评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置EVPN L3VPNv6 over SRv6 BE示例
介绍通过SRv6 BE承载EVPN L3VPNv6业务的配置过程。
配置思路
采用如下的思路配置EVPN L3VPNv6 over SRv6 BE:
使能各设备的IPv6转发能力,配置各接口的IPv6地址。
在各设备上使能IS-IS,配置Level级别,指定网络实体。
在PE设备上配置IPv6 L3VPN实例并将IPv6 L3VPN实例绑定到接入侧接口。
在PE设备之间建立BGP EVPN对等体关系。
在PE设备上配置SRv6 BE。
操作步骤
- 使能各设备的IPv6转发能力,配置各接口的IPv6地址,以PE1为例,其他设备的配置过程相同,不再赘述
<HUAWEI> system-view [~HUAWEI] sysname PE1 [*HUAWEI] commit [~PE1] interface gigabitethernet 0/1/0 [~PE1-GigabitEthernet0/1/0] ipv6 enable [*PE1-GigabitEthernet0/1/0] ipv6 address 2001:DB8:10::1 64 [*PE1-GigabitEthernet0/1/0] quit [*PE1] interface LoopBack 1 [*PE1-LoopBack1] ipv6 enable [*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 64 [*PE1-LoopBack1] quit [*PE1] commit
- 配置IS-IS
# 配置PE1。
[~PE1] isis 1[*PE1-isis-1] is-level level-1[*PE1-isis-1] cost-style wide[*PE1-isis-1] network-entity 10.0000.0000.0001.00[*PE1-isis-1] ipv6 enable topology ipv6[*PE1-isis-1] quit[*PE1] interface gigabitethernet 0/1/0
[*PE1-GigabitEthernet0/1/0] isis ipv6 enable 1
[*PE1-GigabitEthernet0/1/0] quit
[*PE1] interface loopback1[*PE1-LoopBack1] isis ipv6 enable 1[*PE1-LoopBack1] quit[*PE1] commit# 配置P。
[~P] isis 1[*P-isis-1] is-level level-1[*P-isis-1] cost-style wide[*P-isis-1] network-entity 10.0000.0000.0002.00[*P-isis-1] ipv6 enable topology ipv6[*P-isis-1] quit[*P] interface gigabitethernet 0/1/0
[*P-GigabitEthernet0/1/0] isis ipv6 enable 1
[*P-GigabitEthernet0/1/0] quit
[*P] interface gigabitethernet 0/2/0
[*P-GigabitEthernet0/2/0] isis ipv6 enable 1
[*P-GigabitEthernet0/2/0] quit
[*P] interface loopback1[*P-LoopBack1] isis ipv6 enable 1[*P-LoopBack1] commit[*P-LoopBack1] quit[*P] commit# 配置PE2。
[~PE2] isis 1[*PE2-isis-1] is-level level-1[*PE2-isis-1] cost-style wide[*PE2-isis-1] network-entity 10.0000.0000.0003.00[*PE2-isis-1] ipv6 enable topology ipv6[*PE2-isis-1] quit[*PE2] interface gigabitethernet 0/1/0
[*PE2-GigabitEthernet0/1/0] isis ipv6 enable 1
[*PE2-GigabitEthernet0/1/0] quit
[*PE2] interface loopback1[*PE2-LoopBack1] isis ipv6 enable 1[*PE2-LoopBack1] quit[*PE2] commit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peerPeer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI -------------------------------------------------------------------------------- 0000.0000.0002 GE0/1/0 0000.0000.0002.01 Up 8s L1 64 Total Peer(s): 1 - 在PE设备上配置IPv6 L3VPN实例并将IPv6 L3VPN实例绑定到接入侧接口
# 配置PE1。
[~PE1] ip vpn-instance vpn1[*PE1-vpn-instance-vpn1] ipv6-family[*PE1-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:1[*PE1-vpn-instance-vpn1-af-ipv6] vpn-target 1:1 evpn[*PE1-vpn-instance-vpn1-af-ipv6] quit[*PE1-vpn-instance-vpn1] quit[*PE1] interface gigabitethernet0/2/0
[*PE1-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[*PE1-GigabitEthernet0/2/0] ipv6 enable
[*PE1-GigabitEthernet0/2/0] ipv6 address 2001:DB8:11::1 64
[*PE1-GigabitEthernet0/2/0] quit
