I've got a remote user (let's call that router RU) connected via an IPSec tunnel and a remote site (RS) connected via MetroE and an IPSec tunnel for back-up.
Both IPSec tunnel terminate at the same router (RVPN) and the MetroE terminates at a different one (RME).
RVPN and RME are both ABR and backbone routers.
RU is in OSPF area 1 and RS is in area 2.
When RU sends a packet to RS, the packet arrives at RVPN and even though the cost to reach RS is much lower via RME, it sends it via the IPSec tunnel. This is normal behaviour as RVPN is an ABR so it belongs to area 0 and area 2 and because the destination of the packet is in area 2, it doesn't take the cost into consideration as intrarea routes are always preferred over interareas (to reach RS via RME it has to cross area0)
The problem is that I want to use RME as the latency is much better. The workaround I've found is to make RME an internal router and make RS an ABR so the MetroE link is part of area 0, and the same for the IPSec tunnel between RS and RVPN. The other solution is to create a GRE tunnel between RVPN and RME and make it area 2. I've tested both solutions and both work but I don't know which one is best for a working network.
I've been looking for OSPF design books but I haven't found any. All the books I've found explain how OSPF works, LSAs, area types, configuration, etc. but no design for the real world. Any idea?
Two other possible solutions come to mind, but before I get into them, to rehash your two choices, which are an Area 2 GRE link between RVPN and RME or extend Area 0 to RS, the former has all GRE tunnel issues, the second places an Area 0 router where it's more likely to become partitioned. Neither ideal.
Besides MetroE being faster than the IPSec tunnel, I assume the backside between RVPN and RME is also better, although not physically adjacent. If possible, instead of using a GRE tunnel (simple though), you might be able to extend a Area 2 p-2-p VLAN between RVPN and RME. This would avoid the performance issues of GRE.
If the Area 0 L2 infrastructure can not support a VLAN between RVPN and RME, they you might also see whether Area 0's infrastructure can support any of the VRF variants between the two routers.
These two possible solutions are much more complex to implement than just a GRE tunnel, but will provide optimal performance while avoiding extension of Area 0, and ABR processing, to a remote site.
If you remain with just the GRE option vs. extension of Area 0, I too, like Giuseppe, would lean toward GRE. (Don't forget usage of ip tcp adjust-mss, if supported, and tunnel keep alives.)
in the real world you have to take in account the impact of two options on the whole network.
If you have 20 remote sites routers with a primary metro ethernet link and you move RME inside area 0 you need to make all RSi ABR routers: you need to change the config of all of them and you may face performance issues on some of them.
Instead if you configure a GRE tunnel between RVPN and RME in area 2 you change the config of RVPN and RME only and you make RME ABR of Area(0,2) as it was already before.
RVPN will be ABR (0,1,2) as before too.
Traffic will be GRE encapsulated/deencapsulated at two powerful routers.
So I would go with the GRE tunnel.
hope to help