MPLS L3VPN and OSPF Sham Links

Lets jump right into a task, refer to the topology depicted below:

R1 = Route reflector, reflecting VPNv4 routes between PE routers
R2 and R3 = PE routers
R4 and R5 = CE routers

CE routers runs OSPF with PE routers and a MPLS L3VPN is setup, redistributing OSPF<->BGP vpnv4.

A backdoor link is setup between the CE routers directly for redundancy.

Task: The backdoor link is very poor, make sure its used for backup only, and that the mpls link is primarily used.

What obstacles would we meet? First off, for testing purposes, lets advertise some prefix into OSPF from one of the CE routers:

Second, i will shut the directly connected link between the CE routers so we can look deeper into the details about the other path. Then let’s look what R5 sees when we look for this newly added prefx:

The route is advertised from R4 via OSPF to its PE router, which in turn redistributes it into BGP as a VPNv4 route wich ends up at the other PE and finally advertised to R5 as OSPF again. But this area 1 is not the same area 1 as the route originated from. Its actually redistributed from another area 1 in ospf’s perspective via a “MPLS VPN Superbackbone”.

That’s why the route originates from another area, eventhough the area number is the same. Since the route is advertised via a backbone area, it will ofcourse be seen as an inter area route in R5.

Since the backdoor link is directly connected, that would be a normal intra area route, its not coming from any other area, that one would be preferred over the inter area route.

How do we trick the routers to prefer the MPLS route?

What we need to do is obviously to trick the routers to believe that the route is an intra area route, this can be done over the MPLS network with a so-called “sham-link” making the area seem contiguous over the MPLS cloud.

Configuration steps

  1. Create new loopback interfaces in PE-routers for the sham-link
  2. Configure sham-link under ospf process with the lo-interfaces as source/dest as a tunnel.

Verify that the sham-link is up with “ip ospf sham-links”.

Now that the sham-link is up, lets go back to R5 and se if the route has changed, remember that the route to was  of type inter-area.

And now when the route is advertised from PE to R5 as an intra area route – a normal route from “same” area, we can simply modify cost on the backdoor link in order to avoid it being used as primary path.

Leave a Reply

Your email address will not be published. Required fields are marked *