Thursday, November 29, 2018

Introduction to Overlay Transport Virtualization (OTV)


Overlay Transport Virtualization is a MAC-in-IP tunneling mechanism to extend Ethernet LAN over IP based WAN cloud without any need to maintain stateful tunnel between edge devices. While VPLS can be used to connect Ethernet LAN over WAN cloud, it poses scalability challenges for Datacenter Interconnection due to below reasons:

  •  Unknown Unicast MAC traffic are flooded to all remote PE devices
  •  Require full mesh of pseudowire between PE devices.

How OTV works?


  • Each OTV instance will be enabled with Multicast group address unique within WAN cloud. ASM or SSM can be used in the core WAN cloud.
  • Each OTV edge devices will join this multicast group so that any packet send by other OTV edge device (part of same OTV instance) over this tree will be received by other OTV routers.
  • ISIS hellos will be exchanged over the established multicast tree. Each OTV router will be listed as ISIS neighbor as if they were connected over a shared LAN.
  • OTV edge device will perform dataplane learning for any L2 frames received from bridge-domain. Bridge-domain is the L2 interface (or EVC) connecting the LAN side of customer site.
  • OTV routers will signal the MAC details learnt bridge-domain via ISIS LSP to other OTV routers.
  • Any L2 frame received from bridge-domain with multicast or broadcast MAC address will be unicasted via IP cloud to other OTV routers.
  • Any L2 frame received from bridge-domain with unicast MAC and if the MAC entry is not in local forwarding table, it will be dropped. This is different from the actual L2 behavior of flooding unknown unicast MAC.
 


Show otv
           - Check the status of OTV




OTV1#show otv
Overlay Interface Overlay2
 VPN name                 : None
 VPN ID                   : 3
 State                    : UP       
 AED Capable              : Yes 
 IPv4 control group       : 239.1.1.1
 Mcast data group range(s): 232.192.1.0/24
 Join interface(s)        : GigabitEthernet0/0/0
 Join IPv4 address        : 10.1.12.3
 Tunnel interface(s)      : Tunnel1
 Encapsulation format     : GRE/IPv4
 Site Bridge-Domain       : 29
 Capability               : Multicast-reachable
 Is Adjacency Server      : No
 Adj Server Configured    : No
 Prim/Sec Adj Svr(s)      : None

OTV1#




Tips:


     - If State is down, check if overlay interface is admin down.

     - If AED capable is No, check Table 1.

 Table 1.

Reason
Description
overlay DIS not elected
      Multicast routing not enabled for global table.
       Missing otv data-group under interface overlay <>
Interface overlay 1
Otv data-group <>

      Missing otv control-group under interface overlay <>
Interface overlay 1
Otv control-group <>

      Missing OTV join interface
Interface overlay 1
Otv join-interface <>

      No OTV ISIS neighbor over overlay tunnel
Check core multicast and see if traffic is sent and received on S,G where S is OTV join interface and G is OTV control-group address.
site interface not up
      Missing  OTV site bridge-domain
Otv site bridge-domain
site id not configured
       Missing OTV site identifier
otv site-identifier <>




show otv isis neighbor

-               - Check if all local OTV routers (using same otv site-identifier) are listed as neighbor under “Tag Site”
-               - Check if all remote OTV routers (using different otv site-identifier) are listed as neighbor under “Tag Overlay”.

In the above topology, OTV1 is single homed connection and so no neighbor seen under Tag Site:

OTV1#show otv isis neighbors

Tag Overlay2:
System Id      Type Interface   IP Address      State Holdtime Circuit Id
ASR3           L1   Ov2         10.1.35.5       UP    9        ASR3.01           
ASR2           L1   Ov2         10.1.34.4       UP    24       ASR3.01           

Tag Site:
System Id      Type Interface   IP Address      State Holdtime Circuit Id
OTV1#

ASR2 and ASR3 are in multihomed site and so will list each other as neighbor under Tag Site:
ASR3#show otv isis neighbors

Tag Overlay1:
System Id      Type Interface   IP Address      State Holdtime Circuit Id
OTV1           L1   Ov1         10.1.12.3       UP    24       ASR3.01           
ASR2           L1   Ov1         10.1.34.4       UP    26       ASR3.01           

Tag Site:
System Id      Type Interface   IP Address      State Holdtime Circuit Id
30E4.DBB7.9000 L1   OTV-Site                    UP    29       ASR3.01           
ASR3#

Tips:
If any of the remote OTV end device is not listed as OTV isis neighbor, perform multicast troubleshooting for (S,G) where S is “otv join interface” of remote OTV router and group is “otv control-group” address.

Show otv vlan
-          To check the bridge-domain associated with overlay and to check the AED (forwarder)
-          When more than one OTV router is connected to same site (with same otv site-identifier), only one router will be selected as AED for each bridge-domain.
-          In this topology, ASR2 and ASR3 connected to same site. ASR2 act as AED (forwarder).
OTV1 is single homed router and so will be selected as AED for all VLANs.

OTV1#show otv vlan
Key:  SI - Service Instance

Overlay 2 VLAN Configuration Information
 Inst VLAN  Bridge-Domain  Auth  Site Interface(s)
 0    298   298            yes   Gi0/0/1:SI298
 0    299   299            yes   Gi0/0/1:SI299
 0    398   398            yes   Gi0/0/1:SI398
 0    399   399            yes   Gi0/0/1:SI399
 Total VLAN(s): 4
 Total Authoritative VLAN(s): 4

OTV1#

ASR2#show otv vlan
Key:  SI - Service Instance

Overlay 1 VLAN Configuration Information
 Inst VLAN  Bridge-Domain  Auth  Site Interface(s)
 0    298   298            yes   Gi0/0/1:SI298
 0    398   398            yes   Gi0/0/1:SI398
 0    399   399            no    Gi0/0/1:SI399
 Total VLAN(s): 3
 Total Authoritative VLAN(s): 2

ASR2#

ASR3#show otv vlan
Key:  SI - Service Instance

Overlay 1 VLAN Configuration Information
 Inst VLAN  Bridge-Domain  Auth  Site Interface(s)
 0    298   298            no    Gi0/0/1:SI298
 0    398   398            no    Gi0/0/1:SI398
 0    399   399            yes   Gi0/0/1:SI399
 Total VLAN(s): 3
 Total Authoritative VLAN(s): 1

ASR3#

Tips:
When more than one OTV router shows as AED,
-          Check if otv site-identifier is same on routers connecting same site.
-          Check if ISIS neighborship between same site OTV routers are up via otv site bridge-domain (It should be listed as neighbor under “Tag Site”)

When any vlan is not listed in this output,
-          Check if  “bridge-domain ” is enabled under overlay interface service instance.

Show bridge-domain

-          Check if the MAC address is via dataplane learning.
-          By default AED should have FFFF.FFFF.FFFF listed as static
-          Any MAC learnt from EVC should be listed as dynamic
-          Non-AED router will not have the flood entry.

ASR2#show bridge-domain 298
Bridge-domain 298 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 1800 second(s)
    GigabitEthernet0/0/1 service instance 298
    Overlay1 service instance 298
   MAC address    Policy    Tag     Age Pseudoport
   0017.5A66.88E0 forward static_r    0 OCE_PTR:0x8bb8a440
   0015.FA20.A196 forward dynamic_c 1799 GigabitEthernet0/0/1.EFP298
   FFFF.FFFF.FFFF flood   static      0 OLIST_PTR:0x8bb50680

ASR2#

ASR3#show bridge-domain 298
Bridge-domain 298 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 1800 second(s)
    GigabitEthernet0/0/1 service instance 298
    Overlay1 service instance 298
   MAC address    Policy    Tag     Age Pseudoport
   30E4.DBB7.903C forward dynamic   1778 GigabitEthernet0/0/1.EFP298
   0017.5A66.88E0 forward dynamic   1796 GigabitEthernet0/0/1.EFP298
   0015.FA20.A196 forward dynamic   1795 GigabitEthernet0/0/1.EFP298

ASR3#

Tips:
            -     If any MAC is not listed which is expected to be learnt from bridge-domain
-          Perform L2 troubleshooting on the LAN to make sure the frame is received by this router.



show otv route
-          List all the locally learnt MAC from bridge-domain
-          List all MAC learnt via ISIS from OTV neighbors
-          Non-AED will not have any route.


ASR2#show otv route                 

Codes: BD - Bridge-Domain, AD - Admin-Distance,
       SI - Service Instance, * - Backup Route

OTV Unicast MAC Routing Table for Overlay1

 Inst VLAN BD     MAC Address    AD    Owner  Next Hops(s)
----------------------------------------------------------
 0    298  298    0015.fa20.a196 40    BD Eng Gi0/0/1:SI298
 0    298  298    0017.5a66.88e0 50    ISIS   OTV1

2 unicast routes displayed in Overlay1

----------------------------------------------------------
2 Total Unicast Routes Displayed

ASR2#

Tips:
If any MAC is not listed which is expected to be learnt from overlay cloud
-          Check the OTV ISIS database.
-          Check the table in originating OTV router.

show l2fib bridge-domain 298 table unicast
 
-          Provides the MAC details in L2 FIB table.
-          Provides the egress OTV router and the address details used to encapsulate the frame.

ASR2#show l2fib bridge-domain 298 table unicast
Bridge Domain : 298
  Unicast Address table size : 3
  Unicast Address table information :
    Mac: 0015.fa20.a196, Adjacency: Serv Inst: Gi0/0/1:298
    Mac: 0017.5a66.88e0, Adjacency: OTV Encap: 10.1.12.3
    Mac: ffff.ffff.ffff, Adjacency: Olist: 16, Ports: 2

ASR2#

Show otv isis rib redistribution mac
-          Check if  MAC learnt from bridge-domain are redistributed into ISIS.

OTV1#show otv isis rib redistribution mac

Tag Overlay2:
 MAC redistribution local rib for Overlay2 (Total 2)
  L2 Topology ID        Mac Address            
  298                   0017.5A66.88E0
    State: Up/Best/Advertised Metric: 1
  299                   0017.5A66.88E0
    State: Up/Best/Advertised Metric: 1
OTV1#

Show otv isis database <> detail
-          Check the LSP to advertise MAC address to OTV ISIS neighbors.
-          Check the same on all OTV routers OTV ISIS database.

OTV1#show otv isis database OTV1.00-00 detail

Tag Overlay1:

IS-IS Level-1 LSP OTV1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
OTV1.00-00          * 0x0000006B   0xFCAA        738               0/0/0
  Area Address: 00
  NLPID:        0xCC 0x8E
  Hostname: OTV1

Tag Overlay2:

IS-IS Level-1 LSP OTV1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
OTV1.00-00          * 0x0000044E   0xC668        873               0/0/0
  Area Address: 00
  NLPID:        0xCC 0x8E
  Hostname: OTV1
  Metric: 10         IS-Extended ASR3.01
  Layer 2 MAC Reachability: topoid 0, vlan 298, confidence 1
    0017.5a66.88e0
  Layer 2 MAC Reachability: topoid 0, vlan 299, confidence 1
    0017.5a66.88e0
         
IS-IS Level-1 mgroup LSP OTV1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
OTV1.00-00          * 0x0000014A   0xF983        880               0/0/0
  Layer 2 Multicast Group
    Group IP Address: topoid 0, vlan 298, # of records 1
      Group address: 224.0.1.40, sources: *
    Router Capability -- router id: 10.1.12.3, flag: 0
      interested vlan (topology, vlan): (0, 298)
OTV1#



Tips:
If the MAC is not in OTV ISIS databse,
-          Check if Originating router is learnt in bridge-domain.
-          Check if the leant MAC is redistributed into ISIS
-          Check if it have OTV ISIS LSP originated for the learnt MAC.

Posted by at

1 comment:

  1. BrijeshJuly 16, 2019 at 3:04 PM

    Hi Nagendra,
    Bit confusing : Is IGMP involved if OTV configured with Unicast mode ? If so what can we check for IGMP command to verify control plane converged between two DCI / OTV site

    Many Thanks,

    Brijesh Patel

    ReplyDelete

Subscribe to: Post Comments (Atom)