华为数通HCIE最新变题：SRv6代替BGP VPNv4实现不同站点间通信

乾颐堂 · 发表于 2023-6-13 17:05:39

登录/注册后可看大图

今天华为数通HCIE考场刚刚传来变题消息，大堂子立刻从军哥那里给大家要来了大家需要的技术文档！

SRv6代替BGP VPNv4实现不同站点间通信来了！！

新鲜出炉，速速来看！

登录/注册后可看大图

01 实验目的

使用SRv6代替BGP VPNv4的MPLS通信，实现3个客户站点的通信

登录/注册后可看大图

02 实验拓扑

登录/注册后可看大图

03 实验步骤

步骤1.配置骨干网的IGP协议

本例采用isis协议，本步骤的目的是使得作为BGP更新源的环回接口0可路由通信。

配置如下

3台PE设备关闭DCN

undo dcn

Warning: This operation will disable DCN function. Continue? [Y/N]:y

PE1：

isis 1

is-level level-2

cost-style wide

network-entity 49.1111.1111.1111.1111.00

is-name PE1

#

ipv6 enable topology ipv6

interface LoopBack0

description BGP-Source

ipv6 enable

ipv6 address 1::1/128

isis ipv6 enable 1

interface Ethernet1/0/0

undo shutdown

ipv6 enable

ipv6 address 2123::1/64

isis ipv6 enable 1

PE2：

isis 1

is-level level-2

cost-style wide

network-entity 49.2222.2222.2222.2222.00

is-name PE2

#

ipv6 enable topology ipv6

interface LoopBack0

description BGP-Source

ipv6 enable

ipv6 address 2::2/128

isis ipv6 enable 1

interface Ethernet1/0/0

undo shutdown

ipv6 enable

ipv6 address 2123::2/64

isis ipv6 enable 1

PE3：

#

isis 1

is-level level-2

cost-style wide

network-entity 49.3333.3333.3333.3333.00

is-name PE3

#

ipv6 enable topology ipv6

interface LoopBack0

ipv6 enable

ipv6 address 3::3/128

isis ipv6 enable 1

interface Ethernet1/0/0

undo shutdown

ipv6 enable

ipv6 address 2123::3/64

isis ipv6 enable 1

验证ISIS的邻居关系，正确结果如下所示

[PE2]display isis peer

Peer information for ISIS(1)

System Id Interface Circuit Id State HoldTime Type PRI

--------------------------------------------------------------------------------

PE1* Eth1/0/0 PE3.01 Up 29s L2 64

PE3* Eth1/0/0 PE3.01 Up 7s L2 64

查看ISIS得到的IPv6路由表，重点观察其他2个设备的环回接口地址的路由信息

[PE2]display ipv6 routing-table protocol isis

_public_ Routing Table : IS-IS

Summary Count : 4

IS-IS routing table status : <Active>

Summary Count : 2

Destination : 1::1 PrefixLength : 128

NextHop : FE80::3A6E:A4FF:FE01:100 Preference : 15

Cost : 10 Protocol : ISIS-L2

RelayNextHop : :: TunnelID : 0x0

Interface : Ethernet1/0/0 Flags : D

Destination : 3::3 PrefixLength : 128

NextHop : FE80::3A6E:A4FF:FE03:100 Preference : 15

Cost : 10 Protocol : ISIS-L2

RelayNextHop : :: TunnelID : 0x0

Interface : Ethernet1/0/0 Flags : D

IS-IS routing table status : <Inactive>

Summary Count : 2

Destination : 2::2 PrefixLength : 128

NextHop : 2::2 Preference : 15

Cost : 0 Protocol : ISIS-L2

RelayNextHop : :: TunnelID : 0x0

Interface : LoopBack0 Flags :

Destination : 2123:: PrefixLength : 64

NextHop : 2123::2 Preference : 15

Cost : 0 Protocol : ISIS-L2

RelayNextHop : :: TunnelID : 0x0

Interface : Ethernet1/0/0 Flags :

测试环回接口的通信，便于后期BGP邻居关系的建立

[PE2]ping ipv6 -a 2::2 1::1

PING 1::1 : 56 data bytes, press CTRL_C to break

Reply from 1::1

bytes=56 Sequence=1 hop limit=64 time=38 ms

Reply from 1::1

bytes=56 Sequence=2 hop limit=64 time=43 ms

Reply from 1::1

bytes=56 Sequence=3 hop limit=64 time=34 ms

--- 1::1 ping statistics---

3 packet(s) transmitted

3 packet(s) received

0.00% packet loss

round-trip min/avg/max=34/38/43 ms

[PE2]ping ipv6 -a 2::2 3::3

PING 3::3 : 56 data bytes, press CTRL_C to break

Reply from 3::3

bytes=56 Sequence=1 hop limit=64 time=29 ms

Reply from 3::3

bytes=56 Sequence=2 hop limit=64 time=43 ms

Reply from 3::3

bytes=56 Sequence=3 hop limit=64 time=45 ms

Reply from 3::3

bytes=56 Sequence=4 hop limit=64 time=38 ms

步骤2.配置PE的VPNv4邻居关系和VPN实例等L3VPN内容

配置VPNv4邻居，R2作为RR的角色

PE2：

bgp 100

router-id 2.2.2.2

peer 1::1 as-number 100

peer 1::1 connect-interface LoopBack0

peer 3::3 as-number 100

peer 3::3 connect-interface LoopBack0

#

ipv4-family unicast

undo synchronization

#

ipv4-family vpnv4

policy vpn-target

peer 1::1 enable

peer 1::1 reflect-client

peer 3::3 enable

peer 3::3 reflect-client

PE1：

bgp 100

router-id 1.1.1.1

peer 2::2 as-number 100

peer 2::2 connect-interface LoopBack0

#

ipv4-family unicast

undo synchronization

#

ipv4-family vpnv4

policy vpn-target

peer 2::2 enable

PE3：

bgp 100

router-id 3.3.3.3

peer 2::2 as-number 100

peer 2::2 connect-interface LoopBack0

#

ipv4-family unicast

undo synchronization

#

ipv4-family vpnv4

policy vpn-target

peer 2::2 enable

[PE2]dis bgp vpnv4 all peer

BGP local router ID : 2.2.2.2

Local AS number : 100

Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

1::1 4 100 7 7 0 00:03:20 Established 0

3::3 4 100 6 5 0 00:02:23 Established 0

BGP的VPNv4邻居关系一切正常，由于暂时没有部署VPN实例，此时没有客户路由出现

步骤3.PE上配置VPN实例，同客户端的协议为BGP

在3台PE设备配置VPN实例

ip vpn-instance QYT

ipv4-family

route-distinguisher 1:1

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

配置PE1和CE-HZ的内容

PE1

bgp 100

ipv4-family vpn-instance QYT

peer 10.1.12.2 as-number 64512

peer 10.1.12.2 substitute-as

CE-HZ：

bgp 64512

router-id 10.2.2.2

peer 10.1.12.1 as-number 100

#

ipv4-family unicast

undo synchronization

network 10.2.2.2 255.255.255.255

peer 10.1.12.1 enable

配置PE2和CE-SH的内容

PE2

bgp 100

ipv4-family vpn-instance QYT

peer 10.1.23.3 as-number 64512

peer 10.1.23.3 substitute-as

CE-SH

bgp 64512

router-id 10.3.3.3

peer 10.1.23.2 as-number 100

#

ipv4-family unicast

undo synchronization

network 10.3.3.3 255.255.255.255

peer 10.1.23.2 enable

配置PE3和CE-BJ的内容

PE3:

bgp 100

ipv4-family vpn-instance QYT

peer 10.1.34.4 as-number 64512

peer 10.1.34.4 substitute-as

CE-BJ

bgp 64512

router-id 10.4.4.4

peer 10.1.34.3 as-number 100

#

ipv4-family unicast

undo synchronization

network 10.4.4.4 255.255.255.255

peer 10.1.34.3 enable

在PE2上查看所有客户侧的路由信息

[PE2]display bgp vpnv4 all routing-table

BGP Local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - damped, x - best external, a - add path,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V - valid, I - invalid, N - not-found

Total number of routes from all PE: 3

Route Distinguisher: 1:1

Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 10.2.2.2/32 1::1 0 100 0 64512i

*> 10.3.3.3/32 10.1.23.3 0 0 64512i

*>i 10.4.4.4/32 3::3 0 100 0 64512i

VPN-Instance QYT, Router ID 2.2.2.2:

Total Number of Routes: 3

Network NextHop MED LocPrf PrefVal Path/Ogn

i 10.2.2.2/32 1::1 0 100 0 64512i

*> 10.3.3.3/32 10.1.23.3 0 0 64512i

i 10.4.4.4/32 3::3 0 100 0 64512i

到此常规的L3VPN已经配置完毕，和MPLS的L3VPN没有太大区别

步骤4.配置SRv6

重要的SRv6逻辑：

和BGP的VPNv4类似，需要在在PE之间建立SRv6 BE的转发路径

注意，End.DT4标准的SID（前缀ID）可以通过BGP动态分配，也可以静态配置。静态配置和动态分配的SID同时存在时，静态配置优先生效

PE设备上经典配置步骤：

1.全局使能SRv6，配置封装源地址、Locator（定位符）

segment-routing ipv6 //进入SRv6配置模式

encapsulation source-address 2001::2:2

locator QYT ipv6-prefix 2001:2:: 96 static 16 //配置定位符命名为QYT，分配的前缀为2001:2::/96的静态前缀

PE1：

segment-routing ipv6//进入SRv6配置模式

encapsulation source-address 1::1 //配置封装SRv6的源地址，该地址通常通告在全局的IGP中

locator QYT ipv6-prefix 2001:1:: 96 static 16 //配置定位符命名为QYT，分配的前缀为2001:1::/96的静态前缀，

每个PE可以分配不同的前缀定位符

PE2：

segment-routing ipv6

encapsulation source-address 2::2

locator QYT ipv6-prefix 2001:2:: 96 static 16

PE3：

segment-routing ipv6

encapsulation source-address 3::3

locator QYT ipv6-prefix 2001:3:: 96 static 16

查看SRv6分配的定位符信息

[PE1]display segment-routing ipv6 locator QYT verbose

Locator Configuration Table

---------------------------

LocatorName : QYT LocatorID : 2

IPv6Prefix : 2001:1:: PrefixLength: 96

StaticLength : 16 Reference : 0

Default : N ArgsLength : 0

AutoSIDBegin : 2001:1::1:0

AutoSIDEnd : 2001:1::FFFF:FFFF

[PE2]display segment-routing ipv6 locator QYT verbose

Locator Configuration Table

---------------------------

LocatorName : QYT LocatorID : 2

IPv6Prefix : 2001:2:: PrefixLength: 96

StaticLength : 16 Reference : 0

Default : N ArgsLength : 0

AutoSIDBegin : 2001:2::1:0

AutoSIDEnd : 2001:2::FFFF:FFFF

Total Locator(s): 1

[PE3]display segment-routing ipv6 locator QYT verbose

Locator Configuration Table

---------------------------

LocatorName : QYT LocatorID : 1

IPv6Prefix : 2001:3:: PrefixLength: 96

StaticLength : 16 Reference : 0

Default : N ArgsLength : 0

AutoSIDBegin : 2001:3::1:0

AutoSIDEnd : 2001:3::FFFF:FFFF

2.PE上在BGP的VPNv4地址族下向邻居传递私网路由时携带SID信息

[PE1]bgp 100

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 2::2 prefix-sid //VPNv4地址族下向邻居2::2(RR)传递客户路由时携带SID信息，

该信息被BGP的Update报文承载

！

[PE2]bgp 100

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 1::1 prefix-sid

[PE2-bgp-af-vpnv4]peer 3::3 prefix-sid

！

[PE3]bgp 100

[PE3-bgp]ipv4-family vpnv4

[PE3-bgp-af-vpnv4]peer 2::2 prefix-sid

3.PE上在BGP的VPN实例地址族下开启为客户的路由分配前缀ID的功能，并调用之前配置的定位符

[PE1]bgp 100

[PE1-bgp]ipv4-family vpn-instance QYT

[PE1-bgp-QYT]segment-routing ipv6 best-effort //BGP 实例地址族下开启SRv6 BE功能

[PE1-bgp-QYT]segment-routing ipv6 locator QYT //调用之前配置的名为QYT的定位符,来自客户的路由可以携带该定位符分配的SID

!

