10-26-2012 09:53 AM - edited 03-04-2019 05:58 PM
We have OTV working on our ASR1Ks in a lab environment. We mocked up two data centers and a simulated ISP core that supports multicast. Everything works fine. We can move hosts between data centers, drop a few pings and see the OTV table updates and connectivity restore. But that is when we're using the default VRF. When we try to put the WAN interface into a VRF (VRF-Lite) the OTV breaks. I've read in a few places that 'virtualization is supported'.
I've tried several changes relative to the use of the VRF including:
- put only the join interface in the new VRF (ELANVRF)
- instead of just using 'ip pim ssm default' I've added 'ip pim vrf ELANVRF ssm default'
- instead of just using 'ip multicast-routing distributed' I've added 'ip multicast-routing vrf ELANVRF distributed'
- I've also tried adding the 'vrf forwarding ELANVRF' to not only the join-interface (the WAN/ELAN ISP facing interface), but I've also incrementally tried adding and removing it from the overlay interface as well. But no luck. All 4 routers involved end up in the same failed OTV state.
Worthington-ASR1K-R02#sh otv
Overlay Interface Overlay1
VPN name : overlay1
VPN ID : 1
State : UP
AED Capable : No, overlay DIS not elected
IPv4 control group : 239.1.1.1
Mcast data group range(s): 232.0.0.0/8
Join interface(s) : GigabitEthernet0/0/0
Join IPv4 address : 10.99.99.2
Tunnel interface(s) : Tunnel0
Encapsulation format : GRE/IPv4
Site Bridge-Domain : 401
Capability : Multicast-reachable
Is Adjacency Server : No
Adj Server Configured : No
Prim/Sec Adj Svr(s) : None
Is the use of VRF-Lite really supported on the ASR1K and if so, what configuration elements may I be missing? I'm running 9.03.06.00.S.152-2.S on all routers involved.
Thanks,
-chris
10-26-2012 10:28 AM
Never tried it, but looking in the config guide,
"OTV supports virtual routing and forwarding (VRF) instances on the physical interface that is associated
with an overlay interface. By default, an overlay interface is placed in the default VRF unless you
specifically configure another VRF on the interface that is being used as the OTV join interface."
Further down in states that the otv join-interface must be in the default vrf.
From what I read and checking the CLI, have you tried putting your L2 interface into a vrf along with the overlay interface? Hope it helps and let us know the results.
10-26-2012 11:34 AM
Collin,
Thanks for the reply. Looks like you found the same reference I did regarding the support of VRFs. Yes, I tried stepping through a few changes but couldn't get them to work. First I tried only the join interface in the VRF, then I added the overlay interface to the VRF and finally, the inside L2 interface to the VRF. No luck yet.
-chris
10-31-2012 12:57 PM
Just finished a meeting with an ASR1K TME. Despite the published documentation the TME stated that VRFs are not supported in conjunction with OTV. The TME committed to getting the documentation updated.
As things stand for us, we'll run OTV on the ASR1Ks (4) between a couple of data centers with a few VLANs extended. I will post some sanitized configs once we're futher down the production road.
Thanks all,
-chris
11-27-2012 08:37 AM
Hi Cristopher,
I have the same situation you had, but I dont need VRF. Could you please post the configs you had used for your lab? I have the same scenario and the only it works its the control plane. Both edges populate the "show otv arp" with MAC's from the other site, but they dont ping.
Maybe you could help me with your configs, thank you very much in advance
Victor.
04-24-2013 09:31 PM
I don't know the history of the issue, but when you are working with VRF do the following:
Just remove the OTV overlay configurations and paste the same. There seems to be problem when you configure VRF on the overlay interface and remove it.
Do let me know if you are still facing the issue
06-26-2013 11:38 AM
Chistopher,
I am trying to do the same thing and can't get it to work. Did you ever get this to work? I think I am going to try to put everything else on the router into a VRF and leave this in VRF 0.
