Creating a Sham Link

Creating a sham link is to establish a virtual link that connects the two end addresses of the sham link.

Context

OSPF sham links are unnumbered P2P links between two PEs over an BGP/MPLS IP VPN backbone network. Generally, BGP extended community attributes carry routing information over the BGP/MPLS IP VPN backbone between BGP peers. OSPF running on the other PE can use the routing information to generate inter-area routes from PEs to CEs.

If an intra-area OSPF link exists between the network segments of local and remote CEs on the BGP/MPLS IP VPN backbone network. Routes that pass through the intra-area route link and have higher preferences than inter-area routes that pass through the MPLS VPN backbone network. As a result, VPN traffic is always forwarded through the intra-area route instead of the backbone network. To avoid such a problem, an OSPF sham link can be established between PEs so that the routes that pass through the MPLS VPN backbone network also become OSPF intra-area routes and take precedence.

Perform the following steps on the PEs of the two ends of the sham link.

Procedure

Access the system view.
```
system-view
```

Access the OSPF multi-instance view.

ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

Access the OSPF area view.
```
area area-id
```
Configure a sham link.
```
sham-link source-ip-address destination-ip-address [ smart-discover ] [ simple [ [ plain ] plain-text | cipher cipher-text ] | { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ] | authentication-null | keychain keychain-name ] [ cost cost ] [ dead dead-interval | hello hello-interval | retransmit retransmit-interval | trans-delay trans-delay-interval ] ^*
```
By default,
- The interface cost of the sham link, namely, cost is 1.
- The invalid interval of the sham link, namely, dead-interval is 40 seconds.
- Interval for sending Hello packets, namely, hello-interval, is 10 seconds.
- Interval for retransmitting LSA packets, namely, retransmit-interval, is 5 seconds.
- Delay for sending LSA packets, namely, trans-delay-interval, is 1 second.
The authentication mode on the two ends of the sham link must be the same.

If the packet authentication is supported, only the OSPF packets that pass the authentication can be received. If the authentication fails, the neighbor relationship cannot be set up.

If the plain text, namely, simple is used, the authenticator type is plain by default. If the MD5 algorithm or HMAC-MD5 algorithm, namely, md5 | hmac-md5 is used, the authenticator type is cipher by default.

To forward the VPN traffic through the MPLS backbone network, configure the cost of the sham link less than that of the OSPF route through the private network. The common method is increases the cost of the forwarding interface of private network.