GOOSE uses VLAN and priority tagging as per IEEE 802.1Q to have separate virtual network within the same physical network and sets appropriate message priority level. -- wikipedia
That would suggest this traffic is actually within a VLAN. So even if it is broadcast (or multicast), it's only going to go where that VLAN goes.
tcpdump
has a rather annoying feature of not showing vlan tags unless you get rather verbose with it. Use wireshark (or tshark
) and look at the complete contents (every. single. bit.) in each frame. Also note, many modern NICs process the vlan tag internally, so the OS doesn't normally see them -- the interface must be in promiscuous mode to turn that off. (and some drivers continue to eat them even then.)
Ok, I think there are two variants to look into this, the problematic part where it divides is when you mentioned OSPF should be used for internal routing. If you want to reach other destination through ISP and use OSPF between sites the ISP routers needs to be part of your OSPF topology, so they would propagate all the networks with OSPF through the whole topology. This picture shows it.
![All routers are part of OSPF topology](https://i.stack.imgur.com/Hgli0.png)
Notice the orange region is also on links between offices, so they are part of OSPF.
The problem here is, that this wouldn't be really possible in real life. You can't manage ISP network, so the solution here is to create GRE Tunnels between every office. That way, the OSPF would use Tunnel interfaces, and from logical part of network it will look like the routers Office A, Office B, Office C are directly connected and can establish neighbours in OSPF through these Tunnel interfaces.
For PAT, I guess you also ment one IPv4 address per OFFICE, not per city. It makes much more sense, that means you will make PAT on every Office router and ISP network uses public addresses to connect between cities. You should also use some dynamic routing / static routing in ISP network, to make sure every ISP router can reach public address of office router ( if you go with the way of GRE tunnels. Having ISP routers part of OSPF topology loose the purpose of PAT, because they can directly see on the inside networks).
Within one office, users in different VLANs will be reachable by inter-VLAN routing (either on L3 switch or router-on-stick solution with subinterfaces). If they want to reach other site directly and you are using PAT, there needs to be GRE tunnel between sites allowing direct L3 connection. I guess you don't want to create rules in PAT for every user.
So to sum it up, I think the best solution here is to do GRE tunnels between sites and do OSPF on these interfaces to manage internal network. For external network (ISP) use again OSPF or EIGRP, whatever works for you.
Best Answer
The whole point of a network is that all devices connected to it can talk to each other. Each device will needs its own port though. Nowadays, you connect a device to the network through a switch port; the switch works as a central concentrator and traffic exchange, directing packeted data to wherever it's intended to go.
The picture is showing a (logical) layer 3 network layout. A physical layer layout would show all the wires and ports.
A COM-style serial port is a connection between exactly two devices (1:1 relation). A network offers many to many (N:N relation).
Note that at the very bottom layer Ethernet isn't too much more than a simple serial connections, but there's a lot of functionality layered on top that makes it work as a network.