At present, almost any slightly larger enterprise or school will establish a LAN for use, the network is already everywhere. As a local network administrator, the network speed is very important. How to effectively use the bandwidth to avoid unnecessary speed loss, so as to optimize the entire network, is a very important issue.
This article attempts to discuss some factors that affect the enterprise's network performance, hoping to help readers.
I. design success or failure
The design determines the speed of the entire network. A good overall network planning design not only meets the performance requirements, but also requires a minimum investment. It should also be easy to support expansion of the network in the future. Network Design is a very big topic, from the selection and configuration of vswitches and vrouters, to comprehensive cabling, there are a lot of knowledge. My personal suggestion is that inviting a very experienced designer or hiring a network cabling company is the best choice for an enterprise to create a network. In my early experiences, there were two different connection methods for the same device. The two methods are equivalent in theory, but no matter how you try it, you just can't connect to the Internet, later, a master just changed the position of a wire and connected it. In many cases, experience is far more important than books.
Generally, a good design meets the following requirements:
Function: the network must work. To meet your business needs, you must provide connections between "user-to-user" and "user-to-application" with reasonable speed and reliability.
Scalability: this network should be able to grow. The initial design should be able to increase network growth without making major changes to the global structure.
Adaptability: this network should be designed with a long-term vision, taking into account the future development of technology. In addition, it should not include factors that restrict the development of new technologies in the network.
Easy to manage: network monitoring and management should be supported to ensure continuous and stable operation.
Ii. Services, servers and QoS
The stability of enterprise networks is usually determined by the stability of some key servers and services. Usually, in a modern enterprise, some MIS and ERP systems are used to manage the enterprise. In some large enterprises, the management and operation based entirely on computer information systems are even realized. Therefore, to ensure the smooth operation of the entire enterprise, the network management system must ensure the stable operation of these information systems at all costs.
Most enterprise management information systems generally use B/S (such as SAP) and C/S (J2EE and. Net) architectures. Regardless of the architecture, a high-end server is indispensable. Although modern technologies such as J2EE are stable and reliable, the server load is several times that of the early stages. By using dual or quad Xeon processors, SCSI interfaces of hard disks, raid arrays, or increased memory, the server performance can be greatly improved. At the same time, it is also a good way to buy a famous network card for the server or upgrade to Gigabit Ethernet instead of the "goods available" of 2 or 30 yuan. Of course, given that Oracle, Bea, IBM
Support for Linux has been increased recently. All products have been transplanted to the Linux platform, and the service features of Linux are indeed better. Therefore, users may consider the Linux platform. If the company is very large, the use of large factory servers such as IBM, HP and the complete solution is far better than a common server that you think is very good.
Face = verdana> QoS is a technology recently advocated by vswitches and software vendors. QoS can ensure the stability of key services of enterprises. By retaining a certain bandwidth in the vswitch to key service data packets, the performance of key services can be guaranteed. However, enabling QoS means that more than 20% of the normal network communication speed is lost. Therefore, to enable QoS for Enterprise Network and online business-intensive networks, otherwise, disable it.
Iii. Routing and switching
The configuration of vswitches and routes is also an important factor in network performance.
The most common way to improve performance is to set a VLAN. VLAN virtualizes physical connections to multiple subnets in the same way. The biggest function of a VLAN is to prevent broadcast storms. Generally, if a broadcast packet occupies more than 30% of all communication packets, the network performance will be significantly reduced. Now, almost all switches provide VLAN
. Although it is a little difficult to set a VLAN, it is recommended that the network management can configure a VLAN because of its significant performance improvement. Setting computers with high frequency of mutual access in the same VLAN and separating computers with high independence will significantly improve the performance. In addition, enabling full-duplex support for NICs and switches can also improve performance. At the same time, different Switch Networks (Cisco and 3Com
All have their own vswitch patented technologies to speed up.
The router function is to connect two different networks. For small and medium-sized enterprises, it is usually connected to the top vswitch as a bridge between the Internet and lan. The router is an extremely complex and advanced machine. Of course, vrouters are very expensive. if small and medium-sized enterprises do not have high requirements for Internet performance, you can simply install and create a Windows
Internet access
Server is used as a connection to the Internet server, or a cheap and easy-to-use Linux machine as a soft route, or install a proxy server software (Microsoft
Proxy Server/Unix
Squid ). However, the router is very powerful and has a very good speed. Therefore, if possible, an enterprise should try its best to purchase a router that meets the enterprise's requirements. Generally, the routing protocol is the PPP that connects to the ISP. There is not much improvement in the configuration. Some routers support ACL access control, and some traffic can be blocked through reasonable configuration, increasing the network bandwidth.
Iv. bottlenecks and traffic
Network administrators must constantly sniff packets on the network to find out what is actually transmitted online. If employees in an enterprise use P2P software such as on-demand video or BitTorrent, the network bandwidth, especially the LAN egress bandwidth, will have a huge impact. In my school, the number of Internet users has not increased much in the past year, but the access speed to the public network has slowed down, because the number of point-to-point connections has increased significantly. If your business is very concerned with information exchange with the Internet, the network management service must remind you or simply block it from the firewall.
Software such as BitTorrent ensures normal enterprise information channels.
Most of the bottlenecks can be solved by purchasing more bandwidth lines from Internet service providers or providing higher-level high-speed switches. However, I believe that the key is to use the existing bandwidth. For example, for apsaravideo for VOD, if you use IPTV Software Based on Cisco exchange technology, it can effectively solve the internal video network bottleneck.
5. Security and security
External networks have a great impact on internal DoS attacks and port scanning has a great impact on enterprise networks. Therefore, installing a firewall or purchasing a hardware firewall can always solve many network problems. In particular, there are a wide variety of hacking tools and they are very useful, as well as how to use them in magazines. The potential danger to the Internet is enormous (SADLY ). Moreover, the network management system must scan computers in the LAN to see if hackers have opened backdoors. It often looks at log logs and is alert for exceptions. Of course, the most important thing is to always pay attention to the latest software upgrade information and subscribe to the security email list.
Second, it is difficult to prevent internal thieves. Therefore, the passwords of vswitches and hosts must be highly confidential, and the network topology should be kept as confidential as possible. Turn off the HTTP Management Service of the route and switch. For important data service units, such as SQL
Server, MySQL server, you can disconnect it from the LAN, only connect it to the desired host into a separate subnet, or install firewall software, only allow access from a fixed IP address.
In short, sudden network traffic changes must attract high security attention.
The 802.1x protocol can authenticate the identity of computers connected to the network to prevent unauthorized access to the network. Most vswitches support this protocol. We recommend that you use this protocol.
Vi. Details
Connection: each computer in the LAN is connected by twisted pair wires. However, the two computers are not simply connected to each other by means of twisted pair wires, we must follow certain connection rules. The connection distance between twisted pair wires cannot exceed 100 meters. If we need to connect two computers over 100 meters, we must use a conversion device. When connecting the conversion device and the switch, we must also perform the jumper. This is because in Ethernet, two pairs of twisted pair wires are usually arranged at the positions 1, 2, 3, and 6. If not, instead, the original configuration is used separately to form crosstalk, which has a great impact on network performance. The 10 m network environment is not obvious. In a m network environment, if the traffic is large or the distance is long, the network cannot be connected. Of course, do not use inferior crystal headers and cables.
Strictly enforce the grounding requirements: because some weak signals are transmitted in the LAN, if the operations are slightly improper or fail to follow the specific operation requirements of the network equipment, interference information may occur in the network, and serious interference may cause the entire network to fail. In particular, some network transfer equipment, due to remote lines, have very strict requirements on grounding, otherwise the network equipment will not reach the specified connection rate, in this way, various inexplicable failures occur during the network connection process.
Equipment Protection: Put the switch group and server in a dusty room. Of course, if there is a central data center, it would be best. I often look at it and scan the gray. For Heat Dissipation fans, it is best to have two backups. You must have at least a clue about the network cable, which can be found in case of an error. These can help the network to operate normally.