[j-nsp] OSPF Sham link question

Daniel Lete daniel.lete at heanet.ie
Wed Dec 5 09:10:33 EST 2007 

Hello David,
Irrelevant of the Sham Link configuration
a) LSA Type-5 in CE routers is maintained as LSA Type-5 when flooded across the 
backbone. If in your CE routers you are using those, you will always see them 
that way.

b) The extended community "Domain ID" appended in both PE routers needs to be 
the same for LSA Type-3 not to be modified into LSA Type-5 when flooded from PE 
to PE. If you are using BGP in your CE routers, do these use the same AS or are 
those AS different?

In relation to your sham-link. You need a loopback IP within your VRF to act as 
source/destination of the sham link and these loopbacks are NOT to be announced 
to your CE.

Hope it helps,
Daniel



David Ball wrote:
>   I've read what docs I can find regarding Sham links for OSPF, but am
> still not seeing what I feel are the expected results.  Here's my
> topology:
> 
> cisco2651---T640---T640---M10  (GigE to M10 and Cisco, 10Gig btwn T640s)
> 
>   The network between the T640s uses RSVP-signalled LSPs for
> transport, and I've built a VRF between them, adding the Cisco and the
> M10 interfaces to the VRF accordingly.  Cisco and M10 are doing OSPF
> with the routing-instance on the T640s.  Routes originating from M10
> are reaching Cisco, but are still appearing as external routes, which
> isn't what i was expecting (I'm hoping to see them all as intra-area
> routes).  The loopbacks I created on each side of the VRF are being
> advertised by BGP to the far end, but I"m not sure how else to
> troubleshoot the sham links, and whether they're being used or not.
> The config guidelines from juniper.net make it look dead easy, so I'm
> not sure what I'm doing wrong.  This is my first attempt at
> sham-links, so any advice is appreciated.
> 
> PtP links to end devices look like this:
> unit 0 {
>     family inet {
>         address 172.16.1.1/30;
>     }
> }
> 
> Loopback addresses created like this:
> family inet {
>     filter {
>         input secure-router-shamlink-test;  <-- permits OSPF packets to RE
>     }
>     address 172.16.0.1/32;
> }
> 
> Here's how the RI looks on one end (other end looks nearly identical,
> with interfaces and sham-link IPs being the only differences):
> instance-type vrf;
> interface ge-7/2/1.0;
> interface lo0.800;
> vrf-target target:25983:800;
> vrf-table-label;
> protocols {
>     ospf {
>         export shamlink-export-to-ospf;
>         sham-link local 172.16.0.1;
>         area 0.0.0.0 {
>             sham-link-remote 172.16.0.2 metric 1;
>             interface ge-7/2/1.0 {
>                 metric 1;
>             }
>         }
>     }
> }
> 
> And here's how the routes are being received at the Cisco:
> 
> lab-2651#sho ip route
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>        E1 - OSPF external type 1, E2 - OSPF external type 2
>        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
>        ia - IS-IS inter area, * - candidate default, U - per-user static route
>        o - ODR, P - periodic downloaded static route
> 
> Gateway of last resort is not set
> 
> C    172.17.0.0/16 is directly connected, FastEthernet0/1
>      172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
> O E2    172.16.16.0/24 [110/0] via 172.16.2.1, 04:31:29, FastEthernet0/0
> O E2    172.16.1.0/30 [110/0] via 172.16.2.1, 04:31:29, FastEthernet0/0
> O E2    172.16.0.1/32 [110/0] via 172.16.2.1, 04:31:29, FastEthernet0/0
> C       172.16.2.0/30 is directly connected, FastEthernet0/0
> O IA    172.16.0.3/32 [110/11] via 172.16.2.1, 04:31:29, FastEthernet0/0
> C    208.98.239.0/24 is directly connected, FastEthernet0/1
> O E2 192.168.101.0/24 [110/0] via 172.16.2.1, 04:31:30, FastEthernet0/0
> lab-2651#
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 

-- 
Daniel Lete Murugarren
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301  tel: +353-1-660 9040  fax: +353-1-660 3666
web: http://www.heanet.ie/

More information about the juniper-nsp mailing list