ISP Backbone Network Deployment for Mutual Access of Sites in an Enterprise

S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

ISP Backbone Network Deployment for Mutual Access of Sites in an Enterprise

Application Scenario and Service Requirements
Solution Design
Deployment Roadmap and Data Plan
Deployment Procedure
Verifying the Deployment
Configuration Files

Application Scenario and Service Requirements

Application Scenario

This example applies to the scenarios where internal networks of a large-scale enterprise need to communicate through an Internet Service Provider (ISP) backbone network.

Service Requirements

The ISP backbone network providing mutual access of internal networks of an enterprise is a core area and has the following characteristics:

A large number of routes
IPv4/IPv6 dual stack
Flexible routing policies
A large number of users and heavy traffic

The following lists the main service requirements of the ISP backbone network that provides mutual access of internal networks of an enterprise:

Route control requirements
Provide flexible route forwarding, and control route advertisement and import based on routing policies.
Reliability requirements
Ensure bandwidth using multiple egress links.

Ensure high reliability and service continuity for important services such as enterprise private line services.

Provide backup functions for key network nodes to ensure reliable transmission of data services.

Shorten the service interruption time as much as possible to ensure user experience upon an intermittent link disconnection or a device fault.
Security requirements
Prevent access from unauthorized devices, as well as malicious attacks.

Meet security compliance requirements.

Control user access to ensure network security.

Solution Design

Networking Diagram

Figure 2-111 shows the networking diagram for mutual access between internal networks of an enterprise through the backbone network in a project.

Figure 2-111 Networking diagram for mutual access between internal networks of an enterprise through the backbone network

Network Design Analysis

Route control requirements
S12700E-4 switches equipped with 10GE X1E cards serve as P devices for mutual access between site A and site B. The P devices are interconnected through 10GE interfaces and transmit services of the backbone network. RR_1 and RR_2 function as route reflectors (RRs). Traffic in the core backbone area is forwarded through Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) routes. User gateways at each site (not displayed in the networking diagram) learn the site routes through the External Border Gateway Protocol (EBGP) and import the routes to the backbone area. In this manner, the two sites can communicate with each other.

Reliability requirements
Two P devices for a site (such as S12700E-4_P1 and S12700E-4_P2 for site A) are configured to work in active/standby mode to ensure device-level reliability. Eth-Trunks in Link Aggregation Control Protocol (LACP) mode are configured on interconnected interfaces of the two P devices to ensure link-level reliability.

Bidirectional Forwarding Detection (BFD) for OSPF is enabled in the OSPF process to accelerate convergence of OSPF routes upon link status changes. When BFD detects a link fault, it notifies the OSPF protocol of the fault and triggers fast convergence of OSPF routes.
Security requirements
HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and Internet Protocol Security (IPSec) is enabled in the OSPFv3 process.

BGP peers are configured to perform MD5 authentication when setting up Transmission Control Protocol (TCP) connections.

IBGP peer relationships are established through loopback interfaces and password authentication is enabled.

Device Requirements and Versions

Table 2-159 lists the products and their software versions used in this example.

Table 2-159 Products and their software versions

Product	Software Version
S12700E	V200R019C10SPC500 + latest patch

In this example, S12700E series switches are used as RRs and Router.

Deployment Roadmap and Data Plan

Deployment Roadmap

The configuration roadmap is as follows:

Configure interfaces, add them to corresponding VLANs, and assign IPv4 and IPv6 addresses to interfaces.
On four P devices (S12700E-4_P1, S12700E-4_P2, S12700E-4_P3, and S12700E-4_P4), configure OSPFv2 and OSPFv3, configure BGP and BGP4+, configure them to establish IBGP peer relationships with RRs, and configure Multiprotocol Extensions for BGP (MP-BGP).
Enable HMAC-SHA256 authentication on OSPFv2-enabled interfaces, enable IPSec in the OSPFv3 process, and configure BGP peers to perform MD5 authentication when setting up TCP connections.

Data Plan

The following tables describe the data plans for VLANs, interfaces, IP addresses, routes, and services.

Table 2-160 VLAN plan

Device	Data	Description
S12700E-4_P1	VLAN 3900	VLAN to which the interface connected to RR_1 belongs
S12700E-4_P2	VLAN 3940	VLAN to which the interface connected to RR_1 belongs
S12700E-4_P3	VLAN 3900	VLAN to which the interface connected to RR_2 belongs
S12700E-4_P4	VLAN 3940	VLAN to which the interface connected to RR_2 belongs
RR_1	VLAN 3900	VLAN to which the interface connected to S12700E-4_P1 belongs
RR_1	VLAN3940	VLAN to which the interface connected to S12700E-4_P2 belongs
RR_2	VLAN 3900	VLAN to which the interface connected to S12700E-4_P3 belongs
RR_2	VLAN 3940	VLAN to which the interface connected to S12700E-4_P4 belongs

Table 2-161 Interface and IP address plan

Device	Interface Number	VLAN to Which the Interface Belongs	IP Address	Description
S12700E-4_P1	XGE2/0/3	-	1.1.1.129/30 2001:0:0:20E::1/64	Interface connected to the internal network of site A
	Eth-Trunk 2	3900	VLANIF 3900: 1.1.2.1/30 2001:0:0:3B0::1/64	Interface connected to RR_1
	Eth-Trunk 1	-	1.1.1.2/30 2001:0:0:209::2/64	Interface connected to S12700E-4_P3
	Eth-Trunk 0	-	1.1.1.13/30 2001:0:0:20A::1/64	Interface connected to S12700E-4_P2
	Loopback 0	-	2.2.2.9/32 2001::13/128	-
S12700E-4_P2	XGE2/0/3	-	1.1.1.133/30 2001:0:0:20F::1/64	Interface connected to the internal network of site A
	Eth-Trunk2	3940	VLANIF 3940: 1.1.2.5/30 2001:0:0:3D0::1/64	Interface connected to RR_1
	Eth-Trunk 1	-	1.1.1.6/30 2001:0:0:20B::1/64	Interface connected to S12700E-4_P4
	Eth-Trunk 0	-	1.1.1.14/30 2001:0:0:20A::2/64	Interface connected to S12700E-4_P1
	Loopback 0	-	2.2.2.10/32 2001::14/128	-
S12700E-4_P3	XGE2/0/3	-	1.1.1.121/30 2001:0:0:20C::1/64	Interface connected to the internal network of site B
	Eth-Trunk 2	3900	VLANIF 3900: 1.1.4.1/30 2001:0:0:330::1/64	Interface connected to RR_2
	Eth-Trunk1	-	1.1.1.1/30 2001:0:0:209::1/64	Interface connected to S12700E-4_P1
	Eth-Trunk 0	-	1.1.1.9/30 2001:0:0:208::1/64	Interface connected to S12700E-4_P4
	Loopback 0	-	2.2.2.3/32 2001::11/128	-
S12700E-4_P4	XGE2/0/3	-	1.1.1.125/30 2001:0:0:20D::1/64	Interface connected to the internal network of site B
	Eth-Trunk 2	3940	VLANIF 3940: 1.1.4.5/30 2001:0:0:430::1/64	Interface connected to RR_2
	Eth-Trunk1	-	1.1.1.5/30 2001:0:0:20B::2/64	Interface connected to S12700E-4_P2
	Eth-Trunk0	-	1.1.1.10/30 2001:0:0:208::2/64	Interface connected to S12700E-4_P3
	Loopback 0	-	2.2.2.4/32 2001::12/128	-
RR_1	Eth-Trunk 0	3900	VLANIF 3900: 1.1.2.2/30 2001:0:0:3B0::2/64	Interface connected to S12700E-4_P1
	Eth-Trunk 1	3940	VLANIF 3940: 1.1.2.6/30 2001:0:0:3D0::2/64	Interface connected to S12700E-4_P2
	Loopback 0	-	2.2.2.57/32 2001::17/128	-
RR_2	Eth-Trunk 0	3900	VLANIF 3900: 1.1.4.2/30 2001:0:0:330::2/64	Interface connected to S12700E-4_P3
	Eth-Trunk1	3940	VLANIF 3940: 1.1.4.6/30 2001:0:0:430::2/64	Interface connected to S12700E-4_P4
	Loopback 0	-	2.2.2.55/32 2001::15/128	-
Router_1	XGE0/0/1	-	1.1.1.130/30 2001:0:0:20E::2/64	Interface connected to S12700E-4_P1
	XGE0/0/2	-	1.1.1.134/30 2001:0:0:20F::2/64	Interface connected to S12700E-4_P2
	XGE0/0/3	1101	VLANIF 1101:101.1.1.2/24 2000:101::1/64	Interface connected to the user gateway
	Loopback 0	-	2.2.2.11/32 2001:F167::1/128	-
Router_2	XGE0/0/1	-	1.1.1.122/30 2001:0:0:20C::2/64	Interface connected to S12700E-4_P3
	XGE0/0/2	-	1.1.1.126/30 2001:0:0:20D::2/64	Interface connected to S12700E-4_P4
	XGE0/0/3	1101	VLANIF 1101: 101.1.1.3/24 2000:102::1/64	Interface connected to the user gateway
	Loopback 0	-	2.2.2.1/32 2001:F168::1/128	-

Deployment Procedure

This solution uses a symmetric networking mode. The configuration of S12700E-4_P2 is similar to that of S12700E-4_P1, the configuration of S12700E-4_P4 is similar to that of S12700E-4_P3, the configuration of RR_2 is similar to that of RR_1, and the configuration of Router_2 is similar to that of Router_1. S12700E-4_P1, S12700E-4_P3, RR_1, and Router_1 are used as examples in the following sections.

Configuring S12700E-4_P1

Configure interfaces connected to devices.

# Create Eth-Trunk 0, configure its IPv4 and IPv6 addresses, enable LACP, and add an interface (XGE1/0/0 is used as an example) to Eth-Trunk 0.

