Hello,
I have a single area OSPF network on my WAN that connects all of my remote sites and my primary and secondary datacenter on a layer 2 meshed WAN where everyone can talk to each other.
The connections are all low speed, except the connection between the HQ and secondary datacenter, which are 1Gbps and they push a lot of traffic due to replication and whatnot.
I have recently added VPN connections as backups from each remote site back to both the HQ and secondary datacenter and will be adding them to OSPF as well.
The dillema I have is that if the HQ or secondary site loses connectivity to the layer 2 WAN, I don't want them to find their way to each other via the VPN tunnels.
I can't use routing policy to do this, because I still need other routers on the network to know that they can route to and through the VPN tunnels to get to the HQ and secondary datacenters.
Is there a way to tell the HQ and sedondary routers to never route to each other over the VPN links, but still let everyone else on the network know that the routers on the other side of those VPN's can get to the HQ and secondary sites? A bonus would be if we could make the HQ and secondary routers stop advertising routes for each other if the primary link goes down.
I've been studying this scenario like crazy and I'm a bit lost. Please help.
Thanks!
Edit - I'm assuming we need to apply an export policy to the forwarding table to stop the routing process from installing those routes into the forwarding table, but if those routes become active in the routing table and we block them from the forwarding table, will these routers still advertise the routes?