGigE1/0/2] quit
# 配置接口HundredGigE1/0/3绑定VPN实例vpn2。
[PE1] interface hundredgige 1/0/3
[PE1-HundredGigE1/0/3] ip binding vpn-instance vpn2
[PE1-HundredGigE1/0/3] ip address 20.1.1.1 24
[PE1-HundredGigE1/0/3] quit
# 配置IS-IS SR的SRGB,并使能MPLS TE能力,同时在IS-IS IPv4单播地址族视图下开启SR-MPLS功能。
[PE1] isis 1
[PE1-isis-1] mpls te enable
[PE1-isis-1] segment-routing global-block 16000 16999
[PE1-isis-1] address-family ipv4
[PE1-isis-1-ipv4] segment-routing mpls
[PE1-isis-1-ipv4] segment-routing adjacency enable
[PE1-isis-1-ipv4] quit
[PE1-isis-1] quit
# 配置接口Loopback0的前缀SID索引。
[PE1] interface loopback 0
[PE1-LoopBack0] isis prefix-sid index 10
[PE1-LoopBack0] quit
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family l2vpn evpn
[PE1-bgp-default-evpn] peer 2.2.2.2 enable
[PE1-bgp-default-evpn] peer 2.2.2.2 advertise encap-type mpls
[PE1-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[PE1-bgp-default-evpn] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] peer 20.1.1.2 as-number 65420
[PE1-bgp-default-vpn2] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn2] peer 20.1.1.2 enable
[PE1-bgp-default-ipv4-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit
[PE1] tunnel-policy srbe
[PE1-tunnel-policy-srbe] select-seq sr-lsp load-balance-number 1
[PE1-tunnel-policy-srbe] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy srbe
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] tnl-policy srbe
[PE1-vpn-instance-vpn2] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] address-family ipv4
[PE1-vpn-ipv4-vpn1] evpn mpls routing-enable
[PE1-vpn-ipv4-vpn1] quit
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] address-family ipv4
[PE1-vpn-ipv4-vpn2] evpn mpls routing-enable
[PE1-vpn-ipv4-vpn2] quit
[PE1-vpn-instance-vpn2] quit
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 00.0000.0000.0002.00
[PE2-isis-1] cost-style wide
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
# 配置接口Loopback0、HundredGigE1/0/1和HundredGigE1/0/2的IP地址,并在接口上开启IS-IS协议。
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE2-LoopBack0] ipv6 address 22::22 128
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] isis ipv6 enable 1
[PE2-LoopBack0] quit
[PE2] interface hundredgige 1/0/1
[PE2-HundredGigE1/0/1] port link-mode route
[PE2-HundredGigE1/0/1] ip address 11.0.1.2 24
[PE2-HundredGigE1/0/1] isis enable 1
[PE2-HundredGigE1/0/1] quit
[PE2] interface hundredgige 1/0/2
[PE2-HundredGigE1/0/2] port link-mode route
[PE2-HundredGigE1/0/2] ipv6 address 61::1 64
[PE2-HundredGigE1/0/2] isis ipv6 enable 1
[PE2-HundredGigE1/0/2] quit
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls te
[PE2-te] quit
[PE2] interface hundredgige 1/0/1
[PE2-HundredGigE1/0/1] mpls enable
[PE2-HundredGigE1/0/1] mpls te enable
[PE2-HundredGigE1/0/1] quit
[PE2] interface hundredgige 1/0/2
[PE2-HundredGigE1/0/2] mpls enable
[PE2-HundredGigE1/0/2] mpls te enable
[PE2-HundredGigE1/0/2] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 2222:2
[PE2-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE2-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE2-vpn-instance-vpn2] quit
# 配置接口HundredGigE1/0/3绑定VPN实例vpn2。
[PE2] interface hundredgige 1/0/3
[PE2-HundredGigE1/0/3] ip binding vpn-instance vpn2
[PE2-HundredGigE1/0/3] ip address 30.1.1.1 24
[PE2-HundredGigE1/0/3] quit
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] peer 30.1.1.2 as-number 65430
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] peer 30.1.1.2 enable
