cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3049
Views
16
Helpful
9
Replies

OTV on a Stick with ASR 1002 question

steven.allspach
Level 4
Level 4

I am working on an "OTV on a Stick" configuration and have a couple of questions that I was hoping someone here could help out with.

With "OTV on a Stick" do I need to use two interfaces on the ASR one as the L2 "OTV Internal Interface" and one as the L3 "OTV Join interface"? 

I am struggling on how to configure the L2 "Internal Interface" on the ASR for multiple OTV VLANs.  I want to configure 3 VLANs for OTV.

It seems like there is barely any configuration examples/documents regarding how to configure OTV on the ASR 1000 routers.  This is the only document that I can find: 

http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/asr1000/wan-otv-confg.html

Any help would be greatly appreciated.

Thanks,

Steven

1 Accepted Solution

Accepted Solutions

Collin Clark
VIP Alumni
VIP Alumni

Steven,

Yes you'll need two interfaces. Below is a sanitized config. Interfaces gi0/0/0 and gi0/0/1 are put into a port channel and are the OTV Join. Interface gi0/0/2 is the dowstream connection to a 5K which houses all the servers.

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service sequence-numbers

no platform punt-keepalive disable-kernel-core

!

hostname OTV-ASR1K-01

!

boot-start-marker

boot system bootflash:asr1001-universalk9.03.06.01.S.152-2.S1.bin

boot-end-marker

!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

!

aaa session-id common

!

transport-map type console diagnostic-handler

banner diagnostic ^CCC

**************************************************************

The router is currently in diagnostic mode.

**************************************************************

^C       

connection wait none

!

clock timezone CST -6 0

clock summer-time CST recurring

no ip source-route

no ip gratuitous-arps

!

!

!

no ip bootp server

no ip domain lookup

ip domain name otv.com

ip multicast-routing distributed

!

!

!

login block-for 300 attempts 6 within 60

login delay 5

login on-failure log

login on-success log

!

!

!

otv site bridge-domain 998

!

otv site-identifier 0000.0010.0020

multilink bundle-name authenticated

bridge-domain 300

bridge-domain 401

bridge-domain 403

bridge-domain 430

bridge-domain 510

bridge-domain 998

!

!

interface Port-channel1

description Channel OTV JOIN

ip address 10.0.0.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

no negotiation auto

!

interface Overlay10

no ip address

otv control-group 239.1.1.1

otv data-group 239.255.255.0/28

otv join-interface Port-channel1

otv vpn-name COMPANY-OTV

no otv suppress arp-nd

service instance 41 ethernet

  description OTV-VMotion-L2-Only

  encapsulation dot1q 401

  bridge-domain 401

!

service instance 43 ethernet

  description CRAZY_VLAN

  encapsulation dot1q 430

  bridge-domain 430

!

service instance 44 ethernet

  description NETAPP-NFS-10.132.31.0/24

  encapsulation dot1q 403

  bridge-domain 403

!

service instance 300 ethernet

  description RANDOM_VLAN-10.30.254.0/24

  encapsulation dot1q 300

  bridge-domain 300

!

!

interface GigabitEthernet0/0/0

description OTV JOIN INTERFACE

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

negotiation auto

cdp enable

channel-group 1 mode active

!

interface GigabitEthernet0/0/1

description To OTV JOIN INTERFACE

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

negotiation auto

cdp enable

channel-group 1 mode active

!

interface GigabitEthernet0/0/2

description Trunk to N5K-01 [e1/19]

no ip address

speed 1000

no negotiation auto

cdp enable

service instance 13 ethernet

  encapsulation untagged

  bridge-domain 998

!

service instance 41 ethernet

  encapsulation dot1q 401

  bridge-domain 401

!

service instance 43 ethernet

  encapsulation dot1q 430

  bridge-domain 430

!

service instance 44 ethernet

  encapsulation dot1q 403

  bridge-domain 403

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

!

Hope it helps.

View solution in original post

9 Replies 9

mtsb
Level 1
Level 1

Hi Steven,

I think you need 2 interfaces between the ASR1K and the device on other end of the stick.

You can come up with multiple service instances on the L2 interface OTV interface and specify the OTV vlan you want to extend. Under "Configuring a VLAN over an Overlay Interface" one example is shown and you can configure 2 more repeating similar config but providing a different vlan.

Thanks,

Madhu

Collin Clark
VIP Alumni
VIP Alumni

Steven,

Yes you'll need two interfaces. Below is a sanitized config. Interfaces gi0/0/0 and gi0/0/1 are put into a port channel and are the OTV Join. Interface gi0/0/2 is the dowstream connection to a 5K which houses all the servers.

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service sequence-numbers

no platform punt-keepalive disable-kernel-core

!

hostname OTV-ASR1K-01

!

boot-start-marker

boot system bootflash:asr1001-universalk9.03.06.01.S.152-2.S1.bin

boot-end-marker

!

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

!

aaa session-id common

!

transport-map type console diagnostic-handler

banner diagnostic ^CCC

**************************************************************

The router is currently in diagnostic mode.

**************************************************************

^C       

connection wait none

!

clock timezone CST -6 0

clock summer-time CST recurring

no ip source-route

no ip gratuitous-arps

!

!

!

no ip bootp server

no ip domain lookup

ip domain name otv.com

ip multicast-routing distributed

!

!

!

login block-for 300 attempts 6 within 60

login delay 5

login on-failure log

login on-success log

!

!

!

otv site bridge-domain 998

!

otv site-identifier 0000.0010.0020

multilink bundle-name authenticated

bridge-domain 300

bridge-domain 401

bridge-domain 403

bridge-domain 430

bridge-domain 510

bridge-domain 998

!

!

interface Port-channel1

description Channel OTV JOIN

ip address 10.0.0.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

no negotiation auto

!

interface Overlay10

no ip address

otv control-group 239.1.1.1

otv data-group 239.255.255.0/28

otv join-interface Port-channel1

otv vpn-name COMPANY-OTV

no otv suppress arp-nd

service instance 41 ethernet

  description OTV-VMotion-L2-Only

  encapsulation dot1q 401

  bridge-domain 401

!

service instance 43 ethernet

  description CRAZY_VLAN

  encapsulation dot1q 430

  bridge-domain 430

!

service instance 44 ethernet

  description NETAPP-NFS-10.132.31.0/24

  encapsulation dot1q 403

  bridge-domain 403

!

service instance 300 ethernet

  description RANDOM_VLAN-10.30.254.0/24

  encapsulation dot1q 300

  bridge-domain 300

!

!

interface GigabitEthernet0/0/0

description OTV JOIN INTERFACE

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

negotiation auto

cdp enable

channel-group 1 mode active

!

interface GigabitEthernet0/0/1

description To OTV JOIN INTERFACE

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim passive

ip igmp version 3

negotiation auto

cdp enable

channel-group 1 mode active

!

interface GigabitEthernet0/0/2

description Trunk to N5K-01 [e1/19]

no ip address

speed 1000

no negotiation auto

cdp enable

service instance 13 ethernet

  encapsulation untagged

  bridge-domain 998

!

service instance 41 ethernet

  encapsulation dot1q 401

  bridge-domain 401

!

service instance 43 ethernet

  encapsulation dot1q 430

  bridge-domain 430

!

service instance 44 ethernet

  encapsulation dot1q 403

  bridge-domain 403

!

service instance 300 ethernet

  encapsulation dot1q 300

  bridge-domain 300

!

!

Hope it helps.

Collin,

Cant thank you enough!  This is exactly what I needed and what I was looking for.  Seeing this config answers many of my questions.

Great. Let me know if you need anything else.

Hi Collin,

One quick question regarding the VLANs and their numbering:

service instance 13 ethernet

   encapsulation untagged

   bridge-domain 998

!

service instance 41 ethernet

   encapsulation dot1q 401

   bridge-domain 401

!

service instance 43 ethernet

   encapsulation dot1q 430

   bridge-domain 430

!

service instance 44 ethernet

   encapsulation dot1q 403

   bridge-domain 403

!

service instance 300 ethernet

   encapsulation dot1q 300

   bridge-domain 300

I dont quite understand the service instance number and the bridge-domain number.  Should these numbers match?  And why is service instance 13 tied to vlan 998 and assigned as the native vlan? is it best practice for the site bridge-domain to be configured as the native vlan?  Im assuming it doesnt matter as long as the native matches on both sides.

In my case I will be extending the following vlans across OTV

32

33         

16          

998 will be the site bridge-domain vlan

The service instance number and the bridge domain is best to be kept the same, however it doesn't have to... It's just one less confusion if it is kept the same tbh...

Remember that the OTV site vlan should only remain on the LAN side and not on the Overlay interface.

If you are extending vlans 32, 33, 16 you can do this...

interface overlay X

!

service instance 32

encapsulation dot1q 32

bridge-domain 32

!

service instance 16

encapsulation dot1q 16

bridge-domain 16

!

service instance 33

encapsulation dot1q 33

bridge-domain 33

On the trunk interface OTV inside link on the ASR its all the same but obviously including the site vlan which you already have anyway.

conf t

!

int Gix/x/x

!

service instance 32

encapsulation dot1q 32

bridge-domain 32

!

service instance 16

encapsulation dot1q 16

bridge-domain 16

!

service instance 33

encapsulation dot1q 33

bridge-domain 33

!

service instance 13 ethernet

encapsulation untagged

bridge-domain 998

The switch side should probably be native vlan for 998 since its untagged in this scenario, however it can be tagged.

Hope this helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

In my particular case the service instance and the VLAN's didn't match up. They don't have to match but it makes sense to match them if you can.

steven.allspach
Level 4
Level 4

Here is my config so far on the first ASR router.  Hoping someone might give it a quick once over and let me know if they see anythign that stands out:

ASR1002#sh run

Building configuration...

Current configuration : 3480 bytes

!

! Last configuration change at 09:31:38 UTC Fri Jan 10 2014 by presidio

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

no platform punt-keepalive disable-kernel-core

!

hostname ASR1002

!

boot-start-marker

boot system flash bootflash:asr1000rp1-adventerprisek9.03.11.00.S.154-1.S-std.bin

boot system flash

boot-end-marker

!

aqm-register-fnf

!

vrf definition Mgmt-intf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

!

!

aaa session-id common

!

!

subscriber templating

!

otv site bridge-domain 1

!

otv fragmentation join-interface GigabitEthernet0/0/1

otv site-identifier 0001.0001.0001

multilink bundle-name authenticated

!

!

spanning-tree extend system-id

!

!

redundancy

mode none

!

!

cdp run

!

ip tftp source-interface GigabitEthernet0

!

!

!

!

interface Overlay10

no ip address

otv join-interface GigabitEthernet0/0/1

otv vpn-name OTV

no otv suppress arp-nd

otv use-adjacency-server 172.17.54.6 unicast-only

otv adjacency-server unicast-only

service instance 16 ethernet

  description *** 172.17.16.0/24 ***

  encapsulation dot1q 16

  bridge-domain 16

!

service instance 32 ethernet

  description *** 172.17.32.0/24 ***

  encapsulation dot1q 32

  bridge-domain 32

!

service instance 33 ethernet

  description *** 172.17.33.0/24 ***

  encapsulation dot1q 33

  bridge-domain 33

!

!

interface GigabitEthernet0/0/0

description *** OTV Internal Interface connected to 6500 ***

no ip address

negotiation auto

cdp enable

service instance 1 ethernet

  encapsulation untagged

  bridge-domain 1

!

service instance 16 ethernet

  encapsulation dot1q 16

  bridge-domain 16

!

service instance 32 ethernet

  encapsulation dot1q 32

  bridge-domain 32

!

service instance 33 ethernet

  encapsulation dot1q 33

  bridge-domain 33

!       

!

interface GigabitEthernet0/0/1

description *** OTV Join Interface ***

ip address 172.17.54.6 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

negotiation auto

cdp enable

!

interface GigabitEthernet0/0/2

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet0/0/3

no ip address

shutdown

negotiation auto

Although I haven't done unicast config myself with OTV, it looks good to me. You have all the required config in place

http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-adj-server.html

Have you implemented yet?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: