Sham Link shows up as O-IA with downbit

I'm seeing routes learned from ce to ce via OSPF. They aren't getting installed in the routing table but i can see them as type 3 in the ospf database. The sham link is showing up on both pe routers so i'm at a loss. The topology is:

SW3(ce)--R4(pe)---R5(pe)---SW4(ce)

 

 

You can see the routes in the database.

Rack1SW3#sh ip ospf database 

 

            OSPF Router with ID (150.1.9.9) (Process ID 100)

 

                Router Link States (Area 90)

 

Link ID         ADV Router      Age         Seq#       Checksum Link count

150.1.9.9       150.1.9.9       713         0x80000001 0x00C56D 2

150.1.44.44     150.1.44.44     714         0x80000005 0x00342C 1

 

                Net Link States (Area 90)

 

Link ID         ADV Router      Age         Seq#       Checksum

191.1.49.4      150.1.44.44     714         0x80000001 0x00E5D4

 

                Summary Net Link States (Area 90)

 

Link ID         ADV Router      Age         Seq#       Checksum

150.1.10.10     150.1.44.44     430         0x80000001 0x00FF1F

191.1.50.0      150.1.44.44     431         0x80000001 0x00894F

191.1.109.0     150.1.44.44     431         0x80000001 0x0003AB

 

But not in the routing table.

 


Rack1SW3#sh ip route vrf VPN_B ospf

     150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks

O E2    150.1.55.55/32 [110/1] via 191.1.49.4, 00:14:45, Vlan49

O E2    150.1.44.44/32 [110/1] via 191.1.49.4, 00:14:45, Vlan49

 

 

Rack1R4#sh ip ospf sham-links 

Sham Link OSPF_SL1 to address 150.1.55.55 is up

Area 90 source address 150.1.44.4

  Run as demand circuit

  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

  Timer intervals configured, Hello 10, Dead 40, Wait 40,

    Hello due in 00:00:00

 

 

 

Rack1R5#show ip ospf sham-links 

Sham Link OSPF_SL0 to address 150.1.44.44 is up

Area 90 source address 150.1.55.55

  Run as demand circuit

  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

  Timer intervals configured, Hello 10, Dead 40, Wait 40,

    Hello due in 00:00:07

 

 

 

Comments

  • Hi.

    Are you using VRFs on the CE side to exchange routing information with the PE rotuers?  If so, try using the capability vrf-lite feature under the OSPF routing process.

     

  • Hi jguagliata,

    Can you post some more output of these commands?

    show ip bgp vpnv4 rd x x.x.x.x
    show ip ospf database summary x.x.x.x

    and OSPF configuration of PE routers?

  • I am using vrf's on the customer side. VRF lite gets the rotues to show up but they show up as O IA. There is a backdoor route between the two CE routers (temporarily disabled) which is why i'm looking for the rotues to show up as intra.

     

    Thanks for your quick response.



  • Rack1R4#show ip ospf 100 database summary 

     

                OSPF Router with ID (150.1.44.44) (Process ID 100)

     

                    Summary Net Link States (Area 90)

     

      LS age: 110

      Options: (No TOS-capability, DC, Downward)

      LS Type: Summary Links(Network)

      Link State ID: 150.1.10.10 (summary Network Number)

      Advertising Router: 150.1.44.44

      LS Seq Number: 80000001

      Checksum: 0xFF1F

      Length: 28

      Network Mask: /32

            TOS: 0  Metric: 2 

     

      LS age: 110

      Options: (No TOS-capability, DC, Downward)

      LS Type: Summary Links(Network)

      Link State ID: 191.1.50.0 (summary Network Number)

      Advertising Router: 150.1.44.44

      LS Seq Number: 80000001

      Checksum: 0x894F

      Length: 28

      Network Mask: /24

            TOS: 0  Metric: 1 

     

      LS age: 111

      Options: (No TOS-capability, DC, Downward)

      LS Type: Summary Links(Network)

      Link State ID: 191.1.109.0 (summary Network Number)

      Advertising Router: 150.1.44.44

      LS Seq Number: 80000001

      Checksum: 0x3AB

      Length: 28

      Network Mask: /25

            TOS: 0  Metric: 20001 

    Rack1R4#show ip bgp vpnv4 rd 100:2

    BGP table version is 43, local router ID is 150.1.4.4

    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

                  r RIB-failure, S Stale

    Origin codes: i - IGP, e - EGP, ? - incomplete

     

       Network          Next Hop            Metric LocPrf Weight Path

    Route Distinguisher: 100:2 (default for vrf VPN_B)

    *> 150.1.9.9/32     191.1.49.9               2         32768 ?

    *>i150.1.10.10/32   150.1.5.5                2    100      0 ?

    *> 150.1.44.44/32   0.0.0.0                  0         32768 i

    *>i150.1.55.55/32   150.1.5.5                0    100      0 i

    *> 191.1.49.0/24    0.0.0.0                  0         32768 ?

    *>i191.1.50.0/24    150.1.5.5                0    100      0 ?

    *>i191.1.109.0/25   150.1.5.5            20001    100      0 ?


    router ospf 100 vrf VPN_B

     router-id 150.1.44.44

     log-adjacency-changes

     area 90 sham-link 150.1.44.4 150.1.55.55

     redistribute bgp 100 subnets

     network 191.1.49.4 0.0.0.0 area 90


    Rack1R5#show ip bgp vpnv4 rd 100:2

    BGP table version is 45, local router ID is 150.1.5.5

    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

                  r RIB-failure, S Stale

    Origin codes: i - IGP, e - EGP, ? - incomplete

     

       Network          Next Hop            Metric LocPrf Weight Path

    Route Distinguisher: 100:2 (default for vrf VPN_B)

    *>i150.1.9.9/32     150.1.4.4                2    100      0 ?

    *> 150.1.10.10/32   191.1.50.10              2         32768 ?

    *>i150.1.44.44/32   150.1.4.4                0    100      0 i

    *> 150.1.55.55/32   0.0.0.0                  0         32768 i

    *>i191.1.49.0/24    150.1.4.4                0    100      0 ?

    *> 191.1.50.0/24    0.0.0.0                  0         32768 ?

    *> 191.1.109.0/25   191.1.50.10          20001         32768 ?

     



    Rack1R5#sh run | sec ospf 100

    router ospf 100 vrf VPN_B

     router-id 150.1.55.55

     log-adjacency-changes

     area 90 sham-link 150.1.55.55 150.1.44.44

     redistribute bgp 100 subnets

     network 191.1.50.5 0.0.0.0 area 90

     


    Rack1R5#show ip ospf 100 database summary 

     

                OSPF Router with ID (150.1.55.55) (Process ID 100)

     

                    Summary Net Link States (Area 90)

     

      LS age: 152

      Options: (No TOS-capability, DC, Downward)

      LS Type: Summary Links(Network)

      Link State ID: 150.1.9.9 (summary Network Number)

      Advertising Router: 150.1.55.55

      LS Seq Number: 80000001

      Checksum: 0x8585

      Length: 28

      Network Mask: /32

            TOS: 0  Metric: 2 

     

      LS age: 152

      Options: (No TOS-capability, DC, Downward)

      LS Type: Summary Links(Network)

      Link State ID: 191.1.49.0 (summary Network Number)

      Advertising Router: 150.1.55.55

      LS Seq Number: 80000001

      Checksum: 0x5BE

      Length: 28

      Network Mask: /24

            TOS: 0  Metric: 1 


     

  • If the area ID and the domain ID's match on the CE routers, isn't that what they are supposed to show up as since the MPLS network acts as a superbackbone?  I guess I am lost in what you are expecting to see.  I deeply apologize.

    Actually, I see now.  Nevermind.  The CE routes should be installed as intra-area routes.  Sorry about that.

  • I found the issue.

     

     

    R4 had a typo on the sham link. The confusing part is it shows as up with the show ip ospf sham link output.

     

     

    Rack1R4#show ip ospf sham-links


    Sham Link OSPF_SL1 to address 150.1.55.55 is up

    Area 90 source address 150.1.44.4 <--missing a 4 on the end but still up, should read 150.1.44.44

      Run as demand circuit

      DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

      Timer intervals configured, Hello 10, Dead 40, Wait 40,

        Hello due in 00:00:03

     

    When i correct the ip address the output of show ip shamlink adds several lines.

     


    Rack1R4#sh ip ospf sham-links 

    Sham Link OSPF_SL4 to address 150.1.55.55 is up

    Area 90 source address 150.1.44.44

      Run as demand circuit

      DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

      Timer intervals configured, Hello 10, Dead 40, Wait 40,

        Hello due in 00:00:00

        Adjacency State FULL (Hello suppressed)

        Index 2/2, retransmission queue length 0, number of retransmission 0

        First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

        Last retransmission scan length is 0, maximum is 0

        Last retransmission scan time is 0 msec, maximum is 0 msec

     

    Another verification is to show the ip ospf neighbors. Nothing shows if the ip is wrong. Once the command is corrected, you can see the SL link.


    Rack1R4(config-router)#do sh ip ospf nei | inc 150.1.55.55      

    150.1.55.55       0   FULL/  -           -        150.1.55.55     OSPF_SL5

     

     

     

     

     

  • Glad you found the issue.  That is whacky that it showed ip with the correct show output of the show ip ospf sham-link command.  Thanks for sharing the solution.

  • After a bit more testing. It appears it's only checking the remote end ip for the sham to determine UP.

    Non existent source example

     

    Rack1R4(config-router)#do sh ip ospf sham                          

    Sham Link OSPF_SL14 to address 150.1.55.55 is up

    Area 90 source address 127.0.0.1

      Run as demand circuit

      DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

      Timer intervals configured, Hello 10, Dead 40, Wait 40,

        Hello due in 00:00:08

    Rack1R4(config-router)#

     

    If you get the destination wrong.

     

    Rack1R4(config-router)#do sh ip ospf sham                        

    Sham Link OSPF_SL15 to address 127.0.0.1 is down

    Area 90 source address 150.1.44.44

      Run as demand circuit

      DoNotAge LSA allowed. Cost of using 1 State DOWN,

      Timer intervals configured, Hello 10, Dead 40, Wait 40,

     

     

     

  • You able to find your mistake (wrong source::))

    Even sham-link is up you don't get OSPF neighbor informtion using show ip ospf neigbhor command, so show ip ospf sham-link and show ip ospf ne are good commands to start troubleshooting.

    Good Luck...

  • I think overall the sh ip ospf sham-link is buggy. After playing around with a few differnt configurations, the sham link is still up/up but i'm no longer showing the extended information with the show ip ospf sham-link.


    Sham Link OSPF_SL16 to address 150.1.55.55 is up

    Area 90 source address 150.1.44.44

      Run as demand circuit

      DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

      Timer intervals configured, Hello 10, Dead 40, Wait 40,

        Hello due in 00:00:03

        Adjacency State FULL (Hello suppressed)

        Index 2/2, retransmission queue length 0, number of retransmission 0

        First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

        Last retransmission scan length is 0, maximum is 0

        Last retransmission scan time is 0 msec, maximum is 0 msec

     

    I trust the show ip opsf neighbor command more to tell me if the sham link is actually up.

     

  • I trust the show ip opsf neighbor command more to tell me if the sham link is actually up.

    Not from sham link perspective but in general sometimes "show ip ospf neighbor" results can be misleading.

Sign In or Register to comment.