Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

OTV Configuration Example – Multi VRF Network

This document provides the configuration example for deploying OTV in the Data Centers having multiple VRFs.

Topology

There are two Aggregation VDCs in each data center having three VRFs Web, App and DB. Both the Data Centers are connected via two 10 Gig circuits connected directly to the Aggregation Layer switches.

OTV.jpg

Configuration

Main purpose of this document is to show OTV related configuration both at the OTV VDC and at the Aggregation VDCs.

There are three vlans 701, 750 and 775 are extended between the two Data Centers through OTV. These VLANs have SVIs at the aggregation layer corresponds to the three different VRFs.

OTV join interface in the OTV VDC is configured in the default VRF.

OTV join interface in the Aggregation VDC is configured in the App VRF. The choice of VRF is depends on the customer network.

The Layer 3 VRFs are extended between the two Data Centers and OSPF is the IGP protocol.

OTV Adjacency Server Unicast is used in this configuration example.

Data Center 1 - Aggregation - 1

hostname DC1-N7K-AGG-01

!

vrf context web

vrf context app

vrf context db

vrf context vpckeepalive

!

vlan 900

  name native-vlan

!

vlan 453

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel3

  description vPC Peer Keep Alive

  vrf member vpckeepalive

  no ip redirects

  ip address 192.168.1.1/30

!

interface Ethernet1/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

interface Ethernet2/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

vpc domain 11

  peer-switch

  role priority 10

  system-priority 4096

  peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpckeepalive

  peer-gateway

  auto-recovery

  ip arp synchronize

!

interface port-channel2

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  spanning-tree port type network

  vpc peer-link

!

interface Ethernet3/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface Ethernet4/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface port-channel13

  description OTV Internal Interface – OTV-VDC-1

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  vpc 13

!

interface Ethernet7/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

interface port-channel14

  description OTV Internal Interface – OTV-VDC-2

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  vpc 14

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 14 mode active

  no shutdown

!

interface Vlan701

  no shutdown

  description Web VLAN

  vrf member web

  no ip redirects

  ip address 10.16.1.2/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 701

    preempt

    priority 200

    ip 10.16.1.1

!

interface Vlan750

  no shutdown

  description App VLAN

  vrf member app

  no ip redirects

  ip address 10.17.1.2/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 750

    preempt

    priority 200

    ip 10.17.1.1

!

interface Vlan775

  no shutdown

  description DB VLAN

  vrf member db

  no ip redirects

  ip address 10.18.1.2/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 775

    preempt

    priority 200

    ip 10.18.1.1

!

interface port-channel12

  description OTV Join Interface – OTV-VDC-1

  mtu 9216

  vrf member app

  no ip redirects

  ip address 10.3.0.49/30

  ip router ospf 100 area 0.0.0.0

!

interface Ethernet8/18

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/18

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet3/17

  description To Data-Center-2 Aggregation-1 VDC

  mtu 9216

  no shutdown

!

interface Ethernet3/17.725

  encapsulation dot1q 725

  vrf member web

  ip address 10.16.0.13/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  ip address 10.17.0.13/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.775

  encapsulation dot1q 775

  vrf member db

  ip address 10.18.0.13/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1

  description Layer 3 Between Nexus 7ks

  mtu 9216

  no shutdown

!

interface port-channel1.725

  encapsulation dot1q 725

  vrf member web

  no ip redirects

  ip address 10.16.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  no ip redirects

  ip address 10.17.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.775

  encapsulation dot1q 775

  vrf member db

  no ip redirects

  ip address 10.18.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface Ethernet4/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface loopback1

  description web-loopback

  vrf member web

  ip address 10.16.0.254/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback2

  description app-loopback

  vrf member app

  ip address 10.17.0.254/32

  ip router ospf 100 area 0.0.0.0

interface loopback3

  description db-loopback

  vrf member db

  ip address 10.18.0.254/32

  ip router ospf 100 area 0.0.0.0

!

router ospf 100

  vrf web

    router-id 10.16.0.254

    passive-interface default

  vrf app

    router-id 10.17.0.254

    passive-interface default

  vrf db

    router-id 10.18.0.254

    passive-interface default

Data Center 1 - Aggregation - 2

hostname DC1-N7K-AGG-02

!

vrf context web

vrf context app

vrf context db

vrf context vpckeepalive

!

vlan 900

  name native-vlan

!

vlan 453

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel3

  description vPC Peer Keep Alive

  vrf member vpckeepalive

  no ip redirects

  ip address 192.168.1.2/30

!

