目录
4.5.4 配置BGP EVPN发送SRv6封装的EVPN路由
5.5 检查vpn路由在以evpn路由方式发送时携带的相关end.dt4或者end.dt6信息
一、实验目的
通过LAB了解SRv6基本概念、SRv6 BE、SRv6 TE Policy、SRv6 TE Flow Group工作机制、基本配置。
二、实验环境
2.1 实验拓扑
2.2 数据准备
2.2.1 IPv4/IPv6地址
| IPv4 | IPv6 | |
| Loopback0地址 | ||
| PE1 | 192.168.1.1/32 | 2001:1::1/128 |
| P2 | 192.168.2.1/32 | 2001:2::1/128 |
| P3 | 192.168.3.1/32 | 2001:3::1/128 |
| PE4 | 192.168.4.1/32 | 2001:4::1/128 |
| 设备互联地址 | ||
| 设备之间互联地址 | 192.168.AB.0/24 比如PE1和P2互联地址分别为:192.168.12.1和192.168.12.2 | 2001:AB::/64 比如PE1和P2互联地址分别为2001:12::1和2001:12::2 |
| 终端地址 | ||
| CE1 | 172.10.1.10/24 | 172.10.1.10/24 |
| CE2 | 172.20.1.10/24 | 172:20:1::10 |
2.2.2 SRv6 SID 地址
| PE1 | P2 | P3 | PE4 | |
| Locator | 3001:1::/80 | 3001:1::/80 | 3001:1::/80 | 3001:1::/80 |
| Locator name | PE1 | P2 | P3 | PE4 |
| End | ::10 | ::10 | ::10 | ::10 |
| End.X | ::AB(注) | ::AB | ::AB | ::AB |
| 注:比如PE1上,针对PE1和P2互联端口End.X为::12 | ||||
| End.DT4 | ::4001 | :4001 | ||
| End.DT6 | ::6001 | ::6001 | ||
| End.OP | ::7001 | ::7001 | ::7001 | ::7001 |
2.2.3 VPN规划
| RD | RT | |
| vpn1 | PE1:100:1 PE4:100:2 | 100:100 |
2.3 设备型号
| 名称 | 功能 | ENSP型号 | ENSP版本 |
| PE1 P2 P3 PE4 | P/PE | NE路由器 | VRP (R) software, Version 8.221 (NE40E-X16 V800R022C10SPC100B315) |
| CE1 CE2 | CE | PC终端 | |
| ENSPPRO软件版本 | V100R001C00 |
三、 实验内容
- 基础配置:包括端口、ISIS、VPN、BGP、SRv6基础配置
- SRv6 BE测试
- SRv6 TE Policy测试
- SRv6 TE Flow Group测试
四、基础配置
4.1 端口基础配置
配置各接口的IPv4/IPv6地址。
端口配置IPv4地址非必须,可以不配。
PE1配置,其他类似:
#
Sysnam PE1
#
int lo0
ipv6 enable
ip add 192.168.1.1 32
ipv6 add 2001:1::1 128
#
int ether3/0/0
ipv6 enable
ip add 192.168.12.1 24
ipv6 add 2001:12::1 64
#
int ether3/0/1
ipv6 enable
ip add 192.168.13.1 24
ipv6 add 2001:13::1 64
#
检查命令:
dis ip int brief
dis ipv6 int brief4.2 ISIS基础配置
ISIS路由器的network-entity(xx.xxxx.xxxx.xxxx.xxxx.00)可自行定义,这里采用loopback0地址填充为system id,比如loopback地址是192.168.1.1,则系统ID:1921:6800:1001。
PE1配置,其他类似:
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.1921.6800.1001.00
is-name PE1
#
ipv6 enable topology ipv6
#
int lo0
isis enable 100
isis ipv6 enable 100
#
int ether3/0/0
isis enable 100
isis ipv6 enable 100
isis circuit-type p2p
#
int ether3/0/1
isis enable 100
isis ipv6 enable 100
isis circuit-type p2p
#
检查命令:
display isis peer
display isis route
display ip routing-table
4.3 VPN基础配置
ENSPPro模拟软件比较消耗内存资源,为了节约电脑内存资源,简化CE侧的接入,终端直接接入PE。
在PE设备上配置VPN实例并绑定到接入侧接口。同一个VPN实例下配置IPv4和IPv6 地址簇,允许VPN内IPv4和IPv6地址接入。
PE1配置:
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:100 both evpn
ipv6-family
route-distinguisher 100:1
vpn-target 100:100 both evpn
#
int ether 3/0/2
ip binding vpn-instance vpn1
ip add 172.10.1.1 24
ipv6 enable
ipv6 add 172:10:1::1 64
#
PE4配置:
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:2
vpn-target 100:100 both evpn
ipv6-family
route-distinguisher 100:2
vpn-target 100:100 both evpn
#
int ether 3/0/0
ip binding vpn-instance vpn1
