February 16, 2010, 8:44 AM — The one problem with LANs is that they're, well, local. A LAN doesn't traditionally extend beyond the physical boundaries of a data center, or at least a corporate campus. For many applications and services this isn't a problem, and WAN connectivity between data centers and campuses does the job just fine. However, not all services are created equal, and certain functions simply can't be pushed through a traditional routed WAN. For instance, you can't migrate a running VM from one data center to another and have it maintain network connectivity.
Or can you?
Last week, Cisco walked me through a demonstration of Cisco OTV (Overlay Transport Virtualization), a novel approach to connecting remote data centers at layer 2 while skipping some of the pitfalls normally associated with such an endeavor. The tech is deceptively simple -- elegant, in fact -- but as with any cutting edge technology, there are some gotchas.
[ If you could design a blade server system entirely from scratch, it might look a whole lot like Cisco's Unified Computing System. See "How Cisco reinvents the data center" and "InfoWorld review: Cisco UCS wows." ]
At its core, Cisco OTV is simply a way for far-flung Cisco Nexus 7000 switches to share MAC address tables. Normally, if you have two or three data centers, for example, each exists as a layer-2 island with its own set of VLANs, spanning-tree, and so forth. Extending one of those networks into another data center generally runs into issues related to broadcast storms, spanning-tree loops, and other problems that aren't generally at issue within a local switched LAN but can be disastrous if propagated across expensive and lower-bandwidth WAN links. In short, it's generally more trouble than it's worth. That's where OTV comes in.
No LAN is an islandThe implementation is quite simple: A switch running at each data center has a trunked interface to the local switched LAN and plays on all VLANs relevant to the data center extension. On the other side is a link to the WAN transport to all of the other data centers. That WAN link could conceivably be any flavor, but it will need to be OC-12 or better to make good use of OTV. With a few commands, a pseudo interface is created on the switch, and a group access address range is specified. At that point, the switch begins receiving MAC table updates from the other participating switches and transmitting its own. It also then begins responding to requests for remote MAC addresses it's learned on the local LAN segment, essentially proxying those addresses.
