Table Of Contents

Complete OTV Configuration

Complete OTV Configuration

---

The following device configurations are relative to the setup in Figure A-1.

Figure A-1 Testbed Configuration Example

Notice how OTV is deployed on the OTV VDCs connected to the aggregation layer leveraging port channels as internal interfaces (vPC based POD). Also, the complete device configuration has been trimmered a little (removing for example the CoPP default config) to reduce the overall length of the Appendix. Finally, for the OTV Edge Devices, both configurations for multicast and unicast-only mode are shown. It is assumed that the multicast related commands applied to the aggregation layer devices won't be required when leveraging the unicast-only mode.

NR-n7k-a

version 5.1(1a)

license grace-period

hostname NR-n7k-a

!Following configuration set is not terminated by a newline

no vdc combined-hostname

vdc NR-n7k-a id 1

  limit-resource vlan minimum 16 maximum 4094

  limit-resource monitor-session minimum 0 maximum 2

  limit-resource monitor-session-erspan-dst minimum 0 maximum 23

  limit-resource vrf minimum 2 maximum 1000

  limit-resource port-channel minimum 0 maximum 768

  limit-resource u4route-mem minimum 32 maximum 32

  limit-resource u6route-mem minimum 16 maximum 16

  limit-resource m4route-mem minimum 58 maximum 58

  limit-resource m6route-mem minimum 8 maximum 8

vdc East-a id 2

  allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32

  allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23,Ethernet2/25,Ethernet2/27

  boot-order 3

  limit-resource vlan minimum 16 maximum 4094

  limit-resource monitor-session minimum 0 maximum 2

  limit-resource monitor-session-erspan-dst minimum 0 maximum 23

  limit-resource vrf minimum 2 maximum 1000

  limit-resource port-channel minimum 0 maximum 768

  limit-resource u4route-mem minimum 8 maximum 8

  limit-resource u6route-mem minimum 4 maximum 4

  limit-resource m4route-mem minimum 8 maximum 8

  limit-resource m6route-mem minimum 2 maximum 2

feature telnet

cfs eth distribute

feature ospf

feature pim

feature udld

feature interface-vlan

feature hsrp

feature lacp

feature vpc

username adminbackup password 5 !  role network-operator

username admin password 5 $1$zOYf1VLm$Wh2/WnLdQDN894obifIpZ1  role network-admin

username adminbackup password 5 !  role network-operator

no password strength-check

ip domain-lookup

snmp-server user admin network-admin auth md5 0x88018226be1701759b4301a3c0519193 priv 
0x88018226be1701759b4301a3c0

519193 localizedkey

vrf context management

  ip route 0.0.0.0/0 172.26.245.1

vlan 1-4,99-199

spanning-tree vlan 99-199 priority 4096

vpc domain 1

  role priority 4086

  peer-keepalive destination 172.26.245.10 source 172.26.245.20

interface Vlan100

  no shutdown

  no ip redirects

  ip address 10.100.1.4/24

  ip ospf network broadcast

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 100 

    preempt delay minimum 60 

    priority 40

    timers  1  3

    ip 10.100.1.1 

<SNIP>

interface Vlan199

  no shutdown

  no ip redirects

  ip address 10.199.1.4/24

  ip ospf network broadcast

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 199 

    preempt delay minimum 60 

    priority 40

    timers  1  3

    ip 10.199.1.1 

interface port-channel1

  description [ To N5K Access ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  spanning-tree port type network

  vpc 1

interface port-channel10

  description [ To N7K-b ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  spanning-tree port type network

  vpc peer-link

interface port-channel20

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  vpc 20

interface port-channel30

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  vpc 30

interface Ethernet1/1

  description [ To N7K-b ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 10 mode active

  no shutdown

interface Ethernet1/9

  description [ To N5K Access ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 1 mode active

  no shutdown

interface Ethernet2/1

  description [ To N7K-b ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 10 mode active

  no shutdown

interface Ethernet2/5

  description [ To the OTV Join-Interface ]

  udld aggressive

  ip address 172.26.255.93/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  ip igmp version 3

  no shutdown

interface Ethernet2/17

  description [ To Core-A ]

  ip address 172.26.255.70/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  no shutdown

interface Ethernet2/18

  description [ To Core B ]

  ip address 172.26.255.78/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  no shutdown

interface Ethernet2/20

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 20 mode active

  no shutdown

interface Ethernet2/22

  description [ To other OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 30 mode active

  no shutdown

interface mgmt0

  ip address 172.26.245.20/24

interface loopback2

  ip address 172.26.255.153/32

  ip router ospf 2 area 0.0.0.0

cli alias name sw switchto vdc east-a

line console

  exec-timeout 0

  speed 115200

line vty

  exec-timeout 0

boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1

boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1

boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2

boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2

router ospf 1

  auto-cost reference-bandwidth 1000000

router ospf 2

  router-id 172.26.255.153

ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8

**************************************************************************************
***********************

East-a (Multicast Mode)

version 5.1(1a)

