Yes! Please see attached file.

What about the DMZ, which are all public IPs ??

Should I put in the area 0 as well ?

Please it is not the final design by all means.

Thanks in advance

Johnson

The DMZ behind the FWSM's can also be in area 0.. Guiseppe has given a very good explanation on the default route propagation between the two datacenters.. with regards to internal networks you can build up your own standards.. for hq networks which is off some kinda vpn tunnel, you can have static routes if required and have them redistributed onto the ospf domain if you had to propagate the vpn ip pools etc....

Raj

Thank you all for the input!

As far as scalability, should I have Area 0 at the top layer(pub segment) ??

Thanks

Johnson

Hi Johnson

How many networks are there on the DMZ segment ? By the looks of it, doesnt the outside segment (Public) just have back -to -back interfaces which would be used for routing/packet forwarding ? are there any servers or other componenets on the Public segment ? If you dont need network reachability to Outside segment from inside, you can just have static routes on the ASA firewalls pointing to the next hop router and have the static route redistributed onto OSPF Area 0 configured on the FW. if there are too many routes, i understand having ospf between the router and firewall for automatic route propagation.. in that case you can configure the outside segment directly on area 0, instead of assigning them on area 1... think of other areas only on edge locations (on offices) where you have multiple vlans for user traffic...

Hope this helps.. all the best

Raj

I changed a bit my design because of two things.

1. RTT between the Data Center is about 80ms

2. We server apps to the Internet and they are very sensitive.

Please see attached file.

My dilemma now is should I split A1 and make DC1 with A0 and DC2 with A1 ??

I want to have A1 for OSPF/BGP failover convergence.

HQ would be configure as Stub Area.

We can not afford any IGP convergence impacting from DC1 to DC2 or vice-versa.

Suggestions/Comments and Critics...please.

Thanks

Johnson

ps. DMZ the are about 8 public subnets

The design has FW5 & FW6, directly on Area 1 & Area 2 ?? it does not have a backbone area ?? i suggest you have your backbone core links (yellow links) all on area 0 and have the LAN segments on area 2.... have you already implemented this on OSPF ? if u have all cisco devices, you can configure EIGRP instead.. convergence is better than OSPF, and you have numerous other benefits with EIGRP.. but it depends on your environment...

what does the HQ segment constitute ? The most important question here as Guiseppe pointed out is, how are you going to control your default gateway, and how will you provide redundancy between DC1 and DC2 of the default gateway.. local routes, whether it be area 0 or area 1, would be propagated fine..

Hope this helps.. all the best

Raj

>> The design has FW5 & FW6, directly on Area 1 & Area 2 ??

YES

>> it does not have a backbone area ??

You mean if connects to Area 0, sure it does.

>> have you already implemented this on OSPF ?

Nope

>>Which IGP to use?

I guess my main concern now is if convergence happen.

a. does it propagate to other areas

b. how much is going to impact the applications in DC1 for instance.

Our internal apps are very sensitive to traffic disruptions.

To give you an idea....if a BGP peer out there connected(peering) to our ISP have a flap.

Some of our app will drop the session

>> what does the HQ segment constitute ?

It is our office head quarters. I can configure a stub area for it.

As far as default gateway G point out, I totally agree.

That's what I have in mind for sure.

Thanks

Johnson

Thank you all for the input!

As far as network grow.

Area 0 should be at the top layer (edge layer)

And multiple areas or another single are internally ??

Johnson