评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置6VPE示例
通过配置6VPE功能,可以将私网实例下被分割的IPv6网络利用LSP隧道连接起来。
配置思路
采用如下的思路配置6VPE:
在IPv4骨干网上配置IGP协议,实现PE之间互通。
在各PE和P设备上配置MPLS和MPLS LDP,建立PE之间的LDP LSP。
在PE1和PE2上配置MP-IBGP,即PE间用BGP来交换IPv6 VPN路由。
在PE1和PE2上创建支持IPv4和IPv6地址族的VPN实例,并将PE连接CE的接口与VPN实例绑定。
在PE与CE之间配置BGP私网邻居(隧道转发)。
操作步骤
- 配置各设备上接口的IPv4和IPv6地址
具体配置过程请参见配置文件。
- 配置IPv4骨干网的IGP协议,实现PE之间互通,本例IGP以IS-IS为例
具体配置过程请参见配置文件。
- IPv4骨干网各设备及其接口使能MPLS、MPLS LDP,创建PE1和PE2之间的LDP LSP
具体配置过程请参见配置文件。
- PE之间建立BGP VPNv6对等体关系
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 3.3.3.9 as-number 100[*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1[*PE1-bgp] ipv6-family vpnv6[*PE1-bgp-af-vpnv6] peer 3.3.3.9 enable[*PE1-bgp-af-vpnv6] quit[*PE1-bgp] quit[*PE1] commit# 配置PE2。
[~PE2] bgp 100[*PE2-bgp] peer 1.1.1.9 as-number 100[*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1[*PE2-bgp] ipv6-family vpnv6[*PE2-bgp-af-vpnv6] peer 1.1.1.9 enable[*PE2-bgp-af-vpnv6] quit[*PE2-bgp] quit[*PE2] commit以上配置完成后,在PE上可通过display bgp vpnv6 all peer查看VPNv6对等体的建立情况。以PE1的显示为例:
[~PE1] display bgp vpnv6 all peerBGP local router ID : 192.168.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 4 3 0 00:01:50 Established 0
由上可以看到VPNv6对等体的状态为Established,说明PE1和PE2的VPNv6对等体关系已建立。
- PE上创建支持IPv4和IPv6地址族的VPN实例,并将PE连接CE的接口与VPN实例绑定
# 配置PE1。
[~PE1] ip vpn-instance vpna[*PE1-vpn-instance-vpna] ipv4-family[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 1:1[*PE1-vpn-instance-vpna-af-ipv4] quit[*PE1-vpn-instance-vpna] ipv6-family[*PE1-vpn-instance-vpna-af-ipv6] route-distinguisher 100:2[*PE1-vpn-instance-vpna-af-ipv6] vpn-target 2:2[*PE1-vpn-instance-vpna-af-ipv6] quit[*PE1-vpn-instance-vpna] quit[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.2 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] interface Loopback 0[*PE1-LoopBack0] ip binding vpn-instance vpna[*PE1-LoopBack0] ip address 1.1.1.1 32[*PE1-LoopBack0] quit[*PE1] commitPE2的配置与PE1类似,具体配置请参见配置文件。
- 在PE与CE之间配置BGP私网邻居(隧道转发)。
# 配置PE1。
[~PE1] mpls ldp vpn-instance vpna[*PE1-mpls-ldp-vpn-instance-vpna] quit[*PE1] ospf 1 vpn-instance vpna[*PE1-ospf-1] area 0[*PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[*PE1-ospf-1-area-0.0.0.0] quit[*PE1-ospf-1] quit[*PE1] bgp 100[*PE1-bgp] vpn-instance vpna[*PE1-bgp-instance-vpna] peer 4.4.4.9 as-number 100[*PE1-bgp-instance-vpna] peer 4.4.4.9 connect-interface LoopBack0[*PE1-bgp-instance-vpna] quit[*PE1-bgp] ipv6-family vpn-instance vpna[*PE1-bgp-6-vpna] peer 4.4.4.9 enable[*PE1-bgp-6-vpna] peer 4.4.4.9 label-route-capability[*PE1] commit# 配置CE1。
[~CE1] mpls lsr-id 4.4.4.9[*CE1] mpls[*CE1-mpls] mpls ldp[*CE1-mpls-ldp] quit[*CE1] ospf 1[*CE1-ospf-1] area 0[*CE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0[*CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[*CE1-ospf-1-area-0.0.0.0] quit[*CE1-ospf-1] quit[*CE1] interface gigabitethernet 1/0/0
[*CE1-GigabitEthernet1/0/0] mpls
[*CE1-GigabitEthernet1/0/0] mpls ldp
[*CE1-GigabitEthernet1/0/0] quit
[*CE1] bgp 100[*CE1-bgp] peer 1.1.1.1 as-number 100[*CE1-bgp] peer 1.1.1.1 connect-interface LoopBack1[*CE1-bgp] ipv6-family unicast[*CE1-bgp-af-ipv6] peer 1.1.1.1 enable[*CE1-bgp-af-ipv6] peer 1.1.1.1 label-route-capability[*CE1-bgp-af-ipv6] network 2001:DB8:8:: 64[*CE1-bgp-af-ipv6] quit[*CE1-bgp] quit[*CE1] commitPE2-CE2之间的配置与PE1-CE1之间类似,具体配置信息请参见配置文件。
- 检查配置结果
以上配置完成后,CE1与CE2上可以看到对方的IPv6路由,并且彼此之间能够带源Ping通。以CE1的显示为例:
