RE: Damn Sham! ***P1*** Help Please

From: Brian McGahan <bmcgahan_at_ine.com>
Date: Sun, 7 Aug 2011 22:59:25 -0500

Your sham link source addresses have a typos in them; they shouldn't be 1.1.2.1 or 6.6.5.6. Regardless there are larger design issues in your configuration that need to be addressed. First and foremost, the sham-link endpoint *cannot* be advertised into the PE-CE routing protocol; this defeats the entire traffic engineering goal of sham-links to begin with. Secondly, the sham-link source and destination *must* be loopbacks that are /32 host routes. This has to do with the CEF implementation and how an aggregate label lookup is treated differently than a connected host route.

It's difficult to explain why these cases must be fixed without doing a full 10 page reply on sham-links. Instead I've given you access to the INE CCIE R&S ATC so that you can review those sections before your lab exam. Login to members.ine.com and you will be able to download the particular sections that you need which are relevant to your final preparation.

For others interested this particular topic (OSPF Sham Links) along with its design and configuration logic can be found here: http://goo.gl/fwsla I've made this particular video public so that everyone can benefit from the information, as this is a typical problem area for 99% of CCIE R&S lab candidates.

Good luck on your lab attempt Marc!

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
 
Internetwork Expert, Inc.
http://www.INE.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of marc edwards
Sent: Sunday, August 07, 2011 8:17 PM
To: Cisco certification
Subject: Damn Sham! ***P1*** Help Please

Hello experts! I hope you are having (had) a great weekend.

I am getting down to the final hour so working on the MPLS stuff. Glad to
see that my MPLS L3 VPN is working and I understand the concepts well
(Thanks Keith Barker & Scott Morris Cisco Live! Presentation). I can enable
this and feeling very comfortable with all the components. I am onto
figuring out this sham link thing. I understand the theory ( I think). So
after getting my L3 VPN up and running through my PE's to CE's R1 and R6, I
introduced the back door on the Fa 0/0 interface. Unfortunately something is
wrong with my config because I can't seem to get the CE's to prefer the MPLS
cloud any more. See my topo and I will initially provide sh run of my PE's.
Any thoughts? This is my last session before test day Tuesday. I am kicked
off the rack at 3AM PST UTC -8. No rush or anything but I need help fast
Please!

R1 (fa0/0)--->R2 (PE)--> {MPLS CLOUD} <-- R5<-- (fa 0/0) R6
(fa0/1)
     (fa0/1)
 |
           |
 |-------------------------------------------VLAN3---------------------------------|

R2

!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
dot11 syslog
ip cef
!
!
!
!
ip vrf acme
 rd 100:100
 route-target export 10.2.2.2:20
 route-target import 10.5.5.5:20
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.2.2.2 255.255.255.0
 ip ospf network point-to-point
!
interface Loopback1
 ip address 10.22.2.2 255.255.255.0
!
interface FastEthernet0/0
 ip vrf forwarding acme
 ip address 1.1.2.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
 no frame-relay inverse-arp
!
interface Serial0/0/0.203 point-to-point
 ip address 10.0.203.2 255.255.255.254
 snmp trap link-status
 mpls ip
 frame-relay interface-dlci 203
!
interface Serial0/0/0.204 point-to-point
 ip address 10.0.204.2 255.255.255.254
 snmp trap link-status
 mpls ip
 frame-relay interface-dlci 204
!
interface Serial0/0/1
 no ip address
 shutdown
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf acme
  redistribute bgp 25 metric 10000 10 255 1 1500
  network 0.0.0.0
  no auto-summary
  autonomous-system 8
 exit-address-family
!
router ospf 2 vrf acme
 router-id 10.22.2.2
 domain-id 0.0.0.0
 domain-tag 2222
 log-adjacency-changes
 area 0 sham-link 1.1.2.1 6.6.5.5
 redistribute bgp 25 subnets
 network 0.0.0.0 255.255.255.255 area 0
!
router ospf 1
 router-id 10.2.2.2
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
router bgp 25
 bgp log-neighbor-changes
 neighbor 10.5.5.5 remote-as 25
 neighbor 10.5.5.5 update-source Loopback0
 !
 address-family ipv4
  no neighbor 10.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.5.5.5 activate
  neighbor 10.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf acme
  redistribute ospf 2 vrf acme match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

R5

!
hostname R5
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 20
!
!
ip cef
!
!
ip vrf acme
 rd 100:100
 route-target export 10.5.5.5:20
 route-target import 10.2.2.2:20
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
interface Loopback0
 ip address 10.5.5.5 255.255.255.0
 ip ospf network point-to-point
!
interface Loopback1
 ip address 10.55.5.5 255.255.255.0
!
interface FastEthernet0/0
 ip vrf forwarding acme
 ip address 6.6.5.5 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
 no frame-relay inverse-arp
!
interface Serial0/0/0.503 point-to-point
 ip address 10.0.35.2 255.255.255.254
 mpls ip
 frame-relay interface-dlci 503
!
interface Serial0/0/0.504 point-to-point
 ip address 10.0.45.5 255.255.255.254
 mpls ip
 frame-relay interface-dlci 504
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf acme
  redistribute bgp 25 metric 10000 10 255 1 1500
  network 0.0.0.0
  no auto-summary
  autonomous-system 8
 exit-address-family
!
router ospf 2 vrf acme
 router-id 10.55.5.5
 domain-id 0.0.0.0
 domain-tag 2222
 log-adjacency-changes
 area 0 sham-link 6.6.5.6 1.1.2.2
 redistribute bgp 25 subnets
 network 0.0.0.0 255.255.255.255 area 0
!
router ospf 1
 router-id 10.5.5.5
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
router bgp 25
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.2.2.2 remote-as 25
 neighbor 10.2.2.2 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.2.2.2 activate
  neighbor 10.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf acme
  redistribute ospf 2 vrf acme match internal external 1 external 2
  no synchronization
 exit-address-family
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000

!
webvpn cef
!
end

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 07 2011 - 22:59:25 ART

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART