[go: up one dir, main page]

CN220693169U - Core network architecture - Google Patents

Core network architecture Download PDF

Info

Publication number
CN220693169U
CN220693169U CN202322347882.6U CN202322347882U CN220693169U CN 220693169 U CN220693169 U CN 220693169U CN 202322347882 U CN202322347882 U CN 202322347882U CN 220693169 U CN220693169 U CN 220693169U
Authority
CN
China
Prior art keywords
data center
center module
network
core
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202322347882.6U
Other languages
Chinese (zh)
Inventor
杨有霞
杨兴
祁生斌
肖华
李永鑫
蒋含强
张岩
刁才郎
马德俊
尉蕊昕
郑积元
郭长君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Qinghai Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical State Grid Qinghai Electric Power Co Ltd
Priority to CN202322347882.6U priority Critical patent/CN220693169U/en
Application granted granted Critical
Publication of CN220693169U publication Critical patent/CN220693169U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请公开了一种核心网架构。其中,包括:第一数据中心模块和第二数据中心模块,其中,第一数据中心模块与第二数据中心模块相连,且第一数据中心模块与第二数据中心模块的组成单元相同,均包括:网管服务器和心跳网交换机;网管服务器,用于管理和监控核心网中的网络设备,并为用户提供业务服务;心跳网交换机与网管服务器连接,且第一数据中心模块的心跳网交换机与第二数据中心模块的心跳网交换机连接,用于在第一数据中心模块和第二数据中心模块之间传递控制信息、配置信息和进行数据同步。本申请解决了由于相关技术中的通信系统网管网安全防护水平差,造成易发生因通信设备异常带来的网络安全运行隐患的技术问题。

The present application discloses a core network architecture. It includes: a first data center module and a second data center module, wherein the first data center module is connected to the second data center module, and the first data center module and the second data center module have the same component units, both including: a network management server and a heartbeat network switch; the network management server is used to manage and monitor network equipment in the core network and provide business services to users; the heartbeat network switch is connected to the network management server, and the heartbeat network switch of the first data center module is connected to the heartbeat network switch of the second data center module, which is used to transmit control information, configuration information and synchronize data between the first data center module and the second data center module. The present application solves the technical problem that due to the poor security protection level of the network management network of the communication system in the related technology, it is easy to cause network security operation risks caused by abnormal communication equipment.

Description

核心网架构Core network architecture

技术领域Technical field

本申请涉及网络通信技术领域,具体而言,涉及一种核心网架构。This application relates to the field of network communication technology, specifically, to a core network architecture.

背景技术Background technique

随着电网新型电力系统建设的加快,电力通信网规模日益增加,电网对电力通信网的安全稳定性及承载力提出了更高的要求。相关技术中的通信系统网管网集中监控能力及安全防护水平差,易发生因通信设备异常带来的网络安全运行隐患。With the acceleration of the construction of new power systems in the power grid, the scale of power communication networks is increasing day by day, and the power grid has put forward higher requirements for the security, stability and carrying capacity of power communication networks. The communication system network management network in related technologies has poor centralized monitoring capabilities and poor security protection levels, and is prone to network security operation risks caused by abnormal communication equipment.

针对上述的问题,目前尚未提出有效的解决方案。To address the above-mentioned problems, no effective solution has been proposed yet.

实用新型内容Utility model content

本申请实施例提供了一种核心网架构,以至少解决由于相关技术中的通信系统网管网安全防护水平差,造成易发生因通信设备异常带来的网络安全运行隐患的技术问题。Embodiments of the present application provide a core network architecture to at least solve the technical problem that due to the poor security protection level of the communication system network management network in related technologies, network security operation hazards caused by abnormal communication equipment are prone to occur.

根据本申请实施例的一个方面,提供了一种核心网架构,包括:第一数据中心模块和第二数据中心模块,其中,第一数据中心模块与第二数据中心模块相连,且第一数据中心模块与第二数据中心模块的组成单元相同,均包括:网管服务器和心跳网交换机;网管服务器,用于管理和监控核心网中的网络设备,并为用户提供业务服务;心跳网交换机与网管服务器连接,且第一数据中心模块的心跳网交换机与第二数据中心模块的心跳网交换机连接,用于在第一数据中心模块和第二数据中心模块之间传递控制信息、配置信息和进行数据同步。According to one aspect of an embodiment of the present application, a core network architecture is provided, including: a first data center module and a second data center module, wherein the first data center module is connected to the second data center module, and the first data center module and the second data center module have the same component units, both including: a network management server and a heartbeat network switch; the network management server is used to manage and monitor network equipment in the core network and provide business services to users; the heartbeat network switch is connected to the network management server, and the heartbeat network switch of the first data center module is connected to the heartbeat network switch of the second data center module, for transmitting control information, configuration information and performing data synchronization between the first data center module and the second data center module.

可选地,第一数据中心模块和第二数据中心模块中均包括客户端接入交换机,其中,客户端接入交换机均同时与第一数据中心模块的核心交换机,以及第二数据中心模块的核心交换机连接,客户端接入交换机用于为网管客户端提供接入服务。Optionally, both the first data center module and the second data center module include client access switches, wherein the client access switches are simultaneously connected to the core switch of the first data center module and the second data center module. Core switch connection, client access switch is used to provide access services for network management clients.

可选地,网管客户端与客户端接入交换机连接,用于为目标对象提供对核心网中网络设备进行监控、管理和配置的前端交互界面。Optionally, the network management client is connected to the client access switch, and is used to provide the target object with a front-end interactive interface for monitoring, managing, and configuring network equipment in the core network.

可选地,核心交换机通过业务交换机与网管服务器连接,用于负责转发核心网中的数据流量。Optionally, the core switch is connected to the network management server through the service switch and is responsible for forwarding data traffic in the core network.

可选地,第一数据中心模块和第二数据中心模块中的业务交换机均同时与第一数据中心模块的核心交换机,以及第二数据中心模块的核心交换机连接,业务交换机用于实现对不同业务流量的转发和交换。Optionally, the service switches in the first data center module and the second data center module are connected to the core switch of the first data center module and the core switch of the second data center module at the same time, and the service switches are used to implement different services. Traffic forwarding and switching.

可选地,第一数据中心模块的核心交换机和第二数据中心模块的核心交换机分别与一个负载均衡设备连接,且第一数据中心模块的核心交换机与第二数据中心模块的核心交换机之间相互连接,其中,负载均衡设备用于将网络流量均匀地分配到核心网中不同的服务器或网络设备。Optionally, the core switch of the first data center module and the core switch of the second data center module are respectively connected to a load balancing device, and the core switch of the first data center module and the core switch of the second data center module are interconnected, wherein the load balancing device is used to evenly distribute network traffic to different servers or network devices in the core network.

可选地,第一数据中心模块的核心交换机和第二数据中心模块的核心交换机均同时与第一数据中心模块的出口路由和第二数据中心模块的出口路由连接,其中,出口路由用于连通核心网与外部网络。Optionally, the core switch of the first data center module and the core switch of the second data center module are both connected to the egress route of the first data center module and the egress route of the second data center module at the same time, where the egress route is used for connectivity. Core network and external network.

可选地,第一数据中心模块的出口路由与第二数据中心模块的出口路由之间通过裸光纤进行互联。Optionally, the egress route of the first data center module and the egress route of the second data center module are interconnected through bare optical fiber.

可选地,核心交换机与出口路由之间进行连接的每条链路上均连接有边界防火墙,其中,边界防火墙用于监控和过滤进出核心网的网络流量。Optionally, a border firewall is connected to each link between the core switch and the egress route. The border firewall is used to monitor and filter network traffic in and out of the core network.

可选地,核心交换机与出口路由之间进行连接的每条链路上还均连接有纵向加密设备,其中,纵向加密设备用于对链路中传输的链路进行加密和解密。Optionally, each link connecting the core switch and the egress route is also connected to a vertical encryption device, where the vertical encryption device is used to encrypt and decrypt links transmitted in the link.

在本申请实施例中,采用第一数据中心模块和第二数据中心模块,其中,第一数据中心模块与第二数据中心模块相连,且第一数据中心模块与第二数据中心模块的组成单元相同,均包括:网管服务器和心跳网交换机;网管服务器,用于管理和监控核心网中的网络设备,并为用户提供业务服务;心跳网交换机与网管服务器连接,且第一数据中心模块的心跳网交换机与第二数据中心模块的心跳网交换机连接,用于在第一数据中心模块和第二数据中心模块之间传递控制信息、配置信息和进行数据同步的方式,通过两个数据中心互为备份,两个数据中心共享存储、网络以及服务器资源,两个数据中心均可对外提供服务,达到了使整个系统具有业务负载均衡和自动故障切换功能的目的,进而解决了由于相关技术中的通信系统网管网安全防护水平差,造成易发生因通信设备异常带来的网络安全运行隐患技术问题。In the embodiment of the present application, a first data center module and a second data center module are used, wherein the first data center module is connected to the second data center module, and the constituent units of the first data center module and the second data center module are The same, including: network management server and heartbeat network switch; network management server, used to manage and monitor network equipment in the core network, and provide business services to users; heartbeat network switch is connected to the network management server, and the heartbeat of the first data center module The network switch is connected to the heartbeat network switch of the second data center module and is used to transmit control information, configuration information and data synchronization between the first data center module and the second data center module. The two data centers communicate with each other. Backup, two data centers share storage, network and server resources. Both data centers can provide services to the outside world, achieving the purpose of making the entire system have business load balancing and automatic failover functions, thus solving the communication problems in related technologies. The level of security protection of the system network management network is poor, which makes it prone to technical problems such as network security operation risks caused by abnormal communication equipment.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the present application and constitute a part of the present application. The illustrative embodiments of the present application and their descriptions are used to explain the present application and do not constitute an improper limitation of the present application. In the attached picture:

图1是根据本申请实施例提供的一种核心网架构的结构示意图;FIG1 is a schematic diagram of a core network architecture according to an embodiment of the present application;

图2是根据本申请实施例提供的一种网管网核心层备份设计的示意图。Figure 2 is a schematic diagram of a network management network core layer backup design provided according to an embodiment of the present application.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those in the technical field to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only These are part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of this application.

需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.

在相关技术中,通信系统网管网集中监控能力及安全防护水平差,因此,存在易发生因通信设备异常带来的网络安全运行隐患问题。为了解决该问题,本申请实施例中提供了相关的解决方案,以下详细说明。In the related art, the centralized monitoring capability and security protection level of the communication system network management network are poor, so there is a problem of network security operation hidden dangers caused by abnormal communication equipment. In order to solve this problem, the embodiments of the present application provide relevant solutions, which are described in detail below.

根据本申请实施例,提供了一种核心网架构的实施例,图1是根据本申请实施例提供的一种核心网架构的结构示意图,如图1所示,包括:第一数据中心模块和第二数据中心模块,其中,According to an embodiment of the present application, an embodiment of a core network architecture is provided. FIG. 1 is a structural diagram of a core network architecture provided according to an embodiment of the present application. As shown in FIG. 1 , the core network architecture includes: a first data center module and a second data center module, wherein:

第一数据中心模块与第二数据中心模块相连,且第一数据中心模块与第二数据中心模块的组成单元相同,均包括:网管服务器和心跳网交换机;The first data center module is connected to the second data center module, and the first data center module and the second data center module have the same components, including: a network management server and a heartbeat network switch;

具体地,为保障核心网的可靠性,本申请方案采用两个数据中心模块(第一数据中心模块和第二数据中心模块)互为备份,两个数据中心模块共享存储、网络以及服务器资源,两个数据中心模块均可对外提供服务,整个系统具有业务负载均衡和自动故障切换功能。Specifically, in order to ensure the reliability of the core network, the solution of this application uses two data center modules (the first data center module and the second data center module) to back up each other. The two data center modules share storage, network and server resources. Both data center modules can provide external services, and the entire system has business load balancing and automatic failover functions.

