Tuesday, May 4, 2010

OSPF Sham Link In Different Area


OSPF Network Design Solutions (2nd Edition)One of my reader asked a question,"Normally customers require sham link to prefer back door link in case of MPLS VPN environment, when customer run same area. But if the customer is using different area, how the back door link work."
If we read RFC 2328 which is clearly states that to make communication possible between two areas,OSPF must have area 0 connectivity. In this type of topology, the backdoor will never work.
If someone is having any different thought, please share it.

People who read this post also read :



4 comments:

Unknown said...

I would say they are over complicating the issue. You don't need a sham link as both routes are inter-area route. With a sham-link your trying to get intra-area routes. In the case given to prefer a back door or not just adjust the cost as you would any other inter-area route.

I am making the assumption that area 0 does exist, just its not the MPLS network.

Marko Milivojević said...

Steve: having area 0 that doesn't "touch" PE routers is a violation of the design principles and will not work properly.

This is doable, btw using virtual-links.

--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert

shivlu jain said...

@Steve: If the CPE doesn't have area 0, in that case it will not work,as Marko said," It's pure violation of design".

Anton Smirnov said...

Steve is right, sham-link is not applicable to design involving two different areas because you would just get inter-area routes both via MPLS VPN PEs and via the backdoor (backdoor connects two different areas, hence it can provide only inter-area routes). Inter-area routes are directly comparable and no trick like sham link is required.

Argument of area 0 not touching PEs is technically correct but not applicable to this discussion.
First consider simple design: one site consists of area 0, another site consists of area 1. In this case area 0 touches both MPLS PE and ABR connected to the backlink. This is valid design (as long as area 0 does not loose connectivity to PE on its site).

More general setup of area N on one site and area M on another is more tricky. Router connected to the backlink will be ABR between areas M and N. By canons of OSPF design you have to connect it to the backbone, i.e. to at least one PE router. So you have to configure virtual link between backlink ABR and PE router. Or even better configure virtual link on each site (one in area M and in another in area N).

Now, if you forget about OSPF design canons and remember RFC 3509 then in some cases you may get away without virtual links to the backdoor ABR - but this is implementation specific and is not guaranteed.