[*PE1] bgp 100[*PE1-bgp] ipv6-family vpn-instance vpn1[*PE1-bgp-6-vpn1] import-route direct[*PE1-bgp-6-vpn1] advertise l2vpn evpn[*PE1-bgp-6-vpn1] quit[*PE1-bgp] quit[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpn1[*PE2-vpn-instance-vpn1] ipv6-family[*PE2-vpn-instance-vpn1-af-ipv6] route-distinguisher 200:1[*PE2-vpn-instance-vpn1-af-ipv6] vpn-target 1:1 evpn[*PE2-vpn-instance-vpn1-af-ipv6] quit[*PE2-vpn-instance-vpn1] quit[*PE2] interface gigabitethernet0/2/0
[*PE2-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[*PE2-GigabitEthernet0/2/0] ipv6 enable
[*PE2-GigabitEthernet0/2/0] ipv6 address 2001:DB8:22::1 64
[*PE2-GigabitEthernet0/2/0] quit
[*PE2] bgp 100[*PE2-bgp] ipv6-family vpn-instance vpn1[*PE2-bgp-6-vpn1] import-route direct[*PE2-bgp-6-vpn1] advertise l2vpn evpn[*PE2-bgp-6-vpn1] quit[*PE2-bgp] quit[*PE2] commit - 在PE设备之间建立BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100[~PE1-bgp] router-id 1.1.1.1[*PE1-bgp] peer 2001:DB8:3::3 as-number 100[*PE1-bgp] peer 2001:DB8:3::3 connect-interface loopback 1[*PE1-bgp] l2vpn-family evpn[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 enable[*PE1-bgp-af-evpn] quit[*PE1-bgp] quit[*PE1] commit# 配置PE2。
[~PE2] bgp 100[~PE2-bgp] router-id 3.3.3.3[*PE2-bgp] peer 2001:DB8:1::1 as-number 100[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback 1[*PE2-bgp] l2vpn-family evpn[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 enable[*PE2-bgp-af-evpn] quit[*PE2-bgp] quit[*PE2] commit配置完成后,在PE设备上执行display bgp evpn peer命令,可以看到PE之间的BGP EVPN对等体关系已建立,并达到Established状态。
- 在PE设备之间建立SRv6 BE
# 配置PE1。
[~PE1] segment-routing ipv6[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1[*PE1-segment-routing-ipv6] locator PE1 ipv6-prefix 2001:DB8:100::10 64 static 32[*PE1-segment-routing-ipv6-locator] quit[*PE1-segment-routing-ipv6] quit[*PE1] isis 1[*PE1-isis-1] segment-routing ipv6 locator PE1[*PE1-isis-1] quit[*PE1] bgp 100[*PE1-bgp] l2vpn-family evpn[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 advertise encap-type srv6[*PE1-bgp-af-evpn] quit[*PE1-bgp] ipv6-family vpn-instance vpn1[*PE1-bgp-6-vpn1] segment-routing ipv6 locator PE1 evpn[*PE1-bgp-6-vpn1] segment-routing ipv6 best-effort evpn[*PE1-bgp-6-vpn1] quit[*PE1-bgp] quit[*PE1] commit# 配置PE2。
[~PE2] segment-routing ipv6[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:3::3[*PE2-segment-routing-ipv6] locator PE2 ipv6-prefix 2001:DB8:130::3 64 static 32[*PE2-segment-routing-ipv6-locator] quit[*PE2-segment-routing-ipv6] quit[*PE2] isis 1[*PE2-isis-1] segment-routing ipv6 locator PE2[*PE2-isis-1] quit[*PE2] bgp 100[*PE2-bgp] l2vpn-family evpn[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 advertise encap-type srv6[*PE2-bgp-af-evpn] quit[*PE2-bgp] ipv6-family vpn-instance vpn1[*PE2-bgp-6-vpn1] segment-routing ipv6 locator PE2 evpn[*PE2-bgp-6-vpn1] segment-routing ipv6 best-effort evpn[*PE2-bgp-6-vpn1] quit[*PE2-bgp] quit[*PE2] commit - 检查配置结果
在PE上通过配置命令display bgp evpn all routing-table prefix-route,可以看到远端发来的IP前缀路由。以PE1为例:
[~PE1] display bgp evpn all routing-table prefix-routeLocal AS number : 100 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Ip Prefix Routes: 2 Route Distinguisher: 100:1 Network(EthTagId/IpPrefix/IpPrefixLen) NextHop *> 0:[2001:DB8:11::]:64 0.0.0.0 *>i 0:[2001:DB8:22::]:64 2001:DB8:3::3在PE上通过配置命令display ipv6 routing-table vpn-instance vpn1,可以看到远端发来的私网路由。以PE1为例:
