cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3220
Views
0
Helpful
16
Replies

OTV on ASR1K - working in Default VRF, but not in other VRFs

We have OTV working on our ASR1Ks in a lab environment. We mocked up two data centers and a simulated ISP core that supports multicast. Everything works fine. We can move hosts between data centers, drop a few pings and see the OTV table updates and connectivity restore. But that is when we're using the default VRF. When we try to put the WAN interface into a VRF (VRF-Lite) the OTV breaks. I've read in a few places that 'virtualization is supported'.

I've tried several changes relative to the use of the VRF including:

- put only the join interface in the new VRF (ELANVRF)

- instead of just using 'ip pim ssm default' I've added 'ip pim vrf ELANVRF ssm default'

- instead of just using 'ip multicast-routing distributed' I've added 'ip multicast-routing vrf ELANVRF distributed'

- I've also tried adding the 'vrf forwarding ELANVRF' to not only the join-interface (the WAN/ELAN ISP facing interface), but I've also incrementally tried adding and removing it from the overlay interface as well. But no luck. All 4 routers involved end up in the same failed OTV state.

Worthington-ASR1K-R02#sh otv

Overlay Interface Overlay1

VPN name                 : overlay1

VPN ID                   : 1

State                    : UP

AED Capable              : No, overlay DIS not elected

IPv4 control group       : 239.1.1.1

Mcast data group range(s): 232.0.0.0/8

Join interface(s)        : GigabitEthernet0/0/0

Join IPv4 address        : 10.99.99.2

Tunnel interface(s)      : Tunnel0

Encapsulation format     : GRE/IPv4

Site Bridge-Domain       : 401

Capability               : Multicast-reachable

Is Adjacency Server      : No

Adj Server Configured    : No

Prim/Sec Adj Svr(s)      : None

Is the use of VRF-Lite really supported on the ASR1K and if so, what configuration elements may I be missing? I'm running 9.03.06.00.S.152-2.S on all routers involved.

Thanks,

-chris

16 Replies 16

Collin Clark
VIP Alumni
VIP Alumni

Never tried it, but looking in the config guide,

"OTV supports virtual routing and forwarding (VRF) instances on the physical interface that is associated

with an overlay interface. By default, an overlay interface is placed in the default VRF unless you

specifically configure another VRF on the interface that is being used as the OTV join interface."

Further down in states that the otv join-interface must be in the default vrf.

From what I read and checking the CLI, have you tried putting your L2 interface into a vrf along with the overlay interface? Hope it helps and let us know the results.

      

Collin,

Thanks for the reply. Looks like you found the same reference I did regarding the support of VRFs. Yes, I tried stepping through a few changes but couldn't get them to work. First I tried only the join interface in the VRF, then I added the overlay interface to the VRF and finally, the inside L2 interface to the VRF. No luck yet.

-chris

Just finished a meeting with an ASR1K TME. Despite the published documentation the TME stated that VRFs are not supported in conjunction with OTV. The TME committed to getting the documentation updated.

As things stand for us, we'll run OTV on the ASR1Ks (4) between a couple of data centers with a few VLANs extended. I will post some sanitized configs once we're futher down the production road.

Thanks all,

-chris

Hi Cristopher,

I have the same situation you had, but I dont need VRF. Could you please post the configs you had used for your lab? I have the same scenario and the only it works its the control plane. Both edges populate the "show otv arp" with MAC's from the other site, but they dont ping.

Maybe you could help me with your configs, thank you very much in advance

Victor.

Aries Fernandes
Cisco Employee
Cisco Employee

I don't know the history of the issue, but when you are working with VRF do the following:

Just remove the OTV overlay configurations and paste the same. There seems to be problem when you configure VRF on the overlay interface and remove it.

Do let me know if you are still facing the issue

Josh Sprang
Level 1
Level 1

Chistopher,

I am trying to do the same thing and can't get it to work.  Did you ever get this to work?  I think I am going to try to put everything else on the router into a VRF and leave this in VRF 0.

Hi Josh,

Can you share your configs:

Here, is what I have done:

