Scribd
Upload
102 views115 pages

Advance OTV Configure Verify and Troubleshoot

otv

Uploaded by

premprakash23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
102 views115 pages

Advance OTV Configure Verify and Troubleshoot

otv

Uploaded by

premprakash23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 115

Advanced OTV – Configure, Verify and

Troubleshoot OTV in Your Network


BRKDCT - 3103

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Build The Bridge

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introduction
Overlay Transport Virtualisation (OTV) in a Nutshell

 OTV is a MAC-in-IP method that extends Layer 2 connectivity across a


transport network infrastructure
 OTV supports both multicast and unicast-only transport networks
 OTV uses ISIS as the control protocol
 OTV on Nexus7000 does not encrypt encapsulated payload

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Introduction
Terminology: Edge Device

 Performs OTV functions


Edge Devices
 Support multiple OTV devices per site
 OTV requires the Transport Services otv otv
(TRS) license
 Creating non default VDC’s requires
Advanced Services license

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Introduction
Terminology: Internal Interfaces

 Regular layer 2 interfaces facing the site


 No OTV configuration required
 Currently supported only on M-series otv otv
modules
Future Support for F series modules

Internal Interfaces

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Introduction
Terminology: Join Interface
Join Interfaces
 Uplink on Edge device that joins the
Overlay
 Forwards OTV control and data traffic otv otv
 Layer 3 interface
 Currently supported only on M-series
modules

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Introduction
Terminology: Overlay Interface

 Virtual Interface where the OTV


configurations are applied
 Multi-access multicast-capable interface otv otv
 Encapsulates Layer 2 frames

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Introduction
Terminology: Authoritative Edge Device
AED for odd
 OTV supports multiple edge devices per VLANs
site
 A single OTV device is elected as AED otv otv
on a per-vlan basis
 The AED is responsible for advertising
MAC reachability and forwarding traffic
into and out of the site for its VLANs

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Introduction
Terminology: Authoritative Edge Device
AED for even
 OTV supports multiple edge devices per VLANs
site
 A single OTV device is elected as AED otv otv
on a per-vlan basis
 The AED is responsible for advertising
MAC reachability and forwarding traffic
into and out of the site for its VLANs

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Introduction
Terminology: Site VLAN

 Prior to 5.2(1) OTV used only I’m AED for I’m AED for
Even VLANs Odd VLANs
communication on the site vlan for AED
election
otv otv

OTV Hello OTV Hello

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Introduction
Terminology: Site VLAN

 Prior to 5.2(1) OTV used only I’m AED for I’m AED for
All VLANs All VLANs
communication on the site vlan for
AED election
otv otv
 Misconfiguration or connectivity issues
on the site vlan could result in
active/active AED mode

OTV Hello OTV Hello

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Introduction Core
Terminology: Site VLAN and Site Identifier

 5.2(1) added Dual Site Adjacency I’m AED for I’m AED for
Even VLANs Odd VLANs
1. Site Adjacency established across the
site vlan OTV Hello OTV Hello
otv
Site-ID 1.1.1 otv
Site-ID 1.1.1
2. Overlay Adjacency established via the
Join interface across Layer 3 network
Full
Adjacency

OTV Hello OTV Hello


Site-ID 1.1.1 Site-ID 1.1.1

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Introduction Core
Terminology: Site VLAN and Site Identifier

 If a communication problem occurs on I’m AED for I’m AED for


Even VLANs Odd VLANs
the site vlan, each OTV device can still
advertise Hello across overlay to OTV Hello OTV Hello
otv
Site-ID 1.1.1 otv
Site-ID 1.1.1
prevent an active/active scenario
Partial
Adjacency

OTV Hello OTV Hello


Site-ID 1.1.1 Site-ID 1.1.1

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Introduction Core
Terminology: Site VLAN and Site I’m not AED I’m now AED
Identifier capable ALL VLANs

I’m AED for I’m AED for


 Dual Site Adjacency also has Even VLANs Odd VLANs

mechanism for advertising AED


capabilities on local failure to improve otv otv
convergence
• Join interface down Partial
Adjacency

I’m not AED


capable

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Introduction Core
Terminology: Site VLAN and Site I’m not AED I’m now AED
Identifier capable ALL VLANs

I’m AED for I’m AED for


 Dual Site Adjacency also has Even VLANs Odd VLANs

mechanism for advertising AED


I’m not AED
capabilities on local failure to improve otv
capable otv
convergence
• Join interface down Partial
Adjacency
• Internal Vlans down

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Introduction Core
Terminology: Site VLAN and Site I’m now AED I’m now AED
Identifier EVEN VLANs ODD VLANs

I’m AED for


 Dual Site Adjacency also has Initializing
ALL VLANs

mechanism for advertising AED


I’m now AED
capabilities on local failure to improve otv
capable otv
convergence
• Join interface down Full
Adjacency
• Internal Vlans down
• AED down or initialising
I’m now AED
capable

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Introduction
Overlay Transport

 Multicast Transport vs. Unicast Transport


 MTU

Packet Type IP Length


ISIS Hello, Unicast Transport 1450B
ISIS Hello, Multicast Transport 1442B
OTV Header for User Data 42B

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Configuration
Enable OTV Feature

feature otv

West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Configuration
Site VLAN and Site Identifier

 Site VLAN needs to be configured and active even if you do not have multiple
OTV devices in the same site
site VLAN should not be extended across overlay
 Site Identifier can be any number between 0000.0000.0001 and ffff.ffff.ffff.
Value will always be displayed in MAC format
 Site Identifier must be unique for each site
 Site Identifier is required in 5.2(1) and above for overlay to come up. This
must be kept in mind when performing an ISSU from a pre-5.2(1)

Service Impacting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Configuration
Site VLAN and Site Identifier

otv site-vlan 210 otv site-vlan 210


otv site-identifier 0001.0001.0001 otv site-identifier 0002.0002.0002

West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Configuration
Join Interface

interface port-channel 100


mtu 9216
ip address 172.16.1.34/30
ip igmp version 3
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Agenda
 OTV Introduction
Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Configuration
Multicast Transport: Overlay
interface Overlay1
otv join-interface port-channel100
otv control-group 239.1.1.1
otv data-group 232.1.1.0/24
otv extend-vlan 200-209
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Configuration
Multicast Transport: Full Picture
WEST_OTVA EAST_OTVA
feature otv feature otv
otv site-vlan 210 otv site-vlan 210
otv site-identifier 0001.0001.0001 otv site-identifier 0002.0002.0002

interface Overlay1 interface Overlay1


otv join-interface port-channel100 otv join-interface port-channel100
otv control-group 239.1.1.1 otv control-group 239.1.1.1
otv data-group 232.1.1.0/24 otv data-group 232.1.1.0/24
West
otv extend-vlan 200-209 otv extend-vlan 200-209 East
otv no shutdown otv
no shutdown

interface port-channel100 interface port-channel100


mtu 9216 mtu 9216
ip address 172.16.1.34/30 ip address 172.16.1.26/30
ip igmp version 3 Core ip igmp version 3
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Agenda
 OTV Introduction
Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Configuration
Unicast Transport: Overlay