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
[PE2-bgp-default] quit
(1) 配置IS-IS SR
# 配置IS-IS SR的SRGB,并使能MPLS TE能力,同时在IS-IS IPv4单播地址族视图下开启SR-MPLS功能。
[PE2] isis 1
[PE2-isis-1] mpls te enable
[PE2-isis-1] segment-routing global-block 17000 17999
[PE2-isis-1] address-family ipv4
[PE2-isis-1-ipv4] segment-routing mpls
[PE2-isis-1-ipv4] segment-routing adjacency enable
[PE2-isis-1-ipv4] quit
[PE2-isis-1] quit
(2) 配置前缀SID索引
# 配置接口Loopback0的前缀SID索引。
[PE2] interface loopback 0
[PE2-LoopBack0] isis prefix-sid index 20
[PE2-LoopBack0] quit
(3) 配置PE 1与PE 2建立MP-IBGP对等体,交互BGP EVPN路由
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.1 as-number 100
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] undo policy vpn-target
[PE2-bgp-default-evpn] peer 1.1.1.1 enable
[PE2-bgp-default-evpn] peer 1.1.1.1 advertise encap-type mpls
[PE2-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[PE2-bgp-default-evpn] peer 1.1.1.1 reflect-client
[PE2-bgp-default-evpn] quit
[PE2-bgp-default] quit
(4) 开启EVPN通告VPN路由功能
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] address-family ipv4
[PE2-vpn-ipv4-vpn2] evpn mpls routing-enable
[PE2-vpn-ipv4-vpn2] quit
[PE2-vpn-instance-vpn2] quit
(5) 配置隧道策略,使得EVPN L3VPN优选SR-MPLS BE隧道作为公网隧道
[PE2] tunnel-policy srbe
[PE2-tunnel-policy-srbe] select-seq sr-lsp load-balance-number 1
[PE2-tunnel-policy-srbe] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] tnl-policy srbe
[PE2-vpn-instance-vpn2] quit
(1) 配置EVPN L3VPN over SRv6封装的IPv6报文头的源地址
[PE2] segment-routing ipv6
[PE2-segment-routing-ipv6] encapsulation source-address 2::2
(2) 配置EVPN L3VPN over SRv6封装的IPv6报文头的目的地址,即End.DT4 SID
[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 200:: 64 static 32
[PE2-segment-routing-ipv6-locator-bbb] quit
[PE2-segment-routing-ipv6] quit
[PE2] isis 1
[PE2-isis-1] address-family ipv6 unicast
[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb
[PE2-isis-1-ipv6] quit
[PE2-isis-1] quit
(3) 配置为私网路由添加End.DT4 SID
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] segment-routing ipv6 locator bbb evpn
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
(4) 在PE 2和PE 3之间建立MP-IBGP对等体
[PE2-bgp-default] peer 3::3 as-number 100
[PE2-bgp-default] peer 3::3 connect-interface loopback 0
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] peer 3::3 enable
[PE2-bgp-default-evpn] peer 3::3 nexthop-local
[PE2-bgp-default-evpn] peer 3::3 reflect-client
[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6
[PE2-bgp-default-evpn] quit
(5) 配置允许将私网路由迭代到End.DT4 SID的路由条目上
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
(1) 开启SRv6网络与MPLS网络互通功能
[PE2-bgp-default] address-family l2vpn evpn
[PE2-bgp-default-evpn] srv6-mpls-interworking enable
(2) 配置BGP引用Locator段
[PE2-bgp-default-evpn] segment-routing ipv6 locator bbb evpn
(3) 配置路由迭代方式
[PE2-bgp-default-evpn] segment-routing ipv6 best-effort evpn
[PE2-bgp-default-evpn] quit
# 配置IS-IS协议实现网络层互通,开销值类型为wide。
<Sysname> system-view
[Sysname] sysname PE3
[PE3] isis 1
[PE3-isis-1] network-entity 00.0000.0000.0003.00
[PE3-isis-1] cost-style wide
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
# 配置接口Loopback0和HundredGigE1/0/1的IP地址,并在接口上开启IS-IS协议。
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE3-LoopBack0] ipv6 address 33::33 128
[PE3-LoopBack0] isis ipv6 enable 1
[PE3-LoopBack0] quit
[PE3] interface hundredgige 1/0/1
[PE3-HundredGigE1/0/1] port link-mode route