interface Ethernet1/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

interface Ethernet2/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

vpc domain 11

  peer-switch

  role priority 100

  system-priority 4096

  peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpckeepalive

  peer-gateway

  auto-recovery

  ip arp synchronize

!

interface port-channel2

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  spanning-tree port type network

  vpc peer-link

!

interface Ethernet3/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface Ethernet4/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface port-channel13

  description OTV Internal Interface – OTV-VDC-1

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  vpc 13

!

interface Ethernet7/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

interface port-channel14

  description OTV Internal Interface – OTV-VDC-2

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  vpc 14

!

interface Ethernet8/25

  switchport

switchport mode trunk

switchport trunk native vlan 900

channel-group 14 mode active

no shutdown

!

interface Vlan701

  no shutdown

  description Web VLAN

  vrf member web

  no ip redirects

  ip address 10.16.1.3/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 701

    ip 10.16.1.1

!

interface Vlan750

  no shutdown

  description App VLAN

  vrf member app

  no ip redirects

  ip address 10.17.1.3/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 750

    ip 10.17.1.1

!

interface Vlan775

  no shutdown

  description DB VLAN

  vrf member db

  no ip redirects

  ip address 10.18.1.3/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 775

    ip 10.18.1.1

!

interface port-channel12

  description OTV Join Interface – OTV-VDC-2

  mtu 9216

  vrf member trusted

  no ip redirects

  ip address 10.3.0.53/30

  ip router ospf 100 area 0.0.0.0

!

interface Ethernet8/18

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/18

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet3/17

  description To Data-Center-2 Aggregation-2 VDC

  mtu 9216

  no shutdown

!

interface Ethernet3/17.725

  encapsulation dot1q 725

  vrf member web

  ip address 10.16.0.17/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  ip address 10.17.0.17/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.775

  encapsulation dot1q 775

  vrf member db

  ip address 10.18.0.17/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1

  description Layer 3 Between Nexus 7ks

  mtu 9216

  no shutdown

!

interface port-channel1.725

  encapsulation dot1q 725

  vrf member web

  no ip redirects

  ip address 10.16.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  no ip redirects

  ip address 10.17.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.775

  encapsulation dot1q 775

  vrf member db

  no ip redirects

  ip address 10.18.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface Ethernet4/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface loopback1

  description web-loopback

  vrf member web

  ip address 10.16.0.253/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback2

  description app-loopback

  vrf member app

  ip address 10.17.0.253/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback3

  description db-loopback

  vrf member db

  ip address 10.18.0.253/32

  ip router ospf 100 area 0.0.0.0

!

router ospf 100

  vrf web

     router-id 10.16.0.253

    passive-interface default

  vrf app

    router-id 10.17.0.253

    passive-interface default

  vrf db

    router-id 10.18.0.253

    passive-interface default

Data Center 1 - OTV - 1

hostname DC1-N7K-OTV-01

!

feature otv

feature lacp

!

vlan 900

  name native-vlan

!

vlan 453

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel12

  description Join Interface L3

  mtu 9216

  no ip redirects

  ip address 10.3.0.50/30

!

interface Ethernet8/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

ip route 0.0.0.0/0 10.3.0.49

!

otv site-identifier 0x1

!

otv site-vlan 453

!

interface Overlay100

  description OTV Data-Center-1

  otv join-interface port-channel12

  otv extend-vlan 701, 750, 775

  otv use-adjacency-server 10.3.0.50 10.35.0.50 unicast-only

  otv adjacency-server unicast-only

  no shutdown

!

interface port-channel13

  description Internal Interface L2 Port-Channel

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

interface Ethernet9/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

ip access-list ALL_IPs

  10 permit ip any any

mac access-list ALL_MACs

  10 permit any any

ip access-list HSRP_IP

  10 permit udp any 224.0.0.2/32 eq 1985

  20 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

  10 permit 0000.0c07.ac00 0000.0000.00ff any

  20 permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000

  30 permit ip any mac any

!

vlan access-map HSRP_Localization 10

       match mac address HSRP_VMAC

       match ip address HSRP_IP

       action drop

vlan access-map HSRP_Localization 20

       match mac address ALL_MACs

       match ip address ALL_IPs

       action forward

!

vlan filter HSRP_Localization vlan-list 2-452,454-800,1151-1200

!

ip arp inspection filter HSRP_VMAC_ARP vlan 701,750,775

!

