graph TD
subgraph Internet [外网区域]
style Internet fill:#E6F3FF,stroke:#99CCFF
Internet_Cloud(fa:fa-cloud Internet)
PC4(fa:fa-laptop PC4 - 外网用户)
end
Internet_Cloud -- WAN链路 --> R3(R3 - 模拟ISP)
R3 -- 链路 A --> R1
R3 -- 链路 B --> R2
subgraph Exit_Layer [出口层 - VRRP负载分担]
style Exit_Layer fill:#E6FFE6,stroke:#99FF99
R1(fa:fa-route R1 - 出口网关)
R2(fa:fa-route R2 - 出口网关)
end
subgraph Core_and_Security [核心与安全区_防火墙旁挂]
style Core_and_Security fill:#F5F5F5,stroke:#CCCCCC,stroke-width:2px
subgraph CORE_STACK [核心层_堆叠系统_S1+S2]
style CORE_STACK fill:#FFF5E6,stroke:#FFCC99
CORE((fa:fa-layer-group CORE))
end
subgraph FW_HA [安全层_防火墙双机热备]
style FW_HA fill:#FFECE6,stroke:#FFB399
FW1(fa:fa-shield-alt FW1)
FW2(fa:fa-shield-alt FW2)
end
FW1 <-.->|HRP 心跳线| FW2
end
subgraph Access_Layer [接入层]
style Access_Layer fill:#F0E6FF,stroke:#D1B3FF
S3(S3 - 员工区交换机)
S4(S4 - 服务器/访客区交换机)
end
subgraph End_Devices [内网终端设备]
PC1(fa:fa-computer PC1
员工区 VLAN 10)
Server(fa:fa-server Web服务器
服务器区 VLAN 20)
PC3(fa:fa-wifi PC3
访客区 VLAN 30)
end
%% 定义连接关系
%% 出口层 <--> 核心层
R1 -- Eth-Trunk 1 --> CORE
R2 -- Eth-Trunk 2 --> CORE
%% 防火墙旁挂流量路径
CORE -- "Untrust区
(VLAN 200)" --> FW1 & FW2
FW1 & FW2 -- "Trust区
(VLAN 300)" --> CORE
%% 核心层 <--> 接入层
CORE -- Trunk链路 --> S3
CORE -- Trunk链路 --> S4
%% 接入层 <--> 终端
S3 -- Access端口 --> PC1
S4 -- Access端口 --> Server
S4 -- Access端口 --> PC3