 OTV can run across a unicast only transport


 Unicast Transport requires the configuration of one or more adjacency
servers. OTV devices register with the adjacency server which in turn
provides each with an OTV Neighbour List (oNL).
 Think of the adjacency server as a special process running on a generic
OTV edge device
 A primary and secondary adjacency server can be configured for
redundancy

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Configuration
Unicast Transport: Primary Adjacency Server Overlay

interface Overlay1
otv join-interface port-channel100
otv extend-vlan 200-209
otv adjacency-server unicast-only
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Configuration
Unicast Transport: Secondary Adjacency Server Overlay
interface Overlay1 Primary Server
otv join-interface port-channel100
otv extend-vlan 200-209
otv use-adjacency-server 172.16.1.34 unicast-only
otv adjacency-server unicast-only
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Configuration
Unicast Transport: Client Overlay Primary Server

interface Overlay1
Secondary Server
otv join-interface port-channel100
otv extend-vlan 200-209
otv use-adjacency-server 172.16.1.34 172.16.1.26 unicast-only
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
EAST_OTVA

Configuration feature otv


otv site-vlan 210
otv site-identifier 0002.0002.0002
Unicast Transport: Full Picture
interface Overlay1
WEST_OTVA
otv join-interface port-channel100
feature otv
otv extend-vlan 200-209
otv site-vlan 210
otv use-adjacency-server 172.16.1.34 unicast-only
otv site-identifier 0001.0001.0001
otv adjacency-server unicast-only
no shutdown
interface Overlay1
otv join-interface port-channel100
interface port-channel100
otv extend-vlan 200-209
mtu 9216
otv adjacency-server unicast-only
ip address 172.16.1.26/30
West no shutdown East
otv otv
interface port-channel100
mtu 9216
ip address 172.16.1.34/30

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Configuration
Unicast Transport: Full Picture
WEST_OTVB EAST_OTVB
feature otv feature otv
otv site-vlan 210 otv site-vlan 210
otv site-identifier 0001.0001.0001 otv site-identifier 0002.0002.0002

interface Overlay1 interface Overlay1


otv join-interface port-channel100 otv join-interface port-channel100
otv extend-vlan 200-209 otv extend-vlan 200-209
otv use-adjacency-server 172.16.1.34 172.16.1.26 unicast-only otv use-adjacency-server 172.16.1.34 172.16.1.26 unicast-only
West
no shutdown no shutdown East
otv otv
interface port-channel100 interface port-channel100
mtu 9216 mtu 9216
ip address 172.16.1.38/30 ip address 172.16.1.30/30

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Configuration
Authentication

 OTV supports authentication of Hello messages along with authentication of


PDU’s

! Configure OTV key chain


key chain OTVKeys
! Apply md5 authentication to OTV PDUs
key 1
otv-isis default
key-string 0 cisco
vpn Overlay1
authentication-check
! Apply md5 authentication to OTV Hellos
authentication-type md5
interface Overlay1
authentication key-chain OTVKeys
otv isis authentication-type md5
otv isis authentication key-chain OTVKeys

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Verification
Adjacency: IP Connectivity

 For both multicast and unicast transports, adjacencies cannot be formed


without IP connectivity between the join interfaces of each OTV edge
device
WEST_OTVA# ! Ping EAST_OTVA join interface
WEST_OTVA# ping 172.16.1.26 count 1
PING 172.16.1.26 (172.16.1.26): 56 data bytes
64 bytes from 172.16.1.26: icmp_seq=0 ttl=251 time=1.287 ms
--- 172.16.1.26 ping statistics ---
1 packets transmitted, 1 packets received, 0.00% packet loss

WEST_OTVA# ! Ping EAST_OTVB join interface


WEST_OTVA# ! Ping WEST_OTVB join interface

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Verification
Adjacency: Overlay

 Verify overlay and site-vlan are up

WEST_OTVA# show otv Multicast Transport WEST_OTVA# show otv Unicast Transport

OTV Overlay Information OTV Overlay Information


Site Identifier 0001.0001.0001 Site Identifier 0001.0001.0001

Overlay interface Overlay1 Overlay interface Overlay1

VPN name : Overlay1 VPN name : Overlay1


VPN state : UP VPN state : UP
Extended vlans : 200-209 (Total:10) Extended vlans : 200-209 (Total:10)
Control group : 239.1.1.1 Join interface(s) : Po100 (172.16.1.34)
Data group range(s) : 232.1.1.0/24 Site vlan : 210 (up)
Join interface(s) : Po100 (172.16.1.34) AED-Capable : Yes
Site vlan : 210 (up) Capability : Unicast-Only
AED-Capable : Yes Is Adjacency Server : Yes
Capability : Multicast-Reachable Adjacency Server(s) : [None] / [None]

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Verification
Adjacency: ISIS Hello (IIH) statistics

WEST_OTVA# show otv isis site statistics | begin PDU


OTV-IS-IS PDU statistics for site-vlan:

PDU Received Sent RcvAuthErr OtherRcvErr ReTransmit


LAN-IIH 91697 91700 0 0 n/a
CSNP 0 8013 0 0 n/a
PSNP 1 0 0 0 n/a
LSP 155 312 0 0 0

WEST_OTVA# show otv isis traffic


OTV-IS-IS process: default
VPN: Overlay1
OTV-IS-IS Traffic:
PDU Received Sent RcvAuthErr OtherRcvErr ReTransmit
LAN-IIH 85530 23298 0 0 n/a
CSNP 3 8015 0 0 n/a
PSNP 17 2 0 0 n/a
LSP 896 393 0 0 0

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Verification
Adjacency: ISIS Hello over Multicast Transport

ISIS Hellos have packet


size of 1442 Bytes through
multicast transport
1400B ISIS + 42B OTV header

OTV ISIS sent on multicast


control-group, sourced from
join interface

System ID and Site


Identifier included in Hello

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Verification
Adjacency: ISIS Hello over Unicast Transport

ISIS Hellos have packet size of 1450


Bytes through unicast transport
1400B ISIS + 42B OTV header + 8B UDP

OTV ISIS via unicast, sourced and


destined between join interfaces

OTV ISIS Hello sent encapsulated in


UDP unicast on port 8472

System ID and Site


Identifier included in Hello

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Verification
Adjacency: ISIS Overlay Adjacencies

