高可管性的教育省域网建设技术研究
|
摘要
中国教育和科研计算机网(CERNET),一般口语中简称为“教育网”,是在国家教育部组织和领导下,以清华大学为核心、以全国各省(市)的重点院校为节点组建的服务于全国各大中专院校的教育和科研的公益性计算机网络。江西省节点受江西省教育厅领导,网络中心挂靠南昌大学网络中心,由南昌大学网络中心负责实施建设、运行和维护等工作。目前全省有50多所院校接入到教育网,基本涵盖了全省的主要院校。
省域网(Province Area Network,简称PAN),是城域网的一种扩大,就是将全省的网络组建成一个类似于局域网的一体化网络,实现全省网络的综合管理和运行。
在江西省教育厅的领导下,以江西省教育网为基础,运用合适的网络技术,将全省各高校网络有效地融合为一个整体来运行和管理,以提高网络运行的时效性和资源的共享化。这就是本文所称的“教育省域网建设”的含义。
省域网虽然是城域网的扩大,但却有着和城域网不同的技术要求,这主要体现在互联技术的选择上。同时,我们所选用的互联技术,还必须满足方便管理的特点,因为,作为一个一体化的网络,我们要求能随时对各个点过来的数据流进行必要的监控和管理,比如流量的大小,病毒的封杀,甚至可能是省市职能部门的某些特殊要求,都必须是对特定的用户进行的。当然,经费也是一项重要的参数。综合各项要求,我们根据不同的用户选用了DDN、SDH和VPN等互联技术。这是本文的重要内容。
然而,省域网的建设在真正实施的过程,互联问题只是其中的一个问题。由于教育网和公网的瓶颈问题,给教育网用户上公网受到很大的限制。在省域网的建设中,我们希望解决这一问题,达到访问公网和教育网同样的快速的目标,于是我们采用了双出口。
双出口的首要技术问题就是多出口的策略路由技术。本文着重阐述了为达到多出口的目的所采用的路由技术,主要是根据源地址配置路由、根据目的地址配置路由、根据端口号配置路由等。
而多出口带来的另一个问题就是:对于网内需要对外开放访问权限的服务器,怎么样让教育网和公网的用户都能快速访问呢?这就是本文要讲述的另一个重要内容:多入口环境下的IP映身和域名多IP的域名解析技术。
The China Education and research Network(CERNET),Speaking in general referred to as "Education Network",is a public beneficial computer network of education and scientific research.Leadered by the Ministry of Education,CERNET was formed with national colleges' network,with Tsinghua University as the core and with the main university as the province's nodes.Jiangxi node is leadered by Jiangxi Provincial Educational Department,the network center is linked with Network Center of Nanchang University,Network Center of Nanchang University is responsible for construction,operation and maintenance work.Currently,there are more than 50 institutions access to education network covering the province's major institutions.
Province Area Network(PAN),is an expansion of City Area Network,it is formed the province's network into a network similar to the LAN integration,to realizated of the province's integrated network management and operation.
Under the leadership of the Jiangxi Provincial Educational Department,basing on Jiangxi CERNET,we use the appropriate network technology to effectively link the whole province's colleges network into a similar lan network to improve the timeliness of the operation of the network and resources Inclusion of.This is called "Education Province Area Network " in this paper.
Although the PAN is the City Area Network's expansion,but it has a different technical requirements with City Area Network,which are mainly embodied in the choice of Internet technology.At the same time,we use the Internet technology, management must also meet the characteristics of convenience,because,as an integrated network,we can at any time request from the various points of the necessary data flow monitoring and management,for example,flows to the size, killed virus,and probably some special requirements of the functional departments of the provinces,must be specific to the single user.Of course,fee is also an important parameter.Comprehensive requirements,we selected according to different users of the DDN,SDH and VPN,and other Internet technology.This is an important content of this paper.
However,the Education Provincial Area Network building in the true implementation of the process,the interconnection question is not only problem.The Bottleneck of bandwidth between CERNET and ChinaNet is greatly restricted to user of CERNET in speed.According to this characteristic,we ask to a same rapid speed to visit CERNET and ChinaNet,which is the double export issue.
The first technology issue of the double export is the "more export strategy router technology".This paper elaborated on its exports to achieve multi-purpose, used by the router technology,mainly on the basis of the source address router configuration,in accordance with the allocation purposes address router,according to port configuration router,and so on.
The another technology issue is:how to make user of CERNET and ChinaNet to visit the server,that is in PAN and need to be opened to the outside world,with same rapid speed? This paper focuses on IP mapping techniques and multiple IPs for single domain names' analytic techniques in multi-entrance environment.
省域网(Province Area Network,简称PAN),是城域网的一种扩大,就是将全省的网络组建成一个类似于局域网的一体化网络,实现全省网络的综合管理和运行。
在江西省教育厅的领导下,以江西省教育网为基础,运用合适的网络技术,将全省各高校网络有效地融合为一个整体来运行和管理,以提高网络运行的时效性和资源的共享化。这就是本文所称的“教育省域网建设”的含义。
省域网虽然是城域网的扩大,但却有着和城域网不同的技术要求,这主要体现在互联技术的选择上。同时,我们所选用的互联技术,还必须满足方便管理的特点,因为,作为一个一体化的网络,我们要求能随时对各个点过来的数据流进行必要的监控和管理,比如流量的大小,病毒的封杀,甚至可能是省市职能部门的某些特殊要求,都必须是对特定的用户进行的。当然,经费也是一项重要的参数。综合各项要求,我们根据不同的用户选用了DDN、SDH和VPN等互联技术。这是本文的重要内容。
然而,省域网的建设在真正实施的过程,互联问题只是其中的一个问题。由于教育网和公网的瓶颈问题,给教育网用户上公网受到很大的限制。在省域网的建设中,我们希望解决这一问题,达到访问公网和教育网同样的快速的目标,于是我们采用了双出口。
双出口的首要技术问题就是多出口的策略路由技术。本文着重阐述了为达到多出口的目的所采用的路由技术,主要是根据源地址配置路由、根据目的地址配置路由、根据端口号配置路由等。
而多出口带来的另一个问题就是:对于网内需要对外开放访问权限的服务器,怎么样让教育网和公网的用户都能快速访问呢?这就是本文要讲述的另一个重要内容:多入口环境下的IP映身和域名多IP的域名解析技术。
The China Education and research Network(CERNET),Speaking in general referred to as "Education Network",is a public beneficial computer network of education and scientific research.Leadered by the Ministry of Education,CERNET was formed with national colleges' network,with Tsinghua University as the core and with the main university as the province's nodes.Jiangxi node is leadered by Jiangxi Provincial Educational Department,the network center is linked with Network Center of Nanchang University,Network Center of Nanchang University is responsible for construction,operation and maintenance work.Currently,there are more than 50 institutions access to education network covering the province's major institutions.
Province Area Network(PAN),is an expansion of City Area Network,it is formed the province's network into a network similar to the LAN integration,to realizated of the province's integrated network management and operation.
Under the leadership of the Jiangxi Provincial Educational Department,basing on Jiangxi CERNET,we use the appropriate network technology to effectively link the whole province's colleges network into a similar lan network to improve the timeliness of the operation of the network and resources Inclusion of.This is called "Education Province Area Network " in this paper.
Although the PAN is the City Area Network's expansion,but it has a different technical requirements with City Area Network,which are mainly embodied in the choice of Internet technology.At the same time,we use the Internet technology, management must also meet the characteristics of convenience,because,as an integrated network,we can at any time request from the various points of the necessary data flow monitoring and management,for example,flows to the size, killed virus,and probably some special requirements of the functional departments of the provinces,must be specific to the single user.Of course,fee is also an important parameter.Comprehensive requirements,we selected according to different users of the DDN,SDH and VPN,and other Internet technology.This is an important content of this paper.
However,the Education Provincial Area Network building in the true implementation of the process,the interconnection question is not only problem.The Bottleneck of bandwidth between CERNET and ChinaNet is greatly restricted to user of CERNET in speed.According to this characteristic,we ask to a same rapid speed to visit CERNET and ChinaNet,which is the double export issue.
