Statement introduced before Junos OS Release 7.4.
Support for ipsec-sa statement added in Junos OS Release 8.3.
Configure the remote endpoint of a sham link.
You can create an intra-area link or sham link between two provider edge (PE) routing devices so that the VPN backbone is preferred over the back-door link. A back-door link is a backup link that connects customer edge (CE) devices in case the VPN backbone is unavailable. When such a backup link is available and the CE devices are in the same OSPF area, the default behavior is to prefer this backup link over the VPN backbone. This is ecause the backup link is considered an intra-area link, while the VPN backbone is always considered an inter-area link. Intra-area links are always preferred over inter-area links.
The sham link is an unnumbered point-to-point intra-area link between PE devices. When the VPN backbone has a sham intra-area link, this sham link can be preferred over the backup link if the sham link has a lower OSPF metric than the backup link.
The sham link is advertised using Type 1 link-state advertisements (LSAs). Sham links are valid only for routing instances and OSPFv2.
Each sham link is identified by the combination of a local endpoint address and a remote endpoint address.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.