UNDERSTAND & CONFIGURE OSPF SHAM-LINKS

In some cases where Providers deliver MPLS links to customer locations , OSPF may be used as CE-PE routing protocol.

PE router connected to the CE router collects all the routes in a VRF routing table based on the VRF applied to the incoming interface. These routes are then propagated across other PEs using MP-BGP. Further, routes reach the remote CE after being redistributed from BGP into OSPF process running between CE and PE for a specific VRF.

When OSPF routes are propagated over the MPLS VPN backbone, additional information about the prefix in the form of BGP extended communities (route type, domain ID extended communities) is appended to the BGP update. This community information is used by the receiving PE router to decide the type of link-state advertisement (LSA) to be generated when the BGP route is redistributed to the OSPF PE-CE process. In this way, internal OSPF routes that belong to the same VPN and are advertised over the VPN backbone are seen as inter-area routes on the remote sites.

If the two CEs aren’t peering over OSPF the only path to reach from CE1 to CE2 is via MPLS VPN backbone. However if there happens to be a OSPF neighborship between the two CEs then the traffic would directly flow across the directly connected link between the two CEs ignoring the path via MPLS VPN backbone which will act only as a backup in this case.

Reason for such behavior is obvious that the route from direct connection over OSPF link between CE1-CE2 is intra-area route, and route received from MPLS backbone is inter-area route and keeping in mind the OSPF route selection the intra-area route is always preferred over the inter-area route.

WE CAN OVERCOME THIS BEHAVIOR WITH THE USE OF OSPF SHAM-LINKS.

By using OPSF sham-link a virtual link is created between the two PEs allowing them to appear as a point-point link between OSPF.

These links are able to fool/trick routers in the OSPF domain that this is a better path thus preserving the LSAs as type 1 or type 3.

Sham-Link can be created using two loopbacks on the respective devices advertised into the BGP address family that corresponds with the customer VRF.

COMMAND SYNTAX FOR SHAM LINK IS AS BELOW –

Area area-id sham-link source-address destination-address cost number

We are using OSPF process 2 inside provider backbone and OSPF process 1 is being used between the CE and PE.

When the backdoor link is not enabled between the CE1 and CE2 the path followed from CE1 to CE2 is via MPLS backbone as shown below –

R1#sh ip route 9.9.0.5

Routing entry for 9.9.0.5/32Known via “ospf 1”, distance 110, metric 3, type inter area

Last update from 9.9.12.2 on FastEthernet0/0, 00:00:10 ago

Routing Descriptor Blocks:

* 9.9.12.2, from 9.9.12.2, 00:00:10 ago, via FastEthernet0/0 #Known via R2#

Route metric is 3, traffic share count is 1

R1#traceroute 9.9.0.5 source 9.9.0.1

Type escape sequence to abort.Tracing the route to 9.9.0.5

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.12.2 16 msec 20 msec 20 msec

2 9.9.23.3 [MPLS: Labels 17/16 Exp 0] 96 msec 56 msec 76 msec

3 9.9.45.4 [MPLS: Label 16 Exp 0] 84 msec 80 msec 56 msec

4 9.9.45.5 56 msec 76 msec 116 msec

 

NOW WE WILL ENABLE THE OSPF BACKDOOR LINK BETWEEN CE1 AND CE2.

We see in the routing table the route for R5’s loopback 9.9.0.5 on R1 is received directly from CE2 as intra-area route is preferred over inter-area route.

R1#sh ip route 9.9.0.5

Routing entry for 9.9.0.5/32Known via “ospf 1”, distance 110, metric 2, type intra area

Last update from 9.9.15.5 on FastEthernet1/0, 00:00:01 ago

Routing Descriptor Blocks:

* 9.9.15.5, from 9.9.0.5, 00:00:01 ago, via FastEthernet1/0 #Known VIA R5 now#

Route metric is 2, traffic share count is 1

R1#traceroute 9.9.0.5 source 9.9.0.1

Type escape sequence to abort.Tracing the route to 9.9.0.5

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.15.5 12 msec 56 msec 16 msec

 

NOW TO OVERCOME THIS BEHAVIOR WE WILL CONFIGURE OSPF SHAM-LINK BETWEEN PE1 AND PE2 AND THEN SEE THE BEHAVIOR.

Step 1:

Configure one loopback each on PE1 & PE2 and make it member of VRF.

PE1

interface Loopback1

vrf forwarding shamlink

ip address 2.2.2.2 255.255.255.255

 PE2

interface Loopback1

vrf forwarding shamlink

ip address 4.4.4.4 255.255.255.255

 

Step 2:

Advertise these lo1 addresses in IPV4 BGP as follows:

address-family ipv4 vrf shamlink

network 2.2.2.2 mask 255.255.255.255

address-family ipv4 vrf shamlink

network 4.4.4.4 mask 255.255.255.255

 

Step3:

Configure sham-link between PE1 and PE2 using lo1 IP addresses:

router ospf 1 vrf shamlinkarea 0 sham-link 2.2.2.2 4.4.4.4 cost 1

router ospf 1 vrf shamlink

area 0 sham-link 4.4.4.4 2.2.2.2 cost 1

Note – while configuring you will need to ensure the cost of link between CE1 and CE2 always remain higher than that mentioned over Sham-link so that path through sham-link remains the preferred one.

 

VERIFYING THAT OSPF SHAM-LINK IS UP:

R2#sh ip ospf sham-links
fix”>

Sham Link OSPF_SL0 to address 4.4.4.4 is up

Area 0 source address 2.2.2.2

Run as demand circuit

DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40,

Hello due in 00:00:01

Adjacency State FULL (Hello suppressed)

Index 2/2, retransmission queue length 0, number of retransmission 0

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

 

VERIFYING ADDITIONAL INFORMATION IS SENT IN THE FORM ON BGP EXTENDED COMMUNITY WHEN OSPF ROUTE TRAVELS MPLS BACKBONE:

R2#sh ip bgp vpnv4 all 9.9.0.1

BGP routing table entry for 2:2:9.9.0.1/32, version 61

Paths: (1 available, best #1, table shamlink)

Advertised to update-groups:

1

Refresh Epoch 1

Local

9.9.12.1 from 0.0.0.0 (9.9.0.2)

Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best

Extended Community: RT:2:1 OSPF DOMAIN ID:0x0005:0x000000010200

       OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:9.9.12.2:0

mpls labels in/out 25/nolabel

rx pathid: 0, tx pathid: 0x0

 

VERIFYING THE PATH TAKEN NOW AFTER SHAM-LINK IS OPERATIONAL:

R1#traceroute 9.9.0.5

Type escape sequence to abort.

Tracing the route to 9.9.0.5

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.12.2 48 msec 28 msec 12 msec

2 9.9.23.3 [MPLS: Labels 17/27 Exp 0] 84 msec 44 msec 68 msec

3 9.9.45.4 [MPLS: Label 27 Exp 0] 68 msec 28 msec 68 msec

4 9.9.45.5 92 msec 48 msec 52 msec

 

R1#sh ip route 9.9.0.5

Routing entry for 9.9.0.5/32

Known via “ospf 1”, distance 110, metric 4, type intra area

Last update from 9.9.12.2 on FastEthernet0/0, 00:00:56 ago

Routing Descriptor Blocks:

* 9.9.12.2, from 9.9.0.5, 00:00:56 ago, via FastEthernet0/0 Known via R2#

Route metric is 4, traffic share count is 1

Please follow and like us:

Related Post

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com