Detailed description of the limitations on the Intranet PC of the Internet cafe Router

There are many other things worth learning about the internet cafe router. Here we mainly introduce the IP address-based speed limit of the internal PC, including the limit on the number of NAT links in the internal PC, and the ACL protection against network viruses. Currently, Internet-based applications of Internet cafe users have expanded from simple web browsing to more extensive fields such as QQ chat, VOD on demand, online games, education and training, and IP phones, the increasing number of these applications puts forward higher and higher requirements on the speed and stability of the network.

Therefore, the performance requirements of Internet cafe routers are also increasing: first, more and more features are required to be implemented in hardware; second, Internet cafe routers are required to adopt distributed processing technology, in order to improve the routing processing capability and speed. Third, the shared bus, which is easily congested, is gradually discarded and switchedRouting TechnologyTo ensure network stability.

It is precisely because of the complexity of Internet cafe applications that make network resources more tight. In such an environment, the disconnection of Internet cafe computers has become a heart problem that troubles Internet cafe owners and administrators. In order to avoid disconnection, major network equipment manufacturers have also made a lot of effort on the internet cafe router products. After long-term research and analysis on the internet cafe network application environment, we have developed a series of optimization measures and advanced functions for network applications in complex application environments. Let's take a look at the special technologies used in Internet cafe routers to prevent disconnection:

Internal pc ip address-based Speed Limit

Currently, many network applications, such as BT, e, Thunder, FTP, and online video, all occupy a very high bandwidth. Taking a 200-scale Internet cafe as an example, the outbound bandwidth is 10 Mbps, the average bandwidth of each internal PC is about 50 k. If a few people download resources in a crazy way and all the bandwidth is occupied, the network speed of others will be affected, large files are downloaded, and up to 1518 bytes of IP packets, that is, 1.5 kb. All applications downloaded are large packets. during network transmission, data packets are transmitted in units, if a few users are downloading at the same time, a large amount of bandwidth is occupied. If someone is playing online games at this time, a card may occur.

An IP address-based speed limit function can limit the speed of all PCs in the Internet cafe, and can respectively limit the upload and download speeds, which can limit the speed of all PCs in the Internet, you can also set the speed of a specified internal PC. How much is the speed limit suitable? It has something to do with the specific outbound bandwidth and the size of Internet cafes, but the minimum bandwidth should not be less than 40 kb. It can be set to-kb.

Limit the number of NAT links in an internal PC

NAT is the most widely used function in Internet cafes. Due to insufficient IP addresses, carriers generally provide one IP address to Internet cafes, while a large number of PCs exist in Internet cafes, so many pcs use this unique IP address to access the Internet. How can this problem be solved? The answer is NAT network IP address translation ). When an internal PC accesses the Internet, a corresponding list is created inside the internet cafe router. The list contains information such as the internal PCIP address, the external IP address to be accessed, the internal IP port, and the destination IP port to be accessed, therefore, each ping, QQ, download, or WEB access has a corresponding relationship list on the internet cafe router. If the network link corresponding to this list has data communication, these lists will be retained in the internet cafe router. If there is no data communication, it will take 20 to 50 seconds to disappear. For RG-NBR series routers, these time can be set), there are several network viruses, in a short period of time, tens of thousands of consecutive connection requests for different IP addresses, in this way, the Internet cafe router needs to establish more than NAT links for this PC.

Because the NAT links on the internet cafe routers are limited, if they are all occupied by these viruses and other people access the network, because there is no NAT link resource, the network may be inaccessible, resulting in a disconnection. In fact, this is because all NAT resources are occupied by network viruses.

In this case, many Internet cafe routers provide the ability to set the maximum number of NAT links for the internal PC, and can uniformly set the maximum number of NAT links for the internal PC, you can also restrict each PC. At the same time, these Internet cafe routers can also view the content of all NAT links to see which PC occupies the most NAT links, and the network virus also has some special ports, you can view the specific content of the NAT link and find out which PC has been poisoned.

ACL protection against Network Viruses

Network viruses are emerging in an endless stream, but they are full of tricks. All Network viruses are transmitted over the network. The data packets of Network Viruses must also follow the TCP/IP protocol, a certain source IP address, and a destination IP address, source TCP/IP Port, destination TCP/IP Port, the same network virus. Generally, the destination IP port is the same. For example, the port of the shock wave virus is 135, and the port of the shock wave virus is 445, as long as these ports are restricted on the vro, the external virus will not be able to access the Intranet through the unique entry of the Internet cafe router. packets initiated by internal network viruses, due to restrictions on Internet cafe routers, vrouters can reduce the amount of network bandwidth occupied by virus packets without processing them.

Excellent Internet cafe routers should provide powerful ACL functions, which can restrict network packets on Intranet interfaces, or restrict virus network packets on the External King interface, you can also restrict incoming network packets.

Ping prevention for WAN Port

In the past, there was a post that, in order to engage in cross-site, as long as a large number of people ping this website, this website will be cross-site. This is called a Denial-of-Service attack, with a large amount of useless data requests, he has no time to take care of normal network requests. Hackers On the network need to scan each IP address on the network before initiating an attack. One common scan method is ping. If there is a response, it indicates that this IP address is active, it can attack, this will expose the target, at the same time if there are a large number of packets outside the RG-NBR series of Internet cafe router Ping request, will also drag the internet cafe's RG-NBR series of Internet cafe router.

Currently, most Internet cafe routers have designed a WAN port to prevent ping, which can be enabled easily and easily. All data packet requests sent from external ping packets are dumb, this will not expose your own targets, but also prevent external ping attacks.