2013 Usa PDF BRKDCT-3103

Advanced OTV Configure, Verify and Troubleshoot OTV in Your Network
BRKDCT - 3103
Andy Gossett, Customer Support Engineer, Cisco Services agossett@cisco.com
Agenda
OTV Introduction Configuration
Multicast Transport Unicast-only Transport New Features
Verification
Adjacency Unicast Forwarding Multicast Forwarding ARP
Troubleshooting
BRKDCT - 3103
2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Introduction
Overlay Transport Virtualization (OTV) in a Nutshell OTV is a MAC-in-IP method that extends Layer 2 connectivity across a transport network infrastructure OTV supports both multicast and unicast-only transport networks OTV uses ISIS as the control protocol OTV on Nexus7000 does not encrypt encapsulated payload
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Edge Device Performs OTV functions Multiple OTV Edge Devices can exists at each site OTV requires the Transport Services (TRS) license Creating non default VDCs requires Advanced Services license otv Edge Devices otv
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Internal Interfaces Regular layer 2 interfaces facing the site No OTV configuration required Supported on M-series modules Support for F1 and F2e starting in 6.2 Internal Interfaces otv otv
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Join Interface Uplink on Edge device that joins the Overlay Forwards OTV control and data traffic Layer 3 interface Currently supported only on M-series modules otv otv Join Interfaces
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Overlay Interface Virtual Interface where the OTV configurations are applied Multi-access multicast-capable interface Encapsulates Layer 2 frames otv otv
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Authoritative Edge Device OTV supports multiple edge devices per site A single OTV device is elected as AED on a per-vlan basis The AED is responsible for advertising MAC reachability and forwarding traffic into and out of the site for its VLANs otv AED for odd VLANs otv
BRKDCT - 3103
Cisco Public
Introduction
Terminology: Authoritative Edge Device OTV supports multiple edge devices per site A single OTV device is elected as AED on a per-vlan basis The AED is responsible for advertising MAC reachability and forwarding traffic into and out of the site for its VLANs otv AED for even VLANs otv
BRKDCT - 3103
Cisco Public
10
Introduction
Terminology: Site VLAN Prior to 5.2(1) OTV used only communication on the site vlan for AED election
Im AED for Even VLANs Im AED for Odd VLANs
otv
otv
OTV Hello
OTV Hello
BRKDCT - 3103
Cisco Public
11
Introduction
Terminology: Site VLAN Prior to 5.2(1) OTV used only communication on the site vlan for AED election Misconfiguration or connectivity issues on the site vlan could result in active/active AED mode
Im AED for All VLANs Im AED for All VLANs
otv
otv
OTV Hello
OTV Hello
BRKDCT - 3103
Cisco Public
12
Introduction
Terminology: Site VLAN and Site Identifier 5.2(1) added Dual Site Adjacency
1. Site Adjacency established across the site vlan 2. Overlay Adjacency established via the Join interface across Layer 3 network
Im AED for Even VLANs OTV Hello Site-ID 1.1.1
Core
Im AED for Odd VLANs OTV Hello Site-ID 1.1.1
otv
otv
Full Adjacency
OTV Hello Site-ID 1.1.1
BRKDCT - 3103
Cisco Public
13
Introduction
Terminology: Site VLAN and Site Identifier If a communication problem occurs on the site vlan, each OTV device can still advertise AED capabilities across overlay to prevent an active/active scenario
Im AED for Even VLANs OTV Hello Site-ID 1.1.1
Core
Im AED for Odd VLANs OTV Hello Site-ID 1.1.1
otv
otv
Partial Adjacency
BRKDCT - 3103
Cisco Public
14
Introduction
Terminology: Site VLAN and Site Identifier Dual Site Adjacency also has mechanism for advertising AED capabilities on local failure to improve convergence
Join interface down
Im not AED capable Im AED for Even VLANs
Core
Im AED for Odd VLANs Im now AED ALL VLANs
otv
Partial Adjacency
otv
Im not AED capable
BRKDCT - 3103
Cisco Public
15
Introduction
Join interface down Internal Vlans down
Im not AED capable Im AED for Even VLANs Im not AED capable
Core
Im AED for Odd VLANs Im now AED ALL VLANs
otv
otv
Partial Adjacency
BRKDCT - 3103
Cisco Public
16
Introduction
Join interface down Internal Vlans down AED down or initializing
Im now AED capable Im now AED EVEN VLANs Initializing
Core
Im AED for ALL VLANs Im now AED ODD VLANs
Im now AED capable
otv
otv
Full Adjacency
BRKDCT - 3103
Cisco Public
17
Introduction
Overlay Transport Multicast Transport vs. Unicast Transport
Packet Type ISIS Hello, Unicast Transport ISIS Hello, Multicast Transport OTV Header for User Data
IP Length 1450B 1442B 42B
BRKDCT - 3103
Cisco Public
18
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
20
Configuration
Enable OTV Feature
feature otv
West otv otv East
otv
Core
otv
BRKDCT - 3103
Cisco Public
21
Configuration
Site VLAN and Site Identifier Site VLAN needs to be configured and active even if you do not have multiple OTV devices in the same site
site VLAN should not be extended across overlay
Site Identifier can be any number between 0000.0000.0001 and ffff.ffff.ffff. Value will always be displayed in MAC format Site Identifier must be unique for each site Site Identifier is required in 5.2(1) and above for overlay to come up. This must be kept in mind when performing an ISSU from a pre-5.2(1) release Service Impacting
BRKDCT - 3103 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Configuration
Site VLAN and Site Identifier
otv site-vlan 210 otv site-identifier 0001.0001.0001
West
otv site-vlan 210 otv site-identifier 0002.0002.0002

