Cisco Overlay Transport Virtualization Technology Introduction and Deployment Considerations
Complete OTV Configuration
Downloads: This chapterpdf (PDF - 223.0KB) The complete bookPDF (PDF - 4.54MB) | Feedback

Complete OTV Configuration

Table Of Contents

Complete OTV Configuration


Complete OTV Configuration


The following device configurations are relative to the setup in Figure A-1.

Figure A-1 Testbed Configuration Example

Notice how OTV is deployed on the OTV VDCs connected to the aggregation layer leveraging port channels as internal interfaces (vPC based POD). Also, the complete device configuration has been trimmered a little (removing for example the CoPP default config) to reduce the overall length of the Appendix. Finally, for the OTV Edge Devices, both configurations for multicast and unicast-only mode are shown. It is assumed that the multicast related commands applied to the aggregation layer devices won't be required when leveraging the unicast-only mode.

NR-n7k-a

version 5.1(1a)
license grace-period
 
   
hostname NR-n7k-a
!Following configuration set is not terminated by a newline
no vdc combined-hostname
vdc NR-n7k-a id 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
vdc East-a id 2
  allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32
  allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23,Ethernet2/25,Ethernet2/27
  boot-order 3
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 2 maximum 2
 
   
feature telnet
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature vpc
 
   
username adminbackup password 5 !  role network-operator
username admin password 5 $1$zOYf1VLm$Wh2/WnLdQDN894obifIpZ1  role network-admin
username adminbackup password 5 !  role network-operator
no password strength-check
ip domain-lookup
 
   
snmp-server user admin network-admin auth md5 0x88018226be1701759b4301a3c0519193 priv 
0x88018226be1701759b4301a3c0
519193 localizedkey
 
   
vrf context management
  ip route 0.0.0.0/0 172.26.245.1
vlan 1-4,99-199
spanning-tree vlan 99-199 priority 4096
vpc domain 1
  role priority 4086
  peer-keepalive destination 172.26.245.10 source 172.26.245.20
 
   
interface Vlan100
  no shutdown
  no ip redirects
  ip address 10.100.1.4/24
  ip ospf network broadcast
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 100 
    preempt delay minimum 60 
    priority 40
    timers  1  3
    ip 10.100.1.1 
<SNIP>
interface Vlan199
  no shutdown
  no ip redirects
  ip address 10.199.1.4/24
  ip ospf network broadcast
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 199 
    preempt delay minimum 60 
    priority 40
    timers  1  3
    ip 10.199.1.1 
 
   
interface port-channel1
  description [ To N5K Access ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  spanning-tree port type network
  vpc 1
 
   
interface port-channel10
  description [ To N7K-b ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  spanning-tree port type network
  vpc peer-link
 
   
interface port-channel20
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  vpc 20
 
   
interface port-channel30
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  vpc 30
 
   
interface Ethernet1/1
  description [ To N7K-b ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 10 mode active
  no shutdown
 
   
interface Ethernet1/9
  description [ To N5K Access ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 1 mode active
  no shutdown
 
   
interface Ethernet2/1
  description [ To N7K-b ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 10 mode active
  no shutdown
 
   
interface Ethernet2/5
  description [ To the OTV Join-Interface ]
  udld aggressive
  ip address 172.26.255.93/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/17
  description [ To Core-A ]
  ip address 172.26.255.70/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
 
   
interface Ethernet2/18
  description [ To Core B ]
  ip address 172.26.255.78/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
 
   
interface Ethernet2/20
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 20 mode active
  no shutdown
 
   
interface Ethernet2/22
  description [ To other OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 30 mode active
  no shutdown
 
   
interface mgmt0
  ip address 172.26.245.20/24
 
   
interface loopback2
  ip address 172.26.255.153/32
  ip router ospf 2 area 0.0.0.0
cli alias name sw switchto vdc east-a
line console
  exec-timeout 0
  speed 115200
line vty
  exec-timeout 0
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2
router ospf 1
  auto-cost reference-bandwidth 1000000
router ospf 2
  router-id 172.26.255.153
ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
 
