组网需求
如图1所示:PE1、P和PE2属于同一自治系统,要求它们之间通过IS-IS协议达到IPv6网络互连的目的。在PE1和PE2之间通过建立双向SRv6 TE Policy承载EVPN专线业务。
图1 配置EVPN VPWS over SRv6 TE Policy组网图
配置思路
- 使能PE1、P和PE2各接口的IPv6转发能力,配置各接口的IPv6地址。
- 在PE1、P和PE2上使能IS-IS,配置Level级别,指定网络实体。
- 在PE设备上配置EVPN VPWS实例、EVPL实例并将EVPL实例绑定到接入侧子接口。
- 在PE设备之间建立BGP EVPN对等体关系。
- 在PE1、P和PE2上配置SRv6 SID,配置IS-IS的SRv6能力。同时在PE1和PE2上配置VPN私网路由携带SID属性。
- 在PE1和PE2上配置SRv6 TE Policy。
- 在PE1和PE2上配置隧道策略,引入私网流量。
操作步骤
1.使能各接口的IPv6转发能力,配置各接口的IPv6地址
# 配置PE1。P和PE2设备的配置过程与PE1类似,不再赘述,详情可参考配置文件。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface gigabitethernet 1/0/0
[~PE1-GigabitEthernet1/0/0] ipv6 enable
[*PE1-GigabitEthernet1/0/0] ipv6 address 2001:DB8:10::1 64
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface LoopBack 1
[*PE1-LoopBack1] ip address 1.1.1.1 32
[*PE1-LoopBack1] ipv6 enable
[*PE1-LoopBack1] ipv6 address 2001:DB8:1::1 128
[*PE1-LoopBack1] quit
[*PE1] commit由于需要为EVPN源地址准备IPv4地址,因此这里Loopback接口还需配置IPv4地址。
2.配置IS-IS
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] ipv6 enable topology ipv6
[*PE1-isis-1] quit
[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface loopback1
[*PE1-LoopBack1] isis ipv6 enable 1
[*PE1-LoopBack1] quit
[*PE1] commit# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-1
[*P-isis-1] cost-style wide
[*P-isis-1] network-entity 10.0000.0000.0002.00
[*P-isis-1] ipv6 enable topology ipv6
[*P-isis-1] quit
[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] isis ipv6 enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] isis ipv6 enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] interface loopback1
[*P-LoopBack1] isis ipv6 enable 1
[*P-LoopBack1] quit
[*P] commit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] ipv6 enable topology ipv6
[*PE2-isis-1] quit
[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] isis ipv6 enable 1
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface loopback1
[*PE2-LoopBack1] isis ipv6 enable 1
[*PE2-LoopBack1] quit
[*PE2] commit配置完成后,可按如下指导检查IS-IS是否配置成功。
# 显示IS-IS邻居信息。以PE1为例。
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
0000.0000.0002* GE1/0/0 0000.0000.0002.01 Up 8s L1 64
Total Peer(s): 13.在PE设备上配置EVPN实例、EVPL实例并将EVPL实例绑定到接入侧子接口,同时在CE设备上配置VLAN
# 配置PE1。
[~PE1] evpn source-address 1.1.1.1
[*PE1] evpn vpn-instance evrf1 vpws
[*PE1-vpws-evpn-instance-evrf1] route-distinguisher 100:1
[*PE1-vpws-evpn-instance-evrf1] vpn-target 1:1
[*PE1-vpws-evpn-instance-evrf1] quit
[*PE1] evpl instance 1
[*PE1-evpl1] evpn binding vpn-instance evrf1
[*PE1-evpl1] local-service-id 100 remote-service-id 200
[*PE1-evpl1] quit
[*PE1] interface gigabitethernet 2/0/0.1 mode l2
[*PE1-GigabitEthernet 2/0/0.1] encapsulation dot1q vid 1
[*PE1-GigabitEthernet 2/0/0.1] evpl instance 1
[*PE1-GigabitEthernet 2/0/0.1] quit
[*PE1] commit# 配置PE2。
[~PE2] evpn source-address 3.3.3.3
[*PE2] evpn vpn-instance evrf1 vpws
[*PE2-vpws-evpn-instance-evrf1] route-distinguisher 200:1
[*PE2-vpws-evpn-instance-evrf1] vpn-target 1:1
[*PE2-vpws-evpn-instance-evrf1] quit
[*PE2] evpl instance 1
[*PE2-evpl1] evpn binding vpn-instance evrf1
[*PE2-evpl1] local-service-id 200 remote-service-id 100
[*PE2-evpl1] quit
[*PE2] interface gigabitethernet 2/0/0.1 mode l2
[*PE2-GigabitEthernet 2/0/0.1] encapsulation dot1q vid 1
[*PE2-GigabitEthernet 2/0/0.1] evpl instance 1
[*PE2-GigabitEthernet 2/0/0.1] quit
[*PE2] commit# 配置CE1。
<CE1> system-view
[~CE1] vlan 1
[*CE1-vlan1] quit
[*CE1] interface gigabitethernet 1/0/0
[*CE1-GigabitEthernet1/0/0] portswitch
[*CE1-GigabitEthernet1/0/0] undo shutdown
[*CE1-GigabitEthernet1/0/0] port link-type access
[*CE1-GigabitEthernet1/0/0] port default vlan 1