East
otv
otv
otv
Core
otv
BRKDCT - 3103
Cisco Public
23
Configuration
Internal Interface
interface port-channel 103 switchport switchport mode trunk
West otv otv East
otv
Core
otv
BRKDCT - 3103
Cisco Public
24
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
25
Configuration
Multicast Transport: Overlay Multicast Transport requires the configuration of a control-group and datagroup Adjacencies are built and MAC reachability information is exchanged over the control-group The data-group is an source specific multicast (SSM) delivery group for extending multicast traffic across the overlay. It can be configured as any subnet within the transports SSM range. The data-group range should not overlap with the control-group
BRKDCT - 3103
Cisco Public
26
Configuration
Multicast Enabled Core
feature pim ip pim rp-address <rp> interface port-channel y ip pim spare-mode ip igmp version 3
otv otv
West
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
27
Configuration
Multicast Transport
interface Overlay1 otv join-interface port-channel100 otv control-group 239.1.1.1 otv data-group 232.1.1.0/24 otv extend-vlan 200-209
otv
West
otv
East
otv
Core
interface port-channel 100 mtu 9216 ip address 172.16.1.34/30 ip igmp version 3
otv
BRKDCT - 3103
Cisco Public
28
Configuration
Multicast Transport Full Picture
WEST_OTVA feature otv otv site-vlan 210 otv site-identifier 0001.0001.0001 interface Overlay1 otv join-interface port-channel100 otv control-group 239.1.1.1 West otv otv data-group 232.1.1.0/24 otv extend-vlan 200-209 no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.34/30 ip igmp version 3 otv EAST_OTVA feature otv otv site-vlan 210 otv site-identifier 0002.0002.0002 interface Overlay1 otv join-interface port-channel100 otv control-group 239.1.1.1 otv data-group 232.1.1.0/24 otv otv extend-vlan 200-209 no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.26/30 ip igmp version 3 otv
East
Core
BRKDCT - 3103
Cisco Public
29
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
30
Configuration
Unicast Transport: Overlay OTV can run across a unicast only transport Unicast Transport requires the configuration of one or more adjacency servers. OTV devices register with the adjacency server which in turn provides each with an OTV Neighbor List (oNL). Think of the adjacency server as a special process running on a generic OTV edge device A primary and secondary adjacency server can be configured for redundancy
BRKDCT - 3103
Cisco Public
31
Configuration
Unicast Transport: Primary Adjacency Server Overlay
interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 otv adjacency-server unicast-only
otv otv
West
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
33
Configuration
Unicast Transport: Secondary Adjacency Server Overlay
interface Overlay1 Primary Server otv join-interface port-channel100 otv extend-vlan 200-209 otv use-adjacency-server 172.16.1.34 unicast-only otv adjacency-server unicast-only otv
otv
West
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
34
Configuration
Unicast Transport: Client Overlay
interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 otv use-adjacency-server 172.16.1.34 172.16.1.26 unicast-only
West otv otv
Primary Server
Secondary Server
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
35
Configuration
Unicast Transport: Full Picture
WEST_OTVA feature otv otv site-vlan 210 otv site-identifier 0001.0001.0001 interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 otv adjacency-server unicast-only no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.34/30
EAST_OTVA feature otv otv site-vlan 210 otv site-identifier 0002.0002.0002 interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 otv use-adjacency-server 172.16.1.34 unicast-only otv adjacency-server unicast-only no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.26/30
West
otv
otv
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
36
Configuration
Unicast Transport: Full Picture
WEST_OTVB feature otv otv site-vlan 210 otv site-identifier 0001.0001.0001 interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 West otv use-adjacency-server 172.16.1.34 otv 172.16.1.26 unicast-only no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.38/30 EAST_OTVB feature otv otv site-vlan 210 otv site-identifier 0002.0002.0002 interface Overlay1 otv join-interface port-channel100 otv extend-vlan 200-209 East otv use-adjacency-server 172.16.1.34 172.16.1.26 unicast-only otv no shutdown interface port-channel100 mtu 9216 ip address 172.16.1.30/30
otv
Core
otv
BRKDCT - 3103
Cisco Public
37
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
39
Targeted 6.2
New Features
F1/F2E used as Internal Interfaces Selective Unicast Flooding Dedicated Data Broadcast Forwarding Multicast Group Source-Interface with Loopback Tunnel Depolarization with Secondary IP OTV VLAN Translation
otv flood mac 0200.0AC9.00A2 vlan 202 interface Overlay1 otv source-interface loopback0 otv broadcast-group 239.1.1.5 otv control-group 239.1.1.1 otv data-group 232.1.1.1/24 otv extend-vlan 200-209 otv vlan mapping 203 to 303
Targeted 6.2
New Features
Source-Interface with Loopback Join Interface Limitations
Bandwidth to the core is limited to one physical link or port-channel Changes to join-interface will churn all OTV overlay states, since the overlay encapsulation for all routes need to be updated PIM cannot be enabled on the join-interface, since the OTV solution assumes it's an IGMP host interface Unable to utilize the redundancy of multiple uplinks when available, and the flexibility of dynamic unicast routing convergence on uplink failures If join-interface goes down, the connectivity to the core is broken. User intervention is needed to provide alternate core connectivity
BRKDCT - 3103
Cisco Public
41
Targeted 6.2
New Features
Source-Interface with Loopback
Overlay uses otv source-interface command to source OTV traffic from the edge device and source joins to receive multicast traffic from the core
West
otv
otv
Multiple L3 uplinks connected to OTV edge device, each running PIM and an IGP with IPv4 Core.
East
otv
OTV device can now act as first-hop/last-hop otv multicast router instead of IGMP client
BRKDCT - 3103
Cisco Public
42
Targeted 6.2
New Features
Source-Interface with Loopback
WEST_OTVA OTV Config feature otv otv site-vlan 210 otv site-identifier 0001.0001.0001 interface Overlay1 otv source-interface loopback0 otv control-group 239.1.1.1 otv data-group 232.1.1.0/24 otv otv extend-vlan 200-209 no shutdown WEST_OTVA PIM and IGP Config feature pim feature ospf ip pim rp-address 1.1.1.1 group-list 239.1.1.1/32 ip pim ssm range 232.1.1.0/24 router ospf 1 interface loopback0 ip address 1.1.1.5/32 ip router ospf 1 area 0.0.0.0 otv ip pim spare-mode interface Ethernet3/2 mtu 9216 ip address 10.1.5.5/24 ip router ospf 1 area 0.0.0.0 ip pim spare-mode otv interface Ethernet3/3 mtu 9216 ip address 10.1.6.5/24 ip router ospf 1 area 0.0.0.0 ip pim spare-mode multiple L3 uplinks
West
East
otv
Targeted 6.2
New Features
Tunnel Depolarization with Secondary IP All encapsulated traffic between AEDs have same source and destination IPs limiting the advantages of Etherchannel and ECMP load-balancing
East
West
otv
A1->B1
otv
otv
otv
BRKDCT - 3103
Cisco Public
44
Targeted 6.2
New Features
Tunnel Depolarization with Secondary IP Secondary IPs allows OTV to forward traffic between multiple endpoints to prevent polarization along the path
Interface loopback0 ip address 1.1.1.7/32 otv ip address 1.1.1.17/32 secondary
West
otv
East
Interface loopback0 ip address 1.1.1.5/32 otv ip address 1.1.1.15/32 secondary

WEST_OTVA# show otv (output omitted) Source interface : Lo0 (1.1.1.5) Secondary IP Addresses: : 1.1.1.15
otv
BRKDCT - 3103
Cisco Public
45
Targeted 6.2
New Features
Tunnel Depolarization with Secondary IP
WEST_OTVA# show tunnel internal implicit otv detail Tunnel16392 is up Tunnel source 1.1.1.5, destination 1.1.1.7 735319 packets output, 1 minute output rate 7730 packets/sec 767371 packets input, 1 minute input rate 8033 packets/sec Tunnel16393 is up East Tunnel source 1.1.1.15, destination 1.1.1.7 otv 707042 packets output, 1 minute output rate 7432 packets/sec 653684 packets input, 1 minute input rate 6843 packets/sec Tunnel16394 is up Tunnel source 1.1.1.5, destination 1.1.1.17 Last clearing of "show interface" counters never 593911 packets output, 1 minute output rate 6244 packets/sec 710525 packets input, 1 minute input rate 7437 packets/sec otv Tunnel16395 is up Tunnel source 1.1.1.15, destination 1.1.1.17 791887 packets output, 1 minute output rate 8325 packets/sec 710525 packets input, 1 minute input rate 7437 packets/sec
West
otv
A1->B1 A2->B2 A4->B4 A3->B3
otv
BRKDCT - 3103
Cisco Public
46
Targeted 6.2
New Features
OTV VLAN Translation VLAN translation allows OTV to map a local VLAN to a remote VLAN.
West
Vlan 203
interface Overlay0 otv extend-vlan 202, 303
otv
Vlan 203 Vlan 303
otv
East
Vlan 303
interface Overlay0 otv
Core
otv extend-vlan 202-203 otv vlan mapping 203 to 303
otv
WEST_OTVA# show otv vlan-mapping Original VLAN -> Translated VLAN -------------------------------203 -> 303
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
48
Verification
Adjacency: IP Connectivity For both multicast and unicast transports, adjacencies cannot be formed without IP connectivity between each OTV edge device
WEST_OTVA# ! Ping EAST_OTVA join interface WEST_OTVA# ping 172.16.1.26 count 1 PING 172.16.1.26 (172.16.1.26): 56 data bytes 64 bytes from 172.16.1.26: icmp_seq=0 ttl=251 time=1.287 ms --- 172.16.1.26 ping statistics --1 packets transmitted, 1 packets received, 0.00% packet loss WEST_OTVA# ! Ping EAST_OTVB join interface WEST_OTVA# ! Ping WEST_OTVB join interface
BRKDCT - 3103
Cisco Public
49
Verification
Adjacency: Overlay Verify overlay and site-vlan are up
WEST_OTVA# show otv
Multicast Transport
WEST_OTVA# show otv
Unicast Transport
OTV Overlay Information Site Identifier 0001.0001.0001 Overlay interface Overlay1 VPN name VPN state Extended vlans Control group Data group range(s) Join interface(s) Site vlan AED-Capable Capability : : : : : : : : : Overlay1 UP 200-209 (Total:10) 239.1.1.1 232.1.1.0/24 Po100 (172.16.1.34) 210 (up) Yes Multicast-Reachable
OTV Overlay Information Site Identifier 0001.0001.0001 Overlay interface Overlay1 VPN name VPN state Extended vlans Join interface(s) Site vlan AED-Capable Capability Is Adjacency Server Adjacency Server(s) : : : : : : : : : Overlay1 UP 200-209 (Total:10) Po100 (172.16.1.34) 210 (up) Yes Unicast-Only Yes [None] / [None]
BRKDCT - 3103
Cisco Public
50
Verification
Adjacency: ISIS Hello (IIH) statistics
WEST_OTVA# show otv isis site statistics | begin PDU OTV-IS-IS PDU statistics for site-vlan: PDU LAN-IIH CSNP PSNP LSP Received 91697 0 1 155 Sent 91700 8013 0 312 RcvAuthErr OtherRcvErr 0 0 0 0 0 0 0 0 ReTransmit n/a n/a n/a 0
WEST_OTVA# show otv isis traffic OTV-IS-IS process: default VPN: Overlay1 OTV-IS-IS Traffic: PDU Received Sent RcvAuthErr OtherRcvErr LAN-IIH 85530 23298 0 0 CSNP 3 8015 0 0 PSNP 17 2 0 0 LSP 896 393 0 0
ReTransmit n/a n/a n/a 0
BRKDCT - 3103
Cisco Public
51
Adjacency: ISIS Hello over Multicast Transport

ISIS Hellos have packet size of 1442 Bytes through multicast transport
1400B ISIS + 42B OTV header
OTV ISIS sent on multicast control-group, sourced from join interface
System ID and Site Identifier included in Hello

Adjacency: ISIS Hello over Unicast Transport

ISIS Hellos have packet size of 1450 Bytes through unicast transport
1400B ISIS + 42B OTV header + 8B UDP
OTV ISIS via unicast, sourced and destined between join interfaces OTV ISIS Hello sent encapsulated in UDP unicast on port 8472 System ID and Site Identifier included in Hello
Verification
Adjacency: Multicast Transport (join-interface) OTV join interfaces are configured with IGMPv3. Therefore, from the transport's perspective, the OTV edge devices appear as host sending and requesting traffic from the control-group. Ensure (S,G) and (*,G) state is created at first-hop router for each edge device
West otv otv East
CORE#show ip mroute 239.1.1.1 summary [output omitted] otv (*, 239.1.1.1), (172.16.1.26, (172.16.1.30, (172.16.1.34, (172.16.1.38,
Core
OIF OIF OIF OIF OIF count: count: count: count: count: 4, 3, 3, 3, 3, flags: flags: flags: flags: flags: S T T T T
otv
01:15:56/00:03:06, RP 1.1.1.1, 239.1.1.1), 00:47:13/00:03:25, 239.1.1.1), 00:47:06/00:03:15, 239.1.1.1), 00:56:40/00:03:25, 239.1.1.1), 00:57:17/00:03:25,
BRKDCT - 3103
Cisco Public
54
Verification
Adjacency: ISIS Overlay Adjacencies
WEST_OTVA# show otv isis adjacency OTV-IS-IS process: default VPN: Overlay1 OTV-IS-IS adjacency database: System ID SNPA Level State EAST_OTVB 64a0.e741.c841 1 UP WEST_OTVB 64a0.e741.c842 1 UP EAST_OTVA 6c9c.ed40.1741 1 UP
West
Hold Time 00:00:11 00:00:09 00:00:13
otv
otv
Interface Site-ID Overlay1 0002.0002.0002 Overlay1 0001.0001.0001 Overlay1 0002.0002.0002 East
otv
Core
otv
BRKDCT - 3103
Cisco Public
57
Verification
Adjacency: OTV Overlay Adjacencies
WEST_OTVA# show otv adjacency Overlay Adjacency database Overlay-Interface Overlay1 Hostname EAST_OTVA EAST_OTVB WEST_OTVB : System-ID 6c9c.ed40.1741 64a0.e741.c841 64a0.e741.c842 Dest Addr 172.16.1.26 172.16.1.30 172.16.1.38 Up Time 19:34:34 19:34:30 19:34:30 State UP UP East UP
West
otv
otv
otv
Core
otv
BRKDCT - 3103
Cisco Public
58
Verification
Adjacency: ISIS Site Adjacencies
WEST_OTVA# show otv isis site OTV-ISIS site-information for: default Level 1 Metric 16777214 Adjs 1 CSNP 10 Next CSNP 00:00:07 Hello 1 Multi 10 Next IIH 0.204018
West
otv
Level 1
AdjsUp Pri 1 64
Circuit ID WEST_OTVA.01
Since otv * 23:57:51
East
otv
[output omitted] Neighbor SystemID: 64a0.e741.c842 [WEST_OTVB] IPv4 site groups: 239.1.1.1
Core
otv
BRKDCT - 3103
Cisco Public
59
Verification
Adjacency: OTV Site Adjacencies
WEST_OTVA# show otv site Dual Adjacency Full Partial Down (!) State Description Both site and overlay adjacency up Either site/overlay adjacency down Both adjacencies are down (Neighbor is down/unreachable) Site-ID mismatch detected
West
Local Edge Device Information: otv Hostname WEST_OTVA System-ID 6c9c.ed40.1742 Site-Identifier 0001.0001.0001 Site-VLAN 210 State is Up Site Information for Overlay1:
otv
East
otv
Local device is AED-Capable Neighbor Edge Devices in Site: 1
Core
otv
AdjacencyAdjacencyAEDState Uptime Capable -------------------------------------------------------------------------------WEST_OTVB 64a0.e741.c842 Full 23:57:51 Yes

