所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

NE40E V800R010C00 配置指南 - NAT与IPv6过渡技术 01

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置DS-Lite集中式备份集中式示例

配置DS-Lite集中式备份集中式示例

介绍DS-Lite集中式备份集中式功能的配置示例,实现DS-Lite集中式设备对集中式设备的备份,结合配置组网图来理解业务的配置过程。

组网需求

图3-6所示,DS-Lite设备A上串联一个设备B,对DS-Lite设备A进行备份。正常情况下,用户流量在设备A进行NAT转换;当设备A上所有可用的业务故障或者故障数目达到试下配置的“down-number”数目,用户流量会迁移到设备B上做NAT转换。

通过配置要达到以下要求:
  • 正常情况下,内部网段10.110.10.1/24的计算机可以访问Internet。
图3-6  集中式备份分布式应用组网图

配置思路

采用如下思路配置集中式备份集中式:

  1. 对设备A采用如下思路配置集中式备份集中式:
    1. 配置DS-Lite基本功能,使能集中式备份集中式命令行。
    2. 配置DS-Lite引流策略。
  2. 对设备B采用如下思路配置集中式备份集中式:
    1. 配置DS-Lite基本功能。
    2. 配置DS-Lite引流策略。

数据准备

DS-Lite主设备上为完成此配置示例,需要准备如下的数据:
  • DS-Lite实例名ds-lite1
  • 绑定到DS-Lite实例的业务板所在的槽位号1
  • 配置DS-Lite隧道时所需的Local IP地址2001:DB8::1和Remote IP地址2001:DB8:2::1
  • DS-Lite地址池的编号1,名称为group1
  • Ds-lite实例下使能集中式备份集中式功能
  • 配置DS-Lite流量分类的ACL6规则和策略引流
  • 配置DS-Lite转化策略

操作步骤

  1. 配置DS-Lite主设备基本功能。
    1. 配置基本的license功能。

      <HUAWEI> system-view
      [~DS-Lite] sysname DS-Lite
      [*DS-Lite] commit
      [~DS-Lite] license
      [~DS-Lite-license] active ds-lite vsuf slot 1
      [*DS-Lite-license] active nat session-table size 16 slot 1 engine 0
      [*DS-Lite-license] commit
      [~DS-Lite-license] quit

    2. 配置DS-Lite实例,将DS-Lite业务板绑定到DS-Lite实例。

      [~DS-Lite] service-location 1
      [*DS-Lite-service-location-1] location slot 1 engine 0
      [*DS-Lite-service-location-1] commit
      [~DS-Lite-service-location-1] quit
      [~DS-Lite] service-instance-group 1
      [*DS-Lite-instance-group-1] service-location 1
      [*DS-Lite-instance-group-1] commit
      [~DS-Lite-instance-group-1] quit
      [~DS-Lite] ds-lite instance ds-lite1 id 1
      [*DS-Lite-ds-lite-instance-ds-lite1] service-instance-group 1
      [*DS-Lite-ds-lite-instance-ds-lite1] quit
      [~DS-Lite-ds-lite-instance-ds-lite1] commit

    3. 配置DS-Lite隧道的Local IPv6地址和Remote IPv6地址。

      [~DS-Lite] ds-lite instance ds-lite1
      [~DS-Lite-ds-lite-instance-ds-lite1] local-ipv6 2001:DB8::1 prefix-length 128
      [*DS-Lite-ds-lite-instance-ds-lite1] remote-ipv6 2001:DB8:2::1 prefix-length 64
      [*DS-Lite-ds-lite-instance-ds-lite1] commit
      [~DS-Lite-ds-lite-instance-ds-lite1] quit

    4. 配置DS-Lite地址池,地址池地址从10.38.160.100至10.38.160.110。

      [~DS-Lite] ds-lite instance ds-lite1
      [*DS-Lite-ds-lite-instance-ds-lite1] ds-lite address-group group1 group-id 1 10.38.160.100 10.38.160.110
      [*DS-Lite-ds-lite-instance-ds-lite1] commit
      [~DS-Lite-ds-lite-instance-ds-lite1] quit

