*Fixed* --- Thanks to experts! Here is updated PE configurations that come
with an updated understanding.
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
dot11 syslog
ip cef
!
!
!
!
ip vrf acme
rd 100:100
route-target export 10.2.2.2:20
route-target import 10.5.5.5:20
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface Loopback0
ip address 10.2.2.2 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding acme
ip address 10.22.2.2 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding acme
ip address 1.1.2.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial0/0/0.203 point-to-point
ip address 10.0.203.2 255.255.255.254
snmp trap link-status
mpls ip
frame-relay interface-dlci 203
!
interface Serial0/0/0.204 point-to-point
ip address 10.0.204.2 255.255.255.254
snmp trap link-status
mpls ip
frame-relay interface-dlci 204
!
interface Serial0/0/1
no ip address
shutdown
!
router eigrp 1
auto-summary
!
address-family ipv4 vrf acme
network 0.0.0.0
no auto-summary
autonomous-system 8
exit-address-family
!
router ospf 2 vrf acme
router-id 10.22.2.2
domain-tag 2222
log-adjacency-changes
area 0 sham-link 10.22.2.2 10.55.5.5
redistribute bgp 25 subnets route-map shamfilter
network 1.1.2.2 0.0.0.0 area 0
!
router ospf 1
router-id 10.2.2.2
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 25
bgp log-neighbor-changes
neighbor 10.5.5.5 remote-as 25
neighbor 10.5.5.5 update-source Loopback0
!
address-family vpnv4
neighbor 10.5.5.5 activate
neighbor 10.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf acme
redistribute ospf 2 vrf acme
no synchronization
network 10.22.2.2 mask 255.255.255.255
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list shamfilter seq 5 permit 10.55.5.5/32
ip prefix-list shamfilter seq 10 permit 10.22.2.2/32
!
!
route-map shamsource deny 10
match ip address prefix-list shamsource
!
route-map shamsource permit 100
!
route-map shamfilter deny 10
match ip address prefix-list shamfilter
!
route-map shamfilter permit 100
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
R2#
GV-Rack2>5
[Resuming connection 5 to r5 ... ]
R5#term len 0
R5#sh run
Building configuration...
Current configuration : 2957 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 20
!
!
ip cef
!
!
ip vrf acme
rd 100:100
route-target export 10.5.5.5:20
route-target import 10.2.2.2:20
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface Loopback0
ip address 10.5.5.5 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip vrf forwarding acme
ip address 10.55.5.5 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding acme
ip address 6.6.5.5 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial0/0/0.503 point-to-point
ip address 10.0.35.2 255.255.255.254
mpls ip
frame-relay interface-dlci 503
!
interface Serial0/0/0.504 point-to-point
ip address 10.0.45.5 255.255.255.254
mpls ip
frame-relay interface-dlci 504
!
interface Serial0/0/1
no ip address
shutdown
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
router eigrp 1
auto-summary
!
address-family ipv4 vrf acme
network 0.0.0.0
no auto-summary
autonomous-system 8
exit-address-family
!
router ospf 2 vrf acme
router-id 10.55.5.5
domain-tag 2222
log-adjacency-changes
area 0 sham-link 10.55.5.5 10.22.2.2
redistribute bgp 25 subnets route-map shamfilter
network 6.6.5.5 0.0.0.0 area 0
!
router ospf 1
router-id 10.5.5.5
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 25
bgp log-neighbor-changes
neighbor 10.2.2.2 remote-as 25
neighbor 10.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf acme
redistribute ospf 2 vrf acme
no synchronization
network 10.55.5.5 mask 255.255.255.255
exit-address-family
!
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list shamfilter seq 5 permit 10.55.5.5/32
ip prefix-list shamfilter seq 10 permit 10.22.2.2/32
!
!
route-map shamsource deny 10
match ip address prefix-list shamsource
!
route-map shamsource permit 100
!
route-map shamfilter deny 10
match ip address prefix-list shamfilter
!
route-map shamfilter permit 100
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
webvpn cef
!
end
On Sun, Aug 7, 2011 at 8:59 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> Your sham link source addresses have a typos in them; they shouldn't be
> 1.1.2.1 or 6.6.5.6. Regardless there are larger design issues in your
> configuration that need to be addressed. First and foremost, the sham-link
> endpoint *cannot* be advertised into the PE-CE routing protocol; this
> defeats the entire traffic engineering goal of sham-links to begin with.
