GLBP doesn't use gratuituous ARP. When someone asks which MAC does the virtual IP have, the AVG will reply saying "This IP is at this MAC", using the field "Sender MAC Address", which is invisible to the switch's CAM table. The source address is still the AVG MAC.
EDIT: I said it wrong. The IP address requested is actually the Sender, the Target address is the address of the host that sent the arp request in the first place. I'll just upload here an example of ARP Request and Reply and when I get home I'll simulate on GNS so you can see how it really works and not just an example capture.
Cadant device asks which is the MAC for x.x.128.77 and if anyone has the answer, please direct it to x.x.128.164.
Oracle device then replies with a broadcast saying that x.x.128.77 is himself, at the MAC 00:14:4f:fb:c3:16, at the sender MAC address. The target is x.x.128.164, who was the one requesting.
If this was the case of a GLBP host, it would state the virtual MAC in the sender MAC address field. It's called Proxy ARP. Just hold tight, I'll upload the actual GLBP capture in about 10 hours.
GLBP Capture:
R2 is the AVG, R1 the AVF:
HOST 192.168.0.200 asked for the MAC of 192.168.0.1, the GLBP VIP. He received an answer from C001.3270.0000, which is the real MAC of the interface fa0/0 from R2, stating that 192.168.0.1 was located at 0007.B400.0101, one of the virtual MAC .
Later on, HOST 192.168.0.201 asked for the MAC of 192.168.0.1 and received an answer from the same C001.3270.0000 saying that this IP was with the MAC 0007.B400.0102, the other virtual MAC. Wireshark even throws a yellow line saying that "Hey, lookout, this IP is in use by another host".
When issuing "show glbp" from both routers, the AVG output have a little more detailing, including how many times it answered and ARP request with this or that virtual MAC address. You can see the MAC and IP addresses of the interfaces in "Group Members", present in both outputs.
These are two completely independent protocols. VRRP doesn't interact with OSPF, or vice versa.
VRRP will create a virtual gateway, and one router (layer-3 switch?) will be the primary and the other router will be the secondary which takes over if the primary router fails. This has nothing to do with the routing protocol.
The real concern with an FHRP is that it match its primary router with the STP root switch for the VLAN. Not matching the FHRP primary router with the root switch can cause sub-optimal traffic paths as the layer-2 traffic is switched to the root switch via STP, then to the other router (layer-3 switch) as the FHRP primary gateway.
OSPF will populate the routing tables of the routers, and whichever router the traffic goes to (based on the FHRP) will route the traffic based on the best route in the routing table.
Best Answer
You can use VRRP, assuming your routers support it, but it requires at least two or three IP addresses in the same network. You need an address for each of the routers, and one address for the virtual address (some implementations of VRRP allow the virtual address to be the real address of one of the routers). The routers also need to be able to communicate with each other on the LAN where VRRP is used. You do this by connecting the router interfaces to the same layer-2 LAN.
Doing this on the WAN side of your routers will give the Data Center redundant access to your routers, but you will still have a Single-Point-of-Failure from your routers to the Data Center. The network for your link to the Data Center must be, at most,
/29
, since any longer mask will not provide more than two usable addresses, and the link will require, at least, three addresses.Doing this on the LAN side of your routers provides the hosts on the LAN with router redundancy.
To protect the switch, you could place a transparent firewall between the Data Center and the switch, or you could use an unmanaged switch. You may want the firewall if your routers need protection, too. If your Data Center link only has two addresses, the firewall could terminate the link, and then it can provide a different network for your routers. Placing a router between your equipment and the Data Center creates another SPoF.
Routers route between networks, so having multiple networks attached to a router is normal.