[PE3-HundredGigE1/0/1] ipv6 address 61::2 64
[PE3-HundredGigE1/0/1] isis ipv6 enable 1
[PE3-HundredGigE1/0/1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 1111:3
[PE3-vpn-instance-vpn1] vpn-target 1111:1000 import-extcommunity
[PE3-vpn-instance-vpn1] vpn-target 1111:1000 export-extcommunity
[PE3-vpn-instance-vpn1] quit
# 创建VPN实例vpn2,并配置VPN实例的RD和RT。
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 2222:3
[PE3-vpn-instance-vpn2] vpn-target 2222:2000 import-extcommunity
[PE3-vpn-instance-vpn2] vpn-target 2222:2000 export-extcommunity
[PE3-vpn-instance-vpn2] quit
# 配置接口HundredGigE1/0/2绑定VPN实例vpn1。
[PE3] interface hundredgige 1/0/2
[PE3-HundredGigE1/0/2] ip binding vpn-instance vpn1
[PE3-HundredGigE1/0/2] ip address 40.1.1.1 24
[PE3-HundredGigE1/0/2] quit
# 配置接口HundredGigE1/0/3绑定VPN实例vpn2。
[PE3] interface hundredgige 1/0/3
[PE3-HundredGigE1/0/3] ip binding vpn-instance vpn2
[PE3-HundredGigE1/0/3] ip address 50.1.1.1 24
[PE3-HundredGigE1/0/3] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 40.1.1.2 as-number 65440
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 40.1.1.2 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] peer 50.1.1.2 as-number 65450
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] peer 50.1.1.2 enable
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
[PE3-bgp-default] quit
[PE3] segment-routing ipv6
[PE3-segment-routing-ipv6] encapsulation source-address 3::3
[PE3-segment-routing-ipv6] locator ccc ipv6-prefix 401:: 64 static 32
[PE3-segment-routing-ipv6-locator-ccc] quit
[PE3-segment-routing-ipv6] quit
[PE3] isis 1
[PE3-isis-1] address-family ipv6 unicast
[PE3-isis-1-ipv6] segment-routing ipv6 locator ccc
[PE3-isis-1-ipv6] quit
[PE3-isis-1] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator ccc evpn
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] segment-routing ipv6 locator ccc evpn
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
[PE3-bgp-default] peer 2::2 as-number 100
[PE3-bgp-default] peer 2::2 connect-interface loopback 0
[PE3-bgp-default] address-family l2vpn evpn
[PE3-bgp-default-evpn] peer 2::2 enable
[PE3-bgp-default-evpn] peer 2::2 nexthop-local
[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6
[PE3-bgp-default-evpn] quit
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] ip vpn-instance vpn2
[PE3-bgp-default-vpn2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn2] segment-routing ipv6 best-effort evpn
[PE3-bgp-default-ipv4-vpn2] quit
[PE3-bgp-default-vpn2] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface hundredgige 1/0/1
[CE1-HundredGigE1/0/1] port link-mode route
[CE1-HundredGigE1/0/1] ip address 10.1.1.2 24
[CE1-HundredGigE1/0/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface hundredgige 1/0/1
[CE2-HundredGigE1/0/1] port link-mode route
[CE2-HundredGigE1/0/1] ip address 20.1.1.2 24
[CE2-HundredGigE1/0/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE2] bgp 65420
[CE2-bgp-default] peer 20.1.1.1 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface hundredgige 1/0/1
[CE3-HundredGigE1/0/1] port link-mode route
[CE3-HundredGigE1/0/1] ip address 30.1.1.2 24
[CE3-HundredGigE1/0/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE3] bgp 65430
[CE3-bgp-default] peer 30.1.1.1 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 30.1.1.1 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface hundredgige 1/0/1
[CE4-HundredGigE1/0/1] port link-mode route