The first technology issue of the double export is the "more export strategy router technology".This paper elaborated on its exports to achieve multi-purpose, used by the router technology,mainly on the basis of the source address router configuration,in accordance with the allocation purposes address router,according to port configuration router,and so on.
The another technology issue is:how to make user of CERNET and ChinaNet to visit the server,that is in PAN and need to be opened to the outside world,with same rapid speed? This paper focuses on IP mapping techniques and multiple IPs for single domain names' analytic techniques in multi-entrance environment.
引文
[1]Cisco Systems公司,Cisco Networking Academy Program著,思科网络技术学院教程 人民邮电出版社,2005
[2]谢希仁,计算机网络 大连理工大学出版社 2005
[3]高阳 计算机网络原理与实用技术 电子工业出版社 2005
[4]陆魁军等 计算机网络工程实践教程(基于华为路由器和交换机)清华大学出版社 2005
[5]斯桃枝/李战国 计算机网络系统集成,北京大学出版社 2006
[6]张友纯 计算机网络安全 华中科技大学出版社 2006
[7]胡道元 计算机网络 清华大学出版社 1999
[8]李腊元 计算机局域网络理论及技术 国防工业出版社 1997
[9]Patrick Regan 广域网 清华大学出版社(由Prentice Hall授权清华大学出版社出版)2006
[10]张民/潘勇/徐荣 宽带城域网 北京邮电大学出版社 2003
[11]徐荣/龚倩/张光海 城域光网络 人民邮电出版社 2003
[12]鲁智勇/熊志昂/李志勇 无线局域网及其对抗技术 国防工业出版社 2006
[13](美)William Stallings 局域网与城域网 电子工业出版社 2001
[14](英)D·C·弗林特 数据环主干网 人民邮电出版社 1988
[15]21世纪网络工程师设计宝典丛书编委会 网络核心技术内幕 北京希望电子出版社2000
[16]吴迪/卢建宇等 局域网组建与管理清华大学出版社 2002.1
[17](美)Rajiv Ramaswami,kumar N.Sivarajan光网络 机械工业出版社 2004
[18]李晓东 MPLS技术与实现 电子工业出版社 2002
[19](美)Ivan Pepelnjak,Jim Guichard MPLS和VPN体系结构 人民邮电出版社 2003
[20]石晶林/丁炜等 MPLS宽带网络互联技术 人民邮电出版社 2001
[21](美)Ivan Pepelnjak,Jim Guichard,Jeff Apcar MPLS和VPN体系结构 人民邮电出版社 2004
[22](美)Joseph C.Palais光纤通信 电子工业出版社 2006
[23]尹树华/张引发等 光纤通信工程与工程原理 人民邮电出版社 2005
[24](美)David Hucaby,Steve McQuerry Cisco现场手册(----路由器配置)人民邮电出版社 2002
[25]彭晖等 新型的骨干网路由平台--MPLS 人民邮电出版社 2002
[26]Rita Puzmanova路由与交换 人民邮电出版社 2004
[27]冯辰IP城域网建设探讨 http://www.lnic.net/sjtx_12.htm 2004年10月7日
[28]第八军团收集整理 MPLS-VPN:广域网技术的奇葩 http://www.juntuan.net/wgjs/luyou/n/2005-10-06/9061.html 2005-10-06
[29]欧振猛 城域网建设策略研究 http://www.sxsky.net/it/html/20051046027.htm 2005-10-4
[30]曹蓟光 MSTP技术及其应用研究 http://www.sxsky.net/it/html/20051046026.htm 2005-10-4
[31]基于业务和交换相分离的智能网IN(一)/http://www.sxsky.net/it/html/20051046448.htm 2005-10-4
[32]基于业务和交换相分离的智能网IN(二)http://www.sxsky.net/it/html/20051046446.htm 2005-10-4
[33]IP网QoS模型的分析与比较 http://www.sxsky.net/it/html/20051046447.htm 2005-10-4
