评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置VPNv6路由反射器示例
组网需求
部署IPv6 VPN时,为了减少PE之间的MP-IBGP连接的数量,减轻PE的负担,可选择骨干网相同AS内的P或PE设备作为路由反射器,反射VPN-IPv6路由,便于维护和管理。
如图3-9,设备PE1、PE2、RR都在骨干网AS100内。CE1和CE2属于VPNA。要求选择设备RR作为反射器,配置带反射器的VPN。
配置思路
本例配置主要思路是:
PE与反射器RR之间建立MP-IBGP连接;PE之间不再建立MP-IBGP连接。
PE与CE之间建立EBGP连接。
公网隧道使用MPLS LSP,LSP沿途的设备和接口上都使能MPLS LDP。
RR需要保存所有来自PE1和PE2的VPN-IPv6路由信息,以通告给PE。因此,RR应接收所有的VPN-IPv6路由信息,不对它们进行VPN-Target过滤。
操作步骤
- 配置各接口所属VLAN,并配置VLANIF接口和Loopback接口IP地址,具体数据如图3-9所示。
# 配置PE1
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] ipv6 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] vlan batch 10 30 [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] port link-type trunk [PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] port link-type trunk [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 30 [PE1-GigabitEthernet2/0/0] quit [PE1] interface vlanif 10 [PE1-Vlanif10] ip address 100.1.2.1 24 [PE1-Vlanif10] quit [PE1] interface vlanif 30 [PE1-Vlanif30] ipv6 enable [PE1-Vlanif30] ipv6 address 2001::2 64 [PE1-Vlanif30] quit
PE2、RR和CE的配置同PE1相似(略)。
- 在MPLS骨干网配置IGP,实现LSP沿途设备之间的互通
# 配置PE1。
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
PE2和RR的配置同PE1相似(略)。
需要将作为LSR ID的Loopback接口地址发布出去。
配置完成后,LSP沿途设备应能相互学到对方的Loopback接口地址。
以PE1的显示为例:
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1 2.2.2.9/32 OSPF 10 1 D 100.1.2.2 Vlanif10 3.3.3.9/32 OSPF 10 2 D 100.1.2.2 Vlanif10 100.1.2.0/24 Direct 0 0 D 100.1.2.1 Vlanif10 100.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 100.2.3.0/24 OSPF 10 2 D 100.1.2.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 - 在MPLS骨干网上建立LSP隧道
LSP沿途的设备和接口上都使能MPLS和MPLS LDP。
# 配置PE1。
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlanif 10 [PE1-Vlanif10] mpls [PE1-Vlanif10] mpls ldp [PE1-Vlanif10] quit
PE2和RR的配置同PE1相似(略)。
配置结束,在各PE和RR设备上执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。
以PE1和RR的显示为例:
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 2.2.2.9:0 Operational DU Active 0000:09:23 2253/2237 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found. [RR] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ---------------------------------------------------------------------- PeerID Status LAM SsnRole SsnAge KASent/Rcv ---------------------------------------------------------------------- 1.1.1.9:0 Operational DU Active 000:00:02 11/11 3.3.3.9:0 Operational DU Passive 000:00:01 8/8 ---------------------------------------------------------------------- TOTAL: 2 session(s) Found. - 在PE设备上配置IPv6 VPN实例
具体配置过程请参见配置基本BGP/MPLS IPv6 VPN示例。此处不再赘述。
- 在PE与CE之间建立EBGP对等体关系,引入VPN路由
具体配置过程请参见配置Hub&Spoke示例(PE与CE间使用BGP4+)。此处不再赘述。
- 建立PE与反射器间的MP-IBGP对等体关系
# 配置PE1。
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit
# 配置RR。
[RR] bgp 100 [RR-bgp] peer 1.1.1.9 as-number 100 [RR-bgp] peer 1.1.1.9 connect-interface loopback 1 [RR-bgp] peer 3.3.3.9 as-number 100 [RR-bgp] peer 3.3.3.9 connect-interface loopback 1 [RR-bgp] ipv6-family vpnv6 [RR-bgp-af-vpnv6] peer 1.1.1.9 enable [RR-bgp-af-vpnv6] peer 3.3.3.9 enable [RR-bgp-af-vpnv6] quit [RR-bgp] quit
# 配置PE2。
PE2的配置与PE1的配置一样,此处不再赘述。
配置完此步骤后,在PE设备上执行display bgp vpnv6 all peer命令,可以看到PE与反射器之间的IBGP对等体关系已建立,并达到“Established”状态。PE与CE之间的EBGP对等体关系也已建立。
以PE1的显示为例。
