It is easy to find design and configuration guides about OTV implementations on Nexus 7000 switches, ASR and CSR routers. But it is much harder to find some information about the requirements for your WAN.
Please read my previous blog posts about OTV here, here, here and here. I’ll cover the OTV device configurations in those posts. But for now, lets start with the DCI WAN for OTV.
First of all, there are two OTV deployment options:
- Unicast mode
- Multicast mode
The WAN requirements in unicast mode are simple: deliver unicast connectivity between the join interfaces of all OTV edge devices. This is just a simple straight forward configuration, I will not cover this in this blog post.
The multicast deployment is a bit harder to configure and requirements are less easier to find. This blog post will cover the required WAN configuration in a multicast deployment. In this particular scenario, we use dark fiber / DWDM connections as DCI to get a more clear understanding about the requirements and configuration.
First, a drawing to get a view on this deployment scenario:
OTV WAN multicast layout
This blog will provide you with the most easiest way to get your OTV multicast deployment up and running. There are some more finetune options available, but that will not be covered in this blog.
In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the 2nd post in the series.
Installation of the (virtual) WSA is straight forward. I’ll cover the most important and critical steps in a basic installation.
A hardware appliances has 5 interfaces, connect the required interface to your network:
- T1 + T2 (used for L4TM only)
- P1 + P2 (used for web proxy)
- M1 (management or web proxy)
The virtual appliance is downloadable as a OVF file. Import the OVF file into you VMWare servers with the specifications as described in the previous blog post.
Your first basic installation starts with connecting to the M1 port and browse to: http://192.168.42.42:8080 and login with these default credentials:
- username: admin
- password: ironport
You can also connect with SSH with the same login credentials. Start the interface config with the interfaceonfig command:
- Run edit command
- enter number 1
- Enter IP address, netmaks and hostname.
Select the M1 interface and enter the IP of the default gateway.
Don’t forget to commit the changes with the commit command. This is only needed for CLI configuration.
And the WSA appliance is up and running!