In OSPFv3, all areas must be connected to a backbone area. If there is a break in backbone continuity, or the backbone is
purposefully partitioned, you can establish a virtual link. The virtual link must be configured in the two devices you want
to use to connect the partitioned backbone. The configuration information in each device consists of the other virtual endpoint
(the other Area Border Router [ABR]) and the nonbackbone area that the two devices have in common (called the transit area.)
Note that virtual links cannot be configured through stub areas. Sham links are similar to virtual links in many ways, but
sham links are used in Layer 3 Multiprotocol Label Switching (MPLS) VPN networks to connect provider edge (PE) routers across
the MPLS backbone.
Multihop adjacencies such as virtual links and sham links use global IPv6 addresses that require you to configure TTL security
to control the number of hops that a packet can travel.
If TTL security is enabled, OSPFv3 sends outgoing packets with an IP header TTL value of 255 and discards incoming packets
that have TTL values less than the configurable threshold. Because each device that forwards an IP packet decreases the TTL
value, packets received via a direct (one-hop) connection will have a value of 255. Packets that cross two hops will have
a value of 254, and so on. The receive threshold is configured in terms of the maximum number of hops that a packet may have
traveled. The value for this
hop-count argument is a number from 1 to 254, with a default of 1.
To establish a virtual link or a sham link, use the
cost commands respectively. To configure TTL security on a virtual link or a sham link, configure the
ttl-security keyword and the
hop-count argument in either command. Note that the
hop-count argument value is mandatory in this case.
OSPFv3 TTL Security can be configured for virtual and sham links only, and must be configured in address family configuration
(config-router-af) mode for IPv6 address families.