[~CE1] display ipv6 routing-tableRouting Table : _public_ Destinations : 7 Routes : 7 Destination : ::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : ::FFFF:127.0.0.0 PrefixLength : 104 NextHop : ::FFFF:127.0.0.1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : ::FFFF:127.0.0.1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : InLoopBack0 Flags : D Destination : 2001:DB8:8:: PrefixLength : 64 NextHop : 2001:DB8:8::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : LoopBack0 Flags : D Destination : 2001:DB8:8::1 PrefixLength : 128 NextHop : ::1 Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : LoopBack0 Flags : D Destination : 2001:DB8:9:: PrefixLength : 64 NextHop : ::FFFF:1.1.1.1 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:10.1.1.2 TunnelID : 0x0000000001004c4b42 Interface : GigabitEthernet2/0/0 Flags : RD Destination : FE80:: PrefixLength : 10 NextHop : :: Preference : 0 Cost : 0 Protocol : Direct RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : DB[~CE1] ping ipv6 -a 2001:db8:8::1 2001:db8:9::1PING 2001:db8:9::1 : 56 data bytes, press CTRL_C to break Reply from 2001:db8:9::1 bytes=56 Sequence=1 hop limit=62 time = 170 ms Reply from 2001:db8:9::1 bytes=56 Sequence=2 hop limit=62 time = 140 ms Reply from 2001:db8:9::1 bytes=56 Sequence=3 hop limit=62 time = 150 ms Reply from 2001:db8:9::1 bytes=56 Sequence=4 hop limit=62 time = 140 ms Reply from 2001:db8:9::1 bytes=56 Sequence=5 hop limit=62 time = 170 ms --- 2001:db8:9::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 140/154/170 ms
配置文件
PE1配置文件
# sysname PE1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 apply-label per-instance vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity ipv6-family route-distinguisher 100:2 apply-label per-instance vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 1.1.1.9 # mpls # mpls ldp # mpls ldp vpn-instance vpna # isis 1 network-entity 10.1111.1111.1111.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip binding vpn-instance vpna ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # vpn-instance vpna peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack0 # ipv6-family vpnv6 policy vpn-target peer 3.3.3.9 enable # ipv6-family vpn-instance vpna peer 4.4.4.9 enable peer 4.4.4.9 label-route-capability # ospf 1 vpn-instance vpna area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 # return
P的配置文件
# sysname P # mpls lsr-id 2.2.2.9 # mpls # mpls ldp # isis 1 network-entity 20.2222.2222.2222.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 192.168.2.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return
PE2的配置文件
# sysname PE2 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 apply-label per-instance vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity ipv6-family route-distinguisher 100:2 apply-label per-instance vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 3.3.3.9 # mpls # mpls ldp # mpls ldp vpn-instance vpna # isis 1 network-entity 30.3333.3333.3333.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 192.168.2.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip binding vpn-instance vpna ip address 3.3.3.3 255.255.255.255 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # vpn-instance vpna peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack0 # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn-instance vpna import-route direct peer 5.5.5.9 enable peer 5.5.5.9 label-route-capability # ospf 1 vpn-instance vpna area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.2.1.0 0.0.0.255 # return
CE1的配置文件
# sysname CE1 # mpls lsr-id 4.4.4.9 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ipv6 enable ipv6 address 2001:DB8:8::1/64 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv6-family unicast undo synchronization network 2001:DB8:8:: 64 peer 1.1.1.1 enable peer 1.1.1.1 label-route-capability # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # returnCE2的配置文件
# sysname CE2 # mpls lsr-id 5.5.5.9 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ipv6 enable ipv6 address 2001:DB8:9::1/64 # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv6-family unicast undo synchronization network 2001:DB8:9:: 64 peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 10.2.1.0 0.0.0.255 # return
