PROJECT: BLACKSITE
Complete Enterprise Network Topology
22
Network Devices
2
Geographic Sites
20
Network Segments
3
BGP Autonomous Systems
30
Lab Sections
SITE A
10.10.x.x · OSPF Area 0 · AS 65001
10.10.1.0/24
10.10.5.0/24
10.10.2.0/24
10.10.3.0/24
10.10.4.0/24
10.10.8.0/24
10.10.6.0/24
10.10.7.0/24
A-R1
CT 100 · 10.10.0.1
A-R2
CT 101 · 10.10.0.2
A-S1
CT 103 · 10.10.0.11
A-S2
CT 104 · 10.10.0.12
A-S3
CT 105 · 10.10.0.13
A-S4
CT 106 · 10.10.0.14
vmbr10
DC1
VM 500 · 10.10.1.100
CLIENT-A
CT 610 · 10.10.1.200
A-R3
CT 102 · 10.10.0.3
SITE B
10.20.x.x · OSPF Area 0 · AS 65002
10.20.1.0/24
10.20.5.0/24
10.20.2.0/24
10.20.3.0/24
10.20.4.0/24
10.20.8.0/24
10.20.6.0/24
10.20.7.0/24
B-R1
CT 200 · 10.20.0.1
B-R2
CT 201 · 10.20.0.2
B-S1
CT 203 · 10.20.0.11
B-S2
CT 204 · 10.20.0.12
B-S3
CT 205 · 10.20.0.13
B-S4
CT 206 · 10.20.0.14
vmbr20
DC2
VM 501 · 10.20.1.100
CLIENT-B
CT 601 · 10.20.1.200
B-R3
CT 202 · 10.20.0.3
WIDE AREA NETWORK
BGP · GRE · IPsec · MPLS/LDP
ISP
CT 302 · AS 65000
Lo: 172.16.255.100
eth2: 172.16.0.14
Route Reflector
vmbr33
172.16.0.12/30
eBGP
FW-EDGE
VM 900 · OPNsense
vtnet0: 172.16.0.13
Firewall Rules · NAT · VPN
IDS/IPS (Suricata)
QoS / Traffic Shaping
WAN (upstream)
LAN-A (downstream)
LAN-B (downstream)
172.16.0.0/30
vmbr30
FW: .2 · WAN-A: .1
172.16.0.4/30
vmbr31
FW: .6 · WAN-B: .5
WAN-A
CT 300 · AS 65001
172.16.255.1
WAN-B
CT 301 · AS 65002
172.16.255.2
GRE+IPsec
10.10.1.0/24
vmbr10
WAN-A eth0: 10.10.1.2
10.20.1.0/24
vmbr20
WAN-B eth0: 10.20.1.2
vmbr0
Internet (direct)
SERVICES
CT 999 · 10.10.250.1
apt mirror (3142) · DNS (53) · NTP (123)
Monitoring
Serves every container in both sites
vmbr99
Isolated Services Bridge
to all Site A containers
to all Site B containers
MGMT: vmbr18
10.10.255.0/24
MGMT: vmbr28
10.20.255.0/24
PROXMOX VE 9.0.3 HOST
Bare-Metal Hypervisor · 19 LXC Containers · 3 VMs · 21 Virtual Bridges (vmbr10-18, vmbr20-28, vmbr30-33, vmbr99) · FRRouting · Debian 12 Bookworm
Router (FRR / OSPF+BGP)
Switch (FRR / Layer 2+3)
Site B Accent
ISP / WAN Transit
Services / Tunnels
Client / Endpoint
Firewall (OPNsense)
Site A / Management
OSPF
eBGP
MPLS/LDP
GRE
IPsec
VLANs
ACLs/NAT
QoS