<S12700E-4_P1> system-view
[S12700E-4_P1] ipv6 
[S12700E-4_P1] interface Eth-Trunk 0 
[S12700E-4_P1-Eth-Trunk0] undo portswitch
[S12700E-4_P1-Eth-Trunk0] description To_S12700E-4_P2  
[S12700E-4_P1-Eth-Trunk0] ip address 1.1.1.13 255.255.255.252
[S12700E-4_P1-Eth-Trunk0] ipv6 enable 
[S12700E-4_P1-Eth-Trunk0] ipv6 address 2001:0:0:20A::1/64
[S12700E-4_P1-Eth-Trunk0] mode lacp 
[S12700E-4_P1-Eth-Trunk0] quit
[S12700E-4_P1] interface XGigabitEthernet 1/0/0
[S12700E-4_P1-XGigabitEthernet1/0/0] eth-trunk 0
[S12700E-4_P1-XGigabitEthernet1/0/0] quit

# Create Eth-Trunk 1, configure its IPv4 and IPv6 addresses, enable LACP, and add XGE2/0/0 to Eth-Trunk 1.

[S12700E-4_P1] interface Eth-Trunk 1
[S12700E-4_P1-Eth-Trunk1] undo portswitch  
[S12700E-4_P1-Eth-Trunk1] description To_S12700E-4_P3  
[S12700E-4_P1-Eth-Trunk1] ip address 1.1.1.2 255.255.255.252
[S12700E-4_P1-Eth-Trunk1] ipv6 enable 
[S12700E-4_P1-Eth-Trunk1] ipv6 address 2001:0:0:209::2/64
[S12700E-4_P1-Eth-Trunk1] mode lacp 
[S12700E-4_P1-Eth-Trunk1] quit
[S12700E-4_P1] interface XGigabitEthernet 2/0/0
[S12700E-4_P1-XGigabitEthernet2/0/0] eth-trunk 1
[S12700E-4_P1-XGigabitEthernet2/0/0] quit

# Create VLAN 3900, and configure an IPv4 address and an IPv6 address for VLANIF 3900. Create Eth-Trunk 2, enable LACP, and add XGE1/0/1 to Eth-Trunk 2.

[S12700E-4_P1] vlan 3900
[S12700E-4_P1-vlan3900] quit 
[S12700E-4_P1] interface Vlanif 3900
[S12700E-4_P1-Vlanif3900] ip address 1.1.2.1 255.255.255.252
[S12700E-4_P1-Vlanif3900] ipv6 enable 
[S12700E-4_P1-Vlanif3900] ipv6 address 2001:0:0:3B0::1/64 
[S12700E-4_P1-Vlanif3900] quit
[S12700E-4_P1] interface Eth-Trunk 2  
[S12700E-4_P1-Eth-Trunk2] description To_RR_1  
[S12700E-4_P1-Eth-Trunk2] port link-type trunk 
[S12700E-4_P1-Eth-Trunk2] port trunk allow-pass vlan 3900 
[S12700E-4_P1-Eth-Trunk2] undo port trunk allow-pass vlan 1
[S12700E-4_P1-Eth-Trunk2] mode lacp 
[S12700E-4_P1-Eth-Trunk2] quit
[S12700E-4_P1] interface XGigabitEthernet 1/0/1
[S12700E-4_P1-XGigabitEthernet1/0/1] eth-trunk 2
[S12700E-4_P1-XGigabitEthernet1/0/1] quit

# Configure an IPv4 address and an IPv6 address for XGE2/0/3 that connects S12700E-4_P1 to the egress router Router_1 of site A.

[S12700E-4_P1]interface XGigabitEthernet 2/0/3  
[S12700E-4_P1-XGigabitEthernet2/0/3] description To_Router_1  
[S12700E-4_P1-XGigabitEthernet2/0/3] undo portswitch  
[S12700E-4_P1-XGigabitEthernet2/0/3] ip address 1.1.1.129 255.255.255.252
[S12700E-4_P1-XGigabitEthernet2/0/3] ipv6 enable
[S12700E-4_P1-XGigabitEthernet2/0/3] ipv6 address 2001:0:0:20E::1/64   
[S12700E-4_P1-XGigabitEthernet2/0/3] quit

# Create loopback 0 and configure an IPv4 address and an IPv6 address for it.

[S12700E-4_P1] interface LoopBack 0  
[S12700E-4_P1-LoopBack0] ip address 2.2.2.9 255.255.255.255 
[S12700E-4_P1-LoopBack0] ipv6 enable
[S12700E-4_P1-LoopBack0] ipv6 address 2001::13/128
[S12700E-4_P1-LoopBack0] quit

Configure OSPFv2 and OSPFv3 to allow Layer 3 communication between P devices. HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and IPSec is enabled in the OSPFv3 process.

# Create OSPFv2 process 1, specify the router ID, create area 0, enable graceful restart (GR), and configure password authentication.

[S12700E-4_P1] ospf 1 router-id 2.2.2.9   
[S12700E-4_P1-ospf-1] silent-interface all
[S12700E-4_P1-ospf-1] undo silent-interface Eth-Trunk0
[S12700E-4_P1-ospf-1] undo silent-interface Eth-Trunk1
[S12700E-4_P1-ospf-1] undo silent-interface Vlanif3900
[S12700E-4_P1-ospf-1] undo silent-interface XGigabitEthernet2/0/3
[S12700E-4_P1-ospf-1] opaque-capability enable
[S12700E-4_P1-ospf-1] graceful-restart
[S12700E-4_P1-ospf-1] bandwidth-reference 1000000
[S12700E-4_P1-ospf-1] stub-router on-startup  
[S12700E-4_P1-ospf-1] area 0.0.0.0
[S12700E-4_P1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[S12700E-4_P1-ospf-1-area-0.0.0.0] quit
[S12700E-4_P1-ospf-1] quit

# Configure IPSec.

[S12700E-4_P1] ipsec proposal 1 
[S12700E-4_P1-ipsec-proposal-1] encapsulation-mode transport 
[S12700E-4_P1-ipsec-proposal-1] transform ah
[S12700E-4_P1-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[S12700E-4_P1-ipsec-proposal-1] quit
[S12700E-4_P1] ipsec sa area0 
[S12700E-4_P1-ipsec-sa-area0] proposal 1
[S12700E-4_P1-ipsec-sa-area0] sa spi inbound ah 256
[S12700E-4_P1-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[S12700E-4_P1-ipsec-sa-area0] sa spi outbound ah 256
[S12700E-4_P1-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[S12700E-4_P1-ipsec-sa-area0] quit

# Create OSPFv3 process 1, specify the router ID, and enable GR.

[S12700E-4_P1] ospfv3 1  
[S12700E-4_P1-ospfv3-1] router-id 2.2.2.9
[S12700E-4_P1-ospfv3-1] bandwidth-reference 1000000
[S12700E-4_P1-ospfv3-1] ipsec sa area0
[S12700E-4_P1-ospfv3-1] graceful-restart
[S12700E-4_P1-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on loopback 0.

[S12700E-4_P1] interface LoopBack 0  
[S12700E-4_P1-LoopBack0] ospf enable 1 area 0.0.0.0  
[S12700E-4_P1-LoopBack0] ospfv3 1 area 0.0.0.0   
[S12700E-4_P1-LoopBack0] quit

# Enable OSPFv2 and OSPFv3 on Eth-Trunk 0, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P1] interface Eth-Trunk 0  
[S12700E-4_P1-Eth-Trunk0] ospf enable 1 area 0.0.0.0  
[S12700E-4_P1-Eth-Trunk0] ospf network-type p2p  
[S12700E-4_P1-Eth-Trunk0] ospf cost 500  
[S12700E-4_P1-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[S12700E-4_P1-Eth-Trunk0] ospfv3 network-type p2p
[S12700E-4_P1-Eth-Trunk0] ospfv3 cost 500
[S12700E-4_P1-Eth-Trunk0] quit

# Enable OSPFv2 and OSPFv3 on Eth-Trunk 1, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P1] interface Eth-Trunk 1  
[S12700E-4_P1-Eth-Trunk1] ospf enable 1 area 0.0.0.0  
[S12700E-4_P1-Eth-Trunk1] ospf network-type p2p  
[S12700E-4_P1-Eth-Trunk1] ospf cost 1000  
[S12700E-4_P1-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[S12700E-4_P1-Eth-Trunk1] ospfv3 network-type p2p
[S12700E-4_P1-Eth-Trunk1] ospfv3 cost 1000
[S12700E-4_P1-Eth-Trunk1] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 3900, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P1] interface Vlanif 3900  
[S12700E-4_P1-Vlanif3900] ospf enable 1 area 0.0.0.0  
[S12700E-4_P1-Vlanif3900] ospf network-type p2p  
[S12700E-4_P1-Vlanif3900] ospf cost 2000  
[S12700E-4_P1-Vlanif3900] ospfv3 1 area 0.0.0.0
[S12700E-4_P1-Vlanif3900] ospfv3 network-type p2p
[S12700E-4_P1-Vlanif3900] ospfv3 cost 2000
[S12700E-4_P1-Vlanif3900] quit

# Enable OSPFv2 and OSPFv3 on XGE2/0/3, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P1] interface XGigabitEthernet 2/0/3   
[S12700E-4_P1-XGigabitEthernet2/0/3] ospf enable 1 area 0.0.0.0  
[S12700E-4_P1-XGigabitEthernet2/0/3] ospf network-type p2p  
[S12700E-4_P1-XGigabitEthernet2/0/3] ospf cost 2000  
[S12700E-4_P1-XGigabitEthernet2/0/3] ospfv3 1 area 0.0.0.0
[S12700E-4_P1-XGigabitEthernet2/0/3] ospfv3 network-type p2p
[S12700E-4_P1-XGigabitEthernet2/0/3] ospfv3 cost 2000
[S12700E-4_P1-XGigabitEthernet2/0/3] quit

Configure BGP and BGP4+, and configure S12700E-4_P1 to establish an IBGP peer relationship with RR_1.

# Start the BGP process and configure BGP peers.

[S12700E-4_P1] bgp 64999 
[S12700E-4_P1-bgp] router-id 2.2.2.9 
[S12700E-4_P1-bgp] graceful-restart
[S12700E-4_P1-bgp] group iBGP internal
[S12700E-4_P1-bgp] peer iBGP connect-interface LoopBack0
[S12700E-4_P1-bgp] peer iBGP password cipher YsHsjx_202206
[S12700E-4_P1-bgp] peer 2.2.2.57 as-number 64999
[S12700E-4_P1-bgp] peer 2.2.2.57 group iBGP
[S12700E-4_P1-bgp] ipv4-family unicast
[S12700E-4_P1-bgp-af-ipv4] peer iBGP enable
[S12700E-4_P1-bgp-af-ipv4] peer iBGP next-hop-local
[S12700E-4_P1-bgp-af-ipv4] peer iBGP advertise-community
[S12700E-4_P1-bgp-af-ipv4] quit

# Configure BGP4+ peers.

[S12700E-4_P1-bgp] peer 2001::17 as-number 64999
[S12700E-4_P1-bgp] peer 2001::17 group iBGP 
[S12700E-4_P1-bgp] ipv6-family unicast
[S12700E-4_P1-bgp-af-ipv6] peer iBGP enable
[S12700E-4_P1-bgp-af-ipv6] peer iBGP next-hop-local
[S12700E-4_P1-bgp-af-ipv6] peer iBGP advertise-community
[S12700E-4_P1-bgp-af-ipv6] peer 2001::17 enable
[S12700E-4_P1-bgp-af-ipv6] peer 2001::17 group iBGP
[S12700E-4_P1-bgp-af-ipv6] quit
[S12700E-4_P1-bgp] quit

Enable BFD globally, and enable BFD for OSPFv2 and BFD for OSPFv3.

[S12700E-4_P1] bfd
[S12700E-4_P1-bfd] quit
[S12700E-4_P1] ospf 1
[S12700E-4_P1-ospf-1] bfd all-interfaces enable
[S12700E-4_P1-ospf-1] quit
[S12700E-4_P1] ospfv3 1
[S12700E-4_P1-ospfv3-1] bfd all-interfaces enable
[S12700E-4_P1-ospfv3-1] quit

Configuring S12700E-4_P3

Configure interfaces connected to devices.

# Create Eth-Trunk 0, configure its IPv4 and IPv6 addresses, enable LACP, and add XGE1/0/0 to Eth-Trunk 0.

<S12700E-4_P3> system-view
[S12700E-4_P3] ipv6 
[S12700E-4_P3] interface Eth-Trunk 0 
[S12700E-4_P3-Eth-Trunk0] undo portswitch2001::db8:2::2
[S12700E-4_P3-Eth-Trunk0] description To_S12700E-4_P4  
[S12700E-4_P3-Eth-Trunk0] ip address 1.1.1.9 255.255.255.252
[S12700E-4_P3-Eth-Trunk0] ipv6 enable 
[S12700E-4_P3-Eth-Trunk0] ipv6 address 2001:0:0:208::1/64
[S12700E-4_P3-Eth-Trunk0] mode lacp 
[S12700E-4_P3-Eth-Trunk0] quit
[S12700E-4_P3] interface XGigabitEthernet 1/0/0
[S12700E-4_P3-XGigabitEthernet1/0/0] eth-trunk 0
[S12700E-4_P3-XGigabitEthernet1/0/0] quit

# Create Eth-Trunk 1, configure its IPv4 and IPv6 addresses, enable LACP, and add XGE2/0/0 to Eth-Trunk 1.

[S12700E-4_P3] interface Eth-Trunk 1
[S12700E-4_P3-Eth-Trunk1] undo portswitch  
[S12700E-4_P3-Eth-Trunk1] description To_S12700E-4_P1  
[S12700E-4_P3-Eth-Trunk1] ip address 1.1.1.1 255.255.255.252
[S12700E-4_P3-Eth-Trunk1] ipv6 enable 
[S12700E-4_P3-Eth-Trunk1] ipv6 address 2001:0:0:209::1/64
[S12700E-4_P3-Eth-Trunk1] mode lacp 
[S12700E-4_P3-Eth-Trunk1] quit
[S12700E-4_P3] interface XGigabitEthernet 2/0/0
[S12700E-4_P3-XGigabitEthernet2/0/0] eth-trunk 1
[S12700E-4_P3-XGigabitEthernet2/0/0] quit

# Create VLAN 3900, and configure an IPv4 address and an IPv6 address for VLANIF 3900. Create Eth-Trunk 2, enable LACP, and add XGE1/0/1 to Eth-Trunk 2.

[S12700E-4_P3] vlan 3900
[S12700E-4_P3-vlan3900] quit 
[S12700E-4_P3] interface Vlanif 3900
[S12700E-4_P3-Vlanif3900] ip address 1.1.4.1 255.255.255.252
[S12700E-4_P3-Vlanif3900] ipv6 enable 
[S12700E-4_P3-Vlanif3900] ipv6 address 2001:0:0:330::1/64
[S12700E-4_P3-Vlanif3900] quit
[S12700E-4_P3] interface Eth-Trunk 2  
[S12700E-4_P3-Eth-Trunk2] description To_RR_2  
[S12700E-4_P3-Eth-Trunk2] port link-type trunk 
[S12700E-4_P3-Eth-Trunk2] port trunk allow-pass vlan 3900 
[S12700E-4_P3-Eth-Trunk2] undo port trunk allow-pass vlan 1
[S12700E-4_P3-Eth-Trunk2] mode lacp 
[S12700E-4_P3-Eth-Trunk2] quit
[S12700E-4_P3] interface XGigabitEthernet 1/0/1
[S12700E-4_P3-XGigabitEthernet1/0/1] eth-trunk 2
[S12700E-4_P3-XGigabitEthernet1/0/1] quit

# Configure an IPv4 address and an IPv6 address for XGE2/0/3 that connects S12700E-4_P3 to the egress router Router_2 of site B.

[S12700E-4_P3]interface XGigabitEthernet 2/0/3  
[S12700E-4_P3-XGigabitEthernet2/0/3] description To_Router_2  
[S12700E-4_P3-XGigabitEthernet2/0/3] undo portswitch  
[S12700E-4_P3-XGigabitEthernet2/0/3] ip address 1.1.1.121 255.255.255.252
[S12700E-4_P3-XGigabitEthernet2/0/3] ipv6 enable
[S12700E-4_P3-XGigabitEthernet2/0/3] ipv6 address 2001:0:0:20C::1/64
[S12700E-4_P3-XGigabitEthernet2/0/3] quit

Configure OSPFv2 and OSPFv3 to allow Layer 3 communication between P devices. HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and IPSec is enabled in the OSPFv3 process.

# Create loopback 0 and configure an IPv4 address and an IPv6 address for it.

[S12700E-4_P3] interface LoopBack 0  
[S12700E-4_P3-LoopBack0] ip address 2.2.2.3 255.255.255.255 
[S12700E-4_P3-LoopBack0] ipv6 enable
[S12700E-4_P3-LoopBack0] ipv6 address 2001::11/128
[S12700E-4_P3-LoopBack0] quit

# Create OSPFv2 process 1, specify the router ID, create area 0, enable GR, and configure password authentication.

[S12700E-4_P3] ospf 1 router-id 2.2.2.3   
[S12700E-4_P3-ospf-1] silent-interface all
[S12700E-4_P3-ospf-1] undo silent-interface Eth-Trunk0
[S12700E-4_P3-ospf-1] undo silent-interface Eth-Trunk1
[S12700E-4_P3-ospf-1] undo silent-interface Vlanif3900
[S12700E-4_P3-ospf-1] undo silent-interface XGigabitEthernet2/0/3
[S12700E-4_P3-ospf-1] opaque-capability enable
[S12700E-4_P3-ospf-1] graceful-restart
[S12700E-4_P3-ospf-1] bandwidth-reference 1000000
[S12700E-4_P3-ospf-1] stub-router on-startup  
[S12700E-4_P3-ospf-1] area 0.0.0.0
[S12700E-4_P3-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[S12700E-4_P3-ospf-1-area-0.0.0.0] quit
[S12700E-4_P3-ospf-1] quit

# Configure IPSec.

[S12700E-4_P3] ipsec proposal 1 
[S12700E-4_P3-ipsec-proposal-1] encapsulation-mode transport 
[S12700E-4_P3-ipsec-proposal-1] transform ah
[S12700E-4_P3-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[S12700E-4_P3-ipsec-proposal-1] quit
[S12700E-4_P3] ipsec sa area0 
[S12700E-4_P3-ipsec-sa-area0] proposal 1
[S12700E-4_P3-ipsec-sa-area0] sa spi inbound ah 256
[S12700E-4_P3-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[S12700E-4_P3-ipsec-sa-area0] sa spi outbound ah 256
[S12700E-4_P3-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00 
[S12700E-4_P3-ipsec-sa-area0] quit

# Create OSPFv3 process 1, specify the router ID, and enable GR.

[S12700E-4_P3] ospfv3 1  
[S12700E-4_P3-ospfv3-1] router-id 2.2.2.3
[S12700E-4_P3-ospfv3-1] bandwidth-reference 1000000
[S12700E-4_P3-ospfv3-1] ipsec sa area0
[S12700E-4_P3-ospfv3-1] graceful-restart
[S12700E-4_P3-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on loopback 0.

[S12700E-4_P3] interface LoopBack 0  
[S12700E-4_P3-LoopBack0] ospf enable 1 area 0.0.0.0  
[S12700E-4_P3-LoopBack0] ospfv3 1 area 0.0.0.0   
[S12700E-4_P3-LoopBack0] quit

# Enable OSPFv2 and OSPFv3 on Eth-Trunk 0, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P3] interface Eth-Trunk 0  
[S12700E-4_P3-Eth-Trunk0] ospf enable 1 area 0.0.0.0  
[S12700E-4_P3-Eth-Trunk0] ospf network-type p2p  
[S12700E-4_P3-Eth-Trunk0] ospf cost 500  
[S12700E-4_P3-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[S12700E-4_P3-Eth-Trunk0] ospfv3 network-type p2p
[S12700E-4_P3-Eth-Trunk0] ospfv3 cost 500
[S12700E-4_P3-Eth-Trunk0] quit

# Enable OSPFv2 and OSPFv3 on Eth-Trunk 1, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P3] interface Eth-Trunk 1  
[S12700E-4_P3-Eth-Trunk1] ospf enable 1 area 0.0.0.0  
[S12700E-4_P3-Eth-Trunk1] ospf network-type p2p  
[S12700E-4_P3-Eth-Trunk1] ospf cost 1000  
[S12700E-4_P3-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[S12700E-4_P3-Eth-Trunk1] ospfv3 network-type p2p
[S12700E-4_P3-Eth-Trunk1] ospfv3 cost 1000
[S12700E-4_P3-Eth-Trunk1] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 3900, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P3] interface Vlanif 3900  
[S12700E-4_P3-Vlanif3900] ospf enable 1 area 0.0.0.0  
[S12700E-4_P3-Vlanif3900] ospf network-type p2p  
[S12700E-4_P3-Vlanif3900] ospf cost 2000  
[S12700E-4_P3-Vlanif3900] ospfv3 1 area 0.0.0.0
[S12700E-4_P3-Vlanif3900] ospfv3 network-type p2p
[S12700E-4_P3-Vlanif3900] ospfv3 cost 2000
[S12700E-4_P3-Vlanif3900] quit

# Enable OSPFv2 and OSPFv3 on XGE2/0/3, set the network type to P2P, and set the OSPF cost value.

[S12700E-4_P3] interface XGigabitEthernet 2/0/3   
[S12700E-4_P3-XGigabitEthernet2/0/3] ospf enable 1 area 0.0.0.0  
[S12700E-4_P3-XGigabitEthernet2/0/3] ospf network-type p2p  
[S12700E-4_P3-XGigabitEthernet2/0/3] ospf cost 2000  
[S12700E-4_P3-XGigabitEthernet2/0/3] ospfv3 1 area 0.0.0.0
[S12700E-4_P3-XGigabitEthernet2/0/3] ospfv3 network-type p2p
[S12700E-4_P3-XGigabitEthernet2/0/3] ospfv3 cost 2000
[S12700E-4_P3-XGigabitEthernet2/0/3] quit

Configure BGP and BGP4+, and configure S12700E-4_P3 to establish an IBGP peer relationship with RR_2.

# Start the BGP process and configure BGP peers.

[S12700E-4_P3] bgp 64999 
[S12700E-4_P3-bgp] router-id 2.2.2.3 
[S12700E-4_P3-bgp] graceful-restart
[S12700E-4_P3-bgp] group iBGP internal
[S12700E-4_P3-bgp] peer iBGP connect-interface LoopBack0
[S12700E-4_P3-bgp] peer iBGP password cipher YsHsjx_202206
[S12700E-4_P3-bgp] peer 2.2.2.55 as-number 64999
[S12700E-4_P3-bgp] peer 2.2.2.55 group iBGP
[S12700E-4_P3-bgp] ipv4-family unicast
[S12700E-4_P3-bgp-af-ipv4] peer iBGP enable
[S12700E-4_P3-bgp-af-ipv4] peer iBGP next-hop-local
[S12700E-4_P3-bgp-af-ipv4] peer iBGP advertise-community
[S12700E-4_P3-bgp-af-ipv4] quit

# Configure BGP4+ peers.

[S12700E-4_P3-bgp] peer 2001::15 as-number 64999
[S12700E-4_P3-bgp] peer 2001::15 group iBGP 
[S12700E-4_P3-bgp] ipv6-family unicast
[S12700E-4_P3-bgp-af-ipv6] peer iBGP enable
[S12700E-4_P3-bgp-af-ipv6] peer iBGP next-hop-local
[S12700E-4_P3-bgp-af-ipv6] peer iBGP advertise-community
[S12700E-4_P3-bgp-af-ipv6] peer 2001::15 enable
[S12700E-4_P3-bgp-af-ipv6] peer 2001::15 group iBGP
[S12700E-4_P3-bgp-af-ipv6] quit
[S12700E-4_P3-bgp] quit

# Configure MP-BGP.

[S12700E-4_P3] bgp 64999
[S12700E-4_P3-bgp] ipv4-family vpnv4
[S12700E-4_P3-bgp-af-vpnv4] peer 2.2.2.55 enable
[S12700E-4_P3-bgp-af-vpnv4] quit
[S12700E-4_P3-bgp] ipv6-family vpnv6
[S12700E-4_P3-bgp-af-vpnv6] peer 2.2.2.55 enable
[S12700E-4_P3-bgp-af-vpnv6] quit
[S12700E-4_P3-bgp] quit

Enable BFD globally, and enable BFD for OSPFv2 and BFD for OSPFv3.

[S12700E-4_P3] bfd
[S12700E-4_P3-bfd] quit
[S12700E-4_P3] ospf 1
[S12700E-4_P3-ospf-1] bfd all-interfaces enable
[S12700E-4_P3-ospf-1] quit
[S12700E-4_P3] ospfv3 1
[S12700E-4_P3-ospfv3-1] bfd all-interfaces enable
[S12700E-4_P3-ospfv3-1] quit

Configuring RR_1

Configure interfaces connected to devices.

# Create VLAN 3900, and configure an IPv4 address and an IPv6 address for VLANIF 3900. Create Eth-Trunk 0, enable LACP, and add XGE1/0/0 to Eth-Trunk 0.

<RR_1> system-view
[RR_1] ipv6 
[RR_1] vlan 3900
[RR_1-vlan3900] quit 
[RR_1] interface Vlanif 3900
[RR_1-Vlanif3900] ip address 1.1.2.2 255.255.255.252
[RR_1-Vlanif3900] ipv6 enable 
[RR_1-Vlanif3900] ipv6 address 2001:0:0:3B0::2/64 
[RR_1-Vlanif3900] quit
[RR_1] interface Eth-Trunk 0  
[RR_1-Eth-Trunk0] description To_S12704_P1  
[RR_1-Eth-Trunk0] port link-type trunk 
[RR_1-Eth-Trunk0] port trunk allow-pass vlan 3900 
[RR_1-Eth-Trunk0] undo port trunk allow-pass vlan 1
[RR_1-Eth-Trunk0] mode lacp 
[RR_1-Eth-Trunk0] quit
[RR_1] interface XGigabitEthernet 1/0/0
[RR_1-XGigabitEthernet1/0/0] eth-trunk 0
[RR_1-XGigabitEthernet1/0/0] quit

# Create VLAN 3940, and configure an IPv4 address and an IPv6 address for VLANIF 3940. Create Eth-Trunk 1, enable LACP, and add XGE1/0/1 to Eth-Trunk 1.

[RR_1] vlan 3940
[RR_1-vlan3940] quit 
[RR_1] interface Vlanif 3940
[RR_1-Vlanif3940] ip address 1.1.2.6 255.255.255.252
[RR_1-Vlanif3940] ipv6 enable 
[RR_1-Vlanif3940] ipv6 address 2001:0:0:3D0::2/64 
[RR_1-Vlanif3940] quit
[RR_1] interface Eth-Trunk 1  
[RR_1-Eth-Trunk1] description To_S12704_P2  
[RR_1-Eth-Trunk1] port link-type trunk 
[RR_1-Eth-Trunk1] port trunk allow-pass vlan 3940 
[RR_1-Eth-Trunk1] undo port trunk allow-pass vlan 1
[RR_1-Eth-Trunk1] mode lacp 
[RR_1-Eth-Trunk1] quit
[RR_1] interface XGigabitEthernet 1/0/1
[RR_1-XGigabitEthernet1/0/1] eth-trunk 1
[RR_1-XGigabitEthernet1/0/1] quit

# Create loopback 0 and configure an IPv4 address and an IPv6 address for it.

[RR_1] interface LoopBack 0  
[RR_1-LoopBack0] ip address 2.2.2.57 255.255.255.255 
[RR_1-LoopBack0] ipv6 enable
[RR_1-LoopBack0] ipv6 address 2001::17/128
[RR_1-LoopBack0] quit

Configure OSPFv2 and OSPFv3 to allow Layer 3 communication between P devices. HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and IPSec is enabled in the OSPFv3 process.

# Create OSPFv2 process 1, enable GR, and configure password authentication.

[RR_1] ospf 1 router-id 2.2.2.57  
[RR_1-ospf-1] opaque-capability enable
[RR_1-ospf-1] graceful-restart
[RR_1-ospf-1] bandwidth-reference 1000000  
[RR_1-ospf-1] area 0.0.0.0
[RR_1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[RR_1-ospf-1-area-0.0.0.0] quit
[RR_1-ospf-1] quit

# Configure IPSec.

[RR_1] ipsec proposal 1 
[RR_1-ipsec-proposal-1] encapsulation-mode transport 
[RR_1-ipsec-proposal-1] transform ah
[RR_1-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[RR_1-ipsec-proposal-1] quit
[RR_1] ipsec sa area0 
[RR_1-ipsec-sa-area0] proposal 1
[RR_1-ipsec-sa-area0] sa spi inbound ah 256
[RR_1-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00 
[RR_1-ipsec-sa-area0] sa spi outbound ah 256
[RR_1-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00 
[RR_1-ipsec-sa-area0] quit

# Create OSPFv3 process 1 and enable GR.

[RR_1] ospfv3 1  
[RR_1-ospfv3-1] router-id 2.2.2.57
[RR_1-ospfv3-1] bandwidth-reference 1000000
[RR_1-ospfv3-1] ipsec sa area0
[RR_1-ospfv3-1] graceful-restart
[RR_1-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on loopback 0.

[RR_1] interface LoopBack 0  
[RR_1-LoopBack0] ospf enable 1 area 0.0.0.0  
[RR_1-LoopBack0] ospfv3 1 area 0.0.0.0   
[RR_1-LoopBack0] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 3900, set the network type to P2P, and set the OSPF cost value.

[RR_1] interface Vlanif3900   
[RR_1-Vlanif3900] ospf enable 1 area 0.0.0.0  
[RR_1-Vlanif3900] ospf network-type p2p  
[RR_1-Vlanif3900] ospf cost 2000  
[RR_1-Vlanif3900] ospfv3 1 area 0.0.0.0
[RR_1-Vlanif3900] ospfv3 network-type p2p
[RR_1-Vlanif3900] ospfv3 cost 2000
[RR_1-Vlanif3900] quit

# Enable OSPFv2 and OSPFv3 on VLANIF 3940, set the network type to P2P, and set the OSPF cost value.

[RR_1] interface Vlanif3940  
[RR_1-Vlanif3940] ospf enable 1 area 0.0.0.0  
[RR_1-Vlanif3940] ospf network-type p2p  
[RR_1-Vlanif3940] ospf cost 2000  
[RR_1-Vlanif3940] ospfv3 1 area 0.0.0.0
[RR_1-Vlanif3940] ospfv3 network-type p2p
[RR_1-Vlanif3940] ospfv3 cost 2000
[RR_1-Vlanif3940] quit

Configure BGP and BGP4+, and configure RR_1 to establish IBGP peer relationships with S12704_P1, S12704_P2, and RR_2.

# Start the BGP process and configure BGP peers.

[RR_1] bgp 64999 
[RR_1-bgp] router-id 2.2.2.57
[RR_1-bgp] graceful-restart
[RR_1-bgp] group iBGP internal
[RR_1-bgp] peer iBGP connect-interface LoopBack0
[RR_1-bgp] peer iBGP password cipher YsHsjx_202206
[RR_1-bgp] peer 2.2.2.9 as-number 64999
[RR_1-bgp] peer 2.2.2.9 group iBGP
[RR_1-bgp] peer 2.2.2.10 as-number 64999
[RR_1-bgp] peer 2.2.2.10 group iBGP
[RR_1-bgp] peer 2.2.2.55 as-number 64999
[RR_1-bgp] peer 2.2.2.55 group iBGP
[RR_1-bgp] ipv4-family unicast
[RR_1-bgp-af-ipv4] peer iBGP enable
[RR_1-bgp-af-ipv4] peer iBGP next-hop-local
[RR_1-bgp-af-ipv4] peer iBGP advertise-community
[RR_1-bgp-af-ipv4] peer 2.2.2.9 reflect-client
[RR_1-bgp-af-ipv4] peer 2.2.2.10 reflect-client
[RR_1-bgp-af-ipv4] peer 2.2.2.55 reflect-client
[RR_1-bgp-af-ipv4] quit

# Configure BGP4+ peers.

[RR_1-bgp] peer 2001::13 as-number 64999
[RR_1-bgp] peer 2001::13 group iBGP
[RR_1-bgp] peer 2001::14 as-number 64999
[RR_1-bgp] peer 2001::14 group iBGP
[RR_1-bgp] peer 2001::15 as-number 64999
[RR_1-bgp] peer 2001::15 group iBGP
[RR_1-bgp] ipv6-family unicast
[RR_1-bgp-af-ipv6] peer iBGP enable
[RR_1-bgp-af-ipv6] peer iBGP next-hop-local
[RR_1-bgp-af-ipv6] peer iBGP advertise-community
[RR_1-bgp-af-ipv6] peer 2001::13 enable
[RR_1-bgp-af-ipv6] peer 2001::13 group iBGP
[RR_1-bgp-af-ipv6] peer 2001::13 reflect-client
[RR_1-bgp-af-ipv6] peer 2001::14 enable
[RR_1-bgp-af-ipv6] peer 2001::14 group iBGP
[RR_1-bgp-af-ipv6] peer 2001::14 reflect-client
[RR_1-bgp-af-ipv6] peer 2001::15 enable
[RR_1-bgp-af-ipv6] peer 2001::15 group iBGP
[RR_1-bgp-af-ipv6] peer 2001::15 reflect-client
[RR_1-bgp-af-ipv6] quit
[RR_1-bgp] quit

Configuring Router_1

Configure interfaces connected to devices.

# Configure an IPv4 address and an IPv6 address for XGE0/0/1.

<Router_1> system-view
[Router_1] ipv6 
[Router_1] interface XGigabitEthernet0/0/1 
[Router_1-XGigabitEthernet0/0/1] undo portswitch
[Router_1-XGigabitEthernet0/0/1] description To_S12704_P1  
[Router_1-XGigabitEthernet0/0/1] ip address 1.1.1.130 255.255.255.252
[Router_1-XGigabitEthernet0/0/1] ipv6 enable 
[Router_1-XGigabitEthernet0/0/1] ipv6 address 2001:0:0:20E::2/64
[Router_1-XGigabitEthernet0/0/1] quit

# Configure an IPv4 address and an IPv6 address for XGE0/0/2.

[Router_1] interface XGigabitEthernet0/0/2 
[Router_1-XGigabitEthernet0/0/2] undo portswitch
[Router_1-XGigabitEthernet0/0/2] description To_S12704_P2  
[Router_1-XGigabitEthernet0/0/2] ip address 1.1.1.134 255.255.255.252
[Router_1-XGigabitEthernet0/0/2] ipv6 enable 
[Router_1-XGigabitEthernet0/0/2] ipv6 address 2001:0:0:20F::2/64
[Router_1-XGigabitEthernet0/0/2] quit

# Create loopback 0 and configure an IPv4 address and an IPv6 address for it.

[Router_1] interface LoopBack 0  
[Router_1-LoopBack0] ip address 2.2.2.11 255.255.255.255 
[Router_1-LoopBack0] ipv6 enable
[Router_1-LoopBack0] ipv6 address 2001:F167::1/128
[Router_1-LoopBack0] quit

Configure OSPFv2 and OSPFv3 to allow Layer 3 communication between P devices. HMAC-SHA256 authentication is enabled on OSPFv2-enabled interfaces, and IPSec is enabled in the OSPFv3 process.

# Create OSPFv2 process 1, enable GR, and configure password authentication.

[Router_1] ospf 1 router-id 2.2.2.11  
[Router_1-ospf-1] opaque-capability enable
[Router_1-ospf-1] graceful-restart
[Router_1-ospf-1] bandwidth-reference 1000000  
[Router_1-ospf-1] area 0.0.0.0
[Router_1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[Router_1-ospf-1-area-0.0.0.0] quit
[Router_1-ospf-1] quit

# Configure IPSec.

[Router_1] ipsec proposal 1 
[Router_1-ipsec-proposal-1] encapsulation-mode transport 
[Router_1-ipsec-proposal-1] transform ah
[Router_1-ipsec-proposal-1] ah authentication-algorithm sha2-256 
[Router_1-ipsec-proposal-1] quit
[Router_1] ipsec sa area0 
[Router_1-ipsec-sa-area0] proposal 1
[Router_1-ipsec-sa-area0] sa spi inbound ah 256
[Router_1-ipsec-sa-area0] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff 
[Router_1-ipsec-sa-area0] sa spi outbound ah 256
[Router_1-ipsec-sa-area0] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00 
[Router_1-ipsec-sa-area0] quit

# Create OSPFv3 process 1 and enable GR.

[Router_1] ospfv3 1  
[Router_1-ospfv3-1] router-id 2.2.2.11
[Router_1-ospfv3-1] bandwidth-reference 1000000
[Router_1-ospfv3-1] ipsec sa area0
[Router_1-ospfv3-1] graceful-restart
[Router_1-ospfv3-1] quit

# Enable OSPFv2 and OSPFv3 on loopback 0.

[Router_1] interface LoopBack 0  
[Router_1-LoopBack0] ospf enable 1 area 0.0.0.0  
[Router_1-LoopBack0] ospfv3 1 area 0.0.0.0   
[Router_1-LoopBack0] quit

# Enable OSPFv2 and OSPFv3 on XGE0/0/1, set the network type to P2P, and set the OSPF cost value to implement route backup.

[Router_1] interface XGigabitEthernet0/0/1   
[Router_1-XGigabitEthernet0/0/1] ospf enable 1 area 0.0.0.0  
[Router_1-XGigabitEthernet0/0/1] ospf network-type p2p  
[Router_1-XGigabitEthernet0/0/1] ospf cost 2000  
[Router_1-XGigabitEthernet0/0/1] ospfv3 1 area 0.0.0.0
[Router_1-XGigabitEthernet0/0/1] ospfv3 network-type p2p
[Router_1-XGigabitEthernet0/0/1] ospfv3 cost 2000
[Router_1-XGigabitEthernet0/0/1] quit

# Enable OSPFv2 and OSPFv3 on XGE0/0/2, set the network type to P2P, and set the OSPF cost value to implement route backup.

[Router_1] interface XGigabitEthernet0/0/2   
[Router_1-XGigabitEthernet0/0/2] ospf enable 1 area 0.0.0.0  
[Router_1-XGigabitEthernet0/0/2] ospf network-type p2p  
[Router_1-XGigabitEthernet0/0/2] ospf cost 2050  
[Router_1-XGigabitEthernet0/0/2] ospfv3 1 area 0.0.0.0
[Router_1-XGigabitEthernet0/0/2] ospfv3 network-type p2p
[Router_1-XGigabitEthernet0/0/2] ospfv3 cost 2050
[Router_1-XGigabitEthernet0/0/2] quit

Configure BGP and BGP4+, and configure Router_1 to establish an IBGP peer relationship with RR_1.

# Start the BGP process and configure BGP peers.

[Router_1] bgp 64999 
[Router_1-bgp] router-id 2.2.2.11
[Router_1-bgp] graceful-restart
[Router_1-bgp] group iBGP internal
[Router_1-bgp] peer iBGP connect-interface LoopBack0
[Router_1-bgp] peer iBGP password cipher YsHsjx_202206
[Router_1-bgp] peer 2.2.2.57 as-number 64999
[Router_1-bgp] peer 2.2.2.57 group iBGP
[Router_1-bgp] ipv4-family unicast
[Router_1-bgp-af-ipv4] peer iBGP enable
[Router_1-bgp-af-ipv4] peer iBGP next-hop-local
[Router_1-bgp-af-ipv4] peer iBGP advertise-community
[Router_1-bgp-af-ipv4] quit

# Configure BGP4+ peers.

[Router_1-bgp] peer 2001::17 as-number 64999
[Router_1-bgp] peer 2001::17 group iBGP 
[Router_1-bgp] ipv6-family unicast
[Router_1-bgp-af-ipv6] peer iBGP enable
[Router_1-bgp-af-ipv6] peer iBGP next-hop-local
[Router_1-bgp-af-ipv6] peer iBGP advertise-community
[Router_1-bgp-af-ipv6] peer 2001::17 group iBGP
[Router_1-bgp-af-ipv6] quit
[Router_1-bgp] quit

Configure EBGP on Router_1, and configure Router_1 to establish an EBGP peer relationship with the user gateway at site A. The user gateway learns routes of site A and imports the routes to the backbone area. In this manner, the two sites can communicate with each other. Assume that Router_1 is connected to the user gateway through XGE0/0/3.

# Configure an IP address for XGE0/0/3 and add XGE0/0/3 to a VLAN.

[Router_1] vlan 1101
[Router_1-vlan1101] quit 
[Router_1] interface Vlanif 1101
[Router_1-Vlanif1101] ip address 101.1.1.2 255.255.255.0
[Router_1-Vlanif1101] ipv6 enable 
[Router_1-Vlanif1101] ipv6 address 2000:101::1/64 
[Router_1-Vlanif1101] quit
[Router_1] interface XGigabitEthernet0/0/3    
[Router_1-XGigabitEthernet0/0/3] port link-type trunk 
[Router_1-XGigabitEthernet0/0/3] port trunk allow-pass vlan 1101 
[Router_1-XGigabitEthernet0/0/3] undo port trunk allow-pass vlan 1
[Router_1-XGigabitEthernet0/0/3] quit

# Configure EBGP peers. Assume that the IPv4 and IPv6 addresses of the user gateway are 203.0.113.1 and 2000:101::2, respectively.

[Router_1] bgp 64999
[Router_1-bgp] peer 203.0.113.1 as-number 100
[Router_1-bgp] peer 2000:101::2 as-number 100  
[Router_1-bgp] ipv6-family unicast
[Router_1-bgp-af-ipv6] peer 2000:101::2 enable
[Router_1-bgp-af-ipv6] quit
[Router_1-bgp] quit

Verifying the Deployment

Connect testers to the internal networks of site A and site B respectively to simulate users at the two sites, and ping each other. Verify that the ping operations are successful.

Configuration Files

S12700E-4_P1	S12700E-4_P2
# sysname S12700E-4_P1 # ipv6 # vlan batch 3900 # bfd # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.9 bandwidth-reference 1000000 graceful-restart bfd all-interfaces enable ipsec sa area0 # interface Vlanif3900 ipv6 enable ip address 1.1.2.1 255.255.255.252 ipv6 address 2001:0:0:3B0::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 undo portswitch description To_S12700E-4_P2 ipv6 enable ip address 1.1.1.13 255.255.255.252 ipv6 address 2001:0:0:20A::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 500 ospfv3 network-type p2p ospf cost 500 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk1 undo portswitch description To_S12700E-4_P3 ipv6 enable ip address 1.1.1.2 255.255.255.252 ipv6 address 2001:0:0:209::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 1000 ospfv3 network-type p2p ospf cost 1000 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk2 description To_RR_1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3900 mode lacp # interface XGigabitEthernet1/0/0 eth-trunk 0 # interface XGigabitEthernet1/0/1 eth-trunk 2 # interface XGigabitEthernet2/0/0 eth-trunk 1 # interface XGigabitEthernet2/0/3 undo portswitch description To_Router_1 ipv6 enable ip address 1.1.1.129 255.255.255.252 ipv6 address 2001:0:0:20E::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface LoopBack0 ipv6 enable ip address 2.2.2.9 255.255.255.255 ipv6 address 2001::13/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.9 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.57 as-number 64999 peer 2.2.2.57 group iBGP peer 2001::17 as-number 64999 peer 2001::17 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.57 enable peer 2.2.2.57 group iBGP # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::17 enable peer 2001::17 group iBGP # ospf 1 router-id 2.2.2.9 bfd all-interfaces enable silent-interface all undo silent-interface Eth-Trunk0 undo silent-interface Eth-Trunk1 undo silent-interface Vlanif3900 undo silent-interface XGigabitEthernet2/0/3 opaque-capability enable graceful-restart bandwidth-reference 1000000 stub-router on-startup area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return	# sysname S12700E-4_P2 # ipv6 # vlan batch 3940 # bfd # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.10 bandwidth-reference 1000000 graceful-restart bfd all-interfaces enable ipsec sa area0 # interface Vlanif3940 ipv6 enable ip address 1.1.2.5 255.255.255.252 ipv6 address 2001:0:0:3D0::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 undo portswitch description To_S12700E-4_P1 ipv6 enable ip address 1.1.1.14 255.255.255.252 ipv6 address 2001:0:0:20A::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 500 ospfv3 network-type p2p ospf cost 500 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk1 undo portswitch description To_S12700E-4_P4 ipv6 enable ip address 1.1.1.6 255.255.255.252 ipv6 address 2001:0:0:20B::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 1000 ospfv3 network-type p2p ospf cost 1000 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk2 description To_RR_1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3940 mode lacp # interface XGigabitEthernet1/0/0 eth-trunk 0 # interface XGigabitEthernet2/0/0 eth-trunk 1 # interface XGigabitEthernet2/0/1 eth-trunk 2 # interface XGigabitEthernet2/0/3 undo portswitch description To_Router_1 ipv6 enable ip address 1.1.1.133 255.255.255.252 ipv6 address 2001:0:0:20F::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2050 ospfv3 network-type p2p ospf cost 2050 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface LoopBack0 ipv6 enable ip address 2.2.2.10 255.255.255.255 ipv6 address 2001::14/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.10 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.57 as-number 64999 peer 2.2.2.57 group iBGP peer 2001::17 as-number 64999 peer 2001::17 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.57 enable peer 2.2.2.57 group iBGP # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::17 enable peer 2001::17 group iBGP # ospf 1 router-id 2.2.2.10 bfd all-interfaces enable silent-interface all undo silent-interface Eth-Trunk0 undo silent-interface Eth-Trunk1 undo silent-interface Vlanif3940 undo silent-interface XGigabitEthernet2/0/3 opaque-capability enable graceful-restart bandwidth-reference 1000000 stub-router on-startup area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return

S12700E-4_P1

S12700E-4_P2

#
sysname S12700E-4_P1
#
ipv6
#
vlan  batch 3900
#
bfd
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.9
 bandwidth-reference 1000000
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
#
interface Vlanif3900
 ipv6 enable
 ip address 1.1.2.1 255.255.255.252
 ipv6 address 2001:0:0:3B0::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 undo portswitch
 description To_S12700E-4_P2
 ipv6 enable
 ip address 1.1.1.13 255.255.255.252
 ipv6 address 2001:0:0:20A::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 500
 ospfv3 network-type p2p
 ospf cost 500
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk1
 undo portswitch
 description To_S12700E-4_P3
 ipv6 enable
 ip address 1.1.1.2 255.255.255.252
 ipv6 address 2001:0:0:209::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 1000
 ospfv3 network-type p2p
 ospf cost 1000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk2
 description To_RR_1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3900
 mode lacp
#
interface XGigabitEthernet1/0/0
 eth-trunk 0
#
interface XGigabitEthernet1/0/1
 eth-trunk 2
#
interface XGigabitEthernet2/0/0
 eth-trunk 1
#
interface XGigabitEthernet2/0/3
 undo portswitch
 description To_Router_1
 ipv6 enable
 ip address 1.1.1.129 255.255.255.252
 ipv6 address 2001:0:0:20E::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.9 255.255.255.255
 ipv6 address 2001::13/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.9
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.57 as-number 64999
 peer 2.2.2.57 group iBGP
 peer 2001::17 as-number 64999
 peer 2001::17 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.57 enable
  peer 2.2.2.57 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::17 enable
  peer 2001::17 group iBGP
#
ospf 1 router-id 2.2.2.9
 bfd all-interfaces enable
 silent-interface all
 undo silent-interface Eth-Trunk0
 undo silent-interface Eth-Trunk1
 undo silent-interface Vlanif3900
 undo silent-interface XGigabitEthernet2/0/3
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 stub-router on-startup
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

#
sysname S12700E-4_P2
#
ipv6
#
vlan batch 3940
#
bfd
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# 
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.10
 bandwidth-reference 1000000
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
#
interface Vlanif3940
 ipv6 enable
 ip address 1.1.2.5 255.255.255.252
 ipv6 address 2001:0:0:3D0::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 undo portswitch
 description To_S12700E-4_P1
 ipv6 enable
 ip address 1.1.1.14 255.255.255.252
 ipv6 address 2001:0:0:20A::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 500
 ospfv3 network-type p2p
 ospf cost 500
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk1
 undo portswitch
 description To_S12700E-4_P4
 ipv6 enable
 ip address 1.1.1.6 255.255.255.252
 ipv6 address 2001:0:0:20B::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 1000
 ospfv3 network-type p2p
 ospf cost 1000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk2
 description To_RR_1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3940
 mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/0
 eth-trunk 1
#
interface XGigabitEthernet2/0/1
 eth-trunk 2
#
interface XGigabitEthernet2/0/3
 undo portswitch
 description To_Router_1
 ipv6 enable
 ip address 1.1.1.133 255.255.255.252
 ipv6 address 2001:0:0:20F::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2050
 ospfv3 network-type p2p
 ospf cost 2050
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.10 255.255.255.255
 ipv6 address 2001::14/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.10
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.57 as-number 64999
 peer 2.2.2.57 group iBGP
 peer 2001::17 as-number 64999
 peer 2001::17 group iBGP
 #
  ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.57 enable
  peer 2.2.2.57 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::17 enable
  peer 2001::17 group iBGP
#
ospf 1 router-id 2.2.2.10
 bfd all-interfaces enable
 silent-interface all
 undo silent-interface Eth-Trunk0
 undo silent-interface Eth-Trunk1
 undo silent-interface Vlanif3940
 undo silent-interface XGigabitEthernet2/0/3
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 stub-router on-startup
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

S12700E-4_P3	S12700E-4_P4
# sysname S12700E-4_P3 # ipv6 # vlan batch 3900 # bfd # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.3 bandwidth-reference 1000000 graceful-restart bfd all-interfaces enable ipsec sa area0 # interface Vlanif3900 ipv6 enable ip address 1.1.4.1 255.255.255.252 ipv6 address 2001:0:0:330::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 undo portswitch description To_S12700E-4_P4 ipv6 enable ip address 1.1.1.9 255.255.255.252 ipv6 address 2001:0:0:208::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 500 ospfv3 network-type p2p ospf cost 500 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk1 undo portswitch description To_S12700E-4_P1 ipv6 enable ip address 1.1.1.1 255.255.255.252 ipv6 address 2001:0:0:209::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 1000 ospfv3 network-type p2p ospf cost 1000 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk2 description To_RR_2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3900 mode lacp # interface XGigabitEthernet1/0/0 eth-trunk 0 # interface XGigabitEthernet1/0/1 eth-trunk 2 # interface XGigabitEthernet2/0/0 eth-trunk 1 # interface XGigabitEthernet2/0/3 undo portswitch description To_Router_2 ipv6 enable ip address 1.1.1.121 255.255.255.252 ipv6 address 2001:0:0:20C::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface LoopBack0 ipv6 enable ip address 2.2.2.3 255.255.255.255 ipv6 address 2001::11/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.3 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.55 as-number 64999 peer 2.2.2.55 group iBGP peer 2001::15 as-number 64999 peer 2001::15 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.55 enable peer 2.2.2.55 group iBGP # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::15 enable peer 2001::15 group iBGP # ospf 1 router-id 2.2.2.3 bfd all-interfaces enable silent-interface all undo silent-interface Eth-Trunk0 undo silent-interface Eth-Trunk1 undo silent-interface Vlanif3900 undo silent-interface XGigabitEthernet2/0/3 opaque-capability enable graceful-restart bandwidth-reference 1000000 stub-router on-startup area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return	# sysname S12700E-4_P4 # ipv6 # vlan batch 3940 # bfd # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.4 bandwidth-reference 1000000 graceful-restart bfd all-interfaces enable ipsec sa area0 # interface Vlanif3940 ipv6 enable ip address 1.1.4.5 255.255.255.252 ipv6 address 2001:0:0:430::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 undo portswitch description To_S12700E-4_P3 ipv6 enable ip address 1.1.1.10 255.255.255.252 ipv6 address 2001:0:0:208::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 500 ospfv3 network-type p2p ospf cost 500 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk1 undo portswitch description To_S12700E-4_P2 ipv6 enable ip address 1.1.1.5 255.255.255.252 ipv6 address 2001:0:0:20B::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 1000 ospfv3 network-type p2p ospf cost 1000 ospf network-type p2p ospf enable 1 area 0.0.0.0 mode lacp # interface Eth-Trunk2 description To_RR_2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3940 mode lacp # interface XGigabitEthernet1/0/0 eth-trunk 0 # interface XGigabitEthernet2/0/0 eth-trunk 1 # interface XGigabitEthernet2/0/1 eth-trunk 2 # interface XGigabitEthernet2/0/3 undo portswitch description To_Router_2 ipv6 enable ip address 1.1.1.125 255.255.255.252 ipv6 address 2001:0:0:20D::1/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2050 ospfv3 network-type p2p ospf cost 2050 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface LoopBack0 ipv6 enable ip address 2.2.2.4 255.255.255.255 ipv6 address 2001::12/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.4 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.55 as-number 64999 peer 2.2.2.55 group iBGP peer 2001::15 as-number 64999 peer 2001::15 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.55 enable peer 2.2.2.55 group iBGP # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::15 enable peer 2001::15 group iBGP # ospf 1 router-id 2.2.2.4 bfd all-interfaces enable silent-interface all undo silent-interface Eth-Trunk0 undo silent-interface Eth-Trunk1 undo silent-interface Vlanif3940 undo silent-interface XGigabitEthernet2/0/3 opaque-capability enable graceful-restart bandwidth-reference 1000000 stub-router on-startup area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return

