Overlay Transport Virtualization OTV Layer 2 VPN over IPv4 Specifically OTV is: IPv4/IPv6 over Ethernet Over MPLS- Over GRE- Over IPv4- Over Ethernet As long as there is L3 connectivity you can use OTV Doesn't support Fragmentation Why use OTV: OTV was designed for L2 Data Center Interconnect (DCI) Doesn't require MPLS as long as there is IP connectivity Layer 2 DCI is needed for Virtual Machine Work Load Mobility E.g. VMware VMotion (L2 connectivity) OTV has built in enhancement to help scale L2 DCI There are many possible options for L2 DCI Dark Fiber (CWDM/DWDM) L2TPv3 Doesn't Require MPLS L3 reachability AToM (Any transport over MPLS) PtoP Layer2 MPLS VPN tunnel VPLS (Virtual Private LAN Service) PtoMP Layer 2 MPLS tunnel (MetroE) PE Routers must maintain MAC address table for the customer (Limit of MAC addresses) Not best option for DCI Bridging over GRE These options can be used for DCI, but OTV was made for DCI OTV can.... Optimizes ARP flooding over DCI DEMARC for the STP Domain Can overlay multiple VLAN's without complicated designs Allows multiple edge routers without complicated designs  OTV Terminology OTV Edge Device Edge Routers running OTV Authoritative Edge Device (AED) Active edge router for a particular VLAN Allows multiple redundant edge router while preventing loops (No STP over DCI) This works with OTV that odd VLAN's will use AED 1 and even VLAN's use AED 2. This could effect your designs. Extended VLAN's VLAN's being bridged over OTV Site VLAN Internal VLAN used to elect AED (not spanned over OTV) Site Identified Unique ID per DC site, shared between AED's at same location Internal Interface L2 Interface where traffic to be encapsulated is received Overlay Interface The logical OTV tunnel interface that performs the OTV encapsulation OTV Join Interface The L3 physical link or L3 port-channel that you use to route upstream towards DCI Cannot be an SVI OTV Multicast groups Implies that the DCI will have to support SSM or ASM With NX-OS 5.2(1) you could use the adjacency server feature OTV Control Group Multicast address used to discover the remote sites in the control plane OTV Data Group Used when you're tunneling multicast traffic over OTV in the data plane. OTV Control Plane Uses IS-IS to advertise MAC addresses between AED's MAC in IP routing (Fabricpath is MAC in MAC routing IS-IS builds SPT) Encapsulated as Control Group Multicast IS-IS over Ethernet over MPLS over GRE over IPv4 multicast (Because IS-IS uses CLNS or CNLP not IP) DCI must support ASM multicast allowed shared trees in sparse or bidir mode OTV Data Plane Uses both Unicast and Multicast Transport Multicast Control Group Multicast of Broadcast Control Plan Protocols E.g. ARP, PIM, OSFP, EIGRP, etc... Unicast Data Normal unicast is encapsulated as unicast between AED's Multicast Data Group (E.g. Video on demand) Multicast Data flows are encapsulated as SSM Multicast AED's usedIGMPv3 for (S,G) joins OTV Adjacency Server can remove the requirement for Multicast completely Will result in "Head End Replication" when more than two DC's connected over the DCI OTV Adjacency Server Normally OTV required that the DCI runs multicast Needed to find and form IS-IS adjacencies and to tunnel multicast data traffic OTV Adjacency Server removes multicast requirements One or more AED's are configured as the adjacency server All other AED's register with the adjacency server Now all endpoints are known All Control and data plane traffic is now unicast encapsulated Will result in "Head End Replication" when more than 2 DC's connected over the DCI  Other DCI options bridge all traffic over DCI E.g. STP, ARP, broadcast storms, etc... OTV reduces unnecessary flooding by Proxy ARP/ICMPv6 ND (Neighbor Discovery) cache on the AED Termination the STP domain on the AED Be careful with HSRP have to configure VLAN access-map look up Limitations Cannot run OTV in the same VDC as Layer 3 SVI's No Layer 3 Fragmentation Lower 8K MTU to southbound networks Fabricpath doesn't run on F1/2 modes, only M series modules support Fabricpath (F3 modules support Fabricpath) OTV Configuration Design  Starting the Configuration from N7K2-6 and moving to the left and down L2/L3 Configuration (this would be up already in a fully functioning network) N7K2-6 conf t int e1/9 description TO N7K2-5 no shut no switchport ip address 150.1.56.6/24 feature eigrp router eigrp 1 int lo0 ip address 1.1.1.76/32 ip router eigrp 1 int e1/9 ip router eigrp 1 vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN int e1/11 - e1/12 switchport switchport mode trunk spanning-tree port type network no shut OTV Configuration feature otv otv site-identifier 0.0.2 otv site-vlan 999 (local per location) int e1/9 ip igmp ver 3 int overlay 1 (this is were most of the configuration is) otv control-group 225.6.7.8 otv data-group 223.1.2.0/24 (multicast in multicast want to be SSM group range) otv extend-vlan add 10 otv join-interface e1/19 no shut Show run otv on both sides to make sure the configuration is the same  N7K2-5 conf t int e1/1 description TO N7K2-6 no shut no switchport ip address 150.1.56.5/24 feature eigrp router eigrp 1 int lo0 ip address 1.1.1.75/32 router eigrp 1 int e1/1 router eigrp 1 show cdp neighbor to make sure you have the correct links but enabling the interfaces between N7K2-5 and N7K1-4 conf t int e1/8 description TO N7K1-4 no switchport ip address 150.1.54.5/24 ip router eigrp 1 no shut exit feature pim int e1/1 , e1/7 ip pim sparse ip pim rp-address 1.1.1.74 ip igmp ver 3 N7K1-4 conf t feature eigrp router eigrp 1 int e1/31 description TO N7K2-5 no shut no switchport ip address 150.1.54.4/24 int lo0 no shut ip address 1.1.1.74/32 ip router eigrp 1 int e1/25 description TO N7K1-3 no shut no switchport ip address 150.1.34.4/25 ip router eigrp 1 feature pim ip igmp ver 3 int e1/25, e1/31 ip pim sparse mode int lo0 ip pim sparse exit ip pim rp-address 1.1.1.74 N7K1-3 L2/L3 configuration conf t feature eigrp router eigrp 1 int lo0 ip address 1.1.1.73/32 ip router eigrp 1 int e1/17 description OTV JOIN INT TO N7K1-4 no switchport no shut ip address 150.1.34.3/24 ip router eigrp 1 int e1/19-20 switchport switchport mode trunk spanning-tree port type network no shut vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN feature interface-vlan OTV Configuration feature otv otv site-identifier 0.0.1 otv site-vlan 999 int 1/17 (this interface is facing the DCI) ip igmp ver 3 int overlay 1 otv control-group 225.6.7.8 otv data-group 223.1.2.0/24 (multicast in multicast want to be SSM group range) otv extend-vlan add 10 otv join-interface e1/17 no shut N7K1-1 conf t int e1/3 description TO N7K1-3 switchport switchport mode trunk spanning-tree port type network switchport mode access vlan 10 no shut vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN int e2/3 switchport switchport mode trunk spanning-tree port type network no shut N7K1-2 conf t int e1/12 switchport switchport type network spanning-tree port type network no shut vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN int e2/13 swtichport switchport mode trunk spanning-tree port type network no shut N5K1 int e1/8,e1/10 switchport switchport mode trunk spanning-tree port type network no shut N5K2 int e1/20,e1/22 (To N7K2-7 and N7K2-8) switchport switchport mode trunk spanning-tree port type network no shut N7K2-8 vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN int e2/27 switchport switchport mode trunk spanning-tree port type network no shut int e1/27 switchport switchport mode trunk spanning-tree port type network no shut N7K2-7 vlan 10,999 vlan 10 name OVERLAY_VLAN vlan 999 name SITE_VLAN int e2/21 switchport switchport mode trunk spanning-tree port type network no shut int e1/20 switchport switchport mode trunk spanning-tree port type network no shut R3 int g0/0 ip address 10.0.0.3 255.255.255.0 no shut R2 int g0/0 ip address 10.0.0.2 255.255.255.0 no shut Verification after configuration On N7K1-4 ( this would be from the DCI PE router) show ip mroute  show otv isis adjacency (from N7K1-3 AED)   On R3 ping 255.255.255.255  Because of this, you can run into weird forwarding decisions you would want to run LISP with OTV. show ip eigrp neighbors Should see neighbor switch show ip route eigrp should see loopback address in the output OTV Advanced Configuration show otv isis database  You see the N7K1-3 and N7K2-6 and and a third N7K-3.01-00 this is the DIS (Designated Intermediate System) and also for the DR (designated router) you will not see this on N7K2-6 show otv isis database detail  N7K1-1 conf t feature interface-vlan feature hsrp int vlan 10 ip address 10.0.0.71/24 hsrp 1 ip address 10.0.0.254 no shut N7K1-2 conf t feature interface-vlan feature hsrp int vlan 10 ip address 10.0.0.72/24 hsrp 1 ip address 10.0.0.254 no shut show hsrp (N7K1-2)  N7K1-1 feature pim int vlan 10 ip pim sparse N7K1-2 feature pim int vlan 10 ip pim sparse show ip igmp snooping groups (this is a feed from JPERF to S1 to S3)  N7K2-7 conf t feature interface-vlan feature hsrp feature pim int vlan 10 ip address 10.0.0.77/24 ip pim sparse no shut hsrp 1 ip address 10.0.0.254 N7K2-8 conf t feature interface-vlan feature hsrp feature pim int vlan 10 ip address 10.0.0.78/24 ip pim sparse no shut ip hsrp 1 ip address 10.0.0.254 You have the same HSRP group per DC's and is not a good idea to have them sent from DC1 to DC2 could run into the issue where DC2 is the gateway and routing for users in DC1. You have to have a VLAN access list  OTV Adjacency Server Configuration shut down int overlay o1 on N7K1-3 and N7K2-6 Remove "otv data-group 232.1.2.0/24" and "otv control-group 225.6.7.9" from the AED switches N7K1-3 and N7K2-6 N7K1-3 int o1 shut otv adjacency-server unicast-only otv use-adjacency-server 150.1.43.3 unicast-only (This is the IP address of N7K1-3) no shut N7K2-6 int o1 shut otv adjacency-server unicast-only otv use-adjacency-server 150.1.43.3 unicast-only no shut show otv isis adjacency  Same result as if you had the multicast control and data groups configured you are routing unicast and multicast traffic in a unicast packet. This would be okay if you have only two locations Good link on OTV with VMware restrictions |
Blog >
