01-05-2014 07:31 PM - last edited on 03-25-2019 04:27 PM by ciscomoderator
I am working on an "OTV on a Stick" configuration and have a couple of questions that I was hoping someone here could help out with.
With "OTV on a Stick" do I need to use two interfaces on the ASR one as the L2 "OTV Internal Interface" and one as the L3 "OTV Join interface"?
I am struggling on how to configure the L2 "Internal Interface" on the ASR for multiple OTV VLANs. I want to configure 3 VLANs for OTV.
It seems like there is barely any configuration examples/documents regarding how to configure OTV on the ASR 1000 routers. This is the only document that I can find:
http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/asr1000/wan-otv-confg.html
Any help would be greatly appreciated.
Thanks,
Steven
Solved! Go to Solution.
01-06-2014 08:10 AM
Steven,
Yes you'll need two interfaces. Below is a sanitized config. Interfaces gi0/0/0 and gi0/0/1 are put into a port channel and are the OTV Join. Interface gi0/0/2 is the dowstream connection to a 5K which houses all the servers.
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname OTV-ASR1K-01
!
boot-start-marker
boot system bootflash:asr1001-universalk9.03.06.01.S.152-2.S1.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa session-id common
!
transport-map type console diagnostic-handler
banner diagnostic ^CCC
**************************************************************
The router is currently in diagnostic mode.
**************************************************************
^C
connection wait none
!
clock timezone CST -6 0
clock summer-time CST recurring
no ip source-route
no ip gratuitous-arps
!
!
!
no ip bootp server
no ip domain lookup
ip domain name otv.com
ip multicast-routing distributed
!
!
!
login block-for 300 attempts 6 within 60
login delay 5
login on-failure log
login on-success log
!
!
!
otv site bridge-domain 998
!
otv site-identifier 0000.0010.0020
multilink bundle-name authenticated
bridge-domain 300
bridge-domain 401
bridge-domain 403
bridge-domain 430
bridge-domain 510
bridge-domain 998
!
!
interface Port-channel1
description Channel OTV JOIN
ip address 10.0.0.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
no negotiation auto
!
interface Overlay10
no ip address
otv control-group 239.1.1.1
otv data-group 239.255.255.0/28
otv join-interface Port-channel1
otv vpn-name COMPANY-OTV
no otv suppress arp-nd
service instance 41 ethernet
description OTV-VMotion-L2-Only
encapsulation dot1q 401
bridge-domain 401
!
service instance 43 ethernet
description CRAZY_VLAN
encapsulation dot1q 430
bridge-domain 430
!
service instance 44 ethernet
description NETAPP-NFS-10.132.31.0/24
encapsulation dot1q 403
bridge-domain 403
!
service instance 300 ethernet
description RANDOM_VLAN-10.30.254.0/24
encapsulation dot1q 300
bridge-domain 300
!
!
interface GigabitEthernet0/0/0
description OTV JOIN INTERFACE
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
negotiation auto
cdp enable
channel-group 1 mode active
!
interface GigabitEthernet0/0/1
description To OTV JOIN INTERFACE
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
negotiation auto
cdp enable
channel-group 1 mode active
!
interface GigabitEthernet0/0/2
description Trunk to N5K-01 [e1/19]
no ip address
speed 1000
no negotiation auto
cdp enable
service instance 13 ethernet
encapsulation untagged
bridge-domain 998
!
service instance 41 ethernet
encapsulation dot1q 401
bridge-domain 401
!
service instance 43 ethernet
encapsulation dot1q 430
bridge-domain 430
!
service instance 44 ethernet
encapsulation dot1q 403
bridge-domain 403
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
!
Hope it helps.
01-05-2014 08:36 PM
Hi Steven,
I think you need 2 interfaces between the ASR1K and the device on other end of the stick.
You can come up with multiple service instances on the L2 interface OTV interface and specify the OTV vlan you want to extend. Under "Configuring a VLAN over an Overlay Interface" one example is shown and you can configure 2 more repeating similar config but providing a different vlan.
Thanks,
Madhu
01-06-2014 08:10 AM
Steven,
Yes you'll need two interfaces. Below is a sanitized config. Interfaces gi0/0/0 and gi0/0/1 are put into a port channel and are the OTV Join. Interface gi0/0/2 is the dowstream connection to a 5K which houses all the servers.
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname OTV-ASR1K-01
!
boot-start-marker
boot system bootflash:asr1001-universalk9.03.06.01.S.152-2.S1.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa session-id common
!
transport-map type console diagnostic-handler
banner diagnostic ^CCC
**************************************************************
The router is currently in diagnostic mode.
**************************************************************
^C
connection wait none
!
clock timezone CST -6 0
clock summer-time CST recurring
no ip source-route
no ip gratuitous-arps
!
!
!
no ip bootp server
no ip domain lookup
ip domain name otv.com
ip multicast-routing distributed
!
!
!
login block-for 300 attempts 6 within 60
login delay 5
login on-failure log
login on-success log
!
!
!
otv site bridge-domain 998
!
otv site-identifier 0000.0010.0020
multilink bundle-name authenticated
bridge-domain 300
bridge-domain 401
bridge-domain 403
bridge-domain 430
bridge-domain 510
bridge-domain 998
!
!
interface Port-channel1
description Channel OTV JOIN
ip address 10.0.0.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
no negotiation auto
!
interface Overlay10
no ip address
otv control-group 239.1.1.1
otv data-group 239.255.255.0/28
otv join-interface Port-channel1
otv vpn-name COMPANY-OTV
no otv suppress arp-nd
service instance 41 ethernet
description OTV-VMotion-L2-Only
encapsulation dot1q 401
bridge-domain 401
!
service instance 43 ethernet
description CRAZY_VLAN
encapsulation dot1q 430
bridge-domain 430
!
service instance 44 ethernet
description NETAPP-NFS-10.132.31.0/24
encapsulation dot1q 403
bridge-domain 403
!
service instance 300 ethernet
description RANDOM_VLAN-10.30.254.0/24
encapsulation dot1q 300
bridge-domain 300
!
