Build a bank core network instance using Huawei 3Com vswitches

This article analyzes how Huawei 3Com series switches build core network instances for banks. Now all major banks have their own Huawei 3Com series switches. Learn about how Huawei 3Com series switches build core LAN, the following is a specific example of the Bank of China.

Analysis on the requirements of a Huawei 3Com Series Switch project

The LAN of the China Bank Fujian branch originally used two core Huawei 3Com series switches with a 155 MATM trunk and seven Huawei 3Com series switches on each floor to connect to the core switch through a single link. According to the current running situation, dual-host Hot Backup cannot be implemented, and the CPU and Memory of the core switch occupy a high share, which is in high load and cannot meet the requirements of secure production. The local area network of the provincial branch is the nerve hub connecting the province's business. Therefore, the Fujian branch of the Bank of China urgently needs to transform the local area network of the provincial branch.

II. Specific technical solutions for Huawei 3Com vswitches

In this transformation project, select Huawei 3Com series switch companies with line rate switching capabilities series LAN Huawei 3Com series switches S8016, S3050 set up the bank of china Fujian branch LAN. To ensure network reliability, the entire LAN uses QuidwayS8016 of two Huawei 3Com series switches as the core Huawei 3Com series switches.

 

Huawei 3Com series switches

To implement layer-3 swap processing for the LAN of the entire building. Two core Huawei 3Com series switches have dual-engine, dual-Switch Network Board, and redundant power supply configurations. Two S8016 switches are bundled and interconnected through four GE links, the VRRP protocol is run between them for load balancing and backup protection to achieve hot standby.

Multiple Gigabit Multi-Mode Optical ports are configured for each S8016 instance to interconnect with the access layer Huawei 3Com series switches and servers. The S8016 has a switching capacity of GB, and all key components, such as the switching network, routing processing system, internal BUS, and power supply fan system, adopt redundant Hot Backup design to meet the high reliability requirements of the core business network of The Bank of Fujian.

At the same time, S8016 supports DHCP Relay and built-in DHCP Server function. It can assign IP addresses to mobile users in the LAN of the Bank of China in Fujian. The access permissions of mobile users can be limited by rules, both the routing processing system and the distributed line interface board of S8016 provide packet Security filtering/ACL mechanism to prevent illegal intrusion and malicious packet attacks. The ACL is implemented by hardware, it does not affect normal services. The entire machine supports 80 K hardware ACL rules.

The floor switch uses the Quidway S3050 device. Each Huawei 3Com series switch and two core switches form an optical fiber loop. The RSTP protocol is enabled for Link backup to Ensure network robustness and self-healing, at the same time, it ensures load sharing on main roads and improves network processing capabilities.

In this solution, the VLAN and IP address of the building are planned and designed based on the principle of separation of business and office, production, and development and testing. Vlan division is used to meet the needs of special customer groups such as external business, development and testing, and external personnel. S8016 supports 4 K global VLANs (802.1Q). The number of VLANs allowed to multiply with the number of ports on the whole machine can be combined with the access layer device S3050 to divide the VLAN of each working group.

To ensure network security and minimize possible IP address duplication and theft, the local network user is bound to MAC + IP + Port for authentication, in this way, only valid users can access the Internet. Host users without IP addresses use MAC + Port authentication. S8016 and S3050 support binding any combination of MAC, IP, VLAN, and PORT to effectively prevent unauthorized users from accessing the network. At the same time, it works with the Quidview Network Management System of Huawei 3Com series switches to implement unified network management of the building LAN.

Features of the 3Com vswitch Solution

Core layer multi-service, high reliability, and large capacity design: the core layer uses S8016 core Huawei 3Com series switches with GB switching capacity. All key components adopt redundant Hot Backup design and adopt distributed routing forwarding processing engine, supports hot swapping and hot backup. Supports VRRP and FastReroute.

Network extension is designed with redundant links. By running STP, load sharing and redundant backup of links are ensured to avoid L2 loops. Supports complete DiffServ/QoS Assurance: Implements simple stream classification, complex stream classification, traffic monitoring, real congestion control, complete queue scheduling, and output stream shaping, makes the network a comprehensive network that can simultaneously carry data, voice and video services. Quidway®All QoS functions of S8016 are implemented by hardware without affecting the performance.

All devices support 802.1X authentication and 802.1Q VLAN division for user security management and isolation. The quick fault detection function allows you to quickly locate faulty nodes and suspicious users and link user information. You can select HGMP/stack management to provide batch and graphical network management, making it simpler and faster; the implementation of this project will improve the performance, reliability, security, and management of the LAN of the provincial bank of china in Fujian.