Cisco Overlay Transport Virtualization

Cisco Overlay Transport Virtualization (OTV) is a MAC-in-IP method that provides a Layer 2 LAN extension over Layer 2, Layer 3, or label-switched Multiprotocol Label Switching–based networks. OTV provides Layer 2 connectivity between remote network sites by using MAC address-based routing and IP-encapsulated forwarding across a transport network to provide support for applications that require Layer 2 adjacency, such as clusters and virtualization. OTV is deployed on the edge devices in each site. OTV requires no other changes to the sites or the transport network.

OTV uses the following terms:

• Edge device: An edge device performs typical Layer 2 learning and forwarding on the site-facing interfaces (internal interfaces) and performs IP-based virtualization on the transport-facing interfaces. The edge device capability can be colocated in a device that performs Layer 2 and Layer 3 functionality. OTV functionality only occurs in an edge device. A given edge device can have multiple overlay interfaces. You can also configure multiple edge devices on a site.
• Authoritative edge device: OTV provides loop-free multihoming by electing a designated forwarding device per site for each VLAN. This forwarder is known as an authoritative edge device (AED). The edge devices at the site communicate with each other on the internal interfaces to elect the AED.
• Transport network: The network that connects OTV sites. This network can be customer managed, provided by a service provider, or a mix of both.
• Join interface: One of the uplink interfaces of the edge device. The join interface is a point-to-point routed interface. The edge device joins an overlay network through this interface. The IP address of this interface is used to advertise reachability of a MAC address present in this site.
• Internal interface: The Layer 2 interface on the edge device that connects to the VLANs that are to be extended. These VLANs typically form a Layer 2 domain known as a site and can contain site-based switches or site-based routers. The internal interface is a Layer 2 access or trunk interface regardless of whether the internal interface connects to a switch or a router.
• MAC routing: Associates the destination MAC address of the Layer 2 traffic with an edge device IP address. The MAC-to-IP association is advertised to the edge devices through the OTV control-plane protocol. In MAC routing, MAC addresses are reachable through the IP address of a remote edge device on the overlay network. Layer 2 traffic destined to a MAC address is encapsulated in an IP packet based on the MAC-to-IP mapping in the MAC table.
• Overlay interface: A logical multi-access, multicast-capable interface. The overlay interface encapsulates Layer 2 frames in IP unicast or multicast headers.
• Overlay network: A logical network that interconnects remote sites for MAC routing of Layer 2 traffic. The overlay network is composed of multiple edge devices.
• Site: A Layer 2 network that may be single-homed or multihomed to the transport network and the OTV overlay network. Layer 2 connectivity between sites is provided by edge devices that operate in an overlay network. Layer 2 sites are physically separated from each other by the transport network.
• Site VLAN: OTV sends local hello messages on the site VLAN to detect other OTV edge devices in the site and uses the site VLAN to determine the authoritative edge device for the OTV-extended VLANs. VLAN 1 is the default site VLAN. It is recommended to use a dedicated VLAN as a site VLAN. You should ensure that the site VLAN is active on at least one of the edge device ports and that the site VLAN is not extended across the overlay.

Figure 7-6 shows various OTV interfaces.

  

Figure 7-6 OTV Interfaces

OTV builds Layer 2 reachability information by communicating between edge devices with the overlay protocol. The overlay protocol forms adjacencies with all edge devices. Once each edge device is adjacent with all its peers on the overlay, the edge devices share MAC address reachability information with other edge devices that participate in the same overlay network.

OTV offers unicast and multicast as transports between sites. For a small number of sites such as two or three sites, unicast works just fine without losing any features or functions. In unicast-only transport, edge devices register with an adjacency server (AS) edge device and receive a full list of neighbors (oNL) from the AS. An edge device can be manually configured to act as an AS edge device. OTV hellos and updates are encapsulated in IP and unicast to each neighbor. Figure 7-7 illustrates the neighbor discovery process over unicast-only transport.

   

Figure 7-7 Neighbor Discovery (over Unicast-only Transport)

Multicast is the preferred transport because of its flexibility and smaller overhead when communicating with multiple sites. In multicast transport, one multicast address (the control-group address) is used to encapsulate and exchange OTV control-plane protocol updates. Each edge device that participates in the particular overlay network shares the same control-group address with all the other edge devices. As soon as the control-group address and the join interface are configured, the edge device sends an IGMP report message to join the control group. The edge devices act as hosts in the multicast network and send multicast IGMP report messages to the assigned multicast group address. Figure 7-8 illustrates the neighbor discovery process over multicast transport.

  

Figure 7-8 Neighbor Discovery (over Multicast Transport)

As in traditional link-state routing protocols, edge devices exchange OTV control-plane hellos to build adjacencies with other edge devices in the overlay network. Once the adjacencies are established, OTV control-plane link-state packets (LSPs) communicate MAC-to-IP mappings to the adjacent devices. These LSPs contain the IP address of the remote edge device, the VLAN IDs, and the learned MAC addresses that are reachable through that edge device.

Edge devices participate in data-plane learning on internal interfaces to build up the list of MAC addresses that are reachable within a site. OTV sends these locally learned MAC addresses in the OTV control-plane updates to remote sites.

When an edge device receives a Layer 2 frame on an internal interface, OTV performs the MAC table lookup based on the destination address of the Layer 2 frame. If the frame is destined to a MAC address that is reachable through another internal interface, the frame is forwarded out on that internal interface. OTV performs no other actions, and the processing of the frame is complete.

If the frame is destined to a MAC address that was learned over an overlay interface, OTV performs the following tasks, as illustrated in Figure 7-9:

  

Figure 7-9 OTV Encapsulation

Strips off the preamble and frame check sequence (FCS) from the Layer 2 frame.

Adds an OTV shim header to the Layer 2 frame and copies the 802.1Q information into the OTV shim header. The outer OTV shim header contains the VLAN, overlay number, and so on.

Adds the IP address to the packet, based on the initial MAC address table lookup. This IP address is used as a destination address for the IP packet that is sent into the core switch. In the process, 42 bytes of overhead to the packet IP MTU size is added for IPv4 packet.

OTV traffic appears as IP traffic to the network core. At the destination site, the edge device performs the reverse operation and presents the original Layer 2 frame to the local site. That edge device determines the correct internal interface to forward the frame on, based on the local MAC address table.

In Figure 7-10, the west site communicates with the east site over the overlay network. Edge Device 1 receives the Layer 2 frame from MAC1, which belongs to Server 1, and looks up the destination MAC address, MAC3, in the MAC table. The edge device encapsulates the Layer 2 frame in an IP packet with the IP destination address set for Edge Device 3 (IP B). When Edge Device 3 receives the IP packet, it strips off the IP header and sends the original Layer 2 frame onto the VLAN and port that MAC3 is connected to.

  

Figure 7-10 MAC Routing