OTV deployment scenario w/VRFs

ryan.lambert · ‎06-23-2016

Hey everyone,

Just wanted to run this out there to get some additional opinions and see if I was missing anything:

I am looking at possibly deploying OTV w/FHRP isolation (via ASR1ks) across two data centers and removing the stretched layer 2 fabric. The SVIs will, for now, live on Catalyst 6500s connected to the ASRs. On these 6500s, I have a global VRF for external facing services (ARIN allocated), and an internal VRF for backend server communication (RFC1918 space).

The idea is that the ASR will not be VRF aware, just a standard OTV config extending the VLANs in both VRFs, and all of the VRF isolation for public/private will be done on the 6500s at both sites.

Is there anything I need to consider here that I'm not thinking of? To me, this seems pretty straightforward and good to go, but want to make sure I'm not shooting myself in the foot (other than the fact I've gotta use ASRs and not 7ks ;))

Thanks!

David_Che · ‎06-24-2016

The solution you think about is feasible as below. In ASK1K eyes, the difference between GLOBAL VRF and Internal VRF is different VLAN. ASR1K OTV ED just extended these two different VLANs into the other OTV ED.

6500 |--VRF1--------VLANx-----| ASR1K ===OTV=== ASR1K |--VLANx--------VRF1-----| 6500

|--VRF2--------VLANy-----| |--VLANy--------VRF2-----|

Two years ago, We need manually filter FHRP mac out to make sure each site can have its own Primary / Secondary FHRP router. I am not sure ASK1K can automatically filter FHRP mac out now.