06-26-2013 12:02 PM
Hi Josh,
Can you share your configs:
Here, is what I have done:
ED1 ------- CORE ------ ED2
ED1#
ip multicast-routing distributed
ip igmp snooping querier version 3
ip igmp snooping querier
otv site bridge-domain 2
otv site-identifier 0000.0000.0002
interface Overlay11
no ip address
no shutdown ! added by me
otv control-group 232.1.11.11
otv data-group 232.11.11.0/24
otv join-interface GigabitEthernet3/0/1.11
service instance 11 ethernet
encapsulation dot1q 11
bridge-domain 11
interface GigabitEthernet3/0/0
no ip address
negotiation auto
service instance 2 ethernet
encapsulation dot1q 2
bridge-domain 2
service instance 11 ethernet
encapsulation dot1q 11
bridge-domain 11
interface GigabitEthernet3/0/1
mtu 9216
no ip address
negotiation auto
interface GigabitEthernet3/0/1.11
encapsulation dot1Q 11
ip address 10.1.11.1 255.255.255.0
ip pim passive
ip igmp version 3
router ospf 11
router-id 1.1.1.1
network 10.1.11.0 0.0.0.255 area 0
ED1#
=======================================================
CORE_ROUTER#
ip multicast-routing distributed
interface Loopback0
ip address 4.4.4.4 255.255.255.255
interface GigabitEthernet0/0/0
mtu 9216
no ip address
negotiation auto
interface GigabitEthernet0/0/0.11
encapsulation dot1Q 11
ip address 15.1.11.2 255.255.255.0
ip pim sparse-mode
ip igmp version 3
interface GigabitEthernet0/0/1
mtu 9216
no ip address
negotiation auto
interface GigabitEthernet0/0/1.11
encapsulation dot1Q 11
ip address 10.1.11.2 255.255.255.0
ip pim sparse-mode
ip igmp version 3
router ospf 11
router-id 11.11.11.11
network 10.1.11.0 0.0.0.255 area 0
network 15.1.11.0 0.0.0.255 area 0
ip pim rp-address 4.4.4.4
CORE_ROUTER#
=======================================================
ED2#
ip multicast-routing distributed
ip igmp snooping querier version 3
ip igmp snooping querier
otv site bridge-domain 3
otv site-identifier 0000.0000.0003
interface Overlay11
no ip address
no shutdown ! added by me
otv control-group 232.1.11.11
otv data-group 232.11.11.0/24
otv join-interface GigabitEthernet2/1/0.11
service instance 11 ethernet
encapsulation dot1q 11
bridge-domain 11
interface GigabitEthernet2/1/0
mtu 9216
no ip address
negotiation auto
interface GigabitEthernet2/1/0.11
encapsulation dot1Q 11
ip address 15.1.11.1 255.255.255.0
ip pim passive
ip igmp version 3
interface GigabitEthernet2/1/1
no ip address
negotiation auto
service instance 3 ethernet
encapsulation dot1q 3
bridge-domain 3
service instance 11 ethernet
encapsulation dot1q 11
bridge-domain 11
router ospf 11
router-id 2.2.2.2
network 15.1.11.0 0.0.0.255 area 0
ED2#
=======================================================
With the above configurations, I have OTV up and running. We cannot make overlay part of a VRF, however, we can add the join-interface to be part of a VRF [supported in XE-3.10].
Let me know if you need any further details.
06-26-2013 07:09 PM
Aries,
Thanks for your help. Is it possible to get OTV in a VRF? One way or the other I need to get the routing tables separated since this is a public edge router. I tried putting just g0/1/2 in and that broke OTV. I then put the overlay1 interface in and it was still not able to pass traffic. Should it work if I have G0/1/2 in vrf PPP and not the overlay1?
Building configuration...
Current configuration : 5873 bytes
!
! Last configuration change at 10:19:19 UTC Wed Jun 26 2013 by admin
!
version 15.2
service nagle
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
service sequence-numbers
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
!
hostname ar1.strlng.clevoh
!
boot-start-marker
boot system bootflash:asr1000rp1-adventerprisek9.03.06.00.S.152-2.S.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
no ip source-route
!
ip vrf PPP
rd 1:2
!
!
!
ip flow-cache timeout active 5
no ip bootp server
ip domain timeout 2
ip domain name intellinetcorp.com
ip multicast-routing distributed
!
!
!
!
!
!
otv site bridge-domain 1
!
otv site-identifier 0001.0001.0001
no mpls ip
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
redundancy
mode none
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
!
!
!
!
interface Overlay1
ip vrf forwarding PPP
no ip address
otv control-group 239.1.1.1
otv data-group 232.0.0.0/8
otv join-interface GigabitEthernet0/2/1
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
!
interface GigabitEthernet0/0/0
description XO Internet
ip address 207.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
logging event link-status
no negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
no ip address
no logging event link-status
media-type rj45
negotiation auto
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
description eth9-37.cs1 (otv inside)
encapsulation dot1q 300
bridge-domain 300
!
!
interface GigabitEthernet0/1/1
no ip address
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2/0
description G-2-0-2.ds3.strlng.clevoh
bandwidth 1000000
ip address 18.45.1.2 255.255.255.0
ip flow ingress
logging event link-status
media-type rj45
negotiation auto
vrrp 100 ip 18.45.1.1
vrrp 100 priority 120
cdp enable
!
interface GigabitEthernet0/2/1
ip vrf forwarding PPP
ip address 10.1.1.1 255.255.255.252
media-type sfp
no negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.3.1.59 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
negotiation auto
!
router bgp 560
bgp log-neighbor-changes
network 18.45.1.0
network 18.45.2.0
network 18.45.3.0
network 18.45.4.0
network 18.45.5.0
network 18.45.6.0
network 18.45.7.0
aggregate-address 18.45.1.0 255.255.248.0
neighbor 198.45.1.2 remote-as 560
neighbor 198.45.2.2 next-hop-self
neighbor 207.2.2.5 remote-as 2828
neighbor 207.2.2.5 route-map AS2828-IN in
neighbor 207.2.2.5 route-map AS2828-OUT out
!
ip forward-protocol nd
!
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit _2828$
ip flow-export source GigabitEthernet0/2/0
no ip http server
no ip http secure-server
ip pim ssm default
ip route 18.45.2.0 255.255.255.0 18.45.1.10
ip route 18.45.3.0 255.255.255.0 18.45.1.10
ip route 18.45.4.0 255.255.255.0 18.45.1.10
ip route 18.45.5.0 255.255.255.0 18.45.1.10
ip route 18.45.6.0 255.255.255.0 18.45.1.10
ip route 18.45.7.0 255.255.255.0 18.45.1.10
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.3.1.1
!
ip access-list standard vty
permit 66.9.5.98
permit 172.16.0.0 0.15.255.255
permit 10.0.0.0 0.255.255.255
permit 192.168.0.0 0.0.255.255
permit 208.71.72.0 0.0.7.255
permit 18.45.12.0 0.0.7.255
!
!
snmp ifmib ifindex persist
!
!
!
control-plane
!
!
!
!
!
line con 0
stopbits 1
line aux 0
transport input telnet
transport output all
stopbits 1
line vty 0 4
access-class vty in vrf-also
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
!
!
06-26-2013 09:18 PM
Hi Josh,
I am not sure if this is supported in XE-3.6, but, from the configurations, there are a few things that need to be added and replaced:
(config)# ip multicast-routing vrf PPP distributed
Also, in the overlay configuration, I see that you have placed the following:
interface Overlay1
ip vrf forwarding PPP --> this configuration has to be removed
I would request you to remove the entire overlay1 configuration and paste it again without the 'ip vrf forwarding PPP' as below:
no interface overlay 1
interface Overlay1
no shutdown ! added by me again
no ip address
otv control-group 239.1.1.1
otv data-group 232.0.0.0/8
otv join-interface GigabitEthernet0/2/1
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
The above is to be done since there is an issue when you place the overlay interface in a vrf, we have to remove and re-add the overlay confgurations. [This issue is rectified in XE-3.10]
Kindly give this a shot and let me know how it goes.
Thanks,
Aries
06-27-2013 05:27 AM
Aries thanks again for the help and quick reply. I removed the overlay interface and added multicast routing to the VRF and still cannot get the OTV up. Any suggestions? Thanks
interface Overlay1
ip vrf forwarding PPP
no ip address
otv control-group 239.1.1.1
otv data-group 232.0.0.0/8
otv join-interface GigabitEthernet0/2/1
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
end
ip multicast-routing vrf PPP distributed
06-27-2013 05:59 AM
Hi Josh,
Kindly do the below:
no interface Overlay 1
then,
interface Overlay1
no shutdown
no ip address
otv control-group 239.1.1.1
otv data-group 232.0.0.0/8
otv join-interface GigabitEthernet0/2/1
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
end
DO NOT PUT "ip vrf forwarding PPP" command under the overlay interface. This is not supported.
Only the join interface should have this configuration.
Just removing "ip vrf forwarding PPP" from Overlay1 does not work since there is an issue, so you have the remove the Overlay interface itself and re-configure it without the VRF configuration.
Let me know if need further details.
06-27-2013 06:04 AM
Aries,
Sorry about that I changed it. I copy and pasted that in indventantly. I removed the overlay 1 and readded like so
interface Overlay1
no ip address
otv control-group 239.1.1.1
otv data-group 232.0.0.0/8
otv join-interface GigabitEthernet0/2/1
service instance 1 ethernet
encapsulation dot1q 1
bridge-domain 1
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
end
It still is not working.. Any thoughts?
06-27-2013 06:14 AM
Hi Josh,
I just had a talk with some folks here and this is want they had to tell me.
In the release you are testing [ie XE-3.6], this was not a supported feature [VRF support is official from XE-3.10]. However, in XE-3.10, which is about to get released in sometime from now, this feature will be supported completely.
However, to understand this, can you paste the "show otv isis neighbor" / "show otv" details related to your setup.
One more question is that, if you don't have VRF, is your OTV coming up and working fine?
06-27-2013 07:58 PM
Hi Josh,
I regret to inform you that on XE-3.6 [*adventerprisek9.03.06.00.S.152-2.S.bin], VRF support is not available. Hence, I woulr request you to work with the default VRF. Once, XE-3.10 is released, you can use the same and use VRF configurations since it will be fully supported from XE-3.10.
Thanks,
Aries
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide