らくがきちょう

なんとなく～所属組織/団体とは無関係であり、個人の見解です～

はじめての OTV (Overlay Transport Virtualization)

Cisco Cisco IOS-XE OTV

OTV を使うと L2 延伸を行うことが出来ます。例えば、離れたデータセンター間で仮想マシンを vMotion した際等に利用出来ます。L2延伸だけなら L2TP でも可能ですが、L2TP ではループする可能性があります。対して OTV はマルチパス機能やループフリーである、という性質を持っています。今回はシンプルな構成で OTV を試してみます。

構成

以下の構成で検証します。

f:id:sig9:20160515225753p:plain

DC1 と DC2 という異なるデータセンターの OTV ルータ間でユニキャストを使った OTV 設定をしていますので、DC1 と DC2 の LAN 内が同じ 192.168.200.0/24 (VLAN200) というネットワークになっています。各ルータの OS は以下の通りです。

Hostname	OS
DC1-OTV	IOS-XE 03.17.00
DC2-OTV	IOS-XE 03.17.00
Core	15.6(2)T
DC1-Host	15.6(2)T
DC2-Host	15.6(2)T

コンフィグ

Host と Core はインターフェイスにアドレスを割り当てているだけで、その他は特に何も設定していません。

DC1-OTV

hostname DC1-OTV
!
otv site bridge-domain 100
 otv isis hello-interval 3
!
otv site-identifier 0000.0000.0001
!
interface Overlay0
 no ip address
 no shutdown
 otv join-interface GigabitEthernet2
 otv adjacency-server unicast-only
 otv isis hello-interval 3
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
!
interface GigabitEthernet2
 ip address 10.0.1.1 255.255.255.0
 no shutdown
!
interface GigabitEthernet3
 no ip address
 no shutdown
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
!
ip route 10.0.2.0 255.255.255.0 10.0.1.254
!
end

DC2-OTV

hostname DC2-OTV
!
otv site bridge-domain 100
 otv isis hello-interval 3
!
otv site-identifier 0000.0000.0002
!
interface Overlay0
 no ip address
 no shutdown
 otv join-interface GigabitEthernet2
 otv use-adjacency-server 10.0.1.1 unicast-only
 otv adjacency-server unicast-only
 otv isis hello-interval 3
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
!
interface GigabitEthernet2
 ip address 10.0.2.2 255.255.255.0
 no shutdown
!
interface GigabitEthernet3
 no ip address
 no shutdown
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
!
ip route 10.0.1.0 255.255.255.0 10.0.2.254
!
end

Core

hostname Core
!
interface GigabitEthernet0/1
 ip address 10.0.1.254 255.255.255.0
 no shutdown
!
interface GigabitEthernet0/2
 ip address 10.0.2.254 255.255.255.0
 no shutdown
!
end

DC1-Host

hostname DC1-Host
!
interface GigabitEthernet0/1
 no ip address
 no shutdown
!
interface GigabitEthernet0/1.200
 encapsulation dot1Q 200
 ip address 192.168.200.11 255.255.255.0
!
end

DC2-Host

hostname DC2-Host
!
interface GigabitEthernet0/1
 no ip address
 no shutdown
!
interface GigabitEthernet0/1.200
 encapsulation dot1Q 200
 ip address 192.168.200.22 255.255.255.0
!
end

状態確認

DC1-Host から DC2-Host へ Ping を実行

DC1-Host# ping 192.168.200.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.22, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 9/10/12 ms

DC1-Host# show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.200.11          -   fa16.3e2f.8da1  ARPA   GigabitEthernet0/1.200
Internet  192.168.200.22          7   fa16.3ee5.aae6  ARPA   GigabitEthernet0/1.20

DC1-OTV の状態

DC1-OTV# show otv
Overlay Interface Overlay0
 VPN name                 : None
 VPN ID                   : 1
 State                    : UP
 Fwd-capable              : Yes
 Fwd-ready                : Yes
 AED-Server               : Yes
 Backup AED-Server        : No
 AED Capable              : Yes
 Join interface(s)        : GigabitEthernet2
 Join IPv4 address        : 10.0.1.1
 Tunnel interface(s)      : Tunnel0
 Encapsulation format     : GRE/IPv4
 Site Bridge-Domain       : 100
 Capability               : Unicast-only
 Is Adjacency Server      : Yes
 Adj Server Configured    : No
 Prim/Sec Adj Svr(s)      : None

DC1-OTV# show otv site
Site Adjacency Information (Site Bridge-Domain: 100)

Overlay0 Site-Local Adjacencies (Count: 1)

  Hostname       System ID      Last Change Ordinal    AED Enabled Status
* DC1-OTV        001E.7A3B.C900 01:43:25    0          site       overlay

DC1-OTV# show otv vlan
Key:  SI - Service Instance, NA - Non AED, NFC - Not Forward Capable.

