Routing and router working principle in-depth analysis 4: Router Operation example

Log "Routing and router working principle in-depth analysis 1"http://user.qzone.qq.com/2756567163/blog/1438322342 introduced the"Why to use a router"and"the segmentation principle of TCP/IP V4 protocol network"2 questions; a log"Routing and router working principle in-depth analysis 2"http://user.qzone.qq.com/2756567163/blog/1438329517This paper introduces the working principle of routing, and deeply analyzes the implementation process of the route with the implementation of a concrete example .Log"Routing and router working principle in-depth analysis 3"http://user.qzone.qq.com/2756567163/blog/1438362165 describes another router-related concept: Port, and the principle of its work is analyzed. This article will take the Tplink router as the object of operation,Explains how the router operates. 9. DMZ The DMZ is the abbreviation for "demilitarized zone", the Chinese name is "Quarantine area", also known as "demilitarized zone". It is to solve the problem that the external network cannot access the internal network server after the firewall is installed, and a buffer between the non-security system and the security system, which is located in the Small network area between the enterprise internal network and the external network, can place some server settings that must be exposed in this small network area. such as enterprise Web servers, FTP servers, and so on. On the other hand, through such a DMZ area, the internal network is more effectively protected, the common network structure is as follows:      The DMZ scenario adds a security perimeter for the internal network to be protected, and it provides a region to place the public server, which effectively avoids the need for some connected applications to be exposed, and conflicts with internal security policies. Some public facilities, such as public servers, are usually placed in the DMZ area. In short, the DMZ is a different area from the LAN, but on top of the firewall, it is not restricted by firewalls.    when planning a network with a DMZ, we can identify the access relationships between the various networks and determine the following six access control policies. A, the intranet can access the extranet:The intranet users obviously need free access to the extranet. In this strategy, the firewall requires a source address translation. B, the intranet can access the DMZ:This policy is designed to facilitate the use and management of servers in the DMZ by intranet users. c, the external network can not access the intranet:It is clear that the intranet is the company's internal data, which does not allow users to access the extranet. D, the extranet can access the DMZ:The server in the DMZ itself is to provide services to the outside world, so the extranet must be able to access the DMZ. At the same time, the external network access to the DMZ requires a firewall to complete the external address to the server's actual address conversion. e, DMZ cannot access intranet:Obviously, if you violate this strategy, when intruders take the DMZ, they can further attack the important data on the intranet. F, DMZ cannot access the extranet:There are exceptions to this policy, such as the need to access the extranet when a mail server is placed in the DMZ, otherwise it will not work properly. In the network, the Demilitarized Zone (DMZ) is an isolated segment that provides services for untrusted systems, and is designed to separate the sensitive internal network from other networks that provide access to the network, and to prevent direct communication between the intranet and the extranet to ensure intranet security.     10. one-to-one net mapping     The one-to-one NAT function of enterprise routers, also referred to as static NAT mapping, can map the IP of LAN designated computer to the corresponding public IP. When the corresponding host accesses the Internet, users in the mapped public network ip,internet can access the host through the mapped public IP address. When the user has more than one public IP address, if you need to assign a dedicated public IP address to the servers within the LAN, provide access services for the extranet users. Can be implemented using a one-to-one NAT feature. The topology diagram looks like this:Requirements Analysis:a company broadband for optical fiber, broadband service providers to provide four public IP addresses, respectively, 121.201.33.100-121.201.33.103. Company intranet has a Web server and e-mail server needs to open up, the need for server IP and public IP one-to-ones conversion, the rest of the host use other public network IP sharing Internet. The requirements are as follows:    The Setup method is as follows: 11. Virtual Server Enterprises in the internal construction of various servers, such as FTP server, Web server, mail server, monitoring server and so on. And these servers are not only open to the intranet users, the extranet users also need to access through the Internet. The virtual Server feature can be used to map the intranet server to the Internet, thus enabling the server to open to the outside. the topology diagram looks like this:      Requirements Analysis : use of an enterpriserouters to build a network, the mail server and Web server need to open external network. The user network parameters are as follows:     the Setup method is as follows:     In this paper, some concepts of routers are introduced in the form of examples, and their usage methods are expounded.     Note 1: This article in the process of writing access to a large number of online information, the citation of the source could not be one by one marked, special apology. NOTE 2: This article is for Tplink operations related to a lot of content from the "Tplink official website", hereby stated. original articles, reproduced please indicate the sourcehttp://user.qzone.qq.com/2756567163.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Routing and router working principle in-depth analysis 4: Router Operation example