当前位置: 首页 > news >正文

企业总部-分支-门点-数据中心使用骨干网SRv6 BE互联互通整体架构配置案例

news 2026/5/12 2:56:27

网络规划设计

打通总部、分支、数据中心两种业务,并且做到业务隔离,骨干网使用srv6 BE进行互联互通,ne2做为RR
locator规划看拓扑图上,已标出,保证所有设备唯一,其它sid全部用动态自动生成

1、使能各接口的IPv6转发能力,配置各接口的IPv6地址。
2、在各接口上使能IS-IS,配置Level级别,指定网络实体。
3、在ne1、ne4、ne3上配置VPN实例。
4、在ne1和AR1之间建立ospf关系,另一边ne3和AR2采用静态联接配置,ne4与ar3用bgp联接
5、在ne2为ne1、ne3、ne4的RR
6、在ne1、ne4、ne3上配置SRv6。配置IS-IS的SRv6能力。
7、最终实现企业总部-分支-数据中心两种业务OA、RD相互隔离,OA业务只可以和OA业务互联互通,RD业务只能和RD业务互通。

更多细节来全球计算机技术群讨论!!!

ne1配置

[ne1]dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:40:36+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00

sysname ne1

set neid 18a8b

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 1.1.1.1

ip vpn-instance OA
ipv4-family
route-distinguisher 11:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity

ip vpn-instance RD
ipv4-family
route-distinguisher 11:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity

segment-routing ipv6
encapsulation source-address 2001:1::1 //用loopback口封装
locator 1 ipv6-prefix 2002:1:: 64 static 32

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0001.00

ipv6 enable topology ipv6
segment-routing ipv6 locator 1

interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:12::1/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1
undo shutdown
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1.11
ip binding vpn-instance OA
ip address 10.0.11.2 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 11
arp broadcast enable

interface Ethernet1/0/1.21
ip binding vpn-instance RD
ip address 10.0.21.2 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 21
arp broadcast enable

interface LoopBack0
ipv6 enable
ipv6 address 2001:1::1/128
isis ipv6 enable 1

interface LoopBack1
ip address 1.1.1.1 255.255.255.255

interface NULL0

bgp 100
router-id 1.1.1.1
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization

ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid

ipv4-family vpn-instance OA
import-route ospf 1
segment-routing ipv6 locator 1 //添加SID属性
segment-routing ipv6 best-effort //使能根据路由携带的SID属性进行隧道迭代的功能

ipv4-family vpn-instance RD
import-route ospf 2
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort

ospf 1 vpn-instance OA
import-route bgp
area 0.0.0.0
network 10.0.11.2 0.0.0.0

ospf 2 vpn-instance RD
import-route bgp
area 0.0.0.0
network 10.0.21.2 0.0.0.0

ne2配置

[ne2]dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:28:01+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00

sysname ne2

set neid 18a89

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 2.2.2.2

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0002.00

ipv6 enable topology ipv6

interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:12::2/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:23::2/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan

interface Ethernet1/0/2
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:24::2/64
isis ipv6 enable 1
undo dcn mode vlan

interface LoopBack0
ipv6 enable
ipv6 address 2001:1::2/128
isis ipv6 enable 1

interface LoopBack1
ip address 2.2.2.2 255.255.255.255

interface NULL0

bgp 100
router-id 2.2.2.2
peer 2001:1::1 as-number 100
peer 2001:1::1 connect-interface LoopBack0
peer 2001:1::3 as-number 100
peer 2001:1::3 connect-interface LoopBack0
peer 2001:1::4 as-number 100
peer 2001:1::4 connect-interface LoopBack0

ipv4-family unicast
undo synchronization

ipv4-family vpnv4
undo policy vpn-target
peer 2001:1::1 enable
peer 2001:1::1 reflect-client
peer 2001:1::1 prefix-sid
peer 2001:1::3 enable
peer 2001:1::3 reflect-client
peer 2001:1::3 prefix-sid
peer 2001:1::4 enable
peer 2001:1::4 reflect-client
peer 2001:1::4 prefix-sid

ne3配置

[ne3]dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:37:21+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00

sysname ne3

set neid 18a8c

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 3.3.3.3

ip vpn-instance OA
ipv4-family
route-distinguisher 3:3
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity

segment-routing ipv6
encapsulation source-address 2001:1::3
locator 1 ipv6-prefix 2002:3:: 64 static 32