   
**************************************************************************************
***********************

East-a (Multicast Mode)

version 5.1(1a)
hostname East-a
 
   
feature telnet
feature ospf
feature otv
feature lacp
feature dhcp
 
   
username admin password 5 $1$36p3GlAA$Pq09DfOCaBaSvfVj1Ul1d.  role vdc-admin
no password strength-check
ip domain-lookup
ip access-list ALL_IPs
  10 permit ip any any 
mac access-list ALL_MACs 
  10 permit any any
ip access-list HSRPv1_IP
  10 permit udp any 224.0.0.2/32 eq 1985 
mac access-list HSRP_VMAC 
  10 permit 0000.0c07.ac00 0000.0000.00ff any 
arp access-list HSRP_VMAC_ARP
  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00
  20 permit ip any mac any
vlan access-map HSRPv1_Loc 10
  match mac address HSRP_VMAC 
  match ip address HSRP_IP 
  action drop
vlan access-map HSRPv1_Loc 20
  match mac address ALL_MACs
  match action forward ip address ALL_IPs
vlan filter HSRPv1_Loc vlan-list 100-199
ip arp inspection filter HSRP_VMAC_ARP <100-199>
snmp-server user admin vdc-admin auth md5 0x88018226be1701759b4301a3c0519193 pri
v 0x88018226be1701759b4301a3c0519193 localizedkey
 
   
vrf context management
  ip route 0.0.0.0/0 172.26.245.1
vlan 1,99-199
otv site-vlan 99
otv site-identifier 0x1
mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000
route-map stop-HSRP permit 10
  match mac-list HSRP_VMAC_Deny 
 
   
interface port-channel2
  description [ To N7K-a - Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
 
   
interface Overlay0
  otv join-interface Ethernet2/6
  otv control-group 239.1.1.1
  otv data-group 232.1.1.0/28
  otv extend-vlan 100-199
  no shutdown
 
   
interface Ethernet2/6
  description [ OTV Join-Interface ]
  ip address 172.26.255.94/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/21
  description [ To N7K-a - Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-227
  channel-group 2 mode active
  no shutdown
 
   
interface Ethernet2/23
  description [ To N7K-b - Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-227
  channel-group 2 mode active
  no shutdown
 
   
interface mgmt0
  ip address 172.26.245.21/24
 
   
interface loopback0
  ip address 172.26.255.151/32
  ip router ospf 2 area 0.0.0.0
cli alias name his show cli hist unfo 20
line console
  exec-timeout 0
line vty
  exec-timeout 0
router ospf 2
  router-id 172.26.255.151
  timers throttle spf 10 100 500
otv-isis default
  vpn Overlay0
    redistribute filter route-map stop-HSRP

East-a (Unicast-only Mode)

The configuration is mostly identical to the one shown above. The only difference is 
in the Overlay interface configuration, as shown below.
interface Overlay0
  otv join-interface Ethernet2/6
  otv adjacency-server unicast-only
  otv use-adjacency-server 172.26.255.94 172.27.255.94
  otv extend-vlan 100-199
  no shutdown
**************************************************************************************
***********************

NR-n7k-b

version 5.1(1a)
license grace-period
 
   
hostname NR-n7k-b
!Following configuration set is not terminated by a newline
no vdc combined-hostname
vdc NR-n7k-b id 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 16 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
vdc East-b id 2
  allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32
  allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23
  boot-order 3
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 16 maximum 1000
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 2 maximum 2
 
   
feature telnet
cfs eth distribute
feature ospf
feature pim
feature interface-vlan
feature hsrp
feature lacp
feature vpc
 
   
logging level monitor 7
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na.  role 
network-operator
username admin password 5 $1$T1wpkssO$4U6JRuGrh5M8WvbYXTsnV0  role network-admin
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na.  role 
network-operator
no password strength-check
ip domain-lookup
 
   
snmp-server user admin network-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 priv 
0x1ef34a157db87c5884230ac8e89f4663 localizedkey
ntp server 171.68.10.80 use-vrf management
ntp server 171.68.10.150 use-vrf management
ntp source-interface  mgmt0
 
   
vrf context management
  ip route 0.0.0.0/0 172.26.245.1
vlan 1-4,99-199
spanning-tree vlan 99-199 priority 8192
vpc domain 1
  role priority 8192
  peer-keepalive destination 172.26.245.20 source 172.26.245.10
 
   
interface Vlan100
  no shutdown
  management
  no ip redirects
  ip address 10.100.1.5/24
  ip ospf network broadcast
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 100 
    preempt delay minimum 60 
    priority 20
    timers  1  3
    ip 10.100.1.1 
<SNIP> 
interface Vlan199
  no shutdown
  no ip redirects
  ip address 10.199.1.5/24
  ip ospf network broadcast
  ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 199 
    preempt delay minimum 60 
    priority 20
    timers  1  3
    ip 10.199.1.1 
 
   
interface port-channel1
  description [ To N5K Access ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  spanning-tree port type network
  vpc 1
 
   
interface port-channel10
  description [ To N7K-a ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  spanning-tree port type network
  vpc peer-link
 
   
interface port-channel20
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  vpc 20
 
   
interface port-channel30
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  vpc 30
 
   
interface Ethernet1/1
  description [ To N7K-a ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 10 mode active
  no shutdown
 
   
interface Ethernet1/9
  description [ To N5K Access ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 1 mode active
  no shutdown
 
   
interface Ethernet2/1
  description [ To N7K-a ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 10 mode active
  no shutdown
 
   
interface Ethernet2/5
  description [ To the OTV Join-Interface ]
  ip address 172.26.255.97/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/17
  description [ To Core A ]
  ip address 172.26.255.74/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/18
  description [ To Core B ]
  ip address 172.26.255.82/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/20
  description [ To this OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 30 mode active
  no shutdown
 
   
interface Ethernet2/22
  description [ To other OTV VDC ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 20 mode active
  no shutdown
 
   
interface mgmt0
  ip address 172.26.245.10/24
 
   
interface loopback2
  ip address 172.26.255.154/32
  ip router ospf 2 area 0.0.0.0
cli alias name sw switchto vdc east-b
line console
  exec-timeout 0
  speed 115200
line vty
  exec-timeout 0
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2
router ospf 1
  auto-cost reference-bandwidth 1000000
router ospf 2
  router-id 172.26.255.154
  timers throttle spf 10 100 5000
ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
ip routing multicast holddown 0
logging monitor 7
logging console 7
**************************************************************************************
***********************

East-b (Multicast Mode)

version 5.1(1a)
hostname East-b
 
   
feature telnet
feature ospf
feature otv
feature lacp
feature dhcp
 
   
logging level otv 7
 
   
username admin password 5 $1$mDXdlrBj$3UtOG.HD2w.PI41n2apYe/  role vdc-admin
no password strength-check
ip domain-lookup
 
   
ip access-list ALL_IPs
  10 permit ip any any 
mac access-list ALL_MACs 
  10 permit any any
ip access-list HSRPv1_IP
  10 permit udp any 224.0.0.2/32 eq 1985 
mac access-list HSRP_VMAC 
  10 permit 0000.0c07.ac00 0000.0000.00ff any 
arp access-list HSRP_VMAC_ARP
  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00
  20 permit ip any mac any
vlan access-map HSRPv1_Loc 10
  match mac address HSRP_VMAC 
  match ip address HSRP_IP 
  action drop
vlan access-map HSRPv1_Loc 20
  match mac address ALL_MACs
  match ip address ALL_IPs 
  action forward
vlan filter HSRPv1_Loc vlan-list 100-199
ip arp inspection filter HSRP_VMAC_ARP <100-199>
snmp-server user admin vdc-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 pri
v 0x1ef34a157db87c5884230ac8e89f4663 localizedkey
 
   
vrf context management
  ip route 0.0.0.0/0 172.26.245.1
vlan 1,99-199
otv site-vlan 99
otv site-identifier 0x1
mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000
route-map stop-HSRP permit 10
  match mac-list HSRP_VMAC_Deny 
 
   
interface port-channel3
  description [ OTV Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
 
   
interface Overlay0
  otv join-interface Ethernet2/6
  otv control-group 239.1.1.1
  otv data-group 232.1.1.0/28
  otv extend-vlan 100-199
  no shutdown
 
   
interface Ethernet2/6
  description [ OTV Join-Interface ]
  ip address 172.26.255.98/30
  ip ospf network point-to-point
  ip router ospf 2 area 0.0.0.0
  ip igmp version 3
  no shutdown
 
   
interface Ethernet2/21
  description [ To N7K-a - Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 3 mode active
  no shutdown
 
   
interface Ethernet2/23
  description [ To N7K-b - Internal Interface ]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 99-199
  channel-group 3 mode active
  no shutdown
 
   
interface mgmt0
  ip address 172.26.245.11/24
 
   
interface loopback0
  ip address 172.26.255.152/32
  ip router ospf 2 area 0.0.0.0
logging monitor 7
logging console 7
line console
  exec-timeout 0
line vty
  exec-timeout 0
router ospf 2
  router-id 172.26.255.152
otv-isis default
  vpn Overlay0
    redistribute filter route-map stop-HSRP

East-b (Unicast-only Mode)

The configuration is mostly identical to the one shown above. The only difference is in the Overlay interface configuration, as shown below.

interface Overlay0
  otv join-interface Ethernet2/6
  otv use-adjacency-server 172.26.255.94 172.27.255.94
  otv extend-vlan 100-199
  no shutdown