otv in ccie data center - clnchina.com.cn · ccie# 16691 rs/voice/sp/security/datacenter/wireless ....

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1

OTV in CCIE Data Center Sunny LiYu Zhang – China TAC

CCIE# 16691

RS/Voice/SP/Security/DataCenter/Wireless

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-2049_c1 2

Agenda

CCIE Data Center Overview and Resources

OTV Architecture Principles

Overview

Terminology

Control Plane / Data Plane

Failure Isolation

Multi-Home

OTV Configuration Examples


Agenda



Overview

Terminology


Failure Isolation

Multi-Home



思科认证


Cisco Unified Data Center

UNIFIED

MANAGEM

ENT

UNIFIED

FABRIC

UNIFIED

COMPUTI

NG

Cisco Unified Computing : UCS Cisco Unified Fabric : Nexus Cisco Unified Management : UCSM / Prime


Data Center Lab Exam

UCS C200 Series Server

UCS-6248 Fabric Interconnects

UCS-5108 Blade Chassis

MDS 9222i

Nexus7009

Nexus5548

Nexus2232

Nexus 2224

Nexus 1000v

Cisco Application Control Engine Appliance - ACE4710

所需的硬件设备


Data Center Lab Exam: Locations

Sydney

San Jose

RTP Brussels

Eight fixed CCIE Lab Locations for CCIE DC

Tokyo

Dubai


在线学习讲座文档

讨论

官方博客和有用的信息

认证项目相关信息

8

学习资源：如何在CLN上找到

www.clnchina.com.cn


学习资源：思科服务支持社区 — CSC Cisco Support Community，是思科TS（Technical Services）部门为广大思科客户及合作伙

伴提供技术服务支持的新平台。在线答疑专家定期解决大家提出的问题。亦可通过“在线提

交Case”直接提交TAC服务请求，我们的技术支持专家会尽快为您解决。

www.csc-china.com.cn


Agenda



Overview

Terminology


Failure Isolation

Path Optimization



Overlay Transport Virtualization (OTV)

O

V

Overlay - A solution that is independent of the

infrastructure technology and services, flexible

over various inter-connect facilities

Transport - Transporting services for layer 2

and layer 3 Ethernet and IP traffic

Virtualization - Provides virtual connections,

connections that are in turn virtualized and

partitioned into VPNs, VRFs, VLANs

T

OTV delivers a virtual L2 transport over any L3 Infrastructure


Challenges with LAN Extensions Real Problems Solved by OTV

Extensions over any transport (IP, MPLS)

Failure boundary preservation

Site independence / isolation

Optimal BW utilization (no head-end replication)

Resiliency/multihoming

Built-in end-to-end loop prevention

Multisite connectivity (inter and intra DC)

Scalability

VLANs, sites, MACs

ARP, broadcasts/floods

South Data

Center

North Data

Center Fault

Domain

Fault

Domain

Fault

Domain

Fault

Domain

LAN Extension

Only 5 CLI commands


Overlay Transport Virtualization

OTV is a “MAC in IP” technique to extend Layer 2 domains

OVER ANY TRANSPORT

Technology Pillars

Protocol Learning

Built-in Loop Prevention

Preserve Failure

Boundary

Site Independence

Automated Multi-homing

Dynamic Encapsulation

No Pseudo-Wire State

Maintenance Optimal Multicast

Replication

Multipoint Connectivity

Point-to-Cloud Model

First platform to support OTV starting with 5.0(3) release!

Nexus 7000


Agenda



Overview

Terminology


Failure Isolation

Multi-Home



L2

L3

Transport Infrastructure*

OTV OTV

Terminology: “Edge Device” The Edge Device 是所有OTV功能实现的设备.

The Edge Device 可以位于站点中的核心层或分布层.

一个站点可以有多个OTV Edge Devices (多宿主).

* It can be owned by the Enterprise

or by the Service Provider

OTV Edge Device OTV Edge Device


L2

L3

Transport Infrastructure

OTV OTV

Terminology: “Internal Interfaces” The Internal Interfaces 是 Edge Devices 连接站点内部的接口，负责承载需要通过OTV传输的流量。（Extended VLAN）

Internal Interfaces 是传统的2层交换接口. OTV Internal Interfaces不需要进行任何的配置.

