vpn Overlay 0 or vpn Overlay 1
Hi all,
I have gone through the guide of filter hsrp hello and mac address from Cisco website as below:
T_N7K1-OTV#
**VACL Filter**
ip access-list ALL_IPs
10 permit ip any any
ip access-list HSRP_IP
10 permit udp any 224.0.0.2/32 eq 1985
20 permit udp any 224.0.0.102/32 eq 1985
vlan access-map HSRP_Localization 10
match ip address HSRP_IP
action drop
vlan access-map HSRP_Localization 20
match ip address ALL_IPs
action forward
vlan filter HSRP_Localization vlan-list 10
**OTV MAC route filter**
mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 20 deny 0000.0c9f.f000 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 30 permit 0000.0000.0000 0000.0000.0000
route-map OTV_HSRP_filter permit 10
match mac-list OTV_HSRP_VMAC_deny
otv-isis default
vpn Overlay0
redistribute filter route-map OTV_HSRP_filter
My question is in Brain's video, we could see vpn Overlay 0 and vpn Overlay 1 under otv-isis default, what's the difference between these two ? And why we would apply the filter under vpn Overlay 0 in this case ?
Cheers!
JF
Comments
The reason why we apply the filter to the ISIS portion of the OTV configuration is explained here:
http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI_1.html#wp1220161
The VPN name is the Overlay interface name.
We can have more than one Overlay interface, on of the purposes is to have load-balacing. This is mentioned here:
http://docwiki.cisco.com/wiki/Nexus_7000_-_OTV_-_Design_and_Configuration_Example
Antonio Soares, CCIE #18473 (RS/SP/DC)
[email protected]
http://www.ccie18473.net
in Brain's course, each OTV VDC only has got one interface otv, but why under otv isis default, there are vpn overlay 0 and vpn overlay 1 ???
In which course did you see that ? Was it in the Implementing Nexus ?
Antonio Soares, CCIE #18473 (RS/SP/DC)
[email protected]
http://www.ccie18473.net
I just noticed that even without a valid OTV configuration, when we enter the vpn keyword under the otv isis-default section, the vpn names will remain there:
N7K-1# sh run otv
!Command: show running-config otv
!Time: Tue Jun 25 14:53:26 2013
version 5.1(2)
feature otv
otv-isis default
vpn 0
vpn 1
vpn abc
vpn cde
N7K-1#
So maybe Brian just entered the vpn 0 then the vpn 1...
Antonio Soares, CCIE #18473 (RS/SP/DC)
[email protected]
http://www.ccie18473.net
Jack-.-
"Antonio Soares" <[email protected]> ? 2013-6-26 ??1:24 ??:
Jack-.-
"Antonio Soares" <[email protected]> ? 2013-6-26 ??1:24 ??:
Just match it up with whatever Overlay interface you created. If you created Overlay1, you just add:
otv-isis default
vpn Overlay1
redistribute filter route-map RMAP
or, if you have configured a name of your own in the Overlay interface using "otv vpn-name ABC":
otv-isis default
vpn ABC
redistribute filter route-map RMAP
/Mark
By default the vpn name is the name of the interface:
N7K-1# sh otv
OTV Overlay Information
Overlay interface Overlay0
VPN name : Overlay0
VPN state : DOWN (join i/f state down)
Extended vlans : 100-199 (Total:100)
Control group : 239.1.1.1
Data group range(s) : 232.1.1.0/28
Join interface(s) : Eth2/1 (10.0.0.1)
Site vlan : 1 (down)
N7K-1#
As already mentioned, you can change the name with the "otv vpn-name" command:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/otv/command/reference/basics_otv_cmds.html#wp2083440
Antonio Soares, CCIE #18473 (RS/SP/DC)
[email protected]
http://www.ccie18473.net
Cool, I got it.
Cheers!
Thanks !