How exchange technology breaks the bottleneck of Intranet Applications

With the rapid development of e-commerce and distance learning, more and more functional requirements for Intranet networks are required. The faster the speed, the higher the security performance. The two main causes of network bottlenecks are network bandwidth and firewall (proxy server) bandwidth. To solve these two problems, an economical and feasible solution is to adopt exchange technology.

Network switching improves the performance of exchange devices through existing network technologies. It is a combination of data link layer interconnection devices and network physical layer interconnection devices. The widespread adoption of exchange technology has played a positive role in solving the bottleneck of the Intranet network.

I. network bandwidth

The Campus Network (CEN) built in the early stage was running the 10BASET network. Whether it was running multimedia network teaching or e-commerce, it was far from meeting the customer's needs. In recent years, most of the new networks have been built on 100BASETX fast Ethernet, or 100BASETX Fast Ethernet as the main trunk. The 10/100 M Adaptive hub is used to connect to the original 10BASET network, and its data transmission protocol is half duplex. Because the hub is shared, machines in the same network segment share the inherent bandwidth, and the transmission is carried out through collision detection, the more computers in the same network, the more transmission collisions, the slower the transmission speed. In addition to the use of hubs in old network connections and networks with low bandwidth requirements, hubs are gradually exiting the Intranet backbone network. Replacing Ethernet switches is an inevitable trend. In Western Europe and other developed countries, the new enterprise network no longer uses hubs.

The working principle of an Ethernet switch is that each port has a fixed bandwidth and has a unique transmission mode, namely, Cut Through/Fragment Free/Store and Forward, which adopts full duplex technology, the network bandwidth can be doubled. That is to say, Ethernet switches can be used in a 200 M fast Ethernet Network to increase the network bandwidth to M.

However, it must be noted that, although the workgroup switch can be connected to a secondary hub, it cannot enable the full duplex function of the switch. That is to say, even if the user's computer uses an Ethernet card that supports full duplex, if the network is not fully running in the switching status, it still cannot run in the full duplex status. Network administrators can rationally allocate network users based on this feature. Whether it is 10 M Ethernet or m fast Ethernet, you can use a hub stack, or use a switch to connect to the hub to increase the network speed.

An enterprise trunk-level switch must be able to provide a two-speed (10/100 M) Adaptive port. You can select an optical fiber or a Gigabit Ethernet expansion module. The optical fiber module can provide a high-bandwidth, non-congested Packet Exchange environment, in addition to advanced network management and other basic functions. Department switches usually have interfaces that support 100MBASE-FX optical fiber network to connect to the trunk switch. Workgroup switches adopt modular stacked switches to achieve Mbit/s switching to the desktop.

Ii. Proxy server bandwidth

Another bottleneck of campus network bandwidth is the bandwidth connected to the Internet. Most of the domestic leased line access bandwidth is only 64 ~ Between 256 kb and kb, most of them use proxy servers to speed up Intranet access. For internal network security, proxy servers all have firewall functions, but the current firewall has great defects.

1. Protection against external attacks.

According to the survey, 2000 of the world's largest 80% companies suffered losses due to computer security leaks, and more than 50% of security incidents occurred inside the firewall. Therefore, for security, a firewall is usually set up for a certain network segment in the Intranet.

2. high investment and low output.

The performance of the server-based firewall is too low, and the bandwidth of the firewall is only 50 ~ 80 Mbps. Currently, the maximum rate of firewall is about 40 ~ The throughput of 50 Mbps does not guarantee the security of DS3 (45 Mb/s) or above. With the increasing prevalence of High-Speed WAN links, this traditional model has been broken. That is to say, server-based firewall has become a new bottleneck of the network, with high investment costs and network complexity.

The new security mode allows you to add firewall functions anywhere in the network, so as to protect critical information from attacks without affecting network performance.

Firewall proxy is a revolutionary new concept. The implementation method is to combine the firewall Exchange Proxy on a Gigabit Ethernet switch, and adopt the line rate TCP/IP firewall (through routing or bridging), line rate L2, L3 exchange, line rate L2, L3, L4 classification, Ethernet QoS implementation, and other new technologies. To implement network security policies, vswitches and vrouters must be able to identify application streams, which are also called stream classification. Firewall proxy is a software that supports status classification by line rate and provides a comprehensive dynamic status manager for a specific application or an application interface that provides this capability. As the firewall switching proxy performs fire detection at a wire speed, network designers can deploy a firewall at any switch location in the network to protect sensitive data without worrying about affecting network performance.

1. Softswitch technology competing with next-generation communication network technology