If there is a backdoor link between VPN sites and the VPN sites are in the same OSPF area, the routes that learned from backdoor link more valuable than the routes that learned from the PE routers.
Because intra area routes are prefered over the inter area routes.
Shamlinks can be configured to prevent this route selection.With shamlink, routes are learned from PE are intra area instead of inter area.External routes do not change, they come as external routes like before.
In this example we will configure Ospf Shamlinks.
Here is the topology:
PE-1 Configuration:
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet1/0
ip address 192.168.12.1 255.255.255.0
ip ospf network point-to-point
mpls ip
interface FastEthernet1/1
ip address 192.168.13.1 255.255.255.0
ip ospf network point-to-point
mpls ip
interface FastEthernet2/0
ip vrf forwarding a
ip address 10.10.1.1 255.255.255.0
router ospf 10 vrf a
log-adjacency-changes
redistribute bgp 1 subnets
network 10.10.1.1 0.0.0.0 area 0
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
router bgp 1
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
address-family ipv4 vrf a
redistribute connected
redistribute static
redistribute ospf 10 vrf a match internal external 1 external 2
no synchronization
exit-address-family
PE-2 Configuration
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:1
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet1/0
ip address 192.168.23.3 255.255.255.0
ip ospf network point-to-point
mpls ip
interface FastEthernet1/1
ip address 192.168.13.3 255.255.255.0
ip ospf network point-to-point
mpls ip
interface FastEthernet2/1
ip vrf forwarding a
ip address 10.10.3.3 255.255.255.0
router ospf 10 vrf a
log-adjacency-changes
redistribute bgp 1 subnets
network 10.10.3.3 0.0.0.0 area 0
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
router bgp 1
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
address-family ipv4 vrf a
redistribute connected
redistribute static
redistribute ospf 10 vrf a match internal external 1 external 2
no synchronization
exit-address-family
CE-1 Configuration:
interface Loopback0
ip address 7.7.7.7 255.255.255.255
interface FastEthernet0/0
ip address 10.10.1.7 255.255.255.0
ip ospf cost 10
interface FastEthernet0/1
description *** Backdoor Link ***
ip address 10.10.78.7 255.255.255.0
ip ospf network point-to-point
ip ospf cost 15
router ospf 10
log-adjacency-changes
redistribute static subnets
network 7.7.7.7 0.0.0.0 area 0
network 10.10.1.7 0.0.0.0 area 0
network 10.10.78.7 0.0.0.0 area 0
ip route 70.70.70.70 255.255.255.255 Null0
CE-2 Configuration:
interface Loopback0
ip address 8.8.8.8 255.255.255.255
interface FastEthernet0/0
ip address 10.10.3.8 255.255.255.0
ip ospf cost 10
interface FastEthernet0/1
description *** Backdoor Link ***
ip address 10.10.78.8 255.255.255.0
ip ospf network point-to-point
ip ospf cost 15
router ospf 10
log-adjacency-changes
redistribute static subnets
network 8.8.8.8 0.0.0.0 area 0
network 10.10.3.8 0.0.0.0 area 0
network 10.10.78.8 0.0.0.0 area 0
ip route 80.80.80.80 255.255.255.255 Null0
Without shamlink configurations, when the backdoor link is shutdown, CPE-1 learns these routes through PE-1 router:
CPE-1#show ip route ospf
80.0.0.0/32 is subnetted, 1 subnets
O E2 80.80.80.80 [110/20] via 10.10.1.1, 00:02:15, FastEthernet0/0
8.0.0.0/32 is subnetted, 1 subnets
O IA 8.8.8.8 [110/12] via 10.10.1.1, 00:02:25, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.10.3.0 [110/11] via 10.10.1.1, 00:02:25, FastEthernet0/0
When the backdoor link is shutdown, CPE-2 learns these routes through PE-2 router:
CPE-2#show ip route ospf
70.0.0.0/32 is subnetted, 1 subnets
O E2 70.70.70.70 [110/20] via 10.10.3.3, 00:03:02, FastEthernet0/0
7.0.0.0/32 is subnetted, 1 subnets
O IA 7.7.7.7 [110/12] via 10.10.3.3, 00:03:02, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.10.1.0 [110/11] via 10.10.3.3, 00:03:02, FastEthernet0/0
When we open the backdoor link:
CPE-1#show ip route ospf
80.0.0.0/32 is subnetted, 1 subnets
O E2 80.80.80.80 [110/20] via 10.10.78.8, 00:00:00, FastEthernet0/1
8.0.0.0/32 is subnetted, 1 subnets
O 8.8.8.8 [110/16] via 10.10.78.8, 00:00:01, FastEthernet0/1
10.0.0.0/24 is subnetted, 3 subnets
O 10.10.3.0 [110/25] via 10.10.78.8, 00:00:01, FastEthernet0/1
CPE-2#show ip route ospf
70.0.0.0/32 is subnetted, 1 subnets
O E2 70.70.70.70 [110/20] via 10.10.78.7, 00:00:15, FastEthernet0/1
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/11] via 10.10.78.7, 00:00:28, FastEthernet0/1
10.0.0.0/24 is subnetted, 3 subnets
O 10.10.1.0 [110/20] via 10.10.78.7, 00:00:28, FastEthernet0/1
When the PE router redistributes bgp routes into ospf Type-1 LSAs are converted Type-3 LSA.Type-1 LSAs are more valuable than the Type-3 LSAs.So Type-1 LSAs take place in the routing tables.
Lets Configure shamlink:
On PE-1
interface Loopback100
ip vrf forwarding a
ip address 100.100.100.1 255.255.255.255
router ospf 10 vrf a
area 0 sham-link 100.100.100.1 100.100.100.3
On PE-2:
interface Loopback100
ip vrf forwarding a
ip address 100.100.100.3 255.255.255.255
router ospf 10 vrf a
area 0 sham-link 100.100.100.3 100.100.100.1
PE-1#show ip ospf 10 neighbor
Neighbor ID Pri State Dead Time Address Interface
10.10.3.3 0 FULL/ - - 100.100.100.3 OSPF_SL0
10.10.1.7 1 FULL/BDR 00:00:34 10.10.1.7 FastEthernet2/0
CPE-1#show ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O E2 100.100.100.1 [110/1] via 10.10.1.1, 00:11:09, FastEthernet0/0
O E2 100.100.100.3 [110/1] via 10.10.1.1, 00:11:09, FastEthernet0/0
80.0.0.0/32 is subnetted, 1 subnets
O E2 80.80.80.80 [110/20] via 10.10.1.1, 00:11:09, FastEthernet0/0
8.0.0.0/32 is subnetted, 1 subnets
O 8.8.8.8 [110/13] via 10.10.1.1, 00:11:09, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O 10.10.3.0 [110/12] via 10.10.1.1, 00:11:09, FastEthernet0/0
CPE-2#show ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O E2 100.100.100.1 [110/1] via 10.10.3.3, 00:00:35, FastEthernet0/0
O E2 100.100.100.3 [110/1] via 10.10.3.3, 00:00:35, FastEthernet0/0
70.0.0.0/32 is subnetted, 1 subnets
O E2 70.70.70.70 [110/20] via 10.10.3.3, 00:00:35, FastEthernet0/0
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/13] via 10.10.3.3, 00:00:35, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O 10.10.1.0 [110/12] via 10.10.3.3, 00:00:35, FastEthernet0/0
CPE-2#traceroute 7.7.7.7 source 8.8.8.8 num
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 10.10.3.3 0 msec 192 msec 96 msec
2 10.10.1.1 [MPLS: Label 22 Exp 0] 76 msec 92 msec 72 msec
3 10.10.1.7 116 msec * 200 msec
No comments:
Post a Comment