Management of large enterprise wide area networks of CNPC

 

Management of large enterprise wide area networks of CNPC

[2007-10-23]

 

For a large network, advanced transmission protocols are not enough, and advanced management systems and measures must be in place to manage the large and complex network of China Petroleum Wan, advanced network management technologies and software must be used to ensure the good operation of the entire network.

 

■ Liu Xiao, Guo Dong, CNPC

 

Planning route management and protocols

 

● Route management core protocol OSPF

 

Advanced network management technologies and software must be used to manage the large and complex network of CNPC Wan. The core protocol of route management adopts the advanced Open Shortest Path First Protocol (OSPF), and some other route management protocols are used to manage the China Petroleum Wan.

 

OSPF is a protocol that evolved from the OSI is-is protocol for Routing Management. It features the lowest cost routing, multi-path routing, and load balancing. This is a typical link status routing protocol used in the same routing domain. A routing domain is an autonomous system (AS), that is, a group of networks that exchange route information through a unified routing policy or routing protocol.

 

The OSPF protocol is based on the SPF (Shortest Path First) algorithm. Each router is taken as the root and the distance to each destination router is calculated.

 

● Autonomous system as and its division

 

As is a collection of network gateways and networks under the jurisdiction of a management entity in the wide area network. Members in this collection work closely together to disseminate Network Reliability Information and route selection information by using the selected internal gateway and its internal gateway protocol (IGP.

 

At the early stage of CNPC's wide area network construction, the remote channels were not many, so it was well managed using an as domain. Today, the number of connected network units has increased exponentially. Only by using multiple domains can the CNPC Wan meet management requirements.

 

China Petroleum wide area network is divided into 13 as, of which the headquarters of the joint stock company, the headquarters of the Group Company, and the exploration Institute are divided into 1 as, as the core as; 12 subordinate regions are divided into 12, the region network as does not transfer domains from other as, and is only connected to the core.

 

● Border Gateway Protocol BGP and its planning

 

Border Gateway Protocol (BGP) is a protocol designed specifically for TCP/IP Internet to transmit route accessibility information between multiple Autonomous Systems.

 

BGP synchronization is used to synchronize BGP routes and IGP (Internal Gateway Protocol) routes. A new route entry appears in an as instance. This route entry can be announced to other as instances only when all routers in the as instance know the route entry.

 

To achieve BGP protocol routing synchronization in as, the following two problems may occur:

 

BGP publishes routes to the IGP (Internal Gateway Protocol). BGP routes mainly come from outside the AS. IGP routers need to maintain a large number of external routes, causing high CPU and memory overhead, it also occupies a large amount of as internal link bandwidth. Therefore, for a small network, you need to disable synchronization in a short time.

 

However, for large internal networks, disabling synchronization does not allow timely transmission of route changes, but does not reflect the reality of the network. The solution to this problem is to use the route reflectors (RR) in the network ). One way to solve the BGP synchronization problem is to split the consortium, followed by using route reflectors.

 

The vrouters of the backbone network in the CNPC Wide Area Network are all in the same as. If no reflectors are needed, these routers must be connected completely, that is, any two routers must be configured with neighbors, resulting in N * (N-1)/2 problems. Among the 13 as regions, there are many other 12 as routers except the core areas. Therefore, route reflectors must be used in these regions. For the specific situation of China Petroleum Wide Area Network, the first-level Route Reflection can be used in the same region to meet the requirements.

 

● China Petroleum Wan OSPF plan

 

In each as, OSPF is only responsible for achieving the next hop loopback IP segment. When configuring OSPF, you only need to ensure that the IP segment and loopback network segment are interconnected between devices. In some regions, OSPF has been run independently and OSPF needs to be configured on the router to communicate with each other. Therefore, multiple OSPF processes need to be set up to ensure that the network segments of the same access layer are interconnected without redistribution. The access layer CIDR Block route is advertised to the backbone network through BGP on the router.

 

Each link must be assigned a cost value. The cost of a route is the sum of the cost of each link. The cost is configured on the vro port. The cost configurations on both ends of a link must be equal.

 

The WAN link speed of CNPC ranges from 2 Mbps to 2.5 Gbps. Currently, the maximum speed of the optical/electrical switch is 10 Gbps. Therefore, the reference speed of OSPF cost is set to 10 Gbps, that is, the cost of 10 Gbps is 1.

 

To reduce route entries and improve management efficiency, OSPF routes need to be aggregated. The link addresses of each non-backbone area are aggregated on the ABR (Regional Border Router) and then published to the backbone area; in the backbone area, link addresses are aggregated and sent to non-backbone areas. In the network center of the region with an ABR, link interconnection interfaces are aggregated on the vro, but the network center of the OSPF area is not aggregated. In addition, the mpls vpn Protocol requires that the loopback addresses of all devices are not aggregated.

 

Domain name management

 

The domain name indicates the name of the network space. The Domain Name Server is responsible for translating the domain name into an IP address. The internal IP address of CNPC uses 10.0.0.0 and the internal domain name uses PetroChina and CNPC.

 

Corresponding to the three-tier network architecture of CNPC Wan, Domain Name Server DNS is divided into three types: Root Domain DNS, Regional Network Center DNS, and regional company DNS. Domain names are divided into two levels: root domain. PetroChina and CNPC; second-level domain names XXX. PetroChina and XXX. CNPC. Second-level domain names include regional network center domain names and regional Company domain names.

 

The root domain DNS resolves and maintains domain names of regional companies and regional network centers. Only query requests from regional network center DNS are accepted. The DNS of the region Network Center maintains the resolution of domain names and hosts in the region network center. the query of PetroChina and CNPC domain names is forwarded to the root domain DNS, and requests for accessing the Internet are sent to the Internet. The domain name of the domain name and the resolution of the authorized host name and address.

 

Proper Selection of network management software

 

Network management software is divided into system management software and equipment management software. A good network management system must provide better automation and intelligent management capabilities for the networks under its jurisdiction.

 

China Petroleum has different informatization levels in various regions, and the network equipment, servers, and management software used in the past are also different. To this end, the company needs to choose a management software with strong management capabilities, good compatibility, high efficiency, and convenient tools for development. In view of the current situation and needs of companies in various regions, careful design and development are carried out to achieve efficient and comprehensive management across the network.

 

China Petroleum network management software, using NNM (Network Node Manager) as the foundation and platform, is integrated with other management applications to form a powerful integrated management environment.

 

System Management software uses it/operations and perfview/measureware agent products to manage system resource performance.

 

IT/operations is a centralized system problem management tool that can automatically detect system problems and remind administrators to solve the problems. You can configure and monitor variables related to system performance and resources; it can detect the CPU utilization, swap zone utilization, memory utilization, Nic usage, and file usage of the network system. Administrators can define and monitor key processes and services. Monitors and analyzes user logs, generates alarms immediately when an error occurs, and immediately runs the specified program locally.

 

Perfview/measureware monitors and manages performance indicators to quickly identify and solve existing and potential performance problems in the system, identify system bottlenecks, and help decision makers to develop solutions.

 

The China Petroleum network management system is deployed in layers at the headquarters, regional centers, and regional companies (). Management systems at all levels collect and associate all network operation events and send them to the event processing center located in the same level security operation center (SOC.