Re: Sham link

m-ott · ‎06-20-2005

Hi Guys

I tried to configure a sham link between two PE Routers. Although the sh ip ospf shame-link shows an up connection, there's no ospf adjacency created between the links.

Does anybody have a clou why this could happen?

Router A

-----------------------------------------

ip vrf 10_KAP

rd 10:10

route-target export 10:10

route-target import 10:10

!

interface Loopback250

ip vrf forwarding 10_KAP

ip address 172.16.250.129 255.255.255.255

!

router ospf 10 vrf 10_KAP

router-id 172.16.10.129

log-adjacency-changes

area 0 sham-link 172.16.250.129 172.16.250.131 cost 1000

redistribute bgp 65111 subnets

network 172.16.10.129 0.0.0.0 area 0

network 172.16.11.8 0.0.0.7 area 0

network 172.16.11.88 0.0.0.7 area 0

!

router ospf 100

log-adjacency-changes

network 10.53.144.0 0.0.1.255 area 0

!

router bgp 65111

no synchronization

bgp log-neighbor-changes

neighbor 10.53.145.101 remote-as 65111

neighbor 10.53.145.101 update-source Loopback100

neighbor 10.53.145.102 remote-as 65111

neighbor 10.53.145.102 update-source Loopback100

no auto-summary

!

address-family vpnv4

neighbor 10.53.145.101 activate

neighbor 10.53.145.101 next-hop-self

neighbor 10.53.145.101 send-community both

neighbor 10.53.145.102 activate

neighbor 10.53.145.102 next-hop-self

neighbor 10.53.145.102 send-community both

exit-address-family

!

address-family ipv4 vrf 10_KAP

redistribute ospf 10 vrf 10_KAP metric 1 match internal

neighbor 172.16.11.10 remote-as 1

neighbor 172.16.11.10 activate

neighbor 172.16.11.10 as-override

no auto-summary

no synchronization

network 172.16.250.129 mask 255.255.255.255

exit-address-family

Router B

-------------------------------------------------------------------------------------------------------------

ip vrf 10_KAP

rd 10:10

route-target export 10:10

route-target import 10:10

!

interface Loopback250

ip vrf forwarding 10_KAP

ip address 172.16.250.131 255.255.255.255

!

router ospf 10 vrf 10_KAP

router-id 172.16.10.131

log-adjacency-changes

area 0 sham-link 172.16.250.131 172.16.250.129 cost 1000

redistribute bgp 65111 subnets

network 172.16.10.131 0.0.0.0 area 0

network 172.16.11.0 0.0.0.7 area 0

network 172.16.11.80 0.0.0.7 area 0

!

router ospf 100

router-id 10.53.145.131

log-adjacency-changes

network 10.53.144.0 0.0.1.255 area 0

!

router bgp 65111

no synchronization

bgp log-neighbor-changes

neighbor 10.53.145.101 remote-as 65111

neighbor 10.53.145.101 update-source Loopback100

neighbor 10.53.145.102 remote-as 65111

neighbor 10.53.145.102 update-source Loopback100

no auto-summary

!

address-family vpnv4

neighbor 10.53.145.101 activate

neighbor 10.53.145.101 next-hop-self

neighbor 10.53.145.101 send-community both

neighbor 10.53.145.102 activate

neighbor 10.53.145.102 next-hop-self

neighbor 10.53.145.102 send-community both

exit-address-family

!

address-family ipv4 vrf 10_KAP

redistribute ospf 10 vrf 10_KAP metric 10 match internal external 1 external 2

no auto-summary

no synchronization

network 172.16.250.131 mask 255.255.255.255

exit-address-family

Router A

----------------------------------------------------------------------------------------------------------------

#sh ip ospf sham-links

Sham Link OSPF_SL1 to address 172.16.250.129 is up

Area 0 source address 172.16.250.131

Run as demand circuit

DoNotAge LSA allowed. Cost of using 1000 State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40,

Hello due in 00:00:08

Sanjeewa Alahakone · ‎06-20-2005

Your sham-link source and destination loopbacks should be learn *ONLY* from the ibgp not from the OSPF

e.g. in router A

===================

router ospf 10 vrf 10_KAP

no network 172.16.10.129 0.0.0.0 area 0

router bgp nn

:

address-family ipv4 vrf 10_KAP

:

redistribute connected

exit-address-family

Do the same in other PE, and post debug ip ospf adj along with show ip route vrf 10_KAP loopbacks

Regards

Sanjeewa Alahakone

APT TAC

m-ott · ‎06-20-2005

Hi Sanjeewa

My sham-link sourc and destination lo is 172.16.250.129 and is not learnd via OSPF but from IBGP.

