A prefecture-level government generally uses two networks to build an office network and a network of public services. Port network can be used hammer series of switches to form a office network, the whole network has the following three major features:
Million trillion core
The equipment of the core layer of the office network needs to adopt large capacity and intelligent multilayer switching features. According to the development of network technology and the positioning of product application, it can be recommended to use the Gigabit backbone Intelligent Multilayer routing switch BigHammer6808 with a capacity of up to 256G, which can fully meet the network requirements of thousands of broadband users, and provide fast intelligent processing process.
Considering the city government intranet will carry out a variety of business, will introduce a variety of broadband real-time business capabilities, which requires intelligent multilayer switches, in the 4th layer is the transport layer, should have a large number of accurate flow based on TCP port capacity. The traditional three-layer switch supports only one layer of IP, but it can't control the multimedia real-time traffic accurately, and it needs to increase the overhead in the security implementation, which is not conducive to the operation of the core network high-speed exchange.
Achieve the overall security of the network
Due to the specific requirements of government departments, the security of the entire system must be taken into account. In order to realize the overall security of the whole network, the government office network can be prevented from the following aspects.
The network structure Security strategy: through the reasonable network plan design, causes this backbone network to realize the physical link and the physical equipment backup, the application dynamic routing protocol, achieves the network level automatic backup, in the important network node as well as for some important network business module, uses the double machine hot backup the setting, Avoid the network data exchange or the single point of failure of the business module, fully consider the physical link protection.
LAN and Host Security policy: according to the function of the module to divide the LAN into multiple VLANs, control network traffic, improve network efficiency, prevent network eavesdropping. Different VLAN, its security level can be different. For critical servers, turn off service ports that do not need to be open, restrict user operations, prevent illegal operations, and provide redundancy mechanisms.
User access security Policy: Internal network users implement the mechanism of port isolation, all user ports can only be achieved through the core switch to interconnect. To users, the use of Mac+ip+port authentication methods to provide network services, the use of 802.1X certification methods to improve access to the user's control capabilities.
Network-level management of intelligent security
The effective network management system can quickly locate and eliminate the faults, reduce the complaints of the network users, guarantee the priority of the important users and the application business, and improve the overall use efficiency of the net. Recommend the city government adopt the intelligent neural tree concept of Harbor network management software Hammerview. It is the Harbor Network innovation management software, it puts forward the concept of intelligent security management system from the angle of customer and the reality of maintenance, and as a new generation of enhanced network element level network management system, it can make intelligent and secure network level administration for the whole network equipment of the harbor. Hammerview is based on Java technology, supports applications across operating system platforms, supports all current mainstream operating systems such as Microsoft Windows2000, Solaris, and is easily integrated into open platforms such as HP OpenView, CA Unicenter. Hammerview has three main characteristics:
Intelligent. Automatic scheduling of the whole network application business. Full-Network fast configuration of QoS, can be based on port, MAC, ACL, VLAN, as well as the application of business FTP, HTTP browsing, video, voice services, such as the policy configuration.
Safety. Active protection of the whole network security, remote security alarm. Broadcast attacks are suppressed automatically, and when a network device is attacked by a malicious broadcast, the corresponding port of the switch (configured Hammerview beforehand) can be automatically shut down or controlled by Hammerview. SMS alarm, can be set 5 alarm, police-type is divided into voice alarm, visual alarm, e-mail and mobile phone message alarm.
Management. Mobile network management (fault location, distributed decentralization, cluster management). The port loopback accurately locates the fault point, and the internal and external loop test can locate the fault point on the user side. Distributed Authority management is suitable for the network management needs of the future government networks planning; In order to save the IP resources, the cluster administration of the low-end two-tier switch is saved. An IP command switch can manage 36 fool switches.