[~PE1] display ipv6 routing-table vpn-instance vpn1Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:DB8:11:: PrefixLength : 64 NextHop : 2001:DB8:11::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet0/2/0 Flags : D Destination : 2001:DB8:11::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet0/2/0 Flags : D Destination : 2001:DB8:22:: PrefixLength : 64 NextHop : 2001:DB8:130::40 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : FE80::3AF3:EDFF:FE31:307 TunnelID : 0x0 Interface : GigabitEthernet0/1/0 Flags : RD Destination : FE80:: PrefixLength : 10 NextHop : :: Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : DB
配置文件
PE1的配置文件
# sysname PE1 # ip vpn-instance vpn1 ipv6-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity evpn vpn-target 1:1 import-extcommunity evpn # segment-routing ipv6 encapsulation source-address 2001:DB8:1::1 locator PE1 ipv6-prefix 2001:DB8:100::10 64 static 32 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0001.00 # ipv6 enable topology ipv6 segment-routing ipv6 locator PE1 # # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:10::1/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ipv6 enable ipv6 address 2001:DB8:11::1/64 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1::1/128 isis ipv6 enable 1 # bgp 100 router-id 1.1.1.1 peer 2001:DB8:3::3 as-number 100 peer 2001:DB8:3::3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn segment-routing ipv6 locator PE1 evpn segment-routing ipv6 best-effort evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:3::3 enable peer 2001:DB8:3::3 advertise encap-type srv6 # return
P的配置文件
# sysname P # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0002.00 # ipv6 enable topology ipv6 # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:10::2/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:20::1/64 isis ipv6 enable 1 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:2::2/128 isis ipv6 enable 1 # return
PE2的配置文件
# sysname PE2 # ip vpn-instance vpn1 ipv6-family route-distinguisher 200:1 vpn-target 1:1 export-extcommunity evpn vpn-target 1:1 import-extcommunity evpn # segment-routing ipv6 encapsulation source-address 2001:DB8:3::3 locator PE2 ipv6-prefix 2001:DB8:130::3 64 static 32 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0003.00 # ipv6 enable topology ipv6 segment-routing ipv6 locator PE2 # # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:20::2/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ipv6 enable ipv6 address 2001:DB8:22::1/64 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:3::3/128 isis ipv6 enable 1 # bgp 100 router-id 3.3.3.3 peer 2001:DB8:1::1 as-number 100 peer 2001:DB8:1::1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn segment-routing ipv6 locator PE2 evpn segment-routing ipv6 best-effort evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:1::1 enable peer 2001:DB8:1::1 advertise encap-type srv6 # return
