Configuring OTV on a Cisco ASR

During a project I’ve been working on, we needed to configure OTV on a Cisco ASR. I did write a blog for configuring OTV on a Nexus 7000 before (click here) but the configuration on a Cisco ASR router is a bit different. The used technologies and basic configuration steps are equal, but the syntax is different for a few configuration steps .

Unfortunately, the documentation is not as good as for the Nexus 7000. I’ve found one good configuration guide (here) but this guide isn’t covering all. So, it’s a good reason to write a blog post about the basic OTV configuration on a Cisco ASR router.

For more information about OTV, check this website.

First, the network layout for this OTV network.

OTV Network layout

 

As you can see in the diagram, the ASR routers are back-to-back connected. There is no guideline how to connect these routers, as long as there is IP connectivity between them with multicast capabilities and a MTU of atleast 1542 btyes.

OTV configuration on a ASR router REQUIRES you to have at least two physical interfaces. You cannot get OTV working with a one-interface configuration. Reason behind this is simple: the ASR is a router and is because of that unaware about VLANs. Also, the ‘trunk’ configuration on the ASR does not allow you to use subinterfaces.

– Step 1: Join interface configuration on both routers

DC1

interface TenGigabitEthernet0/1/0
 mtu 1542
 ip address 1.1.1.1 255.255.255.252
 ip pim passive
 ip igmp version 3
end

DC2

interface TenGigabitEthernet0/1/0
 mtu 1542
 ip address 1.1.1.2 255.255.255.252
 ip pim passive
 ip igmp version 3
end

The interface configuration is pretty basic. PIM and IGMP are used for multicast traffic for OTV. In our configuration, multicast is being used for MAC advertisements. Your WAN network has to be multicast enabled. Unicast-only is possible, you’ll need a adjacency server¬†for that.

Another important configuration step is to change the MTU. OTV uses a header of 42 bytes, which means that the WAN network has to carry packets of at least 1542 bytes. Make sure your WAN network has a MTU of at least 1542 bytes!

– Step 2: Global configuration

DC1

otv site bridge-domain 11
otv site-identifier 0000.0000.0011

DC2

otv site bridge-domain 12
otv site-identifier 0000.0000.0012

The “Site bridge-domain” defines the site-VLAN. This VLAN is unique per-site and can not be stretched to other datacenters!

The site-identifier is a unique ID for a site (aka.. datacenter).

– Step 3: Overlay configuration

DC1

interface Overlay1
 no ip address
 otv control-group 239.2.3.4
 otv data-group 232.1.1.0/24
 otv join-interface TenGigabitEthernet0/1/0
 no otv suppress arp-nd
 service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
 service instance 20 ethernet
  encapsulation dot1q 20
  bridge-domain 20
 service instance 30 ethernet
  encapsulation dot1q 30
  bridge-domain 30
 service instance 40 ethernet
  encapsulation dot1q 40
  bridge-domain 40
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50
 service instance 60 ethernet
  encapsulation dot1q 60
  bridge-domain 60

DC2

interface Overlay1
 no ip address
 otv control-group 239.2.3.4
 otv data-group 232.1.1.0/24
 otv join-interface TenGigabitEthernet0/1/0
 no otv suppress arp-nd
 service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
 service instance 20 ethernet
  encapsulation dot1q 20
  bridge-domain 20
 service instance 30 ethernet
  encapsulation dot1q 30
  bridge-domain 30
 service instance 40 ethernet
  encapsulation dot1q 40
  bridge-domain 40
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50
 service instance 60 ethernet
  encapsulation dot1q 60
  bridge-domain 60

This is another configuration difference with the Nexus 7000: the service instance. With this configuration, the OTV enabled VLAN’s are defined. In our case, VLAN 10,20,30,40,50,60 are stretched between the datacenters.

– Step 4: Connection to datacenter LAN

DC1

interface TenGigabitEthernet0/2/0
 no ip address
 service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
 service instance 11 ethernet
  encapsulation dot1q 11
  bridge-domain 11
 service instance 20 ethernet
  encapsulation dot1q 20
  bridge-domain 20
 service instance 30 ethernet
  encapsulation dot1q 30
  bridge-domain 30
 service instance 40 ethernet
  encapsulation dot1q 40
  bridge-domain 40
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50

DC2

interface TenGigabitEthernet0/2/0
 no ip address
 service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
 service instance 12 ethernet
  encapsulation dot1q 12
  bridge-domain 12
 service instance 20 ethernet
  encapsulation dot1q 20
  bridge-domain 20
 service instance 30 ethernet
  encapsulation dot1q 30
  bridge-domain 30
 service instance 40 ethernet
  encapsulation dot1q 40
  bridge-domain 40
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50
 service instance 50 ethernet
  encapsulation dot1q 50
  bridge-domain 50

As we know, the ASR is a router, so unaware of VLANs. The get a (required) layer 2 connection to the datacenter LAN, we need to configure service instances on the LAN facing interface. Note: you cannot share this interface with the WAN (join) interface!

This is the OTV configuration. It’s straight forward.

To verify the OTV configuration, use the following commands:

Show otv

Overlay Interface Overlay1
 VPN name                 : None
 VPN ID                   : 1
 State                    : UP
 AED Capable              : Yes
 IPv4 control group       : 239.2.3.4
 Mcast data group range(s): 232.1.1.0/23
 Join interface(s)        : TenGigabitEthernet0/1/0
 Join IPv4 address        : 1.1.1.1
 Tunnel interface(s)      : Tunnel0
 Encapsulation format     : GRE/IPv4
 Site Bridge-Domain       : 11
 Capability               : Multicast-reachable
 Is Adjacency Server      : No
 Adj Server Configured    : No
 Prim/Sec Adj Svr(s)      : None

Show otv route

Codes: BD - Bridge-Domain, AD - Admin-Distance,
       SI - Service Instance, * - Backup Route

OTV Unicast MAC Routing Table for Overlay1

 Inst VLAN BD     MAC Address    AD    Owner  Next Hops(s)
----------------------------------------------------------
 0    20   20     0050.56aa.217a 40    BD Eng Te0/2/0:SI99
 0    20   20     0050.56aa.38f1 40    BD Eng Te0/2/0:SI99
 0    20   20     0050.56aa.4fcb 40    BD Eng Te0/2/0:SI99
 0    20   20     0050.56ca.65df 40    BD Eng Te0/2/0:SI99
 0    20   20     0050.5b39.1533 40    BD Eng Te0/2/0:SI99
 0    20   20     00a0.8e42.1d49 40    BD Eng Te0/2/0:SI99
 0    20   20     c08c.6428.4b94 50    ISIS   hostname
 0    10   10    0010.daff.601b 40    BD Eng Te0/2/0:SI406

Show otv summary

OTV Configuration Information, Site Bridge-Domain: 11

Overlay VPN Name             Control Group   Data Group(s)      Join Interface   State
1       None                 239.2.3.4     232.1.1.0/23       Te0/1/0          UP
Total Overlay(s): 1

That’s it!