SlideShare une entreprise Scribd logo

Otv notes

Télécharger en tant que PPTX, PDF
Krunal Shah
Krunal Shah

Cisco OTV for CCIE DC prep

Technologie
1  sur  19
OTV1  OTV technology Introduction  OTV Operations  OTV Configuration and verification (N7K)  OTV unicast mode and its limitation  FHRP Localization and egress routing  Guidelines and limitation for deployment. Overlay Transport Virtualization
Overlay Transport Virtualization OTV2  OTV is Layer 2 VPN technology. OTV extends VLAN from one site to another so you can use same IP address space on both site for same VLAN. Some application requires same VLAN and IP subnet to be present on more than two sites.  Connecting more than 2 sites are difficult to manage using exiting technology (e.g. VPLS) due to Spanning tree restrictions.  OTV introduces the concept of “MAC routing,” which means a control plane protocol is used to exchange MAC reachability information between network devices providing LAN extension functionality.
Overlay Transport Virtualization OTV3  At Data plane, OTV edge device does L2 frame encapsulation in IP payload at layer 3 Edge and uses multicast to route encapsulated frames to destination OTV edge device.  At Control plane, OTV edge device uses a control multicast group to establish Level 1 IS-IS adjacencies and uses IS-IS protocol to advertize MAC addresses to other OTV devices on other site.  Depending on upstream routing OTV edge device may or may not run routing protocols but running routing protocol on OTV edge device is not a requirement. OTV edge device connects to core as a host not as a router. If routing protocol is required only enable stub routing (stub area for OSPF or EIGRP stub router).  OTV edge device filters unknown unicast frames in other words it does not forward unknown unicast frames to other site. OTV edge device also sets DF bit in outer IP header when it encapsulates L2 frame.  OTV edge device has modified MAC address table which shows what IP address to use when reaching to remote MAC address at other site. This IP address is IP address of join interface of the remote site.  OTV edge device also cache ARP resolution for MAC addresses not local to the site and learnt via the overlay. So that all ARP and ND reply can be responded locally within site.  Current implementation of OTV shim header on Nexus 7K uses MPLS over GRE over IP encapsulation[2] but draft RFC defines UDP encapsulation method.[3]
OTV Terminologies OTV4  Overlay interface: A Logical tunnel interface which does encapsulate the frame into a IP packet.  Join interface: L3 routed port which sends IGMP version 3 join message.  Internal interface: L2 trunk or access interfaces which runs spanning tree.  Site ID: A unique 24-bit value reserved for each site.  Site VLAN: A VLAN that is reserved for choosing OTV authorative edge device for that site.  Control group: An ASM multicast address used to build the OTV neighbor adjacency and to exchange MAC addresses with neighbors. The use of the ASM group as a vehicle to transport the Hello messages allows the edge devices to discover each other as if they were deployed on a shared LAN segment. This emulates a shared medium where all OTV edge devices connected to it. [1]  Data group: In order to handle L2 multicast data-traffic between sites up to 8 ranges of IPv4 SSM multicast group prefixes can be used by each site. Each OTV edge device creates mapping for Gs to Gd in Data group mapping table.  MAC address table of a OTV edge devices are slightly modified to incorporate overlay interface as destination. Site1-OTV1# sh mac add add 0007.eb49.7600 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ O 101 0007.eb49.7600 dynamic 0 F F Overlay0
OTV Neighbor Discovery OTV5  Step 1: Each OTV devices sends a IGMP join message thru their join interfaces on ASM control group. This triggers PIM join and multicast tree for OTV control group.  Step 2: OTV control protocol sends Hello message with its identity.  Step 3 and 4: These hello messages are replicated to all OTV devices that has joined the control group.  Step 5: The receiving OTV edge devices decapsulate the packets.  Step 6: These Hellos are passed to the control protocol process. This will eventually build neighbor adjacency over interface overlay0. You can see them using show otv adjacency
OTV configuration example (Nexus 7000) OTV6 feature otv otv site-vlan 5 otv site-identifier 0x5 interface Overlay0 otv join-interface Ethernet2/1 otv control-group 233.1.1.1 otv data-group 232.5.6.0/28 otv extend-vlan 100 no shutdown interface Ethernet2/1 descrip Join interface ip address 150.1.5.5/24 ip igmp version 3 no shutdown interface Ethernet2/3 descrip Internal interface switchport switchport mode trunk no shutdown feature otv otv site-vlan 6 otv site-identifier 0x6 interface Overlay0 otv join-interface Ethernet2/1 otv control-group 233.1.1.1 otv data-group 232.5.6.0/28 otv extend-vlan 100 no shutdown interface Ethernet2/1 descrip Join interface ip address 150.1.6.6/24 ip igmp version 3 no shutdown interface Ethernet2/3 descrip Internal interface switchport switchport mode trunk no shutdown
Verification OTV7 N7K-5# show otv OTV Overlay Information Site Identifier 0000.0000.0005 Overlay interface Overlay0 VPN name : Overlay0 VPN state : UP Extended vlans : 100 (Total:1) Control group : 233.1.1.1 Data group range(s) : 232.5.6.0/24 Join interface(s) : Eth2/1 (150.1.5.5) Site VLAN : 5 (up) AED-Capable : No (No extended VLAN is operationally up) Capability : Multicast-Reachable N7K-5# sh otv adjacency Overlay Adjacency database Overlay-Interface Overlay0 : Hostname System-ID Dest Addr Up Time State N7K-6 0050.5689.1ff6 150.4.6.6 00:06:51 UP
Overlay Transport Virtualization OTV8  Verification commands N7K-5# sh int overlay 0 Overlay0 is up MTU 1400 bytes, BW 1000000 Kbit Encapsulation OTV Last link flapped 00:45:00 Last clearing of "show interface" counters never Load-Interval is 5 minute (300 seconds) RX 0 unicast packets 0 multicast packets 0 bytes 0 bits/sec 0 packets/sec TX 0 unicast packets 0 multicast packets 0 bytes 0 bits/sec 0 packets/sec N7K-5 # sh otv arp-nd-cache OTV ARP/ND L3->L2 Address Mapping Cache Overlay Interface Overlay1 VLAN MAC Address Layer-3 Address Age Expires In 100 001a.a1ff.7d46 15.1.1.32 00:03:42 00:04:17
OTV Authentication methods OTV9  There are three methods of authentication. All of them are key chain based. 1. Neighbor Authentication – for ISIS neighbor authentication between two sites 2. Route Authentication – for route injection control 3. Neighbor Authentication – for neighbor authentication within a site when using multihoming.  Authentication is useful when multicast core is not under same administrative control. This is very similar to Fabricpath authentication and other IS-IS authentication methods.  The following example shows route authentication. key chain OTV key 0 key-string 7 070c22454b0d1a5546 otv-isis default vpn Overlay0 otv isis authentication-type md5 otv isis authentication key-chain OTV
OTV Authentication methods OTV10  OTV Neighbor Authentication Configuration example. key chain OTV key 0 key-string 7 070c22454b0d1a5546 interface Overlay1 otv isis authentication-type md5 otv isis authentication key-chain OTV N7K-5# sh otv isis interface overlay 0 OTV-IS-IS process: default VPN: Overlay0 Overlay0, Interface status: protocol-up/link-up/admin-up IP address: none IPv6 address: none IPv6 link-local address: none Index: 0x0001, Local Circuit ID: 0x01, Circuit Type: L1 Level1 Adjacency server (local/remote) : disabled / none Adjacency server capability : multicast Authentication type is MD5 Authentication keychain is OTV Authentication check specified LSP interval: 33 ms, MTU: 1400 Level Metric CSNP Next CSNP Hello Multi Next IIH 1 40 10 00:00:05 3 3 0.728284 Level Adjs AdjsUp Pri Circuit ID Since 1 1 1 64 N7K-5.01 * 00:53:44
OTV Unicast mode OTV11  Unicast OTV mode can be used in smaller deployment (2 or 3 sites) where there is no multicast transport core.  One site OTV edge device is selected as adjacency server and it is configured under interface overlay.  Adjacency server maintains list of all OTV edge device that are part of same overlay VPN.  Every OTV edge device willing to join a specific OTV logical overlay VPN, needs to first "register" with the Adjacency Server by start sending OTV Hello messages to it. All other OTV neighbor addresses are discovered dynamically through the Adjacency Server.  When there is MAC address table update on one site that gets unicasted to all OTV edge device in a given overlay VPN. (head end replication). Destination IP address of this update packet is join interface IP address of each site as opposed to single multicast address.
OTV Unicast mode Configuration example OTV12  Unicast OTV mode Configuration example. interface Overlay0 otv join-interface Ethernet2/1 ! Instead of control and Data group range use IP address of adjacency servers otv use-adjacency-server 150.1.5.5 150.1.6.6 otv extend-vlan 100-103 no shutdown
Authorative Edge Device (AED) OTV13  Each OTV site can have up to 2 edge device for high availability which can perform OTV encapsulation. Each device is selected as Authorative edge device (AED) for given VLAN. This election happens over site VLAN.  AED is responsible to forward traffic to and from Overlay VPN for its VLAN. E.g. If a host sends a broadcast it reaches to both OTV edge device on site but who ever is AED forwards this broadcast to overlay VPN. Similarly if a broadcast traffic received on both OTV edge device only AED for that VLAN forwards traffic to internal interface.
FHRP Localization/Isolation OTV14  Each VLAN connected via OTV should have their gateway local to their site i.e. FHRP protocols should be filtered over OTV. Otherwise suboptimal switching/routing will occur. Scenario likely to come in exam.  In a good design all FHRP Hellos and MAC addresses of local gateway should be filtered at the OTV edge devices.
FHRP Localization/Isolation Configuration OTV15  Step 1: Filtering HSRP hellos messages ip access-list HSRPv1-IP 10 permit udp any 224.0.0.2/32 eq 1985 ip access-list ALL 10 permit ip any any vlan access-map HSRP-FILTER 10 match ip address HSRPv1-IP action drop vlan access-map FHRP-FILTER 50 match ip address ALL-IPs action forward vlan filter FHRP-FILTER vlan-list 100
FHRP Localization/Isolation OTV16  FHRP localization/Isolation configuration example for HSRP  Step 2: Filtering MAC address propagating to other site. mac-list OTV-HSRP-MAC seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 route-map OTV-FHRP-FILTER permit 10 match mac-list OTV-FHRP-MAC otv-isis default vpn Overlay0 redistribute filter route-map OTV-FHRP-FILTER
Guidelines and consideration for deployment of OTV OTV17  Up to eight data-group ranges can be defined.  L3 SVI (interface vlan) for vlans that are extended over OTV cannot be on same VDC.  OTV is only supported on M-series cards only as of today.  IGMP version 3 is mandatory to enable on join interface when multicast mode is used.  Site VLAN has to be up and operational even though there is only one OTV edge device at a given site.  No need to configure PIM on join interface because OTV edge device connects to core as a host.  Most simple design can just use 1 Overlay interface, however a more complex design can be used with VLANs split between Overlays for loadbalancing.  In a given VDC, one overlay VPN can run in unicast mode and another overlay VPN can run in Multicast mode.
References OTV18  Cisco Overlay Transport Virtualization Technology Introduction and Deployment Considerations http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_ Intro.html  OTV Decoded – A Fancy GRE Tunnel http://blog.ine.com/2012/08/17/otv-decoded-a-fancy-gre-tunnel/  Overlay Transport Virtualization draft http://tools.ietf.org/html/draft-hasmit-otv-04  Cisco Nexus 7000 OTV configuration guide http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx- os/OTV/config_guide/b_Cisco_Nexus_7000_Series_NX-OS_OTV_Configuration_Guide.html
Questions? OTV19

Recommandé

VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEnetworkershome
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)NetProtocol Xpert
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV NetProtocol Xpert
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
Ucs security part2
Ucs security part2Ucs security part2
Ucs security part2Krunal Shah
 

Recommandé

VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEnetworkershome
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)NetProtocol Xpert
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV NetProtocol Xpert
 
vPC_Final
vPC_FinalvPC_Final
vPC_FinalPratik Bhide
 
Ucs security part2
Ucs security part2Ucs security part2
Ucs security part2Krunal Shah
 
Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric pathASHISH SEHGAL
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 
VXLAN
VXLANVXLAN
VXLANSAliyev1
 
FEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOMEFEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOMEnetworkershome
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANsNetProtocol Xpert
 
SEGMENT Routing
SEGMENT RoutingSEGMENT Routing
SEGMENT RoutingBangladesh Network Operators Group
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN NetProtocol Xpert
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
Nokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideNokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideAbel Saduwa
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
IP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless AccessIP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless AccessDhiman Chowdhury
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 

Contenu connexe

Tendances

Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...crojasmo
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 
FEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOMEFEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOMEnetworkershome
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010irbas
 
Nokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideNokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideAbel Saduwa
 
IP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless AccessIP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless AccessDhiman Chowdhury
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 

Tendances (20)

Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...Community tech talk virtual port channel ( v pc ) operations and design best ...
Community tech talk virtual port channel ( v pc ) operations and design best ...
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)
 
VXLAN
VXLANVXLAN
VXLAN
 
FEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOMEFEX -PPT By NETWORKERS HOME
FEX -PPT By NETWORKERS HOME
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
 
SEGMENT Routing
SEGMENT RoutingSEGMENT Routing
SEGMENT Routing
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010Ccna 3 v 4.0 final-exam-17-07-2010
Ccna 3 v 4.0 final-exam-17-07-2010
 
Nokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideNokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration Guide
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
IP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless AccessIP Infusion Application Note for 4G LTE Fixed Wireless Access
IP Infusion Application Note for 4G LTE Fixed Wireless Access
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 

Similaire à Otv notes

SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2Juli Yaret
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchRamses Ramirez
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basicsnshah061
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecAreaNetworking.it
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
Juniper L2 MPLS VPN
Juniper L2 MPLS VPNJuniper L2 MPLS VPN
Juniper L2 MPLS VPNmehrdad1981
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdf
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdfhuawei-ls-s2318tp-ei-ac-brochure-datasheet.pdf
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdfHi-Network.com
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDNSungman Jang
 

Similaire à Otv notes (20)

SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsec
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
OpenStack sdn
OpenStack sdnOpenStack sdn
OpenStack sdn
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Juniper L2 MPLS VPN
Juniper L2 MPLS VPNJuniper L2 MPLS VPN
Juniper L2 MPLS VPN
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 
Session 2
Session 2Session 2
Session 2
 
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdf
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdfhuawei-ls-s2318tp-ei-ac-brochure-datasheet.pdf
huawei-ls-s2318tp-ei-ac-brochure-datasheet.pdf
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Dernier (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Otv notes

  • 1. OTV1  OTV technology Introduction  OTV Operations  OTV Configuration and verification (N7K)  OTV unicast mode and its limitation  FHRP Localization and egress routing  Guidelines and limitation for deployment. Overlay Transport Virtualization
  • 2. Overlay Transport Virtualization OTV2  OTV is Layer 2 VPN technology. OTV extends VLAN from one site to another so you can use same IP address space on both site for same VLAN. Some application requires same VLAN and IP subnet to be present on more than two sites.  Connecting more than 2 sites are difficult to manage using exiting technology (e.g. VPLS) due to Spanning tree restrictions.  OTV introduces the concept of “MAC routing,” which means a control plane protocol is used to exchange MAC reachability information between network devices providing LAN extension functionality.
  • 3. Overlay Transport Virtualization OTV3  At Data plane, OTV edge device does L2 frame encapsulation in IP payload at layer 3 Edge and uses multicast to route encapsulated frames to destination OTV edge device.  At Control plane, OTV edge device uses a control multicast group to establish Level 1 IS-IS adjacencies and uses IS-IS protocol to advertize MAC addresses to other OTV devices on other site.  Depending on upstream routing OTV edge device may or may not run routing protocols but running routing protocol on OTV edge device is not a requirement. OTV edge device connects to core as a host not as a router. If routing protocol is required only enable stub routing (stub area for OSPF or EIGRP stub router).  OTV edge device filters unknown unicast frames in other words it does not forward unknown unicast frames to other site. OTV edge device also sets DF bit in outer IP header when it encapsulates L2 frame.  OTV edge device has modified MAC address table which shows what IP address to use when reaching to remote MAC address at other site. This IP address is IP address of join interface of the remote site.  OTV edge device also cache ARP resolution for MAC addresses not local to the site and learnt via the overlay. So that all ARP and ND reply can be responded locally within site.  Current implementation of OTV shim header on Nexus 7K uses MPLS over GRE over IP encapsulation[2] but draft RFC defines UDP encapsulation method.[3]
  • 4. OTV Terminologies OTV4  Overlay interface: A Logical tunnel interface which does encapsulate the frame into a IP packet.  Join interface: L3 routed port which sends IGMP version 3 join message.  Internal interface: L2 trunk or access interfaces which runs spanning tree.  Site ID: A unique 24-bit value reserved for each site.  Site VLAN: A VLAN that is reserved for choosing OTV authorative edge device for that site.  Control group: An ASM multicast address used to build the OTV neighbor adjacency and to exchange MAC addresses with neighbors. The use of the ASM group as a vehicle to transport the Hello messages allows the edge devices to discover each other as if they were deployed on a shared LAN segment. This emulates a shared medium where all OTV edge devices connected to it. [1]  Data group: In order to handle L2 multicast data-traffic between sites up to 8 ranges of IPv4 SSM multicast group prefixes can be used by each site. Each OTV edge device creates mapping for Gs to Gd in Data group mapping table.  MAC address table of a OTV edge devices are slightly modified to incorporate overlay interface as destination. Site1-OTV1# sh mac add add 0007.eb49.7600 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ O 101 0007.eb49.7600 dynamic 0 F F Overlay0
  • 5. OTV Neighbor Discovery OTV5  Step 1: Each OTV devices sends a IGMP join message thru their join interfaces on ASM control group. This triggers PIM join and multicast tree for OTV control group.  Step 2: OTV control protocol sends Hello message with its identity.  Step 3 and 4: These hello messages are replicated to all OTV devices that has joined the control group.  Step 5: The receiving OTV edge devices decapsulate the packets.  Step 6: These Hellos are passed to the control protocol process. This will eventually build neighbor adjacency over interface overlay0. You can see them using show otv adjacency
  • 6. OTV configuration example (Nexus 7000) OTV6 feature otv otv site-vlan 5 otv site-identifier 0x5 interface Overlay0 otv join-interface Ethernet2/1 otv control-group 233.1.1.1 otv data-group 232.5.6.0/28 otv extend-vlan 100 no shutdown interface Ethernet2/1 descrip Join interface ip address 150.1.5.5/24 ip igmp version 3 no shutdown interface Ethernet2/3 descrip Internal interface switchport switchport mode trunk no shutdown feature otv otv site-vlan 6 otv site-identifier 0x6 interface Overlay0 otv join-interface Ethernet2/1 otv control-group 233.1.1.1 otv data-group 232.5.6.0/28 otv extend-vlan 100 no shutdown interface Ethernet2/1 descrip Join interface ip address 150.1.6.6/24 ip igmp version 3 no shutdown interface Ethernet2/3 descrip Internal interface switchport switchport mode trunk no shutdown
  • 7. Verification OTV7 N7K-5# show otv OTV Overlay Information Site Identifier 0000.0000.0005 Overlay interface Overlay0 VPN name : Overlay0 VPN state : UP Extended vlans : 100 (Total:1) Control group : 233.1.1.1 Data group range(s) : 232.5.6.0/24 Join interface(s) : Eth2/1 (150.1.5.5) Site VLAN : 5 (up) AED-Capable : No (No extended VLAN is operationally up) Capability : Multicast-Reachable N7K-5# sh otv adjacency Overlay Adjacency database Overlay-Interface Overlay0 : Hostname System-ID Dest Addr Up Time State N7K-6 0050.5689.1ff6 150.4.6.6 00:06:51 UP
  • 8. Overlay Transport Virtualization OTV8  Verification commands N7K-5# sh int overlay 0 Overlay0 is up MTU 1400 bytes, BW 1000000 Kbit Encapsulation OTV Last link flapped 00:45:00 Last clearing of "show interface" counters never Load-Interval is 5 minute (300 seconds) RX 0 unicast packets 0 multicast packets 0 bytes 0 bits/sec 0 packets/sec TX 0 unicast packets 0 multicast packets 0 bytes 0 bits/sec 0 packets/sec N7K-5 # sh otv arp-nd-cache OTV ARP/ND L3->L2 Address Mapping Cache Overlay Interface Overlay1 VLAN MAC Address Layer-3 Address Age Expires In 100 001a.a1ff.7d46 15.1.1.32 00:03:42 00:04:17
  • 9. OTV Authentication methods OTV9  There are three methods of authentication. All of them are key chain based. 1. Neighbor Authentication – for ISIS neighbor authentication between two sites 2. Route Authentication – for route injection control 3. Neighbor Authentication – for neighbor authentication within a site when using multihoming.  Authentication is useful when multicast core is not under same administrative control. This is very similar to Fabricpath authentication and other IS-IS authentication methods.  The following example shows route authentication. key chain OTV key 0 key-string 7 070c22454b0d1a5546 otv-isis default vpn Overlay0 otv isis authentication-type md5 otv isis authentication key-chain OTV
  • 10. OTV Authentication methods OTV10  OTV Neighbor Authentication Configuration example. key chain OTV key 0 key-string 7 070c22454b0d1a5546 interface Overlay1 otv isis authentication-type md5 otv isis authentication key-chain OTV N7K-5# sh otv isis interface overlay 0 OTV-IS-IS process: default VPN: Overlay0 Overlay0, Interface status: protocol-up/link-up/admin-up IP address: none IPv6 address: none IPv6 link-local address: none Index: 0x0001, Local Circuit ID: 0x01, Circuit Type: L1 Level1 Adjacency server (local/remote) : disabled / none Adjacency server capability : multicast Authentication type is MD5 Authentication keychain is OTV Authentication check specified LSP interval: 33 ms, MTU: 1400 Level Metric CSNP Next CSNP Hello Multi Next IIH 1 40 10 00:00:05 3 3 0.728284 Level Adjs AdjsUp Pri Circuit ID Since 1 1 1 64 N7K-5.01 * 00:53:44
  • 11. OTV Unicast mode OTV11  Unicast OTV mode can be used in smaller deployment (2 or 3 sites) where there is no multicast transport core.  One site OTV edge device is selected as adjacency server and it is configured under interface overlay.  Adjacency server maintains list of all OTV edge device that are part of same overlay VPN.  Every OTV edge device willing to join a specific OTV logical overlay VPN, needs to first "register" with the Adjacency Server by start sending OTV Hello messages to it. All other OTV neighbor addresses are discovered dynamically through the Adjacency Server.  When there is MAC address table update on one site that gets unicasted to all OTV edge device in a given overlay VPN. (head end replication). Destination IP address of this update packet is join interface IP address of each site as opposed to single multicast address.
  • 12. OTV Unicast mode Configuration example OTV12  Unicast OTV mode Configuration example. interface Overlay0 otv join-interface Ethernet2/1 ! Instead of control and Data group range use IP address of adjacency servers otv use-adjacency-server 150.1.5.5 150.1.6.6 otv extend-vlan 100-103 no shutdown
  • 13. Authorative Edge Device (AED) OTV13  Each OTV site can have up to 2 edge device for high availability which can perform OTV encapsulation. Each device is selected as Authorative edge device (AED) for given VLAN. This election happens over site VLAN.  AED is responsible to forward traffic to and from Overlay VPN for its VLAN. E.g. If a host sends a broadcast it reaches to both OTV edge device on site but who ever is AED forwards this broadcast to overlay VPN. Similarly if a broadcast traffic received on both OTV edge device only AED for that VLAN forwards traffic to internal interface.
  • 14. FHRP Localization/Isolation OTV14  Each VLAN connected via OTV should have their gateway local to their site i.e. FHRP protocols should be filtered over OTV. Otherwise suboptimal switching/routing will occur. Scenario likely to come in exam.  In a good design all FHRP Hellos and MAC addresses of local gateway should be filtered at the OTV edge devices.
  • 15. FHRP Localization/Isolation Configuration OTV15  Step 1: Filtering HSRP hellos messages ip access-list HSRPv1-IP 10 permit udp any 224.0.0.2/32 eq 1985 ip access-list ALL 10 permit ip any any vlan access-map HSRP-FILTER 10 match ip address HSRPv1-IP action drop vlan access-map FHRP-FILTER 50 match ip address ALL-IPs action forward vlan filter FHRP-FILTER vlan-list 100
  • 16. FHRP Localization/Isolation OTV16  FHRP localization/Isolation configuration example for HSRP  Step 2: Filtering MAC address propagating to other site. mac-list OTV-HSRP-MAC seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 route-map OTV-FHRP-FILTER permit 10 match mac-list OTV-FHRP-MAC otv-isis default vpn Overlay0 redistribute filter route-map OTV-FHRP-FILTER
  • 17. Guidelines and consideration for deployment of OTV OTV17  Up to eight data-group ranges can be defined.  L3 SVI (interface vlan) for vlans that are extended over OTV cannot be on same VDC.  OTV is only supported on M-series cards only as of today.  IGMP version 3 is mandatory to enable on join interface when multicast mode is used.  Site VLAN has to be up and operational even though there is only one OTV edge device at a given site.  No need to configure PIM on join interface because OTV edge device connects to core as a host.  Most simple design can just use 1 Overlay interface, however a more complex design can be used with VLANs split between Overlays for loadbalancing.  In a given VDC, one overlay VPN can run in unicast mode and another overlay VPN can run in Multicast mode.
  • 18. References OTV18  Cisco Overlay Transport Virtualization Technology Introduction and Deployment Considerations http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_ Intro.html  OTV Decoded – A Fancy GRE Tunnel http://blog.ine.com/2012/08/17/otv-decoded-a-fancy-gre-tunnel/  Overlay Transport Virtualization draft http://tools.ietf.org/html/draft-hasmit-otv-04  Cisco Nexus 7000 OTV configuration guide http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx- os/OTV/config_guide/b_Cisco_Nexus_7000_Series_NX-OS_OTV_Configuration_Guide.html