[PE1] display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 15 17 0 00:13:11 Established 0 Peer of IPv6-family for vpn instance : VPN-Instance VPNA : 2001::1 4 65410 9 10 0 00:06:41 Established 0
- 在RR上配置反射功能
# 配置RR。
[RR] bgp 100 [RR-bgp] ipv6-family vpnv6 [RR-bgp-af-vpnv6] peer 1.1.1.9 reflect-client [RR-bgp-af-vpnv6] peer 3.3.3.9 reflect-client [RR-bgp-af-vpnv6] undo policy vpn-target [RR-bgp-af-vpnv6] quit [RR-bgp] quit
- 检验配置结果
在PE上查看VPN路由表,可发现有到远端CE的路由。
[PE1] display ipv6 routing-table vpn-instance VPNA Routing Table : VPNA Destinations : 4 Routes : 4 Destination : 2001:: PrefixLength : 64 NextHop : 2001::2 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : Vlanif30 Flags : D Destination : 2001::2 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : Vlanif30 Flags : D Destination : 2002:: PrefixLength : 64 NextHop : ::FFFF:3.3.3.9 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:100.1.2.2 TunnelID : 0xa0010080 Interface : Vlanif10 Flags : RD Destination : FE80:: PrefixLength : 10 NextHop : :: Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : DCE1与CE2可以相互ping通,说明反射器配置成功。
配置文件
PE1的配置文件
# sysname PE1 # ipv6 # vlan batch 10 30 # ip vpn-instance VPNA ipv6-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface Vlanif10 ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface Vlanif30 ipv6 enable ip binding vpn-instance VPNA ipv6 address 2001::2/64 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 router-id 1.1.1.9 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn-instance VPNA peer 2001::1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return
RR的配置文件
# sysname RR # ipv6 # vlan batch 10 20 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Vlanif10 ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Vlanif20 ip address 100.2.3.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 router-id 2.2.2.9 peer 1.1.1.9 as-number 100 peer 3.3.3.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpnv6 reflector cluster-id 100 undo policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 reflect-client peer 3.3.3.9 enable peer 3.3.3.9 reflect-client # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.2.3.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
PE2的配置文件
# sysname PE2 # ipv6 # vlan batch 20 40 # ip vpn-instance VPNA ipv6-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Vlanif20 ip address 100.2.3.2 255.255.255.0 mpls mpls ldp # interface Vlanif40 ipv6 enable ip binding vpn-instance VPNA ipv6 address 2002::2/64 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 40 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 router-id 3.3.3.9 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn-instance VPNA peer 2002::1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.3.0 0.0.0.255 # return
CE1的配置文件
# sysname CE1 # ipv6 # vlan batch 30 # interface Vlanif30 ipv6 enable ipv6 address 2001::1/64 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 30 # bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization peer 2001::2 enable import-route direct # return
CE2的配置文件
# sysname CE2 # ipv6 # vlan batch 40 # interface Vlanif40 ipv6 enable ipv6 address 2002::1/64 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # bgp 65420 router-id 20.20.20.20 peer 2002::2 as-number 100 # ipv6-family unicast undo synchronization peer 2002::2 enable import-route direct # return
