Table of Contents of Series Articles
Professional skills in system architecture design · Network planning and design (3) [System Architect]
Professional skills in system architecture design · System security analysis and design (4) [System Architect]
Advanced skills in system architecture design · Software architecture design (1) ) [System Architect]
Advanced skills in system architecture design · System quality attributes and architecture evaluation (2) [System Architect]
Advanced skills in system architecture design · Software reliability analysis and design (3) [System Architect]
现在的一切都是为将来的梦想编织翅膀,让梦想在现实中展翅高飞。
Now everything is for the future of dream weaving wings, let the dream fly in reality.
System Architecture Design Professional Skills · Computer Network (3)
1. Network protocol★★★
1.1 Relationship between network protocols and OSI hierarchical model
| protocol | describe |
|---|---|
| POP3 | Port 110, mail collection |
| SMTP | Port 25, email sending |
| FTP | 20 data port/21 control port, file transfer protocol |
| HTTP | Port 80, Hypertext Transfer Protocol, web page transmission |
| DHCP | Port 67, IP address automatically assigned |
| SNMP | Port 161, Simple Network Management Protocol |
| DNS | Port 53, domain name resolution protocol, records the mapping relationship between domain names and IPs |
| TCP | Reliable transport layer protocol |
| UDP | unreliable transport layer protocol |
| ICMP | Internet Control Protocol, from which the PING command comes |
| IGMP | multicast protocol |
| ARP | Address Resolution Protocol, converting IP addresses to MAC addresses |
| RARP | Reverse Address Resolution Protocol, converting MAC address to IP address |
1.2 TCP/IP protocol suite★★★
1.3 DNS service application★★★
Domain Name System (DNS)
It can be understood this way:
the recursive query does not return immediately, and there is a next step of exploration.
Iterative queries return immediately without further exploration.
The following method is a recursive query, which places a heavy burden on the root domain name server and is inefficient, so it is rarely used.
For example:
enter the domain name in the browser:
HOSTS → local DNS cache → local DNS server → root domain name server → top-level domain name server → authority domain name server
The primary domain name server receives the domain name request:
local cache record → zone record → forwarding domain name server → root domain name server
1.4 DHCP service application★★★
Dynamic Host Configuration Protocol (DHCP, Dynamic Host Configuration Protocol)
(1) Client/server model
(2) The lease defaults to 8 days
(3) When the lease is over half, the client needs to apply to the DHCP server for renewal of the lease.
(4) When the lease exceeds 87.5%, if it still cannot contact the DHCP server that originally provided the IP, it will start to contact other DHCP servers.
(5) Allocation method:
① Fixed allocation (the administrator allocates a statically bound and fixed IP address)
② Dynamic allocation (allocates an IP address with an unlimited lease period to the client)
③ Automatic allocation (allocates an IP with a certain validity period to the client) address)
(6) Invalid addresses: 169.254.XX and 0.0.0.0
1.6 IPv6★
IPv6 is a next-generation IP protocol designed to replace the current version of IP protocol (IPv4).
(1) Expansion in addressing capabilities. The IPv6 address length is 128 bits, and the address space is increased by 2 to the 96th power.
(2) Flexible IP message header format. The variable length options field in IPv4 is replaced by a fixed series of extension headers. The appearance of the option part in IPv6 has also changed, allowing the router to simply pass the option without any processing, speeding up packet processing.
(3) IPv6 simplifies the message header format, with only 8 fields, speeding up message forwarding and improving throughput; (
4) Improving security. Identity authentication and privacy are key features of IPv6;
(5) Support more service types.
- Unicast address (Unicast): Identifier used for a single interface, traditional point-to-point communication.
- Multicast address (Multicast): Multicast address, point-to-multipoint communication, data packets are delivered to each of a group of computers. IPv6 does not have a term for broadcast, but treats broadcast as a special case of multicast.
- Anycast address (Anycast): Anycast address, which is a type added to IPv6. The destination of anycast is a group of computers, but packets are delivered to only one of them, usually the closest one.
IPv6 address writing specifications
An IPv6 address consists of eight 16-mechanism fields.
IPv4: dotted decimal
IPv6: dotted hexadecimal
(1) The high-order 0 can be omitted (multiple times)
(2) A section of 0 can be represented by one 0 (many times)
(4) Multiple consecutive sections of 0 can be omitted and expressed by:: (once)
For example:
The IPv6 address consists of eight 16-mechanism fields:
2001:0db8:85a3:0000:1319:8a2e:0370:7344 The
IPv6 address is not written. The above IP address is equivalent to:
2001:0db8:85a3::1319: 8a2e:0370:7344
Following these rules, if more than two colons occur due to omission, they may be compressed to one,
but this zero compression may only occur once in the address. Therefore:
2001:0db8:0000:0000:0000:0000:0370:7344 2001
:0db8:0:0:0:0:0370:7344
2001:0db8::0370:7344
2001:db8::0370:7344
The above are all legal addresses and they are equivalent. Also the leading zeros can be omitted, so:
2001:0db8:85a3:0000:1319:8a2e:0370:7344 is equivalent to 2001:db8:85a3::1319:8a2e:370:7344
IPv6 stipulates that each network card has at least three IPv6 addresses, which are link local address, global unicast address, and loopback address (site local address) .
IPv6 includes automatic IP address configuration as a standard feature. As long as the computer is connected to the network, it can automatically assign an IP address.
Stateful Auto-Configuration : IPv6 inherits the IPv4 Dynamic Host Configuration Protocol (DHCP) configuration service.
Stateless Auto-Configuration : The host obtains a link-local address and an aggregated global unicast address in two stages.
- First, the host appends its network card MAC address to the link local address prefix 1111 11110 10, generates a link local address, and issues an ICMPv6 neighbor send request to verify its address uniqueness. Non-uniqueness uses a random interface ID to form a new link-local address.
- Using the link local address as the source address, the host sends a multicast ICMPv6 router request message to all routers in the local link and returns a Router Advertisement message response containing an aggregable global unicast address prefix. This address prefix plus its own interface ID automatically configures a global unicast address. Using invalid state automatic configuration, the host's IPv6 address can be changed without manual user intervention.
2. Network Engineering★★★★
The network construction project
can be divided intothree links : network planning, network design, and network implementation .
-
Network planning : demand-oriented, taking into account technical and engineering feasibility.
-
Network design : including network logical design and network physical design.
Network logic design : network structure design, network technology selection, IP address and routing design, network redundancy design, and network security design, etc.
Network physical design : wiring design, computer room design, equipment location selection, etc. -
Network implementation : including the implementation of project plans, network equipment acceptance, equipment installation and debugging, system operation and switching, user training, etc.
Among them, network redundancy design : The purpose is to avoid single-point failure of network components causing application failure.
Backup path : It is activated when the main path fails, and it bears different network loads from the main path.
Load sharing : Provide traffic sharing through parallel links to improve performance; when there are backup links in the network, you can consider adding a load sharing design to reduce the burden on the main path.
2.1 Network planning and design★★★★
Logical network design:
Logical network design is a key stage that embodies the core idea of network design. At this stage, a more suitable network logical structure is selected based on demand specifications and communication specifications, and subsequent resource allocation planning and security are implemented based on this logical structure. planning, etc. Use the results of demand analysis and existing network system analysis to design the logical network structure, and finally obtain a logical network design document.
| Logical network design work mainly includes the following contents | The output content includes the following points |
|---|---|
| (1) Design of network organization (2) Selection of physical layer technology (3) Selection and application of LAN technology (4) Selection and application of WAN technology (5) Address design and naming model (6) Routing protocol (7) Network Management (8) Network Security (9) Logical Network Design Documentation |
(1) Logical network design diagram (2) IP address scheme (3) Security management scheme (4) Specific software/hardware, WAN connection equipment and basic network services (5) Specific instructions for recruiting and training network employees (6) Preliminary estimate of software/hardware costs, service provision costs, and staff training costs |
Physical network design:
Physical network design is the physical implementation of logical network design. By determining the specific physical distribution and operating environment of the equipment, it ensures that the physical connections of the network meet the requirements of logical connections. At this stage, the network designer needs to determine the specific software/hardware, connection equipment, wiring and service deployment plans, and output the following content: (1)
Network physical structure diagram and wiring plan
(2) Detailed list of equipment and components
( 4) Estimation of software, hardware and installation costs
(5) Installation schedule, detailing service time and deadline
(6) Post-installation test plan
(7) User training plan
2.2 Hierarchical network design
Core layer : Mainly high-speed data exchange, realizing high-speed data transmission, export routing, and commonly used redundancy mechanisms .
Aggregation layer : network access policy control, packet processing and filtering, policy routing, broadcast domain protocols, addressing .
Access layer : Mainly for the user end, it implements user access, billing management, MAC address authentication, MAC address filtering, and collection of user information. Hubs can be used instead of switches .
2.3 Network redundancy design★★★★
In network redundancy design, there are two main design goals for communication lines: one is a backup path, and the other is load sharing .
Alternate path :
To improve availability, it consists of independent backup links between routers, switches and other devices. Generally, the backup path is only put into use when the main path fails.
Main considerations when designing:
(1) Bandwidth of the backup path
(2) Switching time
(3) Asymmetry
(4) Automatic switching
(5) Test
Load sharing :
It is an expansion of the backup path method. It provides traffic sharing (in the form of redundancy) through parallel links to improve performance. The main implementation method is to use two or more network interfaces and paths to transmit traffic simultaneously.
Please consider when designing:
(1) When there are backup paths and backup links in the network, you can consider adding load balancing to the design.
(2) For the situation where the main path and backup path are the same, a special case of load balancing - load balancing can be implemented.
(3) For situations where the main path and the backup path are different, the policy routing mechanism can be used to allocate part of the application traffic to the backup path.
3. Network design related technologies★★
2.1 Network storage technology★★
Direct-attached storage (DAS, Direct-Attached Storage),
network-attached storage (NAS, Network-Attached Storage),
storage area network (SAN, Storage Area Network),
Internet Small Computer System Interface (iSSI, Internet Small Computer System Interface)
| Classification | Features |
|---|---|
| Classification | Features |
| THAT / SAS | Connecting to the server through SCSI is a stack of hardware without any operating system. Storage must be directly connected to the application server, files cannot be shared across platforms, and files under each system platform are stored separately. |
| NAS | It is directly connected to the network through the network interface and is accessed by users through the network (supports multiple TCP/IP protocols). NAS devices have their own OS, which is similar to a dedicated file server. Generally, storage information is managed using RAID. Plug in and use. |
| SAN | A dedicated storage system that connects one or more network storage devices and servers through a dedicated high-speed network, using data blocks to store data and information. Currently, two environments are mainly used: Ethernet (IP SAN) and optical fiber (FC SAN). |
| IP-SAN / iSSI | Based on IP network implementation, the equipment cost is low, the configuration technology is simple, and large-capacity storage space can be shared and used. |
Disk array (RAID, Redundant Arrays of Independent Disk)
- Raid0 (striping): highest performance, parallel processing, no redundancy, irrecoverable damage
- Raid1 (mirror structure): availability, good repairability, only 50% utilization
- Raid0+1 (Raid10): a combination of the strengths of Raid0 and Raid1, efficient and reliable
- Raid3 (parallel parity transmission): N+1 mode, with a fixed parity disk, and a damaged disk can be recovered
- Raid5 (independent disk with distributed parity): N+1 mode, no fixed parity disk, one disk can be recovered if it is damaged
- Raid6 (two types of storage parity): N+2 mode, no fixed parity disk, two damaged disks can be recovered
- RAID0 disk utilization is 100% and access speed is the fastest.
- RAID1 disk utilization is 50% and has error correction function.
- Nowadays, many enterprises use the combination of RAID0 and RAID.
- RAID5 disk utilization (n-1)/n, with fault tolerance function.
2.2 Network access technology
Wired access :
- Public Switched Telephone Network (PSTN)
- Digital Data Network (DDN)
- Integrated Services Digital Network (ISDN)
- Asymmetric Digital Subscriber Line (ADSL)
- Coaxial Fiber Technology (HFC)
Wireless access :
- IEEE 802.11(WiFi)
- IEEE 802.15 (Bluetooth)
- Infrared (IrDA)
- WHERE
2.3 Integrated wiring technology★
As follows, integrated wiring system:
- Workspace subsystem : composed of information sockets, socket boxes, connection jumpers and adapters.
- Horizontal subsystem : It starts from an information socket in the work area and is composed of cables arranged horizontally to the inner distribution frame of the management area.
- Management subsystem : It consists of cross-connection and interconnection distribution frames. The management subsystem provides connections to other subsystems.
- Vertical trunk subsystem : It consists of all vertical trunk many-to-majority cables and related supporting hardware in the building. The trunk routing between the main distribution frame in the equipment room and the floor distribution frame in the trunk wiring room has been provided.
- Equipment room subsystem : It is composed of cables, connectors and related technical support hardware in the equipment room. Its function is to interconnect computers, PBX, cameras, monitors and other weak current equipment and connect them to the main distribution frame.
- Building group subsystem : Extending cables from one building to communication equipment and devices in other buildings in the building group is part of the structured cabling system and supports the provision of hardware required for communication between building groups. It consists of cables, optical cables and related hardware such as overcurrent and overvoltage electrical protection equipment at the entrance to the building. Dielectric optical cables are commonly used.
2.4 Internet of Things Technology
__The Internet of Things__ is an Internet network that connects things. Its connotation includes two aspects:
First: the core and foundation of the Internet of Things is still the Internet, which is a network that extends and expands on the basis of the Internet. ;
Second: Its user end extends and expands between any object and object, enabling user exchange and communication.
2.4.1 Concept and layering of the Internet of Things
(1) Perception layer : recognize objects and collect information. Such as: QR code, RFID, camera, sensor (temperature, humidity)
(2) Network layer : transmit information and process information. Integrated network of communication network and Internet, network management center, information center and intelligent processing center, etc.
(3) Application layer : Solve the problems of information processing and human-computer interaction.
2.4.2 Key technologies of Internet of Things
Radio Frequency Identification (RFID),
also known as electronic tags, is a communication technology that can identify specific targets through radio signals and read and write related data without establishing mechanical or optical contact between the identification system and the specific target. This technology is a core technology of the Internet of Things, and many Internet of Things applications are inseparable from it.
The basic components of RFID usually include: tags, readers, and antennas.
QR code
The QR code uses a specific geometric figure and a black and white pattern distributed on a plane (in the direction of the QR code) according to a certain rule to record the information of the data symbol. In coding, the concept of "0" and "1" bit streams that form the basis of computer internal logic is cleverly used, and several geometric shapes corresponding to binary are used to represent text numerical information, which is automatically processed through image input equipment or photoelectric scanning equipment. Read to realize automatic processing of information.
Two-dimensional barcode, commonly used code systems are: Data Matrix, Maxi Code, Aztec, QR Code, Vericode, PDF417, Code49, Code16K.
- If using extended alphanumeric compression format, can accommodate 1850 characters
- Software uses binary/ASCII format and can accommodate 1108 characters
- If digital compression format is used, it can accommodate 2710 numbers.
2.5 Cloud computing technology
Cloud computing is an Internet-based computing method in which shared software and hardware resources and information are made available to computers and other devices on demand. The cloud is actually a metaphor for the network and the Internet.
The core idea of cloud computing is to uniformly manage and schedule a large number of computing resources connected by the network to form a computing resource pool to provide on-demand services to users . The network that provides resources is called a "cloud".
Cloud computing in a narrow sense refers to the delivery and usage model of IT infrastructure, which refers to obtaining required resources through the network in an on-demand and easily scalable manner.
Broadly defined cloud computing refers to the service delivery and usage model, which refers to obtaining required services through the network in an on-demand and easily scalable manner. This kind of service can be IT, dagger, Internet related, or other services.
Features :
- A collection of large numbers of computers, numbering in the tens of thousands.
- Combining a variety of software and hardware technologies.
- Low requirements on client equipment.
- Scale effect.
The concept of network services :
Software as a Service (SaaS): provision of online software, online customer service
Platform as a Service (PaaS): secondary development on the platform
Infrastructure as a Service (IaaS): hardware resource management