配置EVPN L3VPNv6 over SRv6 BE示例
介绍通过SRv6 BE承载EVPN L3VPNv6业务的配置过程。
配置思路
采用如下的思路配置EVPN L3VPNv6 over SRv6 BE:
使能各设备的IPv6转发能力,配置各接口的IPv6地址。
在各设备上使能IS-IS,配置Level级别,指定网络实体。
在PE设备上配置IPv6 L3VPN实例并将IPv6 L3VPN实例绑定到接入侧接口。
在PE设备之间建立BGP EVPN对等体关系。
在PE设备上配置SRv6 BE。
操作步骤
- 使能各设备的IPv6转发能力,配置各接口的IPv6地址,以PE1为例,其他设备的配置过程相同,不再赘述
<HUAWEI> system-view [~HUAWEI] sysname PE1 [*HUAWEI] commit [~PE1] interface gigabitethernet 0/1/0 [~PE1-GigabitEthernet0/1/0] ipv6 enable [*PE1-GigabitEthernet0/1/0] ipv6 address 2001:DB8:10::1 64 [*PE1-GigabitEthernet0/1/0] quit [*PE1] interface LoopBack 1 [*PE1-LoopBack1] ipv6 enable [*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 64 [*PE1-LoopBack1] quit [*PE1] commit
- 配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 0/1/0
[*PE1-GigabitEthernet0/1/0] isis ipv6 enable 1
[*PE1-GigabitEthernet0/1/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] quit
[*PE1] commit
# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-1
[*P-isis-1] cost-style wide
[*P-isis-1] network-entity 10.0000.0000.0002.00
[*P-isis-1] ipv6 enable topology ipv6
[*P-isis-1] quit
[*P] interface gigabitethernet 0/1/0
[*P-GigabitEthernet0/1/0] isis ipv6 enable 1
[*P-GigabitEthernet0/1/0] quit
[*P] interface gigabitethernet 0/2/0
[*P-GigabitEthernet0/2/0] isis ipv6 enable 1
[*P-GigabitEthernet0/2/0] quit
[*P] interface loopback1
[*P-LoopBack1] isis ipv6 enable 1
[*P-LoopBack1] commit
[*P-LoopBack1] quit
[*P] commit
# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 0/1/0
[*PE2-GigabitEthernet0/1/0] isis ipv6 enable 1
[*PE2-GigabitEthernet0/1/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] quit
[*PE2] commit
配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI -------------------------------------------------------------------------------- 0000.0000.0002 GE0/1/0 0000.0000.0002.01 Up 8s L1 64 Total Peer(s): 1
- 在PE设备上配置IPv6 L3VPN实例并将IPv6 L3VPN实例绑定到接入侧接口
# 配置PE1。
[~PE1] ip vpn-instance vpn1
[*PE1-vpn-instance-vpn1] ipv6-family
[*PE1-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:1
[*PE1-vpn-instance-vpn1-af-ipv6] vpn-target 1:1 evpn
[*PE1-vpn-instance-vpn1-af-ipv6] quit
[*PE1-vpn-instance-vpn1] quit
[*PE1] interface gigabitethernet0/2/0
[*PE1-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[*PE1-GigabitEthernet0/2/0] ipv6 enable
[*PE1-GigabitEthernet0/2/0] ipv6 address 2001:DB8:11::1 64
[*PE1-GigabitEthernet0/2/0] quit
[*PE1] bgp 100
[*PE1-bgp] ipv6-family vpn-instance vpn1
[*PE1-bgp-6-vpn1] import-route direct
[*PE1-bgp-6-vpn1] advertise l2vpn evpn
[*PE1-bgp-6-vpn1] quit
[*PE1-bgp] quit
[*PE1] commit
# 配置PE2。
[~PE2] ip vpn-instance vpn1
[*PE2-vpn-instance-vpn1] ipv6-family
[*PE2-vpn-instance-vpn1-af-ipv6] route-distinguisher 200:1
[*PE2-vpn-instance-vpn1-af-ipv6] vpn-target 1:1 evpn
[*PE2-vpn-instance-vpn1-af-ipv6] quit
[*PE2-vpn-instance-vpn1] quit
[*PE2] interface gigabitethernet0/2/0
[*PE2-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
[*PE2-GigabitEthernet0/2/0] ipv6 enable
[*PE2-GigabitEthernet0/2/0] ipv6 address 2001:DB8:22::1 64
[*PE2-GigabitEthernet0/2/0] quit
[*PE2] bgp 100
[*PE2-bgp] ipv6-family vpn-instance vpn1
[*PE2-bgp-6-vpn1] import-route direct
[*PE2-bgp-6-vpn1] advertise l2vpn evpn
[*PE2-bgp-6-vpn1] quit
[*PE2-bgp] quit
[*PE2] commit
- 在PE设备之间建立BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] peer 2001:DB8:3::3 as-number 100
[*PE1-bgp] peer 2001:DB8:3::3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit
# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] router-id 3.3.3.3
[*PE2-bgp] peer 2001:DB8:1::1 as-number 100
[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit
配置完成后,在PE设备上执行display bgp evpn peer命令,可以看到PE之间的BGP EVPN对等体关系已建立,并达到Established状态。
- 在PE设备之间建立SRv6 BE
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1
[*PE1-segment-routing-ipv6] locator PE1 ipv6-prefix 2001:DB8:100::10 64 static 32
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] isis 1
[*PE1-isis-1] segment-routing ipv6 locator PE1
[*PE1-isis-1] quit
[*PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 advertise encap-type srv6
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] ipv6-family vpn-instance vpn1
[*PE1-bgp-6-vpn1] segment-routing ipv6 locator PE1 evpn
[*PE1-bgp-6-vpn1] segment-routing ipv6 best-effort evpn
[*PE1-bgp-6-vpn1] quit
[*PE1-bgp] quit
[*PE1] commit
# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:3::3
[*PE2-segment-routing-ipv6] locator PE2 ipv6-prefix 2001:DB8:130::3 64 static 32
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] isis 1
[*PE2-isis-1] segment-routing ipv6 locator PE2
[*PE2-isis-1] quit
[*PE2] bgp 100
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 advertise encap-type srv6
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] ipv6-family vpn-instance vpn1
[*PE2-bgp-6-vpn1] segment-routing ipv6 locator PE2 evpn
[*PE2-bgp-6-vpn1] segment-routing ipv6 best-effort evpn
[*PE2-bgp-6-vpn1] quit
[*PE2-bgp] quit
[*PE2] commit
- 检查配置结果
在PE上通过配置命令display bgp evpn all routing-table prefix-route,可以看到远端发来的IP前缀路由。以PE1为例:
[~PE1] display bgp evpn all routing-table prefix-route
Local AS number : 100 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Ip Prefix Routes: 2 Route Distinguisher: 100:1 Network(EthTagId/IpPrefix/IpPrefixLen) NextHop *> 0:[2001:DB8:11::]:64 0.0.0.0 *>i 0:[2001:DB8:22::]:64 2001:DB8:3::3
在PE上通过配置命令display ipv6 routing-table vpn-instance vpn1,可以看到远端发来的私网路由。以PE1为例:
[~PE1] display ipv6 routing-table vpn-instance vpn1
Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:DB8:11:: PrefixLength : 64 NextHop : 2001:DB8:11::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet0/2/0 Flags : D Destination : 2001:DB8:11::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet0/2/0 Flags : D Destination : 2001:DB8:22:: PrefixLength : 64 NextHop : 2001:DB8:130::40 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : FE80::3AF3:EDFF:FE31:307 TunnelID : 0x0 Interface : GigabitEthernet0/1/0 Flags : RD Destination : FE80:: PrefixLength : 10 NextHop : :: Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : DB
配置文件
PE1的配置文件
# sysname PE1 # ip vpn-instance vpn1 ipv6-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity evpn vpn-target 1:1 import-extcommunity evpn # segment-routing ipv6 encapsulation source-address 2001:DB8:1::1 locator PE1 ipv6-prefix 2001:DB8:100::10 64 static 32 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0001.00 # ipv6 enable topology ipv6 segment-routing ipv6 locator PE1 # # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:10::1/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ipv6 enable ipv6 address 2001:DB8:11::1/64 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1::1/128 isis ipv6 enable 1 # bgp 100 router-id 1.1.1.1 peer 2001:DB8:3::3 as-number 100 peer 2001:DB8:3::3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn segment-routing ipv6 locator PE1 evpn segment-routing ipv6 best-effort evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:3::3 enable peer 2001:DB8:3::3 advertise encap-type srv6 # return
P的配置文件
# sysname P # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0002.00 # ipv6 enable topology ipv6 # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:10::2/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:20::1/64 isis ipv6 enable 1 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:2::2/128 isis ipv6 enable 1 # return
PE2的配置文件
# sysname PE2 # ip vpn-instance vpn1 ipv6-family route-distinguisher 200:1 vpn-target 1:1 export-extcommunity evpn vpn-target 1:1 import-extcommunity evpn # segment-routing ipv6 encapsulation source-address 2001:DB8:3::3 locator PE2 ipv6-prefix 2001:DB8:130::3 64 static 32 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0003.00 # ipv6 enable topology ipv6 segment-routing ipv6 locator PE2 # # interface GigabitEthernet0/1/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:20::2/64 isis ipv6 enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpn1 ipv6 enable ipv6 address 2001:DB8:22::1/64 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:3::3/128 isis ipv6 enable 1 # bgp 100 router-id 3.3.3.3 peer 2001:DB8:1::1 as-number 100 peer 2001:DB8:1::1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn segment-routing ipv6 locator PE2 evpn segment-routing ipv6 best-effort evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:1::1 enable peer 2001:DB8:1::1 advertise encap-type srv6 # return