ASR 1000: OTV Multihoming Software Upgrade Best Practice
Available Languages
Contents
Introduction
This document describes the IOS upgrade order for a specific deployment Model of the Overlay Transport Virtualization (OTV) on ASR1000 Family in a multihoming design setup.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Basic Knowledge of the ASR 1000 Platform architecture
- Basic Knowledge of ASR1000 OTV Unicast Adjacency Server Configuration
- Basic knowledge of the Multihoming design
Components Used
The information in this document is based on the ASR 1001 with Cisco IOS®Versionasr1001-universalk9.03.10.03.S.153-3.S3-ext.bin.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Background Information
If possible, multihoming is always recommended because it adds another layer of redundancy and scalability. Note that the multihoming of Cisco ASR 1000 Series and other Cisco platforms within a single site is not supported.
Configure
Network Diagram
Configurations
Here is the configuration for both the routers on site A:
|
SITEA-ROUTER1#sh run Building configuration... otv site bridge-domain 1 otv isis hello-interval 3 ! otv fragmentation join-interface Port-channel19 otv site-identifier 0000.0000.0003 ! ! interface Port-channel19 description OTV Layer 3 to Distribution mtu 9216 ip address 10.23.1.124 255.255.255.248 no ip redirects load-interval 30 no negotiation auto ! interface Overlay1 description Overlay Network no ip address otv join-interface Port-channel19 otv vpn-name DRT-CDC_Overlay otv use-adjacency-server 172.31.1.212 unicast-only otv adjacency-server unicast-only otv isis hello-interval 3 service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/0 mtu 9216 no ip address negotiation auto cdp enable service instance 1 ethernet encapsulation dot1q 1 bridge-domain 1 ! service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! interface GigabitEthernet0/0/1 mtu 9216 no ip address negotiation auto cdp enable channel-group 19 mode active ! interface GigabitEthernet0/0/2 mtu 9216 no ip address negotiation auto cdp enable channel-group 19 mode active |
SITEA-ROUTER2#sh run Building configuration... otv site bridge-domain 1 otv isis hello-interval 3 ! otv fragmentation join-interface Port-channel20 otv site-identifier 0000.0000.0003 ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.255 ! interface Port-channel20 description OTV Layer 3 to Distribution mtu 9216 ip address 10.23.1.164 255.255.255.248 no ip redirects load-interval 30 no negotiation auto ! interface Overlay1 description Overlay Network no ip address otv join-interface Port-channel20 otv vpn-name DRT-CDC_Overlay otv use-adjacency-server 172.31.1.212 10.23.1.124 unicast-only otv isis hello-interval 3 service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/0 mtu 9216 no ip address negotiation auto cdp enable service instance 1 ethernet encapsulation dot1q 1 bridge-domain 1 ! service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/1 mtu 9216 no ip address negotiation auto cdp enable channel-group 20 mode active ! interface GigabitEthernet0/0/2 mtu 9216 no ip address negotiation auto cdp enable channel-group 20 mode active ! |
Here is the configuration for both the routers on site B:
|
SITEB-ROUTER1#SH RUN Building configuration... otv site bridge-domain 1 otv isis hello-interval 3 ! otv fragmentation join-interface Port-channel19 otv site-identifier 0000.0000.0002 ! interface Port-channel19 description OTV Layer 3 to Distribution mtu 9216 ip address 172.31.1.212 255.255.255.248 no ip redirects load-interval 30 no negotiation auto ! interface Overlay1 description Overlay Network with CDC no ip address otv join-interface Port-channel19 otv vpn-name DRT-CDC_Overlay otv adjacency-server unicast-only otv isis hello-interval 3 service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/0 mtu 9216 no ip address negotiation auto cdp enable service instance 1 ethernet encapsulation untagged bridge-domain 1 ! service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/1 mtu 9216 no ip address negotiation auto cdp enable channel-group 19 mode active ! interface GigabitEthernet0/0/2 mtu 9216 no ip address negotiation auto cdp enable channel-group 19 mode active |
SITEB-ROUTER2#SH RUN Building configuration... otv site bridge-domain 1 otv isis hello-interval 3 ! otv fragmentation join-interface GigabitEthernet0/0/0 otv fragmentation join-interface GigabitEthernet0/0/1 otv fragmentation join-interface GigabitEthernet0/0/2 otv fragmentation join-interface GigabitEthernet0/0/3 otv fragmentation join-interface Port-channel20 otv fragmentation join-interface Tunnel0 otv site-identifier 0000.0000.0002 ! interface Port-channel20 description OTV Layer 3 to Distribution mtu 9216 ip address 172.31.1.220 255.255.255.248 no ip redirects load-interval 30 no negotiation auto ! interface Overlay1 description Overlay Network with CDC no ip address otv join-interface Port-channel20 otv vpn-name DRT-CDC_Overlay otv use-adjacency-server 172.31.1.212 10.23.1.124 unicast-only otv isis hello-interval 3 service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/0 mtu 9216 no ip address negotiation auto cdp enable service instance 1 ethernet encapsulation untagged bridge-domain 1 ! service instance 6 ethernet encapsulation dot1q 6 bridge-domain 6 ! service instance 1011 ethernet encapsulation dot1q 1011 bridge-domain 1011 ! ! interface GigabitEthernet0/0/1 mtu 9216 no ip address negotiation auto cdp enable channel-group 20 mode active ! interface GigabitEthernet0/0/2 mtu 9216 no ip address negotiation auto cdp enable channel-group 20 mode active |
Verify
Use this section in order to confirm that your configuration works properly.
