Hello all...I've been labbing this up for a while, but let's set the table. We changed over from ASAs at the datacenter to an HA pair of PA7050s running both the DC and Internet firewalls (hooray!) and now we've transitioned what we'd define as our core network from EIGRP to OSPF.
Currently Area 0 consists of 6 neighbors: 2 6807-XLs on the main campus, a 6509E-VSS pair at a satellite campus, and a 4500X-VSS pair at a medical campus, plus both the Internet and DC VSYSes on the Palo.
My plan as a diagram: https://imgur.com/RGB9HGX
We're currently redistributing OSPF and EIGRP into each other. I'm hearing "keep everything area 0" from people, but I'm concerned because while the satellite campus and medical campus are unlikely to expand beyond what's in that diagram, the main campus has dozens of buildings with their own L3 switches (L3 all the things, yes).
What I'm asking is: am I going too far in splitting up into 4 additional areas? At the very least I'm going to need to separate the main campus off into its own because of the sheer number of L3 neighbors there.
Do I even need to have the Internet VSYS participating in OSPF, or would it be better to just tell every core in Area 0 that its default route is the VIP on the VSYS?
Am I overlooking anything obvious? It's a whole new world to me (us, but mostly me as it's my problem) but this also allows us to explore other options for our building L3 and potentially our campus and DC cores moving forward, so if this goes smoothly I'll have some new ammunition as well.
Thanks for any input.
No comments:
Post a Comment