    5. 使能集中式备份集中式功能。

      [~DS-Lite] ds-lite instance ds-lite1
      [*DS-Lite-ds-lite-instance-ds-lite1] ds-lite centralized-backup  enable 
      [*DS-Lite-ds-lite-instance-ds-lite1] commit
      [~DS-Lite-ds-lite-instance-ds-lite1] quit

  2. 配置DS-Lite主设备引流策略。
    1. 配置基于ACL6的流分类规则。

      [~DS-Lite] acl ipv6 3500
      [*DS-Lite-acl6-basic-3500] rule permit ipv6 source 2001:DB8:2::1 64 destination 2001:DB8::1 128
      [*DS-Lite-acl6-basic-3500] commit
      [~DS-Lite-acl6-basic-3500] quit

    2. 配置流分类。

      [~DS-Lite] traffic classifier c1
      [*DS-Lite-classifier-c1] if-match ipv6 acl 3500
      [*DS-Lite-classifier-c1] commit
      [~DS-Lite-classifier-c1] quit

    3. 定义流行为,配置流量动作为绑定DS-Lite实例ds-lite1。

      [~DS-Lite] traffic behavior b1 
      [*DS-Lite-behavior-b1] ds-lite bind instance ds-lite1
      [*DS-Lite-behavior-b1] commit
      [~DS-Lite-behavior-b1] quit

    4. 定义DS-Lite策略,将该规则和动作进行关联。

      [~DS-Lite] traffic policy p1
      [*DS-Lite-trafficpolicy-p1] classifier c1 behavior b1
      [*DS-Lite-trafficpolicy-p1] commit
      [~DS-Lite-trafficpolicy-p1] quit

    5. 在接口GE1/0/0接口应用此策略。

      [~DS-Lite] interface GigabitEthernet 1/0/0
      [~DS-Lite-GigabitEthernet1/0/0] traffic-policy p1 inbound
      [*DS-Lite-GigabitEthernet1/0/0] commit
      [~DS-Lite-GigabitEthernet1/0/0] quit

  3. 配置接口和路由协议。
    1. 配置ISIS。

      [~DS-Lite] isis 1000
      [*DS-Lite-isis-1000] is-level level-1 
      [*DS-Lite-isis-1000] network-entity 10.1000.1000.1002.00
      [*DS-Lite-isis-1000] ipv6 enable topology standard
      [*DS-Lite-isis-1000] commit
      [~DS-Lite-isis-1000] quit

    2. 配置DS-Lite设备与IPv6网络相连接口。

      [~DS-Lite] interface GigabitEthernet1/0/0
      [~DS-Lite-GigabitEthernet1/0/0] ipv6 enable
      [*DS-Lite-GigabitEthernet1/0/0] ipv6 address 2001:DB8:1::2:1 64
      [*DS-Lite-GigabitEthernet1/0/0] isis ipv6 enable 1000
      [*DS-Lite-GigabitEthernet1/0/0] commit
      [~DS-Lite-GigabitEthernet1/0/0] quit

  4. 将Local IP路由发布到IPv6网络,首先将Local IP路由引入ISIS。在本版本中Local IP路由和地址池路由为unr路由。

    [~DS-Lite] isis 1000
    [~DS-Lite-isis-1000] ipv6 import-route unr
    [*DS-Lite-isis-1000] commit
    [~DS-Lite-isis-1000] quit

  5. 配置DS-Lite转化策略。

    [~DS-Lite] ds-lite instance ds-lite1
    [*DS-Lite-ds-lite-instance-ds-lite1] ds-lite  outbound 3500  address-group  group1 
    [*DS-Lite-ds-lite-instance-ds-lite1] commit
    [~DS-Lite-ds-lite-instance-ds-lite1] quit

  6. 配置完成后,DS-Lite设备和其他设备之间能够建立ISIS邻居,状态达到up。在CPE设备上有Local IP和地址池地址路由。

    [~DS-Lite] display ipv6 routing-table 2001:DB8::1
    Routing Table : Public
    Summary Count : 1
     Destination  : 2001:DB8::1                         PrefixLength : 128
     NextHop      : FE80::218:82FF:FE84:CCF             Preference   : 15
     Cost         : 10                                  Protocol     : ISIS
     RelayNextHop : ::                                  TunnelID     : 0x0
     Interface    : GigabitEthernet1/0/1               Flags        : D 