The debug ip ospf adj got nothing, because there are even no hellos between the sham-link peers.

the show ip route vrf 10_KAP shows:

193.222.30.0/32 is subnetted, 1 subnets

O 193.222.30.1 [110/2] via 172.16.11.90, 15:33:15, Vlan11

172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks

O 172.16.10.135/32 [110/2] via 172.16.11.10, 15:33:15, Vlan12

O 172.16.10.131/32 [110/3] via 172.16.11.10, 15:33:15, Vlan12

C 172.16.10.129/32 is directly connected, Loopback10

O 172.16.11.0/29 [110/2] via 172.16.11.10, 15:33:15, Vlan12

C 172.16.11.8/29 is directly connected, Vlan12

B 172.16.250.131/32 [200/0] via 10.53.145.131, 13:47:45

C 172.16.250.129/32 is directly connected, Loopback250

O 172.16.11.96/29 [110/2] via 172.16.11.10, 15:33:15, Vlan12

O 172.16.11.80/29 [110/3] via 172.16.11.10, 15:33:17, Vlan12

C 172.16.11.88/29 is directly connected, Vlan11

193.222.40.0/32 is subnetted, 1 subnets

O 193.222.40.1 [110/4] via 172.16.11.10, 15:33:17, Vlan12

193.222.35.0/32 is subnetted, 1 subnets

O 193.222.35.1 [110/3] via 172.16.11.10, 15:33:17, Vlan12

the show ip bgp vpna all shows that every route from the ospf is preferd over the iBGP routes, as it would be without sham-link.

*> 172.16.10.129/32 0.0.0.0 0 32768 ?

* i172.16.10.131/32 10.53.145.131 0 100 0 ?

*> 172.16.11.10 1 32768 ?

*> 172.16.10.135/32 172.16.11.10 1 32768 ?

* i172.16.11.0/29 10.53.145.131 0 100 0 ?

*> 172.16.11.10 1 32768 ?

*> 172.16.11.8/29 0.0.0.0 0 32768 ?

* i172.16.11.80/29 10.53.145.131 0 100 0 ?

*> 172.16.11.10 1 32768 ?

*> 172.16.11.88/29 0.0.0.0 0 32768 ?

*> 172.16.11.96/29 172.16.11.10 1 32768 ?

*> 172.16.250.129/32

0.0.0.0 0 32768 i

*>i172.16.250.131/32

10.53.145.131 0 100 0 i

*> 193.222.30.1/32 172.16.11.90 1 32768 ?

Network Next Hop Metric LocPrf Weight Path

*> 193.222.35.1/32 172.16.11.10 1 32768 ?

*> 193.222.40.1/32 172.16.11.10 1 32768 ?

cheers

Sanjeewa Alahakone · ‎06-21-2005

I think your LSP is broken !

can you verify least tag-switching is configured in the mpls core interfaces ?

then you should have "adjacency state Full" for the sh ip ospf 10 sham and FULL state for "sh ip ospf 10 nei"

Regards

Sanjeewa Alahakone

APT TAC

Sanjeewa

m-ott · ‎06-21-2005

hi sanjeewa

thanks a lot for your help. It was in fact the LSP process that was broken. After restart of the process everything worked fine.

You seem to be knowledged about MPLS. If you don't mind i would like to ask another question:

I have a PE router m11-2 that is redistributing the routes learned via MP-BGP into ospf process 10 of the vrf 10_KAP. That workes fine. The problem is the redistribution of the ospf routes from process 10 into process 110. process 10 shows all summary routes as it should but the ospf 110 shows nothing. Usually this is not a great task, but i can't find the problem. Do you have an idea?

m11-2#sh ip rout vrf 10_KAP

193.222.30.0/32 is subnetted, 1 subnets

B 193.222.30.1 [200/2] via 10.53.145.129, 01:27:44

172.16.0.0/16 is variably subnetted, 13 subnets, 2 masks

B 172.16.10.135/32 [200/2] via 10.53.145.131, 01:27:44

C 172.16.10.132/32 is directly connected, Loopback10

B 172.16.10.131/32 [200/0] via 10.53.145.131, 01:27:44

B 172.16.10.129/32 [200/0] via 10.53.145.129, 01:27:44

C 172.16.11.248/29 is directly connected, Vlan3910

B 172.16.11.0/29 [200/0] via 10.53.145.131, 01:27:44

O 172.16.3.2/32 [110/2] via 172.16.11.254, 01:28:06, Vlan3910

B 172.16.11.8/29 [200/0] via 10.53.145.129, 01:27:44

B 172.16.250.131/32 [200/0] via 10.53.145.131, 01:27:46

B 172.16.250.129/32 [200/0] via 10.53.145.129, 01:27:46

B 172.16.11.96/29 [200/2] via 10.53.145.131, 01:27:46

B 172.16.11.80/29 [200/0] via 10.53.145.131, 01:27:46

B 172.16.11.88/29 [200/0] via 10.53.145.129, 01:27:46

193.222.40.0/32 is subnetted, 1 subnets

B 193.222.40.1 [200/2] via 10.53.145.131, 01:27:46

193.222.35.0/32 is subnetted, 1 subnets

B 193.222.35.1 [200/3] via 10.53.145.131, 01:27:46

m11-2#sh ip ospf 10 database

OSPF Router with ID (172.16.10.132) (Process ID 10)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

172.16.10.132 172.16.10.132 1452 0x80000003 0x00AB9F 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

172.16.10.129 172.16.10.132 1204 0x80000003 0x001115

172.16.10.131 172.16.10.132 1204 0x80000003 0x00FC27

172.16.10.135 172.16.10.132 1204 0x80000003 0x00DE40

172.16.11.0 172.16.10.132 1204 0x80000003 0x00EAC2

172.16.11.8 172.16.10.132 1204 0x80000003 0x009A0B

172.16.11.80 172.16.10.132 1204 0x80000003 0x00C795

172.16.11.88 172.16.10.132 1204 0x80000003 0x0077DD

172.16.11.96 172.16.10.132 1204 0x80000003 0x00311B

193.222.30.1 172.16.10.132 1204 0x80000003 0x007F2E

193.222.35.1 172.16.10.132 1204 0x80000003 0x005255

193.222.40.1 172.16.10.132 1204 0x80000003 0x001192

m11-2#sh ip ospf 110 dat

OSPF Router with ID (172.16.11.252) (Process ID 110)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

172.16.3.2 172.16.3.2 1351 0x80000005 0x00AF9C 2

172.16.11.252 172.16.11.252 1414 0x80000005 0x004BCE 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

172.16.11.252 172.16.11.252 1414 0x80000003 0x00B07E

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

172.16.10.132 172.16.11.252 1414 0x80000003 0x00366B 0

m-ott · ‎06-21-2005

Hi sanjeewa

Here the config of the 6500

config

-------------------------------------------------------------

hostname m11-2

!

ip vrf 100_MSFC

rd 100:100

route-target export 100:100

route-target import 100:100

!

ip vrf 10_KAP

rd 10:10

route-target export 10:10

route-target import 10:10

!

vlan 3910-3911

!

interface Loopback10

ip vrf forwarding 10_KAP

ip address 172.16.10.132 255.255.255.255

!

interface Loopback1000

ip vrf forwarding 100_MSFC

ip address 172.16.3.2 255.255.255.255

!

interface Vlan3910

ip vrf forwarding 10_KAP

ip address 172.16.11.252 255.255.255.248

!

interface Vlan3911

mac-address 0012.0000.0002

ip vrf forwarding 100_MSFC

ip address 172.16.11.254 255.255.255.248

!

router ospf 10 vrf 10_KAP

router-id 172.16.10.132

log-adjacency-changes

redistribute bgp 65111 subnets

network 172.16.10.132 0.0.0.0 area 0

!

router ospf 110 vrf 10_KAP

log-adjacency-changes

capability vrf-lite

redistribute ospf 10 vrf 10_KAP subnets

network 172.16.11.248 0.0.0.7 area 0

!

router ospf 1000 vrf 100_MSFC

router-id 172.16.3.2

log-adjacency-changes

network 172.16.3.2 0.0.0.0 area 0

network 172.16.11.248 0.0.0.7 area 0

!

router bgp 65111

no synchronization

bgp log-neighbor-changes

neighbor 10.53.145.101 remote-as 65111

neighbor 10.53.145.101 update-source Loopback100

neighbor 10.53.145.102 remote-as 65111

neighbor 10.53.145.102 update-source Loopback100

no auto-summary

!

address-family vpnv4

neighbor 10.53.145.101 activate

neighbor 10.53.145.101 next-hop-self

neighbor 10.53.145.101 send-community both

neighbor 10.53.145.102 activate

neighbor 10.53.145.102 next-hop-self

neighbor 10.53.145.102 send-community both

exit-address-family

!

address-family ipv4 vrf 10_KAP

redistribute ospf 10 vrf 10_KAP match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf 100_MSFC

no auto-summary

no synchronization

exit-address-family

!

arp vrf 10_KAP 172.16.11.254 0012.0000.0002 ARPA

arp vrf 100_MSFC 172.16.11.252 0009.1205.ac00 ARPA

!

m-ott · ‎06-21-2005

Hi

The problem is solved.

Thanks.

Sanjeewa Alahakone · ‎06-21-2005

Hi

Regrets, I missed your update since it was very late night in Sydney.

If you need to import/export routing then please do it in the VRF configuration via importing/exporting RTs.

When you configure a vrf, it is a separate routing table (like another router inside the PE router), therefore redistribution among these virtual routing tables seems against the fundamentals, further we cannot treat these OSPF processes as multiple ospf processes in a single router.

If the CLI is allowing redistribution between OSPF vrf instances, then I consider it as a defect. I shall check this further and file a defect report.

Hope you have resort to importing and exporting RTs to get the inter VRF routing.

I am glad you asked this question, it got me thinking :)

Regards

Sanjeewa Alahakone

APT TAC