配置L3VPN迭代静态SR-MPLS TE Policy示例(基于Color引流)
配置L3VPN,保证相同VPN用户之间的安全互访。
组网需求
CE1、CE2属于vpna。
vpna使用的VPN-target属性为111:1。
配置L3VPN迭代SR-MPLS TE Policy,保证相同VPN用户之间的安全互访。同时由于公网PE之间存在多条链路,要求其他链路能够对主链路提供保护。
配置思路
采用如下的思路配置L3VPN迭代静态SR-MPLS TE Policy:
骨干网上配置IS-IS实现PE之间的互通。
骨干网上使能MPLS,配置Segment Routing和静态邻接标签。
PE上配置SR-MPLS TE Policy,SR-MPLS TE Policy配置主备路径。
PE上配置SBFD和HSB功能,增强SR-MPLS TE Policy可靠性。
在PE设备为路由配置扩展团体属性Color,可以使用入口策略也可以使用出口策略,本例使用入口策略在接收路由时设置扩展团体属性Color。
PE之间配置MP-IBGP交换路由信息。
PE上配置使能IPv4地址族VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
在PE设备上配置隧道选择策略。
CE与PE之间配置EBGP交换路由信息。
操作步骤
- 配置接口的IP地址。
# 配置PE1。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.9 32
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet0/1/0
[*PE1-GigabitEthernet0/1/0] ip address 10.13.1.1 24
[*PE1-GigabitEthernet0/1/0] quit
[*PE1] interface gigabitethernet0/3/0
[*PE1-GigabitEthernet0/3/0] ip address 10.11.1.1 24
[*PE1-GigabitEthernet0/3/0] quit
[*PE1] commit
# 配置P1。
<HUAWEI> system-view
[~HUAWEI] sysname P1
[*HUAWEI] commit
[~P1] interface loopback 1
[*P1-LoopBack1] ip address 2.2.2.9 32
[*P1-LoopBack1] quit
[*P1] interface gigabitethernet0/1/0
[*P1-GigabitEthernet0/1/0] ip address 10.11.1.2 24
[*P1-GigabitEthernet0/1/0] quit
[*P1] interface gigabitethernet0/2/0
[*P1-GigabitEthernet0/2/0] ip address 10.12.1.1 24
[*P1-GigabitEthernet0/2/0] quit
[*P1] commit
# 配置PE2。
<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.9 32
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet0/1/0
[*PE2-GigabitEthernet0/1/0] ip address 10.14.1.2 24
[*PE2-GigabitEthernet0/1/0] quit
[*PE2] interface gigabitethernet0/3/0
[*PE2-GigabitEthernet0/3/0] ip address 10.12.1.2 24
[*PE2-GigabitEthernet0/3/0] quit
[*PE2] commit
# 配置P2。
<HUAWEI> system-view
[~HUAWEI] sysname P2
[*HUAWEI] commit
[~P2] interface loopback 1
[*P2-LoopBack1] ip address 4.4.4.9 32
[*P2-LoopBack1] quit
[*P2] interface gigabitethernet0/1/0
[*P2-GigabitEthernet0/1/0] ip address 10.13.1.2 24
[*P2-GigabitEthernet0/1/0] quit
[*P2] interface gigabitethernet0/2/0
[*P2-GigabitEthernet0/2/0] ip address 10.14.1.1 24
[*P2-GigabitEthernet0/2/0] quit
[*P2] commit
- 在骨干网上配置IGP协议,实现骨干网PE和P的互通。本例中以IS-IS为例进行说明。
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] quit
[*PE1] commit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet0/1/0
[*PE1-GigabitEthernet0/1/0] isis enable 1
[*PE1-GigabitEthernet0/1/0] quit
[*PE1] interface gigabitethernet0/3/0
[*PE1-GigabitEthernet0/3/0] isis enable 1
[*PE1-GigabitEthernet0/3/0] quit
[*PE1] commit
# 配置P1。
[~P1] isis 1
[*P1-isis-1] is-level level-1
[*P1-isis-1] network-entity 10.0000.0000.0002.00
[*P1-isis-1] quit
[*P1] commit
[~P1] interface loopback 1
[*P1-LoopBack1] isis enable 1
[*P1-LoopBack1] quit
[*P1] interface gigabitethernet0/1/0
[*P1-GigabitEthernet0/1/0] isis enable 1
[*P1-GigabitEthernet0/1/0] quit
[*P1] interface gigabitethernet0/2/0
[*P1-GigabitEthernet0/2/0] isis enable 1
[*P1-GigabitEthernet0/2/0] quit
[*P1] commit
# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] quit
[*PE2] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet0/3/0
[*PE2-GigabitEthernet0/3/0] isis enable 1
[*PE2-GigabitEthernet0/3/0] quit
[*PE2] interface gigabitethernet0/1/0
[*PE2-GigabitEthernet0/1/0] isis enable 1
[*PE2-GigabitEthernet0/1/0] quit
[*PE2] commit
# 配置P2。
[~P2] isis 1
[*P2-isis-1] is-level level-1
[*P2-isis-1] network-entity 10.0000.0000.0004.00
[*P2-isis-1] quit
[*P2] commit
[~P2] interface loopback 1
[*P2-LoopBack1] isis enable 1
[*P2-LoopBack1] quit
[*P2] interface gigabitethernet0/1/0
[*P2-GigabitEthernet0/1/0] isis enable 1
[*P2-GigabitEthernet0/1/0] quit
[*P2] interface gigabitethernet0/2/0
[*P2-GigabitEthernet0/2/0] isis enable 1
