OSPF Sham-Link Support for MPLS VPN
Feature Overview
2
Cisco IOS Release 12.2(8)T
Figure 1 OSPF Connectivity Between VPN Client Sites and an MPLS VPN Backbone
When OSPF is used to connect PE and CE routers, all routing information learned from a VPN site is placed
in the VPN routing and forwarding (VRF) instance associated with the incoming interface. The PE routers
that attach to the VPN use the Border Gateway Protocol (BGP) to distribute VPN routes to each other. A CE
router can then learn the routes to other sites in the VPN by peering with its attached PE router. The MPLS
VPN superbackbone provides an additional level of routing hierarchy to interconnect the VPN sites running
OSPF.
When OSPF routes are propagated over the MPLS VPN backbone, additional information aboutthe prefix in
the form of BGP extended communities (route type, domain ID extended communities) is appended to the
BGP update. This community information is used by the receiving PE router to decide the type of link-state
advertisement (LSA) to be generated when the BGP route is redistributed to the OSPF PE-CE process. In this
way, internal OSPF routes that belong to the same VPN and are advertised over the VPN backbone are seen
as interarea routes on the remote sites.
For basic information about how to configure an MPLS VPN, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/vpn.htm
Using a Sham-Link to Correct OSPF Backdoor Routing
Although OSPF PE-CE connections assume that the only path between two client sites is across the MPLS
VPN backbone, backdoor paths between VPN sites (shown in grey in Figure 2) may exist. If these sites
belong to the same OSPF area, the path over a backdoor link will always be selected because OSPF prefers
intraarea paths to interarea paths. (PE routers advertise OSPF routes learned over the VPN backbone as
interarea paths.) For this reason, OSPF backdoor links between VPN sites must be taken into account so that
routing is performed based on policy.
MPLS VPN
Superbackbone
Area 1Area 1
Area 0
Area 3
Area 2
Area 0
70390