网管服务器,用于管理和监控核心网中的网络设备,并为用户提供业务服务;Network management server is used to manage and monitor network equipment in the core network and provide business services to users;

其中,网管服务器是通信网中的关键设备,其作用主要包括以下几个方面:网络监控和管理:网管服务器可以监控和管理通信网中的网络设备,包括交换机、路由器、防火墙、服务器等。通过网管服务器和网关客户端,管理员可以实时监测网络设备的运行状态和性能指标,及时发现和解决网络故障和问题。配置和管理网络设备:网管服务器可以集中管理网络设备的配置信息,包括IP地址、路由表、访问控制列表等。管理员可以通过网管服务器对网络设备进行集中配置和管理,提高配置的一致性和可靠性。安全管理和防护:网管服务器可以实施网络安全策略,包括访问控制、入侵检测和防御、流量监测和限制等。通过网管服务器,管理员可以对网络设备进行安全管理和防护,保障通信网的安全性和可靠性。性能优化和故障排除:网管服务器可以收集和分析网络设备的性能数据,包括带宽利用率、延迟、丢包率等。管理员可以通过网管服务器对网络设备的性能进行优化,提高网络的可用性和性能。同时,网管服务器还可以帮助管理员定位和排除网络故障,缩短故障恢复时间。资源管理和优化:网管服务器可以对网络设备的资源进行管理和优化,包括端口利用率、带宽分配、负载均衡等。通过网管服务器,管理员可以对网络资源进行有效配置和管理,提高资源利用效率和网络的可靠性。总之,网管服务器在通信网中起着监控、管理、配置、安全、性能优化和故障排除等多方面的重要作用,对于保障通信网络的正常运行和提高网络性能至关重要。Among them, the network management server is a key device in the communication network, and its functions mainly include the following aspects: Network monitoring and management: The network management server can monitor and manage network equipment in the communication network, including switches, routers, firewalls, servers, etc. Through the network management server and gateway client, administrators can monitor the operating status and performance indicators of network equipment in real time, and promptly discover and solve network faults and problems. Configure and manage network devices: The network management server can centrally manage the configuration information of network devices, including IP addresses, routing tables, access control lists, etc. Administrators can centrally configure and manage network devices through the network management server to improve configuration consistency and reliability. Security management and protection: The network management server can implement network security policies, including access control, intrusion detection and prevention, traffic monitoring and restrictions, etc. Through the network management server, administrators can safely manage and protect network equipment to ensure the security and reliability of the communication network. Performance optimization and troubleshooting: The network management server can collect and analyze performance data of network equipment, including bandwidth utilization, delay, packet loss rate, etc. Administrators can optimize the performance of network equipment through the network management server to improve network availability and performance. At the same time, the network management server can also help administrators locate and eliminate network faults and shorten fault recovery time. Resource management and optimization: The network management server can manage and optimize the resources of network equipment, including port utilization, bandwidth allocation, load balancing, etc. Through the network management server, administrators can effectively configure and manage network resources to improve resource utilization efficiency and network reliability. In short, the network management server plays an important role in monitoring, management, configuration, security, performance optimization and troubleshooting in the communication network. It is crucial to ensure the normal operation of the communication network and improve network performance.

