p001 design - nihole/PSEFABRIC GitHub Wiki
We have the network shown in the figure below, and I will demonstrate here how to setup PSEFABRIC for this.
List of data-centers:
- DC1
- DC2
- DC3
List of equipment:
- dc1_sw1 - cisco L3 switch
- dc1_fw1 - juniper SRX
- dc2_fw1 - cisco ASA
- dc2_sw1 - cisco l3 switch
- dc3_sw1 - cisco l2 switch
- dc3_r1 - cisco router with ZBF
Logical Segmentation:
- DC1
- VRFs on dc1_sw1: VRF1, VRF2, VRF3
- Security Zones on dc1_fw1: VRF1, VRF2, VRF3, untrust
- trunk between dc1_fw1 and dc1_sw1. VLANs: 101 (VRF1), 102 (VRF2), 103 (VRF3)
- subinterfaces on dc1_sw1 e0/0 for overlay subnetworks: VLANs 111, 112 (VRF2); 121, 122 (VRF2); 131, 132 (VRF3)
- DC2
- VRFs on dc2_sw1: TRUST, DMZ
- Security Zones on ASA: TRUST, DMZ, outside
- trunk between ASA and dc2_sw1. VLANs: 201 (DMZ), 202 (TRUST)
- subinterfaces on dc2_sw1 e0/1 for overlay subnetworks: VLANs 211, 212 (DMZ); 221, 222 (TRUST)
- DC3
- Security Zones on dc3_r1: trust, untrust
- p2p L3 link between dc3_r1 and dc3_sw1
- subinterfaces on dc3_sw1 e0/0 for overlay subnetworks: VLANs 311, 312 (DMZ)
Routing
- BGP between data-centers (between dc1_fw1, dc2_fw2, dc3_r1)
- OSPF inside DC
- Mutual redistribution between OSPF and BGP
- Static route 0/0 towards local FWs from each VRF (for dc1_sw1, dc2_sw2) and for dc3_sw3