ED1 ------- CORE ------ ED2

ED1#

ip multicast-routing distributed

ip igmp snooping querier version 3

ip igmp snooping querier

otv site bridge-domain 2

otv site-identifier 0000.0000.0002

interface Overlay11

no ip address

no shutdown  ! added by me

otv control-group 232.1.11.11

otv data-group 232.11.11.0/24

otv join-interface GigabitEthernet3/0/1.11

service instance 11 ethernet

  encapsulation dot1q 11

  bridge-domain 11

interface GigabitEthernet3/0/0

no ip address

negotiation auto

service instance 2 ethernet

  encapsulation dot1q 2

  bridge-domain 2

service instance 11 ethernet

  encapsulation dot1q 11

  bridge-domain 11

interface GigabitEthernet3/0/1

mtu 9216

no ip address

negotiation auto

interface GigabitEthernet3/0/1.11

encapsulation dot1Q 11

ip address 10.1.11.1 255.255.255.0

ip pim passive

ip igmp version 3

router ospf 11

router-id 1.1.1.1

network 10.1.11.0 0.0.0.255 area 0

ED1#

=======================================================

CORE_ROUTER#

ip multicast-routing distributed

interface Loopback0

ip address 4.4.4.4 255.255.255.255

interface GigabitEthernet0/0/0

mtu 9216

no ip address

negotiation auto

interface GigabitEthernet0/0/0.11

encapsulation dot1Q 11

ip address 15.1.11.2 255.255.255.0

ip pim sparse-mode

ip igmp version 3

interface GigabitEthernet0/0/1

mtu 9216

no ip address

negotiation auto

interface GigabitEthernet0/0/1.11

encapsulation dot1Q 11

ip address 10.1.11.2 255.255.255.0

ip pim sparse-mode

ip igmp version 3

router ospf 11

router-id 11.11.11.11

network 10.1.11.0 0.0.0.255 area 0

network 15.1.11.0 0.0.0.255 area 0

ip pim rp-address 4.4.4.4

CORE_ROUTER# 

=======================================================

ED2#

ip multicast-routing distributed

ip igmp snooping querier version 3

ip igmp snooping querier

otv site bridge-domain 3

otv site-identifier 0000.0000.0003

interface Overlay11

no ip address

no shutdown  ! added by me

otv control-group 232.1.11.11

otv data-group 232.11.11.0/24

otv join-interface GigabitEthernet2/1/0.11

service instance 11 ethernet

  encapsulation dot1q 11

  bridge-domain 11

interface GigabitEthernet2/1/0

mtu 9216

no ip address

negotiation auto

interface GigabitEthernet2/1/0.11

encapsulation dot1Q 11

ip address 15.1.11.1 255.255.255.0

ip pim passive

ip igmp version 3

interface GigabitEthernet2/1/1

no ip address

negotiation auto

service instance 3 ethernet

  encapsulation dot1q 3

  bridge-domain 3

service instance 11 ethernet

  encapsulation dot1q 11

  bridge-domain 11

router ospf 11

router-id 2.2.2.2

network 15.1.11.0 0.0.0.255 area 0

ED2#

=======================================================

With the above configurations, I have OTV up and running. We cannot make overlay part of a VRF, however, we can add the join-interface to be part of a VRF [supported in XE-3.10].

Let me know if you need any further details.

Aries,

Thanks for your help.  Is it possible to get OTV in a VRF?  One way or the other I need to get the routing tables separated since this is a public edge router.  I tried putting just g0/1/2 in and that broke OTV.  I then put the overlay1 interface in and it was still not able to pass traffic.     Should it work if I have G0/1/2 in vrf PPP and not the overlay1? 

ar1.strlng.clevoh#show run

Building configuration...

Current configuration : 5873 bytes

!

! Last configuration change at 10:19:19 UTC Wed Jun 26 2013 by admin

!

version 15.2

service nagle

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

service sequence-numbers

service unsupported-transceiver

no platform punt-keepalive disable-kernel-core

!

hostname ar1.strlng.clevoh

!

boot-start-marker

boot system bootflash:asr1000rp1-adventerprisek9.03.06.00.S.152-2.S.bin

boot-end-marker

!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

!

aaa new-model

!

!

!        

!

!

!

!

aaa session-id common

no ip source-route

!

ip vrf PPP

rd 1:2

!

!

!

ip flow-cache timeout active 5

no ip bootp server

ip domain timeout 2

ip domain name intellinetcorp.com

ip multicast-routing distributed

!

!

!

!

!

!

otv site bridge-domain 1

!

otv site-identifier 0001.0001.0001

no mpls ip

multilink bundle-name authenticated

!

!

!

!

!

!        

!

!

!

!

!

!

!

!

!

!

redundancy

mode none

!

!

!

!

!

!

ip tftp source-interface GigabitEthernet0

!

!

!

!

!

!

!

!

!

!

interface Overlay1

ip vrf forwarding PPP

no ip address

otv control-group 239.1.1.1

otv data-group 232.0.0.0/8

otv join-interface GigabitEthernet0/2/1

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

!

interface GigabitEthernet0/0/0

description XO Internet

ip address 207.x.x.x 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

logging event link-status

no negotiation auto

!

interface GigabitEthernet0/0/1

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet0/0/2

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet0/0/3

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet0/1/0

no ip address

no logging event link-status

media-type rj45

negotiation auto

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  description eth9-37.cs1 (otv inside)

  encapsulation dot1q 300

  bridge-domain 300

!

!

interface GigabitEthernet0/1/1

no ip address

shutdown

media-type rj45

negotiation auto

!

interface GigabitEthernet0/2/0

description G-2-0-2.ds3.strlng.clevoh

bandwidth 1000000

ip address 18.45.1.2 255.255.255.0

ip flow ingress

logging event link-status

media-type rj45

negotiation auto

vrrp 100 ip 18.45.1.1

vrrp 100 priority 120

cdp enable

!

interface GigabitEthernet0/2/1

ip vrf forwarding PPP

ip address 10.1.1.1 255.255.255.252

media-type sfp

no negotiation auto

!

interface GigabitEthernet0

vrf forwarding Mgmt-intf

ip address 10.3.1.59 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

negotiation auto

!

router bgp 560

bgp log-neighbor-changes

network 18.45.1.0

network 18.45.2.0

network 18.45.3.0

network 18.45.4.0

network 18.45.5.0

network 18.45.6.0

network 18.45.7.0

aggregate-address 18.45.1.0 255.255.248.0

neighbor 198.45.1.2 remote-as 560

neighbor 198.45.2.2 next-hop-self

neighbor 207.2.2.5 remote-as 2828

neighbor 207.2.2.5 route-map AS2828-IN in

neighbor 207.2.2.5 route-map AS2828-OUT out

!

ip forward-protocol nd

!        

ip as-path access-list 1 permit ^$

ip as-path access-list 2 permit _2828$

ip flow-export source GigabitEthernet0/2/0

no ip http server

no ip http secure-server

ip pim ssm default

ip route 18.45.2.0 255.255.255.0 18.45.1.10

ip route 18.45.3.0 255.255.255.0 18.45.1.10

ip route 18.45.4.0 255.255.255.0 18.45.1.10

ip route 18.45.5.0 255.255.255.0 18.45.1.10

ip route 18.45.6.0 255.255.255.0 18.45.1.10

ip route 18.45.7.0 255.255.255.0 18.45.1.10

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.3.1.1

!

ip access-list standard vty

permit 66.9.5.98

permit 172.16.0.0 0.15.255.255

permit 10.0.0.0 0.255.255.255

permit 192.168.0.0 0.0.255.255

permit 208.71.72.0 0.0.7.255

permit 18.45.12.0 0.0.7.255

!

!

snmp ifmib ifindex persist

!

!

!

control-plane

!

!

!

!

!

line con 0

stopbits 1

line aux 0

transport input telnet

transport output all

stopbits 1

line vty 0 4

access-class vty in vrf-also

exec-timeout 60 0

privilege level 15

logging synchronous

transport input ssh

!

!

Hi Josh,

I am not sure if this is supported in XE-3.6, but, from the configurations, there are a few things that need to be added and replaced:

(config)# ip multicast-routing vrf PPP distributed

Also, in the overlay configuration, I see that you have placed the following:

interface Overlay1

ip vrf forwarding PPP   -->  this configuration has to be removed

I would request you to remove the entire overlay1 configuration and paste it again without the 'ip vrf forwarding PPP' as below:

no interface overlay 1

interface Overlay1

no shutdown ! added by me again

no ip address

otv control-group 239.1.1.1

otv data-group 232.0.0.0/8

otv join-interface GigabitEthernet0/2/1

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

The above is to be done since there is an issue when you place the overlay interface in a vrf, we have to remove and re-add the overlay confgurations. [This issue is rectified in XE-3.10]

Kindly give this a shot and let me know how it goes.

Thanks,

Aries

Aries thanks again for the help and quick reply.  I removed the overlay interface and added multicast routing to the VRF and still cannot get the OTV up.    Any suggestions?  Thanks

interface Overlay1

ip vrf forwarding PPP

no ip address

otv control-group 239.1.1.1

otv data-group 232.0.0.0/8

otv join-interface GigabitEthernet0/2/1

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

end

ip multicast-routing vrf PPP distributed

Hi Josh,

Kindly do the below:

no interface Overlay 1

then,

interface Overlay1

no shutdown

no ip address

otv control-group 239.1.1.1

otv data-group 232.0.0.0/8

otv join-interface GigabitEthernet0/2/1

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

end

DO NOT PUT "ip vrf forwarding PPP" command under the overlay interface. This is not supported.

Only the join interface should have this configuration.

Just removing "ip vrf forwarding PPP" from Overlay1 does not work since there is an issue, so you have the remove the Overlay interface itself and re-configure it without the VRF configuration.

Let me know if need further details.

Aries,

Sorry about that I changed it.  I copy and pasted that in indventantly.  I removed the overlay 1 and readded like so

interface Overlay1

no ip address

otv control-group 239.1.1.1

otv data-group 232.0.0.0/8

otv join-interface GigabitEthernet0/2/1

service instance 1 ethernet

  encapsulation dot1q 1

  bridge-domain 1

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

end

It still is not working.. Any thoughts?

Hi Josh,

I just had a talk with some folks here and this is want they had to tell me.

In the release you are testing [ie XE-3.6], this was not a supported feature [VRF support is official from XE-3.10]. However, in XE-3.10, which is about to get released in sometime from now, this feature will be supported completely.

However, to understand this, can you paste the "show otv isis neighbor" / "show otv" details related to your setup.

One more question is that, if you don't have VRF, is your OTV coming up and working fine?

Hi Josh,

I regret to inform you that on XE-3.6 [*adventerprisek9.03.06.00.S.152-2.S.bin], VRF support is not available. Hence, I woulr request you to work with the default VRF. Once, XE-3.10 is released, you can use the same and use VRF configurations since it will be fully supported from XE-3.10.

Thanks,

Aries

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco