北京福利彩票发行中心VPN组网方案研究
摘要
北京福利彩票销售中心从2000年开始采用销售电脑彩票,采取联网式销售,取得了良好效果,销售额逐年递增。随着电脑彩票技术不断发展,新的销售系统需要全新的通信网络承载。新的通信网络需要支持以太网接口、双核心备份、支持组播、低资费等要求。由于北京网通现有的业务产品及通信网络不能完全满足福彩客户的要求,为此,在进行网络设计时,需要利用北京网通现有的网络资源,整合相关通信产品,使用适合的网络技术,为福彩中心建设一张高效、可靠的通信网络。
通过对北京福利彩票发行中心通信需求进行详细分析,结合其业务特性,与多个部门进行探讨后,制定出了基于IP公众网,使用IPSec技术组建VPN网络方案。网络结构采用双核心星型结构,使用公众IP网承载。各销售网点使用ADSL接入,核心点使用基于MSTP技术的传输网络接入,采取DMVPN技术,来组建福彩VPN专网。DMVPN是通过多点GRE (mGRE)和下一跳解析协议(NHRP)与IPSec相结合实现的。在DMVPN解决方案中,利用IPSec实现加密功能,利用GRE或多点GRE (mGRE)建立隧道,利用NHRP解决分支节点的动态地址问题。DMVPN只要求中心节点必须申请静态的公共IP地址,分支点可采用动态地址接入。
通过网络测试,证实了组网方案的可行性,之后进行网络建设工作。经过周密的网络部署,新的通信承载网在2007年初交付客户使用。通过一段时间的网络运行,北京网通对该网络进行了优化工作,使得网络结构更加合理,网络更安全。整个项目于2009年中全部完成,全面达到了预期的效果,得到了客户的认可。
Beijing Welfare Lottery Centre achieved good results for selling lottery online since 2000.The achievement is increasing every year. As e-lottery technology continues developing, the new sales system needs a new net to operate. The new communications network needs to support Ethernet interface, dual-core backup, support multicast, low tariffs and other requirements. As Beijing Netcom existing communications network and products can not fully meet customer requirements. During the period of network design, we need to take full advantage of Beijing Netcom's existing resources, use the appropriate network technology and integrate related communications products to create an efficient and reliable network for Beijing Welfare Lottery Centre.
We conducted a detailed analysis of communication requirements for Beijing Welfare Lottery Centre. Considering its business characteristics and discussing with many departments, we created IP-based public network and set up VPN based on IPSec technology. The network is star structure with dual-core network architecture whose operation is based on the usage of the public IP network. Sales outlets to use ADSL access, the core point of transmission-based MSTP network access technology, to take DMVPN technology, to form Welfare Lottery Centre VPN special network. DMVPN is through multi-point GRE (mGRE) and Next Hop Resolution Protocol (NHRP) combined with the implementation of IPSec. In DMVPN solution, the use of IPSec encryption to achieve, the use of GRE or point GRE (mGRE) to establish the tunnel, the use of NHRP to resolve the branch node dynamic address problems. DMVPN only requires the central node must apply for a static public IP address, the branch point can be dynamic address access.
Network testing made sure the feasibility of networking schemes. After a careful plan of network creating, we started to create the new network. Finally, the new communication network was delivered to customer in early 2007. Through a period of network operation, Beijing Netcom optimized the network and made the network more reasonable and secure. The entire project was completed in the middle of 2009 which fully achieved the expected results.
通过对北京福利彩票发行中心通信需求进行详细分析,结合其业务特性,与多个部门进行探讨后,制定出了基于IP公众网,使用IPSec技术组建VPN网络方案。网络结构采用双核心星型结构,使用公众IP网承载。各销售网点使用ADSL接入,核心点使用基于MSTP技术的传输网络接入,采取DMVPN技术,来组建福彩VPN专网。DMVPN是通过多点GRE (mGRE)和下一跳解析协议(NHRP)与IPSec相结合实现的。在DMVPN解决方案中,利用IPSec实现加密功能,利用GRE或多点GRE (mGRE)建立隧道,利用NHRP解决分支节点的动态地址问题。DMVPN只要求中心节点必须申请静态的公共IP地址,分支点可采用动态地址接入。
通过网络测试,证实了组网方案的可行性,之后进行网络建设工作。经过周密的网络部署,新的通信承载网在2007年初交付客户使用。通过一段时间的网络运行,北京网通对该网络进行了优化工作,使得网络结构更加合理,网络更安全。整个项目于2009年中全部完成,全面达到了预期的效果,得到了客户的认可。
Beijing Welfare Lottery Centre achieved good results for selling lottery online since 2000.The achievement is increasing every year. As e-lottery technology continues developing, the new sales system needs a new net to operate. The new communications network needs to support Ethernet interface, dual-core backup, support multicast, low tariffs and other requirements. As Beijing Netcom existing communications network and products can not fully meet customer requirements. During the period of network design, we need to take full advantage of Beijing Netcom's existing resources, use the appropriate network technology and integrate related communications products to create an efficient and reliable network for Beijing Welfare Lottery Centre.
We conducted a detailed analysis of communication requirements for Beijing Welfare Lottery Centre. Considering its business characteristics and discussing with many departments, we created IP-based public network and set up VPN based on IPSec technology. The network is star structure with dual-core network architecture whose operation is based on the usage of the public IP network. Sales outlets to use ADSL access, the core point of transmission-based MSTP network access technology, to take DMVPN technology, to form Welfare Lottery Centre VPN special network. DMVPN is through multi-point GRE (mGRE) and Next Hop Resolution Protocol (NHRP) combined with the implementation of IPSec. In DMVPN solution, the use of IPSec encryption to achieve, the use of GRE or point GRE (mGRE) to establish the tunnel, the use of NHRP to resolve the branch node dynamic address problems. DMVPN only requires the central node must apply for a static public IP address, the branch point can be dynamic address access.
Network testing made sure the feasibility of networking schemes. After a careful plan of network creating, we started to create the new network. Finally, the new communication network was delivered to customer in early 2007. Through a period of network operation, Beijing Netcom optimized the network and made the network more reasonable and secure. The entire project was completed in the middle of 2009 which fully achieved the expected results.
引文
[1]唐保民。电信网技术基础。人民邮电出版社,2001年
[2]纪越峰综合业务接入技术。北京:北京邮电大学出版社,1999年
[3]谭国权,趋成熟的城域以太网技术
[4]聂飞翔,构建可运营、可管理、电信级的光以太网,电信工程技术与标准化,2003.2
[5]Carlton R.Davis IPSec:Securing VPNs IPSec:VPN的安全实施清华大学出版社2002.01
[6]Vijav Bollapragada, Mohamed Khalid IPSec VPN Design IPSec VPN设计人民邮电出版社2006.05
[7]金汉均 仲红 汪双顶 VPN虚拟专用网安全实践教程清华大学出版社2010年1月
[2]纪越峰综合业务接入技术。北京:北京邮电大学出版社,1999年
[3]谭国权,趋成熟的城域以太网技术
[4]聂飞翔,构建可运营、可管理、电信级的光以太网,电信工程技术与标准化,2003.2
[5]Carlton R.Davis IPSec:Securing VPNs IPSec:VPN的安全实施清华大学出版社2002.01
[6]Vijav Bollapragada, Mohamed Khalid IPSec VPN Design IPSec VPN设计人民邮电出版社2006.05
[7]金汉均 仲红 汪双顶 VPN虚拟专用网安全实践教程清华大学出版社2010年1月
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |