ASR1000 OTV Deployment Modes (OTV Appliance on a Stick)

Transcription

1

2 ASR1000 OTV Deployment Modes (OTV Appliance on a Stick) UMA SANKAR MOHANTY, Technical Services

3 Agenda The WW(WHAT & WHY) of OTV Role of ASR1000 in OTV Deployments OTV on STICK Health Check Packet Tracer The Rescuer Configuration Key Takeaways Q & A

4 The WW(WHAT & WHY) of OTV

5 OTV Overlay Transport Virtualisation Simplifying Data Centre Interconnect Any Workload Anytime Anywhere 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 Session Objectives This session focuses on: Architectural aspects and deployment benefits of OTV. How to deploy OTV on a STICK on ASR1000. By the end, I expect each of us in this room to get a better understanding on how the OTV control-plane and data-plane work to provide the VLAN extension in unicast mode Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 What this does not include In depth discussion of Path Optimisation technologies (DNS, LISP, etc.) Storage extension considerations associated to DCI deployments Workload mobility application specific deployment considerations 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 Distributed Data Center Goals Ensure business continuity Distributed applications Seamless workload mobility Maximise compute resources 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Current Data Center Solutions VPLS EoMPLS L2TPv3 MPLS 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Challenges in Traditional Layer 2 VPNs Flooding Behaviour Pseudo-wire Maintenance Multi-Homing - Unknown Unicast for MAC propagation - Unicast Flooding reaches all sites - Full mesh of Pseudo-wire - Requires additional is complex Protocols & extends STP - Head-End replication is - Malfunctions impacts a common problem multiple sites - For N sites, there will be N*(N-1)/2 pseudo-wires. Complex to add and remove sites 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 No Pseudo-Wire State Maintenance Optimal Multicast Replication Dynamic Encapsulation Multipoint Connectivity Point-to-Cloud Model 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Preserve Failure Boundary Built-in Loop Prevention Protocol Learning Automated Multi-Homing Site Independence 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 OTV Overlay Transport Virtualisation Simplifying Data Centre Interconnect Any Workload Anytime Anywhere OTV on ASR 1000 is supported starting 3.5 XE Release 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 L2 Technology Comparison Feature Comparison EoMPLS VPLS IP PW (L2TPv3) OTV Core Transparency MPLS MPLS IP unicast IP unicast & multicast Multi-point Connectivity Point-to-Point (interconnect 2 sites) Full mesh Point-to-Point (interconnect 2 sites) Point-to-cloud Multi-homing No Static with BGP No Built-in Optimal BW utilization No standby circuits Standby circuits Standby circuits All paths active Loop prevention Point-to-Point Large STP Point-to-Point Built-in Optimal traffic handling Flooding Head-end replication / MLSP Flooding Flooding Native multicast No flood Circuit Scalability Poor Poor Poor Packet Switched Manageability Maturity, Standards and Interop Config intensive add/deletes Many protocols Config intensive add/deletes Config intensive add/deletes Single protocol, Minimal config RFC RFC RFC Collection of standards (IETF Draft) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 Terminology OTV Devices Edge Device Performs all OTV functionality Usually located at the Aggregation Layer or at the Core Layer Support for multiple OTV Edge Devices (multi-homing) in the same site Internal Interface OTV Edge Device OTV Internal Interfaces OTV Edge Device Core Device Aggregation Device Site facing Interfaces of the Edge Devices Carry VLANs extended through OTV Regular Layer 2 interfaces No OTV configuration required Supports IPv4 & IPv6 OTV Internal Interface OTV Join Interface OTV Overlay Interface 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 Terminology OTV Interfaces Join Interface Uplink of the Edge Device Point-to-point routed interface (physical interface, sub- interface or port-channel supported) Used to physically join the Overlay network No OTV specific configuration required IPv4 only Overlay Interface OTV Edge Device OTV Join Interface Core Device Aggregation Device Overlay Interface Virtual interface with most of the OTV configuration Logical multi-access multicast-capable interface Encapsulates Layer 2 frames in IP unicast or multicast OTV Internal Interface OTV Join Interface OTV Overlay Interface 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 OTV Control Plane Building the MAC Tables Control Plane learning with proactive MAC advertisement Background process with no specific configuration IS-IS protocol used between OTV Edge Devices Prevents unknown unicast flooding OTV MAC Address Advertisements OTV West IP A IP B East OTV South 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 OTV Control Plane Neighbour Discovery and Adjacency Formation Before any MAC address can be advertised the OTV Edge devices must Discover each other Build a neighbour relationship with each other Neighbour Relationship built over a transport infrastructure Multicast-enabled (all shipping releases) Unicast-only (from IOS-XE 3.9 release) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 OTV Control Plane Neighbour Discovery (Over Multicast Transport) OTV Control Plane OTV Multicast-enable Transport OTV OTV Control Plane West IP A IP B East Mechanism Edge Devices (EDs) join an multicast group in the transport, as they were hosts (no PIM on EDs) OTV hellos and updates are encapsulated in the multicast group End Result Adjacencies are maintained over the multicast group A single update reaches all neighbours 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 Multicast Transport OTV Control and Data Plane over Multicast Transport Use a High-Available Multicast Rendez-Vous Point (RP)configuration PIM Anycast (RFC4610) or MSDP (Multicast Source Discovery Protocol) Requirements to Control Plane PIM Any-Source-Multicast (ASM) Sparse-Mode Requirements to Data Plane PIM Source-Specific-Multicast (SSM) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 Router Router Router OTV Control Plane ( Multicast Transport) NeighbourIP Addr NeighbourIP Addr West IP A OTV Hello OTV Control Plane West OTV IP A Multicast-enabled Transport IP B OTV East OTV Control Plane OTV Hello OTV Hello IP A G Decap IGMP Join G IGMP Join G Encap OTV Hello IP A G All edge devices join OTV Hello IP A G OTV control-group G Multicast state for group G established throughout transport Decap OTV IGMP Join G IP C Transport Natively replicates multicast to all OIFs OTV Control Plane South OTV Hello NeighbourIP Addr West IP A 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 Router Router Router OTV Control Plane ( Multicast Transport) NeighbourIP Addr South IP C NeighbourIP Addr West IP A South IP C OTV Control Plane West OTV IP A Multicast-enabled Transport IP B OTV Decap East OTV Control Plane OTV Hello Decap OTV Hello OTV Hello IP C G OTV Hello IP C G Bidirectional Adjacency formed The South creates its hello with West Address s in the TLV OTV Control Plane Encap NeighbourIP Addr West IP A OTV IP C OTV Hello South IP C G 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 Router Router Router OTV Control Plane ( Multicast Transport) Update A OTV OTV Craft OTV update with new MACs Update A West MAC Table IP A GIP A Encap Vlan MAC IF 100 A gi0/1 110 B gi0/1 120 C gi0/1 Multicast-Enabled Transport Update A Update A IP A G IP B Update A Decap IP A G East MAC Table Vlan MAC IF 100 A IP A 110 B IP A 120 C IP A New MACs learned in VLANs that are OTV extended Decap OTV IP C MAC Table Vlan MAC IF 100 A IP A Added MACs learned through OTV Update A South 110 B IP A Added MACs 120 C IP A learned through OTV 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 OTV Control Plane Neighbour Discovery (Unicast-only Transport) Ideal for connecting a small number of sites With a higher number of sites a multicast transport is the best choice OTV OTV Control Plane Unicast-only Transport OTV OTV Control Plane West IP A IP B East Mechanism Edge Devices (EDs) register with an Adjacency Server ED EDs receive a full list of Neighbours (onl) from the AS OTV hellos and updates are encapsulated in IP and unicast to each neighbor. End Result Neighbour Discovery is automated by the Adjacency Server All signalling must be replicated for each neighbour Data traffic must also be replicated at the head-end 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 OTV Control Plane CLI Verification Establishment of Control plane adjacencies between OTV Edge Devices (Multicast or Unicast Transport) : LEFT-ASR#show otv adjacency Overlay Adjacency Database for overlay 1 Hostname System-ID Dest Addr Site-ID Up Time State RIGHT-ASR 4403.a7d3.cf :31:40 UP Unicast MAC reachability information : LEFT-ASR#sh otv route OTV Unicast MAC Routing Table for Overlay1 Inst VLAN BD MAC Address AD Owner Next Hops(s) bf.c8c0 40 BD Eng Gi0/0/1:SI a.8b ISIS RIGHT-ASR d0d0.fd5a.a9a8 40 BD Eng Gi0/0/1:SI d0d0.fd5a.a9a9 50 ISIS RIGHT-ASR 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 OTV Data Plane OTV 1.0 Encapsulation 42 Bytes overhead to the packet IP MTU size (IPv4 packet) Outer IP + OTV Shim - Original L2 Header (w/out the.1q header) 802.1Q header is removed and VLAN field copied over to the OTV shim header Outer OTV shim header contains VLAN, overlay number, etc. Consider Jumbo MTU Sizing 802.1Q header removed 802.1Q 802.1Q 802.1Q DMAC SMAC Etype Payload CRC Original Layer 2 Frame Classic Ethernet Frame OTV 1.0 Frame Outer MAC Outer IP OTV Shim DMAC SMAC Etype Payload CRC (new) 14B 20B 8B 14B 20B + 8B + 14B* = 42 Bytes of total overhead Payload 4B * The 4 Bytes of.1q header have already been removed 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Spanning-Tree and OTV Site Independence Site transparency: no changes to the STP topology Total isolation of the STP domain Default behaviour: no configuration is required BPDUs sent and received ONLY on Internal Interfaces The BPDUs stop here OTV OTV L3The BPDUs stop here L Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Unknown Unicast and OTV No Longer Unknown Unicast Storms Across the DCI VLAN MAC TABLE MAC MAC 1 MAC 2 - IF Eth1 IP B - No requirements to forward unknown unicast frames Assumption: end-host are not silent or uni-directional Default behaviour: no configuration is required No MAC 3 in the MAC Table No MAC 3 in the MAC 1 MAC Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 Controlling ARP Traffic ARP Neighbour-Discovery (ND) Cache ARP cache maintained in Edge Device by snooping ARP replies First ARP request is broadcasted to all sites. Subsequent ARP requests are replied by local Edge Device ARP suppression can be disabled Timeout can be adjusted Drastic reduction of ARP traffic on DCI IPv4 only feature Default behaviour: no configuration is required OTV-a(config)# interface overlay 1 OTV-a(config-if-overlay)# no otv surpress-arp-nd # Allows ARP requests over an overlay network and disables ARP caching on edge devices. This command does not support IPv6. OTV-a(config)# interface overlay 1 OTV-a(config-if-overlay)# otv arp-nd timeout 70 # Configures the time, in seconds, that an entry remains in the ARP-ND cache. The time is in seconds varying from 60 to The default timeout value is 480 seconds Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 OTV Multi-homing Fully Automated Multi-homing No additional protocols required (i.e. BGP) OTV site-vlan used to discover OTV neighbour in the same site Authoritative Edge Device (AED) Election takes place Extended VLANs are split across the AEDs The AED is responsible for: MAC address advertisement for its VLANs Forwarding its VLANs traffic inside and outside the site AED Site Adjacency AED Site Adjacency used for AED election 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 Hardened Multi-homing Introducing OTV Site-identifier Same site devices must use common site-identifier Site-id information is included in the control plane Makes OTV multi-homing more robust and resilient Site Adjacency and Overlay Adjacency are now both leveraged for AED election AED Overlay Adjacency AED An overlay will not come up until a site-id is configured. Site Adjacency L3 L2 feature otv otv site-identifier 0x1 otv site-vlan Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 OTV Multi-homing VLANs Split across AEDs Automated and deterministic algorithm In a dual-homed site: Lower IS-IS System-ID (Ordinal 0) = EVEN VLANs Higher IS-IS System-ID (Ordinal 1) = ODD VLANs RemoteOTVDevice MACTable VLA N MAC IF 100 MAC1 IPA 101 MAC2 IPB OTV-a# show otv vlan OTV Extended VLANs and Edge Device State Information (* - VLAN Auth. Edge Device Vlan State Overlay East-b inactive(non AED) Overlay * East-a active Overlay East-b inactive(non AED) Overlay100 AED) AED ODD VLANs IP A OTV Overlay Adjacency Site Adjacency IP B AED EVEN VLANs OTV-b# show otv vlan OTV Extended VLANs and Edge Device State Information (* - AED) VLAN * * Auth. Edge Device East-b East-a East-b Vlan State active inactive(non AED) active Overlay Overlay100 Overlay100 Overlay Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Role of ASR1000 in OTV Deployments

34 OTV use cases and deployments Brownfield deployments Legacy deployments with Nexus 7000 in new datacenter and Cat6000 in another datacenter ASR1000 would attach to the Cat6000 to provide OTV functionality at existing datacenter Greenfield Deployment New smaller datacenter (small to medium size) using ASR1000 OTV with Encryption ASR1000 provides OTV transport as well as encryption via IPSec or GETVPN Single box solution without added complexity 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 OTV brownfield deployments Legacy deployments where a customer deploys N7k in new DC and keeps Cat6ks in another DC. Often customers keep switching hardware for 6-7 years and so it is not always practical to upgrade to the N7k L3 forwarding ASR1k would plug into the Cat6k to provide OTV functionality at that DC Cat6k running VPLS connects to ASR1K via L2 internal link and uses ASR1K as OTV/DCI gateway to get to N7K. VPLS and OTV domains are connected. Deployed at one site. ASR1000 OTV Catalyst Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 OTV greenfield deployments Building a New Small Data Center (branch site) using asr1000 N7k will be used in the main Site Hosts asr1 asr2 asr3 asr4 Hosts Topology: Site 2 ASR1k (small DC)-core-ASR1k (small DC) ASR1k (small DC)-core-N7k (large DC) n7k1 n7k2 The Data Center size (small/medium/large) is defined by the throughput performance IP/MPLS Core network has to support multicast Site 3 Hosts 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 OTV Use Case#3 OTV with Encryption Customers requiring DCI encryption can deploy ASR1ks at the edge of the DC ASR1k in this case provides OTV transport as well as encryption via IPSec or GET VPN Single box solution without added complexity Topology can be ASR1k (small DC)-ASR1k (small DC) or ASR1k can run IPSec or GETVPN with OTV, N7k will run OTV and IPsec will be terminated in encryption device sitting in front of N7k 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 OTV Deployment Models Two different deployment models are considered for OTV: OTV Appliance on a Stick Inline OTV Appliance // bridging service Common Uplinks to Transport For Layer3 and DCI Dedicated Uplink for DCI Uplinks to the Layer3 Transport OTV SVIs L3 L2 WAN: ES40/SIP, HQoS, Crypto Cost effective LAN density, Bridging OTV SVIs L3 L2 L2: OTV internal Interface 10GE OTV Appliance on a Stick L3: OTV external Interface 10GE L3 Join Interface L2 Internal Interface L3: OTV external Interface 10GE WAN: H-QoS, Crypto, 10GE Inline OTV Appliance L2: OTV internal Interface 10GE 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 OTV on STICK

