In recent years, with the continuous deepening of China's university information construction, the scale of university network construction is also expanding. How to build an efficient, stable, and manageable 10 Gigabit campus network to enhance the security and controllability of the campus network has Become a key issue facing network administrators in colleges and universities. In response to these problems, the National Defense University of Science and Technology selected the overall solution of Ruijie Networks' "10 Gigabit + Second Generation SAM System" in the campus network reconstruction project, and built a domestic leading set of high efficiency, security, stability, flexibility, and flexibility. Intelligent 10G campus network with control and easy management. The whole process of the project from planning, design to construction has a good model significance and reference for the construction of domestic campus network. Prospect: National Defense Technology is brewing a campus network transformation The National Defense Science and Technology University, located in the ancient city of Changsha, is a comprehensive university directly under the Central Military Commission. It is one of the first national key colleges and universities that has entered the national "211 Project" and "985 Project" construction and received special funding from the Central Government. Has advanced teaching, scientific research experimental conditions and public service system. In order to implement the strategic decision of rejuvenating the country through science and education and strengthening the army with science and technology, and strive to create a world-class university with our military characteristics, the National University of Defense Technology has decided to transform the original campus network. After a series of investigations and discussions, experts from the National University of Defense Technology combined their own needs with a detailed summary of the functions to be implemented in order to introduce the most optimal networking solution. Experts believe that the upgraded core switch must have 10 Gigabit expansion capability. In addition to the engine and power supply can be redundant, the design also guarantees high reliability; in terms of stability, the performance of the core switch is required to be basic after a large number of ACLs are turned on Unaffected, the packet forwarding rate is still line speed; in terms of easy management and controllability, no matter how much data the switch carries, the network administrator can log in to the device at any time for management and maintenance, and without changing the access device In the case of the Internet, it can effectively control the access network of the user; in addition, the problem of user IP address conflict must be solved. The user's IP + MAC is dynamically bound throughout the process to ensure that the user has a unique identity when accessing the network and must be able to distinguish users It also allows users to access the internal network without authentication, but to access the external network requires authentication; at the same time, based on the premise of 802.1X authentication, users can manually install the client software, can effectively record the user's Internet information and so on. Heli: National University of Defense Technology dances with Ruijie Networks Needless to say, the campus network reconstruction project of the National University of Defense Technology has a major task. After careful planning and multiple demonstrations, the specific requirements and goals of the campus network reconstruction project have been clarified. As a service provider, Ruijie Networks has developed a complete solution for the National University of Defense Technology on the basis of in-depth, detailed, and thorough understanding of goals and requirements. As shown in the figure, the entire campus network is divided into three layers. The whole network uses Ruijie's new generation multi-service 10G core routing switch RG-S6810E, which is responsible for data exchange of the entire network. At the same time, its hardware strategy routing function is the school's exit The rules provide flexible settings. In addition, the IPv6 function of the core switch hardware provides a seamless connection for the school to access CERNET2; the North Academy uses Ruijie's fully modular core routing switch STAR-S6808, which is responsible for the North Academy's access; Under the condition that the layer equipment is unchanged, the existing aggregation layer equipment is replaced, and the Ruijie network security intelligent multilayer switch STAR-S3550-24 and the security intelligent switch STAR-S2126G are used. The implementation of the RG-SAM system has solved a series of problems that have troubled the school for a long time: To a great extent, it has eliminated IP address conflicts between users; without installing client software on each machine, the user's identity authentication can be achieved, greatly Reduce the maintenance workload of network administrators; effectively prevent the illegal interconnection of campus networks and intranets; dynamically bind IP and MAC addresses throughout the process to effectively ensure network security; set different access rules according to the permissions of different users; powerful The log function provides sufficient evidence for the network administrator's enquiry afterwards; the network management teacher can remotely determine the reason why the user can not access the Internet without leaving the house, which solves the problems of difficult network management and maintenance in the past. Six in one: the campus network soars intelligently The National University of Defense Technology ’s campus network transformation has built a leading domestic intelligent 10 Gigabit campus network that combines efficiency, safety, stability, flexibility, controllability, and ease of management: Efficient: Ruijie Networks adopts RG-S6810E new generation multi-service 10G core routing switch, and the whole machine can support line speed forwarding of 32 10G ports. Security: The Ruijie Networks SAM system is combined with a security switch, and the OPTION82 function can be used to dynamically and automatically bind the user's IP + MAC and switch port throughout the process to ensure that the user has a unique identity when accessing the network; different access permissions are set according to different users; Users do not need to be authenticated when accessing intranet resources, but must authenticate when accessing extranets; they can effectively record users' online behaviors and do post-mortem audits to ensure information security. Stable and reliable: In addition to engine redundancy, power redundancy, and hot-swappable modules, the core switch also has SPOH, LPM + HDR, and three-plane separation technologies to ensure the stability of the core switch. Among them, the SPOH technology ensures that when users open a large number of ACLs, the performance of the core switch is basically unaffected, and the ability to provide wire-speed forwarding is still provided; the three-plane separation technology ensures that in the event of a core switch crash, the network administrator can still log in to the switch to view The cause of the crash, management and maintenance of equipment. Controllable: authenticate users at the convergence layer to ensure effective control of users across the network. The new generation 10G campus network of National University of Defense Technology after reconstruction not only fully supports existing services (video, voice and data), but also implements IPv6 and MPLS, load balancing, NAT, VPN, Firewall, web cache redirect, etc. The expanded support of various functions satisfies the current and future needs of the school, and after enabling the policy routing function, the CPU utilization of each core switch is less than 3%. The newly-built campus network fully meets the needs of the school in terms of stability, security, operational management, and other aspects, and it is a wonderful page for the development of the information technology construction of the National University of Defense Technology. Silicone Kneading Dough Mat,Eco-Friendly Dough Mat,Pastry Baking Dough Mat,Baking Dough Mats Changshu Xinneng Silicone Products Co., Ltd. , https://www.xnmat.com
Easy management: Whether the user adopts dynamic IP acquisition or static IP assignment, this solution can effectively solve the problem of user IP address conflicts and reduce the maintenance workload of network administrators. According to the characteristics of the office area, under the premise of 802.1x authentication technology, users can avoid the need to manually install the client software, reducing the trouble of the client and the maintenance workload of the administrator.