Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1209
Views
0
Helpful
4
Replies

OTV With FHRP

Code_Net
Level 1
Level 1

‎09-15-2021 07:15 AM

Hello Community,

 

I have a question about OTV with HSRP, We have two DCs connected by OTV ( the underlay is VPLS ).

We have only one OTV-edge in each DC ( OTV Unicast ), the purpose is to add second OTV edge in both DCs and make the HSRP redundancy.

 

I want to know if i need to change the OTV mode to multicast, and if there is any config specification for OTV with HSRP, and what is the limitations for OTV over VPLS ?

 

Thank you all

Labels:
Preview file
1 KB
0 Helpful
4 Replies 4

Steven Doremus
Level 1
Level 1

‎09-15-2021 11:32 AM

OTV  will work with multicast or unicast as your transport.

Multicast is the preferred method due to its flexibility,as well it's limited overhead.It requires that you have multicast already running as transport in existing network.

You can use  unicast traffic if the total number of sites is less than or equal to two sites.

 

 

0 Helpful

Code_Net
Level 1
Level 1
In response to Steven Doremus

‎09-16-2021 12:55 AM

Thank you Steven, do you have any configuration exemple for OTV Unicast ( 2 ISRs in each DC ) ?

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎09-15-2021 09:54 PM

One thing you have to consider about HSRP & OTV, supposing that you have the HSRP configured in conjunction with vPC: you would need to enable HSRP/FHRP isolation, in order to have HSRP Active/Standby in each DC, similar with figure 1-32: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro/DCI_1.html#wp1186090

You can find config example here:

 

Step 1. Configure a VLAN ACL (VACL) on the OTV VDC.

ip access-list ALL_IPs
	10 permit ip any any

mac access-list ALL_MACs
	10 permit any any

ipv6 access-list ALL_IPV6s
	10 permit ipv6 any any

ip access-list HSRP_IP
	10 permit udp any 224.0.0.2/32 eq 1985
	20 permit udp any 224.0.0.102/32 eq 1985

ipv6 access-list HSRP_IPV6
	
mac access-list HSRP_VMAC
	10 permit 0000.0c07.ac00 0000.0000.00ff any
	20 permit 0000.0c9f.f000 0000.0000.0fff any
	30 permit 0005.73a0.0000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP
	10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00
	20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000
	30 deny ip any mac 0005.73a0.0000 ffff.ffff.f000
	40 permit ip any mac any
vlan access-map HSRP_Localization 10
	match mac address HSRP_VMAC
	match ip address HSRP_IP
	match ipv6 address HSRP_IPV6
	action drop
vlan access-map HSRP_Localization 20
	match mac address ALL_MACs
	match ip address ALL_IPs
	match ipv6 address ALL_IPV6s
	action forward

feature dhcp
ip arp inspection filter HSRP_VMAC_ARP <OTV_Extended_VLANs>
vlan filter HSRP_Localization vlan-list <OTV_Extended_VLANs>


Step 2. Apply a route-map to the OTV control protocol (ISIS).

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000
mac-list OTV_HSRP_VMAC_deny seq 12 deny 0005.73a0.0000 ffff.ffff.f000
mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000

route-map OTV_HSRP_filter permit 10
	match mac-list OTV_HSRP_VMAC_deny

otv-isis default
	vpn Overlay0
	redistribute filter route-map OTV_HSRP_filter

 

Stay safe,

Sergiu

 

 

0 Helpful

Code_Net
Level 1
Level 1
In response to Sergiu.Daniluk

‎09-16-2021 12:53 AM

Hey Segiu,

 

There is no vPC, the OTV edges are Cisco ISR, do you think that i can configure it in unicast mode ( OTV between 2 ISRs in each DC ), and does VPLS have any limitation for OTV Multicast ?

0 Helpful
Customers Also Viewed These Support Documents