通常情况下，这些OTV Internal Interfaces 被配置为Layer 2 trunk接口，通过OTV进行扩展。

OTV Internal Interface =

OTV Internal

Interfaces

OTV Internal

Interfaces


L2

L3


OTV OTV

Terminology: “Join Interface”

Join interface 是 Edge Device 的上联接口。

Join Interface 通常是一个点到点的三层路由接口。这个接口可以是一个单一的物理接口，也可是由多个物理接口组成的以太网通道接口（PortChannel）

Join Interface 用来物理上加入整个OTV网络。

OTV Join Interface OTV Join Interface


Terminology: “Overlay Interface”

Overlay Interface 是一个逻辑（虚拟）接口，所有OTV的配置都在这个接口上体现。

Overlay Interface 支持多路访问，支持组播。It’s a logical multi-access multicast-capable interface.

Overlay Interface将站点内的2层帧封装在3层的IP单、组播数据包中，并发送到其他站点。

L2

L3


OTV OTV Overlay Interface Overlay Interface


OTV 报文 OTV在标准的IP封装增加了42字节

封装之后的OTV shim头部被附加在原来的IP头部之前，OTV shim头部包含了Overlay的信息 (vlan, overlay number, etc).

原来IP报文中的802.1Q头部被移除，并被拷贝到OTV shim头中

OTV sets the DF (Don’t Fragment) bit on all packets

42 Byte encapsulation (same as VPLSoGRE)

6B 6B 2B 20B 8B

DMAC SMAC Ether Type IP Header

Original Frame 4B CRC V

L

AN

OTV Shim

802.1Q DMAC SMAC Eth Payload

802.1Q

ToS

CoS


Agenda



Overview

Terminology

Control Plane / Data Plan

Failure Isolation

Multi-Home



OTV控制平面邻居发现、邻接关系的形成

Edge Devices 建立邻接关系通过OTV控制平面实现。

Edge Devices 可以通过组播（ multicast-enabled ）和单播（ unicast-only ）的方式建立邻接关系，根据实际网络是否支持组播而定。OTV支持这两种模式。

West East

South

OTV

OTV

Control Plane

OTV

Control Plane

OTV

Control

Plane

OTV OTV


Multicast-enabled

Transport

West East

South

OTV

OTV

Control Plane

OTV

Control Plane

OTV

Control

Plane

OTV OTV

IP A IGMP Report IGMP Report

IGM

P

Report

IP B

IP C

Encap

2

OTV Hello 3 Transport

Replication

IP A Mcast G OTV Hello IP A Mcast G OTV Hello

1

OTV Control Plane 基于组播环境的邻居发现

Decap

4

OTV Hello

IP A Mcast G OTV Hello

Decap

4

OTV Hello

IP A Mcast G OTV Hello

5

5

ASM Group


Multicast-enabled

Transport

West East

South

OTV

OTV

Control Plane

OTV

Control Plane

OTV

Control

Plane

OTV OTV

IP A IGMP Report IGMP Report

IGM

P

Report

IP B

IP C

OTV Control Plane 基于组播环境的邻居发现

Encap 7

OTV Hello

8 Core

Replication

IP C Mcast G OTV Hello

Decap

9

IP C Mcast G OTV Hello

Decap

9

The West Site sees that

the hello contains its ID.

The OTV Adjacency is

Established

10

The South Site sends its

hello with West’s address

in the TLV

OTV Hello OTV Hello

6

ASM Group

From Bottom to

Top


创建MAC地址表 OTV控制层面

OTV周期性的更新MAC地址可达信息 (控制层面学习).

一旦OTV成功配置，MAC就在系统后台开始自动通告.

无需额外的配置工作

在不同的Edge Devices之间，OTV控制层面使用ISIS作为控制协议。控制全部自动生成，无需人工干预

Core

IP A IP B

IP C

West East

South

MAC Addresses Reachability


OTV Control Plane 基于组播环境的MAC地址更新

只要 Edge Device 学习到一个新的MAC地址，OTV控制层面会将其关联的VLAN ID和IP地址下一跳更新到远端.

IP下一条地址为 Edge Devices 的 join interface地址.

一个OTV的更新可以包含不同VLAN的多个MAC地址.

一个更新包使用和邻居发现同样方式到达所有OTV Edge Devices.

Core

IP A

West

East

3 New MACs are learned

on VLAN 100

Vlan 100 MAC A

Vlan 100 MAC B

Vlan 100 MAC C

South-East

VLAN MAC IF

100 MAC A IP A

100 MAC B IP A

100 MAC C IP A

4

OTV update is replicated

by the core 3

3

2

VLAN MAC IF

100 MAC A IP A

100 MAC B IP A

100 MAC C IP A

4

3 New MACs are learned

on VLAN 100

1


Unicast-Only

Transport

East

South

OTV

OTV

Control Plane

OTV

Control Plane

OTV

Control

Plane

OTV OTV

IP A IP B

IP C

OTV Control Plane 单播模式的邻居发现 (Unicast-Only Transport)

West Encap

3

OTV Hello

1 The West Site sends

a “hello”

oNL South , IP C East , IP B

2 Head-End

Replication

OTV Hello IP A IP C OTV Hello

IP A IP B OTV Hello


Unicast-Only

Transport

East

South

OTV

OTV

Control Plane

OTV

Control Plane

OTV

Control

Plane

OTV OTV

IP A IP B

IP C

OTV Control Plane 单播模式的邻居发现 (Unicast-Only Transport)

Decap

4

OTV Hello

IP A IP C OTV Hello

IP A IP C OTV Hello

Decap

4

OTV Hello The other sites received

the West site’s hello

5

5


OTV Data Plane: 站点内部流量

OTV OTV OTV OTV

MAC TABLE

VLAN MAC IF

100 MAC 1 Eth 2

100 MAC 2 Eth 1 Layer 2

Lookup

1

West

Site MAC 1

East

Site

1. Layer 2 lookup on the destination MAC address.

2. MAC 2 is reachable through Ethernet 1.

3. The frame is delivered to the destination.

MAC 2

MAC 1 MAC 2




OTV Data Plane: 站点间流量

OTV OTV OTV OTV

MAC TABLE

VLAN MAC IF

100 MAC 1 Eth 2

100 MAC 2 Eth 1

100 MAC 3 IP B

100 MAC 4 IP B

MAC 1 MAC 3

IP A IP B MAC 1 MAC 3

MAC TABLE

VLAN MAC IF

100 MAC 1 IP A

100 MAC 2 IP A

100 MAC 3 Eth 3

100 MAC 4 Eth 4

Layer 2

Lookup

5 IP A IP B MAC 1 MAC 3 MAC 1 MAC 3 Layer 2

Lookup

1 Encap

2 Decap

4

MAC 1 MAC 3 West

Site MAC 1 MAC 3

East

Site

1. Layer 2 lookup on the destination MAC. MAC 3 is reachable through IP B.

2. The Edge Device encapsulates the frame. 3. The transport delivers the packet to the

Edge Device on site East.

4. The Edge Device on site East receives and decapsulates the packet.

5. Layer 2 lookup on the original frame. MAC 3 is a local MAC.

6. The frame is delivered to the destination.

3

6

IP A IP B


单播模式OTV Adjacency Server Mode (邻居服务器模式)

1. One of the OTV Edge Devices (ED) is configured as an Adjacency Server (AS)*.

2. All EDs are configured to register to the AS: send their site-id and IP address.

3. The AS builds a list of neighbor IP addresses: overlay Neighbor List (oNL).

4. The AS unicasts the oNL to every neighbor.

5. Each node unicasts hellos and updates to every neighbor in the oNL.

IP A

Site 1

Site 2 Site 3

Site 4 Site 5

Unicast-Only

Transport

IP B IP C

IP D IP E Adjacency Server Mode

oNL Site 1, IP A Site 2, IP B Site 3, IP C Site 4, IP D Site 5, IP E

* A redundant pair may be configured


Agenda



Overview

Terminology


Failure Isolation

Multi-Home



L2

L3

OTV OTV

Spanning Tree 和 OTV 站点独立 OTV是站点透明设计：对STP的拓扑结构没有变化.

每个站点都保持其自身的STP设计.

这个是OTV内置的功能，无需额外配置.

Edge Device只在Internal Interfaces发送和接受BPUD，参与STP.

The BPDUs stop here

The BPDUs stop here


L2

L3

OTV OTV

未知单播和OTV 未知单播不会在不同的DC之间泛洪 OTV不会通过overlay接口，以泛洪的机制学习MAC地址.

OTV不会在overlay接口上转发未知单播数据帧。这是OTV内置的功能，不需要额外配置。

这些情况基于一个假设：接入终端不存在单向数据流或费对称数据流.

MAC TABLE

VLAN MAC IF

100 MAC 1 Eth1

100 MAC 2 IP B

- - -

MAC 1 MAC 3

No MAC 3 in the MAC Table


控制 ARP 流量 ARP 邻居发现 (ND:Neighbor-Discovery) 缓存

每个OTV的Edge Devices均通过侦听ARP回复数据来维护一个ARP缓存表.

第一个ARP请求将广播到所有站点，但以后同样的ARP请求丢将由Edge Devices本地回复.

跨越多个站点的ARP数据流将大幅减少.

Transport

Infrastructure

OTV

OTV

ARP Cache

MAC 1 IP A

MAC 2 IP B

ARP reply

2

First ARP

request (IP A)

1 Snoop & cache ARP reply

3

Subsequent ARP requests

(IP A)

4 ARP reply on behalf of

remote server (IP A)

5


Agenda



Overview

Terminology


Failure Isolation

Multi-Home



OTV对多宿主支持基于VLAN的AED

OTV提供了一个无环路的多宿主选择机制，自动为每站点的每一个VLAN选择一个“指定转发设备”.

“指定转发设备”我们叫做“授权边缘设备” Authoritative Edge Device (AED).

对于站点多宿主的探测是完全自动的，不需要额外的协议和配置.

OTV将针对一组VLAN选举一个Edge Devices作为AED，站点内的Edge Devices通过“OTV site-vlan”发现对方

AED的作用：

针对VLAN的MAC地址通告

转发对应VLAN的数据

OTV

OTV

AED

Internal peering for AED election


OTV对多宿主支持基于VLAN的负载均衡

AED是基于每站点，每VLAN的选举关系.

同一站点内所有VLAN将由不同的OTV Edge Devices承担.

在一个双归属的站点上，通过内置的算法决定AED(可以手动配置*):

Lower IS-IS System-ID (Ordinal 0) = 偶数VLANs

Higher IS-IS System-ID (Ordinal 1) =基数VLANs

Core

OTV

OTV

OTV

OTV

AED AED

AED AED

MAC TABLE

VLAN MAC IF

100 MAC 1 IP A

200 MAC 2 IP B IP A

IP B

*需要软件支持


Agenda



Overview

Terminology


Failure Isolation

Multi-Home



组播模式的OTV配置 OTV CLI Configuration (Multicast-enabled Transport)

interface Overlay0

otv join-interface Ethernet1/1

otv control-group 239.1.1.1

otv data-group 232.192.1.0/24

otv extend-vlan 100-150

otv site-vlan 99

Connects to the core. Used to join the Overlay network. Its IP address is used as source IP for the OTV encap

ASM/Bidir group in the core used for the OTV Control Plane.

SSM group range used to carry the site’s mcast traffic data.

Site VLANs being extended by OTV

VLAN used within the Site for communication between the site’s Edge Devices


组播模式OTV的配置只需要5行配置就能运行OTV*

*不包含组播配置


单播模式的OTV配置 OTV CLI Configuration (Unicast-Only Transport)

interface Overlay0

otv join-interface Ethernet1/1

otv adjacency-server

or otv use-adjacency-server 10.10.10.10

otv extend-vlan 100-150

otv site-vlan 99

Connect to the core. Used to join the core mcast groups. Their IP addresses are used as source IP for the OTV encap

Configures this Edge device as an Adjacency Server

Use a remote Edge Device as the Adjacency Server (mutually exclusive with the previous line)

Site VLANs being extended by OTV

VLAN used within the Site for communication between the site’s Edge Devices


单播模式OTV的配置只需要4行配置就能运行OTV*

*不包含路由配置


Thank you.

otv in ccie data center - clnchina.com.cn · ccie# 16691 rs/voice/sp/security/datacenter/wireless ....

Documents