华为SRv6 BE跨域配置案例

yenggd2025-12-22 9:00

网络规划设计

locator及sid等规划看拓扑图上,已标出,保证所有设备唯一

1、使能各接口的IPv6转发能力,配置各接口的IPv6地址。

2、在各接口上使能IS-IS,配置Level级别,指定网络实体。

3、在ne1和ne6上配置VPN实例。

4、在ne1和AR1之间建立EBGP对等体关系,另一边ne6和AR2采用静态联接配置

5、在ne1和ne6之间建立MP-IBGP对等体关系。

6、在ne1和net6上配置SRv6。配置IS-IS的SRv6能力。

7、最终实现两边使用骨干网跨域srv6 BE的方式11.1.1.1和22.1.1.1互联互通

更多细节来全球计算机技术群讨论!!!

ne1配置

ne1\]dis current-configuration sysname ne1 router id 1.1.1.1 //配置全局router id ip vpn-instance a //起实例 ipv4-family route-distinguisher 1:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::1 //srv6用loopback口地址做为封装源地址 locator 1 ipv6-prefix 2002:1:: 64 static 32 //配置本设备的locator,保证全网唯一 opcode ::1 end-dt4 vpn-instance a //手动定义end dt4,不用手动用动态生成也可以 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0001.00 ipv6 enable topology ipv6 //开户多拓扑 segment-routing ipv6 locator 1 auto-sid-disable //关掉动态自动生成sid功能 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::1/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ip binding vpn-instance a //绑定vpn实例 ip address 10.0.11.1 255.255.255.0 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::1/128 //全网唯一 isis ipv6 enable 1 interface LoopBack1 //主要是给router id用 ip address 1.1.1.1 255.255.255.255 bgp 100 router-id 1.1.1.1 //ipv6 router id必须配,不配建立不了 peer 2001:1::6 as-number 200 peer 2001:1::6 ebgp-max-hop 255 //ebgp默认1跳,改成多跳 peer 2001:1::6 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::6 enable peer 2001:1::6 prefix-sid //发布前缀sid ipv4-family vpn-instance a peer 10.0.11.2 as-number 65100 segment-routing ipv6 locator 1 auto-sid-disable //关掉自动生成 segment-routing ipv6 best-effort //使用srv6 be封装 ### ne2配置 \[ne2\]dis current-configuration sysname ne2 router id 2.2.2.2 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0002.00 ipv6 enable topology ipv6 //中转节点只作普通的ipv6转发就行了,不做其它动作 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::2/128 isis ipv6 enable 1 interface LoopBack1 ip address 2.2.2.2 255.255.255.255 ### ne3配置 \[ne3\]dis current-configuration sysname ne3 router id 3.3.3.3 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0003.00 ipv6 enable topology ipv6 ipv6 import-route bgp //把学到对端AS中ne6的loopback地址和locator前缀发布到自己的IGP中,让本as及ne1学到,用于ne1和ne6建立mp-bgp interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::3/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:34::3/64 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::3/128 isis ipv6 enable 1 interface LoopBack1 ip address 3.3.3.3 255.255.255.255 interface NULL0 bgp 100 router-id 3.3.3.3 peer 2001:DB8:34::4 as-number 200 //和对端asbr建立普通的bgp邻居 ipv4-family unicast undo synchronization ipv6-family unicast undo synchronization network 2001:1::1 128 //发布ne1上的loopback地址给对端AS中ne6学到,用来建立mp-bgp network 2002:1:: 64 //发布ne1上的locator地址给对端AS学到 peer 2001:DB8:34::4 enable //要在ipv6地址族这里确认一下 ### ne4配置 \[ne4\]dis current-configuration sysname ne4 router id 4.4.4.4 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0004.00 ipv6 enable topology ipv6 ipv6 import-route bgp interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:34::4/64 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:45::4/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::4/128 isis ipv6 enable 1 interface LoopBack1 ip address 4.4.4.4 255.255.255.255 interface NULL0 bgp 200 router-id 4.4.4.4 peer 2001:DB8:34::3 as-number 100 ipv4-family unicast undo synchronization ipv6-family unicast undo synchronization network 2001:1::6 128 network 2002:6:: 64 peer 2001:DB8:34::3 enable ### ne5配置 \[ne5\]dis current-configuration sysname ne5 router id 5.5.5.5 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0005.00 ipv6 enable topology ipv6 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:45::5/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:56::5/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::5/128 isis ipv6 enable 1 interface LoopBack1 ip address 5.5.5.5 255.255.255.255 ### ne6配置 \[ne6\]dis current-configuration sysname ne6 router id 6.6.6.6 ip vpn-instance a ipv4-family route-distinguisher 2:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::6 locator 1 ipv6-prefix 2002:6:: 64 static 32 opcode ::6 end-dt4 vpn-instance a isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0006.00 ipv6 enable topology ipv6 segment-routing ipv6 locator 1 auto-sid-disable interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:56::6/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ip binding vpn-instance a ip address 10.0.62.6 255.255.255.0 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::6/128 isis ipv6 enable 1 interface LoopBack1 ip address 6.6.6.6 255.255.255.255 interface NULL0 bgp 200 router-id 6.6.6.6 peer 2001:1::1 as-number 100 peer 2001:1::1 ebgp-max-hop 255 peer 2001:1::1 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::1 enable peer 2001:1::1 prefix-sid ipv4-family vpn-instance a default-route imported import-route static //导入全局配置的静态路由,并通过bgp传给对端AS中的ne1 segment-routing ipv6 locator 1 auto-sid-disable segment-routing ipv6 best-effort ip route-static vpn-instance a 22.1.1.1 255.255.255.255 10.0.62.2 //去往CE也就是AR2的回程路由 AR1和AR2普通常规配置就省略了!!! ### 验证 IGP查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/4359637aa5a94f41a7a45463adb41f0d.png) end.dt4对应的实例查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/74bfe2767873459389d84fe121479767.png) 路由查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/239e12e739704d11a76736cd164b8207.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/b898d3c816974bd9998050d31ba70859.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/5090654beddf4f679571781b5afee231.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/23eac935c67448659bcea97f35c3c69a.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/c2859a578ce04a569f26abc7063e0587.png) locator查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/e61f307ea4cf4be3ab620885fe18bafe.png) AR1路由查看及联通性测试 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/ace6fa6afdf347ffb88684a6fa46969e.png)

相关推荐
sunfove8 分钟前
光网络的立交桥:光开关 (Optical Switch) 原理与主流技术解析
网络
HIT_Weston24 分钟前
93、【Ubuntu】【Hugo】搭建私人博客:面包屑(一)
linux·运维·ubuntu
cuijiecheng20181 小时前
Linux下Beyond Compare过期
linux·运维·服务器
喵叔哟1 小时前
20.部署与运维
运维·docker·容器·.net
HIT_Weston1 小时前
92、【Ubuntu】【Hugo】搭建私人博客:侧边导航栏(六)
linux·运维·ubuntu
CodeAllen嵌入式1 小时前
Windows 11 本地安装 WSL 支持 Ubuntu 24.04 完整指南
linux·运维·ubuntu
Kevin Wang7273 小时前
欧拉系统服务部署注意事项
网络·windows
min1811234563 小时前
深度伪造内容的检测与溯源技术
大数据·网络·人工智能
汤愈韬3 小时前
Full Cone Nat
网络·网络协议·网络安全·security·huawei
zbtlink4 小时前
现在还需要带电池的路由器吗?是用来干嘛的?
网络·智能路由器
热门推荐
01GitHub 镜像站点02Labelme从安装到标注:零基础完整指南03Linux下V2Ray安装配置指南04安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)05jdk21下载、安装(Windows、Linux、macOS)06Claude Code 2.1.2 升级报错?别折腾了,一行命令搞定07【踩坑笔记】50系显卡适配的 PyTorch 安装08KGG转MP3工具|非KGM文件|解密音频092025-04-03 Latex学习1——本地配置Latex + VScode环境10UV安装并设置国内源