BGP 网络中的 SRv6 网络编程和第 3 层服务
BGP 中基于 SRv6 的 SRv6 网络编程和第 3 层服务概述
- SRv6 网络编程的优势
- BGP 网络中的 SRv6 网络编程
- 通过 SRv6 核心实现第 3 层 VPN 服务
- 向 BGP 对等方播发第 3 层 VPN 服务
- BGP 中 SRv6 网络编程支持和不支持的功能
SRv6 网络编程的优势
-
灵活部署 — BGP 利用设备的分段路由功能建立第 3 层 VPN 隧道。SRv6 入口节点可以传输 IPv4 数据包,即使中转路由器不支持 SRv6。这样就无需在 IPv6 网络中的所有节点上部署分段路由。
-
无缝部署 — 网络编程完全依赖于 IPv6 标头和报头扩展来传输数据包,无需 MPLS 等协议。这确保了无缝部署,无需在核心 IPv6 网络中进行任何重大硬件或软件升级。
-
单设备通用性 — Junos OS 在单个分段标识符 (SID) 上支持多种功能,并且可以在插入模式和封装模式下互作。这使得单个设备可以同时扮演提供商 (P) 路由器和提供商边缘 (PE) 路由器的角色。
BGP 网络中的 SRv6 网络编程
网络编程是指网络将网络程序编码为插入 IPv6 数据包标头的各个指令的能力。分段路由报头 (SRH) 是一种 IPv6 路由扩展报头,其中包含编码为 SRv6 SID 的分段列表。SRv6 SID 由定位器(即 IPv6 地址)和为SRv6 网络中支持 SRv6 的每个节点定义特定任务的函数组成。SRv6 网络编程消除了对 MPLS 的需求,并且提供了利用分段路由的灵活性。
注意:
确保使用唯一的 SID,BGP 使用该 SID 来分配 SRv6 SID。
要通过 SRv6 核心配置 IPv4 传输,请在层次结构级别包含end-dt4-sid sid[edit protocols bgp source-packet-routing srv6 locator name]该语句。
要通过 SRv6 核心配置 IPv6 传输,请在层次结构级别包含[edit routing protocols bgp source-packet-routing srv6 locator name]该end-dt6-sid sid语句。
要通过 SRv6 核心配置 IPv4 和 IPv6 传输,请在层次结构级别包含end-dt46-sid sid[edit routing protocols bgp source-packet-routing srv6 locator name]该语句。end-dt4-sid 语句表示具有解封装和 IPv4 表查找功能的端点 SID。end dt6-sid 语句是具有解封装和 IPv6 表查找功能的端点。end-dt46-sid 语句是具有解封装和特定 IP 表查找功能的端点。end-dt46 是 end.dt4 和 end.dt6 行为的变体。BGP 为 IPv4 和 IPv6 第 3 层 VPN 服务 SID 分配这些值。
通过 SRv6 核心实现第 3 层 VPN 服务
连接到出口 PE 时,入口 PE 会将有效负载封装在外部 IPv6 报头中,其中目标地址是与相关 BGP 路由更新关联的 SRv6 服务 SID。出口 PE 会将下一跃点设置为其 IPv6 地址之一,该地址也是分配 SRv6 服务 SID 的 SRv6 定位器。多个路由可以通过同一分段路由策略解析。
图 1:SRv6 数据包封装
您可以通过 SRv6 核心配置基于 BGP 的第 3 层服务。您可以启用第 3 层叠加服务,将 BGP 用作控制平面,将 SRv6 用作数据平面。SRv6 网络编程提供了利用分段路由的灵活性,无需部署 MPLS。此类网络仅依靠 IPv6 报头和报头扩展名来传输数据。
注意:
确保 和 end-dt4-sid sid 是 end-dt6-sid sid 分段列表中的最后一个 SID,或者是没有 SRH 标头的数据包的目标地址。
要通过 SRv6 核心配置 IPv4 VPN 服务,请在层次结构级别包含end-dt4-sid[edit routing-instances instance-name protocols bgp source-packet-routing srv6 locator name]该语句。
终端 dt46 SID 必须是分段路由策略中的最后一个分段,并且 SID 实例必须与 IPv4 FIB 表和 IPv6 FIB 表相关联。
向 BGP 对等方播发第 3 层 VPN 服务
BGP 将特定服务的前缀从出口 PE 设备通告至入口 PE 节点的可达性。PE 设备之间交换的 BGP 消息携带 SRv6 服务 SID,BGP 使用该 SID 将 PE 设备互连以形成 VPN 会话。对于 BGP 使用按 VRF SID 分配的第 3 层 VPN 服务,同一 SID 将在多个网络层可达性信息 (NLRI) 地址族之间共享。
要将 SRv6 服务播发至出口节点上的 BGP 对等方,请在层次结构级别包含[edit protocols bgp family inet6-vpn unicast]该advertise-srv6-service语句。
支持基于 SRv6 的第 3 层服务的出口 PE 设备会播发叠加服务前缀以及服务 SID。BGP 入口节点接收这些播发,并将前缀添加到相应的虚拟路由和转发 (VRF) 表中。
要在入口节点上接受 SRv6 服务,请在层次结构级别包含accept-srv6-service[edit protocols bgp family inet6-vpn unicast]该语句。
BGP 中 SRv6 网络编程支持和不支持的功能
Junos OS 通过 BGP 中的 SRv6 网络编程支持以下功能:
-
在简化模式下,入口设备支持 7 个 SID,包括 VPN SID
-
出口设备支持七个 SID,包括 VPN SID
-
具有解封装和特定 IP 表查找功能的端点(End.DT46 SID)
-
VPN 选项 C
Junos OS 不支持以下功能与 BGP 中的 SRv6 网络编程结合使用:
-
SRv6 隧道中的分段和重装
-
VPN 选项 B
也可以看看
示例:在 BGP 网络中通过 SRv6 配置第 3 层服务
此示例说明如何在 BGP 网络中配置 SRv6 网络编程和第 3 层 VPN 服务。SRv6 网络编程提供了利用分段路由的灵活性,无需部署 MPLS。此功能对于网络以 IPv6 为主且尚未部署 MPLS 的服务提供商很有用。
要求
此示例使用以下硬件和软件组件:
五台配备 MPC7E、MPC8E 或 MPC9E 线卡的 MX 系列路由器
Junos OS 20.4R1 或更高版本
概述
您可以通过 SRv6 核心网络配置基于 BGP 的第 3 层服务。使用 SRv6 网络编程时,网络仅依靠 IPv6 报头和报头扩展名来传输数据。您可以启用第 3 层叠加服务,将 BGP 用作控制平面,将 SRv6 用作数据平面。
拓扑结构
在 图 2 中,路由器 R0 是入口路由器,路由器 R1 和 R2 是支持仅支持 IPv4 的客户边缘设备的出口路由器。路由器 R3 和 R4 构成一个仅支持 IPv6 的提供商核心网络。所有路由器都属于同一个自治系统。IS-IS 是一种内部网关协议,配置为支持 IPv6 核心路由器 R3 和 R4 中的 SRv6。在此示例中,路由器 R0、R1 和 R2 上配置了 BGP。路由器 R0 被配置为 IPv6 路由反射器,具有与路由器 R1 和路由器 R2 的 IBGP 对等会话。出口路由器 R1 将 L3VPN SID 播发至入口路由器 R0,后者接受并更新 VRF 表。
图 2:BGP 网络中通过 SRv6 实现的第 3 层服务
从 R1 开始,BGP 路由通过下一跃点自播发至路由器 R0。路由器 R0 有两条到 R1 的路径,通过 R3 的主路径和通过 R4 的备用路径。在路由器 R0 中,主路径使用默认度量,备份路径配置为度量 50。以下是从路由器 R1 到 R0 播发的一些路由:
| IPv4 | 21.0.0.0 |
| IPv6 | 2001:21:: |
| IPv4 VPN | 31.0.0.0 |
| IPv6 VPN | 2001:31:: |
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,将命令复制并粘贴到层次结构级别的 [edit] CLI 中,然后从配置模式进入 commit。
路由器 R0
set chassis network-services enhanced-ip set interfaces xe-0/0/0:0 unit 0 family inet address 1.4.1.1/30 set interfaces xe-0/0/0:0 unit 0 family iso set interfaces xe-0/0/0:0 unit 0 family inet6 address 2001:db8::4:1/64 set interfaces xe-0/0/0:2 unit 0 family inet address 1.6.1.1/30 set interfaces xe-0/0/0:2 unit 0 family iso set interfaces xe-0/0/0:2 unit 0 family inet6 address 2001:db8::6:1/64 set interfaces lo0 unit 0 family inet6 address 2001:db8:1:255::0/128 set policy-options policy-statement adv_global term v4 from route-filter 20.0.0.0/8 orlonger set policy-options policy-statement adv_global term v4 then next-hop self set policy-options policy-statement adv_global term v4 then accept set policy-options policy-statement adv_global term v6 from route-filter 2001:20::/64 orlonger set policy-options policy-statement adv_global term v6 then next-hop self set policy-options policy-statement adv_global term v6 then accept set policy-options policy-statement pplb then load-balance per-packet set policy-options community vpn1-target members target:100:1 set policy-options community vpn2-target members target:100:2 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 local-address 11.1.1.5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 peer-as 1002 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 neighbor 11.1.1.6 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 local-address 2001:11:1:1::5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 peer-as 1002 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 neighbor 2001:11:1:1::6 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3001::4 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3001::5 set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface xe-0/0/0:3.1 set routing-instances vpn1 route-distinguisher 100:1 set routing-instances vpn1 vrf-target target:100:1 set routing-options source-packet-routing srv6 locator loc1 3001::/64 set routing-options source-packet-routing srv6 no-reduced-srh set routing-options router-id 128.53.38.52 set routing-options autonomous-system 100 set routing-options forwarding-table export pplb set protocols bgp group to-PE-all type internal set protocols bgp group to-PE-all local-address abcd::128:53:38:52 set protocols bgp group to-PE-all family inet unicast extended-nexthop set protocols bgp group to-PE-all family inet unicast advertise-srv6-service set protocols bgp group to-PE-all family inet unicast accept-srv6-service set protocols bgp group to-PE-all family inet-vpn unicast extended-nexthop set protocols bgp group to-PE-all family inet-vpn unicast advertise-srv6-service set protocols bgp group to-PE-all family inet-vpn unicast accept-srv6-service set protocols bgp group to-PE-all family inet6 unicast advertise-srv6-service set protocols bgp group to-PE-all family inet6 unicast accept-srv6-service set protocols bgp group to-PE-all family inet6-vpn unicast advertise-srv6-service set protocols bgp group to-PE-all family inet6-vpn unicast accept-srv6-service set protocols bgp group to-PE-all export adv_global set protocols bgp group to-PE-all cluster 128.53.38.52 set protocols bgp group to-PE-all neighbor abcd::128:53:35:39 set protocols bgp group to-PE-all neighbor abcd::128:53:35:35 set protocols bgp group to-TG-global-v4 type external set protocols bgp group to-TG-global-v4 local-address 11.1.1.1 set protocols bgp group to-TG-global-v4 family inet unicast set protocols bgp group to-TG-global-v4 family inet6 unicast set protocols bgp group to-TG-global-v4 peer-as 1001 set protocols bgp group to-TG-global-v4 neighbor 11.1.1.2 set protocols bgp group to-TG-global-v6 type external set protocols bgp group to-TG-global-v6 local-address 2001:11:1:1::1 set protocols bgp group to-TG-global-v6 family inet6 unicast set protocols bgp group to-TG-global-v6 peer-as 1001 set protocols bgp group to-TG-global-v6 neighbor 2001:11:1:1::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3001::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3001::3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols isis level 1 disable
路由器 R1
set chassis network-services enhanced-ip set interfaces xe-0/0/0:2 unit 0 family inet address 2.5.1.1/30 set interfaces xe-0/0/0:2 unit 0 family iso set interfaces xe-0/0/0:2 unit 0 family inet6 address 2001:db8::52:0:1/64 set interfaces xe-0/0/0:3 unit 0 family inet address 2.6.1.1/30 set interfaces xe-0/0/0:3 unit 0 family iso set interfaces xe-0/0/0:3 unit 0 family inet6 address 2001:db8::26:1/64 set policy-options policy-statement adv_global term v4 from route-filter 21.0.0.0/8 orlonger set policy-options policy-statement adv_global term v4 from route-filter 12.1.1.1/30 orlonger set policy-options policy-statement adv_global term v4 then next-hop self set policy-options policy-statement adv_global term v4 then accept set policy-options policy-statement adv_global term v6 from route-filter 2001:21::/64 