WEST_OTVA# show otv isis adjacency


OTV-IS-IS process: default VPN: Overlay1
OTV-IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface Site-ID
EAST_OTVB 64a0.e741.c841 1 UP 00:00:11 Overlay1 0002.0002.0002
WEST_OTVB 64a0.e741.c842 1 UP 00:00:09 Overlay1 0001.0001.0001
EAST_OTVA 6c9c.ed40.1741 1 UP 00:00:13 Overlay1 0002.0002.0002

West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Verification
Adjacency: OTV Overlay Adjacencies
WEST_OTVA# show otv adjacency
Overlay Adjacency database

Overlay-Interface Overlay1 :
Hostname System-ID Dest Addr Up Time State
EAST_OTVA 6c9c.ed40.1741 172.16.1.26 19:34:34 UP
EAST_OTVB 64a0.e741.c841 172.16.1.30 19:34:30 UP
WEST_OTVB 64a0.e741.c842 172.16.1.38 19:34:30 UP
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Verification
Adjacency: ISIS Site Adjacencies
WEST_OTVA# show otv isis site

OTV-ISIS site-information for: default

Level Metric CSNP Next CSNP Hello Multi Next IIH


1 16777214 10 00:00:07 1 10 0.204018

Level Adjs AdjsUp Pri Circuit ID Since


West 1 1 1 64 WEST_OTVA.01 * 23:57:51 East
otv otv
[output omitted]
Neighbor SystemID: 64a0.e741.c842 [WEST_OTVB]
IPv4 site groups:
239.1.1.1

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Verification
Adjacency: OTV Site Adjacencies

WEST_OTVA# show otv site

Dual Adjacency State Description


Full - Both site and overlay adjacency up
Partial - Either site/overlay adjacency down
Down - Both adjacencies are down (Neighbor is down/unreachable)
(!) - Site-ID mismatch detected

West Local Edge Device Information: East


otv
Hostname WEST_OTVA otv
System-ID 6c9c.ed40.1742
Site-Identifier 0001.0001.0001
Site-VLAN 210 State is Up

Site Information for Overlay1:


Core
otv otv
Local device is AED-Capable
Neighbor Edge Devices in Site: 1

Hostname System-ID Adjacency- Adjacency- AED-


State Uptime Capable
--------------------------------------------------------------------------------
WEST_OTVB 64a0.e741.c842 Full 23:57:51 Yes

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Verification
Authoritative Edge Device (AED)
WEST_OTVA# show otv vlan 200-201

OTV Extended VLANs and Edge Device State Information (* - AED)

VLAN Auth. Edge Device Vlan State Overlay


---- ----------------------------------- ---------- -------
200 WEST_OTVB inactive(Non AED)Overlay1
201* WEST_OTVA active Overlay1
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Verification
Authoritative Edge Device (AED)
WEST_OTVB# show otv vlan 200-201

OTV Extended VLANs and Edge Device State Information (* - AED)

VLAN Auth. Edge Device Vlan State Overlay


---- ----------------------------------- ---------- -------
200* WEST_OTVB active Overlay1
201 WEST_OTVA inactive(Non AED)Overlay1
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Verification
Adjacency: OTV Overlay Adjacencies for Multicast Transport

 For multicast transport, OTV join interfaces are configured with IGMPv3.
Therefore, from the transport's perspective, the OTV edge devices appear as
host sending and requesting traffic from the control-group

West East
otv otv

CORE#show ip mroute 239.1.1.1 summary


[output omitted]
Core
otv otv
(*, 239.1.1.1), 01:15:56/00:03:06, RP 1.1.1.1, OIF count: 4, flags: S
(172.16.1.26, 239.1.1.1), 00:47:13/00:03:25, OIF count: 3, flags: T
(172.16.1.30, 239.1.1.1), 00:47:06/00:03:15, OIF count: 3, flags: T
(172.16.1.34, 239.1.1.1), 00:56:40/00:03:25, OIF count: 3, flags: T
(172.16.1.38, 239.1.1.1), 00:57:17/00:03:25, OIF count: 3, flags: T

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Verification
Address Resolution Protocol (ARP)

Host on vlan 201 AED vlan 201 AED vlan 201 Host on vlan 201
IP 10.201.0.101 IP 10.201.0.102
MAC 001b.d419.1842 MAC 001f.6c75.1d42
West East
otv otv

Core
otv otv

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Verification
Address Resolution Protocol (ARP)

 Simplified topology based on AED for vlan 201


 We will assume that none of the devices in the topology have ARP or CAM
entries for the hosts in vlan 201

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Verification
ARP: Host at West Site Sends ARP Request for Host at East

1. Since it’s a broadcast packet, it is forwarded to both the OTV devices at


West site
2. Non AED at West site drops the broadcast packet (loop prevention)
3. AED learns the MAC address on its internal interface

West East
otv
WEST_OTVA# show mac address-table vlan 201
otv
Po103 Po100 Legend: Po100 Po101
Core
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
vlan 201 vlan 201
---------+-----------------+--------+---------+------+----+------------------
10.201.0.101 * 201 001b.d419.1842 dynamic 0 F F Po103 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Verification
ARP: Host at West Site Sends ARP Request for Host at East

4. On learning new MAC, West AED sends ISIS update to all OTV devices
• Single packet on multicast control group (Multicast Transport)
• Or, unicast to each adjacency (Unicast Transport)
5. Only AED at remote sites program new MAC into OTV route and CAM tables

West East
otv otv
Po103 Po100 Po100 Po101

EAST_OTVA# show mac address-table vlan 201


Core
Legend:
vlan 201
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC vlan 201
10.201.0.101
age - seconds since last seen,+ - primary entry using vPC Peer-Link 10.201.0.102
001b.d419.1842
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID 001f.6c75.1d42
---------+-----------------+--------+---------+------+----+------------------
O 201 001b.d419.1842 dynamic 0 F F Overlay1
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Verification
ARP: Host at West Site Sends ARP Request for Host at East

6. West AED performs lookup in ARP-ND cache for East Host IP


 If an entry were present, West could send ARP reply (proxy) to local host
without forwarding packet across overlay

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Verification
ARP: Host at West Site Sends ARP Request for Host at East

7. Since there is no entry present in cache, West encapsulates ARP broadcast


and sends to all OTV devices
• Single packet on multicast control group (Multicast Transport)
• Or, unicast to each adjacency (Unicast Transport)

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Verification
ARP: Host at West Site Sends ARP Request for Host at East

8. AED at East site receives packet on Join interface, decapsulates and sends
it on internal interface toward host
 Non AED at East will also receive packet but will not forward

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Verification
ARP: Host at East Site Sends ARP Reply for Host at West

