Hello,
I had this architecture tested and working well in a lab, but I neglected that our production environment leverages OTV. This apparently changed the nature of my HSRP configurations, identified in red. I originally had object-tracking set up on those two routers, but now with the realization that FHRP isolation will not allow advertisement of HSRP hellos between the peers, I am forced to decide if this architecture is still tenable?
The above diagram represents my new thoughts on this connectivity. To explain, there are two firewalls in a failover pair connected over an OTV vlan, and two point-to-point circuits (WAN 1, WAN 2) where the the four routers in the middle form an EIGRP process. The red HSRP group was initially going to operate normally, but now I have active/active due to this FHRP isolation.
I cannot find any reason why this would not work. I also cannot find any common failure scenario where this would introduce significant risk. This new design may introduce a few more asymmetric routing scenarios than the first iteration, but I don't think that's the end of the world considering a fix for a broken link or down P2P circuit is usually only a few hours out.
Can anyone find fault with this solution? Please let me know if you need any more information about this setup. Thanks.
Jeff