ip add 172.20.1.1 24
ipv6 enable
ipv6 add 172:20:1::1 64
#
检查命令:
display ip vpn-instance verbose
4.4 BGP基础配置
P2、P3配置为RR,设置RR Cluster ID 100。
采用Peer Group的配置形式。
PE1配置,PE4类似:
#
bgp 100
router-id 192.168.1.1
undo default ipv4-unicast
group RR internal
peer RR connect-interface LoopBack0
peer 2001:2::1 as-number 100
peer 2001:2::1 group RR
peer 2001:3::1 as-number 100
peer 2001:3::1 group RR
#
l2vpn-family evpn
policy vpn-target
peer RR enable
peer 2001:2::1 enable
peer 2001:2::1 group RR
peer 2001:3::1 enable
peer 2001:3::1 group RR
#
ipv4-family vpn-instance vpn1
#将vpn端口直连路由引入为bgp vpnv4路由
import-route direct
#将vpnv4路由转为evpn type 5路由发布给evpn邻居
advertise l2vpn evpn
#
ipv6-family vpn-instance vpn1
import-route direct
advertise l2vpn evpn
P2(RR)配置,P3(RR)类似:
#
bgp 100
router-id 192.168.2.1
undo default ipv4-unicast
group PE internal
peer PE connect-interface LoopBack0
peer 2001:1::1 as-number 100
peer 2001:1::1 group PE
peer 2001:4::1 as-number 100
peer 2001:4::1 group PE
#
l2vpn-family evpn
reflector cluster-id 100
undo policy vpn-target
peer PE enable
peer PE reflect-client
peer 2001:1::1 enable
peer 2001:1::1 group PE
peer 2001:4::1 enable
peer 2001:4::1 group PE
#
检查命令:
display bgp evpn peer
4.5 SRv6基础配置
4.5.1 配置SRv6 SID
配置SRv6 SID,在PE上配置EVPN Type5路由携带的End.DT4/End.DT6 SID。
PE1配置:
#
segment-routing ipv6
encapsulation source-address 2001:1::1
locator PE1 ipv6-prefix 3001:1:: 80 static 15 args 16
opcode ::10 end psp
opcode ::12 end-x interface ether 3/0/0 nexthop 2001:12::2 psp
opcode ::13 end-x interface ether 3/0/1 nexthop 2001:13::3 psp
opcode ::4001 end-dt4 vpn-instance vpn1 evpn
opcode ::6001 end-dt6 vpn-instance vpn1 evpn
opcode ::7001 end-op
#配置SRv6 TE Policy关联Segment Routing IPv6下的一个Locator,
#并在关联Locator范围内指定SRv6 TE Policy的Binding SID
srv6-te-policy locator PE1
#使能所有SRv6 TE Policy故障感知功能
srv6-te-policy path verification enable
#
P2配置:
#
segment-routing ipv6
encapsulation source-address 2001:2::1
locator P2 ipv6-prefix 3001:2:: 80 static 15 args 16
opcode ::10 end psp
opcode ::21 end-x interface ether 3/0/1 nexthop 2001:12::1 psp
opcode ::23 end-x interface ether 3/0/0 nexthop 2001:23::3 psp
opcode ::24 end-x interface ether 3/0/2 nexthop 2001:24::4 psp
opcode ::7001 end-op
srv6-te-policy locator P2
#
P3配置:
#
segment-routing ipv6
encapsulation source-address 2001:3::1
locator P3 ipv6-prefix 3001:3:: 80 static 15 args 16
opcode ::10 end psp
opcode ::31 end-x interface ether 3/0/1 nexthop 2001:13::1 psp
opcode ::32 end-x interface ether 3/0/0 nexthop 2001:23::2 psp
opcode ::34 end-x interface ether 3/0/3 nexthop 2001:34::4 psp
opcode ::7001 end-op
srv6-te-policy locator P3
#
PE4配置:
#
segment-routing ipv6
encapsulation source-address 2001:4::1
locator PE4 ipv6-prefix 3001:4:: 80 static 15 args 16
opcode ::10 end psp
opcode ::42 end-x interface ether 3/0/2 nexthop 2001:24::2 psp
opcode ::43 end-x interface ether 3/0/3 nexthop 2001:34::3 psp
opcode ::4001 end-dt4 vpn-instance vpn1 evpn
opcode ::6001 end-dt6 vpn-instance vpn1 evpn
opcode ::7001 end-op
srv6-te-policy locator PE4
srv6-te-policy path verification enable
#
检查命令:
display segment-routing ipv6 locator verbose
display segment-routing ipv6 local-sid forwarding
display segment-routing ipv6 local-sid end forwarding
(ProtocolType: STATIC就是这里分配的)4.5.2 配置ISIS发送SID
ISIS通过LSP(TLV)发布Locator路由和SID信息。
segment-routing ipv6 locator PE1命令解释:
配置locator-name参数后,IS-IS支持从配置的locator-name下引入静态的End和End.X SID。另外IS-IS支持End和End.X SID动态分配能力。如果配置auto-sid-disable参数,表示取消动态End和End.X SID分配,完全从指定的Locator下引入静态的End和End.X SID属性。
PE1配置,其他类似,注意locator name不同:
isis 100
segment-routing ipv6 locator PE1
检查命令:
display segment-routing ipv6 local-sid end forwarding
(ProtocolType: ISIS就是ISIS分配的)
dis isis lsdb is-name PE1 verbose
(查看ISIS LSP SID发布)
4.5.3 配置私网路由(即vpn路由)发送和迭代属性
使能私网路由上送EVPN协议时携带SID属性功能,通过bgp向远端PE发送end.dt4和end.dt6 sid。
segment-routing ipv6 locator PE1 evpn命令解释:
在EVPN L3VPN场景中,如果用户希望使用SRv6隧道承载业务流量,则需要配置segment-routing ipv6 locator evpn命令为将要发送的EVPN路由添加SID属性。对端BGP EVPN邻居在收到EVPN路由后,可以根据路由中的SID迭代SRv6隧道,从而生成转发表项。
segment-routing ipv6 traffic-engineer best-effort evpn命令解释:
vpn流量迭代到SRv6 TE Policy隧道,SRv6 TE Policy隧道故障时业务可以使用SRv6 BE隧道作为逃生路径。
PE1配置,PE4类似:
#
bgp 100
#
ipv4-family vpn-instance vpn1
segment-routing ipv6 locator PE1 evpn
segment-routing ipv6 traffic-engineer best-effort evpn
#
ipv6-family vpn-instance vpn1
segment-routing ipv6 locator PE1 evpn
segment-routing ipv6 traffic-engineer best-effort evpn
#
检查命令:
dis bgp evpn all routing-table prefix-route 0:172.20.1.0:24
4.5.4 配置BGP EVPN发送SRv6封装的EVPN路由
配置向EVPN邻居发布SRv6封装的EVPN路由。
peer RR advertise encap-type srv6命令解释:
缺省情况下,BGP EVPN邻居之间仅会相互发布MPLS封装的EVPN路由。但是在EVPN over SRv6场景中,BGP EVPN邻居之间需要发布SRv6封装的EVPN路由,此时需要配置peer advertise encap-type srv6命令。
PE1配置,PE4类似:
#
bgp 100
#
l2vpn-family evpn
peer RR advertise encap-type srv6
#
P2配置,P3类似:
#
bgp 100
#
l2vpn-family evpn
peer PE advertise encap-type srv6
#
检查命令:
可以Wireshark抓取PE4发给RR的bgp update报文,查看bgp update里的evpn相关信息。
五、配置结果验证
5.1 检查ISIS邻居关系是否建立
以PE1为例:
[PE1]dis isis peer
Peer information for ISIS(100)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
P2* Eth3/0/0 0000000006 Up 26s L2 --
P3* Eth3/0/1 0000000006 Up 22s L2 --
Total Peer(s): 2
[PE1]5.2 检查BGP EVPN邻居关系是否建立
以PE1为例:
[PE1]dis bgp evpn peer
BGP local router ID : 192.168.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001:2::1 4 100 322 318 0 04:32:44 Established 2
2001:3::1 4 100 321 320 0 04:33:46 Established 2
[PE1]5.3 检查SRv6 本地Locator和SID信息
以PE1为例,其中:
- 静态SID由配置生成
- 动态end和end.x SID由ISIS协议动态生成,可以配置auto-sid-disable关闭。
[PE1]display segment-routing ipv6 locator verbose
Locator Configuration Table
---------------------------
LocatorName : PE1 LocatorID : 1
IPv6Prefix : 3001:1:: PrefixLength : 80
Block : -- BlockLength : 0
