ospf sham-link

The default R7 config creates an ospf process with an assigned VRF (VPN_A).  it's uplink to the PE (g1.67 to R6) is also in the same VRF.   as such, I don't see how you can see the ospf routes outside of the VRF (as shown in the SG output for R7).  

The R8-R5 peering is different, and this is what I believe to be a traditional PE-CE setup, as the CE is not in a VRF.  

I was able to get this solution working with the existing config (I had to put the backdoor link on R7 into the VRF), but the SG output for traceroute and sh ip route from R7 is, I think, incorrect.

Ticket created.

Comments

  • Hi,

    This is what I found now as to be the initial config for R7, MPLS OSPF Sham Link section - initial config.

    Probably the initial config has been replaced or something, because as it states now, no OSPF process is created in initial config.

     

    Technology wise, you're right.

    R5 and R6, which are the PEs in this scenario, declare new loopbacks inside the VRF, advertisement throgh BGP inside the VRF is checked, this is fine, but the final tests are done on R7 and R8 loopbacks - the CEs, while it should have been tested reachability to highlighted prefixes below :

     

    R7#show ip route ospf
    150.1.0.0/32 is subnetted, 4 subnets
    O 150.1.8.8 [110/10000] via 155.1.78.8, 00:00:10, GigabitEthernet1.78
    O E2 150.1.55.55 [110/1] via 155.1.78.8, 00:00:10, GigabitEthernet1.78
    O E2 150.1.66.66 [110/1] via 155.1.78.8, 00:00:10, GigabitEthernet1.78

    Current configuration : 2458 bytes

    !

    ! Last configuration change at 15:26:15 UTC Sat May 10 2014

    !

    version 15.4

    no service timestamps debug uptime

    no service timestamps log uptime

    no platform punt-keepalive disable-kernel-core

    platform console serial

    !

    hostname R7

    !

    boot-start-marker

    boot-end-marker

    !

    !

    !

    no aaa new-model

    !

    ip vrf VPN_A

     rd 100:1

    !

    ip vrf VPN_B

     rd 100:2

    !

    no ip domain lookup

    !

    ipv6 unicast-routing

    !

    subscriber templating

    !

    multilink bundle-name authenticated

    !

    license udi pid CSR1000V sn 9Y9VCZ8B841

    license boot level premium

    spanning-tree extend system-id

    !

    redundancy

     mode none

    !

    cdp run

    !

    interface Loopback0

     ip address 150.1.7.7 255.255.255.255

     ipv6 address 2001:150:7:7::7/128

    !

    interface Loopback101

     ip address 172.16.7.7 255.255.255.0

    !

    interface Loopback102

     ip vrf forwarding VPN_B

     ip address 192.168.7.7 255.255.255.0

    !

    interface GigabitEthernet1

     no ip address

     negotiation auto

     cdp enable

    !

    interface GigabitEthernet1.7

     encapsulation dot1Q 7

     ip address 155.1.7.7 255.255.255.0

     ipv6 address 2001:155:1:7::7/64

    !

    interface GigabitEthernet1.37

     encapsulation dot1Q 37

     ip address 155.1.37.7 255.255.255.0

     ipv6 address 2001:155:1:37::7/64

    !

    interface GigabitEthernet1.67

     encapsulation dot1Q 67

     ip address 155.1.67.7 255.255.255.0

     ipv6 address 2001:155:1:67::7/64

    !

    interface GigabitEthernet1.76

     encapsulation dot1Q 76

     ip vrf forwarding VPN_B

     ip address 155.1.76.7 255.255.255.0

    !

    interface GigabitEthernet1.79

     encapsulation dot1Q 79

     ip address 155.1.79.7 255.255.255.0

     ipv6 address 2001:155:1:79::7/64

    !

    interface GigabitEthernet2

     no ip address

     shutdown

     negotiation auto

    !

    interface GigabitEthernet3

     no ip address

     shutdown

     negotiation auto

    !

    router rip

     version 2

     no auto-summary

     !

     address-family ipv4 vrf VPN_B

      network 155.1.0.0

      network 192.168.7.0

      no auto-summary

     exit-address-family

    !

    !

    virtual-service csr_mgmt

    !

    ip forward-protocol nd

    !

    ip community-list expanded AS200 permit 200:[0-9]+_

    no ip http server

    no ip http secure-server

    !

    control-plane

    !

    line con 0

     exec-timeout 0 0

     privilege level 15

     logging synchronous

     stopbits 1

    line aux 0

     stopbits 1

    line vty 0

     privilege level 15

     no login

    line vty 1

     privilege level 15

     no login

     length 0

    line vty 2 4

     privilege level 15

     no login

    !

    !

    end

     

    R7#

    !

Sign In or Register to comment.