I have typical requirement which is driving me to use dual ospf process on my cisco 7206 npe g1 routers. Suggest me if its advisable or not and would i be able to achieve my requirment .
My setup is ( as seen in the diagram attached ), I have two routers at site a and site b. Both the routers have dual connectivity using atm pvc to backbone area. Links connecting the backbone area are in area 0. The backbone area is already in place , the sites a and b are now being connected to backbone area. Also routers at site a and b are expected to act as ABR/ASBR for AS 65111.
I have a backdoor link from site a to site b, which is expected to carry and route only LAN traffic to-from site a and site b.
Site A and Site B would be managed from AS 65100 , reachability to the same is provided by bgp-ospf redistribution between both AS. The LAN hosts behind the firewals at site A and Site B are statically nat'd for the traffic flowing to-from LAN hosts at site a or b to area 0 or AS 65100. Traffic between LAN hosts at site a and site b would not be nat'd.
Now comes the requirments:
1) LAN host prefix ( 10.251.17.96/27, 10.251.17.128/27 and 10.251.27.96/27, 10.251.27.128/27) should not be sent to area 0. LAN host prefixes are statically routed on rtr01 and rtr02 towards the firewall vrrp address.
2) IP prefix used to nat the LAN host should be advertised in area 0 and to AS 65100 to give the reachability to LAN hosts through NAT outside IP
3) LAN prefix should be routed dynamically over backdoor link between site a and site b
4) Backdoor link should not carry any traffic for NAT prefixes hence dont advertise NAT prefix over backdoor link.
5) site a and site b should recieve the routes as seen on backbone area.
1) Run two ospf process on rtr01 and rtr02
2) ospf process 1 shall include WAN link prefix( connecting to backbone area )& loopbacks in area 0 , LAN network connecting the firewall ( two vlans ) by redistributing connected, NAT prefix for hosts behind firewall by redistributing static.
3) ospf process 2 shall include backdoor link wan prefix in area 10, Inter-router gigabit ethernet link ( IRL ) in area 10, Inside ( actuall ) ip prefix for hosts behind firewall by redistributing static.
1) AS 65100 & other areas connected to backbone area 0 can access the hosts behind firewall using the outside NAT IP address which are statically nat'd on rtr01 and rtr02
2) Site a and site b can access the LAN host behind firewall without NAT and always through backdoor link.
huuuh .. thats all :)
Please suggest me if its a practical solution or there is some other suggested way to achieve the same.
Thanks and Regards