OSPF sham link configuration – Cisco

SHAM LINK created in VRF in same area as VRF
Loopback inteface for src/dest of SHAM LINK created in VRF
Looback advertised into BGP as VPNv4 route
*optional* ROUTE-MAP to keep Loopback from redistributed into CE routers

PE1

PE1(config-router)#router ospf 1000 vrf C11_12
PE1(config-router)#area 1000 sham-link 10.2.1.1 10.2.1.2 cost 40
!
int loop1
ip vrf forwarding C11_12
ip add 10.2.1.1 255.255.255.255
!
router bgp 65123
address-family ipv4 vrf C11_12
neighbor 129.53.20.20 remote-as 65123
neighbor 129.53.20.20 activate
network 10.2.1.1 mask 255.255.255.255
!
!
route-map SHAM_LINK deny 10
match ip address SHAM_LINK
route-map SHAM_LINK permit 20
!
ip access-list standard SHAM_LINK
permit 10.2.1.1
permit 10.2.1.2
!
router ospf 1000 vrf C11_12
redistribute bgp 65123 subnets route-map SHAM_LINK
network 10.10.111.1 0.0.0.0 area 1000

PE2

PE2(config-router)#router ospf 1000 vrf C11_12
PE2(config-router)#area 1000 sham-link 10.2.1.2 10.2.1.1 cost 40
!
int loop1
ip vrf forwarding C11_12
ip add 10.2.1.2 255.255.255.255
!
router bgp 65123
address-family ipv4 vrf C11_12
neighbor 129.53.10.10 remote-as 65123
neighbor 129.53.10.10 activate
network 10.2.1.2 mask 255.255.255.255
!
!
route-map SHAM_LINK deny 10
match ip address SHAM_LINK
route-map SHAM_LINK permit 20
!
ip access-list standard SHAM_LINK
permit 10.2.1.1
permit 10.2.1.2
!
router ospf 1000 vrf C11_12
redistribute bgp 65123 subnets route-map SHAM_LINK
network 10.10.112.2 0.0.0.0 area 1000

Screenshot 2014-03-20 08.18.07

Advertisements

Cisco MQC HQF strict priority

policy-map FIFO
class MYCLASS_CM
priority 100
class MARK_CM
bandwidth remaining percent 10

Rack1R1(config-pmap-c)#do sh policy-map int
Serial1/1

Service-policy output: FIFO

queue stats for all priority classes:

queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0

Class-map: MYCLASS_CM (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: none

    Priority: 100 kbps

, burst bytes 2500, b/w exceed drops: 0

Rack1R1(config-pmap-c)#policy-map FIFO
Rack1R1(config-pmap)# class MARK_CM
Rack1R1(config-pmap-c)#no bandwidth remaining percent 10
Rack1R1(config-pmap-c)#policy-map FIFO
Rack1R1(config-pmap)# class MYCLASS_CM
Rack1R1(config-pmap-c)#priority
Rack1R1(config-pmap-c)# class MARK_CM
Rack1R1(config-pmap-c)#bandwidth 10
bandwidth kbps/percent command cannot co-exist with strict priority or with priority level in the same policy-map

policy-map FIFO
class MYCLASS_CM
priority
class MARK_CM
bandwidth remaining percent 10
class class-default
fair-queue

Rack1R1(config-pmap-c)#do sh policy-map int
Serial1/1

Service-policy output: FIFO

queue stats for all priority classes:

queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0

Class-map: MYCLASS_CM (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: none

    Priority: Strict

, burst bytes 1500, b/w exceed drops: 0

Cisco MQC and/or HQF match order top down

Match on destination MAC after permitting BGP to receive the routes from BGP neighbor

108.bgp
(IMAGE from Hacking Cisco blog)

R4#sh run class-map
!
class-map match-all BGP_CM
match protocol bgp
class-map match-all R2_MAC_CM
match destination-address mac C201.1AA8.0000
class-map match-all R1_MAC_CM
match destination-address mac C200.1AA8.0000
!
end

R4#sh run policy-map
!
policy-map MAC_PM
class BGP_CM
class R1_MAC_CM
drop
class R2_MAC_CM
police cir 8000
conform-action transmit
!
end

R4#sh policy-map interface
FastEthernet0/0

Service-policy output: MAC_PM

Class-map: BGP_CM (match-all)
47 packets, 3771 bytes
5 minute offered rate 0 bps
Match: protocol bgp

Class-map: R1_MAC_CM (match-all)
5 packets, 590 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: destination-address mac C200.1AA8.0000
drop

Class-map: R2_MAC_CM (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: destination-address mac C201.1AA8.0000
police:
cir 8000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)
50 packets, 5044 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R4#sh ip bgp summ
BGP router identifier 172.16.144.4, local AS number 40
BGP table version is 29, main routing table version 29
20 network entries using 2400 bytes of memory
27 path entries using 1404 bytes of memory
9/5 BGP path/bestpath attribute entries using 1116 bytes of memory
6 BGP AS-PATH entries using 144 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 3 (at peak 3) using 96 bytes of memory
BGP using 5160 total bytes of memory
BGP activity 85/65 prefixes, 112/85 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.14.1 4 10 1261 1251 29 0 0 00:06:20 6
10.1.24.2 4 20 1261 1249 29 0 0 00:06:20 7
R4#sh ip route 10.1.14.1
Routing entry for 10.1.14.0/24
Known via “connected”, distance 0, metric 0 (connected, via interface)
Redistributing via bgp 40
Advertised by bgp 40
Routing Descriptor Blocks:
* directly connected, via FastEthernet0/0.14
Route metric is 0, traffic share count is 1

R4#sh ip route 172.16.101.1
Routing entry for 172.16.101.0/24
Known via “bgp 40”, distance 20, metric 0
Tag 10, type external
Last update from 10.1.14.1 00:05:30 ago
Routing Descriptor Blocks:
* 10.1.14.1, from 10.1.14.1, 00:05:30 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 10

R4#ping 10.1.14.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.14.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R4#ping 172.16.101.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.101.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

show ipv6 route local vs connected

‘show ipv6 route local’ shows the address of the interface vs ‘show ipv6 route connected’ only the subnet address of the interface

interface Ethernet0/0.12
encapsulation dot1Q 12
ip address 10.0.12.2 255.255.255.0
ipv6 address 2001:10:0:12::2/64

Rack1R2#sh ipv6 route
IPv6 Routing Table – default – 3 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
B – BGP, M – MIPv6, R – RIP, I1 – ISIS L1
I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary, D – EIGRP
EX – EIGRP external, ND – Neighbor Discovery
O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
C 2001:10:0:12::/64 [0/0]
via Ethernet0/0.12, directly connected
L 2001:10:0:12::2/128 [0/0]
via Ethernet0/0.12, receive
L FF00::/8 [0/0]
via Null0, receive

Rack1R2#sh ipv6 route local
IPv6 Routing Table – default – 3 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
B – BGP, M – MIPv6, R – RIP, I1 – ISIS L1
I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary, D – EIGRP
EX – EIGRP external, ND – Neighbor Discovery
O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
L 2001:10:0:12::2/128 [0/0]
via Ethernet0/0.12, receive
L FF00::/8 [0/0]
via Null0, receive

Rack1R2#sh ipv6 route connected
IPv6 Routing Table – default – 3 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
B – BGP, M – MIPv6, R – RIP, I1 – ISIS L1
I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary, D – EIGRP
EX – EIGRP external, ND – Neighbor Discovery
O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
C 2001:10:0:12::/64 [0/0]
via Ethernet0/0.12, directly connected

NOTE about this from Cisco:
https://supportforums.cisco.com/docs/DOC-16385