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000

mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000

!

route-map OTV_HSRP_filter permit 10

  match mac-list OTV_HSRP_VMAC_deny

!

otv-isis default

  vpn Overlay100

    redistribute filter route-map OTV_HSRP_filter

Data Center 1 - OTV - 2

hostname DC1-N7K-OTV-02

!

feature otv

feature lacp

!

vlan 900

  name native-vlan

!

vlan 453

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel12

  description Join Interface L3

  mtu 9216

  no ip redirects

  ip address 10.3.0.54/30

!

interface Ethernet8/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

ip route 0.0.0.0/0 10.3.0.53

!

otv site-identifier 0x1

!

otv site-vlan 453

!

interface Overlay100

  description OTV Data-Center-1

  otv join-interface port-channel12

  otv extend-vlan 701, 750, 775

  otv use-adjacency-server 10.3.0.50 10.35.0.50 unicast-only

  otv adjacency-server unicast-only

  no shutdown

!

interface port-channel13

  description Internal Interface L2 Port-Channel

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

interface Ethernet9/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 900

  channel-group 13 mode active

  no shutdown

!

ip access-list ALL_IPs

  10 permit ip any any

mac access-list ALL_MACs

  10 permit any any

ip access-list HSRP_IP

  10 permit udp any 224.0.0.2/32 eq 1985

  20 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

  10 permit 0000.0c07.ac00 0000.0000.00ff any

  20 permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000

  30 permit ip any mac any

!

vlan access-map HSRP_Localization 10

       match mac address HSRP_VMAC

       match ip address HSRP_IP

       action drop

vlan access-map HSRP_Localization 20

       match mac address ALL_MACs

       match ip address ALL_IPs

       action forward

!

vlan filter HSRP_Localization vlan-list 2-452,454-800,1151-1200

!

ip arp inspection filter HSRP_VMAC_ARP vlan 701,750,775

!

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000

mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000

!

route-map OTV_HSRP_filter permit 10

  match mac-list OTV_HSRP_VMAC_deny

!

otv-isis default

  vpn Overlay100

    redistribute filter route-map OTV_HSRP_filter

Data Center 2 - Aggregation - 1

hostname DC2-N7K-AGG-01

vrf context web

vrf context app

vrf context db

vrf context vpckeepalive

!

vlan 1900

  name native-vlan

!

vlan 1600

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel3

  description vPC Peer Keep Alive

  vrf member vpckeepalive

  no ip redirects

  ip address 192.168.2.1/30

!

interface Ethernet1/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

interface Ethernet2/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

vpc domain 12

  peer-switch

  role priority 10

  system-priority 4096

  peer-keepalive destination 192.168.2.2 source 192.168.2.1 vrf vpckeepalive

  peer-gateway

  auto-recovery

  ip arp synchronize

!

interface port-channel2

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  spanning-tree port type network

  vpc peer-link

!

interface Ethernet3/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface Ethernet4/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface port-channel13

  description OTV Internal Interface – OTV-VDC-1

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  vpc 13

!

interface Ethernet7/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

interface port-channel14

  description OTV Internal Interface – OTV-VDC-2

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  vpc 14

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 14 mode active

  no shutdown

!

interface Vlan701

  no shutdown

  description Web VLAN

  vrf member web

  no ip redirects

  ip address 10.16.1.4/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 701

    preempt

    priority 200

    ip 10.16.1.1

!

interface Vlan750

  no shutdown

  description App VLAN

  vrf member app

  no ip redirects

  ip address 10.17.1.4/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 750

    preempt

    priority 200

    ip 10.17.1.1

!

interface Vlan775

  no shutdown

  description DB VLAN

  vrf member db

  no ip redirects

  ip address 10.18.1.4/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 775

    preempt

    priority 200

    ip 10.18.1.1

!

interface port-channel12

  description OTV Join Interface – OTV-VDC-1

  mtu 9216

  vrf member app

  no ip redirects

  ip address 10.35.0.49/30

  ip router ospf 100 area 0.0.0.0

!

interface Ethernet3/25

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet4/25

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet3/17

  description To Data-Center-1 Aggregation-1 VDC

  mtu 9216

  no shutdown

!

interface Ethernet3/17.725

  encapsulation dot1q 725

  vrf member web

  ip address 10.16.0.14/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  ip address 10.17.0.14/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.775

  encapsulation dot1q 775

  vrf member db

  ip address 10.18.0.14/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1

  description Layer 3 Between Nexus 7ks

  mtu 9216

  no shutdown

!

