The sham link is considered an OSPF intra-area route. It is used to
ensure that the VPN traffic is transmitted over the backbone instead of
the backdoor link between two CEs.
The source and destination addresses of the sham link must be loopback interface addresses with 32-bit masks. Besides, the loopback interfaces must be bound to the VPN instances and be advertised through BGP.
Configuration Prerequisites
Before configuring OSPF sham link, be sure to complete these tasks:
Follow these steps to configure a loopback interface:
Advertising Routes of a Loopback Interface
Follow these steps to advertise routes of a loopback interface:
Creating a OSPF Sham Link
Follow these steps to create a sham link:
Note:
The source and destination addresses of the sham link must be loopback interface addresses with 32-bit masks. Besides, the loopback interfaces must be bound to the VPN instances and be advertised through BGP.
Configuration Prerequisites
Before configuring OSPF sham link, be sure to complete these tasks:
- Configuring basic MPLS L3VPN (OSPF is used between PE and CE)
- Configuring OSPF in the LAN where CEs reside
Follow these steps to configure a loopback interface:
Advertising Routes of a Loopback Interface
Follow these steps to advertise routes of a loopback interface:
Creating a OSPF Sham Link
Follow these steps to create a sham link:
Note:
- If you start OSPF but do not configure the router ID, the system will automatically elect one. However, the same election rules produce the same router ID. Therefore, you are recommended to configure the router ID when starting an OSPF process. For the election rules, refer to OSPF Configuration in the IP Routing Volume.
- If you configure multiple OSPF VPN instances but do not configure the route tag, the system will automatically create one based on the AS number configured. If you do not configure BGP, the tag will be 0. However, the same calculation rule produces the same tag, and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number. Therefore, you are recommended to configure different tags for different OSPF VPN instance.
Configuring Multi-VPN-instance CE
Multi-VPN-instance CE is used in LANs. By configuring multiple OSPF instances on CEs, you can implement service isolation.
One OSPF process can belong to only one VPN instance; one VPN instance can run several OSPF processes.
Configuration Prerequisites
Before configuring multi-VPN-instance CE, complete these tasks:
- Configuring VPN instances
- Configuring the link layer and network layer protocols on related interfaces to ensure IP connectivity.
Configuration Procedure
Multi-VPN-instance
CE can be regarded as a networking solution for implementing service
isolation by route isolation. There is no special configuration required
for a multi-VPN-instance CE, except that you need to enable the
multi-VPN-instance CE function.
After
you enable multi-VPN-instance CE, routing loop detection on the PE is
disabled for route calculating to avoid route loss, and BGP/OSPF
interoperability is disabled to save system resources.
Follow these steps to configure multi-VPN-instance CE:
No comments:
Post a Comment