[*P2-GigabitEthernet0/2/0] quit
[*P2] commit
- 在骨干网上配置MPLS基本能力
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.9
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit
# 配置P1。
[~P1] mpls lsr-id 2.2.2.9
[*P1] mpls
[*P1-mpls] commit
[~P1-mpls] quit
# 配置PE2。
[~PE2] mpls lsr-id 3.3.3.9
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit
# 配置P2。
[~P2] mpls lsr-id 4.4.4.9
[*P2] mpls
[*P2-mpls] commit
[~P2-mpls] quit
- 在骨干网上配置Segment Routing
# 配置PE1。
[~PE1] segment-routing
[*PE1-segment-routing] ipv4 adjacency local-ip-addr 10.11.1.1 remote-ip-addr 10.11.1.2 sid 330000
[*PE1-segment-routing] ipv4 adjacency local-ip-addr 10.13.1.1 remote-ip-addr 10.13.1.2 sid 330001
[*PE1-segment-routing] quit
[*PE1] commit
[~PE1] isis 1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] quit
[*PE1] commit
# 配置P1。
[~P1] segment-routing
[*P1-segment-routing] ipv4 adjacency local-ip-addr 10.11.1.2 remote-ip-addr 10.11.1.1 sid 330003
[*P1-segment-routing] ipv4 adjacency local-ip-addr 10.12.1.1 remote-ip-addr 10.12.1.2 sid 330002
[*P1-segment-routing] quit
[*P1] commit
[~P1] isis 1
[*P1-isis-1] cost-style wide
[*P1-isis-1] segment-routing mpls
[*P1-isis-1] quit
[*P1] commit
# 配置PE2。
[~PE2] segment-routing
[*PE2-segment-routing] ipv4 adjacency local-ip-addr 10.12.1.2 remote-ip-addr 10.12.1.1 sid 330000
[*PE2-segment-routing] ipv4 adjacency local-ip-addr 10.14.1.2 remote-ip-addr 10.14.1.1 sid 330001
[*PE2-segment-routing] quit
[*PE2] commit
[~PE2] isis 1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] quit
[*PE2] commit
# 配置P2。
[~P2] segment-routing
[*P2-segment-routing] ipv4 adjacency local-ip-addr 10.13.1.2 remote-ip-addr 10.13.1.1 sid 330002
[*P2-segment-routing] ipv4 adjacency local-ip-addr 10.14.1.1 remote-ip-addr 10.14.1.2 sid 330003
[*P2-segment-routing] quit
[*P2] commit
[~P2] isis 1
[*P2-isis-1] cost-style wide
[*P2-isis-1] segment-routing mpls
[*P2-isis-1] quit
[*P2] commit
- 配置SR-MPLS TE Policy
# 配置PE1。
[~PE1] segment-routing
[~PE1-segment-routing] segment-list pe1
[*PE1-segment-routing-segment-list] index 10 sid label 330000
[*PE1-segment-routing-segment-list] index 20 sid label 330002
[*PE1-segment-routing-segment-list] quit
[*PE1-segment-routing] segment-list pe1backup
[*PE1-segment-routing-segment-list] index 10 sid label 330001
[*PE1-segment-routing-segment-list] index 20 sid label 330003
[*PE1-segment-routing-segment-list] quit
[*PE1-segment-routing] sr-te policy policy100 endpoint 3.3.3.9 color 100
[*PE1-segment-routing-te-policy] binding-sid 115
[*PE1-segment-routing-te-policy] mtu 1000
[*PE1-segment-routing-te-policy] candidate-path preference 100
[*PE1-segment-routing-te-policy-path] segment-list pe1backup
[*PE1-segment-routing-te-policy-path] quit
[*PE1-segment-routing-te-policy] candidate-path preference 200
[*PE1-segment-routing-te-policy-path] segment-list pe1
[*PE1-segment-routing-te-policy-path] quit
[*PE1-segment-routing-te-policy] quit
[*PE1-segment-routing] quit
[*PE1] commit
# 配置PE2。
[~PE2] segment-routing
[~PE2-segment-routing] segment-list pe2
[*PE2-segment-routing-segment-list] index 10 sid label 330000
[*PE2-segment-routing-segment-list] index 20 sid label 330003
[*PE2-segment-routing-segment-list] quit
[*PE2-segment-routing] segment-list pe2backup
[*PE2-segment-routing-segment-list] index 10 sid label 330001
[*PE2-segment-routing-segment-list] index 20 sid label 330002
[*PE2-segment-routing-segment-list] quit
[*PE2-segment-routing] sr-te policy policy200 endpoint 1.1.1.9 color 200
[*PE2-segment-routing-te-policy] binding-sid 115
[*PE2-segment-routing-te-policy] mtu 1000
[*PE2-segment-routing-te-policy] candidate-path preference 100
[*PE2-segment-routing-te-policy-path] segment-list pe2backup
[*PE2-segment-routing-te-policy-path] quit
[*PE2-segment-routing-te-policy] candidate-path preference 200
[*PE2-segment-routing-te-policy-path] segment-list pe2
[*PE2-segment-routing-te-policy-path] quit
[*PE2-segment-routing-te-policy] quit
[*PE2-segment-routing] quit
[*PE2] commit
配置完成后,可以使用display sr-te policy命令查看SR-MPLS TE Policy信息。以PE1的显示为例:
[~PE1] display sr-te policy
PolicyName : policy100 Endpoint : 3.3.3.9 Color : 100 TunnelId : 1 TunnelType : SR-TE Policy Binding SID : 115 MTU : 1000 Policy State : UP BFD : Disable Admin State : UP DiffServ-Mode : - Traffic Statistics : Disable Backup Hot-Standby : Disable Candidate-path Count : 2 Candidate-path Preference: 200 Path State : Valid Path Type : Primary Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0 Discriminator : 200 Binding SID : - GroupId : 2 Policy Name : policy100 Segment-List Count : 1 Segment-List : pe1 Segment-List ID : 129 XcIndex : 68 List State : UP BFD State : - EXP : 0 TTL : 255 DeleteTimerRemain : - Label : 330000, 330002 Candidate-path Preference: 100 Path State : Invalid Path Type : - Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0 Discriminator : 100 Binding SID : - GroupId : 1 Policy Name : policy100 Segment-List Count : 1 Segment-List : pe1backup Segment-List ID : 194 XcIndex : - List State : DOWN BFD State : - EXP : 0 TTL : 255 DeleteTimerRemain : - Label : 330001, 330003
- 配置SBFD及HSB功能
# 配置PE1。
[~PE1] bfd
[*PE1-bfd] quit
[*PE1] sbfd
[*PE1-sbfd] reflector discriminator 1.1.1.9
[*PE1-sbfd] quit
[*PE1] segment-routing
[*PE1-segment-routing] sr-te-policy seamless-bfd enable
[*PE1-segment-routing] sr-te-policy backup hot-standby enable
[*PE1-segment-routing] commit
[~PE1-segment-routing] quit
# 配置PE2。
[~PE2] bfd
[*PE2-bfd] quit
[*PE2] sbfd
[*PE2-sbfd] reflector discriminator 3.3.3.9
[*PE2-sbfd] quit
[*PE2] segment-routing
[*PE2-segment-routing] sr-te-policy seamless-bfd enable
[*PE2-segment-routing] sr-te-policy backup hot-standby enable
[*PE2-segment-routing] commit
[~PE2-segment-routing] quit
- 配置路由策略
# 配置PE1。
[~PE1] route-policy color100 permit node 1
[*PE1-route-policy] apply extcommunity color 0:100
[*PE1-route-policy] quit
[*PE1] commit
# 配置PE2。
[~PE2] route-policy color200 permit node 1
[*PE2-route-policy] apply extcommunity color 0:200
[*PE2-route-policy] quit
[*PE2] commit
- 在PE之间建立MP-IBGP对等体关系,同时VPNv4邻居应用入口策略,为路由添加扩展团体属性Color
# 配置PE1。
[~PE1] bgp 100
[~PE1-bgp] peer 3.3.3.9 as-number 100
[*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[*PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy color100 import
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit
# 配置PE2。
[~PE2] bgp 100
[~PE2-bgp] peer 1.1.1.9 as-number 100
[*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[*PE2-bgp-af-vpnv4] peer 1.1.1.9 route-policy color200 import
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit
配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。以PE1的显示为例。
[~PE1] display bgp peer
BGP local router ID : 10.13.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 0
[~PE1] display bgp vpnv4 all peer
BGP local router ID : 10.13.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 12 18 0 00:09:38 Established 0
- 在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface gigabitethernet0/2/0
[*PE1-GigabitEthernet0/2/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet0/2/0] ip address 10.1.1.2 24
[*PE1-GigabitEthernet0/2/0] quit
[*PE1] commit
# 配置PE2。
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface gigabitethernet0/2/0
[*PE2-GigabitEthernet0/2/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet0/2/0] ip address 10.3.1.2 24
[*PE2-GigabitEthernet0/2/0] quit
