Cisco OTV not AED Capable – Site VLAN Down – VLAN State Inactive

Setting up basic OTV is fairly simple from the configuration point of view (4 lines of code). But if we forget the workflow we may end up stuck and not forwarding traffic. What I’m talking about is AED election for example.

OTV provies loop-free multi-homing by electing a designated forwarding device per site for each VLAN.  This process is called Authoritative Edge Device (AED). The key to remember is that edge devices will have the election/communicate on the Internal Interface of the OTV.

aed-peering
Source Cisco

The election/communication happens via something called Site VLAN. OTV sends local hello messages on the site VLAN to detect other OTV edge devices. Site VLAN is typically dedicated VLAN for that transport (not required but recommended).  If that communication fails this could be the reason why the OTV adjacencies may be up (L3 reachability is there) but OTV device may not be ready to forward traffic.

N7K1(config-if)# sh otv

OTV Overlay Information
Site Identifier 0000.0000.0001
Encapsulation-Format ip – gre

Overlay interface Overlay1

VPN name : Overlay1
VPN state : UP
Extended vlans : 10 (Total:1)
Control group : 231.1.1.1
Data group range(s) : 232.1.1.0/28
Broadcast group : 231.1.1.1
Join interface(s) : Eth1/1 (192.168.100.1)
Site vlan : 192 (down)
AED-Capable : No (Site-VLAN is Down)
Capability : Multicast-Reachable

N7K1(config-if)# sh otv vlan 10

OTV Extended VLANs and Edge Device State Information (* – AED)

Legend:
(NA) – Non AED, (VD) – Vlan Disabled, (OD) – Overlay Down
(DH) – Delete Holddown, (HW) – HW: State Down
(NFC) – Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay
—- ———————————– ———————- ——-
10 inactive(NA) Overlay1

 

Couple things you can double check. Reference based on the Diagram 1

otv-diag1
OTV Diagram 1 – Internal Interfaces using dot1q. Single AEDs.

First, verify L3 reachability between edge devices on different site(L3 Interf i.e.:

!Traffic test from Site1 going to Site2 
N7K1(config-if)# ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2): 56 data bytes
64 bytes from 192.168.100.2: icmp_seq=0 ttl=254 time=1.093 ms
64 bytes from 192.168.100.2: icmp_seq=1 ttl=254 time=0.89 ms

Verifying underline configuration:

N7K1(config-if)# sh run otv

version 8.2(1)
feature otv

otv site-vlan 192

interface Overlay1
otv join-interface Ethernet1/1
otv control-group 231.1.1.1
otv data-group 232.1.1.0/28
otv extend-vlan 10
no shutdown
otv site-identifier 0000.0000.0001

N7K1(config-if)# sh run vlan

vlan 1,10,192
vlan 1,10
vlan 192
name otv-site-id


N7K2(config-if)# sh run otv
feature otv

otv site-vlan 192

interface Overlay1
otv join-interface Ethernet1/1
otv control-group 231.1.1.1
otv data-group 232.1.1.0/28
otv extend-vlan 10
no shutdown
otv site-identifier 0000.0000.0002

N7K2(config-if)# sh run vlan

vlan 1,10,192
vlan 1,10
vlan 192
name otv-site-id

From the config above we can see both sites are configured properly (site-vlan, site-identifier, joint-interface, extended vlan). But what we didn’t check is the ingress interfaces or Internal Interfaces down to L2 fabric. Again, if the election fails even though the OTV adjacency is up the traffic won’t be forwarded.

Let’s verify internal interfaces configuration:

N7K1(config-if)# sh run int e1/3

interface Ethernet1/3
switchport
switchport mode trunk
switchport trunk allowed vlan 10
no shutdown


N7K2(config-if)# sh run int e1/4

interface Ethernet1/4
switchport
switchport mode trunk
switchport trunk allowed vlan 10,192
no shutdown

This is where my problem resides. On Site2 we are tagging site-vlan (192) down via internal interface where on Site1 we are only tagging extended vlan.

Lets see the state again before adding tag and after adding site-vlan to the trunk:

N7K1(config-if)# sh otv vlan 10

OTV Extended VLANs and Edge Device State Information (* – AED)

Legend:
(NA) – Non AED, (VD) – Vlan Disabled, (OD) – Overlay Down
(DH) – Delete Holddown, (HW) – HW: State Down
(NFC) – Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay
—- ———————————– ———————- ——-
10 inactive(NA) Overlay1

N7K1(config-if)# int e1/3 ; switchport trunk allowed vlan add 192 ; shut ; no shut ; exit

N7K1(config)# sh otv vlan 10

OTV Extended VLANs and Edge Device State Information (* – AED)

Legend:
(NA) – Non AED, (VD) – Vlan Disabled, (OD) – Overlay Down
(DH) – Delete Holddown, (HW) – HW: State Down
(NFC) – Not Forward Capable

VLAN Auth. Edge Device Vlan State Overlay
—- ———————————– ———————- ——-
10 inactive(244 s left) Overlay1

As you could see as soon as site-vlan was added to the internal interface the 240 second timer started.  Remember, 240 seconds is a standard that is being used to ensure we have all the internal components states correctly converged for the OTV features. This is not applicable for failover between AEDs but only new adjacency.

Once the time is done OTV should be back operational and MAC address learning will start.

N7K1(config)# sh otv

OTV Overlay Information
Site Identifier 0000.0000.0001
Encapsulation-Format ip – gre

Overlay interface Overlay1

VPN name : Overlay1
VPN state : UP
Extended vlans : 10 (Total:1)
Control group : 231.1.1.1
Data group range(s) : 232.1.1.0/28
Broadcast group : 231.1.1.1
Join interface(s) : Eth1/1 (192.168.100.1)
Site vlan : 192 (up)
AED-Capable : Yes
Capability : Multicast-Reachable

N7K1(config)# sh mac address-table
Note: MAC table entries displayed are getting read from software.
Use the ‘hardware-age’ keyword to get information related to ‘Age’

Legend:
* – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC
age – seconds since last seen,+ – primary entry using vPC Peer-Link, E – EVPN entry
(T) – True, (F) – False , ~~~ – use ‘hardware-age’ keyword to retrieve age info
VLAN/BD MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
———+—————–+——–+———+——+—-+——————
G – 68bd.abd7.6042 static – F F sup-eth1(R)
O 10 001b.2188.8075 dynamic – F F Overlay1
* 10 001b.218d.3d98 dynamic ~~~ F F Eth1/3

Thanks,

Bart

 

References:

Tags:, ,

Add a Comment

Your email address will not be published. Required fields are marked *