The 7-Day Golden Week has ended, and the majority of service-oriented enterprises have earned popularity and profits. In particular, chain-type fast hotels, shopping supermarkets, casual Internet cafes, commerce and other industries, the business volume during the holiday period has greatly increased, and the turnover is several times the usual. Behind such a hot business, a stable, fast, and secure information network system is particularly important. How can service-oriented enterprises find better solutions? I have consulted Mr. Wen haojian, a technical engineer of the famous network equipment manufacturer, and Mr. Liu jinghui, Head of Network Technology at Wuxi creative fashion hotel. based on actual work experience, I have summarized my experiences and experiences in network management and shared them with many users.
I. Network Value-added Service solution by technical engineers
This document mainly introduces a set of practical network value-added service solutions for Economical High-load network transmission, flexible bandwidth management, and holiday network requirements with high security.
1. bandwidth convergence: cost efficiency + high load on the buffer line
Taking budget hotels as an example, most of these hotels generally adopt services such as online booking, sales of travel tickets and train tickets to win more service profits and win more guests with convenience. The timely and efficient operation of these services must rely on stable networks and adequate bandwidth. However, in the face of the high load during the seven-day long vacation, once the originally normal network is blocked, delayed, or dropped, the hotel will not only lose economic benefits, but its reputation will also be affected, this will further affect the overall business efficiency in the future.
If the hotel's network access device has multi-Wan bandwidth convergence and load balancing functions, the above problems can be solved to a large extent. First, if you have the WAN bandwidth aggregation function, you can use multiple low-price ADSL lines at the same time to replace the expensive cost of fiber bandwidth upgrade, in addition, it satisfies the high bandwidth requirements for simultaneous operation of multiple services. Second, if load balancing is enabled, the high transmission load during peak network hours can be automatically diverted, enable network data from the corresponding line to speed up transmission.
|
Figure 1 Dynamic smart bandwidth management |
In addition to bandwidth convergence and Server Load balancer, the recently launched "line backup" application technology is worth introducing. Its main function is to use a line, use another line as the standby line for disconnection or exceptions. This function undoubtedly adds more network stability to the application status during holidays.
2. bandwidth management: prevents large bandwidth usage and reduces manpower Maintenance
When there are more customers on the 11th holiday, the bandwidth will become increasingly tight. If several people use P2P software, the entire network will be delayed or even congested. Although most of the current information systems have certain bandwidth control functions, most enterprises are still passive manual control measures. It requires enterprise network management to add control policies based on personal bandwidth usage, which is time-consuming and error-prone. Therefore, the bandwidth control effect is often unsatisfactory.
The smart bandwidth management solution of xiaonuo Technology focuses on the Multi-Application, difficult to control, and labor-consuming problems of enterprise network bandwidth during the festival. Based on the user's bandwidth application, the system will determine and automatically execute the bandwidth control policy to better solve the above problems. The following uses xianuo dynamic smart bandwidth management SmartQoS as an example to describe how to allocate the overall external bandwidth and the maximum bandwidth that a single user can use, the secondary penalty mechanism allows Intranet users to occupy large bandwidth in a short period of time. However, if they continue to occupy the bandwidth, this mechanism will continuously reduce the bandwidth available until they cannot access the Internet, in addition, it only needs to set the overall bandwidth size once. In the future, it will only need to adjust the large policies, so it does not need to be adjusted one by one for a single user.
This function should be very suitable for such enterprises during the long vacation. Not only does bandwidth control work well, but enterprises can also spare the corresponding manpower to participate in the holiday torch.
|
Figure 2 firewall configuration page |
3. Network Security: Attack prevention + permission Division
During the long vacation, due to the diversified network applications of enterprises, the wider the application area, the more open the Network Ports, the higher the possibility of network attacks, virus intrusion and other security problems. For example, commercial enterprises that are working overtime during the 11th day generally have applications such as online business negotiation, email sending and receiving, order submission, online banking, and customer management, once attacked by illegal criminals or viruses and Trojans, one or more processes will inevitably be affected. This will not only cause losses to enterprises, but also lead to theft and utilization of customer information, cause serious legal consequences.
To address security issues, the primary task is to prevent network attacks. ARP attacks are one of the most common forms of attacks. It is an intranet disaster for most enterprises, and some technical vendors cannot eradicate it. So far, it should be said that the simplest and most effective method is the "IP/Mac two-way binding" method, which was first proposed by the Sino team and has been widely used in the future, however, this method must be carried out manually and is relatively passive in implementation. The latest "smart double binding" technology has completely solved this problem. When the PC client only needs to press the next key, the system can automatically bind each PC end to the vro end in two directions. Remember each IP Address/MAC address and bind it automatically, enterprise Network Management does not need to be completed separately step by step. After preliminary application by some enterprises, it is confirmed that it can achieve the expected effect in Preventing ARP attacks.
If the "smart double binding" technology is used in combination with smart bandwidth management and firewall filtering, common DOS attacks, shock wave viruses, and some Trojans will be expected to be effectively prevented, in this process, real-time updates and upgrades of enterprise anti-virus software are essential. Of course, security protection for any network is not foolproof. To prevent unexpected "middle strokes" of the network management, you can use VLAN Technology to divide the enterprise network into multiple subnets, it is used to prevent the spread and spread of viruses and minimize the loss caused by viruses or attacks.
In addition to the above three solutions, the compatibility and scalability of network access devices and after-sales technical support are also very important. During the long vacation, enterprises will add corresponding application software or hardware devices because of their busy business. If they are compatible with powerful scalability, they can reduce a lot of extra costs and save management and maintenance time. In any case, as long as enterprise network administrators take very timely and effective measures to plan ahead, enterprises will not have any worries about network problems during the 11th holiday or during normal times, you can try to find the gold in the ocean.
2. working experience and experience of hotel Technical Director
In this autumn season, we ushered in the Golden Week of the 11 th. As a tourist city, there were not a few friends traveling to Wuxi during the Golden Week, which led to a high occupancy rate of the hotel in Xicheng, and many hotels were full, naturally, our hotel is no exception. Under such a high occupancy rate, smooth network and application management are the major tasks that the leaders have given me. During the Golden Week of the 11 th, our hotel's network had been operating well, and the hotel was always relaxed. How to effectively manage the hotel network is as follows: I will introduce my experiences and experiences through practical experience.
The router of our hotel uses xiaonuo FVR360v, which has been in use for more than a year and is more and more convenient. The router's user-friendly management policy greatly reduces the workload of network administrators. The following are my network management policies for the hotel, hoping to help our peers.
1. "dynamic and intelligent bandwidth management" to maintain Load Balancing
Since the advent of the P2P protocol, the phenomenon that it forcibly occupies all the bandwidth, leading to the inability of other machines in the LAN to access the Internet has caused a huge headache for the majority of network administrators. Therefore, xiaonuo technical staff have developed the SmartQoS function, "Dynamic smart QoS" allows you to set the overall external bandwidth size and the upper and lower limits of the bandwidth that a single user can use. After this is set, the vro performs dynamic and intelligent management, burst bandwidth needs can be allowed, but users who continue to use bandwidth will be limited, while improving the efficiency of the router.
In addition, FVR360v's "secondary penalty" mechanism allows a short period of big data traffic to be allowed, but continuous big data traffic is forbidden, which minimizes false management.
2. Powerful firewall to effectively prevent ARP and DOS attacks
A simple ARP attack is disguised as a gateway IP address, which forwards messages and steals usernames and passwords without causing a disconnection. The new ARP attack method slows down the entire LAN or occupies the gateway's computing power, resulting in a slow Intranet or network interface card. Even transient disconnection or disconnection across the network. In addition, Intranet IP spoofing is another form of ARP attack. Attackers may pretend to have the same IP address, causing IP conflicts between the attacked Computers and failing to access the Internet.
Therefore, Preventing ARP attacks has always plagued a large number of network administrators. The effective method is to bind IP addresses to MAC addresses on routers and clients, the computer in the office area and the computer in some rooms equipped with computers in our hotel have already taken this approach, but for the laptop that comes with the guests, what we use is to obtain the IP address through DHCP. In this case, the ARP attack prevention function on the router works.
DoS attacks are initiated by sending out a large number of network packets, occupying the Intranet bandwidth or the router's computing power. Another form of DoS attacks is Internet attacks, which often happens to users using fixed IP addresses. The FVR360v firewall also has one-click options to prevent DoS attacks, saving administrators a lot of trouble.
3. Voice alarms and prompt
Intelligent Voice Alarm is a user-friendly embodiment of FVR360v. An external speaker can be used to generate intelligent voice alarm. When a router is abnormal, the router will trigger an Intelligent Voice Alarm, in this way, the Network Administrator does not need to check the running status of the vro all day. If an exception occurs, an alarm is triggered immediately. Then, the network fault is eliminated Based on the alarm content.
4. Enable the remote configuration management function to know the network status at home.
After the vro remote configuration management function is enabled, you can access the vro through a browser at home, so that the network administrator at home can understand the running status of the vro. This is called a job break!
- · Network management solutions for various industries