This topic is to discuss the following lesson:
Hi Rene,
So, the sham link is required only for MPLS VPN scenario ?? Thx
br//zaman
That’s correct. MPLS VPN PE-CE with OSPF as the routing protocol between PE/CE.
Hi Rene,
In order for redistribution other routing protocols into OSPF on CE works properly, we have to setup Sham Link. Is that correct?
Looks like LSA type 5 & 7 are not exchanged cross MPLS backbone? Correct me if I’m wrong. Because I have tried redistribution other routing protocols into OSPF on CE without Sham Link and result is PE which connected directly with CE got the routes but other PEs didn’t got it.
Thanks,
Minh
Hello Minh,
Redistributed routes in OSPF on a CE router is no problem. You only need a sham link when you have a backdoor link in between your CE routers.
By default, OSPF external routes don’t get redistributed into BGP but you can change that. Here’s a quick example:
CE1(config)#interface Loopback 1
CE1(config-if)#ip address 11.11.11.11 255.255.255.255
CE1(config)#ip access-list standard CE1_L0
CE1(config-std-nacl)#permit host 11.11.11.11
CE1(config)#route-map CE1_L1 permit 10
CE1(config-route-map)#match ip address CE1_L1
CE1(config)#router ospf 1
CE1(config-router)#redistribute connected route-map CE1_L1On the PE1 router:
PE1(config)#router bgp 234
PE1(config-router)#address-family ipv4 vrf CUSTOMER
PE1(config-router-af)# redistribute ospf 2 match internal external 1 external 2And it will show up on the other end:
CE2#show ip route | include 11.11
O E2 11.11.11.11 [110/20] via 192.168.45.4, 00:02:29, GigabitEthernet0/1Hope this helps!
Rene
1 Like
Thank you, Rene.
Rgds,
Minh
1 Like
Hello @pradyumnayadavgla
It seems that you posted this in a private message. I will quote it here, and respond to it so that all of our readers can benefit.
Hi Rene,
Q1- Sham link can only be used for CE-PE OSPF not with other IGP like EIGRP and RIP?
Q2- can it is possible to use sham link when we are using OSPF for CE-PE connectivity
and other IGP using for providing reachability b/w IBGP neighbors or vice versa?
Q3- Did not understand concept of MPLS VPN backbone mean which link will act as
MPLS VPN backbone and if sham link is the MPLS VPN backbone link mean we are
having primary and sec MPLS VPN link and total two backbone link for each
customers
Q1 A sham link is an OSPF concept and cannot be implemented using other routing protocols.
Q2 A sham link can only be created when OSPF is the IGP in the MPLS backbone. If you are running EIGRP between the CE and PE, then a sham link, although it can be created, is of no benefit, because the redistribution between OSPF and EIGRP takes place in the PE, and there, you can adjust the metric of the EIGRP routes to achieve what you would with the sham link. Remember, the sham link is there because OSPF will always prefer an intra-area route (O) over an inter area route (O IA). The sham link simply changes the categorization of the O IA route to an O route so that it can be preferred. EIGRP doesn’t have such a concept, so it is not necessary.
Q3 The “VPN Backbone” is simply the MPLS network composed of the PE and P routers. The sham link isn’t the backbone, it is simply a mechanism that changes the categorization of the actual OSPF route. It’s not a tunnel of any sort, nor a backbone. The backbone is the MPLS network itself.
I hope this has been helpful!
Laz
Hi Laz,
Thanks for clarifying same but one more question is that, How many links are there for Customer to Customer reachabillity ?, I think there are two one is MPLS link and other one is OSPF link ( Through which customers connected directly ) .
Hello Pradyumna
Whenever you require a sham link for OSPF, this is due to the fact that a customer has obtained a backup link between the customer sites, most often with the goal of providing redundancy. This means that there will be two possible paths that data can take between two particular customer sites, one via the MPLS network, and the other via the backup link.
Usually, an MPLS network will be the primary method of interconnecting sites, due to the fact that it is typically a high performance network, and because customers will often have more than two sites. But some customers may want to use MPLS as backup. So the sham link is used only when you want the MPLS network to be the primary link that OSPF routing chooses.
You are correct, there are indeed two links between customer sites in a topology such as the one that is described in this lesson, one via MPLS and one via the backup link.
I hope this has been helpful!
Laz
Can we change the metric of the sham link?
Hello Muhammad
An example of the command used to implement the sham link is the following:
PE2(config-router)#area 0 sham-link 44.44.44.44 22.22.22.22 cost 10
The parameter cost 10 configures the metric of the sham link. If this is not configured, then the default cost is set to 1, which means it will most likely be chosen as the best path over alternate routes, which is what is desired.
I hope this has been helpful!
Laz
Hello @ReneMolenaar and @lagapidis,
I have two questions about the redistribution from BGP into OSPF.
- Question:
can you please explain, why CE1 sees the 5.5.5.5 route as an O IA route?
Looking at the redistribution configuration of PE1 I can see that BGP is redistributed into OSPF:
router ospf 2 vrf CUSTOMER
redistribute bgp 234 subnets
network 192.168.12.0 0.0.0.255 area 0
Why do we see this route as an O IA and not as an O E2 route?
- Question:
There is a rule that says, by default iBGP is not redistributed into OSPF.
Reference 1.
Reference 2.
Why does the redistribution work if we only use the command
redistribute bgp 234 subnets without the bgp redistribute-internal command?
Doesn’t this break the rule of not redistributing iBGP routes into OSPF by default?
Thank you.
Hello Thomas
Rene addresses this question in the lesson:
Our CE routers have learned each other’s networks. There’s something interesting in the output above…normally when we redistribute something into OSPF then our prefixes show up as O E2 or E1, now we seem to have O IA prefixes. I’ll explain why in a bit…
He goes on to explain that when used with MPLS, OSPF considers the MPLS service provider backbone as an OSPF “superbackbone”, and the PE routers as ASBRs. The result is that routes that originated in an OSPF area connected to a PE router of the MPLS network are considered IA routes even if they have been redistributed from BGP. Take a look at the text in the lesson that describes it in detail.
Note that the PE routers are running two instances of OSPF. The instance with process ID “1” is the OSPF instance that is running within the BGP domain of the MPLS backbone using ASN 234. Now if you attempted to redistribute into that OSPF process, you would indeed need the “redistribute-internal” keyword, because that OSPF process is the process serving the specific ASN.
However, the redistribution took place on OSPF process “2” which is the OSPF process running between the PE and CE routers, which is outside of the BGP domain. This means, by definition, that the redistribution is taking place on eBGP routes, not iBGP routes. So the rule is not violated. Does that make sense?
I hope this has been helpful!
Laz