具体地,两个数据中心模块分别部署多台网管服务器设备。在第一数据中心模块和第二数据中心模块各部署网管系统,组成一个集群,为两数据中心主机业务同时提供读写服务;为了实现两个数据中心模块的网管服务器设备的统一管理,还可以部署统一容灾管理软件,通过统一容灾管理软件实现双中心的可视化管理,并通过管理软件直观的展示双活业务的物理拓扑。Specifically, multiple network management server devices are deployed in the two data center modules respectively. A network management system is deployed in each of the first data center module and the second data center module to form a cluster, which provides read and write services for the host services of the two data centers at the same time; in order to achieve unified management of the network management server devices of the two data center modules, unified disaster recovery management software can also be deployed to achieve visual management of the two centers through the unified disaster recovery management software, and intuitively display the physical topology of the active-active service through the management software.

心跳网交换机与网管服务器连接,且第一数据中心模块的心跳网交换机与第二数据中心模块的心跳网交换机连接,用于在第一数据中心模块和第二数据中心模块之间传递控制信息、配置信息和进行数据同步。The heartbeat network switch is connected to the network management server, and the heartbeat network switch of the first data center module is connected to the heartbeat network switch of the second data center module for transmitting control information between the first data center module and the second data center module. Configuration information and data synchronization.

其中,心跳网交换机的作用主要有以下几个方面:心跳监测:心跳网交换机会定期发送心跳信号到网络中的其他节点,用于监测各个节点的存活状态。如果某个节点长时间未收到心跳信号,则可以判断该节点可能出现故障或断网,从而采取相应的措施。数据传输:心跳网交换机可以实现节点间的数据传输。当一个节点需要向其他节点发送数据时,可以通过心跳网交换机进行路由选择和转发,保证数据在网络中的高效传输。数据同步:心跳网交换机可以实现节点间的数据同步。当一个节点需要与其他节点进行数据同步时,可以通过心跳网交换机进行数据的复制和传输,保证各个节点之间的数据一致性。总之,心跳网交换机在心跳网络中起到了监测节点状态、传输数据和同步数据的重要作用,提高了网络的可靠性和可用性。Among them, the main functions of the heartbeat network switch are as follows: Heartbeat monitoring: The heartbeat network switch will regularly send heartbeat signals to other nodes in the network to monitor the survival status of each node. If a node does not receive a heartbeat signal for a long time, it can be determined that the node may be faulty or disconnected, and corresponding measures can be taken. Data transmission: Heartbeat network switches can realize data transmission between nodes. When a node needs to send data to other nodes, routing and forwarding can be performed through the heartbeat network switch to ensure efficient transmission of data in the network. Data synchronization: Heartbeat network switches can achieve data synchronization between nodes. When a node needs to synchronize data with other nodes, the data can be copied and transmitted through the heartbeat network switch to ensure data consistency between each node. In short, heartbeat network switches play an important role in monitoring node status, transmitting data, and synchronizing data in the heartbeat network, improving the reliability and availability of the network.

在本申请方案中采用数据传输链路与心跳链路分离设计的原则。通过VLAN(Virtual Local Area Network,虚拟局域网)或VRF((Virtual Routing and Forwarding,虚拟路由及转发)隔离端到端流量,同时分配独立的物理互联链路,做到业务流量与集群心跳分离流量,互不影响。采用二层以太网络实现双中心间主机应用集群的心跳、同步互联链路通信。In this application solution, the principle of separate design of data transmission links and heartbeat links is adopted. Isolate end-to-end traffic through VLAN (Virtual Local Area Network, virtual LAN) or VRF (Virtual Routing and Forwarding, virtual routing and forwarding), and allocate independent physical interconnection links to separate business traffic and cluster heartbeat traffic. They do not affect each other. Layer 2 Ethernet is used to realize the heartbeat and synchronous interconnection link communication of the host application cluster between the two centers.

下面对本申请实施例的核心网架构进一步进行介绍。The core network architecture of the embodiment of the present application is further introduced below.

图2是根据本申请实施例提供的一种网管网核心层备份设计的示意图,如图2所示。FIG2 is a schematic diagram of a network management network core layer backup design provided according to an embodiment of the present application, as shown in FIG2 .

本申请方案将核心网划分为接入层、核心层和出口层,下面分别对各层的结构进行介绍。This application plan divides the core network into the access layer, the core layer and the egress layer. The structure of each layer is introduced below.

其中,接入层包括:多台客户端接入交换机、业务交换机、心跳网交换机等,在本实施例中,以每个数据中心模块中部署2台客户端接入交换机、2台业务交换机、2台心跳网交换机为例进行说明。Among them, the access layer includes: multiple client access switches, service switches, heartbeat network switches, etc. In this embodiment, 2 client access switches, 2 service switches, and Two heartbeat network switches are used as an example for explanation.

在本实施例中,第一数据中心模块中的2台心跳网交换机通过堆叠虚拟成为一台设备,与对端数据中心(第二数据中心模块)心跳网交换机进行互联,第一数据中心模块中的心跳网交换机同理。In this embodiment, the two heartbeat network switches in the first data center module are virtualized into one device through stacking, and are interconnected with the heartbeat network switches in the opposite data center (the second data center module). The same applies to heartbeat network switches.

4台心跳网业务交换机可以通过裸光纤进行10GE级联,传递控制信息、配置信息和数据同步。Four heartbeat network service switches can be cascaded through 10GE through bare optical fiber to transmit control information, configuration information and data synchronization.

在本申请的一些实施例中,第一数据中心模块和第二数据中心模块中均包括客户端接入交换机,其中,客户端接入交换机均同时与第一数据中心模块的核心交换机,以及第二数据中心模块的核心交换机连接,客户端接入交换机用于为网管客户端提供接入服务。In some embodiments of the present application, both the first data center module and the second data center module include client access switches, wherein the client access switches are simultaneously connected to the core switch of the first data center module, and the third data center module The core switch of the second data center module is connected, and the client access switch is used to provide access services for network management clients.

在本申请的一些实施例中,网管客户端与客户端接入交换机连接,用于为目标对象提供对核心网中网络设备进行监控、管理和配置的前端交互界面。In some embodiments of the present application, the network management client is connected to the client access switch and is used to provide the target object with a front-end interactive interface for monitoring, managing, and configuring network equipment in the core network.

具体地,客户端接入交换机通过10GE双链路做堆叠简化配置和管理,采用千兆单链路下联到网管客户端,万兆双链路分别上联到第一数据中心模块和第二数据中心模块的核心交换机,提高冗余性及可靠性,同时为客户端用户提供接入需求。Specifically, the client access switch is stacked through 10GE dual links to simplify configuration and management. A gigabit single link is used to connect down to the network management client, and a 10GE dual link is used to connect to the first data center module and the second data center respectively. The core switch of the central module improves redundancy and reliability while providing access needs for client users.

在本申请的一些实施例中,核心交换机通过业务交换机与网管服务器连接,用于负责转发核心网中的数据流量。In some embodiments of this application, the core switch is connected to the network management server through the service switch and is responsible for forwarding data traffic in the core network.

在本申请的一些实施例中,第一数据中心模块和第二数据中心模块中的业务交换机均同时与第一数据中心模块的核心交换机,以及第二数据中心模块的核心交换机连接,业务交换机用于实现对不同业务流量的转发和交换。In some embodiments of the present application, the service switches in the first data center module and the second data center module are both connected to the core switch of the first data center module and the core switch of the second data center module at the same time. The service switches use To realize the forwarding and exchange of different business traffic.

具体地,业务交换机同样采用堆叠简化网络结构和协议部署,通过10GE光纤下联到网管服务器,以及,通过10GE光纤上联到第一数据中心模块及第二数据中心模块的核心交换机。Specifically, the service switches also use stacking to simplify network structure and protocol deployment, and are connected down to the network management server through 10GE optical fiber, and uplinked to the core switches of the first data center module and the second data center module through 10GE optical fiber.

下面对核心层进行进一步介绍。The core layer is further introduced below.

在本申请的一些实施例中,第一数据中心模块的核心交换机和第二数据中心模块的核心交换机分别与一个负载均衡设备连接,且第一数据中心模块的核心交换机与第二数据中心模块的核心交换机之间相互连接,其中,负载均衡设备用于将网络流量均匀地分配到核心网中不同的服务器或网络设备。In some embodiments of the present application, the core switch of the first data center module and the core switch of the second data center module are respectively connected to a load balancing device, and the core switch of the first data center module is connected to the core switch of the second data center module. Core switches are connected to each other, and load balancing devices are used to evenly distribute network traffic to different servers or network devices in the core network.

在本实施例中,核心网中第一数据中心模块和第二数据中心模块的核心层各部署1台核心交换机,下联客户端接入交换机和业务交换机,旁挂负载均衡设备,上联边界安全设备(例如,边界防火墙等),转发核心网中的网络流量,负责整个网管网络的高速互联。In this embodiment, one core switch is deployed at the core layer of the first data center module and the second data center module in the core network. Downlink client access switches and service switches are connected to the load balancing equipment. Uplink boundary security Equipment (for example, border firewall, etc.) forwards network traffic in the core network and is responsible for high-speed interconnection of the entire network management network.

其中,负载均衡设备主要用于分发和管理网络流量,以确保网络资源的高效利用和平衡负载。在本实施例中核心网中的负载均衡设备可以包括但不限于至少之一:负载均衡器(Load Balancer):负载均衡器是一种能够将流量分发到多个服务器或网络设备的设备。它根据预设的负载均衡算法,如轮询、加权轮询、最小连接等,将流量均匀地分发到不同的服务器上,以避免单个服务器过载。链路负载均衡器(Link Load Balancer):链路负载均衡器用于将流量分发到不同的网络链路上,以实现网络链路的负载均衡。它可以根据链路的负载情况和性能指标,选择合适的链路来分发流量,以提高网络的可靠性和性能。服务器负载均衡器(Server Load Balancer):服务器负载均衡器用于将流量分发到多个服务器上,以平衡服务器的负载。它可以根据服务器的负载情况、性能指标和健康状态,选择合适的服务器来分发流量,以提高服务器的可用性和性能。DNS负载均衡器(DNS LoadBalancer):DNS负载均衡器通过对域名解析的结果进行负载均衡,将流量分发到多个服务器上。它可以根据服务器的负载情况和性能指标,选择合适的服务器IP地址返回给客户端,以实现流量的负载均衡。Among them, load balancing equipment is mainly used to distribute and manage network traffic to ensure efficient utilization of network resources and load balancing. In this embodiment, the load balancing device in the core network may include but is not limited to at least one of: Load Balancer: A load balancer is a device that can distribute traffic to multiple servers or network devices. It evenly distributes traffic to different servers based on preset load balancing algorithms, such as round-robin, weighted round-robin, minimum connection, etc., to avoid overloading a single server. Link Load Balancer: Link load balancer is used to distribute traffic to different network links to achieve load balancing of network links. It can select appropriate links to distribute traffic based on link load conditions and performance indicators to improve network reliability and performance. Server Load Balancer: Server Load Balancer is used to distribute traffic to multiple servers to balance the load of the server. It can select appropriate servers to distribute traffic based on the server's load, performance indicators and health status to improve server availability and performance. DNS Load Balancer: DNS load balancer distributes traffic to multiple servers by load balancing the results of domain name resolution. It can select the appropriate server IP address and return it to the client based on the server's load condition and performance indicators to achieve traffic load balancing.

负载均衡设备可以通过配置、监控和管理软件来实现负载均衡策略的调整和流量的监控。它们在核心网中起着关键的作用,可以提高网络的性能、可靠性和可扩展性。Load balancing equipment can adjust load balancing policies and monitor traffic through configuration, monitoring and management software. They play a key role in the core network and can improve the performance, reliability and scalability of the network.