To verify if the set-up is working as configured you need the same basic commands you use for any OTV set up.
The list of outputs that are collected to verify the set up :
- Show otv
- Show otv adjacency
|
SITEA-ROUTER1#sh otv Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP AED Capable : Yes Join interface(s) : Port-channel19 Join IPv4 address : 10.23.1.124 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : Yes Adj Server Configured : Yes Prim/Sec Adj Svr(s) : 172.31.1.212 OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds |
SITEA-ROUTER2#sh otv de Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP AED Capable : Yes Join interface(s) : Port-channel20 Join IPv4 address : 10.23.1.164 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : No Adj Server Configured : Yes Prim/Sec Adj Svr(s) : 172.31.1.212/10.23.1.124 OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds |
|
SITEB-ROUTER1#sh otv de Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP AED Capable : Yes Join interface(s) : Port-channel19 Join IPv4 address : 172.31.1.212 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : Yes Adj Server Configured : No Prim/Sec Adj Svr(s) : None OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes |
SITEB-ROUTER2#sh otv de Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP AED Capable : Yes Join interface(s) : Port-channel20 Join IPv4 address : 172.31.1.220 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : No Adj Server Configured : Yes Prim/Sec Adj Svr(s) : 172.31.1.212/10.23.1.124 OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds |
Troubleshoot
This section provides information you can use in order to troubleshoot your configuration.
SITEA-ROUTER1 is the primary Authoritative Edge Device (AED) for SITE A and SITEB-ROUTER1 is the primary AED for SITE B.
You upgrade the active AED on site B and backup AED on site A fromasr1001-universalk9.03.10.03.S.153-3.S3-ext.bin to asr1001-universalk9.03.16.03.S.155-3.S3-ext.bin.
The devices were upgraded successfully but these were the issues that were seen after the upgrade:
- OTV Adjacency went down
- AED Capable state changed to NO and overlay neighbor version mismatch message was seen
- Configured VLANS went into inactive(NFC) Not Forward Capable state.
- inter-DC & intra-DC communication stopped completely
|
Primary/active AED on SITEB SITEB-ROUTER1#sh otv de Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP Fwd-capable : No Fwd-ready : No AED-Server : No AED Capable : No, overlay neighbor version mismatch Join interface(s) : Port-channel19 Join IPv4 address : 172.31.1.212 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : Yes Adj Server Configured : No Prim/Sec Adj Svr(s) : None OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds SITEB-ROUTER1##sh otv vl Key: SI - Service Instance, NA - Non AED, NFC - Not Forward Capable. Overlay 1 VLAN Configuration Information Inst VLAN BD Auth ED State Site If(s) 0 6 6 - inactive(NFC) Gi0/0/0:SI6 0 186 186 - inactive(NFC) Gi0/0/0:SI186 0 1011 1011 - inactive(NFC) Gi0/0/0:SI1011 0 1030 1030 - inactive(NFC) Gi0/0/0:SI1030 Total VLAN(s): 4 |
Secondary/backup AED on SITEA SITEA-ROUTER2#sh otv Overlay Interface Overlay1 VPN name : DRT-CDC_Overlay VPN ID : 1 State : UP Fwd-capable : No Fwd-ready : No AED-Server : No AED Capable : No, overlay neighbor version mismatch Join interface(s) : Port-channel20 Join IPv4 address : 10.23.1.164 Tunnel interface(s) : Tunnel0 Encapsulation format : GRE/IPv4 Site Bridge-Domain : 1 Capability : Unicast-only Is Adjacency Server : No Adj Server Configured : Yes Prim/Sec Adj Svr(s) : 172.31.1.212/10.23.1.124 OTV instance(s) : 0 FHRP Filtering Enabled : Yes ARP Suppression Enabled : Yes ARP Cache Timeout : 600 seconds SITEA-ROUTER2#sh otv vlan Key: SI - Service Instance, NA - Non AED, NFC - Not Forward Capable. Overlay 1 VLAN Configuration Information Inst VLAN BD Auth ED State Site If(s) 0 6 6 - inactive(NFC) Gi0/0/0:SI6 0 186 186 - inactive(NFC) Gi0/0/0:SI186 0 1011 1011 - inactive(NFC) Gi0/0/0:SI1011 Total VLAN(s): 3 |
This issue basically occurs since ISIS which runs at the backend has seen many changes to facilitate OTV Fast Convergence (FC). Hence, images which are pre FC and post FC will not work together.
In releases pre FC: the AED election runs in parallel, independently on each Edge Device (ED) in the site. Since the AED election is triggered independently and is uncoordinated among the multiple edge devices in the site, a short wait period of blackholing is required to ensure that two or more edge devices are not simultaneously AED and hence forwarding traffic for the same VLAN. This introduces a convergence delay when there are failures at an ED that is AED for some VLANs.
In addition, OTV traffic convergence upon an AED failure is dependent on the new AED at the site learning the local routing information and advertising the same to the remote sites. This dependency introduces delays that are non-deterministic and is also impacted by the scale of the routing databases. It is required to minimize the loss of existing traffic flows when there is a failure event on the edge devices to provide faster convergence of OTV deployed networks in such scenarios.
It is highly recommended that both ED’s which participate in OTV DC be on the same image. If we wish to upgrade to a different train it is recommended to bring the overlay interfaces down and upgrade all the four devices simultaneously and then after the upgrade bring the overlay interface up and adjacency will be established.
Feedback