How to handle dropped vrouters in an Internet cafe application environment

Source: Internet
Author: User

Currently, Internet-based applications of Internet cafe users have expanded from simple web browsing to more extensive fields such as QQ chat, VOD on demand, online games, education and training, and IP phones, the increasing number of these applications puts forward higher and higher requirements on the speed and stability of the network. Therefore, the performance requirements for routers in Internet cafes are also increasing accordingly: first, more and more functions are required by hardware. Secondly, the routers are required to adopt distributed processing technology to improve the routing processing capability and speed. Third, the shared bus that is easy to cause congestion is gradually abandoned, the exchange routing technology is used to ensure the stability of the network.
It is precisely because of the complexity of Internet cafe applications that make network resources more tight. In such an environment, the disconnection of Internet cafe computers has become a heart problem that troubles Internet cafe owners and administrators. In order to avoid disconnection, major network equipment manufacturers have also made a lot of effort on the internet cafe router products. After long-term research and analysis on the internet cafe network application environment, we have developed a series of optimization measures and advanced functions for network applications in complex application environments. Let's take a look at the special technologies used in Internet cafe routers to prevent disconnection:
Internal pc ip address-based Speed Limit
Currently, many network applications, such as BT, e, Thunder, FTP, and online video, all occupy a very high bandwidth. Taking a 200-scale Internet cafe as an example, the outbound bandwidth is 10 Mbps, the average bandwidth of each internal PC is about 50 k. If a few people download resources in a crazy way and all the bandwidth is occupied, the network speed of others will be affected, large files are downloaded, and up to 1518 bytes of IP packets, that is, 1.5 kb. All applications downloaded are large packets. during network transmission, data packets are transmitted in units, if a few users are downloading at the same time, a large amount of bandwidth is occupied. If someone is playing online games at this time, a card may occur.
An IP address-based speed limit function can limit the speed of all PCs in the Internet cafe, and can respectively limit the upload and download speeds, which can limit the speed of all PCs in the Internet, you can also set the speed of a specified internal PC. How much is the speed limit suitable? It has something to do with the specific outbound bandwidth and the size of Internet cafes, but the minimum bandwidth should not be less than 40 kb. It can be set to-kb.
Limit the number of NAT links in an internal PC
NAT is the most widely used function in Internet cafes. Due to insufficient IP addresses, carriers generally provide one IP address to Internet cafes, while a large number of PCs exist in Internet cafes, so many pcs use this unique IP address to access the Internet. How can this problem be solved? The answer is NAT network IP address translation ). When an internal PC accesses the Internet, a corresponding list is created inside the vro. The list contains information such as the internal PCIP address, the external IP address to be accessed, the internal IP port, and the destination IP port to be accessed, therefore, each ping, QQ, download, or WEB access has a list of corresponding links on the vro. If the network link corresponding to the list has data communication, these lists will be retained in the vro. If there is no data communication, it will take 20 to 50 seconds to disappear. For RG-NBR series routers, these times can be set)
There are several kinds of network viruses that will send tens of thousands of consecutive connection requests for different IP addresses in a short time, so that the vro needs to establish more than NAT links for the PC.
Because the NAT links on the vro are limited, if they are all occupied by these viruses and other people access the network, the resources without the NAT link will become inaccessible, this is because all NAT resources are occupied by network viruses.
In this case, many Internet cafe routers provide the ability to set the maximum number of NAT links for the internal PC, and can uniformly set the maximum number of NAT links for the internal PC, you can also restrict each PC.
At the same time, these routers can also view the content of all NAT links to see which PC occupies the largest number of NAT links, and the network virus also has some special ports, you can view the specific content of the NAT link and find out which PC has been poisoned.
ACL protection against Network Viruses
Network viruses are emerging in an endless stream, but they are full of tricks. All Network viruses are transmitted over the network. The data packets of Network Viruses must also follow the TCP/IP protocol, a certain source IP address, and a destination IP address, source TCP/IP Port, destination TCP/IP Port, the same network virus. Generally, the destination IP port is the same. For example, the port of the shock wave virus is 135, and the port of the shock wave virus is 445, as long as these ports are restricted on the vro, the external virus cannot enter the Intranet through the vro's unique entry. packets initiated by internal network viruses, because of the limitations on the vro, The vro does not process it, which can reduce the amount of network bandwidth occupied by virus packets.
Excellent Internet cafe routers should provide powerful ACL functions, which can restrict network packets on Intranet interfaces, or restrict virus network packets on the External King interface, you can also restrict incoming network packets.
Ping prevention for WAN Port
In the past, there was a post that, in order to engage in cross-site, as long as a large number of people ping this website, this website will be cross-site. This is called a Denial-of-Service attack, with a large amount of useless data requests, he has no time to take care of normal network requests.
Hackers On the network need to scan each IP address on the network before initiating an attack. One common scan method is ping. If there is a response, it indicates that this IP address is active, it can be attacked, this will expose the target, at the same time if there are a large number of packets outside the RG-NBR series router Ping request, will also drag the internet cafe RG-NBR series router cross.
Currently, most Internet cafe routers have designed a WAN port to prevent ping, which can be enabled easily and easily. All data packet requests sent from external ping packets are dumb, this will not expose your own targets, but also prevent external ping attacks.

Related Articles]

  • All solutions for xinnet ejiafang
  • Advanced routing technology to prevent Internet cafes from going offline
  • Analysis of Reasons for Broadband Router disconnection

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.