I have setup where central cisco connects downstream to branch office cisco routers and upstream to the Internet via pair of CARPed firewalls.
Cisco routers speak OSPF between themselves, and I keep them all in area 0 (I don't see any reason to complicate it with more areas). Central cisco router also speaks OSPF to CARPed firewalls, but not in order to learn the default route (as the only way to the Internet is through them I have set it up statically on central cisco router so next-hop IP address is CARP address), but in order for CARP firewalls to learn routes to branch offices. So, on master firewall I have: router-priority 0 router-id 192.168.228.2 area 0.0.0.0 { interface bnx0 { metric 100 } } On backup firewall I have: router-priority 0 router-id 192.168.228.3 area 0.0.0.0 { interface bnx0 { metric 200 } } Maybe google translate can help you with translation of my detailed howto (in Serbian): https://www.mimar.rs/openbsd-na-obodu-korporacijske-mreze/ -- Marko Cupać