```mermaid graph TD %% --- 全局定义 --- Internet((互联网)) %% --- 云端 HUB 层 --- subgraph Cloud [云端中转 Hub] direction TB LinuxHub["Linux 云服务器 (FRR)<br/><b>WG IP: 10.0.9.1/24</b><br/>Role: BGP Reflector"] end %% --- Site A 层 (复杂节点) --- subgraph SiteA [Site A - 核心节点] direction TB MTA["<b>MikroTik A</b><br/>WG IP: 10.0.9.2/24<br/>LAN GW: 192.168.88.1<br/>协议: BGP + OSPF"] subgraph SiteA_LAN [内网: 192.168.88.0/24] OPA["<b>OpenWrt (旁路)</b><br/>IP: 192.168.88.2<br/>协议: OSPF + OpenVPN"] PCA("<b>电脑 A</b><br/>IP: 192.168.88.123<br/>GW: 192.168.88.1") end end %% --- Site B 层 (分支节点) --- subgraph SiteB [Site B - 分支节点] direction TB MTB["<b>MikroTik B</b><br/>WG IP: 10.0.9.3/24<br/>LAN GW: 192.168.98.1<br/>协议: BGP + OSPF"] subgraph SiteB_LAN [内网: 192.168.98.0/24] OPB["<b>OpenWrt (旁路)</b><br/>IP: 192.168.98.2<br/>协议: OSPF + OpenVPN"] PCB("<b>电脑 B</b><br/>IP: 192.168.98.55<br/>GW: 192.168.98.1") end end %% --- 外部服务 --- VPNServer["外部 OpenVPN 服务端<br/>(Target Network)"] %% --- 连接关系 --- %% 物理连接 Internet --- LinuxHub Internet --- VPNServer %% 隧道连接 (WireGuard - 核心骨干) LinuxHub == "WireGuard 隧道<br/>(iBGP AS65000)" ==> MTA LinuxHub == "WireGuard 隧道<br/>(iBGP AS65000)" ==> MTB %% Site A 内部逻辑连接 MTA -- "OSPF 路由交换" --- OPA MTA --- PCA %% Site B 内部逻辑连接 MTB -- "OSPF 路由交换" --- OPB MTB --- PCB %% OpenVPN 隧道 (业务出口) OPA -. "OpenVPN 隧道<br/>(NAT masquerade)" .-> VPNServer OPB -. "OpenVPN 隧道<br/>(NAT masquerade)" .-> VPNServer %% 样式定义 %% style Internet style OPA fill:#d5f5e3,stroke:#2ecc71,stroke-width:2px style OPB fill:#d5f5e3,stroke:#2ecc71,stroke-width:2px style LinuxHub fill:#fdedec,stroke:#e74c3c,stroke-width:2px style VPNServer fill:#eaecee,stroke:#333,stroke-dasharray:5 ``` Loading... ```mermaid graph TD %% --- 全局定义 --- Internet((互联网)) %% --- 云端 HUB 层 --- subgraph Cloud [云端中转 Hub] direction TB LinuxHub["Linux 云服务器 (FRR)<br/><b>WG IP: 10.0.9.1/24</b><br/>Role: BGP Reflector"] end %% --- Site A 层 (复杂节点) --- subgraph SiteA [Site A - 核心节点] direction TB MTA["<b>MikroTik A</b><br/>WG IP: 10.0.9.2/24<br/>LAN GW: 192.168.88.1<br/>协议: BGP + OSPF"] subgraph SiteA_LAN [内网: 192.168.88.0/24] OPA["<b>OpenWrt (旁路)</b><br/>IP: 192.168.88.2<br/>协议: OSPF + OpenVPN"] PCA("<b>电脑 A</b><br/>IP: 192.168.88.123<br/>GW: 192.168.88.1") end end %% --- Site B 层 (分支节点) --- subgraph SiteB [Site B - 分支节点] direction TB MTB["<b>MikroTik B</b><br/>WG IP: 10.0.9.3/24<br/>LAN GW: 192.168.98.1<br/>协议: BGP + OSPF"] subgraph SiteB_LAN [内网: 192.168.98.0/24] OPB["<b>OpenWrt (旁路)</b><br/>IP: 192.168.98.2<br/>协议: OSPF + OpenVPN"] PCB("<b>电脑 B</b><br/>IP: 192.168.98.55<br/>GW: 192.168.98.1") end end %% --- 外部服务 --- VPNServer["外部 OpenVPN 服务端<br/>(Target Network)"] %% --- 连接关系 --- %% 物理连接 Internet --- LinuxHub Internet --- VPNServer %% 隧道连接 (WireGuard - 核心骨干) LinuxHub == "WireGuard 隧道<br/>(iBGP AS65000)" ==> MTA LinuxHub == "WireGuard 隧道<br/>(iBGP AS65000)" ==> MTB %% Site A 内部逻辑连接 MTA -- "OSPF 路由交换" --- OPA MTA --- PCA %% Site B 内部逻辑连接 MTB -- "OSPF 路由交换" --- OPB MTB --- PCB %% OpenVPN 隧道 (业务出口) OPA -. "OpenVPN 隧道<br/>(NAT masquerade)" .-> VPNServer OPB -. "OpenVPN 隧道<br/>(NAT masquerade)" .-> VPNServer %% 样式定义 %% style Internet style OPA fill:#d5f5e3,stroke:#2ecc71,stroke-width:2px style OPB fill:#d5f5e3,stroke:#2ecc71,stroke-width:2px style LinuxHub fill:#fdedec,stroke:#e74c3c,stroke-width:2px style VPNServer fill:#eaecee,stroke:#333,stroke-dasharray:5 ``` 最后修改:2026 年 01 月 15 日 © 允许规范转载 打赏 赞赏作者 支付宝微信 赞 如果觉得我的文章对你有用,请随意赞赏
