network engineering

I. Small Business Network Program

Description: Small business network is usually less information points, the requirements of management is simple and easy to realize, no special needs of the network, you can use a simple tree structure or bus structure.

Program I:

1, the basic network can be deployed at a single exit with a low-end router, using NAT technology as well as the use of default routes out of the office.

2. The aggregation side can use a mid-range Layer 3 switch to act as an aggregation, use inter-Vlan routing to forward data to the router to ensure fast data forwarding, enable DHCP service, and plan network segments as needed.

3, the access side of the use of network management of access switches, the use of basic Vlan division of the function, as required to each department to divide the area, easy to isolate and segregation.

Program II:

1, the basic network can be a single exit to deploy a low-end router, the use of NAT technology as well as the use of the default route out of the office, the use of single-arm routing technology to forward Layer 3 data, enable DHCP services, on-demand planning network segments. (Single-arm technology can be ignored if there is a single LAN)

2. Use a switch with slightly higher forwarding performance on the aggregation side, and divide the vlan on the aggregation switch (if there are fewer information points, there can be no aggregation layer).

3, the access side can use foolproof switch, easy access to information points, exempt from configuration.

Advantages of Small Network SolutionsEasy to manage, easy to work with and troubleshoot, low hardware and equipment costs.

II. Network solutions for medium-sized enterprises

Description:Medium Enterprise NetworkModerate information points, there is a certain demand for network quality, so you can consider a certain network redundancy; for medium and large enterprises will have more internal and external networksserver (computer)The security of the server also needs to be safeguarded; these enterprises will generally have a dual-line situation, and need to consider the utilization of the export bandwidth and so on;

Programs:

1、Access layer is recommended to use managed Fast Ethernet switches (if the budget permits, you can use the front-gigabit switches), divide the corresponding Vlan according to the pre-planned IP segments, and enable a variety of access tests such as port detection and secure port characteristics on the access switch, which can effectively prevent private terminals or malfunction caused by misuse of the problems generated by the faults.

2、Aggregation layer uses high-performance multi-layer switches, and Layer 3 switches are connected with routers in a fully interconnected way, and the port aggregation function can be used between switches to improve the link bandwidth and availability; the aggregation switch opens the gateway redundancy technology, which is the backup gateway for each other to improve the redundancy of the network; it enables the multiple Spanning Tree Protocol to rationally plan the network; and it enables Layer 3 switching to forward the data quickly. Simple routing protocols can be set up with upper layer routers to flexibly control the routing direction (e.g. RIP), and static routing can also be used;

3, the core side is to use high-performance routing forwarding, front firewall as the Internet border (or directly use the firewall as an outlet), there are multiple lines can be used with load function gateway as a border, so that the traffic bandwidth to be reasonably utilized (such as the use of Deepcom AD, F5 load-balancing equipment, etc.), for the development of the external network servers can be placed in the firewall's DMZ area, to achieve the protection and control (or mapping of available ports on the firewall). For servers developed on the outside network, they can be placed in the DMZ area of the firewall to realize protection control (or mapping available ports on the firewall and placing servers in the intranet).

4、If there is a branch company or mobile user access needs, on-demand useVPNInterconnect, or SSLvpn, etc. to access business systems (generalized IPsec VPN access solutions are available)

Medium Enterprise Network Solution AdvantagesRedundant network, reliability and high availability are guaranteed, network performance is fully utilized, management is relatively easy and network expansion is highly flexible.

III. Large enterprise network program

Description:

Network independence requirements: Most large enterprises have separate office and production networks, and there are requirements for isolation as well as openness for the connection between each network.

Access requirements for enterprise information points: Individual branch access, access to information points.

Bandwidth performance requirements: Multi-service for bandwidth and latency have certain requirements, must be done to the core of the 10 Gigabit level, Gigabit to the desktop in order to meet the needs of the scale and business growth.

Stability requirements: With large-scale network applications, corresponding reliability design is needed to ensure smooth network and normal operation of the system.

The need for cybersecurity: Modern large-scale enterprise networks facing the Internet must have a perfect network security solutions to protect against attacks and reduce economic losses.

Wireless network requirements: The application of wireless network can make the enterprise information network more flexible, economical and fast.

Application Service Requirements: For large enterprise networks, more intelligent network management to meet the demands of increasing network size and reduce maintenance efforts.

Infrastructure network aspects: The entire network adopts a full three-layer network architecture with gigabit to the desktop. The core layer adopts all 10 Gigabit switches and routers; the aggregation layer adopts enterprise-class Gigabit switches with high forwarding performance; and the access layer adopts all Gigabit switches. The core equipment, aggregation equipment, servers and backbone links are all designed with redundancy to ensure the continuity of key nodes. The exit adopts multi-exit design, each area access uses standard VPN access, dynamic routing is used to establish connections between branches, reasonable Vlan is divided in the large convergence area to isolate broadcast storms and ensure network performance, and gateway redundancy technology is used at the convergence level.

Network security aspectsFirst of all, the network exit security, headquarters and branch exits on-demand deployment of a new generation of firewalls (redundancy can be taken to design), on-demand can also set up some anti-spam and other equipment deployed to the network. Second is the intranet access security, in the access switch to enable some port security features such as DHCP snooping, anti-ARP spoofing of the basic functions, the deployment of antivirus software server in the intranet, the client to the desktop, security to the terminal. There is also the enterprise authentication, access, not described here.

Wireless: The access layer can use wired wireless integrated switches to connect the regional APs for unified control.

Network management aspects: The entire network adopts a unified basic network equipment and uses the network management software introduced by the vendor to monitor the real-time network operation status, locate network faults, provide convenient and fast services, and improve the efficiency of operation and maintenance work.

Expansion: The layered design provides redundancy and flexibility of deployment when expanding, providing both efficiency and convenience.

Advantages of Network Solutions for Large Enterprises: Network and hardware redundancy to improve the high availability and reliability of the system. High-speed network architecture ensures high-speed data exchange in the campus network. Flexible network organization and efficient management, intuitive and fast response to troubleshooting.