1. AED at East receives unicast Reply on its internal interface


2. East updates its CAM table with the MAC address pointing out its internal
interface

West East
otv otv
Po103 Po100 Po100 Po101
EAST_OTVA# show mac address-table vlan 201 Core
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
vlan 201 vlan 201
age - seconds since last seen,+ - primary entry using vPC Peer-Link
10.201.0.101 10.201.0.102
VLAN MAC Address
001b.d419.1842 Type age Secure NTFY Ports/SWID.SSID.LID 001f.6c75.1d42
---------+-----------------+--------+---------+------+----+------------------
O 201 001b.d419.1842 dynamic 0 F F Overlay1
* 201 001f.6c75.1d42 dynamic 0 F F Po101
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Verification
ARP: Host at East Site Sends ARP Reply for Host at West

3. On learning new MAC, East sends ISIS update to all OTV devices
• Single packet on multicast control group (Multicast Transport)
• Or, unicast to each adjacency (Unicast Transport)
4. Only AED at remote sites program new MAC into OTV route and CAM tables

West East
otv WEST_OTVA# show mac address-table vlan 201 otv
Legend:
Po103 Po100 Po100
* - primary entry, G - Gateway MAC, (R) - Routed Po101
MAC, O - Overlay MAC
Core
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
vlan 201 ---------+-----------------+--------+---------+------+----+------------------
vlan 201
10.201.0.101 * 201 001b.d419.1842 dynamic 0 F F Po103 10.201.0.102
001b.d419.1842 O 201 001f.6c75.1d42 dynamic 0 F F Overlay1001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Verification
ARP: Host at East Site Sends ARP Reply for Host at West

5. East performs lookup in its CAM for unicast destination. Because of


previous ISIS update, East finds an entry pointing out overlay toward West
6. East encapsulates ARP reply and sends via unicast to West

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Reference Slide

Verification
ARP: Encapsulated ARP Reply

Sourced from IP of Join Interface at


East destined to Join interface at West

Unicast ARP Reply

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Verification
ARP: Host at East Site Sends ARP Reply for Host at West

7. West receives packet on Join Interface, decapsulates packet and sends out
internal interface toward host
8. West updates ARP-ND cache for East Host from ARP reply

WEST_OTVA# show otv arp-nd-cache


OTV ARP/ND L3->L2 Address Mapping Cache

West Overlay Interface Overlay1 East


otv VLAN MAC Address Layer-3 Address Age Expires In
201 001f.6c75.1d42 10.201.0.102 otv
00:00:04 00:07:55
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Verification
Unicast Forwarding

 Simplified topology based on AED for vlan 201


 Let’s assume that ARP and CAM has already resolved between hosts

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East

 Packet is received on internal interface on OTV AED


 Verify CAM entry and OTV route
WEST_OTVA# show mac address-table address 001f.6c75.1d42 vlan 201
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
West O 201 001f.6c75.1d42 dynamic 0 F F Overlay1 East
otv
WEST_OTVA# show otv route 001f.6c75.1d42 otv
Po103 Po100 Po100 Po101
Core
OTV Unicast MAC Routing Table For Overlay1

VLAN MAC-Address Metric Uptime Owner Next-hop(s)


vlan 201 ---- -------------- ------ -------- --------- ----------- vlan 201
10.201.0.101 201 001f.6c75.1d42 42 00:02:25 overlay EAST_OTVA 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East

 Verify next hop IP address for MAC

WEST_OTVA# show otv adjacency


Overlay Adjacency database

Overlay-Interface Overlay1 :
Hostname System-ID Dest Addr Up Time State
EAST_OTVA 6c9c.ed40.1741 172.16.1.26 19:34:34
East UP
West EAST_OTVB 64a0.e741.c841 172.16.1.30 19:34:30 UP
otv
WEST_OTVB 64a0.e741.c842 otv
172.16.1.38 19:34:30 UP
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East

 Verify incrementing counters on tunnel interface

WEST_OTVA# show tunnel internal implicit otv detail


Tunnel16397 is up
MTU 9178 bytes, BW 9 Kbit
Transport protocol is in VRF "default"
Tunnel protocol/transport GRE/IP
Tunnel source 172.16.1.34, destination 172.16.1.26
Last clearing of "show interface" counters never
West Tx East
otv 3004421 packets output, 1 minute output rate 171 packets/sec
Rx otv
2993448 packets input, 1 minute input rate 171 packets/sec
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Verification
Unicast Forwarding: User on Site West Sends Unicast Packet to Site East

 Verify hardware adjacency and label


OTV shim includes an MPLS
label to identify the WEST_OTVA# show system internal forwarding otv overlay 1 vlan 201 detail
encapsulated VLAN. Dev No: 1 MPLS Label: 0xe9 VPN id: 10
TCAM Idx: 0x1ffa9 Adj Idx: 0x4302a Type: EoMPLS
MPLS Label = 32 + vlan
rc: 1 ccc: 6 pv: 0 l2_fwd: 1
Packets: 0 Bytes: 0
32 + 201 = 233 = 0xe9
(BD: 21, Vlan Id: 201, Peer Id: 1)
DevNo: 1 TCAM Idx: 0x1ff03
West Adj Idx: 0x4303d Egress Lif: 0x8004 RDT: 1 Egress Lif East Base: 5
otv ccc: 0 pv: 1 l2_fwd: 1 rc: 1
label hi: 0x0 label low: 0xe90
otv
Packets: 0 Bytes: 0
Po103 Po100 Tunnel adj index: 0x43037 GRE: YES
Po100 Po101

DI: 0x421
Core
DIP: 172.16.1.26 SIP: 172.16.1.34
LIF: 0x4074 ccc: 6 L2_FWD: NO RDT: YES
Packets: 0 Bytes: 0 zone enforce: 0
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Verification
Unicast Forwarding: Encapsulated Packet

42 Byte OTV header overhead


Increases packet size to 142 Bytes

Packet sent unicast through


transport with endpoint IP’s of
AED Join interface
Label to identify vlan
32+201 = 233

Original IP header maintained

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Verification
Unicast Forwarding: User on site West sends unicast packet to site East

 Encapsulated packet is received on Join interface of East AED


 For Decapsulation, verify hits against internal ACL

EAST_OTVA# show system internal access-list output statistics | begin Tcam


Tcam 0 resource usage:
----------------------
Label_a = 0x802
Bank 0
------
WestClass
IPv4
East
otv
Policies: Tunnel Decap(Tunnel Decap on VRF default) otv
Entries:
Po103 [Stats]Po100
[Index] Entry Po100 Po101
--------------------- Core
[0006] redirect(0x4307d) 47 172.16.1.30/32 172.16.1.26/32 [0]
[0007]
vlan 201redirect(0x4307b) 47 172.16.1.38/32 172.16.1.26/32 [0] vlan 201
[0009] redirect(0x43079) 47 172.16.1.34/32 172.16.1.26/32 [18505]
10.201.0.101 10.201.0.102
[0010] permit ip 0.0.0.0/0 0.0.0.0/0 [1444]
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Verification
Unicast Forwarding: User on site West sends unicast packet to site East

 Verify OTV route for entry points to local site


 Verify CAM entry for destination MAC points out internal interface

EAST_OTVA# show otv route 001f.6c75.1d42 vlan 201

OTV Unicast MAC Routing Table For Overlay1

VLAN MAC-Address Metric Uptime Owner Next-hop(s)


---- West
-------------- ------ -------- --------- ----------- East
201 001f.6c75.1d42 1 otv 00:01:50 site port-channel101
otv
EAST_OTVA# show mac address-table
Po103 Po100 address 001f.6c75.1d42 vlan 201 Po100 Po101
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
Core
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN
vlan 201 MAC Address Type age Secure NTFY Ports/SWID.SSID.LID vlan 201
---------+-----------------+--------+---------+------+----+------------------
10.201.0.101 10.201.0.102
* 201 001f.6c75.1d42
001b.d419.1842 dynamic 0 F F Po101 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Verification
Unicast Forwarding: User on site West sends unicast packet to site East

 Packet will be sent out internal interface at site East and L2 switched to the
host
 Return path from East to West will be the same

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
10.201.0.101 10.201.0.102
001b.d419.1842 001f.6c75.1d42

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Verification
Multicast Forwarding: IGMP Join from Client

 Client at West site requests traffic for multicast group 224.10.10.10


 There is no server sending traffic for this group

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Verification
Multicast Forwarding: IGMP Join from Client

 Multicast Transport
WEST_OTVA# show ip igmp snooping groups vlan 201
Type: S - Static, D - Dynamic, R - Router port, F - Fabricpath core port

Vlan Group Address Ver Type Port list


201 224.10.10.10 v2 D Po103

WEST_OTVA# show otv mroute vlan 201 detail

West OTV Multicast Routing Table For Overlay1 East


otv
(201, *, 224.10.10.10), metric: 0, uptime: 00:00:21, otv
igmp
Outgoing interface list: (count: 1)
Po103 Po100 Po100 Po101
Po103, uptime: 00:00:21, igmp
Core
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Verification
Multicast Forwarding: IGMP Join from Client
(r) means there is a receiver that exists
 Multicast Transport across the overlay

EAST_OTVA# show otv mroute vlan 201

OTV Multicast Routing Table For Overlay1

(201, *, 224.10.10.10), metric: 0, uptime: 00:00:01, overlay(r)


Outgoing interface list: (count: 1)
Overlay1, uptime: 00:00:01, isis_otv-default East
West
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Verification
Multicast Forwarding: IGMP Join from Client

 Unicast Transport

EAST_OTVA# show otv mroute vlan 201 detail

OTV Multicast Routing Table For Overlay1

(201, *, 224.10.10.10), metric: 0, uptime: 00:00:46, overlay(r)


Outgoing interface list: (count: 1)
Overlay1, WEST_OTVA, uptime: 00:00:46, isis_otv-default East
West
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 OIL contains Overlay and OTV vlan 201
Multicast Client neighbour in unicast mode as edge Multicast Server
10.201.0.101 device is responsible for replications 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Verification
Multicast Forwarding: Multicast Server Discovery

 Server at East site starts sending traffic to group 224.10.10.10


 There are no clients requesting the stream

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Verification
Multicast Forwarding: Multicast Server Discovery

 Multicast Transport
EAST_OTVA# show otv mroute vlan 201 detail

OTV Multicast Routing Table For Overlay1

(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:00:30, site


Outgoing interface list: (count: 0)
Local Delivery: s = 172.16.1.26, g = 232.1.1.0

EAST_OTVA# show otv data-group vlan 201 East


West
otv
Local Active Sources for Overlay1 otv
Po103
VLAN Active-Source Po100 Delivery-Source Delivery-Group Join-IF State Po100
Active-Group Po101
Core
---- ------------- ------------ --------------- --------------- ------- ------
201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 Po100 Local
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Verification
Multicast Forwarding: Multicast Server Discovery
(s) means there is a source that exists
 Multicast Transport across the overlay

WEST_OTVA# show otv mroute vlan 201 detail

OTV Multicast Routing Table For Overlay1

(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:00:53, overlay(s)


Outgoing interface list: (count: 0)
Remote Delivery: s = 172.16.1.26, g = 232.1.1.0

West WEST_OTVA# show otv data-group vlan 201 East


otv
Remote Active Sources for Overlay1
otv
Po103 Po100 Po100 Po101
VLAN Active-Source Active-Group Core
Delivery-Source Delivery-Group Joined-I/F
---- --------------- --------------- --------------- --------------- ----------
201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 -
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Verification
Multicast Forwarding: Multicast Server Discovery

 Unicast Transport

EAST_OTVA# show otv mroute vlan 201 detail

OTV Multicast Routing Table For Overlay1

(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:00:11, site


Outgoing interface list: (count: 0)
Local Delivery: s = 0.0.0.0, g = 0.0.0.0
West No delivery group in unicast mode
East
EAST_OTVA# show otv data-group
otv vlan 201
otv
Local Active Sources for Overlay1
Po103 Po100 Po100 Po101
Core
VLAN Active-Source Active-Group Delivery-Source Delivery-Group Join-IF State
---- ------------- ------------ --------------- --------------- ------- ------
201 10.201.0.102 224.10.10.10 0.0.0.0
vlan 201 0.0.0.0 Local vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Verification
Multicast Forwarding: Multicast Server Discovery

 Unicast Transport
No state created on West site

WEST_OTVA# show otv mroute vlan 201

WEST_OTVA# show otv data-group vlan 201

West East
otv otv
Po103 Po100 Po100 Po101
Core
vlan 201 vlan 201
Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Verification
Multicast Forwarding: Source and Client Present

 Multicast Transport
West Edge Device sends an IGMPv3
SSM join for the Delivery Source and
the Delivery Group on its Join interface
WEST_OTVA# show otv mroute vlan 201 detail
OTV Multicast Routing Table For Overlay1

(201, *, 224.10.10.10), metric: 0, uptime: 00:01:50, igmp


Outgoing interface list: (count: 1)
Po103, uptime: 00:01:50, igmp

West East
(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:04:47, overlay(s)
otv Outgoing interface list: (count: 0)
Remote Delivery: s = 172.16.1.26, g = 232.1.1.0
otv
Po103 Po100 Po100 Po101
WEST_OTVA# show otv data-group
Remote Active Sources for Overlay1
Core
vlan 201 VLAN Active-Source Active-Group Delivery-Source Delivery-GroupvlanJoined-I/F
201
Multicast Client Multicast
---- --------------- --------------- --------------- --------------- Server
----------
10.201.0.101 201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 10.201.0.102
Po100

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Verification
Multicast Forwarding: Source and Client Present

 Multicast Transport

EAST_OTVA# show otv mroute vlan 201 detail


OTV Multicast Routing Table For Overlay1

(201, *, 224.10.10.10), metric: 0, uptime: 00:01:42, overlay(r)


Outgoing interface list: (count: 1)
Overlay1, uptime: 00:01:42, isis_otv-default

(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:04:42, site


West interface list: (count: 1)
Outgoing
East
otv
Overlay1, uptime: 00:01:42, otv otv
Local Delivery: s = 172.16.1.26, g = 232.1.1.0
Po103 Po100 Po100 Po101
EAST_OTVA# show otv data-group Core
Local Active Sources for Overlay1
vlan 201 vlan 201
VLAN Active-Source Active-Group Delivery-Source Delivery-Group Join-IF State
Multicast Client Multicast Server
---- ------------- ------------ --------------- --------------- ------- ------
10.201.0.101 10.201.0.102
201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 Po100 Local

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Verification
Multicast Forwarding: Encapsulated Packet, Multicast Transport

Sourced from Join interface,


and destined to first address in
data-group

Label to identify vlan


32+201 = 233

Original IP header maintained

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Verification
Multicast Forwarding: Source and Client Present
Since core does not support multicast, West site
cannot send SSM join for group. Instead, West
 Unicast Transport needs only to communicate to East that it has a
receiver and it will receive the group via unicast.

Only the *,G is created in unicast mode on client site.

WEST_OTVA# show otv mroute detail


West East
otv OTV Multicast Routing Table For Overlay1
otv
Po103 Po100 (201, *, 224.10.10.10), metric: 0, uptime:Po100
00:00:17, Po101
igmp
Core
Outgoing interface list: (count: 1)
Po103, uptime: 00:00:17, igmp

vlan 201 vlan 201


Multicast Client Multicast Server
10.201.0.101 10.201.0.102

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Verification
Multicast Forwarding: Source and Client Present

 Unicast Transport
Each multicast group is sent via
EAST_OTVA# show otv mroute vlan 201 unicast to each site with receivers
OTV Multicast Routing Table For Overlay1 present

(201, *, 224.10.10.10), metric: 0, uptime: 00:00:46, overlay(r)


Outgoing interface list: (count: 1)
Overlay1, WEST_OTVA, uptime: 00:00:46, isis_otv-default

(201, 10.201.0.102, 224.10.10.10), metric: 0, uptime: 00:01:54, site


Outgoing interface list: (count: 1) East
West
Overlay1, WEST_OTVA, uptime: 00:00:46, otv
otv otv
EAST_OTVA# show forwarding otv multicast route vlan 201
Po103
! Some output omitted Po100 Po100 Po101
(10.201.0.102/32, 224.10.10.10/32), RPF Interface: NULL, flags: Core
Received Packets: 59188 Bytes: 3788032
Number of Outgoing Interfaces: 1
vlan 201 vlan 201
Outgoing
Multicast Client Interface List Index: 25 Multicast Server
Tunnel16407 Outgoing Packets:41096 Bytes:3369872
10.201.0.101 10.201.0.102
OTV unicast tunnel end-points: (172.16.1.26, 172.16.1.34)
vlan: 201

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Verification
Multicast Forwarding: Encapsulated Packet, Unicast Transport

Source and Destination IP


between Join Interfaces

Label to identify vlan


32+201 = 233

Original IP header maintained

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Agenda
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Troubleshooting
MTU

 Verify appropriate MTU via ping between OTV join interfaces


 ‘packet-size’ in NxOS represents size of data in ICMP packet
 To test MTU, must account for 8 Byte ICMP header, 20 Byte IP header
 Example:
1. 1442 = 1414 + 20 + 8, use packet-size of 1414
2. 1450 = 1422 + 20 + 8, use packet-size of 1422
3. 1542 = 1514 + 20 + 8, use packet-size of 1514

WEST_OTVA# ! Verify transport supports MTU of 1542


WEST_OTVA# ping 172.16.1.26 packet-size 1514 df-bit
PING 172.16.1.26 (172.16.1.26): 1514 data bytes
1522 bytes from 172.16.1.26: icmp_seq=0 ttl=251 time=2.333 ms

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Troubleshooting
Partial Adjacency

 (!) Flag implies a mismatch site-id due


1. Receiving same site-id across overlay without site adjacency
2. Receiving different site-id across site adjacency

WEST_OTVA# show otv site

Dual Adjacency State Description


Full - Both site and overlay adjacency up
Partial - Either site/overlay adjacency down
Down - Both adjacencies are down (Neighbor is down/unreachable)
(!) - Site-ID mismatch detected
! Some output omitted
Hostname System-ID Adjacency- Adjacency- AED-
State Uptime Capable
--------------------------------------------------------------------------------
WEST_OTVB 64a0.e741.c842 Partial (!) 00:15:16 No

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Troubleshooting
Partial Adjacency

 Partial Adjacency implies either the site or overlay adjacency is down.


 Both are required to maintained a full adjacency
 Most common reason for ‘down’ overlay adjacency is PIM
misconfiguration in transport (multicast transport) or insufficient MTU
 Ensure
1. Matching site-id configuration at each site
2. Sufficient MTU through transport
3. IP connectivity between each edge device
4. Correct PIM configuration through core for multicast transport

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Troubleshooting
ARP and CAM timer issue
 Asymmetrical routing with mis-match ARP timers can cause traffic to black-
hole across OTV

West East
otv otv
N7k Po103 Po100 Po100 Po101 6500
Core
Vlan 201: 10.201.0.1 Vlan 201: 10.201.0.3
Vlan 202: 10.202.0.1 Vlan 202: 10.202.0.3
6c9c.ed40.1744 0014.f179.b640

Host 2, vlan 202


Host 1, vlan 201
10.202.0.102, GW: 10.202.0.3
10.201.0.101, GW: 10.201.0.1
001f.6c75.1d46
001b.d419.1842

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Troubleshooting
ARP and CAM timer issue
 Since the traffic flow between Host1 and Host2 is routed traffic, OTV will only
see source MAC of the gateways and destination of the Hosts

CAM ARP
ARP CAM
30 min 4 hours
25 min 30 min
DA: Host2 DA: Host2 DA: Host2 DA: Host2
West SA: N7k1 SA: N7k1 SA: N7k1 SA: N7k1 East
otv otv
N7k Po103 Po100 Po100 Po101 6500
Core
Vlan 201: 10.201.0.1 DA: Host2
Vlan 201: 10.201.0.3
DA: N7k
SA: Host1Vlan 202: 10.202.0.1 SA: N7k1
Vlan 202: 10.202.0.3
6c9c.ed40.1744 0014.f179.b640

Host 2, vlan 202


Host 1, vlan 201
10.202.0.102, GW: 10.202.0.3
10.201.0.101, GW: 10.201.0.1
001f.6c75.1d46
001b.d419.1842

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Troubleshooting
ARP and CAM timer issue
 Since the traffic flow between Host1 and Host2 is routed traffic, OTV will only
see source MAC of the gateways and destination of the Hosts

CAM ARP
ARP CAM
30 min 4 hours
25 min 30 min DA: Host1
DA: Host1 DA: Host1 DA: Host1
SA: 6500 SA: 6500 SA: 6500 East
West SA: 6500
otv otv
N7k Po103 Po100 Po100 Po101 6500
Core
Vlan 201: 10.201.0.1 Vlan 201: 10.201.0.3
DA: Host1 DA: 6500
SA: 6500 Vlan 202: 10.202.0.1 Vlan 202: 10.202.0.3
SA: Host2
6c9c.ed40.1744 0014.f179.b640

Host 2, vlan 202


Host 1, vlan 201
10.202.0.102, GW: 10.202.0.3
10.201.0.101, GW: 10.201.0.1
001f.6c75.1d46
001b.d419.1842

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Troubleshooting
ARP and CAM timer issue
 OTV does not send unknown unicast traffic across Overlay
 Subsequent packets from East toward Host1 will be dropped until Host1
MAC is relearned on West

West East
otv otv
N7k Po103 Po100 Po100 Po101 6500
Core
EAST_OTVA# show mac add vlan 201
Vlan 201: 10.201.0.1 Vlan 201: 10.201.0.3
Legend:
Vlan 202: 10.202.0.1 Vlan 202: 10.202.0.3
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
6c9c.ed40.1744 0014.f179.b640
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------ Host 2, vlan 202
Host 1, vlan 201
* 201 0014.f179.b640 dynamic 0 F F Po101 10.202.0.102, GW: 10.202.0.3
10.201.0.101, GW: 10.201.0.1
O 201 6c9c.ed40.1744 dynamic 0 F F Overlay1 001f.6c75.1d46
001b.d419.1842
! Host1 (001b.d419.1842) MAC has been removed
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Troubleshooting
ARP and CAM timer issue - Solution
 Solution: Change 6500 ARP timer to be less than OTV CAM timer

CAM ARP
ARP CAM
30 min 25 min
25 min 30 min

West East
otv otv
N7k Po103 Po100 Po100 Po101 6500
Core
Vlan 201: 10.201.0.1 Vlan 201: 10.201.0.3
Vlan 202: 10.202.0.1 Vlan 202: 10.202.0.3
6c9c.ed40.1744 0014.f179.b640

Host 2, vlan 202


Host 1, vlan 201
10.202.0.102, GW: 10.202.0.3
10.201.0.101, GW: 10.201.0.1
001f.6c75.1d46
001b.d419.1842

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Troubleshooting
Network Load Balancer Services
 Some network load balancer services (NLBS) rely on flooding to reach all
devices in the cluster
 Clusters that rely on a unicast IP to multicast MAC will be forwarded across
overlay in same fashion as a broadcast packet without any additional
configurations
 Encapsulated within the control group (multicast transport)
 Unicast to each OTV neighbour (unicast transport)
 Clusters that rely on a unicast IP to unicast MAC will be dropped

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Troubleshooting
Network Load Balancer Services - Solution
 A static unicast MAC entry can be configured at a single site
EAST_OTVA# show run | i static
mac address-table static 0200.0ac9.00a2 vlan 201 interface port-channel101
Future support
EAST_OTVA# show otv route vlan 201
planned for selective
unicast flooding OTV Unicast MAC Routing Table For Overlay1

VLAN MAC-Address Metric Uptime Owner Next-hop(s)


---- -------------- ------ -------- --------- -----------
201 0200.0ac9.00a2 1 00:00:11 site port-channel101
West East
otv otv
Po103 Po100 Po100 Po101
Core
WEST_OTVA# show otv route vlan 201

OTV Unicast MAC Routing Table For Overlay1

VLAN MAC-Address Metric Uptime Owner Next-hop(s)


---- -------------- ------ -------- --------- -----------
201 0200.0ac9.00a2 42 00:04:34 overlay EAST_OTVA
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Summary
 OTV Introduction
 Configuration
Multicast Transport
Unicast-only Transport
 Verification
Adjacency
ARP
Unicast Forwarding
Multicast Forwarding
 Troubleshooting

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
The Bridge with OTV

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Q&A
Complete Your Online Session Evaluation

Give us your feedback and receive


a Cisco Live 2013 Polo Shirt!
Complete your Overall Event Survey and 5
Session Evaluations.
 Directly from your mobile device on the
Cisco Live Mobile App
 By visiting the Cisco Live Mobile Site
www.ciscoliveaustralia.com/mobile
 Visit any Cisco Live Internet Station located
Don’t forget to activate your
throughout the venue
Cisco Live 365 account for
Polo Shirts can be collected in the World of access to all session material,
Solutions on Friday 8 March 12:00pm-2:00pm communities, and on-demand and live activities throughout
the year. Log into your Cisco Live portal and click the
"Enter Cisco Live 365" button.
www.ciscoliveaustralia.com/portal/login.ww

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
BRKDCT - 3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Appendix
ASR 1000
 Support beginning in 3.5S Core
 Advance Enterprise Image or Advance IP Service
(AES or AIS) to have the cli enabled
 Extended and site VLANs configured via EFP’s and otv otv
bridge-domains
 Multi-homing ASR and N7k OTV at same site is not
supported (must be located at different sites)
 Support for multicast transport only (unicast
transport planned in future release)
 http://www.cisco.com/en/US/docs/ios-
xml/ios/wan_otv/configuration/xe-3s/wan-otv-
confg.html
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Appendix
ASR 1000 – Configuration Internal Interface
Core
 Site-ID and Site Bridge-Domain required
 Bridge-Domain must be forwarding on internal
interface before adjacencies will be built
otv otv
otv site bridge-domain 210
otv site-identifier 0003.0003.0003

interface GigabitEthernet1/0/2
no ip address
cdp enable
Bridge-domain for an
extended VLAN service instance 201 ethernet
encapsulation dot1q 201
bridge-domain 201
Site Bridge-domain must
service instance 210 ethernet
be active on internal encapsulation dot1q 210
interface bridge-domain 210