[*PE2] commit
# 按图2-21配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
- 在PE设备上配置隧道选择策略,优选SR-MPLS TE Policy。
# 配置PE1。
[~PE1] tunnel-policy p1
[*PE1-tunnel-policy-p1] tunnel select-seq sr-te-policy load-balance-number 1 unmix
[*PE1-tunnel-policy-p1] quit
[*PE1] commit
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] tnl-policy p1
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] commit
# 配置PE2。
[~PE2] tunnel-policy p1
[*PE2-tunnel-policy-p1] tunnel select-seq sr-te-policy load-balance-number 1 unmix
[*PE2-tunnel-policy-p1] quit
[*PE2] commit
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] tnl-policy p1
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] commit
- 在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1
[*CE1-LoopBack1] ip address 11.1.1.1 32
[*CE1-LoopBack1] quit
[*CE1] interface gigabitethernet0/1/0
[*CE1-GigabitEthernet0/1/0] ip address 10.1.1.1 24
[*CE1-GigabitEthernet0/1/0] quit
[*CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.2 as-number 100
[*CE1-bgp] network 11.1.1.1 32
[*CE1-bgp] quit
[*CE1] commit
CE2的配置与CE1设备配置类似,配置过程请参见后面的配置文件。
# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[*PE1-bgp-vpna] commit
[*PE1-bgp-vpna] quit
PE2的配置与PE1类似,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 10.13.1.1 Local AS number : 100 VPN-Instance vpna, Router ID 10.13.1.1: Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 91 90 0 01:15:39 Established 1
- 检查配置结果
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往CE上的Loopback接口路由。
以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet0/1/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0 11.1.1.1/32 EBGP 255 0 RD 10.1.1.1 GigabitEthernet0/2/0 22.2.2.2/32 IBGP 255 0 RD 3.3.3.9 SR TE Policy 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在PE设备上执行display ip routing-table vpn-instance vpna verbose命令,可以看到去往CE上的Loopback接口路由的详细信息。
以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpna 22.2.2.2 verbose
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table : vpna Summary Count : 1 Destination: 22.2.2.2/32 Protocol: IBGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.9 Neighbour: 3.3.3.9 State: Active Adv Relied Age: 01h18m38s Tag: 0 Priority: low Label: 48180 QoSInfo: 0x0 IndirectID: 0x10000B9 Instance: RelayNextHop: 0.0.0.0 Interface: SR TE Policy TunnelID: 0x000000003200000041 Flags: RD
从以上信息可以看出,VPN路由已经成功迭代到SR-MPLS TE Policy。
同一VPN的CE能够相互Ping通,例如:CE1能够Ping通CE2(22.2.2.2)。
[~CE1] ping -a 11.1.1.1 22.2.2.2
PING 22.2.2.2: 56 data bytes, press CTRL_C to break Reply from 22.2.2.2: bytes=56 Sequence=1 ttl=251 time=72 ms Reply from 22.2.2.2: bytes=56 Sequence=2 ttl=251 time=34 ms Reply from 22.2.2.2: bytes=56 Sequence=3 ttl=251 time=50 ms Reply from 22.2.2.2: bytes=56 Sequence=4 ttl=251 time=50 ms Reply from 22.2.2.2: bytes=56 Sequence=5 ttl=251 time=34 ms --- 22.2.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms
配置文件
PE1的配置文件
# sysname PE1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 tnl-policy p1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # bfd # sbfd reflector discriminator 1.1.1.9 # mpls lsr-id 1.1.1.9 # mpls # segment-routing ipv4 adjacency local-ip-addr 10.11.1.1 remote-ip-addr 10.11.1.2 sid 330000 ipv4 adjacency local-ip-addr 10.13.1.1 remote-ip-addr 10.13.1.2 sid 330001 sr-te-policy backup hot-standby enable sr-te-policy seamless-bfd enable segment-list pe1 index 10 sid label 330000 index 20 sid label 330002 segment-list pe1backup index 10 sid label 330001 index 20 sid label 330003 sr-te policy policy100 endpoint 3.3.3.9 color 100 binding-sid 115 mtu 1000 candidate-path preference 100 segment-list pe1backup candidate-path preference 200 segment-list