华为数通HCIE最新变题:SRv6代替BGP VPNv4实现不同站点间通信
本帖最后由 乾颐堂 于 2023-6-13 17:03 编辑https://editor-material.365editor.com/style/20230220167686474063f2ece47a929material.gif
今天华为数通HCIE考场刚刚传来变题消息,大堂子立刻从军哥那里给大家要来了大家需要的技术文档!
SRv6代替BGP VPNv4实现不同站点间通信来了!!
新鲜出炉,速速来看!
https://editor-material.365editor.com/style/20230201/1675235713/86648300_0.png01 实验目的
使用SRv6代替BGP VPNv4的MPLS通信,实现3个客户站点的通信
https://editor-material.365editor.com/style/20230201/1675235713/86648300_0.png02 实验拓扑
https://editor-user.365editor.com/98/85/4933185/1686568135646601.png
https://editor-material.365editor.com/style/20230201/1675235713/86648300_0.png03 实验步骤
步骤1.配置骨干网的IGP协议
本例采用isis协议,本步骤的目的是使得作为BGP更新源的环回接口0可路由通信。
配置如下
3台PE设备关闭DCNundo dcnWarning: This operation will disable DCN function. Continue? :yPE1:isis 1 is-level level-2 cost-style wide network-entity 49.1111.1111.1111.1111.00 is-name PE1 # ipv6 enable topology ipv6interface LoopBack0 description BGP-Source ipv6 enable ipv6 address 1::1/128 isis ipv6 enable 1interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2123::1/64 isis ipv6 enable 1PE2:isis 1 is-level level-2 cost-style wide network-entity 49.2222.2222.2222.2222.00 is-name PE2 # ipv6 enable topology ipv6interface LoopBack0 description BGP-Source ipv6 enable ipv6 address 2::2/128 isis ipv6 enable 1interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2123::2/64 isis ipv6 enable 1PE3:#isis 1 is-level level-2 cost-style wide network-entity 49.3333.3333.3333.3333.00 is-name PE3 # ipv6 enable topology ipv6interface LoopBack0 ipv6 enable ipv6 address 3::3/128 isis ipv6 enable 1interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2123::3/64 isis ipv6 enable 1
验证ISIS的邻居关系,正确结果如下所示
display isis peer Peer information for ISIS(1) System Id Interface Circuit Id State HoldTime Type PRI--------------------------------------------------------------------------------PE1* Eth1/0/0 PE3.01 Up 29s L2 64 PE3* Eth1/0/0 PE3.01 Up 7s L2 64
查看ISIS得到的IPv6路由表,重点观察其他2个设备的环回接口地址的路由信息
display ipv6 routing-table protocol isis _public_ Routing Table : IS-ISSummary Count : 4
IS-IS routing table status : <Active>Summary Count : 2
Destination: 1::1 PrefixLength : 128NextHop : FE80::3A6E:A4FF:FE01:100 Preference : 15Cost : 10 Protocol : ISIS-L2RelayNextHop : :: TunnelID : 0x0Interface : Ethernet1/0/0 Flags : D
Destination: 3::3 PrefixLength : 128NextHop : FE80::3A6E:A4FF:FE03:100 Preference : 15Cost : 10 Protocol : ISIS-L2RelayNextHop : :: TunnelID : 0x0Interface : Ethernet1/0/0 Flags : D
IS-IS routing table status : <Inactive>Summary Count : 2
Destination: 2::2 PrefixLength : 128NextHop : 2::2 Preference : 15Cost : 0 Protocol : ISIS-L2RelayNextHop : :: TunnelID : 0x0Interface : LoopBack0 Flags :
Destination: 2123:: PrefixLength : 64NextHop : 2123::2 Preference : 15Cost : 0 Protocol : ISIS-L2RelayNextHop : :: TunnelID : 0x0Interface : Ethernet1/0/0 Flags :
测试环回接口的通信,便于后期BGP邻居关系的建立
ping ipv6 -a 2::2 1::1PING 1::1 : 56data bytes, press CTRL_C to break Reply from 1::1 bytes=56 Sequence=1 hop limit=64 time=38 ms Reply from 1::1 bytes=56 Sequence=2 hop limit=64 time=43 ms Reply from 1::1 bytes=56 Sequence=3 hop limit=64 time=34 ms --- 1::1 ping statistics--- 3 packet(s) transmitted 3 packet(s) received 0.00% packet loss round-trip min/avg/max=34/38/43 ms
ping ipv6 -a 2::2 3::3PING 3::3 : 56data bytes, press CTRL_C to break Reply from 3::3 bytes=56 Sequence=1 hop limit=64 time=29 ms Reply from 3::3 bytes=56 Sequence=2 hop limit=64 time=43 ms Reply from 3::3 bytes=56 Sequence=3 hop limit=64 time=45 ms Reply from 3::3 bytes=56 Sequence=4 hop limit=64 time=38 ms
步骤2.配置PE的VPNv4邻居关系和VPN实例等L3VPN内容
配置VPNv4邻居,R2作为RR的角色
PE2:bgp 100 router-id 2.2.2.2 peer 1::1 as-number 100 peer 1::1 connect-interface LoopBack0 peer 3::3 as-number 100 peer 3::3 connect-interface LoopBack0 # ipv4-family unicastundo synchronization # ipv4-family vpnv4policy vpn-targetpeer 1::1 enablepeer 1::1 reflect-clientpeer 3::3 enablepeer 3::3 reflect-clientPE1:bgp 100 router-id 1.1.1.1 peer 2::2 as-number 100 peer 2::2 connect-interface LoopBack0 # ipv4-family unicastundo synchronization # ipv4-family vpnv4policy vpn-targetpeer 2::2 enablePE3:bgp 100 router-id 3.3.3.3 peer 2::2 as-number 100 peer 2::2 connect-interface LoopBack0 # ipv4-family unicastundo synchronization # ipv4-family vpnv4policy vpn-targetpeer 2::2 enabledis bgp vpnv4 all peer
BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peers in established state : 2
Peer V ASMsgRcvdMsgSentOutQUp/Down StatePrefRcv1::1 4 100 7 7 0 00:03:20 Established 03::3 4 100 6 5 0 00:02:23 Established 0 BGP的VPNv4邻居关系一切正常,由于暂时没有部署VPN实例,此时没有客户路由出现
步骤3.PE上配置VPN实例,同客户端的协议为BGP
在3台PE设备配置VPN实例
ip vpn-instance QYT ipv4-familyroute-distinguisher 1:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity
配置PE1和CE-HZ的内容
PE1bgp 100 ipv4-family vpn-instance QYTpeer 10.1.12.2 as-number 64512peer 10.1.12.2 substitute-as CE-HZ: bgp 64512 router-id 10.2.2.2 peer 10.1.12.1 as-number 100 # ipv4-family unicastundo synchronizationnetwork 10.2.2.2 255.255.255.255 peer 10.1.12.1 enable
配置PE2和CE-SH的内容
PE2bgp 100 ipv4-family vpn-instance QYTpeer 10.1.23.3 as-number 64512peer 10.1.23.3 substitute-asCE-SHbgp 64512 router-id 10.3.3.3 peer 10.1.23.2 as-number 100 # ipv4-family unicastundo synchronizationnetwork 10.3.3.3 255.255.255.255 peer 10.1.23.2 enable
配置PE3和CE-BJ的内容
PE3:bgp 100 ipv4-family vpn-instance QYTpeer 10.1.34.4 as-number 64512peer 10.1.34.4 substitute-asCE-BJbgp 64512 router-id 10.4.4.4 peer 10.1.34.3 as-number 100 # ipv4-family unicastundo synchronizationnetwork 10.4.4.4 255.255.255.255 peer 10.1.34.3 enable
在PE2上查看所有客户侧的路由信息
display bgp vpnv4 all routing-table
BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found
Total number of routes from all PE: 3 Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.2.2.2/32 1::1 0 100 0 64512i *> 10.3.3.3/32 10.1.23.3 0 0 64512i *>i 10.4.4.4/32 3::3 0 100 0 64512i VPN-Instance QYT, Router ID 2.2.2.2:
Total Number of Routes: 3 Network NextHop MED LocPrf PrefVal Path/Ogn
i 10.2.2.2/32 1::1 0 100 0 64512i *> 10.3.3.3/32 10.1.23.3 0 0 64512i i 10.4.4.4/32 3::3 0 100 0 64512i
到此常规的L3VPN已经配置完毕,和MPLS的L3VPN没有太大区别
步骤4.配置SRv6
重要的SRv6逻辑:
和BGP的VPNv4类似,需要在在PE之间建立SRv6 BE的转发路径注意,End.DT4标准的SID(前缀ID)可以通过BGP动态分配,也可以静态配置。静态配置和动态分配的SID同时存在时,静态配置优先生效PE设备上经典配置步骤:
1.全局使能SRv6,配置封装源地址、Locator(定位符)
segment-routing ipv6 //进入SRv6配置模式encapsulation source-address 2001::2:2 locator QYT ipv6-prefix 2001:2:: 96 static 16 //配置定位符命名为QYT,分配的前缀为2001:2::/96的静态前缀PE1:segment-routing ipv6//进入SRv6配置模式 encapsulation source-address 1::1 //配置封装SRv6的源地址,该地址通常通告在全局的IGP中 locator QYT ipv6-prefix 2001:1:: 96 static 16 //配置定位符命名为QYT,分配的前缀为2001:1::/96的静态前缀,
每个PE可以分配不同的前缀定位符
PE2:segment-routing ipv6 encapsulation source-address 2::2 locator QYT ipv6-prefix 2001:2:: 96 static 16PE3:segment-routing ipv6 encapsulation source-address 3::3 locator QYT ipv6-prefix 2001:3:: 96 static 16
查看SRv6分配的定位符信息
display segment-routing ipv6 locator QYT verbose
Locator Configuration Table ---------------------------
LocatorName: QYT LocatorID : 2IPv6Prefix : 2001:1:: PrefixLength: 96StaticLength : 16 Reference : 0Default : N ArgsLength: 0AutoSIDBegin : 2001:1::1:0AutoSIDEnd : 2001:1::FFFF:FFFFdisplay segment-routing ipv6 locator QYT verbose
Locator Configuration Table ---------------------------
