RE: OSPF SHAM LINKS

Neither sham-link nor backdoor has to be in area 0, please correct me if
im wrong.

Basically sham-link is needed to connect the PE devices in the same area
as of CE devices so that prefixes advertised by PE to CE goes as
Intra-Area not Inter-Area.

Suppose

R1 (PE) connects to SW1 (CE) OSPF Area 10

R2 (PE) connects to SW2 (CE) OSPF Area 10

Also both SW1 and SW2 has a backdoor connection in Area 10, where both
PEs are connected via MP-BGP and using OSPF Area 20 as their underlying
IGP.

SW1 and SW2 can reach each other via their direct backdoor connection in
area 10 or they will receive the same prefixes via PE1-2, but since P1-2
are in Area 20 so these will become Inter-Area and as per OSPF it will
prefer the Intra-Area backdoor routes.

SW1 and SW2 to route via PEs to reach other sham-link is needed between
PE1 and PE2 and this sham-link will be created in Area 10, same as of
backdoor. Once shame-link is up SW1-2 will have 2 intra-area routes to
reach each other one via backdoor and one via PE and to force SW1-2 to
route via PE just increase the cost of their backdoor direct
connections.

Kieth Barker has done an excellent blog on this.
http://blog.ine.com/2010/04/08/a-sham-link-really-yes-and-its-not-used-f
or-phishing/

regards,
Saulat

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Hussam EL Kebbi
Sent: 04 February 2011 14:49
To: ricardo7632003_at_hotmail.com; narbikk_at_gmail.com
Cc: ccielab_at_groupstudy.com
Subject: RE: OSPF SHAM LINKS

Dears,
I tried the scenario several times on GNS and here is the result:
SHAM LINK is needed to prefer MPBGP cloud over backdoor, whether its
Intra or
INTER AREA!!
Why?
- Without sham link we will have 2 Inter area route, one through MPLS
and one
through backdoor, it willalways prefer the backdoor link since it is
coming
from area 0 between backdoor link.
When you create shamlink, MPLS clound will also become backbone 0 and
then it
will look at OSPF cost (don't forget to create virtual link for
discontiguous
area 0)
Br,Hussam
> From: ricardo7632003_at_hotmail.com
> To: hussamkibbi_at_hotmail.com; narbikk_at_gmail.com
> CC: ccielab_at_groupstudy.com
> Subject: RE: OSPF SHAM LINKS
> Date: Thu, 3 Feb 2011 22:04:30 -0300
>
> A sham link is required only between two VPN sites that belong to the
same
> area and have the backdoor link for backup needs
>
>
> Ricardo
>
> > From: hussamkibbi_at_hotmail.com
> > To: narbikk_at_gmail.com
> > CC: ccielab_at_groupstudy.com
> > Subject: RE: OSPF SHAM LINKS
> > Date: Fri, 4 Feb 2011 00:48:45 +0000
> >
> > Thank you all for the valuable information.But my question is: Do we
need
> Sham
> > link if we already have inter-area:
> >
> > R1---MPBGP--------R2
> > | | | |OSPF Area
1
> > OSPF Area 2 | | |
> |R3--Ospf
> > area 0----R4
> >
> > I tried scenario above on GNS and I didn't see any difference,
before and
> > after using sham links.R4 can see R3 through mpls as Inter-area
without
> sham
> > links.
> > So do we need it here for any reason?maybe as design for super
backbone
> area
> > 0?
> >
> >
> >
> >
> > > Date: Thu, 3 Feb 2011 11:37:15 -0800
> > > Subject: Re: OSPF SHAM LINKS
> > > From: narbikk_at_gmail.com
> > > To: hussamkibbi_at_hotmail.com
> > > CC: ccielab_at_groupstudy.com
> > >
> > > Just to add to whats been said here....
> > > You could actually configure Sham-link for back door and GRE
through
the
> > > cloud for "O" routes, these are some of your options, it all
depends
what
> > > you like to do.
> > >
> > > On Thu, Feb 3, 2011 at 9:18 AM, Hussam EL Kebbi
> > <hussamkibbi_at_hotmail.com>wrote:
> > >
> > > > Hi Experts,
> > > > Do we need Sham-links between OSPF Inter area (then MPBGP)
having
same
> > > > domain-id?
> > > > or it is only needed to keep the intra area routes as Intra area
> routes?
> > > >
> > > > Thanks,
> > > >
> > > >
> > > > Blogs and organic groups at http://www.ccie.net
> > > >
> > > >
Received on Fri Feb 04 2011 - 17:05:08 ART