orlonger set policy-options policy-statement adv_global term v6 from route-filter 2001:12:1:1::1/126 orlonger set policy-options policy-statement adv_global term v6 then next-hop self set policy-options policy-statement adv_global term v6 then accept set policy-options policy-statement adv_vpn1 term v4 from route-filter 31.0.0.0/8 orlonger set policy-options policy-statement adv_vpn1 term v4 from route-filter 12.1.1.5/30 orlonger set policy-options policy-statement adv_vpn1 term v4 then community set vpn1-target set policy-options policy-statement adv_vpn1 term v4 then next-hop self set policy-options policy-statement adv_vpn1 term v4 then accept set policy-options policy-statement adv_vpn1 term v6 from route-filter 2001:31::/64 orlonger set policy-options policy-statement adv_vpn1 term v6 from route-filter 2001:12:1:1::5/126 orlonger set policy-options policy-statement adv_vpn1 term v6 then community set vpn1-target set policy-options policy-statement adv_vpn1 term v6 then next-hop self set policy-options policy-statement adv_vpn1 term v6 then accept set policy-options policy-statement pplb then load-balance per-packet set policy-options community vpn1-target members target:100:1 set policy-options community vpn2-target members target:100:2 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 local-address 12.1.1.5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 peer-as 1012 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 neighbor 12.1.1.6 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 local-address 2001:12:1:1::5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 peer-as 1012 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 neighbor 2001:12:1:1::6 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3011::4 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3011::5 set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface xe-0/0/1:0.1 set routing-instances vpn1 route-distinguisher 100:1 set routing-instances vpn1 vrf-export adv_vpn1 set routing-instances vpn1 vrf-target target:100:1 set routing-options source-packet-routing srv6 locator loc1 3011::/64 set routing-options source-packet-routing srv6 no-reduced-srh set routing-options rib inet6.3 static route abcd::128:53:38:52/128 next-hop self set routing-options rib inet6.3 static route abcd::128:53:38:52/128 resolve set routing-options rib inet6.0 static route abcd::128:53:38:52/128 next-hop self set routing-options rib inet6.0 static route abcd::128:53:38:52/128 resolve set routing-options autonomous-system 100 set routing-options forwarding-table export pplb set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address abcd::128:53:35:39 set protocols bgp group to-RR family inet unicast extended-nexthop set protocols bgp group to-RR family inet unicast advertise-srv6-service set protocols bgp group to-RR family inet unicast accept-srv6-service set protocols bgp group to-RR family inet-vpn unicast extended-nexthop set protocols bgp group to-RR family inet-vpn unicast advertise-srv6-service set protocols bgp group to-RR family inet-vpn unicast accept-srv6-service set protocols bgp group to-RR family inet6 unicast advertise-srv6-service set protocols bgp group to-RR family inet6 unicast accept-srv6-service set protocols bgp group to-RR family inet6-vpn unicast advertise-srv6-service set protocols bgp group to-RR family inet6-vpn unicast accept-srv6-service set protocols bgp group to-RR export adv_global set protocols bgp group to-RR neighbor abcd::128:53:38:52 set protocols bgp group to-TG-global-v4 type external set protocols bgp group to-TG-global-v4 local-address 12.1.1.1 set protocols bgp group to-TG-global-v4 family inet unicast set protocols bgp group to-TG-global-v4 family inet6 unicast set protocols bgp group to-TG-global-v4 peer-as 1011 set protocols bgp group to-TG-global-v4 neighbor 12.1.1.2 set protocols bgp group to-TG-global-v6 type external set protocols bgp group to-TG-global-v6 local-address 2001:12:1:1::1 set protocols bgp group to-TG-global-v6 family inet6 unicast set protocols bgp group to-TG-global-v6 peer-as 1011 set protocols bgp group to-TG-global-v6 neighbor 2001:12:1:1::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3011::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3011::3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols isis level 1 disable
