评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置跨域IPv6 VPN-OptionB示例
ASBR间建立单跳的MP-EBGP对等体,交换各自的VPNv6路由。
组网需求
如图8-15,CE1和CE2属于同一个VPN。CE1接入AS 100的PE1,CE2接入AS 200的PE2。通过为ASBR之间配置MP-EBGP对等体来传递VPNv6路由,从而实现OptionB方式的跨域VPN。
配置思路
采用如下思路配置OptionB方式跨域IPv6 VPN:
在骨干网上运行IGP协议实现同一AS的ASBR与PE之间的互通,并且同一AS的ASBR与PE之间要建立MPLS LDP LSP。
PE与CE之间建立EBGP对等体关系;PE与ASBR之间建立MP-IBGP对等体关系。
在PE上需配置VPN实例(在ASBR上无需配置VPN实例)。
在ASBR上与另一ASBR相连接口上分别使能MPLS,且ASBR之间建立MP-EBGP对等体关系,并且不对接收的VPNv6路由进行VPN-target过滤。
操作步骤
- 在AS 100和AS 200的MPLS骨干网上分别配置IGP协议,实现各自骨干网PE之间的互通
本例中采用OSPF,具体配置过程请参见后面的配置文件。
需要将作为LSR ID的LoopBack接口的32位地址通过OSPF发布出去。
配置完成后,同一AS的ASBR与PE之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。
同一AS的ASBR和PE能学习到对方的Loopback地址,并能够互相ping通。
- 在AS 100和AS 200的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP,建立LDP LSP
配置步骤请参见配置跨域IPv6 VPN-OptionA示例,此处不再赘述。
- 为PE1和PE2配置基本BGP/MPLS IPv6 VPN
PE1和PE2上的VPN实例的VPN-Target需匹配。
具体配置步骤请参见后面的配置文件,此处不再赘述。
- 配置跨域VPN-OptionB方式
# 配置ASBR1:在与ASBR2相连的接口GE2/0/0上使能MPLS。
[~ASBR1] interface gigabitEthernet 2/0/0
[~ASBR1-GigabitEthernet2/0/0] ip address 192.168.1.1 24
[*ASBR1-GigabitEthernet2/0/0] mpls
[*ASBR1-GigabitEthernet2/0/0] quit
[*ASBR1] commit# 配置ASBR1:与ASBR2建立MP-EBGP对等体关系,并且不对接收的VPN-IPv6路由进行VPN-target过滤,并且使能ASBR1按下一跳分标签。
[~ASBR1] bgp 100[*ASBR1-bgp] peer 192.168.1.2 as-number 200[*ASBR1-bgp] ipv6-family vpnv6[*ASBR1-bgp-af-vpnv6] peer 192.168.1.2 enable[*ASBR1-bgp-af-vpnv6] undo policy vpn-target[*ASBR1-bgp-af-vpnv6] quit[*ASBR1-bgp] quit[*ASBR1] commitASBR2的配置与ASBR1类似,此处不再赘述。
- 检查配置结果
上述配置完成后,CE之间能学习到对方接口的路由,CE1和CE2能够相互ping通。
以CE1的显示为例:
<CE1> display ipv6 routing-table
Routing Table : _public_ Destinations : 7 Routes : 7 Destination : ::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : ::FFFF:127.0.0.0 PrefixLength : 104 NextHop : ::FFFF:127.0.0.1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : ::FFFF:127.0.0.1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : 2001:db8:1:: PrefixLength : 64 NextHop : 2001:db8:1::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet1/0/0 Flags : D Destination : 2001:db8:1::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : GigabitEthernet1/0/0 Flags : D Destination : 2001:db8:2:: PrefixLength : 64 NextHop : 2001:db8:1::2 Preference : 255 Cost : 0 Protocol : BGP RelayNextHop : 2001:db8:1::2 TunnelID : 0x0 Interface : GigabitEthernet1/0/0 Flags : RD Destination : FE80:: PrefixLength : 10 NextHop : :: Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : D<CE1> ping ipv6 2001:db8:2::1
PING 2001:db8:2::1 : 56 data bytes, press CTRL_C to break
Reply from 2001:db8:2::1
bytes=56 Sequence=1 hop limit=62 time = 125 ms
Reply from 2001:db8:2::1
bytes=56 Sequence=2 hop limit=62 time = 109 ms
Reply from 2001:db8:2::1
bytes=56 Sequence=3 hop limit=62 time = 109 ms
Reply from 2001:db8:2::1
bytes=56 Sequence=4 hop limit=62 time = 109 ms
Reply from 2001:db8:2::1
bytes=56 Sequence=5 hop limit=62 time = 110 ms
