BGP – Public VRF

Public VRF is represented by various logical zones. At the centre we have a Core AS PUBLIC which has peering upstream and downstream.

Each of the switches has an upstream leg to one IP Transit provider with ISP1 being preferred with local preference of 150 for the outbound direction. Public ranges are being prepended with an additional as-path ASN to make sure inbound traffic gets in via the closest possible datacentre.

To allow for Inter-VRF routing (Public/Private) all switches have BGP peering with the firewall cluster. MED is used to route all traffic via switches 01/11 and failover to 02/12 when required.

Layer 1 - Core

Layer 1- Infrastructure

Layer 2 - Core

Layer 2 - Infrastructure

IPBH Underlay

IPBH EVPN Overlay

EVPN – Local VRF

EVPN – Management VRF

EVPN – Public VRF

EVPN – Private VRF

BGP – Public VRF

BGP – Private VRF

Private VRF Segmentation

Public VRF Segmentation

BGP – Public VRF