Under the new changing situation, the enterprise IT system is facing serious problems: there are many IT businesses, but they are separate, fragmented and unable to integrate; the IT system responds slowly or even cannot work normally; the IT business faces increasing threats and risks. Such as viruses raging, network attacks are hard to prevent; IT systems are becoming more and more complex and difficult to control. All the issues mentioned above can be categorized into three areas:
1. The business cannot be guaranteed to be safe and reliable;
2. The business cannot be managed intuitively;
3. The network cannot reflect differentiated transmission for personalized services.
The traditional IP network solution attempts to solve various business problems one by one by adopting rich and changeable static technologies. As a result, the network platform becomes more and more complex, the IT basic network lacks consistency and flexibility, and the operation and maintenance cost becomes more and more expensive. , the management cost, quality improvement and risk reduction pursued by enterprise IT have encountered unprecedented bottlenecks. Tracing back to the source, the traditional IP network was originally designed based on simple data transmission, although after years of development, the essence of the traditional IP network is a static model unrelated to services has not changed. The network operates according to the pre-configured parameters. Once the service running state, security state, and service environment change, it is often difficult to adjust resources in time, which may easily lead to inefficient network operation, security attacks, and even service failures. Imagine that in a multi-service network environment, services, resources, and security status are constantly changing. For example, if a user temporarily decides to open a video conference, video and multicast traffic will suddenly appear. At this time, the network resources are static. distribution, the quality of the video may not be ideal. For another example, with the migration of time, the security status and threats are in the process of continuous development and change. At this time, it is difficult for static and local security policies to effectively defend against attacks and threats.
IP networks call for change. In December 2002, Gartner proposed that "Service-Oriented Architecture (SOA)" is "the most important topic in the field of modern application development". The SOA architecture makes each functional component in the IT system no longer an isolated entity, but forms a harmonious whole around business goals, that is to say, the IT system is deeply related to the core business process of the enterprise. IDC believes that the next generation of IT is dynamic IT, and its goal is to bridge the gap and gap between changes in business requirements and IT change response, so that IT systems can quickly and flexibly adapt to business changes. Combining the ideas of SOA and dynamic IT, Huawei 3Com proposes the development direction of IToIP, the purpose of which is to build an IT architecture that is related to service-oriented applications and can quickly adapt to business changes and evolution.
In the IToIP architecture, the IP adaptive security network is the bearing and supporting part of the entire IT. On top of this, the three basic IT resources of storage, computing and communication based on isomorphic IP technology are integrated to finally realize business-oriented dynamic IT. Architecture. IP adaptive security network is a dynamic security network model oriented to business architecture. In-depth business-aware elastic resource adjustment and strategy deployment, these strategies are mainly in terms of security, reliability, and business optimization. Through this dynamic network model, the IP adaptive security network can provide security and reliability assurance and service customization capabilities, effectively support IT service bearing, and realize network resource-oriented and service-oriented architecture.
Starting from the current state of IP network technology, to achieve the goal of IP adaptive security network, it needs to go through two stages of development. The first stage is IP++, and the second stage is IP adaptation. The so-called IP++ continuously enhances various intelligent control capabilities on the basis of the existing IP transmission network, including security, reliability, management optimization, and open platform. With the continuous enhancement of IP network intelligence, from quantitative change to qualitative change, service self-adaptation, safety and reliability self-adaptation, and management self-adaptation are finally realized, which is the goal of IP self-adaptive security network.
In terms of intelligent control capabilities, IP++ proposes the following solutions from the basic plane, management platform, and application plane:
"Security Solutions for the Basic Plane: Secure Penetration Network (SPN)
There are also certain security capabilities in traditional networks, but this security technology has great flaws. First, only exit security is available, and there is a lack of comprehensive security means including intranet, extranet, terminal access, and key data areas; second, because Security and the network cannot be integrated, and the performance of the network will be affected after the security policy is activated. Third, the security protection level of traditional security technology is low, and the 4-7 layers of security protection cannot be achieved.
Huawei 3Com Security Penetration Network (SPN) solution is proposed to solve the above problems. The main features are as follows:
Global: Provide global security protection through partition security design, that is, infiltrate security capabilities into every link in the network;
Depth: with the help of high-intensity IPS to achieve 4-7 layers of in-depth application security defense, and realize automatic vaccine upgrade;
Intelligence: Through the linkage of network equipment, security equipment, management software, and terminal software, unified management of security events and status and dynamic policy deployment are realized.
"Reliable Solutions for Basic Plane: Carrier-Grade, Adaptive Reliability:
With the process of IT integration, more and more key services are running on the network, and the requirements for reliability are also higher and higher. Although traditional IP networks can implement some basic high reliability capabilities, such as node backup and link backup, these local, second-level convergence technologies cannot meet the reliability requirements of key services and multimedia services.
Huawei 3Com has designed many 50ms-level fault self-healing technologies at the core layer of the IP network, such as 10G/2.5G/GE RPR, RRPP and other ring network technologies, and IP FRR/LDP FRR/MPLS TE FRR and other path self-healing technologies. At the network access layer, Huawei 3Com has developed unique adaptive and reliable technologies. For example, IRF (Intelligent Resilient Architecture) can support redundancy and automatic protection of converged access Ethernet, and Auto-Detect can realize fault detection and protection at the edge of the WAN. Heal quickly. These technologies are an important guarantee for the normal operation of key IT businesses.
"Management Plane Solutions: Visualized Management Optimization Solutions
The network is an important resource in the IT system, but the problem that has always plagued network managers is the lack of intuitive and effective management methods and optimization techniques for network resources (mainly bandwidth), which affects the business planning and deployment of IT departments. The first step of network resourceization is to realize the visual management of bandwidth and traffic, and the second step is to realize the dynamic adjustment of resources.
Huawei 3Com's network optimization solutions include network water meters, network B-ultrasound (that is, virus detection, attack detection, and traffic detection), application balance and optimization, and PTP service management functions. The network flow meter solution (NTA) can see through the resource usage such as traffic indicators and bandwidth of various services in the network, for example, providing IT personnel with a "network water meter" to achieve fine management and optimization of resources; network B ultrasound solution The abnormal traffic analysis realized by the solution through IPS can cooperate with NTA to realize 4-7 layers of in-depth business perception and traffic analysis; application balancing and optimization solutions can improve data center business performance and bandwidth optimization; PTP business management can limit BT, etc. Excessive occupation of bandwidth resources by PTP services.
"Application-level solutions: Open Business Architecture (OAA)
Service Oriented Architecture (SOA) is the development trend of IT systems. The design idea of IP adaptive security network is to require IP networks to have in-depth service awareness and be able to quickly adapt to changes in the needs of upper-layer services. This requires openness in network architecture design. and programmable capabilities.
Huawei 3Com's basic equipment and IP intelligent management can provide programmable open network interfaces, which can be customized according to the needs of customers in various industries. At present, Huawei 3Com proposes Open Service Architecture (OAA) on the basic network platform. OAA is based on traditional network equipment such as routers and Ethernet switches, and provides unified and complete software and hardware standard interfaces for secondary development. Based on this open interface, any third-party manufacturer produces software or hardware components, which are integrated on network devices to form a complete network device (for example, functions such as IP PBX, IPS, IDS, Sniffer, SLA analysis, WAN optimization, etc. can be integrated). Just like the current PC system provides a unified industrial standard to the outside world, the hardware and software provided by any manufacturer based on the industrial standard can be easily installed on the same PC to meet the final business needs.
Summarize:
From IP to IP++, the IToIP basic network is the beginning of a service-oriented network and the beginning of a network from a static network to an adaptive security network. The intelligent control capabilities currently provided mainly focus on three aspects: safety and reliability, management optimization, and open platform. Among them, safety and reliability are the basic guarantees for IT business operation, and network optimization and open platform are the key technologies of application-oriented architecture (SOA). The goal of IP++ is to effectively support the operation of the entire IT system through the ever-increasing network intelligence, ensure the realization of business goals, and finally advance to the IP adaptive security network to complete business self-adaptation, safety and reliability self-adaptation, and management self-adaptation.