hostname East-a

feature telnet

feature ospf

feature otv

feature lacp

feature dhcp

username admin password 5 $1$36p3GlAA$Pq09DfOCaBaSvfVj1Ul1d.  role vdc-admin

no password strength-check

ip domain-lookup

ip access-list ALL_IPs

  10 permit ip any any 

mac access-list ALL_MACs 

  10 permit any any

ip access-list HSRPv1_IP

  10 permit udp any 224.0.0.2/32 eq 1985 

mac access-list HSRP_VMAC 

  10 permit 0000.0c07.ac00 0000.0000.00ff any 

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 permit ip any mac any

vlan access-map HSRPv1_Loc 10

  match mac address HSRP_VMAC 

  match ip address HSRP_IP 

  action drop

vlan access-map HSRPv1_Loc 20

  match mac address ALL_MACs

  match action forward ip address ALL_IPs

vlan filter HSRPv1_Loc vlan-list 100-199

ip arp inspection filter HSRP_VMAC_ARP <100-199>

snmp-server user admin vdc-admin auth md5 0x88018226be1701759b4301a3c0519193 pri

v 0x88018226be1701759b4301a3c0519193 localizedkey

vrf context management

  ip route 0.0.0.0/0 172.26.245.1

vlan 1,99-199

otv site-vlan 99

otv site-identifier 0x1

mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000

route-map stop-HSRP permit 10

  match mac-list HSRP_VMAC_Deny 

interface port-channel2

  description [ To N7K-a - Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

interface Overlay0

  otv join-interface Ethernet2/6

  otv control-group 239.1.1.1

  otv data-group 232.1.1.0/28

  otv extend-vlan 100-199

  no shutdown

interface Ethernet2/6

  description [ OTV Join-Interface ]

  ip address 172.26.255.94/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip igmp version 3

  no shutdown

interface Ethernet2/21

  description [ To N7K-a - Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-227

  channel-group 2 mode active

  no shutdown

interface Ethernet2/23

  description [ To N7K-b - Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-227

  channel-group 2 mode active

  no shutdown

interface mgmt0

  ip address 172.26.245.21/24

interface loopback0

  ip address 172.26.255.151/32

  ip router ospf 2 area 0.0.0.0

cli alias name his show cli hist unfo 20

line console

  exec-timeout 0

line vty

  exec-timeout 0

router ospf 2

  router-id 172.26.255.151

  timers throttle spf 10 100 500

otv-isis default

  vpn Overlay0

    redistribute filter route-map stop-HSRP

East-a (Unicast-only Mode)

The configuration is mostly identical to the one shown above. The only difference is 
in the Overlay interface configuration, as shown below.

interface Overlay0

  otv join-interface Ethernet2/6

  otv adjacency-server unicast-only

  otv use-adjacency-server 172.26.255.94 172.27.255.94

  otv extend-vlan 100-199

  no shutdown

**************************************************************************************
***********************

NR-n7k-b

version 5.1(1a)

license grace-period

hostname NR-n7k-b

!Following configuration set is not terminated by a newline

no vdc combined-hostname

vdc NR-n7k-b id 1

  limit-resource vlan minimum 16 maximum 4094

  limit-resource monitor-session minimum 0 maximum 2

  limit-resource monitor-session-erspan-dst minimum 0 maximum 23

  limit-resource vrf minimum 16 maximum 1000

  limit-resource port-channel minimum 0 maximum 768

  limit-resource u4route-mem minimum 32 maximum 32

  limit-resource u6route-mem minimum 16 maximum 16

  limit-resource m4route-mem minimum 58 maximum 58

  limit-resource m6route-mem minimum 8 maximum 8

vdc East-b id 2

  allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32

  allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23

  boot-order 3

  limit-resource vlan minimum 16 maximum 4094

  limit-resource monitor-session minimum 0 maximum 2

  limit-resource monitor-session-erspan-dst minimum 0 maximum 23

  limit-resource vrf minimum 16 maximum 1000

  limit-resource port-channel minimum 0 maximum 768

  limit-resource u4route-mem minimum 8 maximum 8

  limit-resource u6route-mem minimum 4 maximum 4

  limit-resource m4route-mem minimum 8 maximum 8

  limit-resource m6route-mem minimum 2 maximum 2

feature telnet

cfs eth distribute

feature ospf

feature pim

feature interface-vlan

feature hsrp

feature lacp

feature vpc

logging level monitor 7

username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na.  role 
network-operator

username admin password 5 $1$T1wpkssO$4U6JRuGrh5M8WvbYXTsnV0  role network-admin

username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na.  role 
network-operator

no password strength-check

ip domain-lookup

snmp-server user admin network-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 priv 
0x1ef34a157db87c5884230ac8e89f4663 localizedkey

ntp server 171.68.10.80 use-vrf management

ntp server 171.68.10.150 use-vrf management

ntp source-interface  mgmt0

vrf context management

  ip route 0.0.0.0/0 172.26.245.1

vlan 1-4,99-199

spanning-tree vlan 99-199 priority 8192

vpc domain 1

  role priority 8192

  peer-keepalive destination 172.26.245.20 source 172.26.245.10

interface Vlan100

  no shutdown

  management

  no ip redirects

  ip address 10.100.1.5/24

  ip ospf network broadcast

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 100 

    preempt delay minimum 60 

    priority 20

    timers  1  3

    ip 10.100.1.1 

<SNIP> 

interface Vlan199

  no shutdown

  no ip redirects

  ip address 10.199.1.5/24

  ip ospf network broadcast

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 199 

    preempt delay minimum 60 

    priority 20

    timers  1  3

    ip 10.199.1.1 

interface port-channel1

  description [ To N5K Access ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  spanning-tree port type network

  vpc 1

interface port-channel10

  description [ To N7K-a ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  spanning-tree port type network

  vpc peer-link

interface port-channel20

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  vpc 20

interface port-channel30

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  vpc 30

interface Ethernet1/1

  description [ To N7K-a ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 10 mode active

  no shutdown

interface Ethernet1/9

  description [ To N5K Access ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 1 mode active

  no shutdown

interface Ethernet2/1

  description [ To N7K-a ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 10 mode active

  no shutdown

interface Ethernet2/5

  description [ To the OTV Join-Interface ]

  ip address 172.26.255.97/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  ip igmp version 3

  no shutdown

interface Ethernet2/17

  description [ To Core A ]

  ip address 172.26.255.74/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  ip igmp version 3

  no shutdown

interface Ethernet2/18

  description [ To Core B ]

  ip address 172.26.255.82/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip pim sparse-mode

  ip igmp version 3

  no shutdown

interface Ethernet2/20

  description [ To this OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 30 mode active

  no shutdown

interface Ethernet2/22

  description [ To other OTV VDC ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 20 mode active

  no shutdown

interface mgmt0

  ip address 172.26.245.10/24

interface loopback2

  ip address 172.26.255.154/32

  ip router ospf 2 area 0.0.0.0

cli alias name sw switchto vdc east-b

line console

  exec-timeout 0

  speed 115200

line vty

  exec-timeout 0

boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1

boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1

boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2

boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2

router ospf 1

  auto-cost reference-bandwidth 1000000

router ospf 2

  router-id 172.26.255.154

  timers throttle spf 10 100 5000

ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8

ip routing multicast holddown 0

logging monitor 7

logging console 7

**************************************************************************************
***********************

East-b (Multicast Mode)

version 5.1(1a)

hostname East-b

feature telnet

feature ospf

feature otv

feature lacp

feature dhcp

logging level otv 7

username admin password 5 $1$mDXdlrBj$3UtOG.HD2w.PI41n2apYe/  role vdc-admin

no password strength-check

ip domain-lookup

ip access-list ALL_IPs

  10 permit ip any any 

mac access-list ALL_MACs 

  10 permit any any

ip access-list HSRPv1_IP

  10 permit udp any 224.0.0.2/32 eq 1985 

mac access-list HSRP_VMAC 

  10 permit 0000.0c07.ac00 0000.0000.00ff any 

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 permit ip any mac any

vlan access-map HSRPv1_Loc 10

  match mac address HSRP_VMAC 

  match ip address HSRP_IP 

  action drop

vlan access-map HSRPv1_Loc 20

  match mac address ALL_MACs

  match ip address ALL_IPs 

  action forward

vlan filter HSRPv1_Loc vlan-list 100-199

ip arp inspection filter HSRP_VMAC_ARP <100-199>

snmp-server user admin vdc-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 pri

v 0x1ef34a157db87c5884230ac8e89f4663 localizedkey

vrf context management

  ip route 0.0.0.0/0 172.26.245.1

vlan 1,99-199

otv site-vlan 99

otv site-identifier 0x1

mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000

route-map stop-HSRP permit 10

  match mac-list HSRP_VMAC_Deny 

interface port-channel3

  description [ OTV Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

interface Overlay0

  otv join-interface Ethernet2/6

  otv control-group 239.1.1.1

  otv data-group 232.1.1.0/28

  otv extend-vlan 100-199

  no shutdown

interface Ethernet2/6

  description [ OTV Join-Interface ]

  ip address 172.26.255.98/30

  ip ospf network point-to-point

  ip router ospf 2 area 0.0.0.0

  ip igmp version 3

  no shutdown

interface Ethernet2/21

  description [ To N7K-a - Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 3 mode active

  no shutdown

interface Ethernet2/23

  description [ To N7K-b - Internal Interface ]

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 99-199

  channel-group 3 mode active

  no shutdown

interface mgmt0

  ip address 172.26.245.11/24

interface loopback0

  ip address 172.26.255.152/32

  ip router ospf 2 area 0.0.0.0

logging monitor 7

logging console 7

line console

  exec-timeout 0

line vty

  exec-timeout 0

router ospf 2

  router-id 172.26.255.152

otv-isis default

  vpn Overlay0

    redistribute filter route-map stop-HSRP

East-b (Unicast-only Mode)

The configuration is mostly identical to the one shown above. The only difference is in the Overlay interface configuration, as shown below.

interface Overlay0

  otv join-interface Ethernet2/6

  otv use-adjacency-server 172.26.255.94 172.27.255.94

  otv extend-vlan 100-199

  no shutdown