OSPF Sham-Link Support for MPLS VPN

CCNA 200-301

CCNP Enterprise

CCNP Security

CCIE Enterprise Lab

CCIE Security Lab

CCNP Service Provider

CCNP Data Center

CCNP Collaboration

CCIE DC Lab

2019-08-15

Here we would be describing how to configure and utilizing a sham-link for connecting VPN (Virtual Private Network) client sites that would be running the OSPF (Open Shortest Path First) protocol and share backdoor OSPF links in an MPLS (Multiprotocol Label Switching) VPN configuration. Also, if you wish to have a hand-on practice with all the topics that would be covered into the Cisco Lab Exam, you should join the courses which are being offered by the SPOTO.

In an MPLS VPN configuration, the OSPF protocol would be considered as one way, through which you could connect customer edge (CE) routers to service provider edge (PE) routers in the VPN backbone. OSPF is often utilized by customers that would be running OSPF as their intrasite routing protocol, subscribe to a VPN service, as well as want to exchange routing information between their sites which would be using OSPF, during the migration or on a permanent basis, over an MPLS VPN backbone.

When OSPF would be utilized to connect PE and CE routers, all routing information learned from a VPN site would be placed in the VPN routing and forwarding (VRF) instance which would be associated with the incoming interface. The PE routers that would be attached to the VPN use the BGP (Border Gateway Protocol) to distribute VPN routes to each other. A CE router could then learn the routes to other sites in the VPN by peering with PE router attached to it. The MPLS VPN super backbone would provide an additional level of routing hierarchy to interconnect the VPN sites running OSPF.

When OSPF routes would be propagated over the MPLS VPN backbone, additional information about the prefix in the form of BGP is going to be extended communities is going to be appended to the BGP update. The receiving PE router uses the community information to determine the type of LSA (link-state notification) to be generated when the BGP route is redistributed to the OSPF PE-CE process. In this way, internal OSPF routes which would belong to the same VPN as well as are advertised over the VPN backbone are seen as interarea routes on the remote sites.

Utilizing the Sham-Link to Correct OSPF Backdoor Routing:

Although OSPF PE-CE connections would be assuming that the only path between two client sites is across the MPLS VPN backbone, backdoor paths between VPN sites might exist. If these sites would be belonging to the same OSPF area, the path over a backdoor link would always be selected because OSPF which would prefer Intra area paths to interarea paths. PE routers advertise OSPF routes that to be learned over the VPN backbone as interarea paths. For this reason, OSPF backdoor links between VPN sites should be taken into account so that routing is performed on the policy basis.

As suppose there are three client sites, each with backdoor links. Because each site runs OSPF within the same Area 1 configuration, all routing between the three sites would have to follow the Intra area path across the backdoor links, rather than over the MPLS VPN backbone.

There’s lots of difference in studying through the books or articles and practically practicing on the hands-on lab. The knowledge that you gain through books, wouldn’t be enough to clear the practical lab exam. You might have rack rentals of the lab, instead of building the lab at home. But again, it would be also cost you a lot. Instead, we would prefer you to join the courses offered at a good and reliable institute, like the SPOTO and have access to their premium Lab materials to clear your exam in a single attempt.