  7. 配置DS-Lite备设备基本功能。
    1. 配置基本的license功能。

      <HUAWEI> system-view  
      [~DS-Lite] sysname DS-Lite  
      [*DS-Lite] commit  
      [~DS-Lite] license  
      [*DS-Lite-license] active ds-lite vsuf slot 1 
      [*DS-Lite-license] active nat session-table size 16 slot 1 engine 0  
      [*DS-Lite-license] commit  
      [~DS-Lite-license] quit

    2. 配置DS-Lite实例,将DS-Lite业务板绑定到DS-Lite实例。

      [~DS-Lite] service-location 1  
      [*DS-Lite-service-location-1] location slot 1 engine 0  
      [*DS-Lite-service-location-1] commit  
      [~DS-Lite-service-location-1] quit  
      [~DS-Lite] service-instance-group 1  
      [*DS-Lite-instance-group-1] service-location 1  
      [*DS-Lite-instance-group-1] commit  
      [~DS-Lite-instance-group-1] quit  
      [~DS-Lite] ds-lite instance ds-lite1 id 1  
      [*DS-Lite-ds-lite-instance-ds-lite1] service-instance-group 1  
      [*DS-Lite-ds-lite-instance-ds-lite1] quit  
      [~DS-Lite-ds-lite-instance-ds-lite1] commit

    3. 配置DS-Lite隧道的Local IPv6地址和Remote IPv6地址。

      [~DS-Lite] ds-lite instance ds-lite1  
      [~DS-Lite-ds-lite-instance-ds-lite1] local-ipv6 2001:DB8::1 prefix-length 128  
      [*DS-Lite-ds-lite-instance-ds-lite1] remote-ipv6 2001:DB8:2::1 prefix-length 64  
      [*DS-Lite-ds-lite-instance-ds-lite1] commit  
      [~DS-Lite-ds-lite-instance-ds-lite1] quit

    4. 配置DS-Lite地址池以及NAT转换策略。地址池地址从10.38.160.10至10.38.160.20。

      [~DS-Lite] ds-lite instance ds-lite1  
      [*DS-Lite-ds-lite-instance-ds-lite1] ds-lite address-group group1 group-id 1 10.38.160.10 10.38.160.20  
      [*DS-Lite-ds-lite-instance-ds-lite1] commit  
      [~DS-Lite-ds-lite-instance-ds-lite1] quit

  8. 配置DS-Lite备设备的引流策略。
    1. 配置基于ACL6的流分类规则。

      [~DS-Lite] acl ipv6 3500  
      [*DS-Lite-acl6-basic-3500] rule permit ipv6 source 2001:DB8:2::1 64 destination 2001:DB8::1 128  
      [*DS-Lite-acl6-basic-3500] commit  
      [~DS-Lite-acl6-basic-3500] quit

    2. 配置流分类。

      [~DS-Lite] traffic classifier c1  
      [*DS-Lite-classifier-c1] if-match ipv6 acl 3500  
      [*DS-Lite-classifier-c1] commit  
      [~DS-Lite-classifier-c1] quit

    3. 定义流行为,配置流量动作为绑定DS-Lite实例ds-lite1。

      [~DS-Lite] traffic behavior b1   
      [*DS-Lite-behavior-b1] ds-lite bind instance ds-lite1  
      [*DS-Lite-behavior-b1] commit  
      [~DS-Lite-behavior-b1] quit

    4. 定义DS-Lite策略,并将该规则和动作进行关联。

      [~DS-Lite] traffic policy p1  
      [*DS-Lite-trafficpolicy-p1] classifier c1 behavior b1  
      [*DS-Lite-trafficpolicy-p1] commit  
      [~DS-Lite-trafficpolicy-p1] quit

    5. 在接口GE1/0/2接口应用此策略。

      [~DS-Lite] interface GigabitEthernet 1/0/2  
      [~DS-Lite-GigabitEthernet1/0/2] traffic-policy p1 inbound  
      [*DS-Lite-GigabitEthernet1/0/2] commit  
      [~DS-Lite-GigabitEthernet1/0/2] quit

  9. 配置备设备的DS-Lite转化策略。

    [~DS-Lite] ds-lite instance ds-lite1 
    [*DS-Lite-ds-lite-instance-ds-lite1] ds-lite  outbound 3500 address-group  group1
    [*DS-Lite-ds-lite-instance-ds-lite1] commit
    [~DS-Lite-ds-lite-instance-ds-lite1] quit
    

  10. 配置备设备的静态路由。

    [~DS-Lite] ipv6 route-static 2001:DB8::1 128 GigabitEthernet1/0/2 2001:DB8:2::1 
    [*DS-Lite] commit

配置文件

  • DS-Lite主设备的配置文件。

    #  
    sysname DS-Lite 
    #  
    license  
    active ds-lite vsuf slot 1 
    active nat session-table size 16 slot 1 engine 0 
    #  
    acl ipv6 number 3500 
     rule 5 permit ipv6 source 2001:DB8:2::/64 
    #  
    service-location 1  
     location slot 1 engine 0  
    #  
    service-instance-group 1  
     service-location 1  
    #  
    ds-lite instance ds-lite1 id 1 
     service-instance-group 1  
     local-ipv6 2001:DB8::1 prefix-length 128 
     remote-ipv6 2001:DB8:2::1 prefix-length 64 
    ds-lite address-group group1 group-id 1 10.38.160.100 10.38.160.110 
    ds-lite  outbound 3500  address-group  group1 
     ds-lite centralized-backup enable 
    #  
    traffic classifier c1  
     if-match acl 3500  
    #  
    traffic behavior b1  
     ds-lite bind instance ds-lite1 
    #  
    traffic policy p1  
     classifier c1 behavior b1 precedence 1  
    #  
    isis 1000 
     is-level level-1 
     network-entity 10.0000.0000.0001.00 
     traffic-eng level-2 
    ipv6 enable topology standard 
     ipv6 import-route unr
    #
    interface gigabitEthernet 1/0/0  
     undo shutdown  
    ipv6 enable 
     ipv6 address 2001:DB8:1::2:1 64 
     traffic-policy p1 inbound  
    Isis ipv6 enable 1000
    #  
     return
  • DS-Lite备设备的配置文件。

    #  
    sysname DS-Lite 
    #  
    license  
    active ds-lite vsuf slot 1 
    active nat session-table size 16 slot 1 engine 0 
    #  
    acl ipv6 number 3500 
     rule 5 permit ipv6 source 2001:DB8:2::/64 
    #  
    service-location 1  
     location slot 1 engine 0  
    #  
    service-instance-group 1  
     service-location 1  
    #  
    ds-lite instance ds-lite1 id 1 
     service-instance-group 1  
     local-ipv6 2001:DB8::1 prefix-length 128 
     remote-ipv6 2001:DB8:2::1 prefix-length 64 
    ds-lite address-group group1 group-id 1 10.38.160.10 10.38.160.20 
    ds-lite  outbound 3500  address-group  group1 
     ds-lite centralized-backup enable 
    #  
    traffic classifier c1  
     if-match acl 3500  
    #  
    traffic behavior b1  
     ds-lite bind instance ds-lite1 
    #  
    traffic policy p1  
     classifier c1 behavior b1 precedence 1  
    #  
    isis 1000 
     is-level level-1 
     network-entity 10.0000.0000.0002.00 
     traffic-eng level-2 
    ipv6 enable topology standard 
     ipv6 import-route unr
    #
    interface gigabitEthernet 1/0/2  
     undo shutdown  
    ipv6 enable 
     ipv6 address 2001:DB8:1::2:1 64 
     traffic-policy p1 inbound  
    Isis ipv6 enable 1000
    # 
    ipv6 route-static 2001:DB8::1 128 GigabitEthernet1/0/2 2001:DB8:2::1
    #
     return
下载文档
更新时间:2018-07-12

文档编号:EDOC1100028549

浏览量:19859

下载量:204

平均得分:
本文档适用于这些产品
相关文档
相关版本
Share
上一页 下一页