PROJECT: BLACKSITE
Complete Enterprise Network Topology
22
Network Devices
2
Geographic Sites
20
Network Segments
3
BGP Autonomous Systems
30
Lab Sections
SITE A
OSPF Area 0 · AS 65001
A-R1
CT 100
A-R2
CT 101
A-S1
CT 103
A-S2
CT 104
A-S3
CT 105
A-S4
CT 106
vmbr10
DC1
VM 500
CLIENT-A
CT 610
A-R3
CT 102
SITE B
OSPF Area 0 · AS 65002
B-R1
CT 200
B-R2
CT 201
B-S1
CT 203
B-S2
CT 204
B-S3
CT 205
B-S4
CT 206
vmbr20
DC2
VM 501
CLIENT-B
CT 601
B-R3
CT 202
WIDE AREA NETWORK
BGP · GRE · IPsec · MPLS/LDP
ISP
CT 302 · AS 65000
Route Reflector
vmbr33
eBGP
FW-EDGE
VM 900 · OPNsense
Firewall Rules · NAT · VPN
IDS/IPS (Suricata)
QoS / Traffic Shaping
WAN (upstream)
LAN-A (downstream)
LAN-B (downstream)
vmbr30
vmbr31
WAN-A
CT 300 · AS 65001
WAN-B
CT 301 · AS 65002
GRE+IPsec
vmbr10
vmbr20
vmbr0
Internet (direct)
SERVICES
CT 999
apt mirror (3142) · DNS (53) · NTP (123)
Monitoring
Serves every container in both sites
vmbr99
Isolated Services Bridge
to all Site A containers
to all Site B containers
MGMT: vmbr18
MGMT: vmbr28
PROXMOX VE 9.0.3 HOST
Bare-Metal Hypervisor · 19 LXC Containers · 3 VMs · 21 Virtual Bridges (vmbr10-18, vmbr20-28, vmbr30-33, vmbr99) · FRRouting · Debian 12 Bookworm
Router (FRR / OSPF+BGP)
Switch (FRR / Layer 2+3)
Site B Accent
ISP / WAN Transit
Services / Tunnels
Client / Endpoint
Firewall (OPNsense)
Site A / Management
OSPF
eBGP
MPLS/LDP
GRE
IPsec
VLANs
ACLs/NAT
QoS