14.8 Sham-link No intra area route... HELP!!!

SW1 ----- R6 -------R4-------R5
(CE)       (PE)        (PE)       (CE)

I altered a lab 14.8 a little bit to get more practice with sham links and for the life of me I can't get the OSPF route to show up as O (Intra area). I'm simply trying to get a 55.55.55.55 loopback on R5 to show up on SW1 as an O route instead of an IA route. I have other routes Can anyone shed anylight to what I may be missing. Here's the config of the routers. My sham link status does show up. I also have show command output towards the bottom

SW1

router ospf 100
 log-adjacency-changes
 network 155.1.67.7 0.0.0.0 area 1


R6

ip vrf B6B
 rd 100:4
 route-target export 100:4
 route-target import 100:4

interface Loopback66
 ip vrf forwarding B6B
 ip address 66.66.66.66 255.255.255.255

interface FastEthernet0/0.67
 encapsulation dot1Q 67
 ip vrf forwarding B6B
 ip address 155.1.67.6 255.255.255.0

router ospf 100 vrf B6B
 domain-id 0.0.0.1
 log-adjacency-changes
 area 1 sham-link 66.66.66.66 44.44.44.44
 redistribute bgp 100 subnets
 network 155.1.67.6 0.0.0.0 area 1
!
router ospf 1
 router-id 150.1.6.6
 log-adjacency-changes
 network 150.1.6.6 0.0.0.0 area 1
 network 155.1.146.6 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 150.1.4.4 remote-as 100
 neighbor 150.1.4.4 update-source Loopback0
 !
 address-family ipv4
  neighbor 150.1.4.4 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 150.1.4.4 activate
  neighbor 150.1.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf B6B
  redistribute ospf 100 vrf B6B
  no synchronization
  network 66.66.66.66 mask 255.255.255.255
 exit-address-family


R4

ip vrf A4A
 rd 100:4
 route-target export 100:4
 route-target import 100:4

interface Loopback44
 ip vrf forwarding A4A
 ip address 44.44.44.44 255.255.255.255

interface Serial0/1/0
 ip vrf forwarding A4A
 ip address 155.1.45.4 255.255.255.0
 clock rate 2000000

router ospf 100 vrf A4A
 domain-id 0.0.0.1
 log-adjacency-changes
 area 1 sham-link 44.44.44.44 66.66.66.66
 redistribute bgp 100 subnets
 network 155.1.45.4 0.0.0.0 area 1
!
router ospf 1
 router-id 150.1.4.4
 log-adjacency-changes
 network 150.1.4.4 0.0.0.0 area 1
 network 155.1.146.4 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 150.1.6.6 remote-as 100
 neighbor 150.1.6.6 update-source Loopback0
 !
 address-family ipv4
  neighbor 150.1.6.6 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 150.1.6.6 activate
  neighbor 150.1.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A4A
  redistribute ospf 100 vrf A4A
  no synchronization
  network 44.44.44.44 mask 255.255.255.255
 exit-address-family

R5

interface Loopback55
 ip address 55.55.55.55 255.0.0.0

router ospf 100
 log-adjacency-changes
 network 55.0.0.0 0.255.255.255 area 1
 network 155.1.45.5 0.0.0.0 area 1

--------------------------------------------------------------------------------

R4(config-router)#do sh ip ospf sham-link
Sham Link OSPF_SL0 to address 66.66.66.66 is up
Area 1 source address 44.44.44.44
  Run as demand circuit
  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40,
    Hello due in 00:00:02

R6(config-router)#do sh ip ospf sham-link
Sham Link OSPF_SL1 to address 44.44.44.44 is up
Area 1 source address 66.66.66.66
  Run as demand circuit
  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40,

SW1(config-if)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     155.1.0.0/24 is subnetted, 5 subnets
C       155.1.7.0 is directly connected, Vlan7
O IA    155.1.45.0 [110/2] via 155.1.67.6, 00:41:02, Vlan67
C       155.1.37.0 is directly connected, FastEthernet0/3
C       155.1.79.0 is directly connected, Vlan79
C       155.1.67.0 is directly connected, Vlan67
     55.0.0.0/32 is subnetted, 1 subnets
O IA    55.55.55.55 [110/66] via 155.1.67.6, 00:41:02, Vlan67
     44.0.0.0/32 is subnetted, 1 subnets
O E2    44.44.44.44 [110/1] via 155.1.67.6, 00:40:52, Vlan67
     150.1.0.0/24 is subnetted, 1 subnets
C       150.1.7.0 is directly connected, Loopback0

 

 

 

Comments

  • Hi ejeangilles,

    Looking at the 'show ip ospf sham-link' output on R4, the sham link appears to be down (i.e. No adjacency). Do you have connectivity between the /32 source/destination IP's used to terminate the sham link? The /32's need to be advertised within BGP, but not in OSPF.

    eg/ on R4:

    ping vrf A4A 55.55.55.55 source 44.44.44.44

    Regards,

    Mario.

    NB: you are advertising the /32's used for your sham link in OSPF. You'll need to stop advertising them in OSPF for the sham link to work.

  •  

    Dont advertise shamlink endpoint loopbacks in OSPF, remove 

    network 44.44.44.44 mask 255.255.255.255

    network 66.66.66.66 mask 255.255.255.255

    on both routers from VRF ospf instances. Advertise loopbacks for shamlink only in bgp process in particular address-family VRF configuration

     

     

  • Thanks guys. I'll try it. 'll have to re lab it.

  • Also. You say I'm advertising the 32's in OSPF but I'm not. I'm advertising them in the BGP address family. What do you see that I don't see

     
    R6

    address-family ipv4 vrf B6B
      redistribute ospf 100 vrf B6B
      no synchronization
      network 66.66.66.66 mask 255.255.255.255
     exit-address-family


    R4

    address-family ipv4 vrf A4A
      redistribute ospf 100 vrf A4A
      no synchronization
      network 44.44.44.44 mask 255.255.255.255
     exit-address-family

  • Hi,

    Eg/ The R4's sham-link end point is visible by SWT1 (CE) via by ospf..

    SW1(config-if)#do sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

         155.1.0.0/24 is subnetted, 5 subnets
    C       155.1.7.0 is directly connected, Vlan7
    O IA    155.1.45.0 [110/2] via 155.1.67.6, 00:41:02, Vlan67
    C       155.1.37.0 is directly connected, FastEthernet0/3
    C       155.1.79.0 is directly connected, Vlan79
    C       155.1.67.0 is directly connected, Vlan67
         55.0.0.0/32 is subnetted, 1 subnets
    O IA    55.55.55.55 [110/66] via 155.1.67.6, 00:41:02, Vlan67
         44.0.0.0/32 is subnetted, 1 subnets
    O E2    44.44.44.44 [110/1] via 155.1.67.6, 00:40:52, Vlan67
         150.1.0.0/24 is subnetted, 1 subnets
    C       150.1.7.0 is directly connected, Loopback0

     HTH..

  • shamlink endpoints will not be see never as LSA 1 beacuse you must redistribute them in BGP so, when you get it on the other side from BGP to OSPF then they shown as LSA 5. If you want to test shamlink, advertise any CE routes and provide backdor link beetwen CE routers, then change OSPF cost to choose between MPLS and OSPF

    Regards

  • You need to filter OSPF 100 redistribution in both PE routers, otherwise R4 PE will redistribute R6's Lo66 into OSPF. And R6 PE will redistribute R4's Lo44 into OSPF. That's why you see 44.44.44.44/32 and 66.66.66.66/32 in CEs' routing table.

    Following config that needs to be put in PE routers:
    ip prefix-list SL_SOURCE permit 44.44.44.44/32
    ip prefix-list SL_SOURCE permit 66.66.66.66/32
    route-map FILTER_SL_SOURCE deny 10
     permit ip address prefix SL_SOURCE
    router ospf 100 
     redist bgp 100 subnets route-map FILTER_SL_SOURCE

    CMIIW.
    Thanks.

  • I found this blog about sham link: http://blog.ine.com/2010/04/08/a-sham-link-really-yes-and-its-not-used-for-phishing/

    Read through the responses as well. And you'll find Keith Barker mentioned the solution that I posted above.

    HTH

Sign In or Register to comment.