interface port-channel1.725

  encapsulation dot1q 725

  vrf member web

  no ip redirects

  ip address 10.26.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  no ip redirects

  ip address 10.27.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.775

  encapsulation dot1q 775

  vrf member db

  no ip redirects

  ip address 10.28.0.9/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface Ethernet4/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface loopback1

  description web-loopback

  vrf member web

  ip address 10.26.0.254/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback2

  description app-loopback

  vrf member app

  ip address 10.27.0.254/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback3

  description db-loopback

  vrf member db

  ip address 10.28.0.254/32

  ip router ospf 100 area 0.0.0.0

!

router ospf 100

  vrf web

    router-id 10.26.0.254

    passive-interface default

  vrf app

    router-id 10.27.0.254

    passive-interface default

  vrf db

    router-id 10.28.0.254

    passive-interface default

Data Center 2 - Aggregation - 2

hostname DC2-N7K-AGG-02

vrf context web

vrf context app

vrf context db

vrf context vpckeepalive

!

vlan 1900

  name native-vlan

!

vlan 1600

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel3

  description vPC Peer Keep Alive

  vrf member vpckeepalive

  no ip redirects

  ip address 192.168.2.2/30

!

interface Ethernet1/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

interface Ethernet2/1

  description vPC Peer Keep Alive

  channel-group 3 mode active

  no shutdown

!

vpc domain 12

  peer-switch

  role priority 100

  system-priority 4096

  peer-keepalive destination 192.168.2.1 source 192.168.2.2 vrf vpckeepalive

  peer-gateway

  auto-recovery

  ip arp synchronize

!

interface port-channel2

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  spanning-tree port type network

  vpc peer-link

!

interface Ethernet3/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface Ethernet4/1

  description vPC Peer Link

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  rate-mode dedicated force

  channel-group 2 mode active

  no shutdown

!

interface port-channel13

  description OTV Internal Interface – OTV-VDC-1

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  vpc 13

!

interface Ethernet7/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

interface port-channel14

  description OTV Internal Interface – OTV-VDC-2

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  vpc 14

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 14 mode active

  no shutdown

!

interface Vlan701

  no shutdown

  description Web VLAN

  vrf member web

  no ip redirects

  ip address 10.16.1.5/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 701

    ip 10.16.1.1

!

interface Vlan750

  no shutdown

  description App VLAN

  vrf member app

  no ip redirects

  ip address 10.17.1.5/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 750

    ip 10.17.1.1

!

interface Vlan775

  no shutdown

  description DB VLAN

  vrf member db

  no ip redirects

  ip address 10.18.1.5/24

  ip router ospf 100 area 0.0.0.0

  hsrp version 2

  hsrp 775

    ip 10.18.1.1

!

interface port-channel12

  description OTV Join Interface – OTV-VDC-2

  mtu 9216

  vrf member app

  no ip redirects

  ip address 10.35.0.53/30

  ip router ospf 100 area 0.0.0.0

!

interface Ethernet3/25

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet4/25

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet3/17

  description To Data-Center-1 Aggregation-2 VDC

  mtu 9216

  no shutdown

!

interface Ethernet3/17.725

  encapsulation dot1q 725

  vrf member web

  ip address 10.16.0.18/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  ip address 10.17.0.18/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/17.775

  encapsulation dot1q 775

  vrf member db

  ip address 10.18.0.18/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1

  description Layer 3 Between Nexus 7ks

  mtu 9216

  no shutdown

!

interface port-channel1.725

  encapsulation dot1q 725

  vrf member web

  no ip redirects

  ip address 10.26.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.750

  mtu 9216

  encapsulation dot1q 750

  vrf member app

  no ip redirects

  ip address 10.27.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface port-channel1.775

  encapsulation dot1q 775

  vrf member db

  no ip redirects

  ip address 10.28.0.10/30

  ip ospf network point-to-point

  no ip ospf passive-interface

  ip router ospf 100 area 0.0.0.0

  no shutdown

!

interface Ethernet3/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface Ethernet4/25

  description Layer 3 Between Nexus 7ks

  mtu 9216

  channel-group 1 mode active

  no shutdown

!

interface loopback1

  description web-loopback

  vrf member web

  ip address 10.26.0.253/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback2

  description app-loopback

  vrf member app

  ip address 10.27.0.253/32

  ip router ospf 100 area 0.0.0.0

!

interface loopback3

  description db-loopback

  vrf member db

  ip address 10.28.0.253/32

  ip router ospf 100 area 0.0.0.0

!

