OSPF Sham-link for VPN Sites Configuration
This feature is to ensure that the OSPF Client sites that share a backdoor link can communicate over the MPLS VPN backbone and participate in VPN services.
Suppose that there are two sites in same OSPF area and each of them is attached to a different PE router, and there is also an intra-area ospf backdoor link connecting the two sites. There will be routes between sites that go through the PE routers, but these routes will appear to be inter area routes, and OSPF will consider them less preferable than the intra-area routes through the backdoor link. To make a route through the backbone appear to be an intra-area route, it is necessary to make it appear as if there is an intra-area link connecting the two PE routers. Sham-links are those links routes the intra-area routes through the backbone.
Topology
OSPF SHAM-LINK FOR VPN SITES
Configuration
CE1
#configure terminal | Enter the Configure mode. |
(config)#interface lo | Enter interface mode |
(config-if)#ip address 1.1.1.1/32 secondary | Configure the IP address of the interface loopback |
(config-if)#exit | Exit interface mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe4 | Enter interface mode |
(config-if)#ip address 20.20.40.40/31 | Configure the IP address on the interface |
(config-if)# description to_pe1 | Adding Description to interface |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe24 | Enter interface mode |
(config-if)#ip address 20.20.40.42/31 | Configure the IP address on the interface |
(config-if)# description ospf backdoor | Adding Description to interface |
(config-if)# ip ospf cost 10 | Set the OSPF cost of this link |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router ospf 1 | Configure the routing process OSPF with process id |
(config-router)#network 1.1.1.1/32 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.40/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.42/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#exit | Exit from router ospf mode |
(config)# commit | Committing the configuration to apply in running configuration |
PE1
#configure terminal | Enter the Configure mode. |
(config)#interface lo | Enter interface mode |
(config-if)#ip address 2.2.2.2/32 | Configure the IP address of the interface loopback |
(config-if)#exit | Exit interface mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#ip vrf vrf1 | Create vrf1 |
(config-vrf)# description vrf1 | Adding description to vrf |
(config-vrf)#rd 100:1 | Specify the route distinguisher in the VRF |
(config-vrf)#route-target both 100:1 | Specify the import & export route target |
(config)# commit | Committing the configuration to apply in running configuration |
(config)# router ldp | Configure Router LDP instance |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe4 | Enter interface mode |
(config-if)# description to_ce1 | Adding description to interface |
(config-if)# ip vrf forwarding vrf1 | Associate the interface to vrf1 |
(config-if)#ip address 20.20.40.41/31 | Configure the IP address on the interface |
(config-if)#exit | Exit interface mode. |
(config)#interface xe10 | Enter interface mode |
(config-if)# description to_pe2 | Adding description to interface |
(config-if)#ip address 20.20.40.48/31 | Configure the IP address on the interface |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP process on interface |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)# interface lo.vrf1 | Enter interface mode |
(config-if)# ip vrf forwarding vrf1 | Associate the interface to vrf1 |
ip address 11.11.11.11/32 secondary | Configure the IP address on the interface |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router ospf 1 vrf1 | Associate the ospf process with vrf1. |
(config-router)# redistribute bgp | Redistribute BGP into OSPF. |
(config-router)#network 20.20.40.40/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)# area 0.0.0.2 sham-link 11.11.11.11 22.22.22.22 cost 5 | Configuring Sham-link between PE routers with cost 5. |
(config-router)#exit | Exit from router ospf mode |
(config)#router ospf 100 | Configure the routing process OSPF with process id |
(config-router)#network 2.2.2.2/32 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.48/31 area 0 | Define the interface on which OSPF runs, and associate the area ID (0) with the interface (area ID 0 specifies the backbone area). |
(config-router)#exit | Exit from router ospf mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router bgp 100 | Enter Router BGP mode |
(config-router)#neighbor 3.3.3.3 remote- | |
as 100 | Add loopback ip of ABR2 as neighbor with neighbor AS |
(config-router)#neighbor 3.3.3.3 update- source 2.2.2.2 | Update the source for that particular neighbor as loopback interface |
(config-router)#address-family vpnv4 unicast | Enter into vpnv4 unicast address family |
(config-router-af)#neighbor 3.3.3.3 activate | Activate the neighbor inside vpnv4 address family |
(config-router-af)#exit-address-family | Exit from address family vpnv4 |
(config-router)# address-family ipv4 vrf vrf1 | Enter into vrf address family |
(config-router-af)# network 11.11.11.11/32 | Advertise a route via iBGP connection. |
(config-router-af)#redistribute ospf 1 | Redistribute ospf routes into bgp |
(config-router-af)#exit-address-family | Exit from address family vpnv4 |
(config-router)#exit | Exit from router BGP mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#end | Exit from config mode into privilege mode |
PE2
#configure terminal | Enter the Configure mode. |
(config)#interface lo | Enter interface mode |
(config-if)#ip address 3.3.3.3/32 | Configure the IP address of the interface loopback |
(config-if)#exit | Exit interface mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#ip vrf vrf1 | Create vrf1 |
(config-vrf)# description vrf1 | Adding description to vrf |
(config-vrf)#rd 100:1 | Specify the route distinguisher in the VRF |
(config-vrf)#route-target both 100:1 | Specify the import & export route target |
(config)# commit | Committing the configuration to apply in running configuration |
(config)# router ldp | Configure Router LDP instance |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe5 | Enter interface mode |
(config-if)# description to_ce2 | Adding description to interface |
(config-if)# ip vrf forwarding vrf1 | Associate the interface to vrf1 |
(config-if)# ip address 20.20.40.38/31 | Configure the IP address on the interface |
(config-if)#exit | Exit interface mode. |
(config)#interface xe10 | Enter interface mode |
(config-if)# description to_pe1 | Adding description to interface |
(config-if)#ip address 20.20.40.49/31 | Configure the IP address on the interface |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP process on interface |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)# interface lo.vrf1 | Enter interface mode |
(config-if)# ip vrf forwarding vrf1 | Associate the interface to vrf1 |
ip address 22.22.22.22/32 secondary | Configure the IP address on the interface |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router ospf 1 vrf1 | Associate the ospf process with vrf1. |
(config-router)# redistribute bgp | Redistribute BGP into OSPF. |
(config-router)#network 20.20.40.38/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)# area 0.0.0.2 sham-link 22.22.22.22 11.11.11.11 cost 5 | Configuring Sham-link between PE routers with cost 5. |
(config-router)#exit | Exit from router ospf mode |
(config)#router ospf 100 | Configure the routing process OSPF with process id |
(config-router)#network 3.3.3.3/32 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.48/31 area 0 | Define the interface on which OSPF runs, and associate the area ID (0) with the interface (area ID 0 specifies the backbone area). |
(config-router)#exit | Exit from router ospf mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router bgp 100 | Enter Router BGP mode |
(config-router)#neighbor 2.2.2.2 remote-as 100 | Add loopback ip of ABR2 as neighbor with neighbor AS |
(config-router)#neighbor 2.2.2.2 update- source 3.3.3.3 | Update the source for that particular neighbor as loopback interface |
(config-router)#address-family vpnv4 unicast | Enter into vpnv4 unicast address family |
(config-router-af)#neighbor 2.2.2.2 activate | Activate the neighbor inside vpnv4 address family |
(config-router-af)#exit-address-family | Exit from address family vpnv4 |
(config-router)# address-family ipv4 vrf vrf1 | Enter into vrf address family |
(config-router-af)# network 22.22.22.22/32 | Advertise a route via iBGP connection. |
(config-router-af)#redistribute ospf 1 | Redistribute ospf routes into bgp |
(config-router-af)#exit-address-family | Exit from address family vpnv4 |
(config-router)#exit | Exit from router BGP mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#end | Exit from config mode into privilege mode |
CE2
#configure terminal | Enter the Configure mode. |
(config)#interface lo | Enter interface mode |
(config-if)#ip address 4.4.4.4/32 secondary | Configure the IP address of the interface loopback |
(config-if)#exit | Exit interface mode |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe5 | Enter interface mode |
(config-if)#ip address 20.20.40.39/31 | Configure the IP address on the interface |
(config-if)# description to_pe2 | Adding Description to interface |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#interface xe7 | Enter interface mode |
(config-if)#ip address 20.20.40.43/31 | Configure the IP address on the interface |
(config-if)# description ospf backdoor | Adding Description to interface |
(config-if)# ip ospf cost 10 | Set the OSPF cost of this link |
(config-if)#exit | Exit interface mode. |
(config)# commit | Committing the configuration to apply in running configuration |
(config)#router ospf 1 | Configure the routing process OSPF with process id |
(config-router)#network 4.4.4.4/32 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.38/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#network 20.20.40.42/31 area 2 | Define the interface on which OSPF runs, and associate the area ID with the interface. |
(config-router)#exit | Exit from router ospf mode |
(config)# commit | Committing the configuration to apply in running configuration |
Validation
CE1
CE1#show ip ospf neighbor
Total number of full neighbors: 2
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
11.11.11.11 1 Full/Backup 00:00:34 20.20.40.41 xe4 0
4.4.4.4 1 Full/Backup 00:00:36 20.20.40.43 xe24 0
CE1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default "
C 1.1.1.1/32 is directly connected, lo, 00:08:20
O 4.4.4.4/32 [110/8] via 20.20.40.41, xe4, 00:01:48
O E2 11.11.11.11/32 [110/1] via 20.20.40.41, xe4, 00:01:48
O 20.20.40.38/31 [110/7] via 20.20.40.41, xe4, 00:01:48
C 20.20.40.40/31 is directly connected, xe4, 00:08:20
C 20.20.40.42/31 is directly connected, xe24, 00:08:20
O E2 22.22.22.22/32 [110/1] via 20.20.40.41, xe4, 00:02:22
C 127.0.0.0/8 is directly connected, lo, 00:13:50
Gateway of last resort is not set
PE1
PE1#show ip ospf neighbor
Total number of full neighbors: 2
OSPF process 1 VRF(vrf1):
Neighbor ID Pri State Dead Time Address Interface Instance ID
1.1.1.1 1 Full/DR 00:00:32 20.20.40.40 xe4 0
22.22.22.22 1 Full/ - 00:00:35 22.22.22.22 SLINK0
Total number of full neighbors: 1
OSPF process 100 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
3.3.3.3 1 Full/Backup 00:00:34 20.20.40.49 xe10 0
PE1#show ip ospf sham-links
Sham Link SLINK0 to destination 22.22.22.22 is up
area 0.0.0.2 source 11.11.11.11
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals , Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
No authentication
Adjacency state Full
PE1#show ip ospf sham-links brief
OSPF Process ID 1 VRF vrf1
Total number of slinks: 1
Shamlink Name DestinationID SourceID Area Status
SLINK0 22.22.22.22 11.11.11.11 0.0.0.2 up
OSPF Process ID 100 VRF default
Total number of slinks: 0
Shamlink Name DestinationID SourceID Area Status
PE1#show ip bgp vpnv4 all summary
BGP router identifier 2.2.2.2, local AS number 100
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 100 16 17 2 0 0 00:03:49 4
Total number of neighbors 1
Total number of Established sessions 1
PE1#show ldp session
Peer IP Address IF Name My Role State KeepAlive UpTime
3.3.3.3 xe10 Passive OPERATIONAL 30 00:03:39
PE1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 2.2.2.2/32 is directly connected, lo, 00:05:56
O IA 3.3.3.3/32 [110/2] via 20.20.40.49, xe10, 00:04:24
C 20.20.40.48/31 is directly connected, xe10, 00:05:56
C 127.0.0.0/8 is directly connected, lo, 00:16:19
Gateway of last resort is not set
PE2
PE2#show ip ospf neighbor
Total number of full neighbors: 2
OSPF process 1 VRF(vrf1):
Neighbor ID Pri State Dead Time Address Interface Instance ID
4.4.4.4 1 Full/DR 00:00:31 20.20.40.39 xe5 0
11.11.11.11 1 Full/ - 00:00:36 11.11.11.11 SLINK0
Total number of full neighbors: 1
OSPF process 100 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
2.2.2.2 1 Full/DR 00:00:39 20.20.40.48 xe10 0
PE2#show ip bgp vpnv4 all summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 22 22 2 0 0 00:06:23 4
Total number of neighbors 1
Total number of Established sessions 1
PE2#show ip ospf sham-links
Sham Link SLINK0 to destination 11.11.11.11 is up
area 0.0.0.2 source 22.22.22.22
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals , Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
No authentication
Adjacency state Full
PE2#show ip ospf sham-links brief
OSPF Process ID 1 VRF vrf1
Total number of slinks: 1
Shamlink Name DestinationID SourceID Area Status
SLINK0 11.11.11.11 22.22.22.22 0.0.0.2 up
OSPF Process ID 100 VRF default
Total number of slinks: 0
Shamlink Name DestinationID SourceID Area Status
PE2#show ip bgp vpnv4 all summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 24 24 2 0 0 00:07:08 4
Total number of neighbors 1
Total number of Established sessions 1
PE2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O IA 2.2.2.2/32 [110/2] via 20.20.40.48, xe10, 00:07:32
C 3.3.3.3/32 is directly connected, lo, 00:07:52
C 20.20.40.48/31 is directly connected, xe10, 00:07:52
C 127.0.0.0/8 is directly connected, lo, 00:18:22
Gateway of last resort is not set
CE2
CE2#show ip ospf neighbor
Total number of full neighbors: 2
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
22.22.22.22 1 Full/Backup 00:00:38 20.20.40.38 xe5 0
1.1.1.1 1 Full/DR 00:00:35 20.20.40.42 xe7 0
CE2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 1.1.1.1/32 [110/8] via 20.20.40.38, xe5, 00:09:00
C 4.4.4.4/32 is directly connected, lo, 00:13:45
O E2 11.11.11.11/32 [110/1] via 20.20.40.38, xe5, 00:09:34
C 20.20.40.38/31 is directly connected, xe5, 00:13:45
O 20.20.40.40/31 [110/7] via 20.20.40.38, xe5, 00:09:00
C 20.20.40.42/31 is directly connected, xe7, 00:13:45
O E2 22.22.22.22/32 [110/1] via 20.20.40.38, xe5, 00:09:00
C 127.0.0.0/8 is directly connected, lo, 00:20:15
Gateway of last resort is not set