[PE2]bgp 100

[PE2-bgp] ipv4-family vpn-instance QYT

[PE2-bgp-QYT] segment-routing ipv6 locator QYT

[PE2-bgp-QYT] segment-routing ipv6 best-effort

!

[PE3]bgp 100

[PE3-bgp] ipv4-family vpn-instance QYT

[PE3-bgp-QYT] segment-routing ipv6 locator QYT

[PE3-bgp-QYT] segment-routing ipv6 best-effort

4.IGP协议下调用之前配置的SRv6 Locator功能，向邻居更新SRv6 SID在PE1到3设备上完成如下配置：

isis

segment-routing ipv6 locator QYT

[PE2]display isis route //查看ISIS协议的路由，在开启ISIS支持段路由并调用后，会在路由中看到对应的去往其他PE环回口的分配的前缀段

ISIS(1) Level-2 Forwarding Table

--------------------------------

IPV6 Dest. ExitInterface NextHop Cost Flags

--------------------------------------------------------------------------------

1::1/128 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-

2::2/128 Loop0 Direct 0 D/-/L/-

3::3/128 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-

2001:1::/96 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-

2001:2::/96 - - 0 A/-/L/-

2001:3::/96 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-

2123::/64 Eth1/0/0 Direct 10 D/-/L/-

Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,

U-Up/Down Bit Set, LP-Local Prefix-Sid

查看SRv6转发VPN实例路由数据的信息

[PE1]display segment-routing ipv6 local-sid end-dt4 forwarding

My Local-SID End.DT4 Forwarding Table

-------------------------------------

SID : 2001:1::1:0/128 FuncType : End.DT4

VPN Name : QYT VPN ID : 2

LocatorName: QYT LocatorID: 2

Total SID(s): 1

[PE2]display segment-routing ipv6 local-sid end-dt4 forwarding

My Local-SID End.DT4 Forwarding Table

-------------------------------------

SID : 2001:2::1:0/128 FuncType : End.DT4

VPN Name : QYT VPN ID : 2

LocatorName: QYT LocatorID: 2

[PE3]display segment-routing ipv6 local-sid end-dt4 forwarding

My Local-SID End.DT4 Forwarding Table

-------------------------------------

SID : 2001:3::1:0/128 FuncType : End.DT4

VPN Name : QYT VPN ID : 2

LocatorName: QYT LocatorID: 1

Total SID(s): 1

测试站点之间通信情况

<CE-BJ>ping -a 10.4.4.4 10.3.3.3

PING 10.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=253 time=60 ms

Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=253 time=40 ms

Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=253 time=60 ms

Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=253 time=50 ms

--- 10.3.3.3 ping statistics ---

4 packet(s) transmitted

4 packet(s) received

0.00% packet loss

round-trip min/avg/max = 40/52/60 ms

<CE-BJ>ping -a 10.4.4.4 10.2.2.2

PING 10.2.2.2: 56 data bytes, press CTRL_C to break

Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=253 time=40 ms

Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=253 time=40 ms

Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=253 time=60 ms

--- 10.2.2.2 ping statistics ---

3 packet(s) transmitted

更多学习资料加我WX：qyt3378266435分享给大家！

登录/注册后可看大图

xunwokong · 发表于 2023-6-26 21:43:35

大佬牛啊

shaonao · 发表于 2023-7-5 09:50:44

学习了。。

shaonao · 发表于 2023-7-5 09:50:53

学习了。。

账号		自动登录	找回密码
密码			论坛注册

[分享] 华为数通HCIE最新变题：SRv6代替BGP VPNv4实现不同站点间通信

相关帖子

客服中心

投诉建议