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Appendix
ASR 1000 – Configuration Join Interface
Core
 Join Interface must be configured with IGMPv3
for multicast transport.
 Multicast routing must be enabled
 Enable IGMP snooping querier otv otv
 Configure PIM Passive mode on Join Interface

ip multicast-routing distributed
ip igmp snooping querier version 3
ip igmp snooping querier

interface GigabitEthernet1/0/1
mtu 9000
ip address 172.16.1.18 255.255.255.252
ip pim passive
ip igmp version 3
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Appendix
ASR 1000 – Configuration Overlay
Core
 Configure control and data-groups
 Specify join-interface
 Create service instance for each bridge-domain
that should be extended across overlay otv otv
 Do not extend site bridge-domain

interface Overlay1
no ip address
otv control-group 239.1.1.1
otv data-group 232.1.1.0/24
otv join-interface GigabitEthernet1/0/1
service instance 201 ethernet
encapsulation dot1q 201
bridge-domain 201

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Appendix
ASR 1000 – Verify Overlay is UP
Core

SOUTH_OTVA#show otv
Overlay Interface Overlay1
VPN name : None
VPN ID : 1
State : UP otv otv
AED Capable : Yes
IPv4 control group : 239.1.1.1
Mcast data group range(s): 232.1.1.0/24
Join interface(s) : GigabitEthernet1/0/1
Join IPv4 address : 172.16.1.18
Tunnel interface(s) : Tunnel0
Encapsulation format : GRE/IPv4
Site Bridge-Domain : 210
Capability : Multicast-reachable
Is Adjacency Server : No
Adj Server Configured : No
Prim/Sec Adj Svr(s) : None

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Appendix
ASR 1000 – Verify Site Adjacency and AED
Core

SOUTH_OTVA#show otv site


Site Adjacency Information (Site Bridge-Domain: 210)

Overlay1 Site-Local Adjacencies (Count: 2)


otv otv
Hostname System ID Last Change Ordinal AED Enabled Status
SOUTH_OTVB 001D.707E.1B00 01:02:23 0 site overlay
* SOUTH_OTVA 001D.707E.3A00 00:42:08 1 site overlay

SOUTH_OTVA#show otv vlan


Key: SI - Service Instance

Overlay 1 VLAN Configuration Information


Inst VLAN Bridge-Domain Auth Site Interface(s)
0 201 201 yes Gi1/0/2:SI201
Total VLAN(s): 1
Total Authoritative VLAN(s): 1

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Appendix
ASR 1000 – Verify Overlay Adjacencies
Core

SOUTH_OTVA#show otv adjacency


otv otv
Overlay 1 Adjacency Database
Hostname System-ID Dest Addr Up Time State
EAST_OTVB 64a0.e741.c841 172.16.1.30 01:06:21 UP
WEST_OTVB 64a0.e741.c842 172.16.1.38 01:06:21 UP
WEST_OTVA 6c9c.ed40.1742 172.16.1.34 01:06:21 UP
EAST_OTVA 6c9c.ed40.1741 172.16.1.26 01:06:21 UP
SOUTH_OTVB 001d.707e.1b00 172.16.1.22 00:29:48 UP

Peering between ASR and N7k


between sites is supported.

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Appendix
ASR 1000 – Verify Locally and Remotely Learned Routes
Core
SOUTH_OTVA#show bridge-domain 201 mac dynamic address
Port MAC Address
Gi1/0/2 ServInst 201 001a.e2be.52cd

SOUTH_OTVA#show otv route vlan 201 otv otv


Codes: BD - Bridge-Domain, AD - Admin-Distance,
SI - Service Instance, * - Backup Route

OTV Unicast MAC Routing Table for Overlay1


Locally Learned MAC
from Bridge-domain 201 Inst VLAN BD MAC Address AD Owner Next Hops(s)
----------------------------------------------------------
0 201 201 001a.e2be.52cd 40 BD Eng Gi1/0/2:SI201
0 201 201 001b.d419.1842 50 ISIS WEST_OTVA
0 201 201 001f.6c75.1d42 50 ISIS EAST_OTVA
MAC learned via ISIS
from OTV peer

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Appendix
ASR 1000 – Multicast Local Receiver
Core
SOUTH_OTVA#show otv mroute
OTV Multicast Routing Table for Overlay1

Bridge-Domain = 201, s = *, g = *
Outgoing interface list:
Default, NoRedist
otv otv
(Bridge-domain, *,G) Incoming interface count = 0, Outgoing interface count = 1
programmed based on
IGMP join from client
Bridge-Domain = 201, s = *, g = 224.10.10.10
Outgoing interface list:
Service Instance 201, GigabitEthernet1/0/2
(Bridge-domain, S,G) Incoming interface count = 0, Outgoing interface count = 1
created to deliver to local
receiver once received Bridge-Domain = 201, s = 10.201.0.102, g = 224.10.10.10
from overlay Incoming interface list:
Service Instance 201, Overlay1, 001f.6c75.1d42
Incoming interface count = 1, Outgoing interface count = 0

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Appendix
ASR 1000 – Multicast Local Receiver
Core

SOUTH_OTVA#show otv data-group IGMPv3 join sent to core


Flags: D - Local active source dynamically detected
S - Local active source statically configured
otv
for delivery group otv
J - Data group has been joined in the core
U - Data group has not been joined in the core

Remote Active Sources for Overlay1


BD Active-Source Active-Group Delivery-Source Delivery-Group Flags
201 10.201.0.102 224.10.10.10 172.16.1.26 232.1.1.0 J

BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Appendix
ASR 1000 – Multicast Local Source
SOUTH_OTVA#show otv data-group
Core
No remote data-group mappings
Flags: D - Local active source dynamically detected
S - Local active source statically configured
J - Data group has been joined in the core Local Source Flag
U - Data group has not been joined in the core

Local Active Sources for Overlay1 otv otv


BD Active-Source Active-Group Delivery-Source Delivery-Group Flags
201 10.201.0.105 224.50.50.50 172.16.1.18 232.1.1.0 D

SOUTH_OTVA#show otv mroute


! Some output omitted
Bridge-Domain = 201, s = *, g = 224.50.50.50 Join advertised from
Outgoing interface list: remote site across overlay
Overlay1, EAST_OTVA
Incoming interface count = 0, Outgoing interface count = 1
Local source on internal
Bridge-Domain = 201, s = 10.201.0.105, g = 224.50.50.50 interface
Incoming interface list:
Service Instance 201, GigabitEthernet1/0/2, 001a.e2be.52cd
Incoming interface count = 1, Outgoing interface count = 0
BRKDCT-3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
BRKDCT - 3103 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public

You might also like