NodeID : -- NodeIdLength : 0
ComprStaticLen: 0 StaticLength : 15
ArgsLength : 16 Reference : 3
Algorithm : 0 ComprDynLength: 0
AutoCSIDPoolID: 0
AutoCSIDBegin : --
AutoCSIDEnd : --
StaticCSIDBegin: --
StaticCSIDEnd : --
AutoSIDPoolID : 8193 DynLength : 17
AutoSIDBegin : 3001:1::8000:0
AutoSIDEnd : 3001:1::FFFF:FFFF:0
StaticSIDBegin: 3001:1::1:0
StaticSIDEnd : 3001:1::7FFF:0
GIB:LIB : --
Total Locator(s): 1
[PE1]
[PE1]dis segment-routing ipv6 local-sid forwarding
My Local-SID Forwarding Table
-------------------------------------
SID : 3001:1::10:0/128 FuncType : End
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::12:0/128 FuncType : End.X
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::13:0/128 FuncType : End.X
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::4001:0/128 FuncType : End.DT4
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::6001:0/128 FuncType : End.DT6
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::7001:0/128 FuncType : End.OP
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::8003:0/128 FuncType : End
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::8004:0/128 FuncType : End
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::8005:0/128 FuncType : End.X
LocatorName: PE1 LocatorID: 1
SidCompress: NO
SID : 3001:1::8006:0/128 FuncType : End.X
LocatorName: PE1 LocatorID: 1
SidCompress: NO
Total SID(s): 10
[PE1]
[PE1]dis segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 3001:1::10:0/128 FuncType : End
Flavor : PSP SidCompress : NO
LocatorName : PE1 LocatorID : 1
ProtocolType: STATIC ProcessID : --
UpdateTime : 2023-09-19 01:33:05.136
SID : 3001:1::8003:0/128 FuncType : End
Flavor : NO-FLAVOR SidCompress : NO
LocatorName : PE1 LocatorID : 1
ProtocolType: ISIS ProcessID : 100
UpdateTime : 2023-09-19 06:17:13.116
SID : 3001:1::8004:0/128 FuncType : End
Flavor : PSP USP USD SidCompress : NO
LocatorName : PE1 LocatorID : 1
ProtocolType: ISIS ProcessID : 100
UpdateTime : 2023-09-19 06:17:13.116
Total SID(s): 3
[PE1]
[PE1]5.4 检查ISIS通过LSP发送的SID信息
ISIS通过LSP(TLV)会发送locator,end,end.x等信息,可以检查ISIS LSDB查看相关信息。
[PE1]dis isis lsdb
Database information for ISIS(100)
-----------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum HoldTime Length ATT/P/OL
-------------------------------------------------------------------------------
PE1.00-00* 0x0000001d 0x6025 914 484 0/0/0
P2.00-00 0x0000001c 0xc674 1036 595 0/0/0
P3.00-00 0x00000020 0xebea 918 595 0/0/0
PE4.00-00 0x0000001f 0xa568 928 484 0/0/0
Total LSP(s): 4
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[PE1]dis isis lsdb is-name PE1 verbose
Database information for ISIS(100)
-----------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum HoldTime Length ATT/P/OL
-----------------------------------------------------------------------------
