OTV Unicast with dual AEDs

Gavin Lodge · ‎01-11-2014

Hi

I have deployed OTV in a lab environment and are experiencing a strange problem. The topology is two DCs each comprising of 2 x OTV VDCs and 2 x Core VDCs.

I'm having an issue where only traffic for one vlan(164) will pass across the overlay, the overlay interfaces are up and layer 2 adjacencies are working for vlan164.

Running the ‘show otv isis adjacencies’ I can see that each otv VDC has communication to all the OTV edge devices on the overlay.

Here are some show command outputs from OTV edge VDC 1 at dc1, there results are the same for all DCs.

Dc1-nx7010-otv-01# sho otv isis adjacency

OTV-IS-IS process: default VPN: Overlay0

OTV-IS-IS adjacency database:

System ID SNPA Level State Hold Time Interface Site-ID

e4c7.2201.a844 e4c7.2201.a844 1 UP 00:00:51 Overlay0 0000.0000.0002

e4c7.2201.b244 e4c7.2201.b244 1 UP 00:00:46 Overlay0 0000.0000.0002

e4c7.2203.9244 e4c7.2203.9244 1 UP 00:00:57 Overlay0 0000.0000.0001

dc1-nx7010-otv-01# sho otv

OTV Overlay Information

Site Identifier 0000.0000.0001

Overlay interface Overlay0

VPN name : Overlay0

VPN state : UP

Extended vlans : 163-164 (Total:2)

Join interface(s) : Eth1/3 (10.100.1.22)

Site vlan : 850 (up)

AED-Capable : Yes

Capability : Unicast-Only

Is Adjacency Server : Yes

Adjacency Server(s) : 10.100.1.22 / [None]

dc1-nx7010-otv-01# sho otv site

Dual Adjacency State Description

Full - Both site and overlay adjacency up

Partial - Either site/overlay adjacency down

Down - Both adjacencies are down (Neighbor is down/unreachable)

- Site-ID mismatch detected

Local Edge Device Information:

Hostname lon1-nx7010-otv-01

System-ID e4c7.2203.1ec4

Site-Identifier 0000.0000.0001

Site-VLAN 850 State is Up

Site Information for Overlay0:

Local device is AED-Capable

Neighbor Edge Devices in Site: 1

Hostname System-ID Adjacency- Adjacency- AED-

State Uptime Capable

--------------------------------------------------------------------------------

dc1-nx7010-otv-02 e4c7.2203.9244 Full 1d02h Yes

DC 1

dc1-nx7010-otv-01

vlan 163-4,850

otv site-vlan 850

interface Overlay0

otv join-interface Ethernet1/3

otv extend-vlan 163-164

otv use-adjacency-server 10.100.1.22 unicast-only

otv adjacency-server unicast-only

no shutdown

otv site-identifier 0x1

interface Ethernet1/3

no switchport

mtu 1600

ip address 10.100.1.22/30

no ip ospf passive-interface

ip router ospf 10 area 0.0.0.35

no shutdown

dc1-nx7010-otv-02

vlan 163-4,850

otv site-vlan 850

interface Overlay0

otv join-interface Ethernet1/3

otv extend-vlan 163-164

otv use-adjacency-server 10.100.1.22 unicast-only

no shutdown

otv site-identifier 0x1

interface Ethernet1/3

no switchport

mtu 1600

ip address 10.100.1.18/30

no ip ospf passive-interface

ip router ospf 10 area 0.0.0.35

no shutdown

DC 2

dc2-nx7004-otv-01

vlan 163-4,800

otv site-vlan 800

interface Overlay0

otv join-interface Ethernet4/3

otv extend-vlan 163-164

otv use-adjacency-server 10.100.1.22 unicast-only

no shutdown

otv site-identifier 0x2

interface Ethernet4/3

mtu 1600

ip address 10.100.1.5/30

no ip ospf passive-interface

ip router ospf 10 area 0.0.0.35

no shutdown

dc2--nx7004-otv-02

vlan 163-4,800

otv site-vlan 800

interface Overlay0

otv join-interface Ethernet4/3

otv extend-vlan 163-164

otv use-adjacency-server 10.100.1.22 unicast-only

no shutdown

otv site-identifier 0x2

interface Ethernet4/3

mtu 1600

ip address 10.100.1.2/30

no ip ospf passive-interface

ip router ospf 10 area 0.0.0.35

no shutdown

I would appreciate some help with this as I'm going round in circles trying to figure out what is wrong as the config looks fine and is working for one vlan.

Steve Fuller · ‎01-11-2014

Hi Gavin,

One thing that looks odd in the configuration you've supplied is the vlan 163-4,850 and vlan 163-4,800 commands. I think this would create VLANs in the range 4 to 163 and 850 in DC1, and 4 to 163 and 800 in DC2, and not VLANs 163, 164, 800 and 850 as you want.

In all Nexus I've looked at the VLAN configuration would appear as something along the lines of vlan 163-164, 850 i.e., 164 should be in full and not only a numeric 4. Can you confirm whether this is the case or if it's simply that the syntax is different.

You should see be able to see the VLANs that are active with the show vlan and show otv vlan commands.

Regards

Gavin Lodge · ‎01-11-2014

Hi Steve

Thanks for the quick reply, that was a typo(the only section that I didn't copy and paste). Below is the 'show otv vlan' output. Interesting the I can't see any otv routes for vlan 163 for DC 1 when running 'show otv route' on dc2-nx7004-otv-01:

dc1-nx7004-otv-01# sho otv route

OTV Unicast MAC Routing Table For Overlay0

VLAN MAC-Address Metric Uptime Owner Next-hop(s)

---- -------------- ------ -------- --------- -----------

163 0000.0c07.aca3 1 03:21:47 site port-channel401

163 e4c7.2201.a842 1 03:21:47 site port-channel401

163 e4c7.2201.a844 1 03:21:40 site port-channel401

164 0000.0c07.aca4 42 03:24:36 overlay dc1-nx7010-otv-01

164 7081.0564.e23f 42 03:24:36 overlay dc1-nx7010-otv-01

164 e4c7.2203.1ec2 42 03:24:36 overlay dc1-nx7010-otv-01

164 e4c7.2203.9242 42 03:24:36 overlay dc1-nx7010-otv-01

164 e4c7.2203.9244 42 03:24:36 overlay dc1-nx7010-otv-01

dc1-nx7010-otv-01#sho otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

(NFC) - Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay

---- ----------------------------------- ---------------------- ------

-

163 dc1-nx7010-otv-02 inactive(NA) Overlay0

164* dc1-nx7010-otv-01 active Overlay0

dc1-nx7010-otv-02#sho otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

(NFC) - Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay

---- ----------------------------------- ---------------------- ------

-

163* dc1-nx7010-otv-02 active Overlay0

164 dc1-nx7010-otv-01 inactive(NA) Overlay0

dc2-nx7004-otv-01# sho otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

(NFC) - Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay

---- ----------------------------------- ---------------------- ------

-

163* dc2-nx7004-otv-01 active Overlay0

164 dc2-nx7004-otv-02 inactive(NA) Overlay0

dc2-nx7004-otv-02# sho otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

Legend:

(NA) - Non AED, (VD) - Vlan Disabled, (OD) - Overlay Down

(DH) - Delete Holddown, (HW) - HW: State Down

(NFC) - Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay

---- ----------------------------------- ---------------------- ------

-

163 dc2-nx7004-otv-01 inactive(NA) Overlay0

164* dc2-nx7004-otv-02 active Overlay0

Steve Fuller · ‎01-12-2014

Hi Gavin,

Can you confirm where the show otv route you pasted was taken? In the text you state dc2-nx7004-otv-01, but the prompt on the capture shows dc1-nx7004-otv-01.

Presumably when you run show otv route on dc1-nx7010-otv-01 and dc2-nx7004-otv-02 i.e., the AED for VLAN164, in both ED you're seeing MACs for VLAN 164 with some MACs having the owner as the site and others the overlay?

What do we see with a show otv route in dc1-nx7010-otv-02? Hopefully we're actually seeing MACs learnt on the internal interface i.e., the AED for VLAN 163 has the VLAN allowed on its internal interface and we're actually learning MACs in VLAN 163?

Regards