L3VPNv4 over SRV6 TE Policy（HCIE）

标签：L3VPNv4 HCIE over bgp NE2 routing ipv6 policy segment

配置思路：

①基础配置

(1)IPv6地址配置

(2)配置ISIS（开启ipv6功能）

(3)CE与PE之间创建VPN实例，建立vpn实例EBGP

(4)PE之间创建VPNv4邻居关系

(5)启用SRv6，locater从ISIS中通告出去

②设置路径列表，SRv6设置源，定义color绑定SID

（SID需要在本地范围内）（列表也需要写回程）

③设置color路由图，应用在BGPipv4进程中

（回程也需要）

④接着在vpn实例的邻居内进行TE引流，在vpnv4的邻居中通告sid

配置：

①基础配置

(1)IPv6地址配置

[NE6]int ethe 3/0/0

[NE6-Ethernet3/0/0]ipv en

[NE6-Ethernet3/0/0]ipv add 26::6 64

[NE6]int ethe 3/0/2

[NE6-Ethernet3/0/2]ipv en

[NE6-Ethernet3/0/2]ipv add 67::6 64

[NE6]int ethe 3/0/1

[NE6-Ethernet3/0/1]ipv en

[NE6-Ethernet3/0/1]ipv add 68::6 64

[NE6]int lo1

[NE6-LoopBack1]ipv en

[NE6-LoopBack1] ipv add 6000::1 128

(2)配置ISIS（开启ipv6功能）

[NE2]isis

[NE2-isis-1]is-level level-2

[NE2-isis-1]cost-style wide

[NE2-isis-1]network-entity 49.0001.0000.0000.0002.00

[NE2-isis-1]ipv6 enable topology ipv6-----ipv6的ISIS

[NE2-isis-1]int ethe3/0/1

[NE2-Ethernet3/0/1]isis ipv6 enable

[NE2]int ethe3/0/2  

[NE2-Ethernet3/0/2]isis ipv6 enable

[NE2]int lo1

[NE2-LoopBack1]isis ipv6 enable

(3)CE与PE之间创建VPN实例，建立vpn实例EBGP

[NE1]bgp 1

[NE1-bgp]peer 1.1.12.2 as-number 100

[NE1-bgp]network 1.1.1.1 32

[NE2]ip vpn-instance A

[NE2-vpn-instance-A]route-distinguisher 1:1

[NE2-vpn-instance-A-af-ipv4]vpn-targe 1:1

[NE2-vpn-instance-A-af-ipv4]int ethe3/0/0

[NE2-Ethernet3/0/0]ip binding vpn-instance A

[NE2-Ethernet3/0/0]ip add 1.1.12.2 24

[NE2]bgp 100

[NE2-bgp]ipv4-family vpn-instance A

[NE2-bgp-A]peer 1.1.12.1 as-number 1

[NE2-bgp-A]network 1.1.12.0 24

（右边的PE与CE同理）

(4)PE之间创建VPNv4邻居关系

[NE2]bgp 100

[NE2-bgp]peer 3000::1 as-number 100

[NE2-bgp]peer 3000::1 connect-interface lo1

[NE2-bgp]ipv4-family vpnv4

[NE2-bgp-af-vpnv4]peer 3000::1 enable

(5)启用SRv6，locater从ISIS中通告出去

[NE2]segment-routing ipv6

[NE2-segment-routing-ipv6]locator NE2 ipv6-prefix 2222:2:: 64 static 32

[NE2]isis

[NE2-isis-1]segment-routing ipv6 locator NE2（ISP中的每台设备都需要配置）

[NE2-bgp]router-id 2.2.2.2------------------记得配置RID（否则无法正常学习到邻居）--关键

Warning: Changing the parameter in this command resets the peer session. Continue? [Y/N]:y

②设置路径列表，SRv6设置源，定义color绑定SID

（SID需要在本地范围内）（列表也需要写回程）

[NE2]segment-routing ipv6

[NE2-segment-routing-ipv6]encapsulation source-address 2000::1----设置源

[NE2-segment-routing-ipv6]locator NE2 ipv6-prefix 2222:2:: 64 static 32

[NE2-segment-routing-ipv6-locator]opcode ::100 end psp-------KEY

[NE2-segment-routing-ipv6]srv6-te-policy locator NE2

[NE2-segment-routing-ipv6]segment-list list2583

[NE2-segment-routing-ipv6-segment-list-list2583]index 10 sid ipv6 5555:5::100

[NE2-segment-routing-ipv6-segment-list-list2583]index 20 sid ipv6 8888:8::100

[NE2-segment-routing-ipv6-segment-list-list2583]index 30 sid ipv6 3333:3::100

[NE2-segment-routing-ipv6]srv6-te policy p2583 endpoint 3000::1 color 30

[NE2-segment-routing-ipv6-policy-p2583]binding-sid 2222:2::1

[NE2-segment-routing-ipv6-policy-p2583]candidate-path preference 100

[NE2-segment-routing-ipv6-policy-p2583-path]segment-list list2583

[NE3-segment-routing-ipv6]dis this

#

segment-routing ipv6

 encapsulation source-address 3000::1

 locator NE3 ipv6-prefix 3333:3:: 64 static 32

  opcode ::100 end psp

 srv6-te-policy locator NE3

 segment-list list3852

  index 10 sid ipv6 8888:8::100

  index 20 sid ipv6 5555:5::100

  index 30 sid ipv6 2222:2::100

 srv6-te policy p3852 endpoint 2000::1 color 20

  binding-sid 3333:3::1

  candidate-path preference 100

   segment-list list3852

其他设备也需要填写这个命令（end是更换下一个头部）否则无法去掉头部

[NE5-segment-routing-ipv6] locator NE5 ipv6-prefix 5555:5:: 64 static 32

[NE5-segment-routing-ipv6-locator]opcode ::100 end psp-------遇到100则弹掉改写下一跳信息

③设置color路由图，应用在BGPipv4进程中

（回程也需要）

[NE2]ip ip-prefix net permit 4.4.4.4 32   

[NE2]route-policy color permit node 10    

[NE2-route-policy]if-match ip-prefix net

[NE2-route-policy]apply extcommunity color 00:30

[NE2]route-policy color permit node 20

[NE2-route-policy]quit

[NE2]bgp 100

[NE2-bgp]ipv4-family vpnv4

[NE2-bgp-af-vpnv4]peer 3000:1 route-policy color import 

④接着在vpn实例的邻居内进行TE引流，在vpnv4的邻居中通告sid

[NE2]bgp 100

[NE2-bgp]ipv4-family vpn-instance A

[NE2-bgp-A]segment-routing ipv6 traffic-engineer best-effort

[NE2-bgp-A]segment-routing ipv6 locator NE2

[NE2-bgp]ipv4-family vpnv4

[NE2-bgp-af-vpnv4]peer 3000::1 prefix-sid-------激活pre前缀

[NE3-bgp]dis this

#

bgp 100

 private-4-byte-as enable

 peer 2000::1 as-number 100

 peer 2000::1 connect-interface LoopBack1

 #

 ipv4-family unicast

  undo synchronization

 #

 ipv4-family vpnv4

  policy vpn-target

  peer 2000::1 enable

  peer 2000::1 route-policy color import

  peer 2000::1 prefix-sid

 #

 ipv4-family vpn-instance A

  segment-routing ipv6 locator NE3

  segment-routing ipv6 traffic-engineer best-effort

  peer 1.1.34.4 as-number 4

由于以上有隧道所以需要做流量引流

[NE2]tunnel-policy p1

[NE2-tunnel-policy-p1]tunnel select-seq ipv6 srv6-te-policy load-balance-number 1

[NE2]ip vpn-instance A

[NE2-vpn-instance-A]tnl-policy p1

<NE2>display bgp vpnv4 all routing-table 4.4.4.4

<NE2>display  srv6-te policy

<NE2>display segment-routing ipv6 local-sid end-dt4 forwarding

这个5D是NE3会学到的，因为是NE1的路由信息转为5D的

标签：L3VPNv4,HCIE,over,bgp,NE2,routing,ipv6,policy,segment
From： https://blog.csdn.net/2403_83112422/article/details/140253951