[c-nsp] Logical Router Segmentation

[Chris Burwell]

I am looking for a bit of guidance on logically segmenting an existing
router. Currently I have a core network router that has fiber
connections to all of our buildings. Each building is in it's own
VLAN. We run OSPF on the router and all VLANS are in the same area
0.0.0.1.

In the future things are going to change, one of which will be our
ISP. So we will have two fiber connections to the outside world. One
will go to the internet VIA a yet to be named ISP, while the other
will go to an external entity that provides some services to us. Since
money is tight right now, I want to try to use our current hardware
for the new setup.

What I am unsure about is how everything would be setup. I know that
the two external connections will be in their own VLAN, but it is the
routing part that I am trying to wrap my head around. Would we have to
run a separate routing instance for the two external connections? I
ask this because once the outbound traffic makes it past our firewall,
the router is going to have to make a decision on if the traffic
should be routed to the external entity or to the internet. Would we
be able to accomplish this with our current routing setup?

The setup will be the two external connections on their own VLAN. A
third connection will also be a part of that VLAN, and this will
provide the "outside" link on our firewall. From there the firewall
will connect to another port on our internal network (which is again
on it's own VLAN, but this VLAN is part of our internal OSPF area). SO
outbound traffic would travel into the internal interface on the
firewall, out the external interface and back into our core router.
>From here the decision needs to be made on what link the packet should
be forwarded out of.

I appreciate any help!

- Chris