> Secondly, the sham-link source and destination *must* be loopbacks that are
> /32 host routes. This has to do with the CEF implementation and how an
> aggregate label lookup is treated differently than a connected host route.
>
> It's difficult to explain why these cases must be fixed without doing a
> full 10 page reply on sham-links. Instead I've given you access to the INE
> CCIE R&S ATC so that you can review those sections before your lab exam.
> Login to members.ine.com and you will be able to download the particular
> sections that you need which are relevant to your final preparation.
>
> For others interested this particular topic (OSPF Sham Links) along with
> its design and configuration logic can be found here: http://goo.gl/fwsla I've made this particular video public so that everyone can benefit from
> the information, as this is a typical problem area for 99% of CCIE R&S lab
> candidates.
>
> Good luck on your lab attempt Marc!
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> marc edwards
> Sent: Sunday, August 07, 2011 8:17 PM
> To: Cisco certification
> Subject: Damn Sham! ***P1*** Help Please
>
> Hello experts! I hope you are having (had) a great weekend.
>
> I am getting down to the final hour so working on the MPLS stuff. Glad to
> see that my MPLS L3 VPN is working and I understand the concepts well
> (Thanks Keith Barker & Scott Morris Cisco Live! Presentation). I can enable
> this and feeling very comfortable with all the components. I am onto
> figuring out this sham link thing. I understand the theory ( I think). So
> after getting my L3 VPN up and running through my PE's to CE's R1 and R6, I
> introduced the back door on the Fa 0/0 interface. Unfortunately something
> is
> wrong with my config because I can't seem to get the CE's to prefer the
> MPLS
> cloud any more. See my topo and I will initially provide sh run of my PE's.
> Any thoughts? This is my last session before test day Tuesday. I am kicked
> off the rack at 3AM PST UTC -8. No rush or anything but I need help fast
> Please!
>
> R1 (fa0/0)--->R2 (PE)--> {MPLS CLOUD} <-- R5<-- (fa 0/0) R6
> (fa0/1)
> (fa0/1)
> |
> |
>
> |-------------------------------------------VLAN3---------------------------------|
>
>
> R2
>
> !
> hostname R2
> !
> boot-start-marker
> boot-end-marker
> !
> no logging console
> !
> no aaa new-model
> dot11 syslog
> ip cef
> !
> !
> !
> !
> ip vrf acme
> rd 100:100
> route-target export 10.2.2.2:20
> route-target import 10.5.5.5:20
> !
> no ip domain lookup
> !
> multilink bundle-name authenticated
> !
> !
> !
> !
> archive
> log config
> hidekeys
> !
> !
> !
> !
> !
> !
> !
> interface Loopback0
> ip address 10.2.2.2 255.255.255.0
> ip ospf network point-to-point
> !
> interface Loopback1
> ip address 10.22.2.2 255.255.255.0
> !
> interface FastEthernet0/0
> ip vrf forwarding acme
> ip address 1.1.2.2 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> no ip address
> shutdown
> duplex auto
> speed auto
> !
> interface Serial0/0/0
> no ip address
> encapsulation frame-relay
> no frame-relay inverse-arp
> !
> interface Serial0/0/0.203 point-to-point
> ip address 10.0.203.2 255.255.255.254
> snmp trap link-status
> mpls ip
> frame-relay interface-dlci 203
> !
> interface Serial0/0/0.204 point-to-point
> ip address 10.0.204.2 255.255.255.254
> snmp trap link-status
> mpls ip
> frame-relay interface-dlci 204
> !
> interface Serial0/0/1
> no ip address
> shutdown
> !
> router eigrp 1
> auto-summary
> !
> address-family ipv4 vrf acme
> redistribute bgp 25 metric 10000 10 255 1 1500
> network 0.0.0.0
> no auto-summary
> autonomous-system 8
> exit-address-family
> !
> router ospf 2 vrf acme
> router-id 10.22.2.2
> domain-id 0.0.0.0
> domain-tag 2222
> log-adjacency-changes
> area 0 sham-link 1.1.2.1 6.6.5.5
> redistribute bgp 25 subnets
> network 0.0.0.0 255.255.255.255 area 0
> !
