Current location - Recipe Complete Network - Catering training - Campus network planning and design
Campus network planning and design
The campus network of colleges and universities has become an important supporting platform for the informatization construction of colleges and universities. According to the actual situation of colleges and universities, this paper analyzes and designs the campus network scheme of colleges and universities from the aspects of design objectives, design ideas and design principles.

[Keywords:] campus network core equipment design

With the development of computer network, campus network has become the inevitable development trend of colleges and universities towards the information age, which makes the management of higher education in China develop intellectually. It is the product of the combination of network technology, electronic information technology and university development. Campus network is a system based on information resources, hardware network system and network software system to realize management and use. It is a professional local area network with broadband access and interactive functions, and should have four functions: teaching, scientific research, management and communication.

I. Design objectives

In short, the design goal of campus network is to connect the information resources of different applications through high-performance network equipment, form an intranet system within the campus area, and access the WAN through routing equipment. Specifically, such a design goal should be: relying on modern network technology, advanced technology and strong expansibility, building a campus backbone network with office automation, computer-assisted instruction and modern computer campus culture as the core, covering all buildings in the school, connecting various PC workstations, terminal equipment and local area networks in the school, and connecting related wide area networks: online publicity and access to educational resources; On this basis, establish a software and hardware environment that can meet the needs of teaching, scientific research and management; Develop all kinds of information bases and application systems to provide adequate network information services for all kinds of school personnel; The overall design of the system is based on the principle of overall planning and distributed implementation, which fully embodies the advanced technology, high safety and reliability, openness, expansibility and good construction economy of the system.

Second, the key to design

1. network technology selection

In the construction of campus network, the choice of backbone network technology plays a decisive role in the success of network construction. Choosing the mainstream network technology suitable for the characteristics of campus network can not only ensure the high performance of the network, but also ensure the advancement and expansibility of the network, and can smoothly transition to newer technologies in the future to protect users' investment. Therefore, according to the needs of practical application, Gigabit Ethernet should be used as the backbone of campus network, because as the information exchange center of the whole campus network, the speed of the network will directly affect the performance of other subnets; When building a multimedia classroom, there will be a lot of images and sounds transmitted in the network, so there is a high demand for bandwidth and transmission speed, and fast Ethernet is the best choice. For other environments with simple file transfer applications, Ethernet can meet the requirements. The complexity of different network technologies directly affects the maintenance, management and use of campus network to some extent. Gigabit Ethernet inherits the characteristics of Ethernet technology, which is simple and easy to learn and master, and is the first choice of campus network technology.

2. Campus Network Export Solution

At present, the IP resources and registered domain names of university campus networks are basically from CERNET, a computer network for education and scientific research in China, but the fees are relatively high, and the bandwidth is also greatly limited except for key universities. With the increasing number of users, the original access bandwidth of CERNET in most universities can no longer meet the demand, so it is urgent to expand the export bandwidth of campus network. However, a direct problem brought by the expansion of export bandwidth is the sharp increase in network information fees. Compared with CERNET, it is cheaper to access CHINANET through local ISP under the same access bandwidth. Therefore, it is an effective scheme to solve the bottleneck of campus network export and a new trend of campus network development to adopt the dual-export scheme, comprehensively use static, network address translation and strategic routing technologies, and fully integrate the superior resources of CERNET and local ISP.

3. Selection of network core equipment

Selection of (1) backbone bandwidth. The increase of network applications puts forward a direct demand for network bandwidth. In fact, since the establishment of 1983 802.3 standard, Ethernet technology has entered the era of 10 Gigabit Ethernet (802.3ae standard) after 20 years of development. Campus network applications are also extremely rich. With the application of multicast technology in campus, the core layer of campus network will face a severe test. Considering the development of network and based on the development of network business, it is feasible to build the core layer with 10 Gigabit Ethernet technology in colleges and universities with nearly 10,000 information points. At present, the business has not been fully developed. Gigabit backbone is adopted first, but the core equipment must support 10 Gigabit, and it is applied in the education industry to prove the maturity and stability of the core products. The end-to-end Ethernet access is realized, the transmission efficiency is improved, and the development of multimedia teaching, digital library and other services is effectively guaranteed.

(2) Processing capacity. The core layer is the backbone of high-speed network switching, which aims to provide as high a packet forwarding rate as possible, as well as high-speed Internet access and high redundancy. At the same time, because colleges and universities basically adopt Internet and CERNET dual exports, and the export rates are different, the selected network core layer equipment should be able to provide the function of intelligent selection of multi-network exports, and it can provide redundancy characteristics. The core layer equipment must be able to support the slots of various modules and provide various network modules, support the network multicast protocol and the processing ability of the network multicast protocol required by streaming media, and need the functions of data forwarding and data exchange at line speed, that is, the support of high backplane bandwidth and the support of high-performance network processing chips; Because it is the core equipment, we should also consider the disaster recovery and equipment redundancy of the whole network. The equipment redundancy considered in the design needs equipment support and protocol support. Device support means that the data exchange of the whole network cannot be carried out by a single core device, and at least two devices are needed to effectively support the whole network and have the hardware support ability of disaster recovery backup. In terms of protocol, it is necessary to support redundant protocols to realize the overall network redundancy. Support switching in the shortest time when a single device fails to avoid network loss.

For the design of the core switch of the whole network, we should also consider the overall service support mode, because the equipment is only the physical bearing level, and users need to realize their own services and effective functions and processes at this physical level. In this way, the service support ability of physical equipment is very important. The core equipment shall provide distributed L2/3/4 interface boards to handle application streams (video, voice, data) and priorities of important users, and support NAT, MPLS, VPN, policy routing and other applications; Support various Qos based on port, MAC, VLAN, IP, application type, etc. Support four priority queues and flow classification, queuing, scheduling and shaping mechanisms, such as WRED, WRR, PQ and WFQ. Give the switch a high degree of intelligence and efficiently support various application services.

The core equipment plays an important role in the network, and security is very important for the whole network. Shielding external hacker attacks and internal virus attacks is the key to ensure the operation of the whole network. Core equipment should provide perfect ACL access control policy customization to prevent illegal content access; Broadcast packet suppression and broadcast source location function to ensure the safety of network users.

(3) Design for future expansion. For the design of the core equipment in the central position, with the change of the times, its business structure and scale will also change, which requires the whole network equipment to be able to cope with future changes; Because the core equipment is the core of data and business, it cannot be easily replaced. At the same time, considering the cost factor, unless the core equipment can't support the current business, it will basically add functional support to the original equipment to meet the needs of new business. In this way, it becomes extremely important for future expansion. The core equipment expansion slot, plug-in module type and port density should be considered to ensure the high cost performance of the whole machine.

4. Deployment of security scheme

From the analysis of the current network situation in colleges and universities, the current sources of network security threats mainly come from the following aspects: First, the security threats from the Internet, and colleges and universities have their own independent links to the Internet. Network-based attacks on LAN from any access point on the Internet and attacks on open application servers may lead to a sharp decline in network performance and paralysis of application servers. The normal internal and external two-way communication, storage and other services of the whole network are blocked or interrupted; Second, malicious security attacks from the campus LAN connected to students' computers may cause students to use all kinds of intrusion software for the purpose of learning, posing a hidden danger threat to the system; Thirdly, the data reporting of relevant departments in colleges and universities adopts FTP method to copy step by step, which is in a completely open and transparent mode. As long as the IP address is mastered, the transmitted data will be easily intercepted, leading to the disclosure of confidential information; Then there are vulnerabilities from the operating system, the application system itself, and virus security threats from the Internet and the internal LAN. The virus protection in the school can't rely on the individual's consciousness, but should be deployed at multiple levels from the gateway, server and client, and the overall virus protection solution should be implemented. Only in this way can we fundamentally put an end to the outbreak and spread of the virus, effectively protect the internal resources of the school, and at the same time establish a good rapid response system for emerging viruses. As the defense line of school network security, firewall, intrusion detection and anti-virus system are essential, which can effectively warn the attacks from external network and internal network in time and give some countermeasures.

5. Design of private network

In recent years, other applications relying on campus network lines have also joined. For example, the campus card project involves teachers and students of the whole school and many departments such as school finance, library and catering. There are both user identification and user consumption, so the private network design of such applications should be considered. Including equipment selection, VLAN division, IP planning, access list setting, etc. Moreover, the video monitoring of the school security system and the winter heating temperature collection system will all work on the campus network.

6. Other precautions

In terms of user management and charging, in order to ensure the accuracy of charging data, the switch can support the binding of user account, IP address, MAC address, switch port and VLAN, to ensure that the IP address will not be stolen when users surf the Internet, and to support charging based on traffic/duration/monthly subscription/bandwidth and its combined charging method.

In the aspect of user log management, the service management platform and access switch configuration can realize perfect user log function. The contents of user access log include user name, source MAC, VLANID, source IP, destination IP and access time. When the user's destination IP address changes, a log will be generated. According to this information, we can easily locate which internal servers users visited in a certain period of time, and trace back the responsible persons of some accidents corresponding to the logs of the servers.

In terms of network management, network management software supports a variety of operating platforms and can be integrated with a variety of general network management platforms to achieve all-round network management from device level to network level. It provides a unified topology discovery function to monitor the whole network, can monitor the running status of all devices in real time, and provides appropriate ways to configure and modify network parameters according to the changes of network operating environment to ensure the normal operation of the network with optimal performance.

In addition, there are many users in colleges and universities, and fault management, cluster management and traffic performance monitoring are also essential.

Three. Concluding remarks

Campus network is a complex system engineering. The construction of high-performance campus network needs to be closely combined with the new network design concept, with high performance, high reliability, high security and advanced quality of service (Qos) as the core, and with the support of campus network platform, the teaching, scientific research and management of colleges and universities will be promoted to a higher level.

References:

[1]Douglas Comer, TCP/IP Network Interconnection Volume I: Principles, Protocols and Architecture, 4th Edition, Electronic Industry Press, 200 1

[2] Andrew S. Tarnum Baum, Computer Network, 3rd edition, prentiss-Hall International Company, 1997.

[3]Howard C.Berkowitz, Designing the Routing and Switching Structure of Enterprise Networks, Electronic Industry Press, 2000.

For reference, ask me if I need originality.