[CE4-HundredGigE1/0/1] ip address 40.1.1.2 24
[CE4-HundredGigE1/0/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE4] bgp 65440
[CE4-bgp-default] peer 40.1.1.1 as-number 100
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 40.1.1.1 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# 配置接口的IP地址。
<Sysname> system-view
[Sysname] sysname CE5
[CE5] interface hundredgige 1/0/1
[CE5-HundredGigE1/0/1] port link-mode route
[CE5-HundredGigE1/0/1] ip address 50.1.1.2 24
[CE5-HundredGigE1/0/1] quit
# 在PE与CE之间建立EBGP对等体,引入直连路由。
[CE5] bgp 65450
[CE5-bgp-default] peer 50.1.1.1 as-number 100
[CE5-bgp-default] address-family ipv4 unicast
[CE5-bgp-default-ipv4] peer 50.1.1.1 enable
[CE5-bgp-default-ipv4] import-route direct
[CE5-bgp-default-ipv4] quit
[CE5-bgp-default] quit
# 在PE设备上查看IS-IS邻居信息,可以看到PE 1与PE 2、PE 2与PE 3之间建立了IS-IS邻居关系。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: HGE1/0/1 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0001
Interface: HGE1/0/1 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64
System ID: 0000.0000.0003
Interface: HGE1/0/2 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 7s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0003
Interface: HGE1/0/2 Circuit Id: 0000.0000.0003.01
State: Up HoldTime: 7s Type: L2(L1L2) PRI: 64
# 在PE设备上查看BGP L2VPN对等体信息,可以看到PE 1与PE 2、PE 2与PE 3之间BGP L2VPN对等体为Established状态。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 23 21 0 2 00:13:02 Established
33::33 100 20 20 0 2 00:13:09 Established
# 在PE设备上查看VPN实例内的BGP IPv4单播对等体信息,可以看到PE与各自的CE之间BGP对等体为Established状态。以PE 2为例,其他PE上的显示信息与此类似。
[PE2] display bgp peer ipv4 vpn-instance vpn2
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
30.1.1.2 65430 22 24 0 1 00:16:48 Established
# 在PE 3上查看SRv6的Local SID转发表信息,可以看到PE 3为VPN实例vpn2(路由50.1.1.0/24属于vpn2)分配的End.DT4 SID为401::1:0:3。
[PE3] display segment-routing ipv6 local-sid end-dt4
Local SID forwarding table (End.DT4)
Total SIDs: 2
SID : 401::1:0:1/64
Function type : End.DT4 Flavor : PSP
VPN instance : vpn1 Allocation type: Dynamic
Network type : EVPN L3VPN
Locator name : ccc
Owner : BGP State : Active
Create Time : Apr 08 17:53:27.808 2022
SID : 401::1:0:3/64
Function type : End.DT4 Flavor : PSP
VPN instance : vpn2 Allocation type: Dynamic
Network type : EVPN L3VPN
Locator name : ccc
Owner : BGP State : Active
Create Time : Apr 08 17:53:27.811 2022
# 在PE 2上查看VPN实例vpn2的FIB表项和路由表,可以看到:
· PE 1发布的路由20.1.1.0/24迭代到MPLS隧道,内层私网标签为1151,外层公网隧道对应的NHLFE ID为1。
· PE 2发布的路由50.1.1.0/24下一跳为End.DT4 SID(401::1:0:3),该路由迭代到SRv6 BE隧道,迭代下一跳地址为FE80::3261:2FF:FE0A:306。
[PE2] display fib vpn-instance vpn2
Route destination count: 9
Directly-connected host count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
127.0.0.0/8 127.0.0.1 U InLoop0 Null
30.1.1.0/32 30.1.1.1 UBH HGE1/0/3 Null
30.1.1.0/24 30.1.1.1 U HGE1/0/3 Null
30.1.1.255/32 30.1.1.1 UBH HGE1/0/3 Null
50.1.1.0/24 FE80::3261:2FF: UGR HGE1/0/2 Null
FE0A:306
30.1.1.1/32 127.0.0.1 UH InLoop0 Null
255.255.255.255/32 127.0.0.1 UH InLoop0 Null
20.1.1.0/24 1.1.1.1 UGR 1 1151
0.0.0.0/32 127.0.0.1 UH InLoop0 Null
30.1.1.2/32 30.1.1.2 UH HGE1/0/3 Null
[PE2] display ip routing-table vpn-instance vpn2 50.1.1.0 verbose
Summary count : 1
Destination: 50.1.1.0/24
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x8 Age: 00h10m19s
FlushedAge: 00h10m19s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 65450
NibID: 0x16000000 LastAs: 100
AttrID: 0x5
BkAttrID: 0xffffffff Neighbor: 33::33
Flags: 0x80010060 OrigNextHop: 401::
Label: NULL RealNextHop: FE80::3261:2FF:FE0A:306
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: HundredGigE1/0/2
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: HundredGigE1/0/2
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: 0 ColorInterface: N/A
SIDIndex: 0 BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid StatFlags: 0x0
SID: 401::1:0:3
BkSID: N/A
CommBlockLen: 0 Priority: Low
# 在PE 2上查看NHLFE表项信息,可以看到ID为1的NHLFE表项为SRLSP,说明路由20.1.1.0/24迭代到SR-MPLS BE隧道。
[PE2] display mpls forwarding nhlfe 1
Flags: T - Forwarded through a tunnel
N - Forwarded through the outgoing interface to the nexthop IP address
B - Backup forwarding information
A - Active forwarding information
M - P2MP forwarding information
NID Tnl-Type Flag OutLabel Forwarding Info
--------------------------------------------------------------------------------
1 SRLSP NA 3 HGE1/0/1 11.0.1.1
# CE 1和CE 4之间可以互相ping通;CE 2、CE 3和CE 5之间可以互相ping通。VPN 1内的CE和VPN 2内的CE无法互相ping通。
· PE 1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 1111:1
tnl-policy srbe
vpn-target 1111:1000 import-extcommunity
vpn-target 1111:1000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
ip vpn-instance vpn2
route-distinguisher 2222:1
tnl-policy srbe
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
isis 1
cost-style wide
mpls te enable
segment-routing global-block 16000 16999
network-entity 00.0000.0000.0001.00
#
address-family ipv4 unicast
segment-routing mpls
segment-routing adjacency enable
#
mpls lsr-id 1.1.1.1
#
mpls te
#
tunnel-policy srbe
select-seq sr-lsp load-balance-number 1
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
isis prefix-sid index 10
ipv6 address 11::11/128
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 11.0.1.1 255.255.255.0
isis enable 1
mpls enable
mpls te enable
#
interface HundredGigE1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
#
interface HundredGigE1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 20.1.1.1 255.255.255.0
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2.2.2.2 enable
peer 2.2.2.2 next-hop-local
peer 2.2.2.2 advertise encap-type mpls
#
ip vpn-instance vpn1
peer 10.1.1.2 as-number 65410
#
address-family ipv4 unicast
peer 10.1.1.2 enable
#
ip vpn-instance vpn2
peer 20.1.1.2 as-number 65420
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
return
· PE 2
#
sysname PE2
#
ip vpn-instance vpn2
route-distinguisher 2222:2
tnl-policy srbe
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
address-family ipv4
evpn mpls routing-enable
#
isis 1
cost-style wide
mpls te enable
segment-routing global-block 17000 17999
network-entity 00.0000.0000.0002.00
#
address-family ipv4 unicast
segment-routing mpls
segment-routing adjacency enable
#
address-family ipv6 unicast
segment-routing ipv6 locator bbb
#
mpls lsr-id 2.2.2.2
#
mpls te
#
tunnel-policy srbe
select-seq sr-lsp load-balance-number 1
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
isis ipv6 enable 1
isis prefix-sid index 20
ipv6 address 22::22/128
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 11.0.1.2 255.255.255.0
isis enable 1
mpls enable
mpls te enable
#
interface HundredGigE1/0/2
port link-mode route
combo enable copper
isis ipv6 enable 1
mpls enable
mpls te enable
ipv6 address 61::1/64
#
interface HundredGigE1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 30.1.1.1 255.255.255.0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 33::33 as-number 100
peer 33::33 connect-interface LoopBack0
#
address-family l2vpn evpn
undo policy vpn-target
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator bbb evpn
srv6-mpls-interworking enable
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-local
peer 1.1.1.1 reflect-client
peer 1.1.1.1 advertise encap-type mpls
peer 33::33 enable
peer 33::33 next-hop-local
peer 33::33 reflect-client
peer 33::33 advertise encap-type srv6
#
ip vpn-instance vpn2
peer 30.1.1.2 as-number 65430
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator bbb evpn
peer 30.1.1.2 enable
#
segment-routing ipv6
encapsulation source-address 2::2
#
locator bbb ipv6-prefix 200:: 64 static 32
#
return
· PE 3
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 1111:3
vpn-target 1111:1000 import-extcommunity
vpn-target 1111:1000 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 2222:3
vpn-target 2222:2000 import-extcommunity
vpn-target 2222:2000 export-extcommunity
#
isis 1
cost-style wide
network-entity 00.0000.0000.0003.00
#
address-family ipv6 unicast
segment-routing ipv6 locator ccc
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis ipv6 enable 1
ipv6 address 33::33/128
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
isis ipv6 enable 1
ipv6 address 61::2/64
#
interface HundredGigE1/0/2
port link-mode route
combo enable copper
ip binding vpn-instance vpn1
ip address 40.1.1.1 255.255.255.0
#
interface HundredGigE1/0/3
port link-mode route
combo enable copper
ip binding vpn-instance vpn2
ip address 50.1.1.1 255.255.255.0
#
bgp 100
peer 22::22 as-number 100
peer 22::22 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 22::22 enable
peer 22::22 next-hop-local
peer 22::22 advertise encap-type srv6
#
ip vpn-instance vpn1
peer 40.1.1.2 as-number 65440
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator ccc evpn
peer 40.1.1.2 enable
#
ip vpn-instance vpn2
peer 50.1.1.2 as-number 65450
#
address-family ipv4 unicast
segment-routing ipv6 best-effort evpn
segment-routing ipv6 locator ccc evpn
peer 50.1.1.2 enable
#
segment-routing ipv6
encapsulation source-address 3::3
#
locator ccc ipv6-prefix 401:: 64 static 32
#
return
· CE 1
#
sysname CE1
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
#
bgp 65410
peer 10.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.1 enable
#
return
· CE 2
#
sysname CE2
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 20.1.1.2 255.255.255.0
#
bgp 65420
peer 20.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.1 enable
#
return
· CE 3
#
sysname CE3
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 30.1.1.2 255.255.255.0
#
bgp 65430
peer 30.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.1.1.1 enable
#
return
· CE 4
#
sysname CE4
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 40.1.1.2 255.255.255.0
#
bgp 65440
peer 40.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 40.1.1.1 enable
#
return
· CE 5
#
sysname CE5
#
interface HundredGigE1/0/1
port link-mode route
combo enable copper
ip address 50.1.1.2 255.255.255.0
#
bgp 65450
peer 50.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 50.1.1.1 enable
#
Return
· H3C S12500R系列交换路由器 EVPN配置指导-R52xx
· H3C S12500R系列交换路由器 EVPN命令参考-R52xx
· H3C S12500R-48Y8C&S12500R-48C6D交换路由器 EVPN配置指导-R52xx
· H3C S12500R-48Y8C&S12500R-48C6D交换路由器 EVPN命令参考-R52xx
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
