With the rapid development of Internet construction, the explosive growth of network traffic and the disorderly and uncontrolled preemption of bandwidth by a large number of applications have brought enormous challenges to the management of basic bandwidth resources. In addition, with the development of economic globalization, more and more enterprises have begun to establish branches across the country or even around the world, and the management mode of centralized data greatly increases the burden of WAN transmission. So in the face of these challenges, how can enterprises improve network service quality and network operation and maintenance management capabilities? bitsCN specially invited Jiang Hua, an expert from Donghua Net Intelligence, to answer us.
The company's network bandwidth resources are limited, how to make reasonable use of the limited bandwidth resources?
At present, most enterprises commonly use the following methods for network management:
1. Distinguish key business and non-critical business, and set different flow control strategies respectively.
2. It is forbidden to access the external Internet and use external network applications.
3. Build an internal local area network system and applications, and allocate bandwidth for each business system as needed.
Enterprise network bandwidth resources are limited. How to make reasonable use of limited bandwidth resources? Jiang Hua said that the rational use of bandwidth resources should consider multiple aspects: company nature, business usage, administrative requirements, total bandwidth, number of users, key applications, Non-critical applications, etc. When the network is slow, factors such as network bandwidth, bandwidth renter, number of users, and application distribution can be considered. Viewing bandwidth allocation depends on network equipment or related optimization equipment. The optimization principle needs to be allocated according to the application of the company. If the Internet access permission allows, external network audits can be considered to ensure safe use, including auditing outgoing emails, IM, etc. , and categorize the URLs. Or according to the actual situation of the enterprise, it can be controlled according to the time period, and the Internet can be properly released during the employees' rest time.
When the number of network users and network bandwidth match, the company is still insufficient to meet office needs, and the actual experience of employees is very poor. What is the reason for the poor network experience? Jiang Hua believes that this situation may be caused by only limiting the bandwidth used by each person but ignoring the application restrictions. He suggested that companies can use the form of total bandwidth management and per-user management to cooperate with applications for network optimization, and pay attention to applications whether it is per-person limit or dynamic allocation of bandwidth.
In addition, when it comes to the company's network speed limit, is it necessary to use network monitoring equipment for the speed limit of common services such as ERP/mailbox and some large files that need to be downloaded from the headquarters? Jiang Hua's view is that based on The premise of controllability is identification. For internal enterprise applications, defining applications by IP and port is the most common method of distinguishing, or the protocol signature belonging to the application can still be stripped out through packet capture analysis, then DPI technology can still be used. Analyze and control. It is still feasible to query business traffic through a large number of switch ports, but it takes a lot of time to query. Network monitoring equipment can provide more convenient data display and operation methods, which can improve the work efficiency of administrators.
Network egress applications are opaque, how to distinguish critical services from non-critical services?
For the distinction between critical business and non-critical business, Jiang Hua suggested that specific applications should be refined in the existing traffic management solution, and the level of critical business and non-critical business should be distinguished by setting the priority of the strategy. The priority of the guarantee policy is higher than that of the restriction policy. As for the specific policy value, it needs to be determined according to the distribution of network applications of the enterprise. The guaranteed and restricted bandwidth values need to be continuously adjusted and adapted to achieve the optimal solution. You can adjust the policy by referring to the results of the traffic analysis, including the application distribution, the pressure on the egress bandwidth, and the distribution of bandwidth occupation on the IP network segment.
How to allocate the bandwidth of import and export reasonably?
Jiang Hua gave the following two directions for consideration:
First, for Internet export, small and medium-sized enterprises meet this characteristic. From an analytical point of view, streaming media and P2P occupy most of the network bandwidth, so it is necessary to make a restriction strategy according to the size of the enterprise's export bandwidth and the number of network users.
Second, the WAN environment is more suitable for large-scale industrial enterprise users. The headquarters data center includes business systems such as mail, ERP, collaboration, and finance. Then, we need to prioritize the strategies according to the usage and criticality of the business, and make targeted guarantee strategies under the normal operation of each key business system.
How to effectively solve the problem that the network structure of the branch is scattered and the technical support of the headquarters is more difficult?
At present, many enterprises have implemented the deployment of traffic management products at the total exit of the headquarters, but there are still problems such as slow business, and the expected results have not been achieved. This is because congestion has occurred at the branch outlet. On the basis of not changing the existing network environment, a better solution is to jointly deploy traffic management products at the headquarters exit and branch exits. All traffic management products are subject to the unified scheduling of the headquarters centralized management platform, which solves the problem of the headquarters exit and branch exit. End-to-end congestion problem. In addition, Jiang Hua also suggested to make guarantee strategies for some important applications and increase the priority. Of course, the bandwidth of the headquarters and branches will also have a great impact on efficiency.
In addition, the great concentration of data is a major trend, but most of them are aimed at corporate intranets. There are still a lot of people who build data centers at the headquarters and keep the Internet exports in the branches. This management method is not easy to manage and also has certain security risks. If the traffic management system is adopted, it will greatly facilitate network administrators and help them to carry out effective network operation and maintenance management. You can consider choosing Donghua traffic management system, which supports unified management function. In order to increase management, you can consider deploying flow control in branch offices, and all outlets are subject to unified management by the head office.
In the era of cloud computing and big data, how should a network traffic management system do operation management?
One of the focus of cloud services is data concentration, then better bandwidth support and network quality are needed, which will also drive the development of the industry. Network traffic management relies on the data results of traffic analysis. In the era of cloud computing and big data, traffic management systems are required to have the ability to collect data from multiple parties, summarize data, and discover data.
A large number of abnormal traffic and viruses exist, how to face the potential dangers of network applications?
The current network not only has external attacks, but also abnormal traffic from the inside. When a large number of abnormal traffic and viruses exist, how to face the potential danger of network applications? Can the traffic management device intelligently judge whether the traffic is normal? Or abnormal, or determine whether it is a virus and attack?
Traditional network traffic management provides application identification and does not have the ability to identify malicious attacks. It requires administrators to judge and analyze from the traffic level. With the rise of the security boom, Donghua traffic management equipment has added a security module and added a traffic signature database for malicious attacks, which can automatically identify malicious attacks on the network, and customize simple security policies. The preset policy is for each IP address. Set the threshold to ensure that the network exit will not be blocked due to the burst traffic of individual IPs, and analyze and locate the problem IP according to historical data.