Internet cafe network design scheme I. Demand analysis
In this town, there are few people who play large-scale online games. Customers go to Internet cafes mainly to browse the web, chat QQ, watch movies and play small games, so the requirements for PC configuration are not high. I found a knowledgeable friend to equip me with a machine, 1.400 yuan's main chassis, 230 yuan's second-hand monitor, a total of about 1.700 yuan's PC. Zhao decided to collect 16 sets.
According to the functional requirements and limited geographical location of Internet cafes, 4MB ADSL is enough. You need to buy an ADSLModem, a broadband router, a 24-bar PBX and five types of twisted-pair cables. These investments are only about 1000 yuan. Considering that there may be about 15 information point in the future, although you can apply for another ADSL line and add enough switches, you must change to a dual-outlet router. I suggest using a dual-exit router now.
It is understood that the current lowest price for dual-export routers is 1.700 yuan. Zhao feels that the investment is too big, and he doesn't want to use ordinary broadband routers. (If ordinary broadband * * * enjoys 48-port routers and switches, the investment will be less, but such routers may be unbearable under such a large load, which may easily lead to broadcast storms and instability. )
Because this is a mini-Internet cafe, there is not much security demand, and the focus is on antivirus Trojan horses. Among anti-virus software, Kaspersky and NOD32 are free for half a year, Rising and Jiang Min try it for three months, and Jinshan online anti-virus is free for some time.
The most important point is the management of Internet cafes. Wealsh internet cafe management system? It has the functions of billing management and so on, and it is free. Shadow system software, installed on the client, will automatically restore to its original state after restarting the computer no matter what system changes the customer has made, so as to protect the system from being damaged and reduce the maintenance cost.
Second, the network topology design
Telecom companies use dynamic address assignment, so the router WAN address is set to? Dynamic address? And the LAN address is set to192.168.1.1,which is the gateway address of the network. The router has DHCP function and the address range is set to192.168.1.1~192.168. Using the static address binding function of the router, bind192.168.5438+0.254 with the MAC of the billing server.
Third, the construction and installation
There is not much problem with the placement and installation of PC. It should be noted that there is a certain distance between the direction of twisted pair and the direction of power cord. We put the twisted pair on the wall and then put the information socket down to connect the customer PC. The power cord runs under the wall, leaving a socket every 2~3 meters, and each socket is used by 3 PCs.
Location of modems, routers and switches: No cabinets or jumpers. Except for the switch, other equipment is placed on the wall not far from the cashier, which can be monitored at any time.
Four. Total investment table of internet cafes
Number investment project name and price
0 1PC, 16 1700 yuan? 16 sets+freight 200 yuan = 27,400 yuan.
02Modem, router, switch, twisted pair, power cord 1000 yuan.
Computer desk, chair, cash register and so on? Furniture?
03 rent
04ADSL access 1200 yuan/year
I didn't ask the network management. Furniture? Do it yourself.
06 total
Verb (abbreviation of verb) abstract
This time, I mainly provide technical advice to my friends. The job is simple, but this kind of opportunity is rare. After all, the knowledge and practice in simulation books are different. Some practical problems in books can't be considered, but in practice, you have to judge for yourself when you encounter problems, because some books may not find the answer.
Later, I will add 15 computer, and ask me if there is any way to realize it without dual-exit routing. I originally thought of using two routes to form a mesh connection with two switches, but then I thought about it carefully. Although two 4MB lines are used for access, users may not experience the increase of bandwidth, because this design plays a backup redundancy of routing and fails to increase bandwidth.
Internet cafe network design scheme II Purpose:
Planning and Design of Small Network
Planning and Design of Internet Cafe Application Server
Background:
90 computers online
Divide different functional areas: online game area, video-on-demand and QQ/web area, internal game area. 30 computers per region
In order to meet the needs of users to watch high-definition movies, Internet cafes provide streaming media services.
Data update? (Online game update, virus update)
Client: Provide professional online game services.
Download service of common software and other tools (FTP. Network hard disk)
Capital investment:
The total cost cannot exceed 400,000 (the annual cost of all computers, servers, network equipment and network access).
The program requirements are as follows:
I. Network Requirements and Design Principles of Internet Cafes
1. 1 Program background
With the development of Internet, the domestic Internet cafe industry has developed very rapidly. Chatting, watching news, interactive learning and playing online games in Internet cafes have become a social and entertainment form for modern China people, especially the younger generation. There is a great demand for the Internet: reading news, using free email, using network resources, chatting online, playing online games, using free personal homepage, etc.
At present, all the services provided by Internet cafes are related to the Internet. With the development of network technology, Internet cafes provide more powerful network services. Our design follows the following network design principles:
Practical economy: Internet cafes have large one-time capital investment, rapid depreciation of equipment and poor external operating environment at present; On the other hand, the application environment of Internet cafes is bad. Therefore, in the process of network construction, the system construction should always implement the policy of application-oriented and pragmatic, and adhere to the principle of practicality and economy.
Advanced and mature: Only by adopting advanced technologies and equipment that meet international standards, can we ensure that the network can meet the needs of future network technology development and occupy a leading position in the next few years.
Reliability and stability: While considering the technical advancement and openness, we should also start from the aspects of system structure, technical measures, equipment performance, system management, manufacturer's technology and maintenance ability to ensure the reliability and stability of the system operation and realize the maximum mean time between failures.
Security and secrecy: In the system design, we should not only consider the full enjoyment of information resources, but also pay attention to the protection and isolation of information. Therefore, the system should take different security measures for different applications and different network communication environments, including system security mechanism and data access control.
Internet cafe is a system integration network with diversified applications and strong pre-expansibility. More and more Internet cafes are establishing or have established diversified networks. In this new era, building an efficient, smooth, safe and energy-saving Internet cafe can make people feel fashionable and happy, thus becoming a good and profitable Internet cafe.
1.2 Internet cafe network mainly has the following functions.
Game function: Give players a carefree stand-alone, online game and online game experience.
Film and television music function: give audio and video lovers the visual shock of the latest movies and the auditory enjoyment of the latest songs.
Information search function online game area: give employees the fastest internet access speed and convenient search platform.
1.3 design principles of internet cafes
Although small Internet cafes are relatively small, the design principle is basically the same as that of large and medium-sized Internet cafes.
1. Practical and economical
Due to one-time investment, the equipment depreciation of Internet cafes is fast, and the external operating environment is poor at present. On the other hand, the application environment of Internet cafes is relatively bad, and the application level of customers is uneven. Therefore, in the process of network construction, the system construction and application always adhere to the principle of application-oriented, pragmatic and economical.
2. Advanced maturity
At present, with the rapid development of computer network technology, equipment will be eliminated faster. This requires that network construction should not only adopt advanced concepts, technologies and methods, but also pay attention to the relative maturity of structure, equipment and tools. Only by adopting advanced technologies and equipment that are mature at present and meet international standards can we ensure that the network can meet the needs of future network technology development and occupy a leading position in the next few years.
3. Reliability and stability
While considering the technical advancement and development, we should also start from the aspects of system structure, technical measures, equipment performance, system management, technical support and manufacturer's maintenance ability to ensure the reliability and stability of the system operation.
4. Security and confidentiality
In the system design, we should not only consider the full sharing of information resources, but also pay attention to protection and isolation. Therefore, the system should take different measures according to different applications and different network communication environments, including system security mechanism and data access control.
5. Scalability and maintainability
In order to meet the requirements of system changes, we must fully consider the expansion and maintenance of the system with the simplest method and the lowest investment, protect the past and achieve higher overall cost performance by combining the current advanced nature, future scalability and economy.
1.4 Problems existing in existing Internet cafes
1, the phenomenon of network virus and network attack leads to the problem of frequent disconnection of Internet cafes.
Although the existing Internet cafe systems have recovery functions, including hardware (recovery card) and software (freezing point recovery software), in the process of system operation, various network viruses, such as web viruses, worms and Trojan horses, are attached to Internet users browsing web pages, downloading illegal controls and running illegal software (plug-ins, such as legendary plug-ins). ) often happens, while general viruses only affect computers. It will not affect other machines on the network. This kind of virus is less harmful and can be eliminated after restarting the system. However, for some worms, typical ones such as ARP virus, shock wave virus and RPC worm virus will spread to the whole network, causing network congestion and seriously affecting network performance.
The ARP virus is more serious. It broadcasts the wrong ARP data to all machines in the same network segment, which causes the hosts in the same network segment to be unable to access the Internet because they can't find the correct gateway, or broadcasts the wrong ARP request to the router, which leads to the rapid decline of the processing performance of the router and further affects the performance of the whole network. The main phenomena are: some machines are disconnected, the ping gateway is delayed, and the speed of opening web pages is slow.
In view of this phenomenon, the existing router manufacturer's solution is to bind IP and MAC addresses in two directions for ARP, which can solve about 70% users who surf the Internet in fixed IP mode in Internet cafes. For the users who surf the Internet in the diskless system of Internet cafes, the router DHCP can allocate the MAC address corresponding to the IP, prepare the IP for the intranet machine, and then use the method of bidirectional binding of IP and MAC (router and intranet host) to prevent ARP virus attacks.
The first two methods are also the main means to prevent ARP attacks in Internet cafes at present. On this basis, ingram micro Science and Technology independently developed the latest technology to prevent ARP attacks. While broadcasting correct ARP data to the intranet regularly, the router will automatically detect whether there is ARP attack in the intranet. Once it exists, the router will start the reverse ARP attack technology, correctly guide the intranet host to connect to the network, and avoid the trouble of Internet cafe owners because of ARP disconnection.
2. Hire network experts from the same industry to enter Internet cafes to carry out cyber attacks and then seize the customer resources of their Internet cafes.
Due to the proper operation of some internet cafes, the profits earned are also very considerable. Generally speaking, Internet cafes are basically concentrated in busy areas with relatively large traffic, such as university towns, railway stations, streets and residential areas. And some Internet cafes where universities are located have even reached the phenomenon of Internet cafes all over the street. Therefore, many Internet cafes have different business models and different incomes. Some Internet cafes have a booming business, while others have a bleak business. As a result, in order to maintain the operation of Internet cafes, some owners of Internet cafes with poor business began to hire cyber hackers to enter the surrounding Internet cafes to carry out cyber attacks, or to carry out remote attacks on Internet cafes through public IP, which led to the router crashing, thus reducing the number of Internet users and increasing the traffic of their own Internet cafes.
In view of the above hacker attacks, the latest products of ingram micro Science and Technology, IR6200+, IR6300+ and IR6400+ 100M series, adopt * * to take all external ports for remote attacks, thus avoiding the phenomenon that routers often suffer from remote attacks and cause crashes. Because hackers attack the intranet, they usually send ICMP and ARP packets to the router, which leads to the phenomenon that the router is overloaded and hangs up. IR6200+ 100M Internet Cafe Router Series produced by ingram micro Science and Technology In view of this situation, the router system adopts the principle of automatically filtering the same requested data, and combines the unique network patrol function to monitor the CPU, memory and bandwidth occupation of the router in real time to ensure that the router serves users in the best state.
As for the hacker's attack on the Internet users' system in Internet cafes through switches, we should remind the owners of Internet cafes to take timely security measures to prevent the system from being attacked by loopholes.
3. There is a broadcast storm on the network.
As for the broadcast storm in Internet cafes, most Internet cafe owners reduce the size of the broadcast storm area by dividing the function of VLAN, thus reducing the broadcast storm to the lowest network environment.
4. Unbalanced distribution of network bandwidth leads some users to surf the Internet quickly; Another part of users' internet access speed is slow, and the phenomenon of game card machine often appears. The network of most users is sometimes good or bad, which seriously affects users' interest in surfing the Internet. In the existing internet cafe network environment, customers' network needs are varied. For example, P2P software applications, including peer-to-peer network applications such as pplive, QQ Live, BT, Donkey, Waga, etc. , take up a lot of network bandwidth in Internet cafes, leading to a significant decline in other customers' online speed, and the phenomenon of large-scale online game card machines occurs from time to time. For this phenomenon, ingram micro science and technology products adopt the method of Qos flow control. The number of TCP and UDP links and the overall bandwidth of users are limited, and the bandwidth can also be allocated according to different regions. After using it, the owners of Internet cafes responded very well, and the phenomenon of Kaka in Internet cafes disappeared. The bandwidth distribution of the whole network speed is balanced, and the passenger flow is gradually increasing.
5. Telecom, Netcom game card machine phenomenon
According to the reaction of the owners of Internet cafes, when the existing Internet cafes are connected to the telecom ISP line by single line, the telecom games are very smooth, while the games of Netcom are seriously blocked. In view of this situation, a two-wire access gateway switch appeared in the network, which connects the two lines of telecom and Netcom, uses two routers to assign to the same network segment, and adopts the gateway exchange of routers in the system to achieve the purpose of interconnection between telecom and Netcom. This method can meet the needs of Internet cafe owners, but it still has many shortcomings: for example, two routers are needed for equipment, which increases the networking cost, and users need to manually switch if they use telecommunications first and then switch to Netcom. There is a switching delay between telecommunications and Netcom gateway during the switching process, which brings a lot of inconvenience and trouble to users.
1.5 solution to the problem
1. Take precautions at ordinary times to avoid hacker attacks.
2. Maintain and update network equipment regularly.
3. Buy a router with high performance and high security.
Second, the Internet cafe network design scheme
2. 1 Overall design of Internet cafe network
1. Provide simultaneous access to Netcom and telecommunications for the same Internet cafe, ensuring speed and bandwidth and the best quality access.
2. There is no need to manually turn on the intranet client machine, so as to realize simultaneous and undifferentiated access to the private resources of Netcom and Telecom.
3. Stability and security: A good router can run stably online for a long time under heavy load, and the built-in firewall ensures that Internet cafes can effectively resist the attacks of hackers and network viruses;
4. Economy and scalability: Internet cafes can choose single-line or double-line access at the initial stage of construction, and can improve access speed, resources and bandwidth by adding lines of operators or lines of the same operator at the later stage.
5. Maintainability and manageability: the interface is configured in Chinese, and the mouse pointing is simple and completely complicated. Suitable for people who are not familiar with network technology.
2.2 Network Topology Diagram
2.3 program description
1, network hierarchy design:
More than 200 Internet cafes can be designed into three levels: access layer, convergence layer layer and exchange layer. Access layer, for 200 machines, it is the most critical to choose a reasonable access device, and choose the appropriate bandwidth according to the access device. We can simply calculate the network bandwidth to determine the total bandwidth of network access devices. The maximum network traffic of each machine is 7-8KB bytes, and the maximum network traffic of 200 machines is about 20XXKB bytes. 30% network loss, the total network bandwidth should be 2600KB, and our optical fiber can be initially selected for 30MB access. Of course, for the sake of network speed, you can also choose 100 megabit access point. In this way, our network access layer can choose 100 megabit devices.
When calculating access bandwidth, we choose network access equipment, which is soft routing. Hardware router, the technology of domestic manufacturers is not very mature, and foreign products are mainly designed for ISP access providers or users who have higher requirements for network functions, and are not suitable for our Internet cafes. One of the biggest differences between hardware router and soft routing is that hardware router has many functions and powerful functions.
In terms of soft routing, we can use the following software, such as Smoothwall, Icpop, RouteEOS, Linux and so on. In contrast, the soft routing done by brother K7 1g is still quite powerful, and its speed is not inferior to that of professional carrier-grade routers.
2. convergence layer:
Convergence layer is the core of the whole LAN. Because of the huge amount of data exchange in Internet cafes, when choosing convergence layer equipment, we must choose the appropriate convergence layer network equipment. In the 200-machine Internet cafe, you can choose100M layer 2 switching equipment to support VLAN function. Although we don't need to divide VLAN, if our network design can't meet our requirements, dividing VLAN is our only way. The backplane bandwidth of Layer 2 switching is not less than 8G, and it supports the MAC address learning function. The MAC address table is not less than 24KB. It is better for convergence layer network equipment to support the network management function to facilitate our management and maintenance. The port number of convergence layer network equipment is better than that of our equipment, which is convenient for our future network upgrade.
Although our access layer chooses 100M network equipment, because a considerable part of the data traffic in our Internet cafes does not necessarily go through the access layer, we do not need to synchronize with the network equipment in convergence layer when selecting the network equipment in the access layer.
3, exchange layer:
The switching layer is the middle layer in the whole network, connecting convergence layer and network nodes, and it is a very important link that determines the transmission quality of our whole network. With the popularization of 100M network equipment, 100M is definitely the first choice for our switching layer network equipment. When selecting switching layer devices, the following requirements need to be met: support 100 MB transmission bandwidth, backplane transmission not less than 6G, support MAC address learning function, and MAC address table not less than 8KB.
4, integrated wiring design:
Wiring is an important link connecting network access layer, convergence layer, switching layer and network nodes. It is best to use a dedicated channel when wiring, and do not mix wiring with radiation lines such as power lines and air conditioning lines.
Network equipment should be placed in the center of the node, not to save the cost of integrated wiring, but to improve the overall performance and transmission quality of the network. Because the transmission distance of twisted pair is 100 meters, the best network transmission quality can be obtained at 95 meters. When doing network wiring, it is good to design a computer room to place network equipment.
For twisted pair between access layer and convergence layer, you can choose more than five kinds of shielded twisted pair to maximize network performance. The twisted pair between convergence layer and the switching layer, because it is the layer with the largest network data transmission, also uses super five shielded twisted pair. Between the switching layer and the network nodes, we can use ordinary super five-layer unshielded twisted pair.
Pay attention to the following points when wiring: first, when wiring, each line should be numbered accordingly to facilitate future maintenance; Second, it is best to leave two or three spare wires between each floor to prevent our network cable from being damaged as a backup; Third, when making network cable, we must follow the standard wiring method to obtain the highest transmission speed.
5, the choice of IP address
Because the class C ip address determines that a network segment can only accommodate 253 machines, how to design the network structure of more than 253 machines has a lot to do with which type of IP address is used. For Internet cafes with 200 machines, class C IP addresses are used as multiple gateways to realize network interconnection. Although our network convergence layer equipment has VLAN function, because of the large network volume and traffic, if we use multiple gateways and divide VLANs to realize network interconnection, it will increase the burden of convergence layer network equipment and affect the data transmission of the whole network.