SRv6 BE (Vpnv4)
目的:在NE1和NE4之间跑SRv6,用ipv6路由建立vpnv4邻居关系,打通lo1 11.11.11.11-44.44.44.44
配置思路:
1 通过OSPFv3或者ISISforIPv6打通IGP路由(省略)
2 配置SRv6的转发路径,封装源ip、SID的节点路由段、opcodeid和动作
3 在ospfv3/ISIS里面宣告节点路由段locator
4 建立BGP vpnv4路由邻居,绑定实例并且引入 ——记得指定router-id,用v6建立vpnv4邻居不会自动指定,需要手动
5 在bgp vpnv4里面打开分配sid能力,在vpn实例里面指定转发方式和调用节点路由段
只需在NE1和NE4上进行配置,以1为例
NE1:
#
segment-routing ipv6
encapsulation source-interface LoopBack0 -封装源接口地址
locator hcie ipv6-prefix A100:: 96 static 16 -配置SID的节点路由段 注:设备之间不能一直
opcode ::1 end no-flavor -配置opcode id和动作 注:id不能一致
#
ospfv3 100
segment-routing ipv6 locator hcie
#
ip vpn-instance vrf1 -创建实例
ipv4-family
route-distinguisher 100:1
apply-label per-instance
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
interface LoopBack1 -绑定实例
ip binding vpn-instance vrf1
ip address 11.11.11.11 255.255.255.255
#
bgp 100
router-id 1.1.1.1
private-4-byte-as enable
peer 4444::44 as-number 100
peer 4444::44 connect-interface LoopBack0
#
ipv4-family vpnv4
policy vpn-target
peer 4444::44 enable
peer 4444::44 prefix-sid -打开能够分配sid的能力
#
ipv4-family vpn-instance vrf1
import-route direct
segment-routing ipv6 locator hcie -用locator hcie来分配end dt4的标签
segment-routing ipv6 best-effort -数据转发方式为BE
验证:
查看分配sid前缀
查看srv6 end转发表
查看vpnv4路由是否有效
ping验证
抓包报文:
内层是ipv4,外层是srv6封装的ipv6标签
SRv6 BE (Evpn)
目的:在NE1-NE4之间建立跑srv6,用ipv6路由建立evpn邻居关系,打通lo1 11.11.11.11-44.44.44.44
1: 通过OSPFv3或者ISISforIPv6打通IGP路由(省略)
2: 配置SRv6的转发路径,封装源ip、SID的节点路由段、opcodeid和动作 (整个拓扑需要全配置)
3: 在ospfv3/ISIS里面宣告节点路由段locator
4: 建立BGP evpn路由邻居,绑定实例并且引入 ——记得指定router-id,用v6建立vpnv4邻居不会自动指定,需要手动
5: 在bgp evpn里面打开分配sid能力,在vpn实例里面指定转发方式和调用节点路由段
以1为例,NE1:
#
segment-routing ipv6
encapsulation source-interface LoopBack0
locator hcie ipv6-prefix A100:: 96 static 16
opcode ::1 end psp
#
ospfv3 100
segment-routing ipv6 locator hcie
#
ip vpn-instance vrf1
ipv4-family
route-distinguisher 100:1
apply-label per-instance
vpn-target 100:1 export-extcommunity evpn
vpn-target 100:1 import-extcommunity evpn
#
interface LoopBack1 -绑定实例
ip binding vpn-instance vrf1
ip address 11.11.11.11 255.255.255.255
#
bgp 100
router-id 1.1.1.1
private-4-byte-as enable
peer 4444::44 as-number 100
peer 4444::44 connect-interface LoopBack0
#
ipv4-family vpn-instance vrf1
import-route direct
advertise l2vpn evpn
segment-routing ipv6 locator hcie evpn
segment-routing ipv6 traffic-engineer best-effort evpn
#
l2vpn-family evpn
policy vpn-target
peer 4444::44 enable
peer 4444::44 advertise encap-type srv6
验证
查看分配sid前缀
查看bgp evpn邻居状态
查看bgp evpn路由
ping命令验证并抓包查看
SRv6 Policy
1: SRv6 BE
注:以上为SRv6-BE的配置,上页已有,不再阐述
2:手工配置Segment V6列表,NE3用的接口sid
3:在本端配置route-policy 打上扩展团体属性color,在bgp l2vpn里面引入
4:配置Polciy尾端地址和颜色,优先级,调用Segment列表
5:配置隧道策略,优先走Policy,类型为1
6:在vpn实例里面调用策略
扩展:如果不配置扩展属性、,可以在vpn-instance下面配置default
NE1:
#
srv6-te-policy locator hcie -设置policy使用locator
segment-list hcie -配置列表
index 10 sid ipv6 A200::1
index 20 sid ipv6 A500::1
index 30 sid ipv6 A600::1
index 40 sid ipv6 A300::10 -用的接口sid
index 50 sid ipv6 A400::1
srv6-te policy hcie endpoint 4444::44 color 100 -配置policy 目的地和颜色属性
candidate-path preference 100
segment-list hcie -调用列表
#
tunnel-policy p1 -配置隧道策略
tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
#
ip vpn-instance vrf1
tnl-policy p1 evpn -调用策略在evpn
#
route-policy color permit node 10
apply extcommunity color 0:100
#
bgp 100
l2vpn-family evpn
peer 4444::44 route-policy color import
扩展:
#
ip vpn-instance vrf1
ipv4-family
default-color 100 evpn
NE3:
#
segment-routing ipv6
opcode ::10 end-x interface Ethernet3/0/3 nexthop 2034::4 psp-usp-usd -手动生成end-x 接口sid
验证:
查看policy的状态
查看vrf1的路由表,出接口为policy (hcie)
Ping 命令测试,并且抓包查看
注:列表自下而上