1921.6800.1001.00-00* 0x0000001d 0x6025 851 484 0/0/0
SOURCE PE1.00
HOST NAME PE1
NLPID IPV4
NLPID IPV6
AREA ADDR 49.0001
INTF ADDR 192.168.1.1
INTF ADDR 192.168.12.1
INTF ADDR 192.168.13.1
INTF ADDR V6 2001:1::1
INTF ADDR V6 2001:12::1
INTF ADDR V6 2001:13::1
Topology Standard, IPV6
+NBR ID P3.00 COST: 10
+NBR ID P2.00 COST: 10
+MT NBR ID P3.00 COST: 10 MT: 2 (IPV6) <---发送end.x
P2P-SRv6-X-Sid 3001:1::8005:0 B: 0 S: 0 P: 0 C: 0 Algorithm: 0 Weight: 0
Function: End.X Flavor: NO-FLAVOR
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
P2P-SRv6-X-Sid 3001:1::13:0 B: 0 S: 0 P: 1 C: 0 Algorithm: 0 Weight: 0
Function: End.X Flavor: PSP
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
+MT NBR ID P2.00 COST: 10 MT: 2 (IPV6)
P2P-SRv6-X-Sid 3001:1::8006:0 B: 0 S: 0 P: 0 C: 0 Algorithm: 0 Weight: 0
Function: End.X Flavor: NO-FLAVOR
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
P2P-SRv6-X-Sid 3001:1::12:0 B: 0 S: 0 P: 1 C: 0 Algorithm: 0 Weight: 0
Function: End.X Flavor: PSP
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
+IP-Extended 192.168.1.1 255.255.255.255 COST: 0
+IP-Extended 192.168.12.0 255.255.255.0 COST: 10
+IP-Extended 192.168.13.0 255.255.255.0 COST: 10
IPV6 2001:1::1/128 COST: 0 MT: 2
IPV6 3001:1::/80 COST: 0 MT: 2 <--- locator路由
IPV6 2001:12::/64 COST: 10 MT: 2
IPV6 2001:13::/64 COST: 10 MT: 2
Router Cap 192.168.1.1 D: 0 S: 0
Segment Routing IPv6 Cap O: 0 C: 0
Segment Routing MSD Max-SL: 10 Max-End-Pop: 11 Max-H-Ins: 10 Max-H-Encap: 10 Max-End-D: 11
Segment Routing IPv6 Router ID 2001:1::1
SRv6 Locator 3001:1::/80 MT: 2 Metric: 0 D: 0 Algorithm: 0 <--- 发送end
SRv6 End Sid 3001:1::10:0 C: 0
Function: End Flavor: PSP
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
SRv6 End Sid 3001:1::8003:0 C: 0
Function: End Flavor: NO-FLAVOR
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
SRv6 End Sid 3001:1::8004:0 C: 0
Function: End Flavor: PSP USP USD
Block-Len: -- NodeID-Len: -- Func-Len: -- Args-Len: --
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
[PE1]5.5 检查vpn路由在以evpn路由方式发送时携带的相关end.dt4或者end.dt6信息
在PE4检查172.20.1.0/24以及172:20:1::/64两条ipv4/ipv6 vpn路由对应的end.dt4, end.dt6信息:
[PE4]dis bgp evpn all routing-table
Local AS number : 100
BGP Local router ID is 192.168.4.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Ip Prefix Routes: 6
Route Distinguisher: 100:1
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:172.10.1.0:24 2001:1::1
* i 2001:1::1
*>i 0:[172:10:1::]:64 2001:1::1
* i 2001:1::1
Route Distinguisher: 100:2
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*> 0:172.20.1.0:24 0.0.0.0
*> 0:[172:20:1::]:64 ::
[PE4]
[PE4]dis bgp evpn all routing-table prefix-route 0:172.20.1.0:24
BGP local router ID : 192.168.4.1
Local AS number : 100
Total routes of Route Distinguisher(100:2): 1
BGP routing table entry information of 0:172.20.1.0:24: <--- vpnv4 route
Imported route.
From: 0.0.0.0 (0.0.0.0)
Route Duration: 0d05h05m08s
Direct Out-interface: Ethernet3/0/0
Original nexthop: 172.20.1.1
Qos information : 0x0
Ext-Community: RT <100 : 100>
Prefix-sid: 3001:4::4001:0, Endpoint Behavior: 19 <--- end.dt4
AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select, pre 255
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IP Prefix/Len: 172.20.1.0/24, ESI: 0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
Advertised to such 2 peers:
2001:3::1
2001:2::1
[PE4]dis bgp evpn all routing-table prefix-route 0:[172:20:1::]:64
BGP local router ID : 192.168.4.1
Local AS number : 100
Total routes of Route Distinguisher(100:2): 1
BGP routing table entry information of 0:[172:20:1::]:64: <--- vpnv6 route
Imported route.
From: :: (0.0.0.0)
Route Duration: 0d05h05m01s
Direct Out-interface: Ethernet3/0/0
Original nexthop: 172:20:1::1
Qos information : 0x0
Ext-Community: RT <100 : 100>
Prefix-sid: 3001:4::6001:0, Endpoint Behavior: 18 <--- end.dt6
AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select, pre 255
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IPv6 Prefix/Len: 172:20:1::/64, ESI: 0000.0000.0000.0000.0000, GW IPv6 Address: ::
Advertised to such 2 peers:
2001:3::1
2001:2::1
[PE4]5.6 检查bgp evpn发送SRv6封装的evpn路由
抓取PE4发给RR的bgp update报文,并手工通过wireshark解析:
Frame 22: 394 bytes on wire (3152 bits), 394 bytes captured (3152 bits)
Ethernet II, Src: 38:05:00:11:03:02 (38:05:00:11:03:02), Dst: 38:06:00:11:03:02 (38:06:00:11:03:02)
Internet Protocol Version 6, Src: 2001:4::1, Dst: 2001:2::1
Transmission Control Protocol, Src Port: 58530, Dst Port: 179, Seq: 65, Ack: 413, Len: 320
Border Gateway Protocol - UPDATE Message
Marker: ffffffffffffffffffffffffffffffff
Length: 148
Type: UPDATE Message (2)
Withdrawn Routes Length: 0
Total Path Attribute Length: 125
Path attributes
Path Attribute - ORIGIN: INCOMPLETE
Path Attribute - AS_PATH: empty
Path Attribute - MULTI_EXIT_DISC: 0
Path Attribute - LOCAL_PREF: 100
Path Attribute - EXTENDED_COMMUNITIES
Flags: 0xc0, Optional, Transitive, Complete
Type Code: EXTENDED_COMMUNITIES (16)
Length: 8
Carried extended communities: (1 community)
Route Target: 100:100 [Transitive 2-Octet AS-Specific]
Path Attribute - BGP Prefix-SID
Flags: 0xd0, Optional, Transitive, Extended-Length, Complete
1... .... = Optional: Set
.1.. .... = Transitive: Set
..0. .... = Partial: Not set
...1 .... = Extended-Length: Set
.... 0000 = Unused: 0x0
Type Code: BGP Prefix-SID (40)
Length: 28
SRv6 L3 Service
Type: SRv6 L3 Service (5)
Length: 25
Reserved: 00
SRv6 Service Sub-TLVs
SRv6 Service Sub-TLV - SRv6 SID Information
Type: SRv6 SID Information (1)
Length: 21
Reserved: 00
SRv6 SID Value: 3001:4::4001:0
SRv6 SID Flags: 0x00
SRv6 Endpoint Behavior: End.DT4 (0x0013)
Reserved: 00
SRv6 Service Data Sub-Sub-TLVs
Path Attribute - MP_REACH_NLRI
Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
Type Code: MP_REACH_NLRI (14)
Length: 57
Address family identifier (AFI): Layer-2 VPN (25)
Subsequent address family identifier (SAFI): EVPN (70)
Next hop: 2001:4::1
IPv6 Address: 2001:4::1
Number of Subnetwork points of attachment (SNPA): 0
Network Layer Reachability Information (NLRI)
EVPN NLRI: IP Prefix route
Route Type: IP Prefix route (5)
Length: 34
Route Distinguisher: 0000006400000002 (100:2)
ESI: 00:00:00:00:00:00:00:00:00:00
Ethernet Tag ID: 0
IP prefix length: 24
IPv4 address: 172.20.1.0
IPv4 Gateway address: 0.0.0.0
MPLS Label Stack: 3 (bottom)
MPLS Label: 493 (bottom)
Border Gateway Protocol - UPDATE Message
Marker: ffffffffffffffffffffffffffffffff
Length: 172
Type: UPDATE Message (2)
Withdrawn Routes Length: 0
Total Path Attribute Length: 149
Path attributes
Path Attribute - ORIGIN: INCOMPLETE
Path Attribute - AS_PATH: empty
Path Attribute - MULTI_EXIT_DISC: 0
Path Attribute - LOCAL_PREF: 100
Path Attribute - EXTENDED_COMMUNITIES
Flags: 0xc0, Optional, Transitive, Complete
Type Code: EXTENDED_COMMUNITIES (16)
Length: 8
Carried extended communities: (1 community)
Route Target: 100:100 [Transitive 2-Octet AS-Specific]
Path Attribute - BGP Prefix-SID
Flags: 0xd0, Optional, Transitive, Extended-Length, Complete
Type Code: BGP Prefix-SID (40)
Length: 28
SRv6 L3 Service
Type: SRv6 L3 Service (5)
Length: 25
Reserved: 00
SRv6 Service Sub-TLVs
SRv6 Service Sub-TLV - SRv6 SID Information
Type: SRv6 SID Information (1)
Length: 21
Reserved: 00
SRv6 SID Value: 3001:4::6001:0
SRv6 SID Flags: 0x00
SRv6 Endpoint Behavior: End.DT6 (0x0012)
Reserved: 00
SRv6 Service Data Sub-Sub-TLVs
Path Attribute - MP_REACH_NLRI
Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
Type Code: MP_REACH_NLRI (14)
Length: 81
Address family identifier (AFI): Layer-2 VPN (25)
Subsequent address family identifier (SAFI): EVPN (70)
Next hop: 2001:4::1
IPv6 Address: 2001:4::1
Number of Subnetwork points of attachment (SNPA): 0
Network Layer Reachability Information (NLRI)
EVPN NLRI: IP Prefix route
Route Type: IP Prefix route (5)
Length: 58
Route Distinguisher: 0000006400000002 (100:2)
ESI: 00:00:00:00:00:00:00:00:00:00
Ethernet Tag ID: 0
IP prefix length: 64
IPv6 address: 172:20:1::
IPv6 Gateway address: ::
MPLS Label Stack: 3 (bottom)
MPLS Label: 493 (bottom)
六、SRv6 BE测试
6.1 测试拓扑
6.2 测试说明
前面的配置完成后,由于还没有进行SRv6 TE Policy配置,此时CE1 ping CE2的流量将迭代到SRv6 BE。
6.3 测试步骤
6.3.1 检查VPN路由
PE1检查vpn路由172.20.1.0/24和172:20:1::0/64已经迭代到SRv6 BE,并且直接以end.dt4/end.dt6为下一跳地址。
[PE1]dis ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
172.10.1.0/24 Direct 0 0 D 172.10.1.1 Ethernet3/0/2
172.10.1.1/32 Direct 0 0 D 127.0.0.1 Ethernet3/0/2
172.10.1.255/32 Direct 0 0 D 127.0.0.1 Ethernet3/0/2
172.20.1.0/24 IBGP 255 0 RD 3001:4::4001:0 SRv6 BE
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1]