[34]广域网技术简介 http://cisco.chinaitlab.com/colligate/3259.html
[35]ChinaITLab收集整理 关注NGN:网络融合和机对机应用 http://cisco.chinaitlab.com/colligate/38143.html 2005-11-25
[36]徐贵宝/吴文 NGOSS:下一代网络运营支撑系统 http://www.sxsky.net/it/html/20051045765.htm 2005-10-4
[37]关于DNS服务器的配置问题 http://www.jz123.cn/Article/13/154/2007/2007011218730.html 2007-1-12
[38]关于DNS配置的一、二、三、四、五讲 http://www.chinaunix.net/jh/16/78244.html 2003-05-27 http://www.chinaunix.net/jh/16/78246.html 2003-05-27 http://www.chinaunix.net/jh/16/78248.html 2003-05-27 http://www.chinaunix.net/jh/16/78250.html 2003-12-02 http://www.chinaunix.net/jh/16/78253.html 2006-11-28
[39]阿骁 架设dns全攻略 http://www.chinaunix.net/jh/16/20604.html 2006-12-05
[40]配置DNS服务器(1、2、3、4、5)http://www.xinyanet.com/Article_Show.asp?ArticleID=4643 http://www.xinyanet.com/Article_Show.asp?ArticleID=4642 http://www.xinyanet.com/Article_Show.asp?ArticleID=4641 http://www.xinyanet.com/Article_Show.asp?ArticleID=4640 http://www.xinyanet.com/Article_Show.asp?ArticleID=4639
[41]DDN概论 http://www.pcdog.com/network/netmanage/2006/11/q167640.html 2006
[42]孙学康/毛京丽 SDH技术 人民邮电出版社 2003
[43]黄子秋/莫玲玲 接入网SDH传输系统的现状和发展趋势 2005 http://news.ccidnet.com/art/1712/20050202/211729_1.html http://news.ccidnet.com/art/1712/20050202/211729_2.html
[44]邓永红 SDH概念与有线电视网 2002 http://www.c114.net/Technic/ZZHtml_20029/T2002950003214-1.shtml
[45]SDH概述 http://www.ciscobook.com/article/640.html.
[46]VPN技术概念及发展趋势 http://security.chinaitlab.com/aqjc/392591.html 2006.6.1
[47]NAT原理简介、各种ADSL Modem及路由器的端口映射方法 http://www.emule.org.cn/topic/nat/
[48]chinaitlab.com Redhat Linux9下安装DNS配置文档 2007.8.22
[2]谢希仁,计算机网络 大连理工大学出版社 2005
[3]高阳 计算机网络原理与实用技术 电子工业出版社 2005
[4]陆魁军等 计算机网络工程实践教程(基于华为路由器和交换机)清华大学出版社 2005
[5]斯桃枝/李战国 计算机网络系统集成,北京大学出版社 2006
[6]张友纯 计算机网络安全 华中科技大学出版社 2006
[7]胡道元 计算机网络 清华大学出版社 1999
[8]李腊元 计算机局域网络理论及技术 国防工业出版社 1997
[9]Patrick Regan 广域网 清华大学出版社(由Prentice Hall授权清华大学出版社出版)2006
[10]张民/潘勇/徐荣 宽带城域网 北京邮电大学出版社 2003
[11]徐荣/龚倩/张光海 城域光网络 人民邮电出版社 2003
[12]鲁智勇/熊志昂/李志勇 无线局域网及其对抗技术 国防工业出版社 2006
[13](美)William Stallings 局域网与城域网 电子工业出版社 2001
[14](英)D·C·弗林特 数据环主干网 人民邮电出版社 1988
[15]21世纪网络工程师设计宝典丛书编委会 网络核心技术内幕 北京希望电子出版社2000
[16]吴迪/卢建宇等 局域网组建与管理清华大学出版社 2002.1
[17](美)Rajiv Ramaswami,kumar N.Sivarajan光网络 机械工业出版社 2004
[18]李晓东 MPLS技术与实现 电子工业出版社 2002
[19](美)Ivan Pepelnjak,Jim Guichard MPLS和VPN体系结构 人民邮电出版社 2003
[20]石晶林/丁炜等 MPLS宽带网络互联技术 人民邮电出版社 2001
[21](美)Ivan Pepelnjak,Jim Guichard,Jeff Apcar MPLS和VPN体系结构 人民邮电出版社 2004