40 A common set of Uplink used for both routing & DCI extension. OTV on STICK No changes to the Existing topology Hassle free Implementation without any Downtime 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 Route switch processor Fibre channel switch Fibre channel switch Route switch processor Existing Topology SITE- A INTERNET SITE- B EDGE DEVICE EDGE DEVICE 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Router Route switch processor Route switch processor Router OTV on STICK SITE- A L2 INTERNET OTV SITE- B L2 EDGE DEVICE EDGE DEVICE ASR1000 L3 L3 ASR1000 L3 L Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 Router Route switch processor Route switch processor Router Packet Flow SITE- A SITE- B MAC A B C D IF eth1 eth1 IP B IP B L2 MAC B MAC D INTERNET OTV L2 MAC A B C D IF IP A IP A Eth1 Eth1 MAC B MAC D IP A B MAC B MAC D IP A L3 L3 IP B Encap Decap A B MAC B MAC D C D L3 L Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 FHRP Isolation (recommended) OTV filter-fhrp is used to avoid non-optimal routing in scenarios where in HSRP(Active-Standby) state is established over the Overlay Tunnel. It s advised to use FHRP isolation mode: HSRP Active / Active. The filtering is required to allow for the existence of the same default gateway in different locations and optimize the outbound traffic flows (server to client direction) Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 FHRP Isolation (Configuration) OTV configuration: otv filter-fhrp under overlay interface this is to block hsrp control packets mac access-list to filter fhrp macs on internal interface this is to block hsrp vmac entries since mac learning is in dataplane e.g. Interface overlay1 otv filter-fhrp! mac access-list extended otv_filter_fhrp deny c07.ac ff any deny c9f.f fff any deny 0007.b ff.ffff any deny e ff any permit any any! interface Port-channel10 description *** OTV internal interface *** No ip address <Snipped> mac access-group otv_filter_fhrp in 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Health Check

47 Health Check Show otv Show otv detail Show otv adjacency Show otv route Show otv route bridge domain <vlan-id> Show bridge-domain <vlan-id> Show l2fib bridge-domain <vlan-id> table unicast Show otv isis rib redistribution mac 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 Sample Outputs LEFT-ASR#sh otv detail Overlay Interface Overlay1 VPN name : None VPN ID : 1 State : UP Fwd-capable : Yes Fwd-ready : Yes AED-Server : Yes Backup AED-Server : No AED Capable : Yes Join interface(s) : GigabitEthernet0/0/2 Join IPv4 address : Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 20 Capability : Unicast-only Is Adjacency Server : Yes Adj Server Configured : No Prim/Sec Adj Svr(s) : None OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 LEFT-ASR#sh otv adjacency Overlay Adjacency Database for overlay 1 Hostname System-ID Dest Addr Site-ID Up Time State RIGHT-ASR 4403.a7d3.cf d03h UP LEFT-ASR#sh otv route Codes: BD - Bridge-Domain, AD - Admin-Distance, SI - Service Instance, * - Backup Route OTV Unicast MAC Routing Table for Overlay1 Inst VLAN BD MAC Address AD Owner Next Hops(s) bf.c8c0 40 BD Eng Gi0/0/1:SI a.8b ISIS RIGHT-ASR d0d0.fd5a.a9a8 40 BD Eng Gi0/0/1:SI d0d0.fd5a.a9a9 50 ISIS RIGHT-ASR <Snipped> 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

50 LEFT-ASR#sh bridge-domain 10 Bridge-domain 10 (2 ports in all) State: UP Mac learning: Enabled Aging-Timer: 1800 second(s) GigabitEthernet0/0/1 service instance 10 Overlay1 service instance 10 AED MAC address Policy Tag Age Pseudoport 1 D0D0.FD5A.A9A8 forward dynamic_c 1528 GigabitEthernet0/0/1.EFP10 1 D0D0.FD5A.A9A9 forward static_r 0 OCE_PTR:0x8c538c A.8B forward static_r 0 OCE_PTR:0x8c538c BF.C8C0 forward dynamic_c 1399 GigabitEthernet0/0/1.EFP10 1 FFFF.FFFF.FFFF flood static 0 OLIST_PTR:0x89c Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 Packet Tracer The Rescuer

52 Packet Tracer The Rescuer The Cisco Packet tracer feature available on IOS-XE versions 3.10 later, helps us identify the Datapath of a particular packet. Easy to use. Traces the Path of the packet or Feature Invocation Array (FIA) Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Packet Tracer Configuration Step 1: Clear the previous packet tracer configuration using the below command clear platform condition all clear platform packet-trace statistics clear platform packet-trace configuration Step 2: Configure the ACL for specific traffic which you want to see packet flow. Let s say you have created the ACL name TAC debug platform condition interface <interface> ipv4 access-list <ACL-name> ingress debug platform condition start debug platform packet-trace packet 64 debug platform packet-trace enable Step 3: To see the o/p show platform packet-trace summary show platform packet-trace packet <Packet number> 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 Ingress Captures LEFT-ASR#debug platform condition interface gigabitethernet 0/0/1 efp-id 10 ingress LEFT-ASR#debug platform condition start LEFT-ASR#debug platform packet-trace packet 64 fia-trace circular data-size 4096 LEFT-ASR#debug platform packet-trace enable LEFT-ASR#sh plat packet-trace summary Pkt Input Output State Reason 0 Gi0/0/1.EFP10 internal0/0/rp:0 PUNT 73 (STP BPDU's) 1 Gi0/0/1.EFP10 Gi0/0/2 FWD 2 Gi0/0/1.EFP10 Gi0/0/2 FWD 3 Gi0/0/1.EFP10 Gi0/0/2 FWD 4 Gi0/0/1.EFP10 Gi0/0/2 FWD 5 Gi0/0/1.EFP10 Gi0/0/2 FWD 6 Gi0/0/1.EFP10 internal0/0/rp:0 PUNT 73 (STP BPDU's) 7 Gi0/0/1.EFP10 internal0/0/rp:0 PUNT 73 (STP BPDU's) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 LEFT-ASR-BUGGER#sh plat packet-trace packet 1 Packet: 1 CBUG ID: 540 Summary Input : GigabitEthernet0/0/1.EFP10 Output : GigabitEthernet0/0/2 State : FWD Timestamp Start : ns (05/27/ :41: UTC) Stop : ns (05/27/ :41: UTC) Path Trace Feature: IPV4 Source : Destination : Protocol : 1 (ICMP) Feature: FIA_TRACE Entry : 0x c - DEBUG_COND_INPUT_PKT Lapsed time: 533 ns <Snipped> Lapsed time: 1084 ns Feature: FIA_TRACE Entry : 0x IPV4_INPUT_GOTO_OUTPUT_FEATURE Lapsed time: 551 ns Feature: OTV OTV Pkt Type : OTV L3 packet Source IP : a0a0a0a Destination IP : a0a0a0b Instance ID : 0 Reason : Normal OTV packet Contd 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Feature: FIA_TRACE Entry : 0x802b62e4 - OTV_EFP_OUTPUT_PROCESS Lapsed time: 7324 ns <Snipped> Feature: FIA_TRACE Entry : 0x806e9aa4 - IPV4_OUTPUT_ACL Lapsed time: 1066 ns Feature: OTV OTV Pkt Type : OTV L3 packet Source IP : a0a0a0a Destination IP : a0a0a0b Instance ID : 0 Reason : Normal OTV packet Feature: FIA_TRACE Entry : 0x802b339c - OTV_INTF_OUTPUT_PROCESS Lapsed time: 6577 ns Feature: FIA_TRACE Entry : 0x8067f36c - OTV_INTF_OUTPUT_GOTO_OUTPUT_FEATURE Lapsed time: 408 ns <Snipped> 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Egress Captures LEFT-ASR-BUGGER#sh platform packet-trace packet 1 Packet: 1 CBUG ID: 598 Summary Input : GigabitEthernet0/0/1.EFP10 Output : GigabitEthernet0/0/2 State : FWD Timestamp Start : ns (05/27/ :13: UTC) Stop : ns (05/27/ :13: UTC) Path Trace Feature: IPV4 Source : Destination : Protocol : 1 (ICMP) Feature: OTV OTV Pkt Type : OTV L3 packet Source IP : a0a0a0a Destination IP : a0a0a0b Instance ID : 0 Reason : Normal OTV packet Feature: FIA_TRACE Entry : 0x802b62e4 - OTV_EFP_OUTPUT_PROCESS Lapsed time: 6648 ns <Snipped> Feature: OTV OTV Pkt Type : OTV L3 packet Source IP : a0a0a0a Destination IP : a0a0a0b Instance ID : 0 Reason : Normal OTV packet Feature: FIA_TRACE Entry : 0x802b339c - OTV_INTF_OUTPUT_PROCESS Lapsed time: 6542 ns <Snipped> 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Configuration

59 OTV Overlay Sample Configuration VLAN used within the Site for communication between the site s Edge Devices. Global Configuration : 32 bit identifier. Should be unique per DC site. used in the AED election. otv site bridge-domain 20 otv site-identifier Interface Configuration : interface Overlay1 no ip address otv join-interface < Intf-Name > otv adjacency-server unicast-only service instance <id> ethernet encapsulation dot1q 10 bridge-domain 10 VLAN s being extended by OTV 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 OTV on Stick Sample Configuration Site - A Site - B LEFT-ASR#sh run int gi0/0/1 Building configuration... Current configuration : 225 bytes! interface GigabitEthernet0/0/1 no ip address negotiation auto service instance 10 ethernet encapsulation dot1q 10 bridge-domain 10! service instance 20 ethernet encapsulation dot1q 20 bridge-domain 20! LEFT-ASR#sh run int gi0/0/1.100 Building configuration... Current configuration : 110 bytes! interface GigabitEthernet0/0/1.100 encapsulation dot1q 1 native ip address end Join Interface RIGHT-ASR#sh run int gi0/1/0 Building configuration... Current configuration : 225 bytes! interface GigabitEthernet0/1/0 no ip address negotiation auto service instance 10 ethernet encapsulation dot1q 10 bridge-domain 10! service instance 20 ethernet encapsulation dot1q 20 bridge-domain 20! RIGHT-ASR#sh run int gi0/1/0.100 Building configuration... Current configuration : 110 bytes! interface GigabitEthernet0/1/0.100 encapsulation dot1q 1 native ip address end 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 Site - A Site - B LEFT-ASR#sh run int overlay 1 Building configuration... Current configuration : 198 bytes! interface Overlay1 no ip address otv join-interface GigabitEthernet0/0/1.100 otv adjacency-server unicast-only service instance 10 ethernet encapsulation dot1q 10 bridge-domain 10! end RIGHT-ASR#sh run int overlay 1 Building configuration... Current configuration : 214 bytes! interface Overlay1 no ip address otv join-interface GigabitEthernet0/1/0.100 otv use-adjacency-server unicastonly service instance 10 ethernet encapsulation dot1q 10 bridge-domain 10! end 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 Key Takeaways

63 Key Takeaways OTV Changes the Game. Dynamic Encapsulation Protocol Learning Key role of ASR1000 in OTV Deployments Deployment Modes OTV on Stick OTV Inline OTV on STICK Model Hassle free Implementation and No changes to the existing topology. Health check Use of Packet tracer for the ease of troubleshooting Sample config for OTV on Stick Deployment 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 Q & A

65 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

66 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 Please join us for the Service Provider Innovation Talk featuring: Yvette Kanouff Senior Vice President and General Manager, SP Business Joe Cozzolino Senior Vice President, Cisco Services Thursday, July 14 th, :30 am - 12:30pm, In the Oceanside A room What to expect from this innovation talk Insights on market trends and forecasts Preview of key technologies and capabilities Innovative demonstrations of the latest and greatest products Better understanding of how Cisco can help you succeed Register to attend the session live now or watch the broadcast on cisco.com

68 Thank you

69