Overlay 0 VLAN Configuration Information
 Inst VLAN BD   Auth ED              State                Site If(s)
 0    200  200  *DC1-OTV             active              Gi3:SI200
 Total VLAN(s): 1

DC1-OTV# show otv adjacency
Overlay Adjacency Database for overlay 0
Hostname                       System-ID      Dest Addr       Site-ID        Up Time   State
DC2-OTV                        001e.e681.fd00 10.0.2.2        0000.0000.0002 01:41:38  UP

DC1-OTV# show otv arp-nd-cache
Overlay0 ARP/ND L3->L2 Address Mapping Cache
BD     MAC            Layer-3 Address  Age (HH:MM:SS) Local/Remote
200    fa16.3ee5.aae6 192.168.200.22   00:00:34       Remote

DC1-OTV# show otv route

Codes: BD - Bridge-Domain, AD - Admin-Distance,
       SI - Service Instance, * - Backup Route

OTV Unicast MAC Routing Table for Overlay0

 Inst VLAN BD     MAC Address    AD    Owner  Next Hops(s)
----------------------------------------------------------
 0    200  200    fa16.3e2f.8da1 40    BD Eng Gi3:SI200
 0    200  200    fa16.3ee5.aae6 50    ISIS   DC2-OTV

2 unicast routes displayed in Overlay0

----------------------------------------------------------
2 Total Unicast Routes Displayed

DC2-OTV の状態

DC2-OTV# show otv
Overlay Interface Overlay0
 VPN name                 : None
 VPN ID                   : 1
 State                    : UP
 Fwd-capable              : Yes
 Fwd-ready                : Yes
 AED-Server               : Yes
 Backup AED-Server        : No
 AED Capable              : Yes
 Join interface(s)        : GigabitEthernet2
 Join IPv4 address        : 10.0.2.2
 Tunnel interface(s)      : Tunnel0
 Encapsulation format     : GRE/IPv4
 Site Bridge-Domain       : 100
 Capability               : Unicast-only
 Is Adjacency Server      : Yes
 Adj Server Configured    : Yes
 Prim/Sec Adj Svr(s)      : 10.0.1.1

DC2-OTV# show otv site
Site Adjacency Information (Site Bridge-Domain: 100)

Overlay0 Site-Local Adjacencies (Count: 1)

  Hostname       System ID      Last Change Ordinal    AED Enabled Status
* DC2-OTV        001E.E681.FD00 01:46:12    0          site       overlay

DC2-OTV# show otv vlan
Key:  SI - Service Instance, NA - Non AED, NFC - Not Forward Capable.

Overlay 0 VLAN Configuration Information
 Inst VLAN BD   Auth ED              State                Site If(s)
 0    200  200  *DC2-OTV             active              Gi3:SI200
 Total VLAN(s): 1

DC2-OTV# show otv adjacency
Overlay Adjacency Database for overlay 0
Hostname                       System-ID      Dest Addr       Site-ID        Up Time   State
DC1-OTV                        001e.7a3b.c900 10.0.1.1        0000.0000.0001 01:46:54  UP

DC2-OTV# show otv arp-nd-cache
Overlay0 ARP/ND L3->L2 Address Mapping Cache
BD     MAC            Layer-3 Address  Age (HH:MM:SS) Local/Remote
200    fa16.3e2f.8da1 192.168.200.11   00:04:58       Remote

DC2-OTV# show otv route

Codes: BD - Bridge-Domain, AD - Admin-Distance,
       SI - Service Instance, * - Backup Route

OTV Unicast MAC Routing Table for Overlay0

 Inst VLAN BD     MAC Address    AD    Owner  Next Hops(s)
----------------------------------------------------------
 0    200  200    fa16.3e2f.8da1 50    ISIS   DC1-OTV
 0    200  200    fa16.3ee5.aae6 40    BD Eng Gi3:SI200

2 unicast routes displayed in Overlay0

----------------------------------------------------------
2 Total Unicast Routes Displayed

DC2-Host での状態確認

DC2-Host# show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.200.11          7   fa16.3e2f.8da1  ARPA   GigabitEthernet0/1.200
Internet  192.168.200.22          -   fa16.3ee5.aae6  ARPA   GigabitEthernet0/1.20

参考 URL