summary
The education system requires less data sensitivity, but usually requires higher bandwidth. There may be many broadband applications such as multimedia teaching and video on demand on campus network, and the latest application may first appear on campus network, so campus network is suitable for establishing a network centered on exchange and interconnected with the outside world through high-performance routers.
design objective
1: Enjoy information resources * * *.
2. Informatization and automation of school management system.
3. Establish a computer network aided teaching system.
4; Build the college website, make it an important window for external publicity, let the world know about us, and improve the popularity of the college.
design principle
1: systematic.
2. Advanced and practical
3. Openness and development.
4. Security
5. Ease of use and reliability
6. Economy
7. Unified planning and step-by-step implementation.
Demand analysis
The whole system should be able to accommodate 8000 computers networking, lay about 2000 meters of optical cables, connect 600 information points, and build a network laboratory subnet, and the rest of the subnets will be built by relevant departments.
In addition to basic functions such as WWW, Telnet, FTP, E-mail, news and BBS, the network also has functions such as video on demand, office automation and online multimedia-assisted teaching.
Build campus network application software, realize online computer-aided teaching, establish video-on-demand system, establish educational administration, scientific research, personnel, student management system and online inquiry system, and strive to independently develop some application software.
Campus network: access to the office building is required. There are more than 600 information points in the two teaching buildings, which are connected by LAN. The network center is located on the third floor of the office building. It is planned to provide the following services: Internet access, VLAN, video on demand, distance education, etc.
Computer room #1:100; #2:40; #3:40; #4:40; #5: 10; #6: 100; #7:40; #8: 100
Technical Education Center: 20 Network Center: 10
Department of Finance and Economics: 5 Department of Political Literature: 10
Ministry of Science and Technology: 5 people
Ministry of Continuing Education: 20 people
Academic Affairs Office: 20 Student Affairs Office: 20
Library: 10 electronic reading room 40
Principal's Office: 10 Finance Department: 10
Technology selection
In the construction of LAN, the popular technologies are Fast Ethernet (1000BASE-T), Fiber Distributed Data Interface (FDDI), Gigabit Ethernet (1000base-t) and Asynchronous Transfer Mode (ATM).
1, FDDI is a high-speed token ring network with optical fiber as the transmission medium, with the transmission rate of 100Mbit/s, which was widely used in the campus built in the early 1990s and is gradually being replaced. The campus network constructed by FDDI technology in brother colleges has been transformed or will be transformed soon, so this technology is not considered.
2.ATM technology absorbs the advantages of traditional network technology, uses optical cable as transmission medium, has the characteristics of high-speed Mbit/s to tens of Gbit/s, scalability, real-time, etc., is suitable for multimedia transmission and is considered as the backbone network technology of WAN and LAN, and is the main key technology of the next generation network. However, as a high-tech, it is not very mature, and there is no unified standard in the world. At present, it is mostly used in telecommunications and financial networks, and ATM is about three times more expensive than traditional fast Ethernet.
3. Fast Ethernet and Gigabit Ethernet technologies (100BASE-T and100base-t).
In terms of local area network, Ethernet technology has experienced the development process of information transmission rate from 100Mbit/s, 100 Mbit/s to100Mbit/s, and 100BASE-T is in the traditional10Mbit/s. It uses twisted pair or optical cable as transmission medium, and the transmission rate is 100bit/s, which supports full duplex (data can be sent and received at the same time) data transmission, with mature technology and rich hardware products. Gigabit Ethernet technology is an extension of 10BASE-T and 100BASE-T standards. It uses optical cable as transmission medium, supports full-duplex and half-duplex modes, has good third-layer switching ability, and provides 1000Mbit/s bandwidth. The international standard of Gigabit Ethernet based on optical cable has been issued. Because of its good compatibility and high reliability, information transmission.
Gigabit Ethernet is an extension of traditional Ethernet and fast Ethernet, which provides the bandwidth of 1000Mbit/s, supports Ethernet communication and the principle of CSMA/CD, and is a * * * shared network. Because of its good application foundation and the support of traditional network equipment manufacturers and users, it can easily build three levels: desktop (10M), workgroup (100M) and data center (1000M), which meets different needs and has high cost performance. Its obvious disadvantages are: 1, as a * * * shared media network, when the network load is heavy, the use efficiency is obviously reduced. This can be compensated by switching technology. 2. Gigabit Ethernet is a packet switching technology for transmitting variable-length frames, which cannot guarantee real-time grouping and priority processing, so it is not as good as ATM technology when transmitting multimedia information and video information.
Considering all kinds of factors, the campus network construction of our college plans to adopt Gigabit Ethernet technology. Three-layer structure is adopted in actual construction. The lowest floor to the desktop is 100 MB/s Ethernet, and some can reach100 MB/s; The second floor is from each floor of the building to the secondary switch, which consists of 100Mb/s switched fast Ethernet; From each building to the network center (that is, the backbone network) is gigabit Ethernet with optical cable as the medium. The primary switching equipment has ATM port, and the secondary switching equipment supports ATM port module, which can easily transition to ATM network. Campus network construction adopts hierarchical switching Gigabit Ethernet technology, supports virtual network, and can smoothly transition to ATM. The existing buildings in our school are relatively concentrated. The first phase of the campus network project focuses on the construction of the existing main campus, and at the same time reserves enough space for the expansion of the new campus.
network topology
It is suggested to adopt star topology structure, and the network center is connected to the building through optical cable. The network center is equipped with 1 to 2 high-performance enterprise-level central switches, and 4 to 6 servers respectively realize the functions of domain name resolution, WWW, e-mail, FTP, database service and firewall, and can backup each other. Three or four network management workstations, a UPS and a high-performance router span the WAN. 0M optical fiber access. There are two 24-port modem pools in the network center, which support dial-up Internet access in family areas, student dormitories and out-of-town users. The administration building and each teaching building are equipped with a secondary exchange. Where there are subnets, the switch has routing function, which can reduce relay traffic. The hubs at all levels in the building are connected with the secondary switch through twisted pair. The hub is connected to the desktop through twisted pair. In addition, a network laboratory (subnet) is set up in the new teaching building to provide students with an environment for online practice and software development.
Integrated wiring system scheme:
The backbone optical cable is a 6-core multimode optical cable, which connects buildings and subnets. Optical cables are mainly buried and partially overhead. The secondary and tertiary branch lines are unshielded UTP. Optical cable and twisted pair are made of high-quality products from internationally renowned manufacturers, and the warranty period is not less than 20 years. The whole wiring system conforms to the IEEE802.3 Gigabit Ethernet standard.
Network equipment scheme
1: Switch: The core switches of the network are enterprise switches of large companies such as 3COM, IBM and CISCO. It should have a modular high-speed backplane connection structure, enough expansion slots, facilitate the expansion of network structure and future technical upgrade, support a variety of protocols and standards, meet the growing network demand, and especially have high reliability. The switch used for secondary switching is suitable for high-speed backbone network, with 1000BASE multimode optical fiber interface, modular design, stable performance and good manageability.
2.Hub: The port is a dual-speed port of 10/ 100Mbps, with automatic detection function, strong fault tolerance, support for TCI/IP protocol and network management, stackable, stable performance and sufficient redundant ports.
3. Network card: with an adaptive dual-speed port of 10/ 100Mbps, it has high reliability and wide software compatibility, can provide parallel processing capability, and supports various bus and network management such as PCI, ASP and MAC.
4. Servers and workstations: The servers can be SUN, HP or DELL series, or some domestic brand-name products can be selected according to different needs and financial conditions. Workstation selection of the above manufacturers of high-grade products.
5: Cisco products are selected for the router.
Software construction scheme
1, operating system. Windows2000, LINUX and NETWARE are selected as the network operating system software.
2. The network management system can use HP OpenView to manage the whole system.
3. The database system software requires that the database software can be well integrated with the WEB server, support multimedia, support multiple platforms, support multiple network protocols, and have good security and scalability; The system runs stably and has good fault tolerance.
4. The firewall is the FireWall- 1 network product of Checkpoint Software Technology Company.
5. Application software: In order to improve the utilization rate of the network, the domestic campus network management information system, multimedia courseware production system and VOD video-on-demand system should be selected at present.
Routing protocol
Routers are used to forward packets at the network layer. It can effectively isolate the broadcast storm and make protocol transition. Routers can be used for backbone connection and WAN connection between campus network and regional network center. When choosing a router, pay attention to the network interfaces it supports (such as FDDI, UTP, BNC, AUI, etc.). ), as well as the number of ports and supported protocol types. In addition, some routers also provide good functions, such as protocol control, traffic statistics and bandwidth allocation. The configuration of the router can be accessed from the control port through terminal mode. The main work before configuring the router is the division of addresses. Routers all support SNMP protocol, so they can be managed by network management software, such as Netview of IBM and Openiew of HP. The number of Ip address planning computers exceeds 254. Although using multiple Class C networks can solve the problem, it is not recommended because routing is needed between networks. It is recommended to use 1 B network to reserve IP address segments.
Vlan design
According to the actual demand of campus network, the staff belonging to the same department may be in different buildings, but they need to be in a logical subnet. Whether from the perspective of network management or users, the increase or decrease of network sites and the change of personnel need the support of virtual network technology. Therefore, the network backbone should support three-layer switching and VLAN segmentation. Virtual network technology is used in the whole network to improve the security and flexibility of the network.
system safety
Network security is one of the important indexes to evaluate campus network. For such a large campus network, network security is becoming more and more important.
Security considerations of local host system:
Computer virus comes into being with computers and develops with the development of computer technology. In the network environment, computer viruses are easier to spread, and its harm to the system is also obvious. In the campus network project, it is suggested to combine the network with the single computer to avoid the harm of computer virus.
Intranet security control:
Through VLAN division, the access between internal VLANs can be managed and controlled by the high-performance routing module in the central switch.
Security control of extranet;
The security problem of the network is mainly caused by the openness, unbounded and freedom of the network. Therefore, considering the security of information network, we should first consider separating the protected network from the open and borderless network environment and becoming a manageable, controllable and secure internal network. Only in this way can the security of information network be realized, and the most basic isolation means is firewall. Firewall can be used to realize the isolation and access control between intranet and external network (such as Internet) or between different network security domains in intranet, and ensure the availability of network systems and network services.
Security design of dial-up access:
For users who dial-up from outside to access the internal LAN of the center, the security must be strictly controlled because of the risks brought by using the public telephone network to transmit data. The main measures are as follows:
* By setting a firewall after dial-up access to the server, network security can be achieved, thus strictly limiting the system information and resources accessed by dial-up Internet users.
* Use a dedicated authentication server to strengthen the authentication of dial-up users.
* In the process of data transmission, encryption technology is adopted to prevent data from being illegally stolen.
Data security:
Network system should be able to identify information through identity authentication, access control information, digital signature or data compression algorithm to ensure the integrity of data in the transmission process and the confidentiality of information. In the implementation, the overall security control strategy of the information system and the security control of important equipment are mainly considered.
Network management system:
The network management software of campus network is required to provide performance analysis charts such as traffic, error, broadcast and utilization rate, and support network management and extensible design based on web.
According to the demand of information points, the scalability of the network should be fully considered in the overall design of the network. This includes: the expansibility of the whole network structure and the expansibility of network equipment.