网络规划设计
打通总部、分支、数据中心两种业务,并且做到业务隔离,骨干网使用srv6 BE进行互联互通,ne2做为RR
locator规划看拓扑图上,已标出,保证所有设备唯一,其它sid全部用动态自动生成
1、使能各接口的IPv6转发能力,配置各接口的IPv6地址。
2、在各接口上使能IS-IS,配置Level级别,指定网络实体。
3、在ne1、ne4、ne3上配置VPN实例。
4、在ne1和AR1之间建立ospf关系,另一边ne3和AR2采用静态联接配置,ne4与ar3用bgp联接
5、在ne2为ne1、ne3、ne4的RR
6、在ne1、ne4、ne3上配置SRv6。配置IS-IS的SRv6能力。
7、最终实现企业总部-分支-数据中心两种业务OA、RD相互隔离,OA业务只可以和OA业务互联互通,RD业务只能和RD业务互通。
更多细节来全球计算机技术群讨论!!!
ne1配置
ne1dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:40:36+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00
sysname ne1
set neid 18a8b
vsm on-board-mode enable
snmp-agent trap type base-trap
icmp rate-limit disable
router id 1.1.1.1
ip vpn-instance OA
ipv4-family
route-distinguisher 11:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
ip vpn-instance RD
ipv4-family
route-distinguisher 11:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
segment-routing ipv6
encapsulation source-address 2001:1::1 //用loopback口封装
locator 1 ipv6-prefix 2002:1:: 64 static 32
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0001.00
ipv6 enable topology ipv6
segment-routing ipv6 locator 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:12::1/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1
undo shutdown
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1.11
ip binding vpn-instance OA
ip address 10.0.11.2 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 11
arp broadcast enable
interface Ethernet1/0/1.21
ip binding vpn-instance RD
ip address 10.0.21.2 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 21
arp broadcast enable
interface LoopBack0
ipv6 enable
ipv6 address 2001:1::1/128
isis ipv6 enable 1
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
interface NULL0
bgp 100
router-id 1.1.1.1
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid
ipv4-family vpn-instance OA
import-route ospf 1
segment-routing ipv6 locator 1 //添加SID属性
segment-routing ipv6 best-effort //使能根据路由携带的SID属性进行隧道迭代的功能
ipv4-family vpn-instance RD
import-route ospf 2
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort
ospf 1 vpn-instance OA
import-route bgp
area 0.0.0.0
network 10.0.11.2 0.0.0.0
ospf 2 vpn-instance RD
import-route bgp
area 0.0.0.0
network 10.0.21.2 0.0.0.0
ne2配置
ne2dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:28:01+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00
sysname ne2
set neid 18a89
vsm on-board-mode enable
snmp-agent trap type base-trap
icmp rate-limit disable
router id 2.2.2.2
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0002.00
ipv6 enable topology ipv6
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:12::2/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:23::2/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan
interface Ethernet1/0/2
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:24::2/64
isis ipv6 enable 1
undo dcn mode vlan
interface LoopBack0
ipv6 enable
ipv6 address 2001:1::2/128
isis ipv6 enable 1
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
interface NULL0
bgp 100
router-id 2.2.2.2
peer 2001:1::1 as-number 100
peer 2001:1::1 connect-interface LoopBack0
peer 2001:1::3 as-number 100
peer 2001:1::3 connect-interface LoopBack0
peer 2001:1::4 as-number 100
peer 2001:1::4 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
ipv4-family vpnv4
undo policy vpn-target
peer 2001:1::1 enable
peer 2001:1::1 reflect-client
peer 2001:1::1 prefix-sid
peer 2001:1::3 enable
peer 2001:1::3 reflect-client
peer 2001:1::3 prefix-sid
peer 2001:1::4 enable
peer 2001:1::4 reflect-client
peer 2001:1::4 prefix-sid
ne3配置
ne3dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:37:21+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00
sysname ne3
set neid 18a8c
vsm on-board-mode enable
snmp-agent trap type base-trap
icmp rate-limit disable
router id 3.3.3.3
ip vpn-instance OA
ipv4-family
route-distinguisher 3:3
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
segment-routing ipv6
encapsulation source-address 2001:1::3
locator 1 ipv6-prefix 2002:3:: 64 static 32
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0003.00
ipv6 enable topology ipv6
segment-routing ipv6 locator 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:23::3/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1
undo shutdown
ip binding vpn-instance OA
ip address 10.0.32.3 255.255.255.0
undo dcn
undo dcn mode vlan
interface LoopBack0
ipv6 enable
ipv6 address 2001:1::3/128
isis ipv6 enable 1
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
interface NULL0
bgp 100
router-id 3.3.3.3
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid
ipv4-family vpn-instance OA
default-route imported
import-route static
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort
ne4配置
ne4-bgpdis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:17:47+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00
sysname ne4
set neid 18a8a
vsm on-board-mode enable
snmp-agent trap type base-trap
icmp rate-limit disable
router id 4.4.4.4
ip vpn-instance OA
ipv4-family
route-distinguisher 4:4
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
ip vpn-instance RD
ipv4-family
route-distinguisher 4:5
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
segment-routing ipv6
encapsulation source-address 2001:1::4
locator 1 ipv6-prefix 2002:4:: 64 static 32
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0004.00
ipv6 enable topology ipv6
segment-routing ipv6 locator 1
interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:24::4/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1
undo shutdown
undo dcn
undo dcn mode vlan
interface Ethernet1/0/1.31
ip binding vpn-instance OA
ip address 10.0.31.4 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 31
arp broadcast enable
interface Ethernet1/0/1.41
ip binding vpn-instance RD
ip address 10.0.41.4 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 41
arp broadcast enable
interface LoopBack0
ipv6 enable
ipv6 address 2001:1::4/128
isis ipv6 enable 1
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
interface NULL0
bgp 100
router-id 4.4.4.4
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid
ipv4-family vpn-instance OA
advertise l2vpn evpn
peer 10.0.31.3 as-number 65100
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort
ipv4-family vpn-instance RD
advertise l2vpn evpn
peer 10.0.41.3 as-number 65100
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort
AR1配置
dis current-configuration
V200R003C00
sysname r1
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
router id 1.1.1.1
set cpu-usage threshold 80 restore 75
ip vpn-instance OA
ipv4-family
route-distinguisher 1:1
ip vpn-instance RD
ipv4-family
route-distinguisher 1:2
interface GigabitEthernet0/0/0.11
dot1q termination vid 11
ip binding vpn-instance OA
ip address 10.0.11.1 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/0.21
dot1q termination vid 21
ip binding vpn-instance RD
ip address 10.0.21.1 255.255.255.0
arp broadcast enable
interface LoopBack0
ip binding vpn-instance OA
ip address 11.1.1.1 255.255.255.255
interface LoopBack1
ip binding vpn-instance RD
ip address 21.1.1.1 255.255.255.255
ospf 1 vpn-instance OA
vpn-instance-capability simple
area 0.0.0.0
network 10.0.11.1 0.0.0.0
network 11.1.1.1 0.0.0.0
ospf 2 vpn-instance RD
vpn-instance-capability simple //禁止路由环路检测,直接进行路由计算
area 0.0.0.0
network 10.0.21.1 0.0.0.0
network 21.1.1.1 0.0.0.0
AR2配置
dis current-configuration
V200R003C00
sysname r2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
interface GigabitEthernet0/0/0
ip address 10.0.32.2 255.255.255.0
interface LoopBack0
ip address 51.1.1.1 255.255.255.255
ip route-static 0.0.0.0 0.0.0.0 10.0.32.3
AR3配置
dis current-configuration
V200R003C00
sysname r3
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
ip vpn-instance OA
ipv4-family
route-distinguisher 3:1
ip vpn-instance RD
ipv4-family
route-distinguisher 3:2
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/0.11
dot1q termination vid 31
ip binding vpn-instance OA
ip address 10.0.31.3 255.255.255.0
arp broadcast enable
interface GigabitEthernet0/0/0.12
dot1q termination vid 41
ip binding vpn-instance RD
ip address 10.0.41.3 255.255.255.0
arp broadcast enable
interface LoopBack0
ip binding vpn-instance OA
ip address 31.1.1.1 255.255.255.255
interface LoopBack1
ip binding vpn-instance RD
ip address 41.1.1.1 255.255.255.255
bgp 65100
router-id 31.3.3.3
ipv4-family unicast
undo synchronization
ipv4-family vpn-instance OA
network 31.1.1.1 255.255.255.255
peer 10.0.31.4 as-number 100
ipv4-family vpn-instance RD
network 41.1.1.1 255.255.255.255
peer 10.0.41.4 as-number 100
结果验证
sid信息查看
路由查看
各业务联通性测试