Hostname
System-ID
Verification
Authoritative Edge Device (AED)
WEST_OTVA# show otv vlan 200-201 OTV Extended VLANs and Edge Device State Information (* - AED) VLAN ---200 201* Auth. Edge Device ----------------------------------WEST_OTVB WEST_OTVA Vlan State Overlay ---------------inactive(Non AED)Overlay1 active Overlay1
West
otv
otv
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
61
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
62
Verification
Unicast Forwarding
Host on vlan 201 IP 10.201.0.101 MAC 001b.d419.1842
AED vlan 201
AED vlan 201
Host on vlan 201 IP 10.201.0.102 MAC 001f.6c75.1d42
West
otv
otv
East
otv
Core
otv
BRKDCT - 3103
Cisco Public
63
Verification
Unicast Forwarding Simplified topology based on AED for vlan 201 Lets assume that ARP has already resolved between hosts
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
64
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East Packet is received on internal interface on OTV AED Verify CAM entry and OTV route
WEST_OTVA# show mac address-table address 001f.6c75.1d42 vlan 201 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+-----------------O 201 001f.6c75.1d42 dynamic 0 F F Overlay1 East WEST_OTVA# show otv route 001f.6c75.1d42
Po103 Po100
West
otv
otv
Po100 Po101
OTV Unicast MAC Routing Table For Overlay1 VLAN MAC-Address ---- -------------201 001f.6c75.1d42 Metric -----42 Uptime -------00:02:25
Core
vlan 201 10.201.0.101 001b.d419.1842
Owner --------overlay
Next-hop(s) ----------EAST_OTVA
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
65
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East Verify next hop IP address for MAC
WEST_OTVA# show otv adjacency Overlay Adjacency database Overlay-Interface Overlay1 Hostname EAST_OTVA EAST_OTVB WEST_OTVB
Po100
: System-ID 6c9c.ed40.1741 64a0.e741.c841 64a0.e741.c842 Dest Addr 172.16.1.26 172.16.1.30 otv 172.16.1.38
Po101
West
Po103
otv
Up Time State 19:34:34 UP East 19:34:30 UP 19:34:30 UP
Core
Po100
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
66
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East Verify hardware adjacency and label
OTV shim includes an MPLS label to identify the encapsulated VLAN. MPLS Label = 32 + vlan 32 + 201 = 233 = 0xe9
WEST_OTVA# show system internal forwarding otv overlay 1 vlan 201 detail Dev No: 1 MPLS Label: 0xe9 VPN id: 10 TCAM Idx: 0x1ffa9 Adj Idx: 0x4302a Type: EoMPLS rc: 1 ccc: 6 pv: 0 l2_fwd: 1 Packets: 0 Bytes: 0
(BD: 21, Vlan Id: 201, Peer Id: 1) DevNo: 1 TCAM Idx: 0x1ff03 Adj Idx: 0x4303d Egress Lif: 0x8004 RDT: 1 Egress Lif Base: East 5 West otv ccc: 0 pv: 1 l2_fwd: 1 rc: 1 otv label hi: 0x0 label low: 0xe90 Packets: 0 Bytes: 0 Tunnel adj index: 0x43037 GRE: YES Po103 Po100 Po100 Po101 DIP: 172.16.1.26 SIP: 172.16.1.34 GRE Tunnel built between LIF: 0x4074 DI: 0x421 ccc: 6 L2_FWD: NO RDT: YES WEST_OTVA and EAST_OTVA Packets: 0 Bytes: 0 zone enforce: 0
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
67
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East Verify incrementing counters on tunnel interface
WEST_OTVA# show tunnel internal implicit otv detail Tunnel16397 is up MTU 9178 bytes, BW 9 Kbit Transport protocol is in VRF "default" Tunnel protocol/transport GRE/IP Tunnel source 172.16.1.34, destination 172.16.1.26 Last clearing of "show interface" counters never Tx 3004421 packets output, 1 minute output rate 171 packets/sec otv Rx 2993448 packets input, 1 minute input rate 171 packets/sec
West
Po103
otv
East
Po100
Core
Po100
Po101
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
68
Unicast Forwarding: Encapsulated Packet

42 Byte OTV header overhead Increases packet size to 142 Bytes Packet sent unicast through transport with endpoint IPs of AED Join interface Label to identify vlan 32+201 = 233
Original IP header maintained
BRKDCT - 3103
Cisco Public
69
Verification
Unicast Forwarding: User on site West sends unicast packet to site East Encapsulated packet is received on Join interface of East AED For Decapsulation, verify hits against internal ACL
EAST_OTVA# show system internal access-list output statistics | begin Tcam Tcam 0 resource usage: ---------------------Label_a = 0x802 Bank 0 -----West IPv4 Class otv Policies: Tunnel Decap(Tunnel Decap on VRF default) Entries: Po103[Stats] Po100 [Index] Entry --------------------[0006] redirect(0x4307d) 47 172.16.1.30/32 172.16.1.26/32 [0] [0007] redirect(0x4307b) 47 172.16.1.38/32 172.16.1.26/32 [0] vlan 201 [0009] redirect(0x43079) 47 172.16.1.34/32 172.16.1.26/32 [18505] 10.201.0.101 [0010] permit ip 0.0.0.0/0 0.0.0.0/0 [1444] 001b.d419.1842
East otv
Po100 Po101
Core
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
70
Verification
Unicast Forwarding: User on site West sends unicast packet to site East Verify OTV route for entry points to local site Verify CAM entry for destination MAC points out internal interface
EAST_OTVA# show otv route 001f.6c75.1d42 vlan 201
OTV Unicast MAC Routing Table For Overlay1 VLAN MAC-Address ---- -------------West 201 001f.6c75.1d42 Metric -----1 otv Uptime -------00:01:50 Owner --------site Next-hop(s) ----------port-channel101
East otv
Po101
EAST_OTVA# show mac address-table address 001f.6c75.1d42 vlan 201 Po103 Po100 Po100 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID vlan 201 ---------+-----------------+--------+---------+------+----+-----------------10.201.0.101 001b.d419.1842 * 201 001f.6c75.1d42 dynamic 0 F F Po101
Core
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
71
Verification
Unicast Forwarding: User on site West sends unicast packet to site East Packet will be sent out internal interface at site East and L2 switched to the host Return path from East to West will be the same
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
72
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
73
Verification
Multicast Forwarding: Source and Client Present Multicast Transport
(VLAN, *, G) created on West Side on receiving IGMP join from client and advertised to all edge devices WEST_OTVA sends an IGMPv3 SSM join for the Delivery Source and the Delivery Group on its Join interface WEST_OTVA# show otv mroute vlan 201 detail OTV Multicast Routing Table For Overlay1 (201, *, 224.10.10.10), metric: 0, uptime: 00:01:50, igmp Outgoing interface list: (count: 1) Po103, uptime: 00:01:50, igmp (201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:04:47, overlay(s) East Outgoing interface list: (count: 0) otv Remote Delivery: s = 172.16.1.26, g = 232.1.1.0
Po100
WEST_OTVA knows of remote (VLAN,S,G) based on advertisement from EAST_OTVA West
otv
Po103
Delivery group allocated by EAST_OTVA for (VLAN,S,G) vlan 201 Multicast Client 10.201.0.101
WEST_OTVA# show otv data-group Remote Active Sources for Overlay1
Core
Po100
Po101
VLAN Active-Source Active-Group Delivery-Source Delivery-Group vlan Joined-I/F 201 ---- --------------- --------------- --------------- -----------------------Multicast Server 201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 Po100 10.201.0.102
BRKDCT - 3103
Cisco Public
83
Verification
Multicast Forwarding: Source and Client Present Multicast Transport
(VLAN, *, G) known on EAST_OTVA based off advertisement from WEST_OTVA EAST_OTVA# show otv data-group Local Active Sources for Overlay1 VLAN Active-Source Active-Group Delivery-Source Delivery-Group Join-IF State ---- ------------- ------------ --------------- --------------- ------- -----201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 Po100 Local EAST_OTVA# show otv mroute vlan 201 detail West OTV Multicast Routing Table For Overlay1 (r) means there is a receiver that exists across the overlay Local delivery group is allocated for directly connected source
otv
(201, *, 224.10.10.10), metric: 0, uptime: 00:01:42, overlay(r) Po103 Po100 1) Outgoing interface list: (count: Overlay1, uptime: 00:01:42, isis_otv-default
East On receiving multicast traffic from the local host, EAST_OTVA creates a (VLAN,S,G) otv and advertises to all edge devices
Po100 Po101
Core
Since there is a receiver across the overlay, Overlay1 is added in outgoing interface list vlan 201 Multicast Server 10.201.0.102
(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:04:42, site vlan 201 Outgoing interface list: (count: 1) Multicast Client Overlay1 , uptime: 00:01:42, otv 10.201.0.101 Local Delivery: s = 172.16.1.26, g = 232.1.1.0
BRKDCT - 3103
Cisco Public
84
Multicast Encapsulated Packet, Multicast Transport
Sourced from Join interface, and destined to first address in data-group Label to identify vlan 32+201 = 233
BRKDCT - 3103
Cisco Public
85
Verification
Multicast Forwarding: Source and Client Present Unicast Transport
Since core does not support multicast, West site cannot send SSM join for group. Instead, West needs only to communicate to East that it has a receiver and it will receive the group via unicast. Only the *,G is created in unicast mode on client site.
WEST_OTVA# show otv mroute detail
West
Po103
otv
Po100
East
OTV Multicast Routing Table For Overlay1
otv
(201, *, 224.10.10.10), metric: 0, uptime: Po100 00:00:17, igmp Po101 Outgoing interface list: (count: 1) Po103, uptime: 00:00:17, igmp
Core
vlan 201 Multicast Client 10.201.0.101
vlan 201 Multicast Server 10.201.0.102
BRKDCT - 3103
Cisco Public
86
Verification
Multicast Forwarding: Source and Client Present Unicast Transport
EAST_OTVA# show otv mroute vlan 201 OTV Multicast Routing Table For Overlay1 (201, *, 224.10.10.10), metric: 0, uptime: 00:00:46, overlay(r) Outgoing interface list: (count: 1) Overlay1, WEST_OTVA, uptime: 00:00:46, isis_otv-default (201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:01:54, site Outgoing interface list: (count: 1) West Overlay1, WEST_OTVA , uptime: 00:00:46, otv otv EAST_OTVA# show forwarding otv multicast route vlan 201 Po103 Po100 ! Some output omitted (10.201.0.102/32, 224.10.10.10/32), RPF Interface: NULL, flags: Received Packets: 59188 Bytes: 3788032 Number of Outgoing Interfaces: 1 vlan 201 Outgoing Interface List Index: 25 Multicast Client Tunnel16407 Outgoing Packets:41096 Bytes:3369872 10.201.0.101 OTV unicast tunnel end-points: (172.16.1.26, 172.16.1.34) vlan: 201 Local (VLAN,S,G) created on EAST_OTVA on receiving directly connected source. WEST_OTVA copied into OIL based off (VLAN,*,G) (VLAN,*,G) known on EAST_OTVA with Outgoing interface list containing Overlay1 WEST_OTVA
multicast group is encapsulated and sent via unicast to WEST_OTVA otv

Po100 Po101
East
Core
vlan 201 Multicast Server 10.201.0.102
BRKDCT - 3103
Cisco Public
87
Multicast Encapsulated Packet, Unicast Transport
Source and Destination IP between Join Interfaces
Label to identify vlan 32+201 = 233
BRKDCT - 3103
Cisco Public
88
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
89
Verification
Address Resolution Protocol (ARP) We will assume that none of the devices in the topology have ARP or CAM entries for the hosts in vlan 201
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
90
Verification
ARP: Host at West Site Sends ARP Request for Host at East 1. Since its a broadcast packet, it is forwarded to both the OTV devices at West site 2. Non AED at West site drops the broadcast packet (loop prevention) 3. AED learns the MAC address on its internal interface
East
WEST_OTVA# show mac address-table vlan 201 Legend: Po100 Po100 Po101 * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID vlan 201 ---------+-----------------+--------+---------+------+----+-----------------* 201 001b.d419.1842 dynamic 0 F F Po103 10.201.0.102 001f.6c75.1d42
West
Po103
otv
otv
Core
vlan 201 10.201.0.101 001b.d419.1842
BRKDCT - 3103
Cisco Public
91
Verification
ARP: Host at West Site Sends ARP Request for Host at East 4. On learning new MAC, West AED sends ISIS update to all OTV devices Single packet on multicast control group (Multicast Transport) Or, unicast to each adjacency (Unicast Transport) 5. Only AED at remote sites program new MAC into OTV route and CAM tables
EAST_OTVA# show otv isis database detail | i Host|Vlan|MAC Hostname : WEST_OTVA Length : 9 West Vlan : 201 otv : Metric : 1 MAC Address : 001b.d419.1842
Po103 Po100
East otv
Po100 Po101
EAST_OTVA# show otv route vlan 201 VLAN MAC-Address Metric Uptime Owner Next-hop(s) ---- -------------- ------ -------- --------- ----------vlan 201 201 001b.d419.1842 42 00:00:08 overlay WEST_OTVA 10.201.0.101 001b.d419.1842 EAST_OTVA# show mac address-table vlan 201 VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+-----------------O 201 001b.d419.1842 dynamic 0 F F Overlay1
BRKDCT - 3103 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Core
vlan 201 10.201.0.102 001f.6c75.1d42
92
Verification
ARP: Host at West Site Sends ARP Request for Host at East 6. West AED performs lookup in ARP-ND (ARP- IPv6 Neighbor Discover) cache for East Host IP If an entry were present, West could send ARP reply (proxy) to local host without forwarding packet across overlay
West
Po103
otv
Po100
WEST_OTVA# show otv arp-nd-cache OTV ARP/ND L3->L2 Address Mapping Cache ! empty
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
93
Verification
ARP: Host at West Site Sends ARP Request for Host at East 7. Since there is no entry present in cache, West encapsulates ARP broadcast and sends to all OTV devices Single packet on multicast control group (Multicast Transport) Or, unicast to each adjacency (Unicast Transport)
East otv
Po100 Po100 Po101
West
Po103
otv
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
94
Verification
ARP: Host at West Site Sends ARP Request for Host at East 8. AED at East site receives packet on Join interface, decapsulates and sends it on internal interface toward host Non AED at East will also receive packet but will not forward
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
96
Verification
ARP: Host at East Site Sends ARP Reply for Host at West 1. AED at East receives unicast Reply on its internal interface 2. East updates its CAM table with the MAC address pointing out its internal interface
West
Po103
otv
Po100
East otv
Po100 Po101
EAST_OTVA# show mac address-table vlan 201 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC vlan 201 age - seconds since last seen,+ - primary entry using vPC Peer-Link 10.201.0.101 VLAN MAC Type age Secure NTFY Ports/SWID.SSID.LID 001b.d419.1842Address ---------+-----------------+--------+---------+------+----+-----------------O 201 001b.d419.1842 dynamic 0 F F Overlay1 * 201 001f.6c75.1d42 dynamic 0 F F Po101
Core
vlan 201 10.201.0.102 001f.6c75.1d42
97
Verification
ARP: Host at East Site Sends ARP Reply for Host at West 3. On learning new MAC, East sends ISIS update to all OTV devices Single packet on multicast control group (Multicast Transport) Or, unicast to each adjacency (Unicast Transport) 4. Only AED at remote sites program new MAC into OTV route and CAM tables
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
98
Verification
ARP: Host at East Site Sends ARP Reply for Host at West 3. On learning new MAC, East sends ISIS update to all OTV devices Single packet on multicast control group (Multicast Transport) Or, unicast to each adjacency (Unicast Transport) 4. Only AED at remote sites program new MAC into OTV route and CAM tables
West
Po103
WEST_OTVA# show otv isis database detail | i Host|Vlan|MAC Hostname : WEST_OTVA Length : 9 Vlan : 201 : Metric : 1 MAC Address : 001b.d419.1842 Hostname : EAST_OTVA Length : 9 Vlan : 201 : Metric : 1 MAC Address : 001f.6c75.1d42
otv
WEST_OTVA# show otv route vlan 201 VLAN MAC-Address Metric Uptime ---- -------------- ------ -------201 001b.d419.1842 1 00:00:16 Po100 201 001f.6c75.1d42 42 00:00:08
East
Owner Next-hop(s) otv --------- ----------site Po103 Po100 Po101 overlay EAST_OTVA
Core
vlan 201 10.201.0.101 001b.d419.1842
WEST_OTVA# show mac address-table vlan 201 VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID vlan 201 ---------+-----------------+--------+---------+------+----+-----------------10.201.0.102 * 201 001b.d419.1842 dynamic 0 F F Po103 001f.6c75.1d42 O 201 001f.6c75.1d42 dynamic 0 F F Overlay1
BRKDCT - 3103
Cisco Public
99
Verification
ARP: Host at East Site Sends ARP Reply for Host at West 5. East performs lookup in its CAM for unicast destination. Because of previous ISIS update, East finds an entry pointing out overlay toward West 6. East encapsulates ARP reply and sends via unicast to West
West
Po103
otv
Po100
East otv
Po100 Po101
Core
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
100
Verification
ARP: Host at East Site Sends ARP Reply for Host at West 7. West receives packet on Join Interface, decapsulates packet and sends out internal interface toward host 8. West updates ARP-ND cache for East Host from ARP received on Overlay