--- 2001:db8:2::1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 109/112/125 ms
在ASBR上执行display bgp vpnv6 all routing-table命令,可以看到ASBR上的VPNv6路由。
以ASBR1的显示为例:
<ASBR1> display bgp vpnv6 all routing-table
BGP Local router ID is 192.168.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:1 *>i Network : 2001:db8:1:: PrefixLen : 64 NextHop : ::FFFF:1.1.1.1 LocPrf : 100 MED : 0 PrefVal : 0 Label : 21/23 Path/Ogn : 65001? Route Distinguisher: 200:2 *> Network : 2001:db8:2:: PrefixLen : 64 NextHop : ::FFFF:192.168.1.2 LocPrf : MED : PrefVal : 0 Label : 25/25 Path/Ogn : 200 65002?
配置文件
CE1的配置文件
#
sysname CE1
#
interface GigabitEthernet1/0/0undo shutdown
ipv6 enable
ipv6 address 2001:db8:1::1/64
#
bgp 65001
router-id 10.10.10.10
peer 2001:db8:1::2 as-number 100
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization import-route direct
peer 2001:db8:1::2 enable
#
return
PE1的配置文件
#
sysname PE1
#
ip vpn-instance vpn1
ipv6-family
route-distinguisher 100:1
apply-label per-instance
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpn1
ipv6 enable
ipv6 address 2001:db8:1::2/64
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 2.2.2.2 enable
#
ipv6-family vpnv6
policy vpn-target
peer 2.2.2.2 enable
#
ipv6-family vpn-instance vpn1
peer 2001:db8:1::1 as-number 65001
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.16.1.0 0.0.0.255
#
return
ASBR1的配置文件
#
sysname ASBR1
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip address 192.168.1.1 255.255.255.0
mpls
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 192.168.1.2 as-number 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 192.168.1.2 enable
peer 1.1.1.1 enable
#
ipv6-family vpnv6
undo policy vpn-target
peer 1.1.1.1 enable
peer 192.168.1.2 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.16.1.0 0.0.0.255
#
return
ASBR2的配置文件
#
sysname ASBR2
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 200
peer 192.168.1.1 as-number 100
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 192.168.1.1 enable
peer 4.4.4.4 enable
#
ipv6-family vpnv6
undo policy vpn-target
peer 4.4.4.4 enable
peer 192.168.1.1 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
PE2的配置文件
#
sysname PE2
#
ip vpn-instance vpn1
ipv6-family
route-distinguisher 200:1
apply-label per-instance
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.4
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpn1
ipv6 enable
ipv6 address 2001:db8:2::2/64
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 3.3.3.3 enable
#
ipv6-family vpnv6
policy vpn-target
peer 3.3.3.3 enable
#
ipv6-family vpn-instance vpn1
peer 2001:db8:2::1 as-number 65002
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
CE2的配置文件
#
sysname CE2
#
interface GigabitEthernet1/0/0undo shutdown
ipv6 enable
ipv6 address 2001:db8:2::1/64
#
bgp 65002
router-id 11.11.11.11
peer 2001:db8:2::2 as-number 200
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization import-route direct
peer 2001:db8:2::2 enable
#
return
