Baidu, the US group network, we can call them the corporate network. The network itself is because they provide for their own services, do not provide the access service network.
Enterprise Network include three elements: the campus network, wide area network and data center. According to the network purpose to points, it can be divided into office network and production network.
The above terms are based on the actual situation of their own company to classify, and we hope you have a concept.
- Enterprise Network Design Method -
The first layer || Design: security and network traffic is divided by
first communication network according to whether, in accordance with operational and safety requirements, is divided into several networks. Usually only high security requirements will do so.
This government units to finance bureau will speak a little example, there are two net finance bureau, financial professionals network and office network, complete separation between the two networks, ie if an employee access to finance private network, but also to access the office network , you need two computers.
In between there will be two sets of weak access switches in the core room there will be two sets of core switches and routers have different access to finance private network and office network through a different line.
Of course, this is completely isolated network can also be used VDC, VRF and MPLS VPN technology to achieve, but I use the traditional way it will be easier to understand.
|| second layer design: dividing each of a large area by the network in a few divided to design the network, each design of a network. This time will be divided into general campus network, wide area network and data center area. This time make the overall network topology of simple picture out. For example the following figure, the green part of the data center, the red part of the campus network, the blue part of the wide area network. || The third layer design: refinement geographically either data center or campus network, may not have a location. This step is designed to refine each major area by geography. Such as data center data center is divided into Beijing, Tianjin, data center, data center, Guangzhou, Beijing is the headquarters campus, Shijiazhuang branch, the branch in Shenyang, Harbin branch. || fourth layer design: Web design in every area of campus: campus area will again be divided according to function, generally divided into the core area, wide area network access area, Internet access area, server access area, wireless AC access zone, a wired terminal access area. To determine the physical connection and logical connection, and what connection technology, what programs are, finally selection of equipment.
WAN: Wide Area Network to determine what line (bare fiber, leased line operators or Internet VPN), what connection technology, what routing protocol (BGP or OSPF), determined according to the service QOS, for device selection.
Data center: Data center relatively more standardized than the campus network. Each data center may include internal network region, the region outside the network, DMZ region, operation and maintenance area, but also according to the service area divided into WEB Server, database area, a storage area, etc., to be divided according to the actual traffic situation .
This is achieved in a network needs, not the needs presented. We will talk about several cases in the data center divided into chapters.
- Network Design Case -
下面笔者结合实际案例,简单讲解一些网络设计案例,整个《阿森实战网络设计》将围绕这些设计进行展开讲解。
||某互联网公司网络架构
废话不多说,先上一张拓扑图。
这是某公司浓缩后的企业网架构图,首先从业务角度,网络一分为二,蓝色虚线上面的为IDC线上业务,提供公司网站,APP等对外服务,蓝色虚线以下为办公网业务,提供员工上网,访问内网,V P N移动办公。
以美团点评为例,你使用美团APP、美团外卖APP,都算线上业务,而你在公司上互联网,文件共享都算线下业务。
线上网络:该公司租用了一家IDC提供商的机房,每个IDC约租二十个柜子。每个IDC内部又分为内外网,外网使用IDC提供的BGP线路,内网通过IDC的专线打通,这都算数据中心部分,数据中心互联则叫做DCI。
线下网络:即办公网,北京总部和各个分支都是独立的局域网或者说园区网,然后使用路由器通过Internet V P N把各个分支和总部连接起来。而把各个分支与总部连接起来的网间网就叫做广域网。
广域网设计:在广域网部分,该公司使用了思科的DMV P N技术,上海和北京之间使用了运营商的点到点专线(MSTP线路)。
路由协议设计:每个IDC机房是一个私有BGP AS,整个办公网是一个私有BGP AS,AS内部全部用OSPF连通,通过双向重分布把BGP和OSPF打通。
||某市经济技术开发区网络架构 
这是某市经济技术开发区的拓扑图。由于该开发区所有的视频监控由该开发区政府管,所以在开发区内建了多个小机房,做为视频监控头的结点。
最终“开发区办公楼”做为总部,做为连接互联网、政务网和IDC机房的总出口。
考虑到线路冗余和成本问题,并没有使用星型拓扑,而是采用环型拓扑来进行连接。除办公楼外,其他节点机房通过裸光互联,两个机房间一般不超过5公里。
这可以说是一个大的局域网或者说城域网都可以。整个环网采用了OSPF做为路由协议进行连接。
||某商业银行网络架构 
这是某个省级商业银行的简化版拓扑,银行一般的拓扑都是这种。首先银行一般有多个数据中心,最少是两地三中心。
即两个城市,有三个数据中心,其中A城市有两个,B城市有一个。A城市的两个DC之间一般为双活,数据为同步传输,可以做到机房级的灾备,切换速度会比较快,而B城市的数据中心可能为异步传输,防止城市级的灾难,如地震,洪水,军事打击等。
接着讲本拓扑图,该银行有两个数据中心,一个主站点,一个灾备中心,两个DC在同一个城市,通过运营商点到点专线互联。
接下来是石家庄市分行,分别通过点到点专线连接到“总行数据中心”和“总行灾备中心”,然后石家庄支行再连接到石家庄市分行。张家口是河北的一个地级市,它通过两根点到点专线连接到石家庄市分行,张家口支行再通过专线连接到张家口市分行。
在这个图上,会涉及到BGP和OSFP协议,DC和石家庄市分行之间是BGP,石家庄市分行以下是OSPF协议,并有多个OSPF协议,之间会进行双点双向重分布。
而每个银行,不管是分行或支行,都有双核心交换机,双广域网路由器,双运营商专线,达到了设备和链路级别的冗余。
两条专线会根据业务不同,通过PRB和路由条目进行分流,实现在默认情况下一条专线走银行的生产流量,一条专线走视频监控、OA办公的流量,互为备用。并且在专线上启用QOS,两条专线都会优先保证生产。即当默认跑生产流量的专线故障后,办公流量会降级,QOS保证生产流量。
||某大型传统企业网络架构
这是某个中型企业的一张网络,两个数据中心均托管在了IDC机房,另一个备份的站点使用了AWS的云服务。然后公司有5个办公区。
整个网络通过电信的MPLS V P N网和Internet V P N做互联,实现冗余和负载均衡,所有办公区都能够接入三个数据中心,办公区之间通过CN2网或V P N直接转发,不经过数据中心。
||某互联网企业数据中心网络架构 
该拓扑图是某互联网公司线上机房的拓扑图简化版。所有机房分布在北京和广州两个城市。
两个城市间,即广州核心节点A和北京核心节点A之间通过20G运营商链路进行连接,广州核心节点B和北京核心节点B通过20G运营商链路进行连接。
在北京区域,每个IDC机房都通过裸光+波分设备的方式分别连接到北京核心节点A和核心节点B,实现冗余和负载均衡。核心节点和IDC机房之间带宽可达到200G或更高。
||某大学网络架构 
这张拓扑是一个大学的拓扑图。该大学在市内有一个老校区,在大学城有一个新校区,两个校区间通过40公里的光纤和100Mbps的运营商专线(运营商线路为备用线路,通过浮动静态路由切换)进行连接。
两个校区分别接入了互联网,但只有老校区接入了教育网,该校IP地址汇总做得很好,整个学校全部使用的是静态路由。
网络设计是网路工程师的看家本领,是对整个网络设计生命周期很关键的一环。