Home / Cisco R&S / Cisco SP / MPLS Scenario : Introduction to OSPF Sham Links

MPLS Scenario : Introduction to OSPF Sham Links

,
Today I am going to talk about OSPF Sham Links in the MPLS environment. Many enterprises uses the Sham link where they used OSPF as a protocol for routing in their network. So now question is what is Sham link and why, where we can use the sham link.

What is Sham link in MPLS environment ?
According to the enterprise environment, you are connected to MPLS VPN backbone via service provider to connect with all the remote sites across the globe. All these sites are running with OSPF let us suppose with Area 1. If these sites belong to the same OSPF area, the path over a backdoor link will always be selected because OSPF prefers intra-area paths to inter-area paths. For this reason, OSPF backdoor links between VPN sites must be taken into account so that routing is performed based on policy. These backdoor links are called as Sham link.

 What is the purpose of the Sham link in the MPLS environment ?
Well this is good question, Sham-link overcomes the OSPF default behavior for selecting an intra-area backdoor route between VPN sites instead of an interarea (PE-to-PE) route. A sham-link ensures that OSPF client sites that share a backdoor link can communicate over the MPLS VPN backbone and participate in VPN services.

 So make sure if you get the flexibility in the routing part over the MPLS environment, you have OSPF cost configured with a sham-link allows you to decide if OSPF client site traffic will be routed over a backdoor link or through the VPN backbone.

 Do we have the restriction to use the Sham links in the MPLS environment ? 
When OSPF is used as a protocol between PE and CE routers, the OSPF metric is preserved when routes are advertised over the VPN backbone. The metric is used on the remote PE routers to select the correct route. For this reason, you should not modify the metric value when OSPF is redistributed to BGP, and when BGP is redistributed to OSPF. If you modify the metric value, routing loops may occur.

 Why Sham link is preferred by OSPF ?
The reason of the Sham link, the link between the RouteXP_S1_CE1 and RouteXP_S2_CE2 is the OSPF route is not redistributed to MP-iBGP.

 Below is the basic OSPF Sham link topology in the MPLS environment 
Fig 1.1- OSPF Sham Link
In the above Scenario, We have 4x PE routers in the MPLS backbone and is connected to three different customer local site with CE routers which is denoted by RouteXP_S1_CE1, RouteXP_S2_CE1 and RouteXP_S3_CE1. Here let's take an example that all these CE routers in the single OSPF area named Area 1.

 Here we have one backdoor link between RouteXP_S1_CE1 and RouteXP_S2_CE1. Since OSPF intra-area routes are preferred over inter-area routes. 

 Before you create a sham-link between PE routers in an MPLS VPN, Configure a new interface with a /32 address on the remote PE so that OSPF packets can be sent over the VPN backbone to the remote end of the sham-link. 

 Below is the configuration between the PE1 and PE2 for Sham link

 Sample Configuration on PE1 Router
!
ip vrf RouteXP
rd 115:43
route-target both 115:43
!
interface loopback 1
ip vrf forwarding RouteXP
ip address 10.2.1.1 255.255.255.255
!
interface serial 1/0
ip vrf forwarding RouteXP
ip address 10.1.0.1 255.255.255.252
!
router ospf 1 vrf RouteXP
network 10.1.0.1 0.0.0.3  area 1 
redistribute bgp 65103 subnets
area 1 sham-link 10.2.1.1 10.2.1.2 cost 10
!
router bgp 65103
address-family ipv4 vrf RouteXP
network 10.2.1.1 mask 255.255.255.255
redistribute ospf 1 match internal 
!

The interface Serial 1/0 is towards the RouteXP_S1_CE1 Customer router.

Similarly you can configure the configuration on the other PE2 router as well by defining the ip vrf command, interface loopback and then connected interface with the RouteXP_S2_CE1. Similarly you can have the router ospf vrf there with the redistribute bgp subnets and configure sham-link. 

A Sham-link in the OSPF down bit prevents routing loops. Packet forwarding is optimised across the MPLS VPN using the OSPF routing bit. Basic OSPF across an MPLS VPN includes a BGP backbone  where OSPF is run on each site and MP-BGP is used to propagate routes between each site. A better option implements the MP-BGP backbone as a new transparent OSPF super backbone above existing areas.

Make a note that a Sham link is required between any two VPN sites that belongs to the same OSPF area and shares an OSPF backdoor link. The area sham-link cost command is used to configure a sham link across a MPLS VPN backbone. 

The example using here is just for the explanation purposes and IP uses here are for demo purposes.