今天华为数通HCIE考场刚刚传来变题消息,大堂子立刻从军哥那里给大家要来了大家需要的技术文档!
SRv6代替BGP VPNv4实现不同站点间通信来了!!
新鲜出炉,速速来看!
01 实验目的
使用SRv6代替BGP VPNv4的MPLS通信,实现3个客户站点的通信
02 实验拓扑
03 实验步骤
步骤1.配置骨干网的IGP协议
本例采用isis协议,本步骤的目的是使得作为BGP更新源的环回接口0可路由通信。
配置如下
3台PE设备关闭DCN
undo dcn
Warning: This operation will disable DCN function. Continue? [Y/N]:y
PE1:
isis 1
is-level level-2
cost-style wide
network-entity 49.1111.1111.1111.1111.00
is-name PE1
#
ipv6 enable topology ipv6
interface LoopBack0
description BGP-Source
ipv6 enable
ipv6 address 1::1/128
isis ipv6 enable 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2123::1/64
isis ipv6 enable 1
PE2:
isis 1
is-level level-2
cost-style wide
network-entity 49.2222.2222.2222.2222.00
is-name PE2
#
ipv6 enable topology ipv6
interface LoopBack0
description BGP-Source
ipv6 enable
ipv6 address 2::2/128
isis ipv6 enable 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2123::2/64
isis ipv6 enable 1
PE3:
#
isis 1
is-level level-2
cost-style wide
network-entity 49.3333.3333.3333.3333.00
is-name PE3
#
ipv6 enable topology ipv6
interface LoopBack0
ipv6 enable
ipv6 address 3::3/128
isis ipv6 enable 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2123::3/64
isis ipv6 enable 1
验证ISIS的邻居关系,正确结果如下所示
[PE2]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
PE1* Eth1/0/0 PE3.01 Up 29s L2 64
PE3* Eth1/0/0 PE3.01 Up 7s L2 64
查看ISIS得到的IPv6路由表,重点观察其他2个设备的环回接口地址的路由信息
[PE2]display ipv6 routing-table protocol isis
_public_ Routing Table : IS-IS
Summary Count : 4
IS-IS routing table status : <Active>
Summary Count : 2
Destination : 1::1 PrefixLength : 128
NextHop : FE80::3A6E:A4FF:FE01:100 Preference : 15
Cost : 10 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : Ethernet1/0/0 Flags : D
Destination : 3::3 PrefixLength : 128
NextHop : FE80::3A6E:A4FF:FE03:100 Preference : 15
Cost : 10 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : Ethernet1/0/0 Flags : D
IS-IS routing table status : <Inactive>
Summary Count : 2
Destination : 2::2 PrefixLength : 128
NextHop : 2::2 Preference : 15
Cost : 0 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : LoopBack0 Flags :
Destination : 2123:: PrefixLength : 64
NextHop : 2123::2 Preference : 15
Cost : 0 Protocol : ISIS-L2
RelayNextHop : :: TunnelID : 0x0
Interface : Ethernet1/0/0 Flags :
测试环回接口的通信,便于后期BGP邻居关系的建立
[PE2]ping ipv6 -a 2::2 1::1
PING 1::1 : 56 data bytes, press CTRL_C to break
Reply from 1::1
bytes=56 Sequence=1 hop limit=64 time=38 ms
Reply from 1::1
bytes=56 Sequence=2 hop limit=64 time=43 ms
Reply from 1::1
bytes=56 Sequence=3 hop limit=64 time=34 ms
--- 1::1 ping statistics---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max=34/38/43 ms
[PE2]ping ipv6 -a 2::2 3::3
PING 3::3 : 56 data bytes, press CTRL_C to break
Reply from 3::3
bytes=56 Sequence=1 hop limit=64 time=29 ms
Reply from 3::3
bytes=56 Sequence=2 hop limit=64 time=43 ms
Reply from 3::3
bytes=56 Sequence=3 hop limit=64 time=45 ms
Reply from 3::3
bytes=56 Sequence=4 hop limit=64 time=38 ms
步骤2.配置PE的VPNv4邻居关系和VPN实例等L3VPN内容
配置VPNv4邻居,R2作为RR的角色
PE2:
bgp 100
router-id 2.2.2.2
peer 1::1 as-number 100
peer 1::1 connect-interface LoopBack0
peer 3::3 as-number 100
peer 3::3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpnv4
policy vpn-target
peer 1::1 enable
peer 1::1 reflect-client
peer 3::3 enable
peer 3::3 reflect-client
PE1:
bgp 100
router-id 1.1.1.1
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpnv4
policy vpn-target
peer 2::2 enable
PE3:
bgp 100
router-id 3.3.3.3
peer 2::2 as-number 100
peer 2::2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpnv4
policy vpn-target
peer 2::2 enable
[PE2]dis bgp vpnv4 all peer
BGP local router ID : 2.2.2.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1::1 4 100 7 7 0 00:03:20 Established 0
3::3 4 100 6 5 0 00:02:23 Established 0
BGP的VPNv4邻居关系一切正常,由于暂时没有部署VPN实例,此时没有客户路由出现
步骤3.PE上配置VPN实例,同客户端的协议为BGP
在3台PE设备配置VPN实例
ip vpn-instance QYT
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
配置PE1和CE-HZ的内容
PE1
bgp 100
ipv4-family vpn-instance QYT
peer 10.1.12.2 as-number 64512
peer 10.1.12.2 substitute-as
CE-HZ:
bgp 64512
router-id 10.2.2.2
peer 10.1.12.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.2.2.2 255.255.255.255
peer 10.1.12.1 enable
配置PE2和CE-SH的内容
PE2
bgp 100
ipv4-family vpn-instance QYT
peer 10.1.23.3 as-number 64512
peer 10.1.23.3 substitute-as
CE-SH
bgp 64512
router-id 10.3.3.3
peer 10.1.23.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.3.3.3 255.255.255.255
peer 10.1.23.2 enable
配置PE3和CE-BJ的内容
PE3:
bgp 100
ipv4-family vpn-instance QYT
peer 10.1.34.4 as-number 64512
peer 10.1.34.4 substitute-as
CE-BJ
bgp 64512
router-id 10.4.4.4
peer 10.1.34.3 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.4.4.4 255.255.255.255
peer 10.1.34.3 enable
在PE2上查看所有客户侧的路由信息
[PE2]display bgp vpnv4 all routing-table
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total number of routes from all PE: 3
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.2.2.2/32 1::1 0 100 0 64512i
*> 10.3.3.3/32 10.1.23.3 0 0 64512i
*>i 10.4.4.4/32 3::3 0 100 0 64512i
VPN-Instance QYT, Router ID 2.2.2.2:
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
i 10.2.2.2/32 1::1 0 100 0 64512i
*> 10.3.3.3/32 10.1.23.3 0 0 64512i
i 10.4.4.4/32 3::3 0 100 0 64512i
到此常规的L3VPN已经配置完毕,和MPLS的L3VPN没有太大区别
步骤4.配置SRv6
重要的SRv6逻辑:
和BGP的VPNv4类似,需要在在PE之间建立SRv6 BE的转发路径
注意,End.DT4标准的SID(前缀ID)可以通过BGP动态分配,也可以静态配置。静态配置和动态分配的SID同时存在时,静态配置优先生效
PE设备上经典配置步骤:
1.全局使能SRv6,配置封装源地址、Locator(定位符)
segment-routing ipv6 //进入SRv6配置模式
encapsulation source-address 2001::2:2
locator QYT ipv6-prefix 2001:2:: 96 static 16 //配置定位符命名为QYT,分配的前缀为2001:2::/96的静态前缀
PE1:
segment-routing ipv6//进入SRv6配置模式
encapsulation source-address 1::1 //配置封装SRv6的源地址,该地址通常通告在全局的IGP中
locator QYT ipv6-prefix 2001:1:: 96 static 16 //配置定位符命名为QYT,分配的前缀为2001:1::/96的静态前缀,
每个PE可以分配不同的前缀定位符
PE2:
segment-routing ipv6
encapsulation source-address 2::2
locator QYT ipv6-prefix 2001:2:: 96 static 16
PE3:
segment-routing ipv6
encapsulation source-address 3::3
locator QYT ipv6-prefix 2001:3:: 96 static 16
查看SRv6分配的定位符信息
[PE1]display segment-routing ipv6 locator QYT verbose
Locator Configuration Table
---------------------------
LocatorName : QYT LocatorID : 2
IPv6Prefix : 2001:1:: PrefixLength: 96
StaticLength : 16 Reference : 0
Default : N ArgsLength : 0
AutoSIDBegin : 2001:1::1:0
AutoSIDEnd : 2001:1::FFFF:FFFF
[PE2]display segment-routing ipv6 locator QYT verbose
Locator Configuration Table
---------------------------
LocatorName : QYT LocatorID : 2
IPv6Prefix : 2001:2:: PrefixLength: 96
StaticLength : 16 Reference : 0
Default : N ArgsLength : 0
AutoSIDBegin : 2001:2::1:0
AutoSIDEnd : 2001:2::FFFF:FFFF
Total Locator(s): 1
[PE3]display segment-routing ipv6 locator QYT verbose
Locator Configuration Table
---------------------------
LocatorName : QYT LocatorID : 1
IPv6Prefix : 2001:3:: PrefixLength: 96
StaticLength : 16 Reference : 0
Default : N ArgsLength : 0
AutoSIDBegin : 2001:3::1:0
AutoSIDEnd : 2001:3::FFFF:FFFF
2.PE上在BGP的VPNv4地址族下向邻居传递私网路由时携带SID信息
[PE1]bgp 100
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 2::2 prefix-sid //VPNv4地址族下向邻居2::2(RR)传递客户路由时携带SID信息,
该信息被BGP的Update报文承载
!
[PE2]bgp 100
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1::1 prefix-sid
[PE2-bgp-af-vpnv4]peer 3::3 prefix-sid
!
[PE3]bgp 100
[PE3-bgp]ipv4-family vpnv4
[PE3-bgp-af-vpnv4]peer 2::2 prefix-sid
3.PE上在BGP的VPN实例地址族下开启为客户的路由分配前缀ID的功能,并调用之前配置的定位符
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance QYT
[PE1-bgp-QYT]segment-routing ipv6 best-effort //BGP 实例地址族下开启SRv6 BE功能
[PE1-bgp-QYT]segment-routing ipv6 locator QYT //调用之前配置的名为QYT的定位符,来自客户的路由可以携带该定位符分配的SID
!
[PE2]bgp 100
[PE2-bgp] ipv4-family vpn-instance QYT
[PE2-bgp-QYT] segment-routing ipv6 locator QYT
[PE2-bgp-QYT] segment-routing ipv6 best-effort
!
[PE3]bgp 100
[PE3-bgp] ipv4-family vpn-instance QYT
[PE3-bgp-QYT] segment-routing ipv6 locator QYT
[PE3-bgp-QYT] segment-routing ipv6 best-effort
4.IGP协议下调用之前配置的SRv6 Locator功能,向邻居更新SRv6 SID在PE1到3设备上完成如下配置:
isis
segment-routing ipv6 locator QYT
[PE2]display isis route //查看ISIS协议的路由,在开启ISIS支持段路由并调用后,会在路由中看到对应的去往其他PE环回口的分配的前缀段
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags
--------------------------------------------------------------------------------
1::1/128 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-
2::2/128 Loop0 Direct 0 D/-/L/-
3::3/128 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-
2001:1::/96 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-
2001:2::/96 - - 0 A/-/L/-
2001:3::/96 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-
2123::/64 Eth1/0/0 Direct 10 D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set, LP-Local Prefix-Sid
查看SRv6转发VPN实例路由数据的信息
[PE1]display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : 2001:1::1:0/128 FuncType : End.DT4
VPN Name : QYT VPN ID : 2
LocatorName: QYT LocatorID: 2
Total SID(s): 1
[PE2]display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : 2001:2::1:0/128 FuncType : End.DT4
VPN Name : QYT VPN ID : 2
LocatorName: QYT LocatorID: 2
[PE3]display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table
-------------------------------------
SID : 2001:3::1:0/128 FuncType : End.DT4
VPN Name : QYT VPN ID : 2
LocatorName: QYT LocatorID: 1
Total SID(s): 1
测试站点之间通信情况
<CE-BJ>ping -a 10.4.4.4 10.3.3.3
PING 10.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=253 time=60 ms
Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=253 time=40 ms
Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=253 time=60 ms
Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=253 time=50 ms
--- 10.3.3.3 ping statistics ---
4 packet(s) transmitted
4 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/52/60 ms
<CE-BJ>ping -a 10.4.4.4 10.2.2.2
PING 10.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=253 time=40 ms
Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=253 time=40 ms
Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=253 time=60 ms
--- 10.2.2.2 ping statistics ---
3 packet(s) transmitted