1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
1 Project Overview
设备，把网络建设成为一个高性能、高可靠性、高安全性的网络，在满足XXXX各类业务要求的同时，尽可能的符合当今网络发展的潮流，具备相当的先进性和可扩充、可升级的能力，满足后期的扩容需求。 XXXX network builds a "10 Gigabit backbone, Gigabit access" office LAN, and is equipped with corresponding network equipment to build the network into a high-performance, high-reliability, and high-security network. At the same time of business requirements, it conforms to the current trend of network development as much as possible, and has considerable advancedness and expandable and upgradeable capabilities to meet the later capacity expansion requirements. Adopt high-performance core switches to increase the bandwidth of the network connection backbone, fully consider network reliability, redundancy, and self-healing capabilities, fully consider the impact of insecure factors such as viruses and intrusion attacks facing network systems today, fully consider and For other factors such as network interoperability, the solution design is forward-looking, and fully considers the ability of the network to expand to higher performance in the future.
2 network design principles
Ø Modular design
After the network is completed, different data points implement different functions. In addition to most office data points, there are also connected data centers, network management / security centers, etc. The different functions determine the requirements of different data points on the network and network design. Consider different factors. When some part of the functional requirements change, it is only necessary to redesign and upgrade the corresponding functional modules, without affecting the other component modules of the network and the backbone of the network. Based on these advantages, the design of XXXX adopts a modular design pattern. At present, the main considerations are: core switching module, floor access module, user access authentication module, security module, etc.
Ø High reliability
The network system should have high reliability and high security. In addition to using highly reliable network equipment, backup at the physical layer, data link layer, and network layer should also be considered.
Ø high performance
In XXXX local area network, not only the network backbone is required to be high-bandwidth. As a whole system, the network should have controllable intelligent high performance. In other words, in the network, the exchange between the nodes connected by Ethernet (100M / 1G / 10Gbps), regardless of their VLAN attributes, we can control it to switch on the local switch or through the Gigabit Ethernet backbone.
Ø Scalability and upgradeability
The system must be scalable and upgradeable. With the growth of the business and the improvement of the application level, the data and information flow in the network will grow exponentially. It needs the network to have good scalability and be able to follow the technology. Development is constantly escalating.
Ø Standard protocol support
The network system should support the standard protocol IP, which is an open network that supports the interconnection of various protocols.
Ø Easy to manage and maintain
The network system must have good manageability, and the network management system must have functions such as monitoring, fault diagnosis, fault isolation, and filtering settings to facilitate system management and maintenance. At the same time, products with high integration and common modules should be selected as much as possible to facilitate management and maintenance.
The network system should have good security. As XXXX LAN provides interconnection for multiple user intranets and supports multiple services, the network system should support the division of multiple VLANs and be able to perform effective security control when performing Layer 3 exchanges between VLANs to ensure system security . In addition, users accessing the network pass an identity authentication system to prevent theft of user account numbers, IP addresses, and MAC addresses, and ensure the legitimacy of user identities.
Ø 保证 QoS guarantee
There are more and more multimedia applications in today's networks, and these applications have higher requirements for service quality. XXXX LANs should be able to guarantee QoS to support such applications. Due to the increasing number of multimedia applications in the network, such as Video Conference and video phone services, a large amount of bandwidth resources are often occupied. Therefore, the network system should be able to support multicast services to save the bandwidth of the backbone.
Ø In line with international standards
The selection of systems and products that comply with international standards can ensure that the system has a longer vitality and expansion capability, and meets the requirements of future system upgrades.
The network construction is based on the principle of gigabit fiber to the desktop and gigabit / ten gigabit to core interconnection;
u Consider adequate network platform reliability and redundancy characteristics;
u Standardization and sufficient scalability of network protocols;
u Fully consider LAN security features;
u Fully consider the high speed and high operating efficiency of the network;
u Make full use of existing network circuit resources;
u Unified network management.
3 network design
XXXX 的局域网网络，整体分为网络和网络 , 内网络物理隔离 , 网络结构均采用二级偏平化的结构 , 分别为核心层、接入层，网络核心层交换机采用 2 台高端路由交换机 S10508 虚拟化部署，防止单点故障。 For the XXXX LAN network, it is divided into network and network as a whole . The internal network is physically isolated . The network structure uses a two-level flat structure , which is the core layer and the access layer. The network core layer switch uses two high-end routing switches S10508 virtual Deployment to prevent single points of failure. S5130 系列交换机。 The network access layer switches use S5130 series switches. As shown below:
The core layer of the network uses an S10508 high-end 10 Gigabit switch, and 10 Gigabit optical interfaces are used to connect S5130 switches on each floor.
S10508 。 At the core layer, the core layer mainly implements high-speed routing switching. We recommend using two high-performance switches H3C S10508 . S10508 万兆核心交换机采用clos体系结构所有端口均线速转发。 With 8 slots, the S10508 10 Gigabit core switch adopts clos architecture and all ports forward at line speed. Provides a 10 Gigabit optical service board, which is connected to the floor access layer switch using 10 Gigabit.
The access layer is a device directly connected to the user. Therefore, in actual application process, we recommend using H3C S5130 series switches, and it is recommended to link with the core switch S10508 through the 10 Gigabit electrical interface of the S5130 series switches. The H3C S5130 can implement wire-speed forwarding on all ports, support various types of uplink interfaces, and support stacking.
3.1 Network Design Features
Network design uses dual-core, two-tier flat structure
Configure a core switch as the core switching node of the network. Because the XXXX network has the characteristics of relatively concentrated geographic locations of information points, it is recommended to use a two-layer flat network architecture for network planning and construction. The so-called two-tier flat architecture is a three-layer network architecture relative to the business standard. The middle aggregation layer is removed, and only the core layer and the access layer are retained to construct the network system. Flat architecture has the advantages of multiple, fast, good, and provincial.
3.2 Network core layer design
The overall network uses a two-level network architecture, which is the core layer and the access layer.
According to the network scale of XXXX, we recommend to deploy the cost-effective H3C 10-Gigabit routing switch H3C S10508 in the core layer.
We recommend using two high-performance switches H3C S10508 and S10508 10 Gigabit switches with 8 slots, which can flexibly configure a variety of interface modules according to network requirements. S10508 10 Gigabit core switch adopts Clos architecture, all ports are wire-speed forwarding.
According to the scale of the XXXX network, two core switches S10508 are used, an IRF virtualization solution is deployed, and a 10-Gigabit optical port is used to connect the access layer switches.
The core layer of the network mainly completes high-speed switching and routing and forwarding of network-wide services, and places higher requirements on network reliability, service support capabilities, and packet forwarding performance.
3.3 Network Access Layer Design
, 该分层能够提供多重绑定功能的进一步控制；该分层的主要功能是为最终用户提供网络接入。 The access layer switch of this network is located at the second level of the network. It is the point where end users are allowed to access the network. On the one hand, it is required to maintain a high-speed and reliable connection with the core layer. On the other hand, a large number of access terminal devices are aggregated . It can provide further control of multiple binding functions; the main function of this layer is to provide network access for end users.
H3CS5130 系列交换机产品。 In the access switching layer, there are multiple products to choose from. In order to facilitate network management and future maintenance, and to give play to the functions and best performance of the network, we recommend the use of highly cost-effective H3CS5130 series switches.
S5130 series switches support stacking technology. When the network needs to expand capacity, stacking technology can be used to expand ports to facilitate unified management of network equipment.
4 VLAN 规划 IP address and VLAN planning
The allocation of IP address space must be compatible with the network topology hierarchy. It is necessary to effectively use the address space, but also to reflect the scalability and flexibility of the network. At the same time, it can meet the requirements of routing protocols to facilitate routing clustering in the network. , Reduce the number of routing tables in the router, reduce the length of the routing table in the router, reduce the consumption of router CPU and memory, reduce the degree of network turbulence, isolate network failures, improve the efficiency of routing algorithms, and accelerate the convergence rate of routing changes. Consider the manageability of network addresses. The following principles should be followed in specific allocation:
Uniqueness: No two hosts in an IP network can use the same IP address;
Simplicity: Address allocation should be simple and easy to manage, reduce the complexity of network expansion, and simplify entries in the routing table
Continuity: Contiguous addresses are easy to overlap paths in a hierarchical network, which greatly reduces the routing table and improves the efficiency of routing algorithms.
Scalability: There must be a margin at each level of address allocation to ensure the continuity required for address overlap when the network scale is expanded
Flexibility: Address allocation should be flexible to meet the optimization of multiple routing strategies and make full use of the address space.
Both the core switch and the aggregation switch use Layer 3 switches. Because VLANs are LAN features, VLANs will be terminated when they cross Layer 3 IP devices (routers or switches). In theory, VLAN planning in these two areas can be completely independent However, for management convenience, it is recommended that all VLAN IDs be uniformly distributed throughout the LAN.
The division of VLANs needs to refer to the planning of IP addresses. Within the local area network, the VLANs are mapped to IP subnets. In the same functional area, where the IP subnets are continuous, VLAN IDs are stored continuously using the same rules.
Different VLANs are isolated at the link layer. All link broadcast packets are broadcast within a VLAN and will not spread out of the VLAN. Mutual access between VLANs must be performed at the IP layer, which can be controlled through an access control list (ACL). On the IP device, VLANs are terminated, and each VLAN corresponds to an IP subnet. The access control of this VLAN to other IP subnets can be implemented through ACL configuration on the IP logical interface corresponding to the VLAN.
5 Network Management Solution
The network management tool is an indispensable tool to ensure the normal operation of the network and the normal operation of the business. Through the network management software, not only can the network problems be found in time, and the network changes can be responded to quickly. Optimization to achieve the purpose of making full use of network resources.
XXXX 的网络管理员需要实现对整个网络从物理链路到上层复杂应用和业务的分层次集中管理，进而提高网络的可管理性和运行的稳定性，缩短 XXXX 在提供新业务时的开通周期。 Utilizing the professional management functions provided by the network management system, XXXX 's network administrators need to achieve hierarchical and centralized management of the entire network from physical links to upper-layer complex applications and services, thereby improving the manageability and stability of the network, and shortening The opening cycle of XXXX when providing new services. XXXX 降低网络的运行成本。 By simplifying the network management process and improving the administrator's work efficiency, the network management system will also help XXXX reduce the network operating costs.
The management and maintenance of the network will be a long and arduous task. XXXX 采用一套图形化管理界面的网管软件实现全网的统一管理。 Therefore, it is recommended that XXXX adopt a set of network management software with a graphical management interface to achieve unified management of the entire network.