The network center computer room uses S4603 or S3552 to complete all user traffic aggregation and data forwarding. The user access layer adopts M8000 and S2000M/ S2205A networking. Through ESR ring network, access points with relatively concentrated geographical locations and a large number of users such as teaching area, experimental building and administrative building can form a ring network. Other scattered nodes form a star network through optical fibers. S4603 routing switch completes the routing and forwarding of intranet access and Internet access in the core layer of campus network, NAT address conversion and user authentication, as well as the routing and forwarding of external users accessing internal resources of campus network. If the data traffic in the network is relatively large and there are many access users, you can connect through S3 10 1 or S3528 under the core equipment S4603/ S3552. The traffic of a large number of users is first gathered on S3 10 1/S3528 for processing, and then the traffic to be uploaded is forwarded to the core S4603/S3552. Through two-stage processing, the flow of the core layer equipment is effectively shared, the flow of all users is prevented from passing through the core layer, the working pressure of the core layer equipment is reduced, and the working efficiency and performance of the network are improved.
The campus network solution adopts the most advanced 10 Gigabit core routing switching equipment and ESR ring network technology, which provides strong business support and reliable network guarantee for various campus networks. The scheme has the following remarkable features:
1, intelligent service awareness and flow control network multi-service package platform and layer 2 and layer 3 switches provide powerful service awareness and flow control capabilities, which can collect accurate information such as network traffic and application data throughput in real time and provide usage reports, so as to understand students' online situation and effectively control related online applications on this basis. Through the service awareness and control function, we can actively realize the strategy of allocating broadband lines to students, specifically limit the throughput of some traffic, or use shaping technology to move it to time outside the peak, thus improving peak performance, preventing network bottlenecks and improving network utilization and reliability. Such as tracking user data and performing classification control according to the used protocol and the processed application. 2. Students' online authentication and billing network access layer switches support IEEE802. 1X authentication, which can control students' online access and avoid illegal users' access. At the same time, S4603 and E300/E600 support radius charging function, which can charge students online according to traffic and duration. 3, perfect network virus and network attack prevention strategy Because the campus network is a complex and unique network, there are many users inside and outside the network, various network applications occur frequently, and various network viruses and network attacks may occur all the time. In view of this situation, Fiberhome Network implements various preventive measures from the core layer to the access layer. The core layer E600 master card RPM provides the functions of flow control, rate limiting and packet filtering, which has super control ability and can filter all kinds of network viruses, illegal packets and network attacks. Layer 3 switches can automatically suppress the broadcast storm in the network; Against TCP, UDP, ICMP and other types of DOS attacks; Automatically block port scanning; Filter deadly network viruses such as shock waves and shock waves. M8000 and S2000M can protect and reject a large number of scans by analyzing network traffic and automatically filtering illegal data. Through the inspection, management and monitoring of network traffic, network security can be effectively managed, so that the whole network has the security function of "active immunity". Fiberhome network switches and core routers also support flexible binding of user accounts, IP addresses, MAC addresses, access ports and other elements, which can limit the uplink and downlink rates and network links of access users and strictly control user access to the greatest extent. 4. The network multi-service grouping platform with high intelligence and multi-service access can carry the high-reliability transmission of data, TDM and video services. Using M8000 can realize telephone connection in campus network without laying telephone lines. Fully protect network resources and save investment costs. At the same time, the Fiberhome network switch supports IGMPv3, and the number of multicast supported can reach 500, which fully meets the demand of streaming media service on demand in the future campus network. 5. The network core device E600 with high performance, high reliability and high scalability provides 900Gbps non-blocking switching capability, and one frame can provide 168 line-speed gigabit interfaces or 14 line-speed 10 Gigabit interfaces. It ensures the high performance and scalability of the network. All key components (switching module, routing module, power module) adopt redundant design, support online hot plug, and provide strong guarantee for large campus network in terms of performance and reliability. 6.ESR access ring network In the user access layer of the campus network solution, ESR technology based on ITU-T X.87 standard is adopted to form a ring network structure, which can realize 50 milliseconds protection switching, and well solve the problems of ring network broadcast storm suppression and link or equipment fault rapid switching. At the same time, the ring network can also save optical fiber resources and avoid the consumption of a large number of optical fiber resources in the star fiber direct drive mode. 7. Convenient and easy network management All IP data devices support various network management functions, and network devices can be effectively managed and configured through Web browsers, Telnet, SNMP, RMON, etc. The WView network management platform of Fiberhome Network can realize configuration management, fault management, security management, performance management and other functions. Remote line fault diagnosis and location (accuracy 1 m) can be realized through the network management system, which saves a lot of time for network managers to troubleshoot network faults in the huge campus network; The second and third layer switches of Fiberhome Network also support unified cluster network management. One IP address can manage 500 switches in a unified way, saving valuable IP resources for the campus network.