OTV deployment scenario w/VRFs

ryan.lambert · ‎06-23-2016

Hey everyone,

Just wanted to run this out there to get some additional opinions and see if I was missing anything:

I am looking at possibly deploying OTV w/FHRP isolation (via ASR1ks) across two data centers and removing the stretched layer 2 fabric. The SVIs will, for now, live on Catalyst 6500s connected to the ASRs. On these 6500s, I have a global VRF for external facing services (ARIN allocated), and an internal VRF for backend server communication (RFC1918 space).

The idea is that the ASR will not be VRF aware, just a standard OTV config extending the VLANs in both VRFs, and all of the VRF isolation for public/private will be done on the 6500s at both sites.

Is there anything I need to consider here that I'm not thinking of? To me, this seems pretty straightforward and good to go, but want to make sure I'm not shooting myself in the foot (other than the fact I've gotta use ASRs and not 7ks ;))

Thanks!

Khurram Noor · ‎08-06-2018

Hi Ryan,

I just came searching for something similar to your post. In my scenario, the SVIs are all on the nexus and are not running VRF. and otv is already running for some vlans between a couple of DCs in unicast mode. Now a third party is getting integrated into the same network which will be connected into a separate VRF on the ASR so it will be passed through the firewall before it hits the default VRF. There is a requirement to stretch some vlans between default vrf and this newly connected third party. if i keep the same join and but create a new overlay interface for 3rd party specific vlans, will that be able to form an adjacency through the firewall over the new VRF.