router ospf 100

  vrf web

    router-id 10.26.0.253

    passive-interface default

  vrf app

    router-id 10.27.0.253

    passive-interface default

  vrf db

    router-id 10.28.0.253

    passive-interface default

Data Center 2 - OTV - 1

hostname DC2-N7K-OTV-01

!

feature otv

feature lacp

!

vlan 1900

  name native-vlan

!

vlan 1600

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel12

  description Join Interface L3

  mtu 9216

  no ip redirects

  ip address 10.35.0.50/30

!

interface Ethernet8/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

ip route 0.0.0.0/0 10.35.0.49

!

otv site-identifier 0x2

!

otv site-vlan 1600

!

interface Overlay100

  description OTV Data-Center-2

  otv join-interface port-channel12

  otv extend-vlan 701, 750, 775

  otv use-adjacency-server 10.3.0.50 10.35.0.50 unicast-only

  otv adjacency-server unicast-only

  no shutdown

!

interface port-channel13

  description Internal Interface L2 Port-Channel

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

interface Ethernet9/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

ip access-list ALL_IPs

  10 permit ip any any

mac access-list ALL_MACs

  10 permit any any

ip access-list HSRP_IP

  10 permit udp any 224.0.0.2/32 eq 1985

  20 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

  10 permit 0000.0c07.ac00 0000.0000.00ff any

  20 permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000

  30 permit ip any mac any

!

vlan access-map HSRP_Localization 10

       match mac address HSRP_VMAC

       match ip address HSRP_IP

       action drop

vlan access-map HSRP_Localization 20

       match mac address ALL_MACs

       match ip address ALL_IPs

       action forward

!

vlan filter HSRP_Localization vlan-list 2-452,454-800,1151-1200

!

ip arp inspection filter HSRP_VMAC_ARP vlan 701,750,775

!

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000

mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000

!

route-map OTV_HSRP_filter permit 10

  match mac-list OTV_HSRP_VMAC_deny

!

otv-isis default

  vpn Overlay100

     redistribute filter route-map OTV_HSRP_filter

Data Center 2 - OTV - 2

hostname DC2-N7K-OTV-02

!

feature otv

feature lacp

!

vlan 1900

  name native-vlan

!

vlan 1600

  name otv-site-vlan

!

vlan 701

  name web

!

vlan 750

  name app

!

vlan 775

  name db

!

interface port-channel12

  description Join Interface L3

  mtu 9216

  no ip redirects

  ip address 10.35.0.54/30

!

interface Ethernet8/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

interface Ethernet9/26

  mtu 9216

  channel-group 12 mode active

  no shutdown

!

ip route 0.0.0.0/0 10.35.0.53

!

otv site-identifier 0x2

!

otv site-vlan 1600

!

interface Overlay100

  description OTV Data-Center-2

  otv join-interface port-channel12

  otv extend-vlan 701, 750, 775

  otv use-adjacency-server 10.3.0.50 10.35.0.50 unicast-only

  otv adjacency-server unicast-only

  no shutdown

!

interface port-channel13

  description Internal Interface L2 Port-Channel

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

!

interface Ethernet8/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

interface Ethernet9/25

  switchport

  switchport mode trunk

  switchport trunk native vlan 1900

  channel-group 13 mode active

  no shutdown

!

ip access-list ALL_IPs

  10 permit ip any any

mac access-list ALL_MACs

  10 permit any any

ip access-list HSRP_IP

  10 permit udp any 224.0.0.2/32 eq 1985

  20 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

  10 permit 0000.0c07.ac00 0000.0000.00ff any

  20 permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

  10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00

  20 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000

  30 permit ip any mac any

!

vlan access-map HSRP_Localization 10

       match mac address HSRP_VMAC

       match ip address HSRP_IP

       action drop

vlan access-map HSRP_Localization 20

       match mac address ALL_MACs

       match ip address ALL_IPs

       action forward

!

vlan filter HSRP_Localization vlan-list 2-452,454-800,1151-1200

!

ip arp inspection filter HSRP_VMAC_ARP vlan 701,750,775

!

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000

mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000

!

route-map OTV_HSRP_filter permit 10

  match mac-list OTV_HSRP_VMAC_deny

!

otv-isis default

  vpn Overlay100

    redistribute filter route-map OTV_HSRP_filter

Version history
Revision #:
1 of 1
Last update:
‎08-20-2013 07:13 PM
 
Labels (1)