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0003.00

ipv6 enable topology ipv6
segment-routing ipv6 locator 1

interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:23::3/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1
undo shutdown
ip binding vpn-instance OA
ip address 10.0.32.3 255.255.255.0
undo dcn
undo dcn mode vlan

interface LoopBack0
ipv6 enable
ipv6 address 2001:1::3/128
isis ipv6 enable 1

interface LoopBack1
ip address 3.3.3.3 255.255.255.255

interface NULL0

bgp 100
router-id 3.3.3.3
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization

ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid

ipv4-family vpn-instance OA
default-route imported
import-route static
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort

ne4配置

[ne4-bgp]dis current-configuration
!Software Version V800R011C00SPC607B607
!Last configuration was updated at 2025-12-21 22:17:47+00:00
!Last configuration was saved at 2025-12-21 21:30:00+00:00

sysname ne4

set neid 18a8a

vsm on-board-mode enable

snmp-agent trap type base-trap

icmp rate-limit disable

router id 4.4.4.4

ip vpn-instance OA
ipv4-family
route-distinguisher 4:4
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity

ip vpn-instance RD
ipv4-family
route-distinguisher 4:5
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity

segment-routing ipv6
encapsulation source-address 2001:1::4
locator 1 ipv6-prefix 2002:4:: 64 static 32

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0004.00

ipv6 enable topology ipv6
segment-routing ipv6 locator 1

interface Ethernet1/0/0
undo shutdown
ipv6 enable
ipv6 address 2001:DB8:24::4/64
isis ipv6 enable 1
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1
undo shutdown
undo dcn
undo dcn mode vlan

interface Ethernet1/0/1.31
ip binding vpn-instance OA
ip address 10.0.31.4 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 31
arp broadcast enable

interface Ethernet1/0/1.41
ip binding vpn-instance RD
ip address 10.0.41.4 255.255.255.0
encapsulation dot1q-termination
dot1q termination vid 41
arp broadcast enable

interface LoopBack0
ipv6 enable
ipv6 address 2001:1::4/128
isis ipv6 enable 1

interface LoopBack1
ip address 4.4.4.4 255.255.255.255

interface NULL0

bgp 100
router-id 4.4.4.4
peer 2001:1::2 as-number 100
peer 2001:1::2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization

ipv4-family vpnv4
policy vpn-target
peer 2001:1::2 enable
peer 2001:1::2 prefix-sid

ipv4-family vpn-instance OA
advertise l2vpn evpn
peer 10.0.31.3 as-number 65100
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort

ipv4-family vpn-instance RD
advertise l2vpn evpn
peer 10.0.41.3 as-number 65100
segment-routing ipv6 locator 1
segment-routing ipv6 best-effort

AR1配置

dis current-configuration
[V200R003C00]

sysname r1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

router id 1.1.1.1

set cpu-usage threshold 80 restore 75

ip vpn-instance OA
ipv4-family
route-distinguisher 1:1

ip vpn-instance RD
ipv4-family
route-distinguisher 1:2

interface GigabitEthernet0/0/0.11
dot1q termination vid 11
ip binding vpn-instance OA
ip address 10.0.11.1 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/0.21
dot1q termination vid 21
ip binding vpn-instance RD
ip address 10.0.21.1 255.255.255.0
arp broadcast enable

interface LoopBack0
ip binding vpn-instance OA
ip address 11.1.1.1 255.255.255.255

interface LoopBack1
ip binding vpn-instance RD
ip address 21.1.1.1 255.255.255.255

ospf 1 vpn-instance OA
vpn-instance-capability simple
area 0.0.0.0
network 10.0.11.1 0.0.0.0
network 11.1.1.1 0.0.0.0

ospf 2 vpn-instance RD
vpn-instance-capability simple //禁止路由环路检测,直接进行路由计算
area 0.0.0.0
network 10.0.21.1 0.0.0.0
network 21.1.1.1 0.0.0.0

AR2配置

dis current-configuration
[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

interface GigabitEthernet0/0/0
ip address 10.0.32.2 255.255.255.0

interface LoopBack0
ip address 51.1.1.1 255.255.255.255

ip route-static 0.0.0.0 0.0.0.0 10.0.32.3

AR3配置

dis current-configuration
[V200R003C00]

sysname r3

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

ip vpn-instance OA
ipv4-family
route-distinguisher 3:1

ip vpn-instance RD
ipv4-family
route-distinguisher 3:2

interface GigabitEthernet0/0/0

interface GigabitEthernet0/0/0.11
dot1q termination vid 31
ip binding vpn-instance OA
ip address 10.0.31.3 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/0.12
dot1q termination vid 41
ip binding vpn-instance RD
ip address 10.0.41.3 255.255.255.0
arp broadcast enable

interface LoopBack0
ip binding vpn-instance OA
ip address 31.1.1.1 255.255.255.255

interface LoopBack1
ip binding vpn-instance RD
ip address 41.1.1.1 255.255.255.255

bgp 65100
router-id 31.3.3.3

ipv4-family unicast
undo synchronization

ipv4-family vpn-instance OA
network 31.1.1.1 255.255.255.255
peer 10.0.31.4 as-number 100

ipv4-family vpn-instance RD
network 41.1.1.1 255.255.255.255
peer 10.0.41.4 as-number 100

结果验证

sid信息查看

路由查看





各业务联通性测试


http://www.jsqmd.com/news/121427/

相关文章:

  • Excalidraw Google Business Profile创建(如适用)
  • 一场代表中国科技力量的盛典,为何选择了鸿蒙
  • 超奈奎斯特调制技术(Faster-Than-Nyquist, FTN)研究与MATLAB仿真
  • Excalidraw开源工具引入AI引擎,绘图从此智能化
  • 基于PLC的智能停车场管理系统设计智慧停车场车位控制博图HMI组态仿真
  • Excalidraw搜狗站长平台提交入口与验证
  • Excalidraw AI协作平台正式发布,赠送算力Token
  • 2025年12月江苏南京本地非急救转运车服务全面解析 - 2025年品牌推荐榜
  • 计算机Java毕设实战-基于Java+springboot的游泳用品专卖店系统的设计与实现游泳用品专卖运营【完整源码+LW+部署说明+演示视频,全bao一条龙等】
  • 计算机Java毕设实战-基于springboot的物业报修系统的设计与实现物业工程报修系统的设计与实现【完整源码+LW+部署说明+演示视频,全bao一条龙等】
  • 2025年12月南京非急救转运车平台top5介绍 - 2025年品牌推荐榜
  • 从零开始搭建Excalidraw AI系统?我们已为你准备好镜像
  • 2025年12月江苏南京非急救转运服务商竞争格局深度分析报告 - 2025年品牌推荐榜
  • Java毕设选题推荐:基于SpringBoot+Vue的小区物业管理系统基于springboot的物业报修系统的设计与实现【附源码、mysql、文档、调试+代码讲解+全bao等】
  • Java毕设选题推荐:基于Java+springboot的校园智能物流管理系统的设计与实现【附源码、mysql、文档、调试+代码讲解+全bao等】
  • Excalidraw开源生态扩展,AI插件市场即将上线
  • Excalidraw神马移动搜索提交策略
  • yolov13车辆行人识别图像数据集 自动驾驶bdd100k数据集 yolo图像数据集 深度学习入门资料 摩托骑行者识别10321期
  • Excalidraw海外SEO重点:Google优先
  • Excalidraw实时协作白板上线AI插件,绘图效率翻倍
  • Excalidraw AI绘图镜像上线,赠送1000Token启动资源
  • Excalidraw镜像发布:手绘风格白板助力AI高效绘图
  • Excalidraw白板工具加入AI生成功能,支持多种模板
  • 【毕业设计】基于springboot的游泳用品专卖店系统的设计与实现(源码+文档+远程调试,全bao定制等)
  • PyTorch MultiStepLR:指定间隔学习率衰减的原理、API、参数详解、实战
  • Excalidraw CLS控制:累积布局偏移最小化
  • Excalidraw长尾关键词挖掘:技术类博客方向
  • Excalidraw本地化内容创作:贴近目标市场
  • 【道德经】1-5
  • 私域“翻身”大势来袭——2026年六大关键数据全解读!