WEST_OTVA# show otv arp-nd-cache OTV ARP/ND L3->L2 Address Mapping Cache
West
Po103
otv
Po100
Overlay Interface Overlay1 VLAN MAC Address Layer-3 Address 201 001f.6c75.1d42 10.201.0.102
East
Age otv 00:00:04
Po101
Expires In 00:07:55
Core
Po100
vlan 201 10.201.0.101 001b.d419.1842
vlan 201 10.201.0.102 001f.6c75.1d42
BRKDCT - 3103
Cisco Public
102
Agenda
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
103
Troubleshooting
MTU Verify appropriate MTU via ping between OTV join interfaces packet-size in NxOS represents size of data in ICMP packet To test MTU, must account for 8 Byte ICMP header, 20 Byte IP header Example: 1. 1442 = 1414 + 20 + 8, use packet-size of 1414 2. 1450 = 1422 + 20 + 8, use packet-size of 1422 3. 1542 = 1514 + 20 + 8, use packet-size of 1514
WEST_OTVA# ! Verify transport supports MTU of 1542 WEST_OTVA# ping 172.16.1.26 packet-size 1514 df-bit PING 172.16.1.26 (172.16.1.26): 1514 data bytes 1522 bytes from 172.16.1.26: icmp_seq=0 ttl=251 time=2.333 ms
BRKDCT - 3103
Cisco Public
104
Troubleshooting
Partial Adjacency (!) Flag implies a mismatch site-id due 1. Receiving same site-id across overlay without site adjacency 2. Receiving different site-id across site adjacency
WEST_OTVA# show otv site Dual Adjacency State Description Full - Both site and overlay adjacency up Partial - Either site/overlay adjacency down Down - Both adjacencies are down (Neighbor is down/unreachable) (!) - Site-ID mismatch detected ! Some output omitted Hostname System-ID AdjacencyAdjacencyAEDState Uptime Capable -------------------------------------------------------------------------------WEST_OTVB 64a0.e741.c842 Partial (!) 00:15:16 No
BRKDCT - 3103
Cisco Public
105
Troubleshooting
Partial Adjacency Partial Adjacency implies either the site or overlay adjacency is down. Both are required to maintained a full adjacency Most common reason for down overlay adjacency is PIM misconfiguration in transport (multicast transport) or insufficient MTU Ensure 1. Matching site-id configuration at each site 2. Sufficient MTU through transport 3. IP connectivity between each edge device 4. Correct PIM configuration through core for multicast transport
BRKDCT - 3103
Cisco Public
106
Troubleshooting
ARP and CAM timer issue Asymmetrical routing with mis-match ARP timers can cause traffic to blackhole across OTV
West N7k
Po103
otv
Po100
East otv
Po100 Po101
Core
6500
Vlan 201: 10.201.0.1 Vlan 202: 10.202.0.1 6c9c.ed40.1744
Vlan 201: 10.201.0.3 Vlan 202: 10.202.0.3 0014.f179.b640 Host 2, vlan 202 10.202.0.102, GW: 10.202.0.3 001f.6c75.1d46
Host 1, vlan 201 10.201.0.101, GW: 10.201.0.1 001b.d419.1842
BRKDCT - 3103
Cisco Public
107
Troubleshooting
Since the traffic flow between Host1 and Host2 is routed traffic, OTV will only see source MAC of the gateways and destination of the Hosts
ARP 25 min CAM 30 min
DA: Host2 SA: N7k1
CAM 30 min
DA: Host2 SA: N7k1 DA: Host2 SA: N7k1 DA: Host2 SA: N7k1
ARP 4 hours
West N7k
otv
Po100
East 6500
otv
Po103
Core
Po100
Po101
DA: N7k Vlan 201: 10.201.0.1 SA: Host1 Vlan 202: 10.202.0.1
6c9c.ed40.1744
DA: Host2 Vlan 201: 10.201.0.3 SA: N7k1 Vlan 202: 10.202.0.3 0014.f179.b640
Host 1, vlan 201 10.201.0.101, GW: 10.201.0.1 001b.d419.1842
Host 2, vlan 202 10.202.0.102, GW: 10.202.0.3 001f.6c75.1d46
BRKDCT - 3103
Cisco Public
113
Troubleshooting
Since the traffic flow between Host1 and Host2 is routed traffic, OTV will only see source MAC of the gateways and destination of the Hosts
ARP 25 min CAM 30 min
DA: Host1 SA: 6500
CAM 30 min
DA: Host1 SA: 6500 DA: Host1 SA: 6500 DA: Host1 SA: 6500
ARP 4 hours
West N7k
otv
Po100
East 6500
otv
Po103
Core
Po100
Po101
DA: Host1 Vlan 201: 10.201.0.1 SA: 6500 Vlan 202: 10.202.0.1
6c9c.ed40.1744
Vlan 201: 10.201.0.3 DA: 6500 Vlan 202: 10.202.0.3 SA: Host2 0014.f179.b640 Host 2, vlan 202 10.202.0.102, GW: 10.202.0.3 001f.6c75.1d46
Host 1, vlan 201 10.201.0.101, GW: 10.201.0.1 001b.d419.1842
BRKDCT - 3103
Cisco Public
114
Troubleshooting
ARP and CAM timer issue OTV does not send unknown unicast traffic across Overlay Subsequent packets from East toward Host1 will be dropped until Host1 MAC is relearned on West
West N7k
Po103
otv
Po100
East otv
Po100 Po101
Core
6500
EAST_OTVA# show mac add vlan 201 Vlan 201: 10.201.0.1 Legend: Vlan 202: 10.202.0.1 * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC 6c9c.ed40.1744 age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID ---------+-----------------+--------+---------+------+----+-----------------Host 1, vlan 201 * 201 0014.f179.b640 dynamic 0 F F Po101 10.201.0.101, GW: 10.201.0.1 O 201 6c9c.ed40.1744 dynamic 0 F F Overlay1 001b.d419.1842 ! Host1 (001b.d419.1842) MAC has been removed
117
Troubleshooting
ARP and CAM timer issue - Solution Solution: Change 6500 ARP timer to be less than OTV CAM timer
ARP 25 min CAM 30 min CAM 30 min ARP 25 min
West N7k
Po103
otv
Po100
East otv
Po100 Po101
Core
6500
Vlan 201: 10.201.0.1 Vlan 202: 10.202.0.1 6c9c.ed40.1744
Host 1, vlan 201 10.201.0.101, GW: 10.201.0.1 001b.d419.1842
BRKDCT - 3103
Cisco Public
118
Troubleshooting
Network Load Balancer Services Some network load balancer services (NLBS) rely on flooding to reach all devices in the cluster Clusters that rely on a unicast IP to multicast MAC will be forwarded across overlay in same fashion as a broadcast packet without any additional configurations Encapsulated within the control group (multicast transport) Unicast to each OTV neighbor (unicast transport) Clusters that rely on a unicast IP to unicast MAC will be dropped
BRKDCT - 3103
Cisco Public
119
Troubleshooting
Network Load Balancer Services Single Site Static MAC Solution
EAST_OTVA# show run | i static mac address-table static 0200.0ac9.00a2 vlan 201 interface port-channel101
Another Option: Force Flooding for Virtual MAC
EAST_OTVA# show otv route vlan 201 OTV Unicast MAC Routing Table For Overlay1 VLAN MAC-Address ---- -------------201 0200.0ac9.00a2 Metric -----1 Uptime -------00:00:11 Owner --------site Next-hop(s) ----------port-channel101
West
Po103
otv
Po100
East otv
Po100 Po101
Core
WEST_OTVA# show otv route vlan 201 OTV Unicast MAC Routing Table For Overlay1 VLAN MAC-Address ---- -------------201 0200.0ac9.00a2
BRKDCT - 3103
NLB Cluser 0200.0ac9.00a2 Next-hop(s) ----------EAST_OTVA

