1.实验拓扑:
2.基础配置(每一步在结果验证都有对应):
a.Domain的基础配置(IGP,IP地址)
NE1:
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0001.0000.0000.0001.00
#
int g3/0/1
ip add 10.1.13.1 24
isis en 1
int g3/0/2
ip add 10.1.12.1 24
isis en 1
int l0
ip add 1.1.1.1 32
isis en 1
NE2:
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0001.0000.0000.0002.00
#
int g3/0/0
ip add 10.1.12.2 24
isis en 1
int g3/0/1
ip add 10.1.24.2 24
isis en 1
int l0
ip add 2.2.2.2 32
isis en 1
NE3:
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0001.0000.0000.0003.00
#
int g3/0/0
ip add 10.1.13.3 24
isis en 1
int g3/0/1
ip add 10.1.34.3 24
isis en 1
int l0
ip add 3.3.3.3 32
isis en 1
NE4:
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0001.0000.0000.0004.00
#
int g3/0/1
ip add 10.1.34.4 24
isis en 1
int g3/0/2
ip add 10.1.24.4 24
isis en 1
int l0
ip add 4.4.4.4 32
isis en 1b.使能MPLS,配置Segment Routing,使能TI-LFA FRR
NE1:
mpls lsr 1.1.1.1
mpls
segment-routing
isis 1
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate level-2
ti-lfa level-2
int l0
isis prefix-sid index 10
NE2:
mpls lsr 2.2.2.2
mpls
segment-routing
isis 1
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate level-2
ti-lfa level-2
int l0
isis prefix-sid index 20
NE3:
mpls lsr 3.3.3.3
mpls
segment-routing
isis 1
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate level-2
ti-lfa level-2
int l0
isis prefix-sid index 30
NE4:
mpls lsr 4.4.4.4
mpls
segment-routing
isis 1
segment-routing mpls
segment-routing global-block 16000 23999
frr
loop-free-alternate level-2
ti-lfa level-2
int l0
isis prefix-sid index 40c.Site1和Domain之间EBGP邻居建立
Site1:
NE1:
#
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
interface GigabitEthernet3/0/0
ip binding vpn-instance a
ip address 10.1.15.1 255.255.255.0
#
bgp 300
router-id 1.1.1.1
peer 10.1.15.5 as-number 100
#
ipv4-family vpn-instance a
peer 10.1.15.5 as-number 100
#
NE5:
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.15.5 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 100
router-id 5.5.5.5
peer 10.1.15.1 as-number 300
#
ipv4-family unicast
undo synchronization
network 5.5.5.5 255.255.255.255
peer 10.1.15.1 enable
#
Site2:
NE4:
#
ip vpn-instance a
ipv4-family
route-distinguisher 1:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
interface GigabitEthernet3/0/0
ip binding vpn-instance a
ip address 10.1.46.4 255.255.255.0
#
bgp 300
router-id 4.4.4.4
peer 10.1.46.6 as-number 200
#
ipv4-family vpn-instance a
peer 10.1.46.6 as-number 200
#
NE6:
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.1.46.6 255.255.255.0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
#
bgp 200
router-id 6.6.6.6
peer 10.1.46.4 as-number 300
#
ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
peer 10.1.46.4 enable
#d.Domain的PE之间MP-BGP建立
NE1:
bgp 300
router-id 1.1.1.1
peer 4.4.4.4 as-number 300
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
NE4:
bgp 300
router-id 4.4.4.4
peer 1.1.1.1 as-number 300
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#3.结果验证:
a.ISIS邻居建立
b.SR的隧道建立
c.Site和Domain之间EBGP邻居建立
d.Domain的PE之间MP-BGP邻居建立
e.NE5和NE6是否ping通
4.总结:
a.Segment Routing-BE和MPLS-BE的区别
首先不需要再开启mpls ldp协议,简化了控制平面
不需要在接口开启mpls来传递标签,而是通过IGP协议来传递标签,简化控制平面
b.TI-FRR LFA的作用:
可以让SR的拓扑一值有无环的备份路径(前提是没有一些故障导致每一条路都不通)
c.转发方式
先封装私网标签,在封装公网SR标签