I have a 400+ site frame-relay/ATM WAN that will be migrating to IPSEC VPNs. The sites are currently divided into 4 different OSPF stub areas. I want to maintain the integrity of the stub areas during the migration so I can avoid re-addressing all the remote sites. I'll be going GRE over IPSEC with OSPF on the VPNs. For my test sites I just un-configured the frame-relay sub-interface on my hub router and created a GRE interface and addressed it like the deleted FR sub-interface. I don't want to do this for the rollout because the hub router is old and due to be replaced/retired. I thought of attaching 4 new routers (one for each area) to the existing hub router through some /30 subnets appropriately addressed for their areas (to maintain the old router's role as the OSPF ABR) and create the new GRE interfaces there, but it would be cleaner if I could do one or two new routers with a vrf for each area. Then I'll just make the new routers ABRs when the old hub goes away. Anybody do anything like this (or have a better idea)?
Thanks in advance.