Network Solution of Chengdu Cigarette Factory

According to the situation of Chengdu cigarette factory, we have designed a network solution based on annett products.

As you can see, annett's solution still designs the entire network based on the core layer, aggregation layer, and access layer structure.

Core Layer

At the core layer, an annett high performance modular multi-layer switch AT-SB4008 is adopted. The AT-SB4000 series switches provide strong line rate switching performance, with no blocking forwarding on all types of ports for various lengths of L2, L3 data.

The core switch AT-SB4008 configured in this scheme adopts the distributed layer-3 switching technology to realize the data exchange and forwarding without blocking of the whole line speed. All the line cards of annett AT-SB4000 series switches have a fully L3 switching function and are synchronized with the L3 switching information of the switching control engine at any time.

Because each line card has a built-in layer-3 packet forwarding function, routes between different VLANs can be completely completed by each line card, instead of querying the exchange engine for each layer-3 data forwarding, this greatly reduces the burden on the Exchange Control Engine. Compared with the traditional centralized layer-3 switching technology, the distributed layer-3 switching has better scalability, because the layer-3 switching performance of the entire switch does not decrease with the increase of line cards.

Annett's switches adopt hardware ASIC-based layer-3 switching to ensure full-line rate packet forwarding. Therefore, annett AT-4008 can still provide a blocking rate of 100% when it is fully configured with all eight Gigabit line cards. This is especially important for Chengdu Cigarette Factory enterprises that require a large amount of data exchange and multimedia services.

Considering the central exchange power and Stability of the LAN, we recommend that the AT-SB4008 adopt a dual-switch control engine. The dual-switch control engine ensures that the slave engine can quickly take over all the data and work of the master engine in case of a primary engine failure to prevent the entire network from being completely paralyzed due to core network faults. Annett also attaches great importance to the reliability of power supply. We recommend that the AT4008 core switch of Chengdu Cigarette Factory Support 2 + 1 AC power backup. Annett's solution also ensures that the network can avoid spof as much as possible through the above measures.

The advantage of annett's AT-SB4008 is that the AT-SB4000 series switches provide market-leading QoS mechanisms, fine-grained control capabilities, helping users achieve bandwidth traffic control from the physical layer to above layer 4th, 128-Level traffic classification, with 64 K as the incremental Maximum/minimum bandwidth guarantee, allowing users to flexibly deploy Qos traffic management based on policies and Service Level Agreements, on the platform of high-speed, flexible and based on hardware exchange, AT-SB4000 achieves powerful QoS Control Function by combining IEEE 802.1Q/p, DiffServ, Rsvp and other protocols. Currently, users in various industries have different requirements on the network platform based on their own applications. For example, Chengdu cigarette factory hopes to distinguish different application data streams of common data and multimedia services on the same network platform, provides corresponding bandwidth protection policies and deploys multiple Independent Multicast Groups. AT-SB4000 series switches are designed according to different user expectations of traffic control, can truly provide to Chengdu Cigarette Factory a set of network that can support multi-service data platform, and can ensure service quality.

Access layer

The access layer network and the core layer are connected to the AT-SB4008 core switch using Gigabit Optical fiber, the switch is AT-8024GB or AT-8350GB.

The access layer uses AT-8024 to connect to the desktop. If there are many users and the number of AT-8024 ports is insufficient, annett's enhanced stack technology can solve this problem and greatly reduce network management tasks. First, the enhanced stack can expand the number of ports in the wiring room switch to meet the needs of some departments/departments in Chengdu Cigarette Factory. At the same time, two or more switches are stacked to form a logical switch. The benefits include:

Stack can simplify network management. All switches stacked together are a management unit rather than multiple management units from the perspective of network management;

Stack allows you to manage multiple switches by using only one management session. You can manage all switches in the same stack by managing Sessions of the primary switch;

Stack can save IP address space, because all switches in the same stack only need to assign one IP address to achieve network management;

Annett's enhanced stack allows switches to be more flexibly arranged anywhere in the network, freeing them from the limitations of the length of physical cables and making network design and planning more flexible. Internet access

Internet access is configured with a AR-745 modular router, connecting ISP lines using ddnleased line.

When the network of the Chengdu Cigarette Factory is connected to the Internet, if there is no professional firewall, malicious network attacks from the Internet are also introduced into the internal network. To prevent network attacks, you can purchase a Unix-based software firewall such as Check Point or a dedicated firewall device such as the Cisco PIX series ). Software-Based Firewalls are usually complex and have low performance. Dedicated firewall devices are costly. Annett's AR745 router's built-in firewall provides users with new solutions, while implementing security measures, while also saving enterprises a lot of money.

The AR745 router has a built-in status-based firewall function. Annett AT-AR700 series Router Based on the status detection firewall through the ICSA authentication, through the packet content detection and connection status detection, can provide effective protection for the Intranet. It provides a wide range of anti-DoS attacks, including death Ping, SYN/FIN flooding, Smurf attacks, port scanning, fragment attacks, and IP spoofing. After an attack, the router can automatically send an email to the police. AT-AR700 series routers also provide event triggering, firewall Event Logs and information statistics that will eventually generate a comprehensive security log. Two built-in 10/100 Mbps Ethernet ports can be divided into Intranet and Internet. After adding a 10 Mbps Ethernet module, you can create a DMZ zone.

Annett's state-based firewall is used to replace the traditional static firewall;

The status detection firewall dynamically sets up a filtering rule based on data streams;

Only authorized users can access the firewall;

The port number is opened as needed, and the firewall immediately closes the port once it is terminated;

All users with no specific points are filtered out.

Remote User Access

For remote user access, annett has two solutions: PSTN dial-up access and L2TP access.

PSTN access

When PSTN is used for access, an asynchronous interface with eight ports must be installed on the router AR745. In addition, an external MODEM pool is used to connect to PSTN through a common MODEM. Remote users or users on business trips need to dial up to the company and use PSTN for remote access.

AT-AR700 series router provides a more cost-effective, integrated Multi-Service Router platform, specifically for large and medium-sized enterprises, branch office design. These enterprises require high flexibility, management, scalability, and high-performance edge access routers. AT-AR700 series routers can provide excellent routing functions, VPN functions and firewall services, in line with IETF IPSec and ISAKMP standards, obtained ICSA certification.

To sum up, this scheme will all adopt international network protocols and standards, which can ensure that the networks of Chengdu cigarette factory are compatible with each other between devices of different manufacturers and maximize the protection of previous investments.