Cisco Public 120
Metric -----42
Uptime -------00:04:34
Owner --------overlay
Targeted 6.2
Troubleshooting
Network Load Balancer Services Selective Unicast Flooding Solution
EAST_OTVA# show run | i flood otv flood mac 0200.0ac9.00a2 vlan 201 ! Same configuration on WEST_OTVA EAST_OTVA# show otv route vlan 201 | i VLAN MAC-Address Metric Uptime ---- -------------- ------ -------201 0200.0ac9.00a2 0 00:00:57 static Owner --------static
Next-hop(s) ----------239.1.1.1
West
Po103
otv
Po100
East otv
Po100 Po101
Core
Cluster can now exists at both sites
NLB Cluser 0200.0ac9.00a2
NLB Cluser 0200.0ac9.00a2
BRKDCT - 3103
Cisco Public
121
Troubleshooting
Common Misconfiguration - First Hop Redundancy Protocols (FHRP) Isolation FHRP Isolation allows for local egress routing at each site to reduce traffic sent across the overlay. I.e., active gateways with the same Virtual IP and Virtual MAC at each site.
Core
Active
Standby
Active
Standby
OTV Block FHRP Traffic
BRKDCT - 3103
Cisco Public
122
Troubleshooting
Common Misconfiguration - First Hop Redundancy Protocols (FHRP) Isolation 1. VLAN Access List (VACL) to drop Hellos
! IP ACL's to drop HSRP Hellos, ! forward other traffic ip access-list HSRP_IP 10 permit udp any 224.0.0.2/32 eq 1985 20 permit udp any 224.0.0.102/32 eq 1985 ip access-list ALL_IPs 10 permit ip any any ! MAC ACL's to drop non-IP HSRP traffic, ! forward other traffic mac access-list HSRP_VMAC 10 permit 0000.0c07.ac00 0000.0000.00ff any 20 permit 0000.0c9f.f000 0000.0000.0fff any mac access-list ALL_MACs 10 permit any any
! Create the VACL vlan access-map HSRP_Localization 10 match mac address HSRP_VMAC match ip address HSRP_IP action drop vlan access-map HSRP_Localization 20 match mac address ALL_MACs match ip address ALL_IPs action forward ! Apply the VACL to each extended vlan vlan filter HSRP_Localization vlan-list <OTV_Extended_VLANs>
BRKDCT - 3103
Cisco Public
123
Troubleshooting
Common Misconfiguration - First Hop Redundancy Protocols (FHRP) Isolation 2. ARP Inspection Filter to drop ARP sourced from the Virtual MAC (preventing duplicate IP messages between Active Devices at each site)
! Feature dhcp required for ARP inspection feature dhcp ! Create the ARP access-list to deny traffic from Virtual MAC arp access-list HSRP_VMAC_ARP 10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00 20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000 30 permit ip any mac any ! Apply ARP ACL to each extended VLAN ip arp inspection filter HSRP_VMAC_ARP vlan <OTV_Extended_VLANs>
BRKDCT - 3103
Cisco Public
124
Troubleshooting
Common Misconfiguration - First Hop Redundancy Protocols (FHRP) Isolation 3. Apply Route-Map to each Overlay to filter Virtual MAC (prevents virtual MAC from flapping between sites)
! mac-list to deny advertising virtual MAC mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000 mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000 ! create the route-map route-map OTV_HSRP_filter permit 10 match mac-list OTV_HSRP_VMAC_deny ! apply route-map to each overlay otv-isis default vpn Overlay1 redistribute filter route-map OTV_HSRP_filter
BRKDCT - 3103
Cisco Public
125
Summary
Verification
Troubleshooting
BRKDCT - 3103
Cisco Public
126
Further Reading and Resources

Recommended Sessions:
BRKDCT-2049 BRKDCT-2131 BRKDCT-3060 BRKRST-3046 Overlay Transport Virtualization Mobility and Virtualization in the Data Center with LISP and OTV Deployment challenges with Interconnecting Data Centers Advanced LISP - What's In It For Me?
OTV Technology Introduction and Deployment Considerations:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI_1.html
Configuring OTV IOS XE

http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-confg.html
Wireshark
http://www.wireshark.org/
BRKDCT - 3103
Cisco Public
127
Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Cisco Daily Challenge points for each session evaluation you complete. Complete your session evaluation online now through either the mobile app or internet kiosk stations.
Maximize your Cisco Live experience with your free Cisco Live 365 account. Download session PDFs, view sessions on-demand and participate in live activities throughout the year. Click the Enter Cisco Live 365 button in your Cisco Live portal to log in.
Final Thoughts
Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042 Come see demos of many key solutions and products in the main Cisco booth 2924 Visit www.ciscoLive365.com after the event for updated PDFs, on-demand session videos, networking, and more! Follow Cisco Live! using social media:
Facebook: https://www.facebook.com/ciscoliveus Twitter: https://twitter.com/#!/CiscoLive LinkedIn Group: http://linkd.in/CiscoLI
BRKDCT - 3103
Cisco Public
129
Appendix
ASR 1000 Support beginning in 3.5S Advance Enterprise Image or Advance IP Service (AES or AIS) to have the cli enabled Extended and site VLANs configured via EFPs and bridge-domains Multi-homing ASR and N7k OTV at same site is not supported (must be located at different sites) Support for multicast transport Support for unicast transport starting in 3.9S http://www.cisco.com/en/US/docs/iosxml/ios/wan_otv/configuration/xe-3s/wan-otvconfg.html
Core
otv
otv
Appendix
ASR 1000 Configuration Internal Interface Site-ID and Site Bridge-Domain required Bridge-Domain must be forwarding on internal interface before adjacencies will be built otv
otv site bridge-domain 210 otv site-identifier 0003.0003.0003 interface GigabitEthernet1/0/2 no ip address cdp enable service instance 201 ethernet encapsulation dot1q 201 bridge-domain 201 service instance 210 ethernet encapsulation dot1q 210 bridge-domain 210
Core
otv
Bridge-domain for an extended VLAN
Site Bridge-domain must be active on internal interface
BRKDCT - 3103
Cisco Public
132
Appendix
ASR 1000 Configuration Join Interface Join Interface must be configured with IGMPv3 for multicast transport. Multicast routing must be enabled Enable IGMP snooping querier Configure PIM Passive mode on Join Interface otv otv
Core
ip multicast-routing distributed ip igmp snooping querier version 3 ip igmp snooping querier interface GigabitEthernet1/0/1 mtu 9000 ip address 172.16.1.18 255.255.255.252 ip pim passive ip igmp version 3
Appendix
ASR 1000 Configuration Overlay Configure control and data-groups Specify join-interface Create service instance for each bridge-domain that should be extended across overlay Do not extend site bridge-domain
interface Overlay1 no ip address otv control-group 239.1.1.1 otv data-group 232.1.1.0/24 otv join-interface GigabitEthernet1/0/1 service instance 201 ethernet encapsulation dot1q 201 bridge-domain 201
Core
otv
otv
BRKDCT - 3103
Cisco Public
134
Appendix
ASR 1000 Verify Overlay is UP
Core
SOUTH_OTVA#show otv Overlay Interface Overlay1 VPN name : VPN ID : State : AED Capable : IPv4 control group : Mcast data group range(s): Join interface(s) : Join IPv4 address : Tunnel interface(s) : Encapsulation format : Site Bridge-Domain : Capability : Is Adjacency Server : Adj Server Configured : Prim/Sec Adj Svr(s) :
None 1 UP Yes 239.1.1.1 232.1.1.0/24 GigabitEthernet1/0/1 172.16.1.18 Tunnel0 GRE/IPv4 210 Multicast-reachable No No None
otv
otv
BRKDCT - 3103
Cisco Public
135
Appendix
ASR 1000 Verify Site Adjacency and AED
Core
SOUTH_OTVA#show otv site Site Adjacency Information (Site Bridge-Domain: 210) Overlay1 Site-Local Adjacencies (Count: 2) Hostname SOUTH_OTVB * SOUTH_OTVA System ID Last Change Ordinal 001D.707E.1B00 01:02:23 0 001D.707E.3A00 00:42:08 1
otv
AED Enabled Status site overlay site overlay
otv
SOUTH_OTVA#show otv vlan Key: SI - Service Instance Overlay 1 VLAN Configuration Information Inst VLAN Bridge-Domain Auth Site Interface(s) 0 201 201 yes Gi1/0/2:SI201 Total VLAN(s): 1 Total Authoritative VLAN(s): 1
BRKDCT - 3103
Cisco Public
136
Appendix
ASR 1000 Verify Overlay Adjacencies
Core
SOUTH_OTVA#show otv adjacency Overlay 1 Adjacency Database Hostname EAST_OTVB WEST_OTVB WEST_OTVA EAST_OTVA SOUTH_OTVB
otv
System-ID 64a0.e741.c841 64a0.e741.c842 6c9c.ed40.1742 6c9c.ed40.1741 001d.707e.1b00 Dest Addr 172.16.1.30 172.16.1.38 172.16.1.34 172.16.1.26 172.16.1.22 Up Time 01:06:21 01:06:21 01:06:21 01:06:21 00:29:48 State UP UP UP UP UP
otv
Peering between ASR and N7k between sites is supported.
BRKDCT - 3103
Cisco Public
137
Appendix
ASR 1000 Verify Locally and Remotely Learned Routes
Core
SOUTH_OTVA#show bridge-domain 201 mac dynamic address Port MAC Address Gi1/0/2 ServInst 201 001a.e2be.52cd SOUTH_OTVA#show otv route vlan 201 Codes: BD - Bridge-Domain, AD - Admin-Distance, SI - Service Instance, * - Backup Route OTV Unicast MAC Routing Table for Overlay1
Locally Learned MAC from Bridge-domain 201
otv
otv
Inst VLAN BD MAC Address AD Owner Next Hops(s) ---------------------------------------------------------0 201 201 001a.e2be.52cd 40 BD Eng Gi1/0/2:SI201 0 201 201 001b.d419.1842 50 ISIS WEST_OTVA 0 201 201 001f.6c75.1d42 50 ISIS EAST_OTVA
MAC learned via ISIS from OTV peer
BRKDCT - 3103
Cisco Public
138
Appendix
ASR 1000 Multicast Local Receiver
Core
SOUTH_OTVA#show otv mroute OTV Multicast Routing Table for Overlay1 Bridge-Domain = 201, s = *, g = * Outgoing interface list: Default, NoRedist Incoming interface count = 0, Outgoing interface count = 1
otv
otv
(Bridge-domain, *,G) programmed based on IGMP join from client
(Bridge-domain, S,G) created to deliver to local receiver once received from overlay
Bridge-Domain = 201, s = *, g = 224.10.10.10 Outgoing interface list: Service Instance 201, GigabitEthernet1/0/2 Incoming interface count = 0, Outgoing interface count = 1 Bridge-Domain = 201, s = 10.201.0.102, g = 224.10.10.10 Incoming interface list: Service Instance 201, Overlay1, 001f.6c75.1d42 Incoming interface count = 1, Outgoing interface count = 0
BRKDCT - 3103
Cisco Public
139
Appendix
ASR 1000 Multicast Local Receiver
Core
SOUTH_OTVA#show otv data-group Flags: D - Local active source dynamically detected S - Local active source statically configured J - Data group has been joined in the core U - Data group has not been joined in the core Remote Active Sources for Overlay1 BD Active-Source Active-Group 201 10.201.0.102 224.10.10.10
IGMPv3 join sent to core for delivery group
otv
otv
Delivery-Source 172.16.1.26
Delivery-Group 232.1.1.0
Flags J
BRKDCT - 3103
Cisco Public
140
Appendix
ASR 1000 Multicast Local Source
SOUTH_OTVA#show otv data-group No remote data-group mappings Flags: D - Local active source dynamically detected S - Local active source statically configured J - Data group has been joined in the core U - Data group has not been joined in the core Local Active Sources for Overlay1 BD Active-Source Active-Group 201 10.201.0.105 224.50.50.50
Core
Local Source Flag
otv
Delivery-Source 172.16.1.18 Delivery-Group 232.1.1.0 Flags D
otv
SOUTH_OTVA#show otv mroute ! Some output omitted Bridge-Domain = 201, s = *, g = 224.50.50.50 Join advertised from Outgoing interface list: remote site across overlay Overlay1, EAST_OTVA Incoming interface count = 0, Outgoing interface count = 1
Local source on internal Bridge-Domain = 201, s = 10.201.0.105, g = 224.50.50.50 interface Incoming interface list: Service Instance 201, GigabitEthernet1/0/2, 001a.e2be.52cd Incoming interface count = 1, Outgoing interface count = 0

2013 Usa PDF BRKDCT-3103

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

2013 Usa PDF BRKDCT-3103

Enviado por

Direitos autorais:

Formatos disponíveis

Advanced OTV Configure, Verify and Troubleshoot OTV in Your Network

Andy Gossett, Customer Support Engineer, Cisco Services agossett@cisco.com

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

OTV Hello Site-ID 1.1.1

OTV Hello Site-ID 1.1.1

2013 Cisco and/or its affiliates. All rights reserved.

OTV Hello Site-ID 1.1.1

OTV Hello Site-ID 1.1.1

2013 Cisco and/or its affiliates. All rights reserved.

Im not AED capable

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Im now AED capable

2013 Cisco and/or its affiliates. All rights reserved.

IP Length 1450B 1442B 42B

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

otv site-vlan 210 otv site-identifier 0002.0002.0002

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

Interface loopback0 ip address 1.1.1.5/32 otv ip address 1.1.1.15/32 secondary

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

interface Overlay0 otv extend-vlan 202, 303

interface Overlay0 otv

otv extend-vlan 202-203 otv vlan mapping 203 to 303

2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.

WEST_OTVA# show otv

2013 Cisco and/or its affiliates. All rights reserved.

ReTransmit n/a n/a n/a 0

2013 Cisco and/or its affiliates. All rights reserved.

Adjacency: ISIS Hello over Multicast Transport

OTV ISIS sent on multicast control-group, sourced from join interface

System ID and Site Identifier included in Hello

Adjacency: ISIS Hello over Unicast Transport