CN109587026A - A method of large and medium-sized enterprise's Network Programe Design based on Java - Google Patents
A method of large and medium-sized enterprise's Network Programe Design based on Java Download PDFInfo
- Publication number
- CN109587026A CN109587026A CN201811345021.1A CN201811345021A CN109587026A CN 109587026 A CN109587026 A CN 109587026A CN 201811345021 A CN201811345021 A CN 201811345021A CN 109587026 A CN109587026 A CN 109587026A
- Authority
- CN
- China
- Prior art keywords
- network
- config
- enterprise
- configuration
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0663—Performing the actions predefined by failover planning, e.g. switching to standby network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/22—Alternate routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to be specially adapted for administrative, business, finance, management, supervision or the data processing system or method of prediction purpose;What other classifications did not included is specially adapted for processing system or the method and technology field of administrative, business, finance, management, supervision or prediction purpose, a kind of method of large and medium-sized enterprise's Network Programe Design based on Java is disclosed, according to user and specific network design VLAN;Determine the unique IP address for being connected to each interface of host of network;Progress configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, aaa server is arranged, relevant device configuration is arranged in network management control;Operation test is carried out to the Network Programe Design of setting.Advanced information service and production environment can be provided for departments at different levels, office automation and the integrated management for improving each department are horizontal;Improve the quality of administrative staff and staff.
Description
Technical field
The invention belongs to be specially adapted for administrative, business, finance, management, supervision or prediction purpose data processing system or
Method;Administrative, business that other classifications did not included be specially adapted for, finance, management, supervision or prediction purpose processing system or
Method and technology field more particularly to a kind of method of large and medium-sized enterprise's Network Programe Design based on Java.
Background technique
Currently, the prior art commonly used in the trade is such thatThe great variety and the world that internet is rapidly developing are each
The information industry on ground generates far-reaching influence.Competition has become a kind of trend in world market.The China of 21 century is market
The direction of diversification, globalization is developed.For large enterprise, while development strategy is adjusted, competitive strategy must take into account the whole world
Market, and everything information platform will also be based on to utilize computer networking technology and the network planning, the principle of network, with true
It protects smooth.More and more domestic enterprises or are being considered as at the information of Internet/Intranet technology building
The corporate planning of reason system.Since the information of modern enterprise is greatly mostly from internet, by network, enterprise can more quickly from
The information that world market obtains;By internet and extraneous exchange of information, Corporate Planning can make rapidly correct enterprise
Macro adjustments and controls and decision, to adapt to the development trend in market.Company links together with the world, greatly improves collection information
Ability and efficiency.With the continuous development of Intranet technology, Computer Company has been gradually applied to each key position,
To greatly improve the working efficiency of enterprise.For large enterprise, this point is even more important.With some large enterprises according to
The person's character of oneself, as there is more demands on network.Such as China Telecom, China Netcom, Bank of China, they need for network
Network path, flow cannot be broken a very important thing.Because most of China are entire financial and communicate all
These companies, the stability of their network are directly related to country and the various aspects such as politics and economic base.Therefore, for this
The network design of a little large enterprises must take into account traffic and other details.Another in the China services network of today is important
Problem is safe.Due to the Later development of the network of China, network security is not to be made fine.With many no matter from structure
Upper or technically unreasonable design, which has been engaged in the network of early stage, many problems, this also results in the network security of bad luck
Property.Enterprise is in some key sectors (such as finance), if there is criminal modifies or steal business in network file using it
The loophole of secret, at the same it is also even destructive to oneself irreparable harm.For different companies, to service network
Detail it is also not identical.Intranet (Intranet) is the technology of Internet (Internet) in enterprise or closing
User group.Briefly, Intranet is to utilize Internet technology, especially ICP/IP protocol, and complete internal network.This
Kind technology allows the interoperability of different computers platform, does not consider their position.Also referred to as user can be in any meter
It accesses on calculation machine or is accessed from any computer.Based on the reality to these problems, enterprise must from concept intranet and
Relevant computer networking technology, the network construction and construction plan embodiment of detailed design enterprise are advanced to realize, peace
Entirely, practical, reliable target.Enterprise diagnosis network demand, more various network technologies, from the actual angle Selection LAN of discussion
Backbone network, cable, various lectotype selections, network security, network management.When enterprise development to certain scale, there are many companies to exist
Field office.Then, to accelerate enterprises information flow, enterprise needs to connect general headquarters and branch.Telecommunication network enterprise
Demand be: by connecting in entire corporate networks, realize the quick transmission of data, office automation, it is final realize enterprise without
Paperization office;There are the IP address and domain name of oneself in enterprise, establishes the web host in company, outwardly publicizes corporate image,
The business activity of company and newest fruits etc.;The long-distance call of most of IP phone companies is saved, video conference can pass through IP
Network is realized;Entire company needs reliable a, operation cost for the communication system afforded;Realize telnet and its
His network service;Multiple functional, a wieldy management information system is established, examines general headquarters and branch throughout electronics
The business criticized, can coordinate after the completion of work.Realize structured wiring, network design and planning, resource-sharing, access via telephone line are mutual
The technology of networking, www server, hardware and software configuration and other partition enterprises is implemented.It is competing facing to fierce market
It strives, company is increasing to workloads such as the collection of information, transmission, processing, storage, inquiry and forecast and decisions, electricity originally
Brain is merely resting on the mode of single machine work, and the data between each department can not achieve shared, and working efficiency is caused to be greatly reduced, pure
Pure manual management mode and means have been unable to adaption demand, this will seriously interfere the survival and development of company.Social progress requirement
Enterprise must change existing backward management system, management method and means, and the new image established a modern enterprise system establishes this enterprise
Automated management information system (i.e. corporate lan), to raise the management level, increase economic and social benefit.It is modern large-scale
Enterprise network should have a more intelligent network management solution, be growing with meeting network size, and maintenance needs more
Complicated work.Current network has been developed as " application-centered " information basic platform, needs network management energy
Power has increased to service layer, the needs that traditional Intelligent Network Element cannot effectively support network management to develop.Example
Such as, man power and material positions work in Networked E-Journals cable fault, and flexible service is disposed to different subscriber policies, access control
The work of system and network audit log and virus control and the network operation and management process etc., due to consuming setting to network
The intrinsic limitation of standby ability is also all a part of time-consuming, laborious task.Therefore, modern large-enterprise network is urgent
The ability of the network equipment needed support has " application-centered " intelligent network O&M, and it is soft that intelligent management can be set
Part, the network management personnel to free from hard work.Modern large-enterprise network needs to provide preferably end-to-end
QoS guarantee, to meet the multiple service supporting net of business demand.The large-enterprise network that goes from strength to strength of enterprise is carried, rather than it is simple
Singly increase bandwidth, be effectively protected the smooth exchange of data, so net must be taken into consideration in the large-enterprise network construction of today
The degree of network should be urgent and critical event identification application, such as video, audio, data flow (MIS, ERP, OA, backup number
According to).Can schedule network resources, guarantee bandwidth, delay and clog-free transmission priority, to realize the reasonable management of business
Important and urgent business, while being that a large-enterprise network provides the guarantee service of " high-quality ".Modern Large enterprise network
Network should have higher bandwidth, more powerful performance, to meet the ever-increasing communication requirement of user.With computer technology
Rapid development, network-based application is more and more, and the enterprise network of today has been developed as a multiple service supporting platform.
Not only to continue to implement Policies of Office Automation In Enterprises, the simple data service such as web page browsing, while also carry various operations and relating to
And the data and bandwidth and the very high IP phone of multimedia service delay requirement of production business application system, video conference etc..
Therefore, data traffic will greatly increase, and especially propose unprecedented requirement in the data exchange of core network.In addition,
As the cost of gigabit port continues to decline, the application of gigabit to desktop will become mainstream, in the near future, enterprise network.
Since global interchanger market analysis in 2004 can be seen that be exactly gigabit large-scale application really it is fastest-rising
10Gbps case type interchanger, it is seen that it is horizontal.Therefore, the enterprise network of today, which has become, million to arrive to gigabit backbone
Network construction of the desktop as a standard, core layer must have with layer, to establish an accessible " high-quality gigabit backbone
Bandwidth and process performance the rank " large-enterprise network, to adapt to network size, the increasing need of portfolio of net.Clothes
For the performance indicator of business device as a network server program, performance is primary index forever.Performance can be such defined that
In given hardware condition and time, the task amount that is capable of handling.The server of hardware performance can be maximally utilised
Design is only good design.Good server is designed it should also be taken into account that average service, for each client, server
It should give each client average service, cannot allow some client that cannot service for a long time and " starvation " occurs
Situation.Scalability, that is to say, that with the raising of hardware capabilities, the performance of server can linearly increase therewith.It realizes
The calculating of high performance one actual server of approach be it is very complicated, be often mixed with IO calculate and CPU calculate.IO meter
The computation model, such as file server, mail server etc. referred in calculating task based on IO is calculated, a large amount of network is mixed with
IO and file I/O;CPU calculating refers to no or few IO in calculating task, such as encryption/decryption, coding/decoding, mathematical computations
Etc..In CPU calculating, single thread and multithreading modelling effect are comparable.It says in " performance of Win32 multithreading " " one
In the computer of a uniprocessor, the concurrently execution speed of the task based on CPU can not be faster than serially executing speed, but this
Invention can see, and thread creation and the overhead of switching are very small at Windows NT;For very short calculating, and
Hair executes only than serially executing slow 10%, and with the increase of computational length, the two times are just very close." as it can be seen that
For pure CPU is calculated, if only one CPU, multithreading model is inappropriate.Consider that one executes intensively
CPU calculate service, if there is tens such threads concurrently execute, excessively continually task switching result in it is unnecessary
Performance loss.On programming is realized, single-threaded model computation model is very inconvenient for server program design.Therefore,
It is that comparison is appropriate that CPU, which is calculated using thread pool working model,.QueueUserWorkItem function is very suitable for one
A CPU calculating is put into thread pool.Thread pool realization will make great efforts to reduce this unnecessary thread switching, and control simultaneously hair line
The number of journey is the number of CPU.It really needs and concerns that IO is calculated, general network server program is usually associated with largely
IO calculate.The end that high performance approach is IO to be avoided waiting for is proposed, causes CPU idle, to utilize hardware capabilities as far as possible,
One or more I/O devices are allowed concurrently to execute with CPU.Previously described asynchronous IO, APC, IO completing port can reach this
Purpose.For network server, if client concurrent request number is fewer, just with simple multithreading model
It can deal with.As soon as operating system will dispatch another if thread is because wait I/O operation to complete and be suspended
The thread of thread puts into operation, concurrently executes to be formed.Classical network server logic mostly uses greatly multithreading/multi-process side
Formula is initiated in client to when the connection of server, server will will create a thread, and the thread for making this new is located
Manage subsequent transaction.It is this very intuitive come the programmed method for representing a client object with a special thread/process, easily
In understanding.For large-scale network servers program, there is limitations for this mode.Firstly, creation thread/process and pin
Ruin the feelings that thread/process cost is very high, especially uses TCP " short connection " mode or UDP mode to communicate in server
Under condition, for example, in http protocol, after client initiates a connection, send a request, server response this request
Afterwards, connection is also turned off.If designing HTTP server using classical mode, thread/pin is excessively continually created
Ruining thread influences to be very severe caused by performance.Secondly, client connects even if taking TCP " long connection " in an agreement
This connection is just always maintained at after upper server, classical design method is also to possess a drawback.If client concurrent request amount is very
Height, in the case that synchronization has many client waiting for server to respond, it will there is excessive thread concurrently to execute, frequently
Thread switches a part of computing capability that will use up.In fact, often prematurely being exhausted if concurrent thread number is excessive
Physical memory, most time consumptions are in thread switching, because thread will also cause memory paging while switching.Finally
Cause server performance sharply to decline, needs to deal with while having the network server of a large amount of client concurrent requests for one
It says, thread pool is unique solution.Thread pool, which not only can be avoided, continually creates thread and destroying threads, and can
A large amount of client concurrent requests can be handled with the seldom thread of number.It is worth noting that, little for a pressure
Network server program design, the present invention do not recommend any of the above skill.The feelings of task can be completed in simple design
Under condition, it is very unwise, very madness that thing, which is made very complicated,.
In conclusion problem of the existing technology is:Traditional Intelligent Network Element lacks to urgent and critical event
Identification application;Broadband performance is poor, does not adapt to present gigabit port;Server performance is poor;Traditional enterprise network security
Measure be mainly to pass through the deployment of firewall, IDS, anti-virus software, and realize disease with the ACL of switch or router
The defence of poison and hacker attack, these Passive Defence measures can not efficiently solve enterprise network security problem.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of, and large and medium-sized enterprise's network planning based on Java is set
The method of meter.
The invention is realized in this way a method of large and medium-sized enterprise's Network Programe Design based on Java, the base
Include: in the method for large and medium-sized enterprise's Network Programe Design of Java
Step 1, according to user and specific network design VLAN;
Step 2 determines the unique IP address for being connected to each interface of host of network;
Step 3 carries out configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, AAA clothes
Being engaged in, device is arranged, relevant device configuration is arranged in network management control;
Step 4 carries out operation test to the Network Programe Design of setting.
Further, the HSRP configuration of the step 3 is configured using warm back-up HSRP technology.
Further, the Routing Protocol configuration of the step 3 uses EIGRP agreement.
Further, the crucial three-layer equipment routing table of operation test point and network connectivty validation test of the step 4.
Further, the testing procedure of the crucial three-layer equipment routing table is as follows:
(1) couple in router R1 routing table;
(2) core layer switch HX1 routing table.
Further, steps are as follows for the network connectivty validation test:
(1) our department's access-layer switch SW1 accesses server;
(2) other places branch company R4 accesses server;
(3) other places branch company SW10 accesses our department's access switch.
In conclusion advantages of the present invention and good effect are as follows:Network of the invention has certain flexibility, realizes
The quick transmission of data, office automation may finally realize enterprise's paperless office;And enterprise using oneself IP address and
Domain name can establish the web host of company, outwardly publicize corporate image, the business activity of company and newest fruits etc.;Simultaneously
The long-distance call of most of IP phone companies is saved, video conference can be realized by IP network;Realize telnet and its
His network service;So that general headquarters and branch is spread the business of electronic approval, can coordinate after the completion of work;The present invention can be whole
A enterprise provides efficiently smooth information superhighway and environment is supported in public service, formed one with it is reliable, fast, can provide
Information management system based on the computer network of multiple functions, can be provided for departments at different levels advanced information service and
Production environment, while the office automation and integrated management level of each department are improved again;Change traditional idea in management and pipe
Reason mode improves the quality of administrative staff and staff;It frees staff from many and diverse hand labour, increases
Economic and social benefit.
Modern large-enterprise network should have a more fully reliability design, realize real-time network flow, guarantee
Normal production and operation.As enterprise is transferred to the network that different service applications is integrated into a computer more and more,
There is no network communication interrupt operation to have become key, to ensure normal production and operation.Modern large-enterprise network should provide
Better network security solution reduces the economic loss of enterprise to prevent the attack of virus and hacker.Traditional enterprise network
The measure of network safety is mainly to pass through the deployment of firewall, IDS, anti-virus software, and is come with the ACL of switch or router
Realize the defence of virus and hacker attack, but these prove that Passive Defence measure can not efficiently solve enterprise network security
Problem.Enterprise network have become company today manufacturing operations important component, modern enterprise network must from
The access control at family is arranged, a series of security control, with the HIV suppression of initiative recognition data packet, to effectively guarantee enterprise
The stable operation of industry network.
Detailed description of the invention
Fig. 1 is the method flow diagram of large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java.
Fig. 2 is that the network of the method for large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java is set
Meter figure.
Fig. 3 is that the network of the method for large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java is opened up
Flutter figure.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Integrated Management Information System is to realize enterprise information management and office automation and build, it can be entire enterprise
Industry provides efficiently smooth information superhighway and public service and supports environment, formed one with it is reliable, fast, can provide it is a variety of
Information management system based on the computer network of function can provide advanced information service and production for departments at different levels
Environment, while the office automation and integrated management level of each department are improved again.Change traditional idea in management and management mould
Formula improves the quality of administrative staff and staff;Free staff from many and diverse hand labour;Therefore, build
Vertical one it is reliable, practical, be easily managed, the intranet with comprehensive advanced level is necessary.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As shown in Figure 1, the method packet of large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java
Include following steps:
S101: according to user and specific network design VLAN;
S102: the unique IP address for being connected to each interface of host of network is determined;
S103: configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, AAA service are carried out
Relevant device configuration is arranged in device setting, network management control;
S104: operation test is carried out to the Network Programe Design of setting.
As the preferred embodiment of the present invention, the HSRP configuration of the S103 is configured using warm back-up HSRP technology.
As the preferred embodiment of the present invention, the Routing Protocol configuration of the S103 uses EIGRP agreement.
As the preferred embodiment of the present invention, the crucial three-layer equipment routing table of operation test point and network of the S104 tetra-
Connectivity Verification test.
As the preferred embodiment of the present invention, the testing procedure of the key three-layer equipment routing table is as follows:
(1) couple in router R1 routing table;
(2) core layer switch HX1 routing table.
As the preferred embodiment of the present invention, steps are as follows for the network connectivty validation test:
(1) our department's access-layer switch SW1 accesses server;
(2) other places branch company R4 accesses server;
(3) other places branch company SW10 accesses our department's access switch.
Application principle of the invention is further described combined with specific embodiments below.
1, system of the invention
The enterprise is located at Tangshan City High-Tech Development Zone, and company needs network support there are three building.These three buildings
It is respectively: No. 1 building, No. 2 building and No. 3 building.No. 1 building totally three floor, including market department, Finance Department, sales department.No. 2 building totally three floor, packet
Include management department.No. 3 three floor of building, including Human Resource Department, client service center.Wherein there are 8 computers in market department, and Finance Department has 10
There are 15 computers in computer, sales department, and there are 10 computers in Human Resource Department, and there are 20 computers, management department in client service center
There are 10 computers.
Center of three floor in No. 2 building as whole network, herein server, router and core switch framework,
Then network is expanded to optical cable management department, No. 1 building and No. 3 building in No. 2 building.
Specific network design figure is as shown in Figure 2.
2, the research of feasibility
2.1 technical feasibility
2.1.1 important technology
1)VLAN
VLAN (virtual LAN) is referred to as " virtual LAN " in China.VLAN is that lan device will be drawn by logic
It is divided into a network segment, to realize the virtual workgroup of emerging data switching technology.This emerging technology is mainly used in interchanger
And router, but still in being switched to mainstream applications.But not all interchanger has this function, and second floor has this function
VLAN agreement before switch only has above.
The target of VLAN (virtual LAN, virtual LAN) is very more.It, can be definitely by understanding the property of VLAN
Know their use.
Firstly, the present invention, which must be known by 192.168.1.2/30 and 192.168.2.6/30, belongs to different network segments, it is necessary to
Those are accessed by router, and who is wanted access to each other in different fields, it is necessary to pass through router.The essence of VLAN refers to
One network segment, why referred to as virtual LAN, because it is to create a virtual router interface.
The advantages of VLAN: the broadcast on limitation network, network, which is divided into multiple VLAN, can reduce setting for participation broadcast storm
Standby quantity.LAN segment can prevent broadcast storm from spreading all over whole network.VLAN can provide that establish firewall excessive to prevent
Broadcast the mechanism of exchange network.Using VLAN, it can be switch port or distribute to the user of specific VLAN group, the VLAN
Group can or cross over multiple switch in an exchange network, and broadcast will not be by the VLAN outgoing in a VLAN
It send.Equally, adjacent port not will receive broadcast and generate others VLAN.This can reduce broadcast traffic, and release bandwidth is to use
Family application program reduces the generation of broadcast.
2) two-node cluster hot backup
Two-node cluster hot backup technology is a kind of higher error-tolerant applications scheme of software and hardware combining.The program is by two-server
System and an external shared disk disk array cabinet (can also not have, but take RAID card in respective server) and corresponding
Two-node cluster hot backup software composition.
In this fault-tolerant networks, operating system and application program are mounted on the local system disk of two-server, whole
The data of a network system are by disk array centralized management and data backup.Data centralized management is to pass through two-node cluster hot backup
The data of all websites are directly read from central storage device and are stored, and are managed by professional by part system, greatly
Ground protects the safety and confidentiality of data.The data of user are stored in external shared disk array, in a server
When failure, standby host actively substitutes host work, guarantees that network service is uninterrupted.
Dual-machine hot backup system guarantees contacting for main system and back-up system using " heartbeat " method.So-called " heartbeat ", refers to
Be between master-slave system mutually according to certain time interval send communication signal, show the current operation shape of respective system
State.Once " heartbeat " signal stops showing that host system breaks down or back-up system can not receive " the heart of host system
Jump " signal, then the high availability management software of system thinks that host system breaks down, and host stops working, and system is provided
Source is transferred in back-up system, and back-up system plays a role host is substituted, to guarantee that network service operation is uninterrupted.
3)DHCP
DHCP is the abbreviation of dynamic host configuration protocol (dynamic host configuration protocol), its predecessor BOOTP.BOOTP is most
Just for host disk on non-network connection: network host guide optical ROM, rather than and be connected to network, BOOTP can
To automatically configure these hosts of TCP/IP environment.But BOOTP has a disadvantage that you must be provided with the hardware address of client in thing
It is obtained before first, corresponding IP is static.In other words, BOOTP lacks " dynamic " very much, if in a limited money
In the environment in source, IP, BOOTP correspond the very serious waste that can lead to resource.DHCP can be described as BOOTP, it is divided into
Two-part enhancing version: one is server end, and the other is client.It is concentrated by Dynamic Host Configuration Protocol server and dhcp client
It manages all IP network configuration datas and is responsible for processing request;And the environment number that the IP server that client uses distributes
According to.Using DHCP, (in addition to IP address, server can send identical across the allocation of computer available message of file
Subnet mask, default gateway, dns server and others TCP/IP are configured).Compared to BOOTP, DHCP is effective through " lease "
It is arranged with the TCP/IP of dynamic distribution client, and is considered as compatible concept, the need of bootp client is fully utilized in DHCP
It wants.DHCP distribution form: firstly, you must an at least Dynamic Host Configuration Protocol server on network, it listens to DHCP request net
Network, and discuss and the TCP/IP of environment and client is arranged.
4)HSRP
HSRP: Hot Standy Router Protocol (HSRP: Hot Standy Router Protocol) is a kind of unique technology platform, is thought
Section is the proprietary protocol of cisco.
The agreement includes multiple routers, a corresponding HSRP group.This group only has a router forwarding and undertakes the responsibility
Customer flow, this is active router.When active router breaks down, it is new as one that backup router will undertake the role
Active Routers.This is the principle of warm back-up.
Realize that more than one condition is HSRP route system, they form one " warm back-up group ", which forms one
A virtual router.At any one time, the router in only one group is movable, by forwarding data packet, if active ways
When being broken down by device, router will select a backup to carry out replacement activity router, but the host in network view is empty
Quasi- router, which has, not to be changed.So host still maintains connection, failure does not influence main body, to solve Switch Router
Problem.
5) eigrp routing protocol
The advantages of EIGRP is the privately owned Routing Protocol of Cisco, it combines distance vector and link state, its spy
It puts and includes:
Fast convergence
Part updates
Support multiple network layer protocol
Use multicast and unicast
It supports variable length subnet mask (VLSM)
It is seamlessly connected data link layer protocol and topological structure
6) aaa authentication
AAA, network service;It authorizes (authorization): the result of the network identity validation service based on the opening to user;Charging
System.Network management and safety problem in the entire system is highly effective.
Firstly, authentication section provides subscriber authentication.Entire certification is usually inputted the power of username and password by user
Limit audit.It is that each user has a unique privilege to obtain standard by the principle of certification.Aaa server and user
Standard criterion database, and check whether each user.If it is, then user is certified.If not provided, so refusing
Linking Internet is provided.
Next, user can also obtain the permission by the respective task of Authorized operation.For example, being used after landing system
The order that family can execute is operated, and then, licensing process will test whether user has the permission for executing these orders.Letter
For list, which is a series of force policies, including a combination: determining the type or matter of activity, resource or service
The user of amount is allowed to anything.Licensing process occurs in authentication context.Once user has passed through certification, phase will be awarded in they
The permission answered.The number of resources that last step allows for the user consumed during the connection process will be calculated.These resource packets
The Connection Time or user included during the connection process sends and receives traffic etc..Log can connect process and use according to statistics
The process of account is realized in the activity of family information and authorization control, charging, trend analysis, resource utilization and capacity planning.
2.1.2 technology is analyzed
1)VLAN
There are 6 departments in company of the present invention, wherein network center, management department and the client service center of No. 2 three floor of building are to network
Response speed requires highest, and the requirement of other 4 departments is taken second place.So when dividing VLAN, it is necessary to embody each
The priority of VLAN.Therefore, the method for dividing VLAN is to divide VLAN by user.
2) two-node cluster hot backup
It is the central node of network since the center of whole network is in three floor in No. 2 building, burden weight.Central node is once
It breaks down, then the whole network is impacted.So needing two servers when purchasing equipment, and two-node cluster hot backup is configured,
To improve the reliability of network.
3)DHCP
It needs to configure IP address for router interface and all PC machine interfaces in Configuration network.Since there are many node,
Workload for each PC manual configuration address is quite big, so the present invention will use DHCP technology.
4)HSRP
The effect of core layer switch is fast-forwarding, if it breaks down, will lead to the paralysis of lower layer's all-network.
So the redundancy that backup to core layer switch.This has just used three layers of redundancy: warm back-up HSRP.
5) eigrp routing protocol
EIGRP is the proprietary protocol of Cisco company.EIGRP combines link state and distance vector type Route Selection association
The Cisco specialized protocol of view can not be sent and regularly be routed more using disperse correction algorithm (DUAL) Lai Shixian fast convergence
New information supports the multiple networks layer protocols such as Appletalk, IP, Novell and NetWare to reduce the occupancy of bandwidth.
6) aaa authentication
Aaa server (aaa server) is capable of handling the server program that user requests access to.Authentication vs. authorization clothes are provided
Business account number.Aaa server is usually identical NS software, gateway server, database and user information, such as cooperation
Working directory.With aaa server by network connection to cooperating for server interface be " remote authentication Dial-In User Service
(RADIUS)”。
2.2 economic feasibility
2.2.1 important equipment
1) server
Server, also referred to as servomechanism.Server is the high-performance computer in network environment, it listens to other on network
The service request that computer (client computer) is submitted, and corresponding service is provided, for this purpose, server must have the service of undertaking and
Ensure the ability of service.
The basic parameter as shown in table 1 of IBM System x3250M4 (2583I19)
2) core switch
Core switch is not the switch of a type, in the core layer (network backbone part) of the switch.
Computer will have to spend a certain number of core switch, and taproot interchanger does not have road below 50
By device.For the network architecture of so-called core switch, if it is several computers in a Small-scale LAN, eight switches can claim
It is small core interchanger on obtaining!In the core switch of the network industry, there are Network Management Function, powerful the 2nd layer or handling capacity
3 layers of interchanger, in the network of 100 multiple stage computers, if you want stabilizations and high-speed cruising, core switch is
It is essential.
The basic parameter of core switch M6506-24GT/8SFP is as shown in table 2.
3) access layer equipment
Under normal conditions, the part that user is directly connected to network is known as network or the access of access layer, and effect is fair
Permitted the terminal user's access layer for being connected to network, so with characteristic at low cost and high port density, access-layer switch.
The basic parameter of H3C S1550 is as shown in table 3.
4) router
Router (router) is connected to each LAN of internet, WAN device, it can automatically select and according to circumstances with
Optimal path configures routed channels, according to the sequence before the signal of sending device.Router is the hinge of internet, " is handed over
Logical police ".Router has been widely used for all trades and professions at present, and the product of various class has become backbone network, realizes various
Inside connection, the main force of backbone interconnection and interoperability and the Internet backbone network service.
The basic parameter of CISCO 7206VXR is as shown in table 4.
2.2.2 device analysis
Equipment summary sheet needed for constructing large and medium-sized enterprise's network is as shown in table 5.
As a large and medium-sized enterprise, total assets 40,000,000 or more, annual sales amount more than 30,000,000 RMB, and
The expense of all devices, which is added together, needs 293935 RMB.There is no economic pressures for a large and medium-sized enterprise.And
And can promote to link up between employee by enterprise network, working efficiency is improved, bring economic benefit absolutely can exceed that exploitation
Cost.
3, demand analysis
In order to adapt to the business development of information technology, to meet stable operation and network, the construction of enterprise network of today
Ever-increasing communication requirement has higher requirement than the network construction of the traditional forms of enterprises, below will be by analyzing the following aspects
To cook up one for network topology optimum target.
3.1 enterprise demand
Facing to fierce market competition, company is to the collection of information, transmission, processing, storage, inquiry and forecast and decision
Etc. workloads it is increasing, computer originally is merely resting on the mode of single machine work, and the data between each department can not achieve altogether
It enjoys, working efficiency is caused to be greatly reduced, pure manual management mode and means have been unable to adaption demand, this will seriously interfere company
Survival and development.Social progress requires enterprise that must change existing backward management system, management method and means, establishes existing
For the new image of enterprise, the automated management information system (i.e. corporate lan) of this enterprise is established, to raise the management level, is increased
Add economic and social benefit
Integrated Management Information System is to realize enterprise information management and office automation and build, it can be entire enterprise
Industry provides efficiently smooth information superhighway and public service and supports environment, formed one with it is reliable, fast, can provide it is a variety of
Information management system based on the computer network of function can provide advanced information service and production for departments at different levels
Environment, while the office automation and integrated management level of each department are improved again.Change traditional idea in management and management mould
Formula improves the quality of administrative staff and staff;Free staff from many and diverse hand labour;Therefore, build
Vertical one it is reliable, practical, be easily managed, the intranet with comprehensive advanced level is necessary.
3.2 functional requirement
3.2.1 Network Management Function
Modern large-enterprise network should have a more intelligent network management solution, to meet network size increasingly
Expand, maintenance needs more complicated work.Current network has been developed as " application-centered " information basic platform,
Network management capabilities are needed to have increased to service layer, traditional Intelligent Network Element cannot effectively support network management
The needs of development.For example, man power and material positions work in Networked E-Journals cable fault, flexible service is to different user's plans
It slightly disposes, the work of access control and network audit log and virus control and the network operation and management process etc., due to
The intrinsic limitation of the ability of the equipment of network is consumed, is also all a part of time-consuming, laborious task.Therefore, modern big
There is an urgent need to the abilities of the network equipment of support " application-centered " intelligent network O&M for type enterprise network, and can set
Intellective Management Software is set, the network management personnel to free from hard work.
3.2.2 identification information function
Modern large-enterprise network needs to provide better end-to-end QoS and guarantees, is held with meeting the multi-service of business demand
Support grid.The large-enterprise network that goes from strength to strength of enterprise is carried, rather than simply increases bandwidth, is effectively protected the unimpeded of data
Exchange, so the degree that network must be taken into consideration in the large-enterprise network construction of today should be that urgent and critical event identification is answered
With such as video, audio, data flow (MIS, ERP, OA, Backup Data).Can schedule network resources, guarantee bandwidth, prolong
It to realize the important and urgent business of the reasonable management of business, while being one large-scale enterprise late with clog-free transmission priority
Industry network provides the guarantee service of " high-quality ".
3.3 performance requirement
3.3.1 broadband performance
Modern large-enterprise network should have higher bandwidth, and more powerful performance is ever-increasing logical to meet user
Letter demand.With the rapid development of computer technology, network-based application is more and more, and the enterprise network of today has developed
As a multiple service supporting platform.Not only to continue to implement Policies of Office Automation In Enterprises, the simple data service such as web page browsing,
Various operations are also carried simultaneously to be related to producing the data of business application system and bandwidth and multimedia service delay requirement very
High IP phone, video conference etc..Therefore, data traffic will greatly increase, and especially propose in the data exchange of core network
Unprecedented requirement.In addition, the cost with gigabit port continues to decline, the application of gigabit to desktop will become mainstream,
In the near future, enterprise network.From 2004 global interchanger market analysis can be seen that be exactly gigabit large-scale application
The case type interchanger of fastest-rising 10Gbps is really started, it is seen that horizontal.Therefore, the enterprise network of today has been
As can not million arrive network construction of the gigabit backbone to desktop as a standard, core layer must have with layer, to establish one
Accessible " bandwidth and process performance the rank " large-enterprise network, to adapt to network size, industry of high-quality gigabit backbone
The increasing need of business amount.
3.3.2 server performance
For the performance indicator of server as a network server program, performance is primary index forever.Performance can
To be such defined that in given hardware condition and time, the task amount being capable of handling.Hardware can be maximally utilised
The server design of energy is only good design.Good server is designed it should also be taken into account that average service, objective for each
Family end, server should give each client average service, cannot allow some client for a long time cannot service and
The situation of " starvation " occurs.Scalability, that is to say, that with the raising of hardware capabilities, the performance of server can be in therewith
Linear increase.Realize high performance one actual server of approach calculating be it is very complicated, be often mixed with IO calculating
It is calculated with CPU.IO calculates the computation model, such as file server, mail server etc. referred in calculating task based on IO, mixes
A large amount of network I/O and file I/O are closed;CPU calculating refers to no or few IO in calculating task, such as encryption/decryption, compiles
Code/decoding, mathematical computations etc..In CPU calculating, single thread and multithreading modelling effect are comparable." Win32 multithreading
Performance " in say that " in the computer of a uniprocessor, the concurrently execution speed of the task based on CPU can not be than serial
It is fast to execute speed, but the present invention can see, thread creation and the overhead of switching are very small at Windows NT;It is right
In very short calculating, concurrently execute only than serially executing slow 10%, and with the increase of computational length, the two times are just
It is very close." as it can be seen that if, only one CPU, multithreading model is inappropriate for pure CPU is calculated.
Consider that executes the service that intensive CPU is calculated, if there is tens such threads concurrently execute, excessively continually task
Switching results in unnecessary performance loss.On programming is realized, single-threaded model computation model designs server program
It is very inconvenient.Therefore, CPU is calculated using thread pool working model is that comparison is appropriate.QueueUserWorkItem
Function is very suitable for a CPU calculating being put into thread pool.Thread pool realization will make great efforts to reduce this unnecessary thread
Switching, and the number that the number for controlling concurrent thread is CPU.The present invention, which really needs, concerns that IO is calculated, general net
Network server program is usually associated with a large amount of IO and calculates.The end that high performance approach is IO to be avoided waiting for is proposed, is caused
CPU is idle, to utilize hardware capabilities as far as possible, one or more I/O devices is allowed concurrently to execute with CPU.Previously described asynchronous IO,
APC, IO completing port can reach this purpose.For network server, if client concurrent request number ratio
If less, it can be dealt with simple multithreading model.If a thread is because wait I/O operation to complete and hung
It rises, operating system will dispatch another ready thread and put into operation, concurrently execute to be formed.Classical network service
Device logic mostly uses greatly multithreading/multi-process mode, initiates in a client to when the connection of server, server will be created
Build a thread, the thread for making this new handles subsequent transaction.It is this that a visitor is represented with special thread/process
The programmed method of family end object is very intuitive, should be readily appreciated that.For large-scale network servers program, this mode there is
Limitation.Firstly, creation thread/process and destroying threads/process cost are very high, TCP especially is used in server
In the case that " short connection " mode or UDP mode communicate, for example, after client initiates a connection, sending one in http protocol
A request, after this request of server response, connection is also turned off.If designing HTTP service using classical mode
Device, then excessively continually creation thread/destroying threads influence to be very severe caused by performance.Secondly, an even if association
TCP " long connection " is taken in view, client is just always maintained at this connection after connecting server, and classical design method is also to have disadvantage
Disease.If client concurrent request amount is very high, in the case that synchronization has many client waiting for server to respond, it will
There is excessive thread concurrently to execute, frequent thread switches a part of computing capability that will use up.In fact, if concurrent thread number
If mesh is excessive, physical memory is often prematurely exhausted, most time consumptions are in thread switching, because thread switches
While will also cause memory paging.It eventually leads to server performance sharply to decline, one is needed to deal with while having a large amount of
For the network server of client concurrent request, thread pool is unique solution.Thread pool not only can be avoided frequently
Ground creates thread and destroying threads, and a large amount of client concurrent requests can be handled with the seldom thread of number.Value
It obtains it is noted that the network server program little for a pressure designs, the present invention does not recommend any of the above skill.?
Simple design can be in the case where completion task, and it is very unwise, very madness that thing, which is made very complicated,.
3.4 reliability requirement
3.4.1 equipment dependability
Modern large-enterprise network should have a more fully reliability design, realize real-time network flow, guarantee
Normal production and operation.As enterprise is transferred to the network that different service applications is integrated into a computer more and more,
There is no network communication interrupt operation to have become key, to ensure normal production and operation.Modern large-enterprise network it is reliable
Property design mainly in terms of following three the considerations of.
The reliability design of the device: it not only to check whether the network equipment realizes the redundancy backup of critical component, also examine
Look into the various network equipments of type that engine is handled from whole design framework etc..
Reliability design service: in network equipment failure handoff procedure, either the normal operation of business is impacted.
Reliability design friendly link: linking secure Ethernet is selected from mulitpath, so work as the network construction of enterprise,
Consider whether the network equipment can provide the effective means of link self-healing, and is the support of Fast Reroute protocols.
3.4.2 network security
Modern large-enterprise network should provide better network security solution, to prevent the attack of virus and hacker,
Reduce the economic loss of enterprise.The measure of traditional enterprise network security is mainly to pass through the deployment of firewall, IDS, anti-virus
Software, and realize with the ACL of switch or router the defence of virus and hacker attack, but these proof Passive Defences
Measure can not efficiently solve enterprise network security problem.Enterprise network have become company today manufacturing operations weight
Component part is wanted, modern enterprise network must be arranged from the access control of user, a series of security control, with initiative recognition number
According to the HIV suppression of packet, to effectively guarantee the stable operation of enterprise network.
4, design and realization
4.1 network topological diagram
Network topology structure refers to the physical layout of various apparatus interconnection transmission mediums, which type of is using net in a manner of
Network connects computer and other equipment.Topological diagram provides network server, work station, network configuration, main hub-and-spoke configuration, ring
Shape structure, bus structures, distributed architecture.
There are three buildings in company in present system, is No. 1 building, No. 2 building and No. 3 building respectively.The wherein core of entire company
1 floor and 2 floor of the heart management department in No. 2 building, three floor of the center of whole network in No. 2 building.Current most of Web vector graphics are opened up
Flutterring structure has 3 kinds: hub-and-spoke configuration, ring structure and bus structures.The wherein particularly suitable present system of hub-and-spoke configuration.Because
No. 2 three floor of building of present system is the administrative center of whole network, centered on node, be used for centralized control whole network.
6 departments of company are communicated as branch node by central node.
Hub-and-spoke configuration, which compares, simultaneously meets the needs of company is to network.Hub-and-spoke configuration has the advantage that
1) control is simple.Any website is only connected with central node, thus media access control method is simple, causes
Access protocol also very simple.It is easy to network monitoring and management.
2) fault diagnosis and isolation are easy.Connection line, which can be isolated, in central node one by one carries out fault detection and determines
Position, the failure of single point of attachment only influence an equipment, will not influence the whole network.
3) facilitate service.Central node reconfigures each serve sites and network with can be convenient.
But hub-and-spoke configuration also has one disadvantage in that, central node burden weight.Central node once breaks down, then the whole network by
It influences.So needing two servers when purchasing equipment, two-node cluster hot backup is generallyd use to this centring system, to mention
The reliability of high system.
Network topological diagram is as shown in Figure 3.
Illustrate: in No. 2 three floor of building, each VLAN1 to VLAN40 is corresponding by server, three-tier switch and network management VLAN in figure
Each department.
4.2VLAN dividing
This system divides VLAN by user.
VLAN is divided by user, is referred in a network, it, can be according to user and specific network to meet specific VLAN
The particular/special requirement for designing VLAN limits, and allows non-user group access VLAN, but needs to provide user password.
There are 6 departments in present system company, wherein network center, management department and the client service center of No. 2 three floor of building are to net
The response speed of network requires highest, therefore, the vlan number of network center, management department and client service center be set as VLAN1,
VLAN2 and VLAN3, the vlan number of market department, Finance Department, sales department and Human Resource Department be set as VLAN10, VLAN20,
VLAN30 and VLAN40.Priority between each VLAN are as follows: VLAN1 > VLAN2 > VLAN3 > VLAN10=VLAN20=VLAN30
=VLAN40.
VLAN divides as shown in table 6.
The planning of the address 4.3IP
In the internet, each interface for being connected to the host of network has required a unique IP address.Planning
It is one kind based on IP addressing function, aims at equipment and distribute the IP address of corresponding network, thus realize efficient network, it is so-called
Network address.Router produces some independent networks, and each of isolated network in island is known as a subnet.
IP address planning is as shown in table 7.
4.4 device configuration
4.4.1 configurations
Switch>en
Into privileged mode
Switch#conf t
Into global schema
Switch(config)#hostname SW1
The name for modifying router or interchanger, facilitates management
SW1(config)#no ip domain lookup
It closes inquiry of the domain name to enable and forbid dns server, it is possible to reduce the waiting time of input error order
SW1(config)#line console 0
Into under 0 mouth line journey of CONCOLE, switch or router interface is directly controlled by CONSOLE line serial ports
SW1(config-line)#no exec-timeout
It closes time-out time (cannot be ordered with this in true engineering)
SW1(config-line)#logging synchronous
For synchronism output user when for interchanger configuration order, configuration order can be by the inside of interchanger generation on the line
Information separates or upsets to use order logging synchronous setting interchanger to replicate after next line CLI prompt
The input of user.
It is configured to the basic configuration of router and interchanger above, plays the role of that management is facilitated to prevent error, so every
It will be configured in equipment.
4.4.2VLAN being configured with IP
VLAN is divided and the order of IP distribution is as follows:
Switch1#config t
Switch1(config)#ip routing
Note: the above order effect is activation routing
Switch1#
Switch1#vlan database
Switch1(vlan)#vlan 1
Switch1(vlan)#vlan 2
Switch1(vlan)#vlan 3
Switch1(vlan)#vlan 10
Switch1(vlan)#vlan 20
Switch1(vlan)#vlan 30
Switch1(vlan)#vlan 40
Switch1(vlan)#exit
Note: the above order effect is to divide 7 VLAN
Switch1#config t
Switch1(config)#config vlan1
Switch1(config-if)#ip address 10.0.0.0 10.0.0.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan2
Switch1(config-if)#ip address 10.1.0.010.1.3.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan3
Switch1(config-if)#ip address 10.1.4.0 10.1.7.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan10
Switch1(config-if)#ip address 10.1.8.0 10.1.11.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan20
Switch1(config-if)#ip address 10.1.12.0 10.1.15.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan30
Switch1(config-if)#ip address 10.1.16.0 10.1.19.254
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan40
Switch1(config-if)#ip address 10.1.16.0 10.1.23.254
Switch1(config-if)#no shutdown
Note: the above order effect is to distribute IP address to divided VLAN
Switch1#
Switch1#config t
Switch1(config)#vtp domain china_mobile
Switch1(config)#vtp mode server
Switch1(config)#end
Note: the above order effect is configuration VIP
Switch1#
Switch1#config t
Switch1(config)#interface gigabitethernet0/1
Switch1(config-if)#switchport trunk encapsulation isl
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#end
Note: the above order effect is configuration Trunk
Switch1#show vlan
Switch1#show ip route
Switch1#show interface gigabitethernet0/1 switchport
Switch1#show run
Switch1#show vtp status
Note: the above order effect is to check above-mentioned configuration
Switch1#copy running-config startup-config
Note: the above order effect is storage configuration.
4.4.3 DHCP is configured
It needs to configure IP address for router interface and all PC machine interfaces now.It is each since there are many node
The workload of PC manual configuration address is quite big, so the present invention will use DHCP technology.
HX1(config)#ip dhcp excluded-address 10.1.0.1
HX1(config)#ip dhcp excluded-address 10.1.0.2
HX1(config)#ip dhcp excluded-address 10.1.0.100
HX1(config)#ip dhcp excluded-address 10.1.3.254
Note: the above order effect is to remove the non-serviceable IP address of PC machine
HX1(config)#ip dhcp excluded-address 10.1.4.1
HX1(config)#ip dhcp excluded-address 10.1.4.2
HX1(config)#ip dhcp excluded-address 10.1.4.100
HX1(config)#ip dhcp excluded-address 10.1.7.254
HX1(config)#ip dhcp excluded-address 10.1.8.1
HX1(config)#ip dhcp excluded-address 10.1.8.2
HX1(config)#ip dhcp excluded-address 10.1.8.100
HX1(config)#ip dhcp excluded-address 10.1.11.254
HX1(config)#ip dhcp excluded-address 10.1.12.1
HX1(config)#ip dhcp excluded-address 10.1.12.2
HX1(config)#ip dhcp excluded-address 10.1.12.100
HX1(config)#ip dhcp excluded-address 10.1.15.254
HX1(config)#ip dhcp excluded-address 10.1.16.1
HX1(config)#ip dhcp excluded-address 10.1.16.2
HX1(config)#ip dhcp excluded-address 10.1.16.100
HX1(config)#ip dhcp excluded-address 10.1.19.254
HX1(config)#ip dhcp excluded-address 10.1.20.1
HX1(config)#ip dhcp excluded-address 10.1.20.2
HX1(config)#ip dhcp excluded-address 10.1.20.100
HX1(config)#ip dhcp excluded-address 10.1.23.254
HX1(config)#ip dhcp pool ccie1
HX1(config)#ip dhcp pool ccie2
network 10.1.4.0255.255.248.0
default-router 10.1.4.100
lease infinite
HX1(config)#ip dhcp pool ccie3
network 10.1.8.0255.255.248.0
default-router 10.1.8.100
lease infinite
HX1(config)#ip dhcp pool ccie4
network 10.1.12.0255.255.248.0
default-router 10.1.12.100
lease infinite
HX1(config)#ip dhcp pool ccie5
network 10.1.16.0255.255.248.0
default-router 10.1.16.100
lease infinite
HX1(config)#ip dhcp pool ccie6
network 10.1.20.0255.255.248.0
default-router 10.1.20.100
lease infinite
PC1(config)#ip default-gateway 10.1.0.100
Note: the above order effect is that default gateway is specified in PC machine.
4.4.4 HSRP is configured
The effect of core layer switch is fast-forwarding, if it breaks down, will lead to the paralysis of lower layer's all-network.
So the redundancy that backup to core layer switch.The present invention generally uses two core switches.This has just used three layers
Redundancy: warm back-up HSRP.
HX1(config)#interface Vlan 2
HX1(config-if)#ip address 10.1.0.1255.255.248.0
HX1(config-if)#standby 1ip 10.1.0.100
HX1(config-if)#standby 1priority 105
HX1(config-if)#standby 1preempt
HX1(config-if)#standby 1track FastEthernet0/0
The above configuration VALN 234 will be done
HX1(config)#interface Vlan 5
HX1(config-if)#ip address 172.16.2.1255.255.255.0
HX1(config-if)#standby preempt
HX1(config-if)#standby 2 ip 172.16.2.100
The above configuration VALN 567 will be done.
4.4.5 Routing Protocol configures
EIGRP (Enhanced Interior Gateway Routing Protocol) enhances internal gateway routing line
Road agreement.Also it is translated as reinforced Interior Gateway Routing Protocol.EIGRP is the proprietary protocol of Cisco company.Cisco company is
The inventor of the agreement and the manufacturer for uniquely having agreement explanation and the power of amendment.EIGRP combines link state and apart from arrow
The Cisco specialized protocol of amount type routing protocol can not be sent out using disperse correction algorithm (DUAL) Lai Shixian fast convergence
Regularly routing update information is sent to reduce the occupancy of bandwidth, supports a variety of nets such as Appletalk, IP, Novell and NetWare
Network layers agreement.
Configuration order is as follows:
HX1(config)#ip routing
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
Note: the above order effect is to enable EIGRP agreement and close to summarize function automatically
R1(config-router)#network 202.100.1.0
Note: the above order effect is that 202.100.1.0 network segment is declared into agreement
R1(config-router)#network 192.168.1.0
R1(config-router)#network 192.168.2.0
HX1(config)#router eigrp 100
HX1(config-router)#no auto-summary
HX1(config-router)#network 192.168.1.0
HX1(config-router)#network 192.168.3.0
HX1(config-router)#network 10.1.0.0
HX1(config-router)#network 10.1.4.0
HX1(config-router)#network 10.1.8.0
HX1(config-router)#network 10.1.12.0
HX1(config-router)#network 10.1.16.0
HX1(config-router)#network 10.1.20.0
HX2(config)#router eigrp 100
HX2(config-router)#no auto-summary
HX2(config-router)#network 192.168.2.0
HX2(config-router)#network 192.168.4.0
HX2(config-router)#network 10.1.0.0
HX2(config-router)#network 10.1.4.0
HX2(config-router)#network 10.1.8.0
HX2(config-router)#network 10.1.12.0
HX2(config-router)#network 10.1.16.0
HX2(config-router)#network 10.1.20.0
4.4.6, aaa server is set
Aaa server (aaa server) is capable of handling the server program that user requests access to.Authentication vs. authorization clothes are provided
Business account number.Aaa server is usually identical NS software, gateway server, database and user information, such as cooperation
Working directory.With aaa server by network connection to cooperating for server interface be " remote authentication Dial-In User Service
(RADIUS)”。
Configuration order is as follows:
HX2(config)#aaa new-mode 1
HX2(config)#aaa authentication dot1x default group radius
HX2(config)#dot1x system-auth-control
HX2(config)#interface f0/1
HX2(config-if)#swichport mode access
HX2(config-if)#dot1x port-control auto
HX2(config-if)#dot1x guest-vlan 1
HX2(config-if)#dot1x auth-fail vlan 1
HX2(config)#aaa authentication login telnet group tacacs+
HX2(config)#aaa authorization exec telnet group tacacs+
HX2(config)#aaa accounting exec telnet start-stop group tacacs+
HX2(config)#tacacs-sever host 192.168.100.100
HX2(config)#tacacs-sever key cisco
4.4.7, network management control is set
Control is easily managed intranet safety in order to facilitate administrator, and the present invention is needed to seat configuration so that administrator
Interchanger all can be directly connected to or remotely log on to using PC to be controlled.
Configuration order is as follows:
HX2(config)#line vty 04
HX2(config-line)#password ccna1
HX2(config-line)#login
Note: the above order effect is the password and Sign-On authentication of configuration remote access interchanger
HX2(Config-line)#exec-timeout 1 11
HX2(config-line)#line con 0
HX2(config-line)#password ccna2
HX2(config-line)#login
HX2(config-line)#exec-timeout 1 11
5, operation test
5.1 crucial three-layer equipment routing tables
5.1.1 couple in router R1 routing table
Router R1 and R2 are present networks couple in routers, and " O (ospf) " routing entry is telecommunications, operator, Netcom is this
The routing iinformation that network provides." D (eigrp) " routing entry is the routing iinformation of present networks three-layer routing equipment room.
This routing table information is shown, on router R1, all network segments involved in present networks are reachable.
5.1.2 core layer switch HX1 routing table
Core layer switch HX1 and HX2 are present networks core switch, and " D (eigrp) 192.168.8.0 " is server
Network segment information.Remaining " D (eigrp) " routing entry is the routing iinformation of present networks three-layer routing equipment room.
This routing table information is shown, on interchanger HX1, all network segments inside present networks are reachable.
The verifying of 5.2 network connectivties
5.2.1 our department's access-layer switch SW1 accesses server
Local departmental network sends request of data with user orientation server, and test result is unimpeded.
5.2.2 other places branch company R4 accesses server
Nonlocal branch office network user sends request of data to local server, and test result is unimpeded.
5.2.3 other places branch company SW10 accesses our department's access switch
Nonlocal branch office network user sends request of data to local departmental network user, and test result is unimpeded.
The basic parameter of 1 IBM System x3250 M4 (2583I19) of table
The basic parameter of 2 M6506-24GT/8SFP of table
The basic parameter of 3 H3C S1550 of table
The basic parameter of 4 CISCO 7206VXR of table
5 equipment summary sheet of table
6 VLAN of table divides table
Vlan number | VLAN name | Explanation |
VLAN1 | MVLAN | Network management VLAN |
VLAN2 | Management | Management department |
VLAN3 | Customer Service Center | Client service center |
VLAN10 | Marketing | Market department |
VLAN20 | Finance | Finance Department |
VLAN30 | Sales | Sales department |
VLAN40 | Human | Human Resource Department |
7 IP address planning table of table
Vlan number | IP network section | Default gateway |
VLAN1 | 10.0.0.0/24 | 10.0.0.254 |
VLAN2 | 10.1.0.0/22 | 10.1.3.254 |
VLAN3 | 10.1.4.0/22 | 10.1.7.254 |
VLAN10 | 10.1.8.0/22 | 10.1.11.254 |
VLAN20 | 10.1.12.0/22 | 10.1.15.254 |
VLAN30 | 10.1.16.0/22 | 10.1.19.254 |
VLAN40 | 10.1.20.0/22 | 10.1.23.254 |
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (7)
1. a kind of method of large and medium-sized enterprise's Network Programe Design based on Java, which is characterized in that described based on the big of Java
The method of medium-enterprise network planning and designing includes:
Step 1, according to user and specific network design VLAN;
Step 2 determines the unique IP address for being connected to each interface of host of network;
Step 3 carries out configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, aaa server
Relevant device configuration is arranged in setting, network management control;
Step 4 carries out operation test to the Network Programe Design of setting.
2. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described
The HSRP configuration of step 3 is configured using warm back-up HSRP technology.
3. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described
The Routing Protocol configuration of step 3 uses EIGRP agreement.
4. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described
The crucial three-layer equipment routing table of operation test point of step 4 and network connectivty validation test.
5. the method for large and medium-sized enterprise's Network Programe Design based on Java as claimed in claim 4, which is characterized in that described
The testing procedure of crucial three-layer equipment routing table is as follows:
(1) couple in router R1 routing table;
(2) core layer switch HX1 routing table.
6. the method for large and medium-sized enterprise's Network Programe Design based on Java as claimed in claim 4, which is characterized in that described
Steps are as follows for network connectivty validation test:
(1) our department's access-layer switch SW1 accesses server;
(2) other places branch company R4 accesses server;
(3) other places branch company SW10 accesses our department's access switch.
7. at a kind of information data of the method using large and medium-sized enterprise's Network Programe Design described in claim 1 based on Java
Manage terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811345021.1A CN109587026A (en) | 2018-11-13 | 2018-11-13 | A method of large and medium-sized enterprise's Network Programe Design based on Java |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811345021.1A CN109587026A (en) | 2018-11-13 | 2018-11-13 | A method of large and medium-sized enterprise's Network Programe Design based on Java |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109587026A true CN109587026A (en) | 2019-04-05 |
Family
ID=65922314
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811345021.1A Pending CN109587026A (en) | 2018-11-13 | 2018-11-13 | A method of large and medium-sized enterprise's Network Programe Design based on Java |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109587026A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535725A (en) * | 2019-08-28 | 2019-12-03 | 网宿科技股份有限公司 | A kind of enterprise network test method and device |
CN110730116A (en) * | 2019-10-21 | 2020-01-24 | 杭州鸿雁智能科技有限公司 | Operation method of communication equipment in local area network, communication equipment and gateway equipment |
CN112948204A (en) * | 2021-02-07 | 2021-06-11 | 上海汉询软件有限公司 | Data processing system based on DataRobot technology |
CN113676469A (en) * | 2021-08-17 | 2021-11-19 | 盐城工学院 | Enterprise network security management method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1985472A (en) * | 2004-01-23 | 2007-06-20 | 城域信息包***公司 | Method of sending a packet through a node |
CN105812192A (en) * | 2016-05-11 | 2016-07-27 | 广西科技大学 | Campus network topology optimization method |
-
2018
- 2018-11-13 CN CN201811345021.1A patent/CN109587026A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1985472A (en) * | 2004-01-23 | 2007-06-20 | 城域信息包***公司 | Method of sending a packet through a node |
CN105812192A (en) * | 2016-05-11 | 2016-07-27 | 广西科技大学 | Campus network topology optimization method |
Non-Patent Citations (2)
Title |
---|
大自然之源: "《VLAN的划分方法》", 《HTTP://WWW.360DOC.CN/MIP/507760582.HTML》 * |
道客巴巴: "《大型企业网络规划与设计》", 《HTTP://WWW.DOC88.COM/P-9743589211276.HTML》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535725A (en) * | 2019-08-28 | 2019-12-03 | 网宿科技股份有限公司 | A kind of enterprise network test method and device |
CN110730116A (en) * | 2019-10-21 | 2020-01-24 | 杭州鸿雁智能科技有限公司 | Operation method of communication equipment in local area network, communication equipment and gateway equipment |
CN110730116B (en) * | 2019-10-21 | 2021-10-29 | 杭州鸿雁智能科技有限公司 | Operation method of communication equipment in local area network, communication equipment and gateway equipment |
CN112948204A (en) * | 2021-02-07 | 2021-06-11 | 上海汉询软件有限公司 | Data processing system based on DataRobot technology |
CN113676469A (en) * | 2021-08-17 | 2021-11-19 | 盐城工学院 | Enterprise network security management method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8028334B2 (en) | Automated generation of configuration elements of an information technology system | |
CN104363159B (en) | A kind of opening virtual network constructing system and method based on software defined network | |
CN109587026A (en) | A method of large and medium-sized enterprise's Network Programe Design based on Java | |
US7797739B2 (en) | Automated verification of correctness of aspects of an information technology system | |
US6597956B1 (en) | Method and apparatus for controlling an extensible computing system | |
Yang et al. | Blockchain-based secure distributed control for software defined optical networking | |
CN101512510B (en) | It is intended to provide the method and system of network management based on definition and application network management | |
US20200044925A1 (en) | Validation of layer 2 interface and vlan in a networked environment | |
US11595257B2 (en) | Validation of cross logical groups in a network | |
JP2017135720A (en) | Network operating system for managing network and making network safe | |
US10862752B2 (en) | Network validation between the logical level and the hardware level of a network | |
US11283682B2 (en) | Validation of bridge domain-L3out association for communication outside a network | |
EP3643010B1 (en) | Validation of layer 1 interface in a network | |
Alleg et al. | Joint diversity and redundancy for resilient service chain provisioning | |
US11570047B2 (en) | Detection of overlapping subnets in a network | |
EP3643009A1 (en) | Validation of layer 3 using virtual routing forwarding containers in a network | |
Wang et al. | Reliability-oriented and resource-efficient service function chain construction and backup | |
US10333787B2 (en) | Validation of L3OUT configuration for communications outside a network | |
WO2018236794A1 (en) | Validation of layer 3 bridge domain subnets in a network | |
Yu | Authentication for resilience: the case of SDN (transcript of discussion) | |
Liu et al. | A method for adaptive resource adjustment of dynamic service function chain | |
Li et al. | CoMan: Managing bandwidth across computing frameworks in multiplexed datacenters | |
Esposito et al. | VINEA: An architecture for virtual network embedding policy programmability | |
CN108809958A (en) | A kind of SDN controller architectures managing system based on MDC | |
TWI773200B (en) | Provision and management system and method for container infrastructure service and computer readable medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190405 |
|
RJ01 | Rejection of invention patent application after publication |