!
interface GigabitEthernet0/0/0
description OTV JOIN INTERFACE
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
negotiation auto
cdp enable
channel-group 1 mode active
!
interface GigabitEthernet0/0/1
description To OTV JOIN INTERFACE
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim passive
ip igmp version 3
negotiation auto
cdp enable
channel-group 1 mode active
!
interface GigabitEthernet0/0/2
description Trunk to N5K-01 [e1/19]
no ip address
speed 1000
no negotiation auto
cdp enable
service instance 13 ethernet
encapsulation untagged
bridge-domain 998
!
service instance 41 ethernet
encapsulation dot1q 401
bridge-domain 401
!
service instance 43 ethernet
encapsulation dot1q 430
bridge-domain 430
!
service instance 44 ethernet
encapsulation dot1q 403
bridge-domain 403
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
!
!
Hope it helps.
01-06-2014 10:04 AM
Collin,
Cant thank you enough! This is exactly what I needed and what I was looking for. Seeing this config answers many of my questions.
01-06-2014 10:07 AM
Great. Let me know if you need anything else.
01-06-2014 11:51 AM
Hi Collin,
One quick question regarding the VLANs and their numbering:
service instance 13 ethernet
encapsulation untagged
bridge-domain 998
!
service instance 41 ethernet
encapsulation dot1q 401
bridge-domain 401
!
service instance 43 ethernet
encapsulation dot1q 430
bridge-domain 430
!
service instance 44 ethernet
encapsulation dot1q 403
bridge-domain 403
!
service instance 300 ethernet
encapsulation dot1q 300
bridge-domain 300
I dont quite understand the service instance number and the bridge-domain number. Should these numbers match? And why is service instance 13 tied to vlan 998 and assigned as the native vlan? is it best practice for the site bridge-domain to be configured as the native vlan? Im assuming it doesnt matter as long as the native matches on both sides.
In my case I will be extending the following vlans across OTV
32
33
16
998 will be the site bridge-domain vlan
01-06-2014 12:04 PM
The service instance number and the bridge domain is best to be kept the same, however it doesn't have to... It's just one less confusion if it is kept the same tbh...
Remember that the OTV site vlan should only remain on the LAN side and not on the Overlay interface.
If you are extending vlans 32, 33, 16 you can do this...
interface overlay X
!
service instance 32
encapsulation dot1q 32
bridge-domain 32
!
service instance 16
encapsulation dot1q 16
bridge-domain 16
!
service instance 33
encapsulation dot1q 33
bridge-domain 33
On the trunk interface OTV inside link on the ASR its all the same but obviously including the site vlan which you already have anyway.
conf t
!
int Gix/x/x
!
service instance 32
encapsulation dot1q 32
bridge-domain 32
!
service instance 16
encapsulation dot1q 16
bridge-domain 16
!
service instance 33
encapsulation dot1q 33
bridge-domain 33
!
service instance 13 ethernet
encapsulation untagged
bridge-domain 998
The switch side should probably be native vlan for 998 since its untagged in this scenario, however it can be tagged.
Hope this helps
Please rate useful posts & remember to mark any solved questions as answered. Thank you.
01-06-2014 12:19 PM
In my particular case the service instance and the VLAN's didn't match up. They don't have to match but it makes sense to match them if you can.
01-10-2014 08:56 AM
Here is my config so far on the first ASR router. Hoping someone might give it a quick once over and let me know if they see anythign that stands out:
ASR1002#sh run
Building configuration...
Current configuration : 3480 bytes
!
! Last configuration change at 09:31:38 UTC Fri Jan 10 2014 by presidio
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname ASR1002
!
boot-start-marker
boot system flash bootflash:asr1000rp1-adventerprisek9.03.11.00.S.154-1.S-std.bin
boot system flash
boot-end-marker
!
aqm-register-fnf
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
aaa session-id common
!
!
subscriber templating
!
otv site bridge-domain 1
!
otv fragmentation join-interface GigabitEthernet0/0/1
otv site-identifier 0001.0001.0001
multilink bundle-name authenticated
!
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
cdp run
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
interface Overlay10
no ip address
otv join-interface GigabitEthernet0/0/1
otv vpn-name OTV
no otv suppress arp-nd
otv use-adjacency-server 172.17.54.6 unicast-only
otv adjacency-server unicast-only
service instance 16 ethernet
description *** 172.17.16.0/24 ***
encapsulation dot1q 16
bridge-domain 16
!
service instance 32 ethernet
description *** 172.17.32.0/24 ***
encapsulation dot1q 32
bridge-domain 32
!
service instance 33 ethernet
description *** 172.17.33.0/24 ***
encapsulation dot1q 33
bridge-domain 33
!
!
interface GigabitEthernet0/0/0
description *** OTV Internal Interface connected to 6500 ***
no ip address
negotiation auto
cdp enable
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
!
service instance 16 ethernet
encapsulation dot1q 16
bridge-domain 16
!
service instance 32 ethernet
encapsulation dot1q 32
bridge-domain 32
!
service instance 33 ethernet
encapsulation dot1q 33
bridge-domain 33
!
!
interface GigabitEthernet0/0/1
description *** OTV Join Interface ***
ip address 172.17.54.6 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
cdp enable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
01-10-2014 11:35 PM
Although I haven't done unicast config myself with OTV, it looks good to me. You have all the required config in place
http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-adj-server.html
Have you implemented yet?
Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide