OSPF Sham Links are required when you try to use a backdoor link between two CE routers in an MPLS VPN PE CE scenario where you use OSPF as the PE-CE routing protocol. This is best explained with an example, take a look at the following topology:
Above we have an MPLS VPN topology where we use OSPF as the PE-CE routing protocol. CE1 and CE2 each have a loopback interface that is advertised in OSPF area 0. Right now, the MPLS backbone is the only way for the CE routers to reach each other.
If we connect CE1 and CE2 via a direct link over some other network as a backup link, such a backup link will always be chosen as the best path no matter what the configured cost, because OSPF always prefers intra-area routes over inter-area routes.
But we don't want this, we want MPLS to be the main network via which all traffic is routed, and the direct link to be used as a backup.
The only way to fix this is to advertise the routes that are learned through the MPLS VPN network as intra-area routes. We can do this with the OSPF sham link. The sham link is a logical link, similar to a virtual link. It allows you to create a point-to-point connection between the two PE routers. The PE routers are then able to flood LSAs across the MPLS VPN backbone. You don’t have to configure anything on the CE routers.
You can adjust the cost or metric of a sham link as needed.