网络规划设计
打通总部、分支、数据中心两种业务,并且做到业务隔离,骨干网使用srv6 BE进行互联互通,ne2做为RR
locator规划看拓扑图上,已标出,保证所有设备唯一,其它sid全部用动态自动生成
1、使能各接口的IPv6转发能力,配置各接口的IPv6地址。
2、在各接口上使能IS-IS,配置Level级别,指定网络实体。
3、在ne1、ne4、ne3上配置VPN实例。
4、在ne1和AR1之间建立ospf关系,另一边ne3和AR2采用静态联接配置,ne4与ar3用bgp联接
5、在ne2为ne1、ne3、ne4的RR
6、在ne1、ne4、ne3上配置SRv6。配置IS-IS的SRv6能力。
7、最终实现企业总部-分支-数据中心两种业务OA、RD相互隔离,OA业务只可以和OA业务互联互通,RD业务只能和RD业务互通。
更多细节来全球计算机技术群讨论!!!
ne1配置
ne1\]dis current-configuration !Software Version V800R011C00SPC607B607 !Last configuration was updated at 2025-12-21 22:40:36+00:00 !Last configuration was saved at 2025-12-21 21:30:00+00:00 sysname ne1 set neid 18a8b vsm on-board-mode enable snmp-agent trap type base-trap icmp rate-limit disable router id 1.1.1.1 ip vpn-instance OA ipv4-family route-distinguisher 11:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity ip vpn-instance RD ipv4-family route-distinguisher 11:2 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::1 //用loopback口封装 locator 1 ipv6-prefix 2002:1:: 64 static 32 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0001.00 ipv6 enable topology ipv6 segment-routing ipv6 locator 1 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::1/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown undo dcn undo dcn mode vlan interface Ethernet1/0/1.11 ip binding vpn-instance OA ip address 10.0.11.2 255.255.255.0 encapsulation dot1q-termination dot1q termination vid 11 arp broadcast enable interface Ethernet1/0/1.21 ip binding vpn-instance RD ip address 10.0.21.2 255.255.255.0 encapsulation dot1q-termination dot1q termination vid 21 arp broadcast enable interface LoopBack0 ipv6 enable ipv6 address 2001:1::1/128 isis ipv6 enable 1 interface LoopBack1 ip address 1.1.1.1 255.255.255.255 interface NULL0 bgp 100 router-id 1.1.1.1 peer 2001:1::2 as-number 100 peer 2001:1::2 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::2 enable peer 2001:1::2 prefix-sid ipv4-family vpn-instance OA import-route ospf 1 segment-routing ipv6 locator 1 //添加SID属性 segment-routing ipv6 best-effort //使能根据路由携带的SID属性进行隧道迭代的功能 ipv4-family vpn-instance RD import-route ospf 2 segment-routing ipv6 locator 1 segment-routing ipv6 best-effort ospf 1 vpn-instance OA import-route bgp area 0.0.0.0 network 10.0.11.2 0.0.0.0 ospf 2 vpn-instance RD import-route bgp area 0.0.0.0 network 10.0.21.2 0.0.0.0 ### ne2配置 \[ne2\]dis current-configuration !Software Version V800R011C00SPC607B607 !Last configuration was updated at 2025-12-21 22:28:01+00:00 !Last configuration was saved at 2025-12-21 21:30:00+00:00 sysname ne2 set neid 18a89 vsm on-board-mode enable snmp-agent trap type base-trap icmp rate-limit disable router id 2.2.2.2 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0002.00 ipv6 enable topology ipv6 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:12::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::2/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/2 undo shutdown ipv6 enable ipv6 address 2001:DB8:24::2/64 isis ipv6 enable 1 undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::2/128 isis ipv6 enable 1 interface LoopBack1 ip address 2.2.2.2 255.255.255.255 interface NULL0 bgp 100 router-id 2.2.2.2 peer 2001:1::1 as-number 100 peer 2001:1::1 connect-interface LoopBack0 peer 2001:1::3 as-number 100 peer 2001:1::3 connect-interface LoopBack0 peer 2001:1::4 as-number 100 peer 2001:1::4 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 undo policy vpn-target peer 2001:1::1 enable peer 2001:1::1 reflect-client peer 2001:1::1 prefix-sid peer 2001:1::3 enable peer 2001:1::3 reflect-client peer 2001:1::3 prefix-sid peer 2001:1::4 enable peer 2001:1::4 reflect-client peer 2001:1::4 prefix-sid ### ne3配置 \[ne3\]dis current-configuration !Software Version V800R011C00SPC607B607 !Last configuration was updated at 2025-12-21 22:37:21+00:00 !Last configuration was saved at 2025-12-21 21:30:00+00:00 sysname ne3 set neid 18a8c vsm on-board-mode enable snmp-agent trap type base-trap icmp rate-limit disable router id 3.3.3.3 ip vpn-instance OA ipv4-family route-distinguisher 3:3 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::3 locator 1 ipv6-prefix 2002:3:: 64 static 32 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0003.00 ipv6 enable topology ipv6 segment-routing ipv6 locator 1 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:23::3/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown ip binding vpn-instance OA ip address 10.0.32.3 255.255.255.0 undo dcn undo dcn mode vlan interface LoopBack0 ipv6 enable ipv6 address 2001:1::3/128 isis ipv6 enable 1 interface LoopBack1 ip address 3.3.3.3 255.255.255.255 interface NULL0 bgp 100 router-id 3.3.3.3 peer 2001:1::2 as-number 100 peer 2001:1::2 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::2 enable peer 2001:1::2 prefix-sid ipv4-family vpn-instance OA default-route imported import-route static segment-routing ipv6 locator 1 segment-routing ipv6 best-effort ### ne4配置 \[ne4-bgp\]dis current-configuration !Software Version V800R011C00SPC607B607 !Last configuration was updated at 2025-12-21 22:17:47+00:00 !Last configuration was saved at 2025-12-21 21:30:00+00:00 sysname ne4 set neid 18a8a vsm on-board-mode enable snmp-agent trap type base-trap icmp rate-limit disable router id 4.4.4.4 ip vpn-instance OA ipv4-family route-distinguisher 4:4 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity ip vpn-instance RD ipv4-family route-distinguisher 4:5 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity segment-routing ipv6 encapsulation source-address 2001:1::4 locator 1 ipv6-prefix 2002:4:: 64 static 32 isis 1 is-level level-2 cost-style wide network-entity 49.0001.0000.0000.0004.00 ipv6 enable topology ipv6 segment-routing ipv6 locator 1 interface Ethernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001:DB8:24::4/64 isis ipv6 enable 1 undo dcn undo dcn mode vlan interface Ethernet1/0/1 undo shutdown undo dcn undo dcn mode vlan interface Ethernet1/0/1.31 ip binding vpn-instance OA ip address 10.0.31.4 255.255.255.0 encapsulation dot1q-termination dot1q termination vid 31 arp broadcast enable interface Ethernet1/0/1.41 ip binding vpn-instance RD ip address 10.0.41.4 255.255.255.0 encapsulation dot1q-termination dot1q termination vid 41 arp broadcast enable interface LoopBack0 ipv6 enable ipv6 address 2001:1::4/128 isis ipv6 enable 1 interface LoopBack1 ip address 4.4.4.4 255.255.255.255 interface NULL0 bgp 100 router-id 4.4.4.4 peer 2001:1::2 as-number 100 peer 2001:1::2 connect-interface LoopBack0 ipv4-family unicast undo synchronization ipv4-family vpnv4 policy vpn-target peer 2001:1::2 enable peer 2001:1::2 prefix-sid ipv4-family vpn-instance OA advertise l2vpn evpn peer 10.0.31.3 as-number 65100 segment-routing ipv6 locator 1 segment-routing ipv6 best-effort ipv4-family vpn-instance RD advertise l2vpn evpn peer 10.0.41.3 as-number 65100 segment-routing ipv6 locator 1 segment-routing ipv6 best-effort ### AR1配置 dis current-configuration \[V200R003C00
sysname r1
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
router id 1.1.1.1
set cpu-usage threshold 80 restore 75
ip vpn-instance OA
ipv4-family
route-distinguisher 1:1
ip vpn-instance RD
ipv4-family
route-distinguisher 1:2
interface GigabitEthernet0/0/0.11
dot1q termination vid 11
ip binding vpn-instance OA
ip address 10.0.11.1 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/0.21
dot1q termination vid 21
ip binding vpn-instance RD
ip address 10.0.21.1 255.255.255.0
arp broadcast enable
interface LoopBack0
ip binding vpn-instance OA
ip address 11.1.1.1 255.255.255.255
interface LoopBack1
ip binding vpn-instance RD
ip address 21.1.1.1 255.255.255.255
ospf 1 vpn-instance OA
vpn-instance-capability simple
area 0.0.0.0
network 10.0.11.1 0.0.0.0
network 11.1.1.1 0.0.0.0
ospf 2 vpn-instance RD
vpn-instance-capability simple //禁止路由环路检测,直接进行路由计算
area 0.0.0.0
network 10.0.21.1 0.0.0.0
network 21.1.1.1 0.0.0.0
AR2配置
dis current-configuration
V200R003C00
sysname r2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
interface GigabitEthernet0/0/0
ip address 10.0.32.2 255.255.255.0
interface LoopBack0
ip address 51.1.1.1 255.255.255.255
ip route-static 0.0.0.0 0.0.0.0 10.0.32.3
AR3配置
dis current-configuration
V200R003C00
sysname r3
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
ip vpn-instance OA
ipv4-family
route-distinguisher 3:1
ip vpn-instance RD
ipv4-family
route-distinguisher 3:2
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/0.11
dot1q termination vid 31
ip binding vpn-instance OA
ip address 10.0.31.3 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/0.12
dot1q termination vid 41
ip binding vpn-instance RD
ip address 10.0.41.3 255.255.255.0
arp broadcast enable
interface LoopBack0
ip binding vpn-instance OA
ip address 31.1.1.1 255.255.255.255
interface LoopBack1
ip binding vpn-instance RD
ip address 41.1.1.1 255.255.255.255
bgp 65100
router-id 31.3.3.3
ipv4-family unicast
undo synchronization
ipv4-family vpn-instance OA
network 31.1.1.1 255.255.255.255
peer 10.0.31.4 as-number 100
ipv4-family vpn-instance RD
network 41.1.1.1 255.255.255.255
peer 10.0.41.4 as-number 100
结果验证
sid信息查看
路由查看
各业务联通性测试
