MPLS

Configuring a SHAM-LINK

keithcroxford /
 ·  ·  ·  · 

Image

Every time I hear “Sham-Link” I can’t help but to think of Vince Shlomi. Maybe he couldn’t make the backdoor link less preferred for CE to CE traffic .  Maybe that is what drove him to attack his “date”.

Anyways…

In a service provider network your customer might have a backdoor link from CE to CE that was present before deploying an MPLS VPN for the customer. Or they have asked for redundancy with a point to point link between a  major branch and corporate. Whatever the situation traffic might not take the most prefered path right out of the box when using OSPF as the CE to PE routing protocol.

In this case you need a SHAM-WOW…link.

Imagine the following scenario:

    
                   BGP
 PER1 <-------------------------> PER2
  ^                                ^
O | A                           O  | A
S | R                           S  | R
P | E                           P  | E
F | A                           F  | A
  | 0                              | 0
CER1 <--------------------------> CER2
      OSPF Area 0 (backdoor link)

When  reviewing the routes on the network you notice that traffic from CE1 to CE2 is taking the backdoor link. Imagine that this is a point to point T1, while the links to the PER are a 100 meg ethernet connection. Shortest : yes. Most efficient : No.  You change the OSPF costs, bounce the OSPF process and still no changes.

If you look at the type of type of routes, you will see that the CE to CE routes are INTRA-area, while the path across the PE / P network is seen an an External area (mismatch ospf domain) or inter-area. Hence the problem. OSPF will prefere routes in the following order:

1. Intra-area

2. Inter-area

3. External

To fix this, you need routes across the PE network to be seen as Intra-area routes.

First, you will need to create a loopback on each PER. This loopback will need to be within the customer’s VRF:

PER1

interface Loopback1000
ip vrf forwarding customera
ip address 172.26.0.1 255.255.255.255

PER2:

interface Loopback1000
ip vrf forwarding customera
ip address 172.26.0.2 255.255.255.255

Next, you will need to advertise the loopback through BGP (within the VRF):

PER1:

router bgp 65000
  address-family ipv4 vrf customera
  no synchronization
  network 172.26.0.1 mask 255.255.255.255
  redistribute ospf 1000 vrf customera metric 10 match internal external 1 external 2
  exit-address-family

PER2:

router bgp 65000
  address-family ipv4 vrf customera
  no synchronization
  network 172.26.0.2 mask 255.255.255.255
  redistribute ospf 1000 vrf customera
  exit-address-family

Finally, you will need to create the SHAM link under the OSPF processes.

PER1:

router ospf 1000 vrf customera
log-adjacency-changes
area 0 sham-link 172.26.0.1 172.26.0.2

PER2:

router ospf 1000 vrf customera
log-adjacency-changes
area 0 sham-link 172.26.0.1 172.26.0.2

When you review the routes, you will see that they are now Intra-area, however the backdoor link is still preferred. Now you are able to modify the cost on the CERs.

CER1:

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.252
 ip ospf cost 10000

CER2:

interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.252
 ip ospf cost 10000

Check your routes again, save the config and you have a SHAM-LINK.