S12700E-4_P3

S12700E-4_P4

#
sysname S12700E-4_P3
#
ipv6
#
vlan batch 3900
#
bfd
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.3
 bandwidth-reference 1000000
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
#
interface Vlanif3900
 ipv6 enable
 ip address 1.1.4.1 255.255.255.252
 ipv6 address 2001:0:0:330::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 undo portswitch
 description To_S12700E-4_P4
 ipv6 enable
 ip address 1.1.1.9 255.255.255.252
 ipv6 address 2001:0:0:208::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 500
 ospfv3 network-type p2p
 ospf cost 500
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk1
 undo portswitch
 description To_S12700E-4_P1
 ipv6 enable
 ip address 1.1.1.1 255.255.255.252
 ipv6 address 2001:0:0:209::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 1000
 ospfv3 network-type p2p
 ospf cost 1000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk2
 description To_RR_2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3900
 mode lacp
#
interface XGigabitEthernet1/0/0
 eth-trunk 0
#
interface XGigabitEthernet1/0/1
 eth-trunk 2
#
interface XGigabitEthernet2/0/0
 eth-trunk 1
#
interface XGigabitEthernet2/0/3
 undo portswitch
 description To_Router_2
 ipv6 enable
 ip address 1.1.1.121 255.255.255.252
 ipv6 address 2001:0:0:20C::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.3 255.255.255.255
 ipv6 address 2001::11/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.3
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.55 as-number 64999
 peer 2.2.2.55 group iBGP
 peer 2001::15 as-number 64999
 peer 2001::15 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.55 enable
  peer 2.2.2.55 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::15 enable
  peer 2001::15 group iBGP
#
ospf 1 router-id 2.2.2.3
 bfd all-interfaces enable
 silent-interface all
 undo silent-interface Eth-Trunk0
 undo silent-interface Eth-Trunk1
 undo silent-interface Vlanif3900
 undo silent-interface XGigabitEthernet2/0/3
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 stub-router on-startup
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

#
sysname S12700E-4_P4
#
ipv6
#
vlan batch 3940
#
bfd
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.4
 bandwidth-reference 1000000
 graceful-restart
 bfd all-interfaces enable
 ipsec sa area0
#
interface Vlanif3940
 ipv6 enable
 ip address 1.1.4.5 255.255.255.252
 ipv6 address 2001:0:0:430::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 undo portswitch
 description To_S12700E-4_P3
 ipv6 enable
 ip address 1.1.1.10 255.255.255.252
 ipv6 address 2001:0:0:208::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 500
 ospfv3 network-type p2p
 ospf cost 500
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk1
 undo portswitch
 description To_S12700E-4_P2
 ipv6 enable
 ip address 1.1.1.5 255.255.255.252
 ipv6 address 2001:0:0:20B::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 1000
 ospfv3 network-type p2p
 ospf cost 1000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
 mode lacp
#
interface Eth-Trunk2
 description To_RR_2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3940
 mode lacp
#
interface XGigabitEthernet1/0/0
 eth-trunk 0
#
interface XGigabitEthernet2/0/0
 eth-trunk 1
#
interface XGigabitEthernet2/0/1
 eth-trunk 2
#
interface XGigabitEthernet2/0/3
 undo portswitch
 description To_Router_2
 ipv6 enable
 ip address 1.1.1.125 255.255.255.252
 ipv6 address 2001:0:0:20D::1/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2050
 ospfv3 network-type p2p
 ospf cost 2050
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.4 255.255.255.255
 ipv6 address 2001::12/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.4
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.55 as-number 64999
 peer 2.2.2.55 group iBGP
 peer 2001::15 as-number 64999
 peer 2001::15 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.55 enable
  peer 2.2.2.55 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::15 enable
  peer 2001::15 group iBGP
#
ospf 1 router-id 2.2.2.4
 bfd all-interfaces enable
 silent-interface all
 undo silent-interface Eth-Trunk0
 undo silent-interface Eth-Trunk1
 undo silent-interface Vlanif3940
 undo silent-interface XGigabitEthernet2/0/3
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 stub-router on-startup
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

RR_1	RR_2
# sysname RR_1 # ipv6 # vlan batch 3900 3940 # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.57 bandwidth-reference 1000000 graceful-restart ipsec sa area0 # interface Vlanif3900 ipv6 enable ip address 1.1.2.2 255.255.255.252 ipv6 address 2001:0:0:3B0::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Vlanif3940 ipv6 enable ip address 1.1.2.6 255.255.255.252 ipv6 address 2001:0:0:3D0::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 description To_S12700E-4_P1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3900 mode lacp # interface Eth-Trunk1 description To_S12700E-4_P2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3940 mode lacp # interface XGigabitEthernet1/0/0 eth-trunk 0 # interface XGigabitEthernet1/0/1 eth-trunk 1 # interface LoopBack0 ipv6 enable ip address 2.2.2.57 255.255.255.255 ipv6 address 2001::17/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.57 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.9 as-number 64999 peer 2.2.2.9 group iBGP peer 2.2.2.10 as-number 64999 peer 2.2.2.10 group iBGP peer 2.2.2.55 as-number 64999 peer 2.2.2.55 group iBGP peer 2001::13 as-number 64999 peer 2001::13 group iBGP peer 2001::14 as-number 64999 peer 2001::14 group iBGP peer 2001::15 as-number 64999 peer 2001::15 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.9 enable peer 2.2.2.9 group iBGP peer 2.2.2.9 reflect-client peer 2.2.2.10 enable peer 2.2.2.10 group iBGP peer 2.2.2.10 reflect-client peer 2.2.2.55 enable peer 2.2.2.55 group iBGP peer 2.2.2.55 reflect-client # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::13 group iBGP peer 2001::13 reflect-client peer 2001::14 group iBGP peer 2001::14 reflect-client peer 2001::15 group iBGP peer 2001::15 reflect-client # ospf 1 router-id 2.2.2.57 opaque-capability enable graceful-restart bandwidth-reference 1000000 area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return	# sysname RR_2 # ipv6 # vlan batch 3900 3940 # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.55 bandwidth-reference 1000000 graceful-restart ipsec sa area0 # interface Vlanif3900 ipv6 enable ip address 1.1.4.2 255.255.255.252 ipv6 address 2001:0:0:330::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Vlanif3940 ipv6 enable ip address 1.1.4.6 255.255.255.252 ipv6 address 2001:0:0:430::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface Eth-Trunk0 description To_S12700E-4_P3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3900 mode lacp # interface Eth-Trunk1 description To_S12700E-4_P4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3940 mode lacp # interface XGigabitEthernet4/0/0 eth-trunk 0 # interface XGigabitEthernet4/0/1 eth-trunk 1 # interface LoopBack0 ipv6 enable ip address 2.2.2.55 255.255.255.255 ipv6 address 2001::15/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.55 graceful-restart group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.3 as-number 64999 peer 2.2.2.3 group iBGP peer 2.2.2.4 as-number 64999 peer 2.2.2.4 group iBGP peer 2.2.2.57 as-number 64999 peer 2.2.2.57 group iBGP peer 2001::11 as-number 64999 peer 2001::11 group iBGP peer 2001::12 as-number 64999 peer 2001::12 group iBGP peer 2001::17 as-number 64999 peer 2001::17 group iBGP # ipv4-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.3 enable peer 2.2.2.3 group iBGP peer 2.2.2.3 reflect-client peer 2.2.2.4 enable peer 2.2.2.4 group iBGP peer 2.2.2.4 reflect-client peer 2.2.2.57 enable peer 2.2.2.57 group iBGP peer 2.2.2.57 reflect-client # ipv6-family unicast undo synchronization peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::11 group iBGP peer 2001::11 reflect-client peer 2001::12 group iBGP peer 2001::12 reflect-client peer 2001::17 group iBGP peer 2001::17 reflect-client # ospf 1 router-id 2.2.2.55 opaque-capability enable graceful-restart bandwidth-reference 1000000 area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return

RR_1

RR_2

#
sysname RR_1
#
ipv6
#
vlan batch 3900 3940
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.57
 bandwidth-reference 1000000
 graceful-restart
 ipsec sa area0
#
interface Vlanif3900
 ipv6 enable
 ip address 1.1.2.2 255.255.255.252
 ipv6 address 2001:0:0:3B0::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Vlanif3940
 ipv6 enable
 ip address 1.1.2.6 255.255.255.252
 ipv6 address 2001:0:0:3D0::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 description To_S12700E-4_P1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3900
 mode lacp
#
interface Eth-Trunk1
 description To_S12700E-4_P2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3940
 mode lacp
#
interface XGigabitEthernet1/0/0
 eth-trunk 0
#
interface XGigabitEthernet1/0/1
 eth-trunk 1
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.57 255.255.255.255
 ipv6 address 2001::17/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.57
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.9 as-number 64999
 peer 2.2.2.9 group iBGP
 peer 2.2.2.10 as-number 64999
 peer 2.2.2.10 group iBGP
 peer 2.2.2.55 as-number 64999
 peer 2.2.2.55 group iBGP
 peer 2001::13 as-number 64999
 peer 2001::13 group iBGP
 peer 2001::14 as-number 64999
 peer 2001::14 group iBGP
 peer 2001::15 as-number 64999
 peer 2001::15 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.9 enable
  peer 2.2.2.9 group iBGP
  peer 2.2.2.9 reflect-client
  peer 2.2.2.10 enable 
  peer 2.2.2.10 group iBGP
  peer 2.2.2.10 reflect-client
  peer 2.2.2.55 enable
  peer 2.2.2.55 group iBGP
  peer 2.2.2.55 reflect-client
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::13 group iBGP
  peer 2001::13 reflect-client
  peer 2001::14 group iBGP
  peer 2001::14 reflect-client
  peer 2001::15 group iBGP
  peer 2001::15 reflect-client
#
ospf 1 router-id 2.2.2.57
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

#
sysname RR_2
#
ipv6
#
vlan batch 3900 3940
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.55
 bandwidth-reference 1000000
 graceful-restart
 ipsec sa area0
#
interface Vlanif3900
 ipv6 enable
 ip address 1.1.4.2 255.255.255.252
 ipv6 address 2001:0:0:330::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Vlanif3940
 ipv6 enable
 ip address 1.1.4.6 255.255.255.252
 ipv6 address 2001:0:0:430::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk0
 description To_S12700E-4_P3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3900
 mode lacp
#
interface Eth-Trunk1
 description To_S12700E-4_P4
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3940
 mode lacp
#
interface XGigabitEthernet4/0/0
 eth-trunk 0
#
interface XGigabitEthernet4/0/1
 eth-trunk 1
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.55 255.255.255.255
 ipv6 address 2001::15/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.55
 graceful-restart
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.3 as-number 64999
 peer 2.2.2.3 group iBGP
 peer 2.2.2.4 as-number 64999
 peer 2.2.2.4 group iBGP
 peer 2.2.2.57 as-number 64999
 peer 2.2.2.57 group iBGP
 peer 2001::11 as-number 64999
 peer 2001::11 group iBGP
 peer 2001::12 as-number 64999
 peer 2001::12 group iBGP
 peer 2001::17 as-number 64999
 peer 2001::17 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.3 enable
  peer 2.2.2.3 group iBGP
  peer 2.2.2.3 reflect-client
  peer 2.2.2.4 enable
  peer 2.2.2.4 group iBGP
  peer 2.2.2.4 reflect-client
  peer 2.2.2.57 enable
  peer 2.2.2.57 group iBGP
  peer 2.2.2.57 reflect-client
 #
 ipv6-family unicast
  undo synchronization
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::11 group iBGP
  peer 2001::11 reflect-client
  peer 2001::12 group iBGP
  peer 2001::12 reflect-client
  peer 2001::17 group iBGP
  peer 2001::17 reflect-client
#
ospf 1 router-id 2.2.2.55
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

Router_1	Router_2
# sysname Router_1 # ipv6 # vlan batch 1101 # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.11 bandwidth-reference 1000000 graceful-restart ipsec sa area0 # interface Vlanif1101 ipv6 enable ip address 203.0.113.2 255.255.255.0 ipv6 address 2000:101::1/64 # interface XGigabitEthernet0/0/1 undo portswitch description To_S12700E-4_P1 ipv6 enable ip address 1.1.1.130 255.255.255.252 ipv6 address 2001:0:0:20E::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface XGigabitEthernet0/0/2 undo portswitch description To_S12700E-4_P2 ipv6 enable ip address 1.1.1.134 255.255.255.252 ipv6 address 2001:0:0:20F::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2050 ospfv3 network-type p2p ospf cost 2050 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface XGigabitEthernet0/0/3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 1101 # interface LoopBack0 ipv6 enable ip address 2.2.2.11 255.255.255.255 ipv6 address 2001:F167::1/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.11 graceful-restart peer 203.0.113.1 as-number 100 peer 2000:101::2 as-number 100 group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.57 as-number 64999 peer 2.2.2.57 group iBGP peer 2001::17 as-number 64999 peer 2001::17 group iBGP # ipv4-family unicast undo synchronization peer 203.0.113.1 enable peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.57 enable peer 2.2.2.57 group iBGP # ipv6-family unicast undo synchronization peer 2000:101::2 enable peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::17 enable peer 2001::17 group iBGP # ospf 1 router-id 2.2.2.11 opaque-capability enable graceful-restart bandwidth-reference 1000000 area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return	# sysname Router_2 # ipv6 # vlan batch 1101 # ipsec proposal 1 encapsulation-mode transport transform ah ah authentication-algorithm sha2-256 # ipsec sa area0 proposal 1 sa spi inbound ah 256 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%# sa spi outbound ah 256 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz\|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%# # ospfv3 1 router-id 2.2.2.1 bandwidth-reference 1000000 graceful-restart ipsec sa area0 # interface Vlanif1101 ipv6 enable ip address 100.1.1.2 255.255.255.0 ipv6 address 1000:101::1/64 # interface XGigabitEthernet0/0/1 undo portswitch description To_S12700E-4_P3 ipv6 enable ip address 1.1.1.122 255.255.255.252 ipv6 address 2001:0:0:20C::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2000 ospfv3 network-type p2p ospf cost 2000 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface XGigabitEthernet0/0/2 undo portswitch description To_S12700E-4_P4 ipv6 enable ip address 1.1.1.126 255.255.255.252 ipv6 address 2001:0:0:20D::2/64 ospfv3 1 area 0.0.0.0 ospfv3 cost 2050 ospfv3 network-type p2p ospf cost 2050 ospf network-type p2p ospf enable 1 area 0.0.0.0 # interface XGigabitEthernet0/0/3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 1101 # interface LoopBack0 ipv6 enable ip address 2.2.2.1 255.255.255.255 ipv6 address 2001:F168::1/128 ospfv3 1 area 0.0.0.0 ospf enable 1 area 0.0.0.0 # bgp 64999 router-id 2.2.2.1 graceful-restart peer 100.1.1.2 as-number 100 peer 2000:101::3 as-number 100 group iBGP internal peer iBGP connect-interface LoopBack0 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%# peer 2.2.2.55 as-number 64999 peer 2.2.2.55 group iBGP peer 2001::15 as-number 64999 peer 2001::15 group iBGP # ipv4-family unicast undo synchronization peer 203.0.113.2 enable peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2.2.2.55 enable peer 2.2.2.55 group iBGP # ipv6-family unicast undo synchronization peer 2000:101::3 enable peer iBGP enable peer iBGP next-hop-local peer iBGP advertise-community peer 2001::15 enable peer 2001::15 group iBGP # ospf 1 router-id 2.2.2.1 opaque-capability enable graceful-restart bandwidth-reference 1000000 area 0.0.0.0 authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%# # return

Router_1

Router_2

#
sysname Router_1
#
ipv6
#
vlan batch 1101
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.11
 bandwidth-reference 1000000
 graceful-restart
 ipsec sa area0
#
interface Vlanif1101
 ipv6 enable
 ip address 203.0.113.2 255.255.255.0
 ipv6 address 2000:101::1/64
#
interface XGigabitEthernet0/0/1
 undo portswitch
 description To_S12700E-4_P1
 ipv6 enable
 ip address 1.1.1.130 255.255.255.252
 ipv6 address 2001:0:0:20E::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface XGigabitEthernet0/0/2
 undo portswitch
 description To_S12700E-4_P2
 ipv6 enable
 ip address 1.1.1.134 255.255.255.252
 ipv6 address 2001:0:0:20F::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2050
 ospfv3 network-type p2p
 ospf cost 2050
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface XGigabitEthernet0/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 1101
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.11 255.255.255.255
 ipv6 address 2001:F167::1/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.11
 graceful-restart
 peer 203.0.113.1 as-number 100
 peer 2000:101::2 as-number 100
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.57 as-number 64999
 peer 2.2.2.57 group iBGP
 peer 2001::17 as-number 64999
 peer 2001::17 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer 203.0.113.1 enable
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.57 enable
  peer 2.2.2.57 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer 2000:101::2 enable
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::17 enable
  peer 2001::17 group iBGP
#
ospf 1 router-id 2.2.2.11
 opaque-capability enable
 graceful-restart
 bandwidth-reference 1000000
 area 0.0.0.0
  authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

#
sysname Router_2
#
ipv6
#
vlan batch 1101
#
ipsec proposal 1
 encapsulation-mode transport
 transform ah
 ah authentication-algorithm sha2-256
#
ipsec sa area0
 proposal 1
 sa spi inbound ah 256
 sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
 sa spi outbound ah 256
 sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
 router-id 2.2.2.1
 bandwidth-reference 1000000
 graceful-restart
 ipsec sa area0
#
interface Vlanif1101
 ipv6 enable
 ip address 100.1.1.2 255.255.255.0
 ipv6 address 1000:101::1/64
#
interface XGigabitEthernet0/0/1
 undo portswitch
 description To_S12700E-4_P3
 ipv6 enable
 ip address 1.1.1.122 255.255.255.252
 ipv6 address 2001:0:0:20C::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2000
 ospfv3 network-type p2p
 ospf cost 2000
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface XGigabitEthernet0/0/2
 undo portswitch
 description To_S12700E-4_P4
 ipv6 enable
 ip address 1.1.1.126 255.255.255.252
 ipv6 address 2001:0:0:20D::2/64
 ospfv3 1 area 0.0.0.0
 ospfv3 cost 2050
 ospfv3 network-type p2p
 ospf cost 2050
 ospf network-type p2p
 ospf enable 1 area 0.0.0.0
#
interface XGigabitEthernet0/0/3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 1101
#
interface LoopBack0
 ipv6 enable
 ip address 2.2.2.1 255.255.255.255
 ipv6 address 2001:F168::1/128
 ospfv3 1 area 0.0.0.0
 ospf enable 1 area 0.0.0.0
#
bgp 64999
 router-id 2.2.2.1
 graceful-restart
 peer 100.1.1.2 as-number 100
 peer 2000:101::3 as-number 100
 group iBGP internal
 peer iBGP connect-interface LoopBack0
 peer iBGP password cipher %^%#eamS:6P:FG1Jkg5p=Ak<YL#qV1u(DG*amm6,^@gN%^%#
 peer 2.2.2.55 as-number 64999
 peer 2.2.2.55 group iBGP
 peer 2001::15 as-number 64999
 peer 2001::15 group iBGP
 #
 ipv4-family unicast
  undo synchronization
  peer 203.0.113.2 enable
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2.2.2.55 enable
  peer 2.2.2.55 group iBGP
 #
 ipv6-family unicast
  undo synchronization
  peer 2000:101::3 enable
  peer iBGP enable
  peer iBGP next-hop-local
  peer iBGP advertise-community
  peer 2001::15 enable
  peer 2001::15 group iBGP
#
ospf 1 router-id 2.2.2.1
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#}dVz9bd0`BHT+QJv0y.8~2{JTr1&/@T.l`5k+Y%T%^%#
#
return

Application Scenario and Service Requirements
Solution Design
Deployment Roadmap and Data Plan
Deployment Procedure
Verifying the Deployment
Configuration Files

Translation

Español 日本語 Русский 简体中文

Download

Updated: 2023-10-27

Document ID: EDOC1000069520

Downloads: 41835

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Application Scenario and Service Requirements

Application Scenario

Service Requirements

Solution Design

Networking Diagram

Network Design Analysis

Device Requirements and Versions

Deployment Roadmap and Data Plan

Deployment Roadmap

Data Plan

Deployment Procedure

Configuring S12700E-4_P1

Configuring S12700E-4_P3

Configuring RR_1

Configuring Router_1

Verifying the Deployment

Configuration Files

Related Version

Related Documents

Digital Signature File