OSPF Sham-Link Support for MPLS VPN
Feature Overview
4
Cisco IOS Release 12.2(8)T
PE-1# show ip route vrf ospf 10.3.1.7
Routing entry for 10.3.1.7/32
Known via "ospf 100", distance 110, metric 86, type intra area
Redistributing via bgp 215
Advertised by bgp 215
Last update from 10.2.1.38 on Serial0/0/0, 00:00:17 ago
Routing Descriptor Blocks:
* 10.2.1.38, from 10.3.1.7, 00:00:17 ago, via Serial0/0/0
Route metric is 86, traffic share count is 1
This path is selected because:
•The OSPF intra-area path is preferred over the interarea path (over the MPLS VPN backbone)
generated by the PE-1 router.
•OSPF has a loweradministrative distance (AD) than internal BGP (BGP running between routers in
the same autonomous system).
If the backdoor links between sites are used only for backup purposes and do not participate in the VPN
service, then the default route selection shown in the preceding example is not acceptable. To reestablish the
desiredpath selection over the MPLS VPN backbone, you must create an additional OSPF intra-area (logical)
link between ingress and egress VRFs on the relevant PE routers. This link is called a sham-link.
A sham-link is required between any two VPN sites that belong to the same OSPF area and share an OSPF
backdoor link. If no backdoor link exists between the sites, no sham-link is required.
Figure 3 shows a sample sham-link between PE-1 and PE-2. A cost is configured with each sham-link and is
used to decide whether traffic will be sent over the backdoor path or the sham-link path. When a sham-link
is configured between PE routers, the PEs can populate the VRF routing table with the OSPF routes learned
over the sham-link.