Design and Implementation of computer Wide Area Network

With the arrival of the tobacco information age, the value of information has been recognized and accepted by enterprises. to adapt to the modern circulation system construction of the tobacco industry's "telephone ordering, online goods distribution, electronic settlement, and modern logistics, beijing tobacco has accelerated the establishment of its own information network to improve the management level of enterprises, improve internal mechanisms of enterprises, improve the efficiency of enterprises, and reach the world's advanced level and international standards, enhance the competitiveness of the market and obtain higher economic benefits.

I. application background

After the informatization construction during the Ninth Five-Year Plan, the number of computer hardware in the tobacco industry in Beijing has grown from several to more than, and the operation mode has evolved from single-host operation to telephone dial-up transmission, however, its transmission speed and security and reliability cannot be guaranteed. From the perspective of the development level of computer and information technology and the latest business management philosophy of the municipal Bureau and the requirements of the "Tenth Five-year Plan" for the whole information network construction, the municipal Bureau Company) the computer network is still in the initial and imperfect stage.

According to the new requirements for the implementation of the "three major projects" of Beijing tobacco, it is necessary to establish a fast and efficient Beijing tobacco WAN System and the network subsystem of grass-roots units as soon as possible to accelerate the informatization of Beijing tobacco, achieve reasonable organization and flow of various information such as sales monopoly, and improve the overall level of operation, monopoly and Management of Municipal Bureau companies.

Ii. Network Design Ideas

According to the current needs and future development of the Beijing Tobacco Monopoly Bureau, in the design and construction of the Beijing tobacco industry network, we adhere to the unified global planning, which is not only compatible with the long-term development of Beijing tobacco informatization, we also adhere to the step-by-step and steady implementation strategy. The computer network is built into a network system with a high starting point, secure and reliable, easy to expand and upgrade, and easy to manage and use. Including:

1. Adhere to the construction principles and standards of the industry information network established by the State Tobacco Monopoly Bureau.

2. The network system should fully consider the use of existing network equipment and maintain compatibility with relevant international standards, national standards and mainstream operating systems and network protocols, reflecting the advanced nature of the network.

3. The information of each LAN can be transmitted to decision-making, management, production and sales departments in a timely, accurate and transparent manner, and the LAN can communicate with each other.

4. Establishing a Server Load balancer network system requires high reliability, manageability, and fault tolerance.

5. excellent scalability for future support of multimedia information, such as simultaneous transmission of images, voice and data.

6. The information center is the core of an exchange network with information forwarding, information storage and sharing, and comprehensive information processing and query capabilities. It provides necessary information services globally.

7. The network is easy to manage, maintain, and use.

Iii. Network Technology Design

1. Selection of key network technologies

1) Wan Line Selection

Dedicated Lines provide point-to-point and fixed-bandwidth Digital transmission channels between remote vertices, especially in WAN application environments that require high speed, security, and control. They are the main means to achieve WAN connections, the communication fee is determined by the bandwidth of the dedicated line and the distance between the two ends. Because the distance between different units is not very long, Beijing Netcom will provide broadband digital circuit SDH), which not only has high reliability, but also has good performance and price ratio. Therefore, in the network design, we choose SDH or DDN line as the preferred line for Wan.

2) switched Ethernet Technology

Switching Ethernet is an advanced and mature network technology. It improves network utilization, reduces conflicts caused by competition for network resources, and greatly improves network performance to meet the requirements of various types of data transmission. Dynamic exchange represents the development direction of today's exchange technology, so dynamic exchange technology is used in network design.

Gigabit Ethernet is a 10 Mbps Ethernet version of Mbps. It still adopts the same Asn structure as Ethernet, and Gigabit Ethernet is easier to master and accept than other high-speed network technologies, it can provide shared-bandwidth networks or trunk connections for applications in the shared and trunk environments, and also provide excellent service quality (QOS) for applications in the switched environment ). GE Ethernet is similar to the Traditional Ethernet technology and follows the CSMA/CD protocol. The existing Ethernet, compared with other new network technologies, it is more convenient to make the existing 10 M, 100 m lan seamlessly connected to 1000MbpsLAN. We chose the Gigabit Ethernet technology as the preferred technology for the backbone of the Local Area Network. Each LAN to the desktop adopts a high-performance and cost-effective Fast Ethernet technology, which not only protects users' original investment.

3) VLAN (Virtual LAN) Technology

VLAN is a logical network that can avoid many shortcomings and restrictions of the actual network. Members in the same virtual network VLAN belong to the same shared media region and can communicate with each other. members in different VLANs cannot directly access each other, this can meet the management needs of various organizations in real life, making daily management and maintenance very convenient. We use VLAN Technology to divide different departments or services to ensure that information resources are only available to legal users. At the same time, we can simplify the deletion, addition, and modification of terminals and control communication activities, protects working groups and networks.

4) layer-3 or multi-layer exchange technology

From the perspective of network users, LAN communication is divided into two levels of performance. When data packets are transmitted directly through a vswitch, they enjoy fast and stable highway transmission performance. However, the data packets forced to pass through the router can only use the slow path. When the traffic load is heavy, the data packets may suffer more serious delays. Multi-layer, layer-3) exchange technology is a combination of exchange technology and intelligent routing technology. It provides a complete and integrated solution for LAN with various structures.

2. Wan Design　

The backbone network of the Beijing Tobacco Monopoly Bureau is a star structure centered on the Beijing Municipal Bureau. The Beijing tobacco Wan is based on Beijing Telecom's SDH or ddnleased line system. It is centered on the Information Center of the municipal Bureau, connects the LAN of each second-level organization, and considers the backup of lines and equipment. To ensure the maximum degree of interconnectivity and management of the system based on the existing and evolving communication conditions, consistent network protocols, routing protocols, and network operating system standards are adopted in the network design, establish an Intranet network for Beijing tobacco.

2) Wan Routing Protocol

In a large Wide Area Network, the selection of routing protocols mainly depends on two aspects: one is the WAN topology and the other is the efficiency of routing protocols. We Use OSPF as the Backbone Routing Protocol in the Wide Area Network. OSPF is developed by the ietf igp Working Group and is designed for IP networks and becomes a standard routing protocol, supported by most router manufacturers, it not only has high efficiency, but also has reliable security mechanisms and good openness.

3) Wan center node design

The information center is the Information Exchange Center of Beijing tobacco Wide Area Network. It is the routing hub for all the network egress channels of all level-2 units. It is also the control, management, and maintenance center of the whole Beijing tobacco company wide area network.

A consortium router is used to connect the information center to the networks of the second-level units. Because it is located in the consortium center of the WAN, therefore, high packet forwarding and switching capabilities, sufficient access port types and quantities, and strong management and control capabilities are required. Therefore, the configuration of two Cisco 3662 routers in the Information Center of the municipal Bureau not only serves as a backup, but also ensures load balancing. It adopts advanced architecture design and high Routing Capability of the slave board, high Cost Performance and comprehensive support for new technologies such as voice images. For large-scale computer wide area networks such as Beijing tobacco, the routing backup function is indispensable, adding NM16-AM and NM-8B-S/T modules on Cisco 3662 in network design, the ISDN line or telephone dial-up network is used as a route backup line to ensure normal network operation and reduce paralysis time, which reduces economic losses.

4) Network Design of subordinate organizations such as district/county bureau companies

Each organization is configured with a Cisco 3640 or 2611 serial port connected to the local bureau through SDH or DDN lines. You can configure another ISDN interface as a route backup. Each organization, such as the district/county Bureau, has a Cisco 3640 or 2611 router, which is used for WAN Access. Cisco 3640 or 2611 is a modular structure. For its configuration of a NM-2FE2W network module, provides two fast Ethernet interface; for its configuration of a WAN Interface Card WIC-2T, using a synchronous serial port connected by the leased line and the city bureau. Configure a WIC-1B-S/t isdn interface as the DDN trunk backup; to achieve the subordinate distribution center and other units of Dial access, configure a NM-8AM module to provide 8 analog PSTN dial-up access.

5) IP Address Allocation

The Wan IP address of Beijing tobacco industry is designed in accordance with the industry standard tobacco industry computer network construction technical specifications. The subordinate organization obtains the IP addresses of one or more class c cidr Blocks Based on the network size.

3. Lan Design

In the LAN design, we integrate the information center network and the local area network, adopt a set of physical network devices, and use VLAN division of different virtual network segments to isolate the corresponding network and complete different functions. For details, see Figure 4.

The LAN is designed with a star structure. The Catalyst 6509 is designed for master-slave distribution that requires Gigabit expansion, high applicability, and multi-layer switching, and the application environment of servers in a centralized manner to form a high-speed and stable network backbone, it has high data exchange capability, VLAN division, layer-3 switching capability, and other performance. It supports switching backplane to 256 Gbps and multi-layer switching speed to 150 MPPS, combined with its broad IOS service functions, the Catalyst 6509 provides powerful network management, user mobility, security, high reliability, and multimedia support, meeting the enterprises' Intranet needs) demanding network services such as ERP) and network Voice Image usage. To ensure high system stability, redundant master control modules are configured in the trunk switch, including the layer-3 routing module of the engine. In this way, the trunk switch can implement automatic engine and route backup, ensure the normal and efficient operation of the system. The data center CIDR blocks, management CIDR blocks, and development CIDR blocks are divided into different CIDR blocks as needed. A floor switch is configured in the office wiring room, and two Gigabit Optical fiber channels are used for redundant uplink trunk switches to ensure the high-reliability access function of the LAN.

4. Network Security Design

1) Design of Internet egress and firewall Areas

We have designed a unified Internet egress for the Beijing tobacco industry wide area network to ensure Internet access control and protection of internal enterprise networks. When establishing an independent INTERNET egress for the Beijing Tobacco Monopoly Bureau, considering the openness of the INTERNET, we chose a cisco pix 520 as the firewall for the independent INTERNET egress and established a DMZ network segment on it. It uses a secure, non-UNIX real-time kernel to avoid attacks against the firewall technology, which is based on UNIX systems, supports up to 16,000 simultaneous connections, up to 45 Mbps network data transmission capability, and secure dynamic and static address translation.

2) Intrusion Detection IDS

We use IDS-4210 Sensor to serve the network security platform of the entire municipal bureau. Real-time intrusion detection is transparent to legitimate traffic and networks for unauthorized or attempted damages, interrupting their access to the network or suspending the attempt to destroy connections, real-time response has a comprehensive list of attack signatures, allowing you to detect a wide range of attacks and detect continuous attacks based on content and order.

3) network anti-virus Design

According to the Network Design of the Tobacco Monopoly Bureau, we chose the Norton AntiVirus for Windows2K solution, the Municipal Bureau information center establishes a control center and a level-1 anti-virus server. Each subordinate Unit establishes a level-2 anti-virus server and each customer terminal. Updates to the virus definition code and scan engine are distributed by the first-level anti-virus server in a timely manner. The control center can quickly and conveniently implement centralized management, with little impact on network performance.

4) VPN encryption technology

Considering the confidentiality of IC card electronic settlement systems and other very important data transmission, we have adopted 56-bit IPSec DES encryption and tamper-proofing technology in this project to form an industry VPN network, encryption of bidirectional flow data can effectively protect the transmitted data.

Iv. Analysis of Network Design Features

In the Beijing tobacco Wan construction project, we have adhered to the long-term development plan based on the current needs and future development of the Beijing Tobacco Monopoly Bureau, the computer network is built into a network system with a high starting point, secure and reliable, easy to expand and upgrade, and easy to manage and use. The Beijing tobacco WAN System has five main features:

1. Highlight Technical Advancement

The system has a high starting point on the basis of satisfying the practical requirements. It selects mainstream advanced products representing advanced network technologies in key links to ensure that the selected products have a good advanced nature, versatility and authority, the user will get better support and support, and the designed system has a long life. For example, CISCO's high-end Gigabit Switch, Gigabit network Ethernet technology, VLAN technology, layer-3 switching and other technologies. As an efficient Backbone Routing Protocol, OSPF establishes an advanced and mature network.

2. high security and reliability

Security of systems and data is important for enterprises. Therefore, the network system sets a security mechanism during data collection, storage, transmission, exchange, and use to ensure data correctness and reliability. For example, Beijing tobacco Wan adopts VPN technology, network anti-virus, intrusion detection IDS, and firewall.

Reliable system operation is the foundation of the entire system construction. In terms of design, we require all levels of networks to have network supervision and management capabilities, and properly consider the redundancy of key equipment and lines, so that we can perform online repair, replacement and expansion, protective facilities necessary to prevent exceptions have been established and improved.

3. fully considering the economics and Practicality

It adopts mature network technology and equipment and communication technology, while taking into account its own equipment, making full use of existing resources to protect the original investment; it not only meets the existing network interconnection and various application requirements of the tobacco industry in Beijing, but also provides good network support for new demands in the future.

4. Strong openness

The overall design of Beijing tobacco Wan adopts an open architecture, which makes the network easy to expand and upgrade, and has a strong adaptability to changes in the external environment. It supports smooth transition from new network technologies in the future, it can be upgraded and flexibly adjusted according to future needs of the Beijing Tobacco Monopoly Bureau (the company. For example, in the recent Beijing tobacco Wan scale-up and transformation project, only the online capacity is expanded, and the system can run in the new environment with only a small amount of modifications.

5. This project supports multiple service functions

The Beijing tobacco Wan can transmit a variety of data, voice information, and image and video information to ensure that video communication systems running on computer networks and application systems are not affected by each other, for example, the images and sound transmitted by the video conferencing system are clear and the effect is remarkable.

V. System Application Results

Over the past one year, Beijing tobacco Wide Area Network has been operating stably, ensuring the normal use of cigarette access and distribution systems, Municipal Bureau business platforms, centralized telephone ordering systems, IC card settlement and monopoly management systems, it laid a solid foundation for tobacco Informatization Construction in Beijing and achieved good economic benefits. In particular, this ensures the recent implementation of the "Project 1" of the National Bureau and the operation of the Beijing tobacco video conferencing system. Currently, the Beijing tobacco Wan truly implements the video and video conferencing system) and the audio telephone ordering system) the three-in-one integration with data transmission is a network system that truly has multimedia functions. The next step is to develop and apply online goods distribution, e-commerce, modern logistics, office automation, and other systems, the wide area network application will be greatly improved.