[PE1]dis ipv6 routing-table vpn-instance vpn1
Routing Table : vpn1
Destinations : 4 Routes : 4
Destination : 172:10:1:: PrefixLength : 64
NextHop : 172:10:1::1 Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : Ethernet3/0/2 Flags : D
Destination : 172:10:1::1 PrefixLength : 128
NextHop : ::1 Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : Ethernet3/0/2 Flags : D
Destination : 172:20:1:: PrefixLength : 64
NextHop : 3001:4::6001:0 Preference : 255
Cost : 0 Protocol : IBGP
RelayNextHop : 3001:4::6001:0 TunnelID : 0x0
Interface : SRv6 BE Flags : RD
Destination : FE80:: PrefixLength : 10
NextHop : :: Preference : 0
Cost : 0 Protocol : Direct
RelayNextHop : :: TunnelID : 0x0
Interface : NULL0 Flags : DB
[PE1]6.3.2 Ping测试
从CE1 ping CE2。
Welcome to use PC Simulators!
PC>
PC> ping 172.20.1.10
PING 172.20.1.10 (172.20.1.10) 56(84) bytes of data.
64 bytes from 172.20.1.10: icmp_seq=1 ttl=62 time=86.5 ms
64 bytes from 172.20.1.10: icmp_seq=2 ttl=62 time=93.2 ms
64 bytes from 172.20.1.10: icmp_seq=3 ttl=62 time=83.9 ms
64 bytes from 172.20.1.10: icmp_seq=4 ttl=62 time=75.3 ms
64 bytes from 172.20.1.10: icmp_seq=5 ttl=62 time=102 ms
^C
--- 172.20.1.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 75.325/88.263/102.382/9.085 ms
PC> ping 172:20:1::10
PING 172:20:1::10(172:20:1::10) 56 data bytes
64 bytes from 172:20:1::10: icmp_seq=1 ttl=62 time=123 ms
64 bytes from 172:20:1::10: icmp_seq=2 ttl=62 time=66.6 ms
64 bytes from 172:20:1::10: icmp_seq=3 ttl=62 time=147 ms
64 bytes from 172:20:1::10: icmp_seq=4 ttl=62 time=90.6 ms
^C
--- 172:20:1::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3019ms
rtt min/avg/max/mdev = 66.587/106.560/146.528/30.443 ms
PC> 6.3.3 检查SRv6 BE封装格式
CE1 ping CE2时,在PE1,抓取PE1和P1、P2连接的端口报文,并手工通过wireshark解析。
这里以CE1 ping CE2地址172.20.1.10进行抓包。
Frame 1: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: 38:05:00:11:03:00 (38:05:00:11:03:00), Dst: 38:07:00:11:03:01 (38:07:00:11:03:01)
Internet Protocol Version 6, Src: 2001:1::1, Dst: 3001:4::4001:0
0110 .... = Version: 6
.... 1111 1111 .... .... .... .... .... = Traffic Class: 0xff (DSCP: Unknown, ECN: CE)
.... 0000 0000 0000 0000 0001 = Flow Label: 0x00001
Payload Length: 84
Next Header: IPIP (4)
Hop Limit: 254
Source Address: 2001:1::1
Destination Address: 3001:4::4001:0 <---end.dt4地址作为目的地址
Internet Protocol Version 4, Src: 172.10.1.10, Dst: 172.20.1.10
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 84
Identification: 0x0cbe (3262)
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 63
Protocol: ICMP (1)
Header Checksum: 0xd4b8 [validation disabled]
[Header checksum status: Unverified]
Source Address: 172.10.1.10
Destination Address: 172.20.1.10
Internet Control Message Protocol
(后续part2 srv6 te policy测试,part3 srv6 te flow group测试)
扫一扫
2892
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
