Cisco Systems 1600R, 1400 series manual PE-1#show ip route vrf ospf

OSPF Sham-Link Support for MPLS VPN

Feature Overview

PE-1#show ip route vrf ospf 10.3.1.7

Routing entry for 10.3.1.7/32

Known via "ospf 100", distance 110, metric 86, type intra area

Redistributing via bgp 215

Advertised by bgp 215

Last update from 10.2.1.38 on Serial0/0/0, 00:00:17 ago

Routing Descriptor Blocks:

*10.2.1.38, from 10.3.1.7, 00:00:17 ago, via Serial0/0/0 Route metric is 86, traffic share count is 1

This path is selected because:

•The OSPF intra-area path is preferred over the interarea path (over the MPLS VPN backbone) generated by the PE-1 router.

•OSPF has a lower administrative distance (AD) than internal BGP (BGP running between routers in the same autonomous system).

If the backdoor links between sites are used only for backup purposes and do not participate in the VPN service, then the default route selection shown in the preceding example is not acceptable. To reestablish the desired path selection over the MPLS VPN backbone, you must create an additional OSPF intra-area (logical) link between ingress and egress VRFs on the relevant PE routers. This link is called a sham-link.

A sham-link is required between any two VPN sites that belong to the same OSPF area and share an OSPF backdoor link. If no backdoor link exists between the sites, no sham-link is required.

Figure 3 shows a sample sham-link between PE-1 and PE-2. A cost is configured with each sham-link and is used to decide whether traffic will be sent over the backdoor path or the sham-link path. When a sham-link is configured between PE routers, the PEs can populate the VRF routing table with the OSPF routes learned over the sham-link.

Cisco IOS Release 12.2(8)T

4