> router ospf 1
> router-id 10.2.2.2
> log-adjacency-changes
> network 10.0.0.0 0.255.255.255 area 0
> !
> router bgp 25
> bgp log-neighbor-changes
> neighbor 10.5.5.5 remote-as 25
> neighbor 10.5.5.5 update-source Loopback0
> !
> address-family ipv4
> no neighbor 10.5.5.5 activate
> no auto-summary
> no synchronization
> exit-address-family
> !
> address-family vpnv4
> neighbor 10.5.5.5 activate
> neighbor 10.5.5.5 send-community extended
> exit-address-family
> !
> address-family ipv4 vrf acme
> redistribute ospf 2 vrf acme match internal external 1 external 2
> no synchronization
> exit-address-family
> !
> ip forward-protocol nd
> !
> !
> no ip http server
> no ip http secure-server
> !
> !
> !
> !
> !
> !
> !
> control-plane
> !
> !
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> logging synchronous
> line aux 0
> line vty 0 4
> login
> !
> scheduler allocate 20000 1000
> end
>
> R5
>
> !
> hostname R5
> !
> boot-start-marker
> boot-end-marker
> !
> no logging console
> !
> no aaa new-model
> memory-size iomem 20
> !
> !
> ip cef
> !
> !
> ip vrf acme
> rd 100:100
> route-target export 10.5.5.5:20
> route-target import 10.2.2.2:20
> !
> no ip domain lookup
> !
> multilink bundle-name authenticated
> !
> !
> voice-card 0
> no dspfarm
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> archive
> log config
> hidekeys
> !
> !
> !
> !
> !
> !
> interface Loopback0
> ip address 10.5.5.5 255.255.255.0
> ip ospf network point-to-point
> !
> interface Loopback1
> ip address 10.55.5.5 255.255.255.0
> !
> interface FastEthernet0/0
> ip vrf forwarding acme
> ip address 6.6.5.5 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> no ip address
> shutdown
> duplex auto
> speed auto
> !
> interface Serial0/0/0
> no ip address
> encapsulation frame-relay
> no frame-relay inverse-arp
> !
> interface Serial0/0/0.503 point-to-point
> ip address 10.0.35.2 255.255.255.254
> mpls ip
> frame-relay interface-dlci 503
> !
> interface Serial0/0/0.504 point-to-point
> ip address 10.0.45.5 255.255.255.254
> mpls ip
> frame-relay interface-dlci 504
> !
> interface Serial0/0/1
> no ip address
> shutdown
> !
> interface Serial0/1/0
> no ip address
> shutdown
> clock rate 2000000
> !
> router eigrp 1
> auto-summary
> !
> address-family ipv4 vrf acme
> redistribute bgp 25 metric 10000 10 255 1 1500
> network 0.0.0.0
> no auto-summary
> autonomous-system 8
> exit-address-family
> !
> router ospf 2 vrf acme
> router-id 10.55.5.5
> domain-id 0.0.0.0
> domain-tag 2222
> log-adjacency-changes
> area 0 sham-link 6.6.5.6 1.1.2.2
> redistribute bgp 25 subnets
> network 0.0.0.0 255.255.255.255 area 0
> !
> router ospf 1
> router-id 10.5.5.5
> log-adjacency-changes
> network 10.0.0.0 0.255.255.255 area 0
> !
> router bgp 25
> no synchronization
> bgp log-neighbor-changes
> neighbor 10.2.2.2 remote-as 25
> neighbor 10.2.2.2 update-source Loopback0
> no auto-summary
> !
> address-family vpnv4
> neighbor 10.2.2.2 activate
> neighbor 10.2.2.2 send-community both
> exit-address-family
> !
> address-family ipv4 vrf acme
> redistribute ospf 2 vrf acme match internal external 1 external 2
> no synchronization
> exit-address-family
> !
> !
> !
> no ip http server
> no ip http secure-server
> !
> !
> !
> !
> !
> !
> !
> control-plane
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> logging synchronous
> line aux 0
> line vty 0 4
> login
> !
> scheduler allocate 20000 1000
>
> !
> webvpn cef
> !
> end
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 08 2011 - 01:36:46 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART