Saturday, August 20, 2011

SHAM LINKS




A customer has 2 entry points into an MPLS VPN. It is a requirement for the customer to traverse the MPLS VPN for intersite traffic. When the customer is running OSPF between its sites by default the backdoor, slower, serial connection will always be preferred by OSPF. This is because links injected into the OSPF domain by the PE routers will be external routes and hence always less preferred than OSPF internal routes.

Sham links get around this problem. Effectively they are a vehicle to enable the OSPF links traversing the provider backbone to appear as internal OSPF routes.

Sham links appear analogous to virtual links. They have tunnel start and end points and traverse a routing domain. The following are required

1) A /32 loopback address on each PE router. This has to be in the customer VRF and NOT be directly advertised into OSPF.

2) Advertise these loopbacks into MP-BGP as vpnv4 routes. This is how the PE routers will learn about the endpoints of the sham-link.

3) Configure the sham-link under the OSPF process on the PE routers

1)
PE1
Int lo0
Ip vrf forwarding CUST1
Ip address 192.168.0.1

PE2
Int lo0
Ip vrf forwarding CUST1
Ip address 192.168.0.2

2)
PE1
Router bgp 1
Address-family ipv4 vrf CUST1
Network 192.168.0.1 255.255.255.255

PE2
Router bgp 1
Address-family ipv4 vrf CUST1
Network 192.168.0.1 255.255.255.255

3)
PE1
Router ospf 1 vrf CUST1
Area 0 sham-link 192.168.0.1 192.168.0.2

PE1
Router ospf 1 vrf CUST1
Area 0 sham-link 192.168.0.2 192.168.0.1


No comments: