I'll begin by setting the scene:
We have two zones separated by a firewall and implemented in a somewhat complex fashion. The routing for the first zone (call it zone A) is straightforward and runs on a 6500 switch. The routing for the second zone (call it zone B) is implemented as a VRF on this same 6500 switch. An external firewall has a leg in each zone and provides the connectivity between them. So far, so good, and it all works fine.
The issue is what happens when the firewall fails or needs to be taken offline, and we still need a method to connect the two zones - connectivity is more important than security in this case, so we've been testing some options (and we will probably merge the two zones at some time in the future).
1) Use another external device such as a switch or router. (Works ok, but we want a config solution)
2) Use another VRF with a leg in both zones. (Also works, but needs external cables and messing about with mac addresses which is so ugly we'd like to avoid it if possible.)
3) Use something else?
Is there an easier way of doing this? I have a feeling that I'm missing something obvious but can't think what (all routing in both zones is OSPF - no BGP anywhere).
Any ideas gratefully received!