华为SRv6 BE跨域配置案例

yenggd2025-12-22 9:00

网络规划设计

locator及sid等规划看拓扑图上,已标出,保证所有设备唯一

1、使能各接口的IPv6转发能力,配置各接口的IPv6地址。

2、在各接口上使能IS-IS,配置Level级别,指定网络实体。

3、在ne1和ne6上配置VPN实例。

4、在ne1和AR1之间建立EBGP对等体关系,另一边ne6和AR2采用静态联接配置

5、在ne1和ne6之间建立MP-IBGP对等体关系。

6、在ne1和net6上配置SRv6。配置IS-IS的SRv6能力。

7、最终实现两边使用骨干网跨域srv6 BE的方式11.1.1.1和22.1.1.1互联互通

更多细节来全球计算机技术群讨论!!!

ne1配置

ne1\]dis current-configuration sysname ne1 router id 1.1.1.1 //配置全局router id ip vpn-instance a //起实例 ipv4-family route-distinguisher 1:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::1 //srv6用loopback口地址做为封装源地址 locator 1 ipv6-prefix 2002:1:: 64 static 32 //配置本设备的locator,保证全网唯一 opcode ::1 end-dt4 vpn-instance a //手动定义end dt4,不用手动用动态生成也可以 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0001.00 ipv6 enable topology ipv6 //开户多拓扑 segment-routing ipv6 locator 1 auto-sid-disable //关掉动态自动生成sid功能 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::1/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ip binding vpn-instance a //绑定vpn实例 ip address 10.0.11.1 255.255.255.0 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::1/128 //全网唯一 isis ipv6 enable 1 interface LoopBack1 //主要是给router id用 ip address 1.1.1.1 255.255.255.255 bgp 100 router-id 1.1.1.1 //ipv6 router id必须配,不配建立不了 peer 2001:1::6 as-number 200 peer 2001:1::6 ebgp-max-hop 255 //ebgp默认1跳,改成多跳 peer 2001:1::6 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::6 enable peer 2001:1::6 prefix-sid //发布前缀sid ipv4-family vpn-instance a peer 10.0.11.2 as-number 65100 segment-routing ipv6 locator 1 auto-sid-disable //关掉自动生成 segment-routing ipv6 best-effort //使用srv6 be封装 ### ne2配置 \[ne2\]dis current-configuration sysname ne2 router id 2.2.2.2 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0002.00 ipv6 enable topology ipv6 //中转节点只作普通的ipv6转发就行了,不做其它动作 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::2/128 isis ipv6 enable 1 interface LoopBack1 ip address 2.2.2.2 255.255.255.255 ### ne3配置 \[ne3\]dis current-configuration sysname ne3 router id 3.3.3.3 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0003.00 ipv6 enable topology ipv6 ipv6 import-route bgp //把学到对端AS中ne6的loopback地址和locator前缀发布到自己的IGP中,让本as及ne1学到,用于ne1和ne6建立mp-bgp interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::3/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:34::3/64 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::3/128 isis ipv6 enable 1 interface LoopBack1 ip address 3.3.3.3 255.255.255.255 interface NULL0 bgp 100 router-id 3.3.3.3 peer 2001:DB8:34::4 as-number 200 //和对端asbr建立普通的bgp邻居 ipv4-family unicast undo synchronization ipv6-family unicast undo synchronization network 2001:1::1 128 //发布ne1上的loopback地址给对端AS中ne6学到,用来建立mp-bgp network 2002:1:: 64 //发布ne1上的locator地址给对端AS学到 peer 2001:DB8:34::4 enable //要在ipv6地址族这里确认一下 ### ne4配置 \[ne4\]dis current-configuration sysname ne4 router id 4.4.4.4 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0004.00 ipv6 enable topology ipv6 ipv6 import-route bgp interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:34::4/64 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:45::4/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::4/128 isis ipv6 enable 1 interface LoopBack1 ip address 4.4.4.4 255.255.255.255 interface NULL0 bgp 200 router-id 4.4.4.4 peer 2001:DB8:34::3 as-number 100 ipv4-family unicast undo synchronization ipv6-family unicast undo synchronization network 2001:1::6 128 network 2002:6:: 64 peer 2001:DB8:34::3 enable ### ne5配置 \[ne5\]dis current-configuration sysname ne5 router id 5.5.5.5 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0005.00 ipv6 enable topology ipv6 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:45::5/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:56::5/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::5/128 isis ipv6 enable 1 interface LoopBack1 ip address 5.5.5.5 255.255.255.255 ### ne6配置 \[ne6\]dis current-configuration sysname ne6 router id 6.6.6.6 ip vpn-instance a ipv4-family route-distinguisher 2:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::6 locator 1 ipv6-prefix 2002:6:: 64 static 32 opcode ::6 end-dt4 vpn-instance a isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0006.00 ipv6 enable topology ipv6 segment-routing ipv6 locator 1 auto-sid-disable interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:56::6/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ip binding vpn-instance a ip address 10.0.62.6 255.255.255.0 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::6/128 isis ipv6 enable 1 interface LoopBack1 ip address 6.6.6.6 255.255.255.255 interface NULL0 bgp 200 router-id 6.6.6.6 peer 2001:1::1 as-number 100 peer 2001:1::1 ebgp-max-hop 255 peer 2001:1::1 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::1 enable peer 2001:1::1 prefix-sid ipv4-family vpn-instance a default-route imported import-route static //导入全局配置的静态路由,并通过bgp传给对端AS中的ne1 segment-routing ipv6 locator 1 auto-sid-disable segment-routing ipv6 best-effort ip route-static vpn-instance a 22.1.1.1 255.255.255.255 10.0.62.2 //去往CE也就是AR2的回程路由 AR1和AR2普通常规配置就省略了!!! ### 验证 IGP查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/4359637aa5a94f41a7a45463adb41f0d.png) end.dt4对应的实例查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/74bfe2767873459389d84fe121479767.png) 路由查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/239e12e739704d11a76736cd164b8207.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/b898d3c816974bd9998050d31ba70859.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/5090654beddf4f679571781b5afee231.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/23eac935c67448659bcea97f35c3c69a.png) ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/c2859a578ce04a569f26abc7063e0587.png) locator查看 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/e61f307ea4cf4be3ab620885fe18bafe.png) AR1路由查看及联通性测试 ![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/ace6fa6afdf347ffb88684a6fa46969e.png)

相关推荐
UP_Continue10 分钟前
Linux--进程控制
linux·运维·服务器
qqssss121dfd18 分钟前
STM32H750XBH6的ETH模块移植LWIP
网络·stm32·嵌入式硬件
等什么君!28 分钟前
docker -数据卷技术
运维·docker·容器
酣大智44 分钟前
参考模型--物理层
网络
B2_Proxy2 小时前
IP 来源合规性,正在成为全球业务的隐性门槛
网络·爬虫·网络协议·安全
浩浩测试一下2 小时前
WAF绕过之编码绕过特性篇
计算机网络·web安全·网络安全·网络攻击模型·安全威胁分析·安全架构
小白跃升坊3 小时前
基于1Panel的AI运维
linux·运维·人工智能·ai大模型·教学·ai agent
MMME~3 小时前
Ansible Playbook高效自动化实战指南
网络·自动化·ansible
数据安全科普王3 小时前
从 HTTP/1.1 到 HTTP/3:协议演进如何改变 Web 性能?
网络·其他
杨江3 小时前
seafile docker安装说明
运维
热门推荐
01GitHub 镜像站点02Clawdbot 中文汉化版 接入微信、飞书03OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)042026美赛A题智能手机电池续航时间预测的连续时间数学模型052025 年大语言模型发展回顾:关键突破、意外转折与 2026 年展望06【Milvus】向量数据库pymilvus使用教程072026数学建模美赛题目特点与选题建议,常用四大模型汇总08Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services09Claude Code Skills 实用使用手册10Linux下V2Ray安装配置指南