pe1 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0001.00 segment-routing mpls # interface GigabitEthernet0/1/0 undo shutdown ip address 10.13.1.1 255.255.255.0 isis enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet0/3/0 undo shutdown ip address 10.11.1.1 255.255.255.0 isis enable 1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable peer 3.3.3.9 route-policy color100 import # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 # route-policy color100 permit node 1 apply extcommunity color 0:100 # tunnel-policy p1 tunnel select-seq sr-te-policy load-balance-number 1 unmix # return
P1的配置文件
# sysname P1 # mpls lsr-id 2.2.2.9 # mpls # segment-routing ipv4 adjacency local-ip-addr 10.11.1.2 remote-ip-addr 10.11.1.1 sid 330003 ipv4 adjacency local-ip-addr 10.12.1.1 remote-ip-addr 10.12.1.2 sid 330002 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0002.00 segment-routing mpls # interface GigabitEthernet0/1/0 undo shutdown ip address 10.11.1.2 255.255.255.0 isis enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip address 10.12.1.1 255.255.255.0 isis enable 1 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return
PE2的配置文件
# sysname PE2 # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 tnl-policy p1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # bfd # sbfd reflector discriminator 3.3.3.9 # mpls lsr-id 3.3.3.9 # mpls # segment-routing ipv4 adjacency local-ip-addr 10.12.1.2 remote-ip-addr 10.12.1.1 sid 330000 ipv4 adjacency local-ip-addr 10.14.1.2 remote-ip-addr 10.14.1.1 sid 330001 sr-te-policy backup hot-standby enable sr-te-policy seamless-bfd enable segment-list pe2 index 10 sid label 330000 index 20 sid label 330003 segment-list pe2backup index 10 sid label 330001 index 20 sid label 330002 sr-te policy policy200 endpoint 1.1.1.9 color 200 binding-sid 115 mtu 1000 candidate-path preference 100 segment-list pe2backup candidate-path preference 200 segment-list pe2 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0003.00 segment-routing mpls # interface GigabitEthernet0/1/0 undo shutdown ip address 10.14.1.2 255.255.255.0 isis enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface GigabitEthernet0/3/0 undo shutdown ip address 10.12.1.2 255.255.255.0 isis enable 1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 route-policy color200 import # ipv4-family vpn-instance vpna peer 10.2.1.1 as-number 65420 # route-policy color200 permit node 1 apply extcommunity color 0:200 # tunnel-policy p1 tunnel select-seq sr-te-policy load-balance-number 1 unmix # return
P2的配置文件
# sysname P2 # mpls lsr-id 4.4.4.9 # mpls # segment-routing ipv4 adjacency local-ip-addr 10.13.1.2 remote-ip-addr 10.13.1.1 sid 330002 ipv4 adjacency local-ip-addr 10.14.1.1 remote-ip-addr 10.14.1.2 sid 330003 # isis 1 is-level level-1 cost-style wide network-entity 10.0000.0000.0004.00 segment-routing mpls # interface GigabitEthernet0/1/0 undo shutdown ip address 10.13.1.2 255.255.255.0 isis enable 1 # interface GigabitEthernet0/2/0 undo shutdown ip address 10.14.1.1 255.255.255.0 isis enable 1 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return
CE1的配置文件
# sysname CE1 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # interface LoopBack1 ip address 11.1.1.1 255.255.255.255 # bgp 65410 peer 10.1.1.2 as-number 100 network 11.1.1.1 255.255.255.255 # ipv4-family unicast peer 10.1.1.2 enable # return
CE2的配置文件
# sysname CE2 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.2.1.1 255.255.255.0 # interface LoopBack1 ip address 22.2.2.2 255.255.255.255 # bgp 65420 peer 10.2.1.2 as-number 100 network 22.2.2.2 255.255.255.255 # ipv4-family unicast peer 10.2.1.2 enable # return