LocatorName: QYT LocatorID : 2IPv6Prefix : 2001:2:: PrefixLength: 96StaticLength : 16 Reference : 0Default : N ArgsLength: 0AutoSIDBegin : 2001:2::1:0AutoSIDEnd : 2001:2::FFFF:FFFF
Total Locator(s): 1display segment-routing ipv6 locator QYT verbose
Locator Configuration Table ---------------------------
LocatorName: QYT LocatorID : 1IPv6Prefix : 2001:3:: PrefixLength: 96StaticLength : 16 Reference : 0Default : N ArgsLength: 0AutoSIDBegin : 2001:3::1:0AutoSIDEnd : 2001:3::FFFF:FFFF
2.PE上在BGP的VPNv4地址族下向邻居传递私网路由时携带SID信息
bgp 100
ipv4-family vpnv4
peer 2::2 prefix-sid //VPNv4地址族下向邻居2::2(RR)传递客户路由时携带SID信息,该信息被BGP的Update报文承载!bgp 100
ipv4-family vpnv4
peer 1::1 prefix-sid peer 3::3 prefix-sid !bgp 100
ipv4-family vpnv4
peer 2::2 prefix-sid
3.PE上在BGP的VPN实例地址族下开启为客户的路由分配前缀ID的功能,并调用之前配置的定位符
bgp 100
ipv4-family vpn-instance QYT
segment-routing ipv6 best-effort //BGP 实例地址族下开启SRv6 BE功能
segment-routing ipv6 locator QYT //调用之前配置的名为QYT的定位符,来自客户的路由可以携带该定位符分配的SID!bgp 100
ipv4-family vpn-instance QYTsegment-routing ipv6 locator QYTsegment-routing ipv6 best-effort!bgp 100 ipv4-family vpn-instance QYTsegment-routing ipv6 locator QYTsegment-routing ipv6 best-effort
4.IGP协议下调用之前配置的SRv6 Locator功能,向邻居更新SRv6 SID在PE1到3设备上完成如下配置:
isissegment-routing ipv6 locator QYTdisplay isis route //查看ISIS协议的路由,在开启ISIS支持段路由并调用后,会在路由中看到对应的去往其他PE环回口的分配的前缀段 ISIS(1) Level-2 Forwarding Table --------------------------------
IPV6 Dest. ExitInterface NextHop Cost Flags --------------------------------------------------------------------------------1::1/128 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-2::2/128 Loop0 Direct 0 D/-/L/-3::3/128 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-2001:1::/96 Eth1/0/0 FE80::3A6E:A4FF:FE01:100 10 A/-/-/-2001:2::/96 - - 0 A/-/L/-2001:3::/96 Eth1/0/0 FE80::3A6E:A4FF:FE03:100 10 A/-/-/-2123::/64 Eth1/0/0 Direct 10 D/-/L/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set, LP-Local Prefix-Sid
查看SRv6转发VPN实例路由数据的信息
display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table -------------------------------------
SID : 2001:1::1:0/128 FuncType : End.DT4VPN Name : QYT VPN ID : 2LocatorName: QYT LocatorID: 2
Total SID(s): 1display segment-routing ipv6 local-sid end-dt4forwarding
My Local-SID End.DT4 Forwarding Table -------------------------------------
SID : 2001:2::1:0/128 FuncType : End.DT4VPN Name : QYT VPN ID : 2LocatorName: QYT LocatorID: 2display segment-routing ipv6 local-sid end-dt4 forwarding
My Local-SID End.DT4 Forwarding Table -------------------------------------
SID : 2001:3::1:0/128 FuncType : End.DT4VPN Name : QYT VPN ID : 2LocatorName: QYT LocatorID: 1
Total SID(s): 1
测试站点之间通信情况
<CE-BJ>ping -a 10.4.4.4 10.3.3.3PING 10.3.3.3: 56data bytes, press CTRL_C to break Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=253 time=60 ms Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=253 time=40 ms Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=253 time=60 ms Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=253 time=50 ms
--- 10.3.3.3 ping statistics --- 4 packet(s) transmitted 4 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/52/60 ms
<CE-BJ>ping -a 10.4.4.4 10.2.2.2PING 10.2.2.2: 56data bytes, press CTRL_C to break Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=253 time=40 ms Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=253 time=40 ms Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=253 time=60 ms
--- 10.2.2.2 ping statistics --- 3 packet(s) transmitted
更多资料加我WX:qyt3378266435
https://editor-material.365editor.com/style/20230220167686474063f2ece49a3d3material.gif
https://editor-material.365editor.com/style/20230220167686474063f2ece4b7c43material.gif
页:
[1]