[*CE1-GigabitEthernet1/0/0] commit
[~CE1-GigabitEthernet1/0/0] quit# 配置CE2。
<CE2> system-view
[~CE2] vlan 1
[*CE2-vlan1] quit
[*CE2] interface gigabitethernet 1/0/0
[*CE2-GigabitEthernet1/0/0] portswitch
[*CE2-GigabitEthernet1/0/0] undo shutdown
[*CE2-GigabitEthernet1/0/0] port link-type access
[*CE2-GigabitEthernet1/0/0] port default vlan 1
[*CE2-GigabitEthernet1/0/0] commit
[~CE2-GigabitEthernet1/0/0] quit4.在PE设备之间建立BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] router-id 1.1.1.1
[*PE1-bgp] peer 2001:DB8:3::3 as-number 100
[*PE1-bgp] peer 2001:DB8:3::3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] router-id 3.3.3.3
[*PE2-bgp] peer 2001:DB8:1::1 as-number 100
[*PE2-bgp] peer 2001:DB8:1::1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit配置完成后,在PE设备上执行display bgp evpn peer命令,可以看到PE之间的BGP EVPN对等体关系已建立,并达到Established状态。
以PE1的显示为例:
[~PE1] display bgp evpn peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001:DB8:3::3 4 100 40 40 0 00:30:41 Established 25.配置SRv6 SID,同时在PE上配置VPN私网路由携带SID属性
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] encapsulation source-address 2001:DB8:1::1
[*PE1-segment-routing-ipv6] locator PE1 ipv6-prefix 2001:DB8:100:: 64 static 32
[*PE1-segment-routing-ipv6-locator] opcode ::10 end psp
[*PE1-segment-routing-ipv6-locator] quit
[*PE1-segment-routing-ipv6] quit
[*PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 advertise encap-type srv6
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] evpl instance 1
[*PE1-evpl1] segment-routing ipv6 locator PE1
[*PE1-evpl1] quit
[*PE1] evpn vpn-instance evrf1 vpws
[*PE1-vpws-evpn-instance-evrf1] segment-routing ipv6 traffic-engineer best-effort
[*PE1-vpws-evpn-instance-evrf1] quit
[*PE1] commit
[~PE1] isis 1
[~PE1-isis-1] segment-routing ipv6 locator PE1 auto-sid-disable
[*PE1-isis-1] commit
[~PE1-isis-1] quit# 配置P。
[~P] segment-routing ipv6
[*P-segment-routing-ipv6] encapsulation source-address 2001:DB8:2::2
[*P-segment-routing-ipv6] locator P ipv6-prefix 2001:DB8:120:: 64 static 32
[*P-segment-routing-ipv6-locator] opcode ::20 end psp
[*P-segment-routing-ipv6-locator] quit
[*P-segment-routing-ipv6] quit
[~P] isis 1
[~P-isis-1] segment-routing ipv6 locator P auto-sid-disable
[*P-isis-1] commit
[~P-isis-1] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] encapsulation source-address 2001:DB8:3::3
[*PE2-segment-routing-ipv6] locator PE2 ipv6-prefix 2001:DB8:130:: 64 static 32
[*PE2-segment-routing-ipv6-locator] opcode ::30 end psp
[*PE2-segment-routing-ipv6-locator] quit
[*PE2-segment-routing-ipv6] quit
[*PE2] bgp 100
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 advertise encap-type srv6
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] evpl instance 1
[*PE2-evpl1] segment-routing ipv6 locator PE2
[*PE2-evpl1] quit
[*PE2] evpn vpn-instance evrf1 vpws
[*PE2-vpws-evpn-instance-evrf1] segment-routing ipv6 traffic-engineer best-effort
[*PE2-vpws-evpn-instance-evrf1] quit
[*PE2] commit
[~PE2] isis 1
[~PE2-isis-1] segment-routing ipv6 locator PE2 auto-sid-disable
[*PE2-isis-1] commit
[~PE2-isis-1] quit执行命令display segment-routing ipv6 local-sid end forwarding查看SRv6的Local SID表信息。
[~PE1] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:100::10/128 FuncType : End
Flavor : PSP
LocatorName : PE1 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:46:05.713
Total SID(s): 1
[~PE2] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:130::30/128 FuncType : End
Flavor : PSP
LocatorName : PE2 LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:47:26.426
Total SID(s): 1
[~P] display segment-routing ipv6 local-sid end forwarding
My Local-SID End Forwarding Table
---------------------------------
SID : 2001:DB8:120::20/128 FuncType : End
Flavor : PSP
LocatorName : P LocatorID: 1
ProtocolType: STATIC ProcessID: --
UpdateTime : 2021-08-30 01:49:44.292
Total SID(s): 16.配置SRv6 TE Policy
# 配置PE1。
[~PE1] segment-routing ipv6
[*PE1-segment-routing-ipv6] segment-list list1
[*PE1-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:120::20
[*PE1-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:130::30
[*PE1-segment-routing-ipv6-segment-list-list1] commit
[~PE1-segment-routing-ipv6-segment-list-list1] quit
[~PE1-segment-routing-ipv6] srv6-te-policy locator PE1
[*PE1-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:3::3 color 101
[*PE1-segment-routing-ipv6-policy-policy1] binding-sid 2001:DB8:100::450
[*PE1-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE1-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE1-segment-routing-ipv6-policy-policy1-path] commit
[~PE1-segment-routing-ipv6-policy-policy1-path] quit
[~PE1-segment-routing-ipv6-policy-policy1] quit
[~PE1-segment-routing-ipv6] quit# 配置PE2。
[~PE2] segment-routing ipv6
[*PE2-segment-routing-ipv6] segment-list list1
[*PE2-segment-routing-ipv6-segment-list-list1] index 5 sid ipv6 2001:DB8:120::20
[*PE2-segment-routing-ipv6-segment-list-list1] index 10 sid ipv6 2001:DB8:100::10
[*PE2-segment-routing-ipv6-segment-list-list1] commit
[~PE2-segment-routing-ipv6-segment-list-list1] quit
[~PE2-segment-routing-ipv6] srv6-te-policy locator PE2
[*PE2-segment-routing-ipv6] srv6-te policy policy1 endpoint 2001:DB8:1::1 color 101
[*PE2-segment-routing-ipv6-policy-policy1] binding-sid 2001:DB8:130::350
[*PE2-segment-routing-ipv6-policy-policy1] candidate-path preference 100
[*PE2-segment-routing-ipv6-policy-policy1-path] segment-list list1
[*PE2-segment-routing-ipv6-policy-policy1-path] commit
[~PE2-segment-routing-ipv6-policy-policy1-path] quit
[~PE2-segment-routing-ipv6-policy-policy1] quit
[~PE2-segment-routing-ipv6] quit配置完成后,执行命令display srv6-te policy查看SRv6 TE Policy信息。
以PE1的显示为例:
[~PE1] display srv6-te policy
PolicyName : policy1
Color : 101 Endpoint : 2001:DB8:3::3
TunnelId : 1 Binding SID : 2001:DB8:100::450
TunnelType : SRv6-TE Policy DelayTimerRemain : -
Policy State : Up State Change Time : 2020-03-03 02:32:11
Admin State : Up Traffic Statistics : Disable
Backup Hot-Standby : Disable BFD : Disable
Interface Index : - Interface Name : -
Interface State : - Encapsulation Mode : Insert
Candidate-path Count : 1
Candidate-path Preference : 100
Path State : Active Path Type : Primary
Protocol-Origin : Configuration(30) Originator : 0, 0.0.0.0
Discriminator : 100 Binding SID : 2001:DB8:100::450
GroupId : 1 Policy Name : policy1
Template ID : 0 Path Verification : Disable
DelayTimerRemain : - Segment-List Count : 1
Segment-List : list1
Segment-List ID : 1 XcIndex : 1
List State : Up DelayTimerRemain : -
Verification State : - SuppressTimeRemain : -
PMTU : 9600 Active PMTU : 9600
Weight : 1 BFD State : -
SID :
2001:DB8:120::20
2001:DB8:130::307.配置隧道策略,引入私网流量
# 配置PE1。
[~PE1] route-policy p1 permit node 10
[*PE1-route-policy] apply extcommunity color 0:101
[*PE1-route-policy] quit
[*PE1] bgp 100
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 2001:DB8:3::3 route-policy p1 import
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] tunnel-policy p1
[*PE1-tunnel-policy-p1] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE1-tunnel-policy-p1] quit
[*PE1] evpn vpn-instance evrf1 vpws
[*PE1-vpws-evpn-instance-evrf] tnl-policy p1
[*PE1-vpws-evpn-instance-evrf] commit
[~PE1-vpws-evpn-instance-evrf] quit# 配置PE2。
[~PE2] route-policy p1 permit node 10
[*PE2-route-policy] apply extcommunity color 0:101
[*PE2-route-policy] quit
[*PE2] bgp 100
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 2001:DB8:1::1 route-policy p1 import
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] tunnel-policy p1
[*PE2-tunnel-policy-p1] tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
[*PE2-tunnel-policy-p1] quit
[*PE2] evpn vpn-instance evrf1 vpws
[*PE2-vpws-evpn-instance-evrf] tnl-policy p1
[*PE2-vpws-evpn-instance-evrf] commit
[~PE2-vpws-evpn-instance-evrf] quit8.检查配置结果
在PE上通过配置命令display bgp evpn evpl,可以查看到EVPL的状态。
以PE1为例:
[~PE1] display bgp evpn evpl
Total EVPLs: 1 1 Up 0 Down
EVPL ID : 1
State : up
Evpl Type : none
Interface : GigabitEthernet2/0/0.1
Ignore AcState : disable
Local MTU : 1500
Local Control Word : false
Local Redundancy Mode : all-active
Local DF State : primary
Local ESI : 0000.0000.0000.0000.0000
Remote Redundancy Mode : all-active
Remote Primary DF Number : 1
Remote Backup DF Number : 0
Remote None DF Number : 0
Peer IP : 2001:DB8:3::3
Origin Nexthop IP : 2001:DB8:3::3
DF State : primary
Eline Role : primary
Remote MTU : 1500
Remote Control Word : false
Remote ESI : 0000.0000.0000.0000.0000
Tunnel info : 1 tunnels
NO.0 Tunnel Type : srv6te-policy, Tunnel ID : 0x000000003400000001
Last Interface UP Timestamp : 2019-8-14 3:21:34:196
Last Designated Primary Timestamp : 2019-8-14 3:23:45:839
Last Designated Backup Timestamp : --在PE上通过配置命令display bgp evpn all routing-table,可以看到远端发来的EVPN路由。
以PE1为例:
[~PE1] display bgp evpn all routing-table
Local AS number : 100
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of A-D Routes: 2
Route Distinguisher: 100:1
Network(ESI/EthTagId) NextHop
*> 0000.0000.0000.0000.0000:100 127.0.0.1
*>i 0000.0000.0000.0000.0000:200 2001:DB8:3::3
EVPN-Instance evrf1:
Number of A-D Routes: 2
Network(ESI/EthTagId) NextHop
*> 0000.0000.0000.0000.0000:100 127.0.0.1
*>i 0000.0000.0000.0000.0000:200 2001:DB8:3::3在PE1上通过配置命令display bgp evpn all routing-table ad-route,可以看到远端发来的EVPN路由的详细信息。
[~PE1] display bgp evpn all routing-table ad-route 0000.0000.0000.0000.0000:200
BGP local router ID : 1.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(100:1): 1
BGP routing table entry information of 0000.0000.0000.0000.0000:200:
Label information (Received/Applied): 3/NULL
From: 2001:DB8:3::3 (3.3.3.3)
Route Duration: 0d00h14m45s
Relay IP Nexthop: FE80::3AC2:67FF:FE31:307
Relay IP Out-Interface:GigabitEthernet1/0/0
Relay Tunnel Out-Interface:
Original nexthop: 2001:DB8:3::3
Qos information : 0x0
Ext-Community: RT <1 : 1>, SoO <3.3.3.3 : 0>, Color <0 : 101>, EVPN L2 Attributes <MTU:1500 C:0 P:1 B:0>
Prefix-sid: 2001:DB8:130::1:0:5A
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Route Type: 1 (Ethernet Auto-Discovery (A-D) route)
ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 200
Not advertised to any peer yet
EVPN-Instance evrf1:
Number of A-D Routes: 1
BGP routing table entry information of 0000.0000.0000.0000.0000:200:
Route Distinguisher: 100:1
Remote-Cross route
Label information (Received/Applied): 3/NULL
From: 2001:DB8:3::3 (3.3.3.3)
Route Duration: 0d00h02m41s
Relay Tunnel Out-Interface: policy1(srv6tepolicy)
Original nexthop: 2001:DB8:3::3
Qos information : 0x0
Ext-Community: RT <1 : 1>, SoO <3.3.3.3 : 0>, Color <0 : 101>, EVPN L2 Attributes <MTU:1500 C:0 P:1 B:0>
Prefix-sid: 2001:DB8:130::1:0:5A
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Route Type: 1 (Ethernet Auto-Discovery (A-D) route)
ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 200
Not advertised to any peer yet
