Wednesday, May 13, 2026

Complete MPLS Layer 3 VPN with OSPF PE-CE Routing, Domain-ID and Sham-Link Configuration Guide

MPLS Layer 3 VPN with OSPF PE-CE Routing, Domain-ID and Sham-Link Complete Guide

Complete MPLS Layer 3 VPN Using OSPF PE-CE Routing, Domain-ID and Sham-Link

MPLS Layer 3 VPN is one of the most advanced enterprise WAN technologies used in service provider environments. This lab demonstrates how OSPF integrates with MPLS VPN environments using:

  • VPNv4 MP-BGP
  • VRF
  • OSPF PE-CE Routing
  • OSPF Domain-ID
  • OSPF Sham-Link
  • Route Redistribution
  • Backdoor Links

๐Ÿ’ก Key Learning Objectives

  • Understand MPLS VPN architecture
  • Configure VPNv4 MP-BGP
  • Configure VRFs
  • Deploy OSPF PE-CE routing
  • Understand O IA and O E2 route behavior
  • Configure OSPF Domain-ID
  • Understand Sham-Link operation
  • Prevent traffic from preferring backdoor links

Table of Contents

1. MPLS VPN Introduction

MPLS Layer 3 VPN enables multiple customers to share a common service provider backbone while maintaining routing isolation.

Core MPLS Components

Component Purpose
PE Router Provider Edge Router
P Router Core MPLS Router
CE Router Customer Edge Router
VRF Virtual Routing Table
MP-BGP VPN Route Exchange

MPLS Label Switching Formula

$$ Incoming\ Label \rightarrow Swap \rightarrow Outgoing\ Label $$

2. VPNv4 MP-BGP Neighbor Relationship

VPNv4 MP-BGP exchanges customer VPN routes between PE routers.

Basic Example

router bgp ASN
 neighbor PE-IP remote-as ASN
 address-family vpnv4
  neighbor activate

R1 Configuration


router bgp 1000

 neighbor 4.4.4.4 remote-as 1000
 neighbor 4.4.4.4 update-source loopback0

 address-family vpnv4
  neighbor 4.4.4.4 activate

R4 Configuration


router bgp 1000

 neighbor 1.1.1.1 remote-as 1000
 neighbor 1.1.1.1 update-source loopback0

 address-family vpnv4
  neighbor 1.1.1.1 activate

VPNv4 Address Formula

$$ VPNv4 = RD + IPv4Prefix $$

Example:

$$ 1000:1:10.5.5.0/24 $$

3. VRF Cust-A Configuration

VRF separates customer routing tables inside the same PE router.

R1 Configuration


vrf definition Cust-A
 rd 1000:1

 address-family ipv4
  route-target both 1000:1

interface e0/1
 vrf forwarding Cust-A
 ip address 192.1.15.1 255.255.255.0
 no shutdown

R4 Configuration


vrf definition Cust-A
 rd 1000:1

 address-family ipv4
  route-target both 1000:1

interface e0/2
 vrf forwarding Cust-A
 ip address 192.1.48.4 255.255.255.0
 no shutdown

4. OSPF Between R1 and R5

OSPF is configured as PE-CE routing protocol between R1 and R5.

R1 Configuration

Configuration Example:

router ospf PROCESS-ID vrf VRF-NAME
 network subnet wildcard area AREA
 redistribute bgp ASN


router ospf 58 vrf Cust-A

 network 192.1.15.0 0.0.0.255 area 0

 redistribute bgp 1000

router bgp 1000

 address-family ipv4 vrf Cust-A
  redistribute ospf 58

R5 Configuration


router ospf 1

 network 10.5.5.0 0.0.0.255 area 0
 network 192.1.15.0 0.0.0.255 area 0
๐Ÿ“˜ Why Redistribution Is Required?

Redistribution injects OSPF routes into MP-BGP so they can travel across the MPLS backbone. Without redistribution, remote customer sites would never learn those routes.

5. OSPF Between R4 and R8

R4 Configuration


router ospf 58 vrf Cust-A

 network 192.1.48.0 0.0.0.255 area 0

 redistribute bgp 1000

router bgp 1000

 address-family ipv4 vrf Cust-A
  redistribute ospf 58

R8 Configuration


router ospf 1

 network 10.8.8.0 0.0.0.255 area 0
 network 192.1.48.0 0.0.0.255 area 0

๐Ÿ’ก Important OSPF Behavior

Since both PE routers use the same OSPF process ID 58, remote routes appear as: 

O IA

This occurs because the MPLS cloud acts like an OSPF Super Backbone.

6. VRF Cust-B Configuration

R1 Configuration


vrf definition Cust-B
 rd 1000:2

 route-target both 1000:2

interface e0/2
 ip vrf forwarding Cust-B
 ip address 192.1.16.1 255.255.255.0
 no shutdown

R4 Configuration


vrf definition Cust-B
 rd 1000:2

 route-target both 1000:2

interface e0/1
 ip vrf forwarding Cust-B
 ip address 192.1.47.4 255.255.255.0
 no shutdown

7. OSPF Between R1 and R6

R1 Configuration


router ospf 6 vrf Cust-B

 network 192.1.16.0 0.0.0.255 area 0

 redistribute bgp 1000

router bgp 1000

 address-family ipv4 vrf Cust-B
  redistribute ospf 6

R6 Configuration


router ospf 1

 network 10.6.6.0 0.0.0.255 area 0
 network 192.1.16.0 0.0.0.255 area 0

8. OSPF Between R4 and R7

R4 Configuration


router ospf 7 vrf Cust-B

 network 192.1.47.0 0.0.0.255 area 0

 redistribute bgp 1000

router bgp 1000

 address-family ipv4 vrf Cust-B
  redistribute ospf 7

R7 Configuration


router ospf 1

 network 10.7.7.0 0.0.0.255 area 0
 network 192.1.47.0 0.0.0.255 area 0

๐Ÿ’ก Why Routes Show as O E2?

Cust-B uses different OSPF process IDs:

  • R1 uses Process 6
  • R4 uses Process 7

Therefore remote routes appear as: 

O E2

9. OSPF Domain-ID Explained

Domain-ID allows PE routers to identify OSPF routes as belonging to the same domain.

$$ Matching\ DomainID \Rightarrow OIA\ Route $$

R1 Configuration


router ospf 6 vrf Cust-B

 domain-id 0.0.0.67

R4 Configuration


router ospf 7 vrf Cust-B

 domain-id 0.0.0.67

๐ŸŽฏ Result

After configuring matching Domain-ID values: 

O IA

Remote routes now appear as Inter-Area routes instead of External routes.

10. Backdoor Link Configuration

A direct link is configured between R6 and R7.

R6 Configuration


interface e0/1

 ip address 10.67.67.6 255.255.255.0
 ip ospf cost 1000
 no shutdown

router ospf 1

 network 10.67.67.0 0.0.0.255 area 0

R7 Configuration


interface e0/1

 ip address 10.67.67.7 255.255.255.0
 ip ospf cost 1000
 no shutdown

router ospf 1

 network 10.67.67.0 0.0.0.255 area 0

OSPF Cost Formula

$$ Cost = \frac{ReferenceBandwidth}{InterfaceBandwidth} $$

OSPF prefers intra-area routes over inter-area routes. Because the backdoor link is intra-area, traffic prefers it over MPLS.

Sham-Link creates a virtual intra-area connection across MPLS.

Create Loopbacks

R1 Loopback


interface loopback67

 ip vrf forwarding Cust-B
 ip address 172.16.67.1 255.255.255.255

router bgp 1000

 address-family ipv4 vrf Cust-B
  network 172.16.67.1 mask 255.255.255.255

R4 Loopback


interface loopback67

 ip vrf forwarding Cust-B
 ip address 172.16.67.4 255.255.255.255

router bgp 1000

 address-family ipv4 vrf Cust-B
  network 172.16.67.4 mask 255.255.255.255

Configure Sham-Link

R1


router ospf 6 vrf Cust-B

 area 0 sham-link 172.16.67.1 172.16.67.4

R4


router ospf 7 vrf Cust-B

 area 0 sham-link 172.16.67.4 172.16.67.1

๐Ÿ’ก Sham-Link Result

Traffic now prefers the MPLS VPN path instead of the backdoor link.

OSPF Route Preference

$$ IntraArea < InterArea < External $$

12. Verification Commands

Verify VPNv4 Neighbors

show bgp vpnv4 unicast all summary

Verify OSPF Routes

show ip route vrf Cust-A
show ip route vrf Cust-B

Verify Sham-Link

show ip ospf sham-links

Verify OSPF Database

show ip ospf database

Expected Route Types

O IA
O E2

13. MPLS and OSPF Mathematics

OSPF SPF Calculation

$$ ShortestPath = \sum Cost $$

Reference Bandwidth Formula

$$ Cost = \frac{10^8}{Bandwidth} $$

VPNv4 Route Representation

$$ VPNv4 = RD + IPv4Prefix $$

Sham-Link Tunnel Logic

$$ PE1 \leftrightarrow MPLSCloud \leftrightarrow PE2 $$

Final Summary

๐ŸŽฏ Important Concepts Covered

  • VPNv4 MP-BGP
  • VRF Isolation
  • OSPF PE-CE Routing
  • Route Redistribution
  • OSPF Domain-ID
  • Sham-Link
  • Backdoor Links
  • O IA vs O E2 Routes

This MPLS VPN OSPF lab demonstrates advanced enterprise WAN design principles used in real telecom and service provider environments. Understanding Domain-ID and Sham-Link concepts is critical for CCNP and CCIE level MPLS troubleshooting.

By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

How HMT Watches Lost the Time: A Deep Dive into Disruptive Innovation Blindness in Indian Manufacturing

The Rise and Fall of HMT Watches: A Story of Brand Dominance and Disruptive Innovation Blindness The Rise and Fal...

Popular Posts