路由器 R2
set chassis network-services enhanced-ip set interfaces ge-0/0/0 unit 0 family inet address 3.5.1.1/30 set interfaces ge-0/0/0 unit 0 family iso set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8::3:5:1/64 set interfaces ge-0/0/1 unit 0 family inet address 3.6.1.1/30 set interfaces ge-0/0/1 unit 0 family iso set interfaces ge-0/0/1 unit 0 family inet6 address 2001:db8::3:6:1/64 set interfaces lo0 unit 0 family inet6 address 2001:db8:1:255::2/128 set policy-options policy-statement adv_global term v4 from route-filter 22.0.0.0/8 orlonger set policy-options policy-statement adv_global term v4 from route-filter 13.1.1.1/30 orlonger set policy-options policy-statement adv_global term v4 then next-hop self set policy-options policy-statement adv_global term v4 then accept set policy-options policy-statement adv_global term v6 from route-filter 2001:22::/64 orlonger set policy-options policy-statement adv_global term v6 from route-filter 2001:13:1:1::1/126 orlonger set policy-options policy-statement adv_global term v6 then next-hop self set policy-options policy-statement adv_global term v6 then accept set policy-options policy-statement adv_vpn1 term v4 from route-filter 32.0.0.0/8 orlonger set policy-options policy-statement adv_vpn1 term v4 from route-filter 13.1.1.5/30 orlonger set policy-options policy-statement adv_vpn1 term v4 then community set vpn1-target set policy-options policy-statement adv_vpn1 term v4 then next-hop self set policy-options policy-statement adv_vpn1 term v4 then accept set policy-options policy-statement adv_vpn1 term v6 from route-filter 2001:32::/64 orlonger set policy-options policy-statement adv_vpn1 term v6 from route-filter 2001:13:1:1::5/126 orlonger set policy-options policy-statement adv_vpn1 term v6 then community set vpn1-target set policy-options policy-statement adv_vpn1 term v6 then next-hop self set policy-options policy-statement adv_vpn1 term v6 then accept set policy-options policy-statement pplb then load-balance per-packet set policy-options community vpn1-target members target:100:1 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 local-address 13.1.1.5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 peer-as 1022 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 neighbor 13.1.1.6 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 type external set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 local-address 2001:13:1:1::5 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 family inet6 unicast set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 peer-as 1022 set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 neighbor 2001:13:1:1::6 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3021::4 set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3021::5 set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface ge-0/0/2.1 set routing-instances vpn1 route-distinguisher 100:1 set routing-instances vpn1 vrf-export adv_vpn1 set routing-instances vpn1 vrf-target target:100:1 set routing-options source-packet-routing srv6 locator loc1 3021::/64 set routing-options source-packet-routing srv6 no-reduced-srh set routing-options rib inet6.3 static route abcd::128:53:38:52/128 next-hop self set routing-options rib inet6.3 static route abcd::128:53:38:52/128 resolve set routing-options rib inet6.0 static route abcd::128:53:38:52/128 next-hop self set routing-options rib inet6.0 static route abcd::128:53:38:52/128 resolve set routing-options autonomous-system 100 set routing-options forwarding-table export pplb set protocols bgp group to-RR type internal set protocols bgp group to-RR local-address abcd::128:53:35:35 set protocols bgp group to-RR family inet unicast extended-nexthop set protocols bgp group to-RR family inet unicast advertise-srv6-service set protocols bgp group to-RR family inet unicast accept-srv6-service set protocols bgp group to-RR family inet-vpn unicast extended-nexthop set protocols bgp group to-RR family inet-vpn unicast advertise-srv6-service set protocols bgp group to-RR family inet-vpn unicast accept-srv6-service set protocols bgp group to-RR family inet6 unicast advertise-srv6-service set protocols bgp group to-RR family inet6 unicast accept-srv6-service set protocols bgp group to-RR family inet6-vpn unicast advertise-srv6-service set protocols bgp group to-RR family inet6-vpn unicast accept-srv6-service set protocols bgp group to-RR export adv_global set protocols bgp group to-RR neighbor abcd::128:53:38:52 set protocols bgp group to-TG-global-v4 type external set protocols bgp group to-TG-global-v4 local-address 13.1.1.1 set protocols bgp group to-TG-global-v4 family inet unicast set protocols bgp group to-TG-global-v4 family inet6 unicast set protocols bgp group to-TG-global-v4 peer-as 1021 set protocols bgp group to-TG-global-v4 neighbor 13.1.1.2 set protocols bgp group to-TG-global-v6 type external set protocols bgp group to-TG-global-v6 local-address 2001:13:1:1::1 set protocols bgp group to-TG-global-v6 family inet6 unicast set protocols bgp group to-TG-global-v6 peer-as 1021 set protocols bgp group to-TG-global-v6 neighbor 2001:13:1:1::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3021::2 set protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3021::3 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols isis level 1 disable
路由器 R3
set chassis network-services enhanced-ip set interfaces xe-0/0/0:0 unit 0 family inet address 1.4.1.2/30 set interfaces xe-0/0/0:0 unit 0 family iso set interfaces xe-0/0/0:0 unit 0 family inet6 address 2001:db8::4:2/64 set interfaces xe-0/0/1:0 unit 0 family inet address 2.5.1.2/30 set interfaces xe-0/0/1:0 unit 0 family iso set interfaces xe-0/0/1:0 unit 0 family inet6 address 2001:db8::52:0:2/64 set interfaces xe-0/0/1:1 unit 0 family inet address 3.5.1.2/30 set interfaces xe-0/0/1:1 unit 0 family iso set interfaces xe-0/0/1:1 unit 0 family inet6 address 2001:db8::3:5:2/64 set interfaces xe-0/0/1:2 unit 0 family inet address 4.6.1.1/30 set interfaces xe-0/0/1:2 unit 0 family iso set interfaces xe-0/0/1:2 unit 0 family inet6 address 2001:db8::4:6:1/64 set interfaces lo0 unit 0 family inet6 address 2001:db8:1:255::3/128 set routing-options autonomous-system 100 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols isis level 1 disable
路由器 R4
set chassis network-services enhanced-ip set interfaces xe-0/0/0:0 unit 0 family inet address 1.6.1.2/30 set interfaces xe-0/0/0:0 unit 0 family iso set interfaces xe-0/0/0:0 unit 0 family inet6 address 2001:db8::6:2/64 set interfaces xe-0/0/0:1 unit 0 family inet address 2.6.1.2/30 set interfaces xe-0/0/0:1 unit 0 family iso set interfaces xe-0/0/0:1 unit 0 family inet6 address 2001:db8::26:2/64 set interfaces xe-0/0/0:2 unit 0 family inet address 3.6.1.2/30 set interfaces xe-0/0/0:2 unit 0 family iso set interfaces xe-0/0/0:2 unit 0 family inet6 address 2001:db8::3:6:2/64 set interfaces xe-0/0/0:3 unit 0 family inet address 4.6.1.2/30 set interfaces xe-0/0/0:3 unit 0 family iso set interfaces xe-0/0/0:3 unit 0 family inet6 address 2001:db8::4:6:2/64 set interfaces lo0 unit 0 family inet6 address 2001:db8:1:255::4/128 set routing-options autonomous-system 100 set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols isis level 1 disable
配置路由器 R0
分步程序
要使用第 3 层 VPN 服务配置 SRv6 网络编程,请在路由器 R0 上执行以下步骤:
配置设备接口以启用 IP 传输。
[edit] user@R0# set interfaces xe-0/0/0:0 unit 0 family inet address 1.4.1.1/30 user@R0# set interfaces xe-0/0/0:0 unit 0 family iso user@R0# set interfaces xe-0/0/0:0 unit 0 family inet6 address 2001:db8::4:1/64 user@R0# set interfaces xe-0/0/0:2 unit 0 family inet address 1.6.1.1/30 user@R0# set interfaces xe-0/0/0:2 unit 0 family iso user@R0# set interfaces xe-0/0/0:2 unit 0 family inet6 address 2001:db8::6:1/64
配置路由器 ID 和自治系统 (AS) 编号,以便在属于同一 AS 的一组路由设备内传播路由信息 AS。
[edit] user@R0# set routing-options router-id 128.53.38.52 user@R0# set routing-options autonomous-system 100
全局启用 SRv6 和定位器地址以指示路由器的 SRv6 功能。SRv6 SID 是一个 IPv6 地址,由定位器和函数组成。路由协议播发定位器地址。
[edit] user@R0# set routing-options source-packet-routing srv6 locator loc1 3001::/64 user@R0# set routing-options source-packet-routing srv6 no-reduced-srh
为 IPv4 和 IPv6 流量配置外部路由实例 VPN1。为 VPN1 配置 BGP 协议,以便在提供商边缘设备之间启用对等互连和流量传输。
[edit] user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 type external user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 local-address 11.1.1.5 user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet unicast user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 family inet6 unicast user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 peer-as 1002 user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v4 neighbor 11.1.1.6 user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 type external user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 local-address 2001:11:1:1::5 user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 family inet6 unicast user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 peer-as 1002 user@R0# set routing-instances vpn1 protocols bgp group to-TG-vpn1-v6 neighbor 2001:11:1:1::6
为参与路由实例的每个 PE 路由器配置 VPN 类型和唯一路由识别符。
[edit] user@R0# set routing-instances vpn1 instance-type vrf user@R0# set routing-instances vpn1 interface xe-0/0/0:3.1 user@R0# set routing-instances vpn1 route-distinguisher 100:1 user@R0# set routing-instances vpn1 vrf-target target:100:1
配置 end-dt4 和 end-dt6 SID 值以启用第 3 层 VPN 服务。
[edit] user@R0# set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3001::4 user@R0# set routing-instances vpn1 protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3001::5
定义策略以对数据包进行负载均衡。
[edit] user@R0# set policy-options policy-statement pplb then load-balance per-packet user@R0# set policy-options community vpn1-target members target:100:1 user@R0# set policy-options community vpn2-target members target:100:2
应用按数据包的策略以启用流量的负载平衡。
[edit] user@R0# set routing-options forwarding-table export pplb
定义一个策略adv_global以接受从 R1 播发的路由。
[edit] user@R0# set policy-options policy-statement adv_global term v4 from route-filter 20.0.0.0/8 orlonger user@R0# set policy-options policy-statement adv_global term v4 then next-hop self user@R0# set policy-options policy-statement adv_global term v4 then accept user@R0# set policy-options policy-statement adv_global term v6 from route-filter 2001:20::/64 orlonger user@R0# set policy-options policy-statement adv_global term v6 then next-hop self user@R0# set policy-options policy-statement adv_global term v6 then accept
在面向核心的接口上配置 BGP,以建立内部和外部对等会话。
[edit] user@R0# set protocols bgp group to-PE-all type internal user@R0# set protocols bgp group to-PE-all local-address abcd::128:53:38:52 user@R0# set protocols bgp group to-PE-all family inet unicast extended-nexthop user@R0# set protocols bgp group to-PE-all family inet unicast advertise-srv6-service user@R0# set protocols bgp group to-PE-all family inet unicast accept-srv6-service user@R0# set protocols bgp group to-PE-all family inet-vpn unicast extended-nexthop user@R0# set protocols bgp group to-PE-all export adv_global user@R0# set protocols bgp group to-PE-all cluster 128.53.38.52 user@R0# set protocols bgp group to-PE-all neighbor abcd::128:53:35:39 user@R0# set protocols bgp group to-PE-all neighbor abcd::128:53:35:35 user@R0# set protocols bgp group to-TG-global-v4 type external user@R0# set protocols bgp group to-TG-global-v4 local-address 11.1.1.1 user@R0# set protocols bgp group to-TG-global-v4 family inet unicast user@R0# set protocols bgp group to-TG-global-v4 family inet6 unicast user@R0# set protocols bgp group to-TG-global-v4 user@R0# set protocols bgp group to-TG-global-v4 neighbor 11.1.1.2 user@R0# set protocols bgp group to-TG-global-v6 type external user@R0# set protocols bgp group to-TG-global-v6 local-address 2001:11:1:1::1 user@R0# set protocols bgp group to-TG-global-v6 family inet6 unicast user@R0# set protocols bgp group to-TG-global-v6 peer-as 1001 user@R0# set protocols bgp group to-TG-global-v6 neighbor 2001:11:1:1::2
使设备能够将 SRv6 服务播发至 BGP 对等方,并接受出口提供商边缘 (PE) 设备播发的路由。
[edit] user@R0# set protocols bgp group to-PE-all family inet-vpn unicast advertise-srv6-service user@R0# set protocols bgp group to-PE-all family inet-vpn unicast accept-srv6-service user@R0# set protocols bgp group to-PE-all family inet6 unicast advertise-srv6-service user@R0# set protocols bgp group to-PE-all family inet6 unicast accept-srv6-service user@R0# set protocols bgp group to-PE-all family inet6-vpn unicast advertise-srv6-service user@R0# set protocols bgp group to-PE-all family inet6-vpn unicast accept-srv6-service
启用 IS-IS 作为内部网关协议 (IGP),用于在核心提供商路由器之间路由流量。
[edit] user@R0# set protocols isis interface all user@R0# set protocols isis interface fxp0.0 disable user@R0# user@R0# set protocols isis level 1 disable
为前缀分段配置 end-dt4 和 end-dt6 SID 值。end-dt4 是具有解封装和 IPv4 表查找的端点 SID,end-dt6 是具有解封装和 IPv6 表查找的端点。BGP 为 IPv4 和 IPv6 第 3 层 VPN 服务 SID 分配这些 SID。
[edit] user@R0# set protocols bgp source-packet-routing srv6 locator loc1 end-dt4-sid 3001::2 user@R0# set protocols bgp source-packet-routing srv6 locator loc1 end-dt6-sid 3001::3
结果
在配置模式下,输入 show interfaces、 show protocols、 show policy-options和 show routing-options 命令以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明以更正配置。
[edit]
user@R0# show interfaces
xe-0/0/0:0 {
unit 0 {
family inet {
address 1.4.1.1/30;
}
family iso;
family inet6 {
address 2001:db8::4:1/64;
}
}
}
xe-0/0/0:1 {
unit 0 {
family inet {
address 1.5.1.1/30;
}
family iso;
family inet6 {
address 2001:1:4:2::1/126;
}
}
}
xe-0/0/0:2 {
unit 0 {
family inet {
address 1.6.1.1/30;
}
family iso;
family inet6 {
address 2001:db8::6:1/64;
}
}
}
[edit]
user@R0# show protocols
bgp {
group to-PE-all {
type internal;
local-address abcd::128:53:38:52;
family inet {
unicast {
extended-nexthop;
advertise-srv6-service;
accept-srv6-service;
}
}
family inet-vpn {
unicast {
extended-nexthop;
advertise-srv6-service;
accept-srv6-service;
}
}
family inet6 {
unicast {
advertise-srv6-service;
accept-srv6-service;
}
}
family inet6-vpn {
unicast {
advertise-srv6-service;
accept-srv6-service;
}
}
export adv_global;
cluster 128.53.38.52;
neighbor abcd::128:53:35:39;
neighbor abcd::128:53:35:35;
}
group to-TG-global-v4 {
type external;
local-address 11.1.1.1;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 1001;
neighbor 11.1.1.2;
}
group to-TG-global-v6 {
type external;
local-address 2001:11:1:1::1;
family inet6 {
unicast;
}
peer-as 1001;
neighbor 2001:11:1:1::2;
}
source-packet-routing {
srv6 {
locator loc1 {
end-dt4-sid 3001::2;
end-dt6-sid 3001::3;
}
}
}
}
isis {
interface all;
interface fxp0.0 {
disable;
}
level 1 disable;
}
[edit]
user@R0# show policy-options
policy-options {
policy-statement adv_global {
term v4 {
from {
route-filter 20.0.0.0/8 orlonger;
}
then {
next-hop self;
accept;
}
}
term v6 {
from {
route-filter 2001:20::/64 orlonger;
}
then {
next-hop self;
accept;
}
}
}
policy-statement pplb {
then {
load-balance per-packet;
}
}
community vpn1-target members target:100:1;
community vpn2-target members target:100:2;
}
[edit]
user@R0# show routing-options
routing-options {
source-packet-routing {
srv6 {
locator loc1 3001::/64;
no-reduced-srh;
}
}
router-id 128.53.38.52;
autonomous-system 100;
forwarding-table {
export pplb;
}
}
[edit]
user@R0# show routing-instances
routing-instances {
vpn1 {
protocols {
bgp {
group to-TG-vpn1-v4 {
type external;
local-address 11.1.1.5;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 1002;
neighbor 11.1.1.6;
}
group to-TG-vpn1-v6 {
type external;
local-address 2001:11:1:1::5;
family inet6 {
unicast;
}
peer-as 1002;
neighbor 2001:11:1:1::6;
}
source-packet-routing {
srv6 {
locator loc1 {
end-dt4-sid 3001::4;
end-dt6-sid 3001::5;
}
}
}
}
}
instance-type vrf;
interface xe-0/0/0:3.1;
route-distinguisher 100:1;
vrf-target target:100:1;
}
}
完成设备配置后,从配置模式进入 commit 。
验证
确认配置工作正常。
- 验证播发的 IPv4 路由是否已安装在 IPv4 表中
- 验证 IPv4 表中是否安装了 SRv6 SID
- 验证 VPN 表中是否安装了 IPv6 VPN 路由
- 验证 VPN 表中是否安装了 IPv4 VPN 路由
验证播发的 IPv4 路由是否已安装在 IPv4 表中
目的
验证入口路由器 R0 是否已从出口路由器 R1 获知到 IPv4 前缀 21.0.0.0 的路由。
行动
在作模式下,对路由器 R0 运行 show route 21.0.0.0 命令。
user@R0> show route 21.0.0.0
inet.0: 59 destinations, 59 routes (59 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
21.0.0.0/30 *[BGP/170] 09:15:25, localpref 100, from abcd::128:53:37:72
AS path: {65501} I, validation-state: unverified
> to fe80::2e6b:f5ff:fe28:2bcb via ae0.0, SRV6-Tunnel, Dest: 3011::
to fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0, SRV6-Tunnel, Dest: 3011::
to fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0, SRV6-Tunnel, Dest: 3011::
意义
输出确认 inet.0 表中安装了 IPv4 前缀 21.0.0.0。
验证 IPv4 表中是否安装了 SRv6 SID
目的
验证入口路由器 R0 是否已接收并接受来自出口路由器 R1 的 SRv6 end-dt4 SID 3011::2。
行动
在作模式下,对路由器 R0 运行 show route 21.0.0.0 extensive 命令。
user@> show route 21.0.0.0 extensive
inet.0: 59 destinations, 59 routes (59 active, 0 holddown, 0 hidden)
21.0.0.0/30 (1 entry, 1 announced)
TSI:
KRT in-kernel 21.0.0.0/30 -> {composite(716)}
*BGP Preference: 170/-101
Next hop type: Indirect, Next hop index: 0
Address: 0xc5aa39c
Next-hop reference count: 20
Source: abcd::128:53:37:72
Next hop type: List, Next hop index: 1048574
Next hop: ELNH Address 0xc5a9e88, selected
Next hop type: Chain, Next hop index: 725
Address: 0xc5a9e88
Next-hop reference count: 1
Next hop: ELNH Address 0xc5a9aa0
SRV6-Tunnel: Reduced-SRH Encap-mode
Src: abcd::128:53:35:39 Dest: 3011::
Segment-list[0] 3011::
Next hop type: Router, Next hop index: 700
Address: 0xc5a9aa0
Next-hop reference count: 4
Next hop: fe80::2e6b:f5ff:fe28:2bcb via ae0.0
Next hop: ELNH Address 0xc5a9eec
Next hop type: Chain, Next hop index: 726
Address: 0xc5a9eec
Next-hop reference count: 1
Next hop: ELNH Address 0xc5a9c30
SRV6-Tunnel: Reduced-SRH Encap-mode
Src: abcd::128:53:35:39 Dest: 3011::
Segment-list[0] 3011::
Next hop type: Router, Next hop index: 702
Address: 0xc5a9c30
Next-hop reference count: 4
Next hop: fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0
Next hop: ELNH Address 0xc5aa0e0
Next hop type: Chain, Next hop index: 727
Address: 0xc5aa0e0
Next-hop reference count: 1
Next hop: ELNH Address 0xc5a9780
SRV6-Tunnel: Reduced-SRH Encap-mode
Src: abcd::128:53:35:39 Dest: 3011::
Segment-list[0] 3011::
Next hop type: Router, Next hop index: 647
Address: 0xc5a9780
Next-hop reference count: 20
Next hop: fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0
Protocol next hop: abcd::128:53:37:72
Composite next hop: 0xbd4e7d0 716 INH Session ID: 0x151
Indirect next hop: 0xc762204 1048582 INH Session ID: 0x151
State: <Active int Ext>
Local AS: 100 Peer AS: 100
Age: 9:13:44 Metric2: 20
Validation State: unverified
ORR Generation-ID: 0
Task: BGP_100.abcd::128:53:37:72
Announcement bits (1): 0-KRT
AS path: {65501}
Accepted
SRv6 SID: 3011::2
Localpref: 100
Router ID: 128.53.37.72
Composite next hops: 1
Protocol next hop: abcd::128:53:37:72 Metric: 20
Composite next hop: 0xbd4e7d0 716 INH Session ID: 0x151
Indirect next hop: 0xc762204 1048582 INH Session ID: 0x151
Indirect path forwarding next hops: 3
Next hop type: List
Next hop: fe80::2e6b:f5ff:fe28:2bcb via ae0.0
Next hop: fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0
Next hop: fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0
abcd::128:53:37:72/128 Originating RIB: inet6.3
Metric: 20 Node path count: 1
Indirect next hops: 1
Protocol next hop: 3011:: Metric: 20
Inode flags: 0x206 path flags: 0x0
Path fnh link: 0xc3bf4c0 path inh link: 0x0
Indirect next hop: 0xc76cd04 - INH Session ID: 0x0
Indirect path forwarding next hops: 3
Next hop type: List
Next hop: fe80::2e6b:f5ff:fe28:2bcb via ae0.0
Next hop: fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0
Next hop: fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0
3011:: Originating RIB: inet6.3
Metric: 20 Node path count: 1
Forwarding nexthops: 3
Next hop type: List
Next hop: fe80::2e6b:f5ff:fe28:2bcb via ae0.0
Next hop: fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0
Next hop: fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0
意义
输出显示 SRv6 SID,并确认在路由器 R0 和 R1 之间建立了 SRv6 隧道。
验证 VPN 表中是否安装了 IPv6 VPN 路由
目的
验证入口路由器 R0 是否已从出口路由器 R1 获知到 VPN IPv6 前缀 2001::30::/126 的路由。
行动
在作模式下,对路由器 R0 运行 show route 2001:31:: 命令。
user@R0> show route 2001:31::
vpn1.inet6.0: 36 destinations, 36 routes (36 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2001:31::/126 *[BGP/170] 09:15:40, localpref 100, from abcd::128:53:37:72
AS path: {65502} I, validation-state: unverified
> to fe80::2e6b:f5ff:fe28:2bcb via ae0.0, SRV6-Tunnel, Dest: 3011::
to fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0, SRV6-Tunnel, Dest: 3011::
to fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0, SRV6-Tunnel, Dest: 3011::
意义
输出确认前缀 2001:31::/126 的路由详细信息已安装在 vpn.inet6.0 表中。
验证 VPN 表中是否安装了 IPv4 VPN 路由
目的
验证入口路由器 R0 是否已从出口路由器 R1 获知到 VPN IPv4 前缀 31.0.0.0 的路由。
行动
在作模式下,对路由器 R0 运行 show route 31.0.0.0 命令。
user@R0> show route 31.0.0.0
vpn1.inet.0: 34 destinations, 34 routes (34 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
31.0.0.0/30 *[BGP/170] 09:15:29, localpref 100, from abcd::128:53:37:72
AS path: {65502} I, validation-state: unverified
to fe80::2e6b:f5ff:fe28:2bcb via ae0.0, SRV6-Tunnel, Dest: 3011::
to fe80::2e6b:f5ff:fe28:2b04 via xe-0/0/0:2.0, SRV6-Tunnel, Dest: 3011::
> to fe80::2e6b:f5ff:fe73:1e01 via xe-0/0/0:3.0, SRV6-Tunnel, Dest: 3011::
意义
输出确认 vpn.inet.0 表中安装了 IPv4 前缀 31.0.0.0。