NE_YuR/experiment/labdesign.md

graph TD subgraph Internet [外网区域] style Internet fill:#E6F3FF,stroke:#99CCFF Internet_Cloud(fa:fa-cloud Internet) PC4(fa:fa-laptop PC4 - 外网用户) end

Internet_Cloud -- WAN链路 --> R3(R3 - 模拟ISP)
R3 -- 链路 A --> R1
R3 -- 链路 B --> R2

subgraph Exit_Layer [出口层 - VRRP负载分担]
    style Exit_Layer fill:#E6FFE6,stroke:#99FF99
    R1(fa:fa-route R1 - 出口网关)
    R2(fa:fa-route R2 - 出口网关)
end

subgraph Core_and_Security [核心与安全区_防火墙旁挂]
    style Core_and_Security fill:#F5F5F5,stroke:#CCCCCC,stroke-width:2px

    subgraph CORE_STACK [核心层_堆叠系统_S1+S2]
        style CORE_STACK fill:#FFF5E6,stroke:#FFCC99
        CORE((fa:fa-layer-group CORE))
    end

    subgraph FW_HA [安全层_防火墙双机热备]
        style FW_HA fill:#FFECE6,stroke:#FFB399
        FW1(fa:fa-shield-alt FW1)
        FW2(fa:fa-shield-alt FW2)
    end

    FW1 <-.->|HRP 心跳线| FW2
end

subgraph Access_Layer [接入层]
    style Access_Layer fill:#F0E6FF,stroke:#D1B3FF
    S3(S3 - 员工区交换机)
    S4(S4 - 服务器/访客区交换机)
end

subgraph End_Devices [内网终端设备]
    PC1(fa:fa-computer PC1 <br> 员工区 VLAN 10)
    Server(fa:fa-server Web服务器 <br> 服务器区 VLAN 20)
    PC3(fa:fa-wifi PC3 <br> 访客区 VLAN 30)
end

%% 定义连接关系
%% 出口层 <--> 核心层
R1 -- Eth-Trunk 1 --> CORE
R2 -- Eth-Trunk 2 --> CORE

%% 防火墙旁挂流量路径
CORE -- "Untrust区 <br> (VLAN 200)" --> FW1 & FW2
FW1 & FW2 -- "Trust区 <br> (VLAN 300)" --> CORE

%% 核心层 <--> 接入层
CORE -- Trunk链路 --> S3
CORE -- Trunk链路 --> S4

%% 接入层 <--> 终端
S3 -- Access端口 --> PC1
S4 -- Access端口 --> Server
S4 -- Access端口 --> PC3