[22](美)Joseph C.Palais光纤通信 电子工业出版社 2006
[23]尹树华/张引发等 光纤通信工程与工程原理 人民邮电出版社 2005
[24](美)David Hucaby,Steve McQuerry Cisco现场手册(----路由器配置)人民邮电出版社 2002
[25]彭晖等 新型的骨干网路由平台--MPLS 人民邮电出版社 2002
[26]Rita Puzmanova路由与交换 人民邮电出版社 2004
[27]冯辰IP城域网建设探讨 http://www.lnic.net/sjtx_12.htm 2004年10月7日
[28]第八军团收集整理 MPLS-VPN:广域网技术的奇葩 http://www.juntuan.net/wgjs/luyou/n/2005-10-06/9061.html 2005-10-06
[29]欧振猛 城域网建设策略研究 http://www.sxsky.net/it/html/20051046027.htm 2005-10-4
[30]曹蓟光 MSTP技术及其应用研究 http://www.sxsky.net/it/html/20051046026.htm 2005-10-4
[31]基于业务和交换相分离的智能网IN(一)/http://www.sxsky.net/it/html/20051046448.htm 2005-10-4
[32]基于业务和交换相分离的智能网IN(二)http://www.sxsky.net/it/html/20051046446.htm 2005-10-4
[33]IP网QoS模型的分析与比较 http://www.sxsky.net/it/html/20051046447.htm 2005-10-4
[34]广域网技术简介 http://cisco.chinaitlab.com/colligate/3259.html
[35]ChinaITLab收集整理 关注NGN:网络融合和机对机应用 http://cisco.chinaitlab.com/colligate/38143.html 2005-11-25
[36]徐贵宝/吴文 NGOSS:下一代网络运营支撑系统 http://www.sxsky.net/it/html/20051045765.htm 2005-10-4
[37]关于DNS服务器的配置问题 http://www.jz123.cn/Article/13/154/2007/2007011218730.html 2007-1-12
[38]关于DNS配置的一、二、三、四、五讲 http://www.chinaunix.net/jh/16/78244.html 2003-05-27 http://www.chinaunix.net/jh/16/78246.html 2003-05-27 http://www.chinaunix.net/jh/16/78248.html 2003-05-27 http://www.chinaunix.net/jh/16/78250.html 2003-12-02 http://www.chinaunix.net/jh/16/78253.html 2006-11-28
[39]阿骁 架设dns全攻略 http://www.chinaunix.net/jh/16/20604.html 2006-12-05
[40]配置DNS服务器(1、2、3、4、5)http://www.xinyanet.com/Article_Show.asp?ArticleID=4643 http://www.xinyanet.com/Article_Show.asp?ArticleID=4642 http://www.xinyanet.com/Article_Show.asp?ArticleID=4641 http://www.xinyanet.com/Article_Show.asp?ArticleID=4640 http://www.xinyanet.com/Article_Show.asp?ArticleID=4639
[41]DDN概论 http://www.pcdog.com/network/netmanage/2006/11/q167640.html 2006
[42]孙学康/毛京丽 SDH技术 人民邮电出版社 2003
[43]黄子秋/莫玲玲 接入网SDH传输系统的现状和发展趋势 2005 http://news.ccidnet.com/art/1712/20050202/211729_1.html http://news.ccidnet.com/art/1712/20050202/211729_2.html
[44]邓永红 SDH概念与有线电视网 2002 http://www.c114.net/Technic/ZZHtml_20029/T2002950003214-1.shtml
[45]SDH概述 http://www.ciscobook.com/article/640.html.
[46]VPN技术概念及发展趋势 http://security.chinaitlab.com/aqjc/392591.html 2006.6.1
[47]NAT原理简介、各种ADSL Modem及路由器的端口映射方法 http://www.emule.org.cn/topic/nat/
[48]chinaitlab.com Redhat Linux9下安装DNS配置文档 2007.8.22