2台核心交换机可以采用10GE级联,通过2对裸光纤,对出口网络进行备份。Two core switches can be cascaded using 10GE to back up the egress network through two pairs of bare optical fibers.

作为一种可选的实施方式,还可以将通信管理系统(SG-TMS)通过横向隔离与第一数据中心模块及第二数据中心模块的核心交换机互联,具体地,SG-TMS系统分别通过裸光纤与第一数据中心模块和第二数据中心模块的核心交换机进行互联,SG-TMS系统与各网管系统路由可达,通过北向接口进行数据采集及指令下发,提供资源数据的常态化管理,同时提供多厂商设备的实时监控;As an optional implementation, the communication management system (SG-TMS) can also be interconnected with the core switches of the first data center module and the second data center module through horizontal isolation. Specifically, the SG-TMS system uses bare The optical fiber is interconnected with the core switches of the first data center module and the second data center module. The SG-TMS system is reachable by route to each network management system. It collects data and issues instructions through the northbound interface to provide normalized management of resource data. Provide real-time monitoring of equipment from multiple manufacturers at the same time;

其中,通信管理系统(SG-TMS)是一种用于管理和监控通信网络的软件系统。它可以帮助有效地管理和维护其通信设备和网络。SG-TMS具有以下功能:设备管理:SG-TMS可以监控和管理通信设备,如路由器、交换机、防火墙等。它可以检测设备的状态、性能和健康状况,并提供实时警报和通知。网络监控:SG-TMS可以监控整个通信网络的性能和流量。它可以实时监测网络的吞吐量、延迟和丢包率,并生成报告和统计数据。故障管理:SG-TMS可以帮助识别和解决通信网络中的故障。它可以自动检测故障并发送警报,同时提供故障排除和故障恢复的指导。配置管理:SG-TMS可以集中管理和配置通信设备的设置。它可以帮助管理员远程配置设备、备份和恢复配置,并确保设备之间的一致性。安全管理:SG-TMS可以监控和管理通信网络的安全性。它可以检测和阻止潜在的安全威胁,并提供安全审计和日志记录功能。通过使用SG-TMS,可以提高通信网络的可靠性、性能和安全性,减少故障和停机时间,并提高运维效率。Among them, the communication management system (SG-TMS) is a software system used to manage and monitor communication networks. It helps effectively manage and maintain their communications equipment and networks. SG-TMS has the following functions: Device management: SG-TMS can monitor and manage communication devices, such as routers, switches, firewalls, etc. It detects the status, performance, and health of your device and provides real-time alerts and notifications. Network monitoring: SG-TMS can monitor the performance and traffic of the entire communication network. It can monitor network throughput, latency, and packet loss in real time and generate reports and statistics. Fault management: SG-TMS can help identify and resolve faults in communication networks. It automatically detects faults and sends alerts, while providing guidance on troubleshooting and recovery. Configuration management: SG-TMS can centrally manage and configure the settings of communication devices. It helps administrators configure devices remotely, backup and restore configurations, and ensure consistency across devices. Security management: SG-TMS can monitor and manage the security of communication networks. It detects and blocks potential security threats and provides security auditing and logging capabilities. By using SG-TMS, the reliability, performance and security of communication networks can be improved, faults and downtime can be reduced, and operation and maintenance efficiency can be improved.

下面对出口层进行进一步介绍。出口层是核心网(内部网络)到外部网络的边界,在本实施例中,在出口层每个数据中心模块中部署:出口路由器、纵向加密设备、边界防火墙等。The export layer is further introduced below. The egress layer is the boundary from the core network (internal network) to the external network. In this embodiment, egress routers, vertical encryption devices, border firewalls, etc. are deployed in each data center module of the egress layer.

在本申请的一些实施例中,第一数据中心模块的核心交换机和第二数据中心模块的核心交换机均同时与第一数据中心模块的出口路由和第二数据中心模块的出口路由连接,其中,出口路由用于连通核心网与外部网络。In some embodiments of the present application, the core switch of the first data center module and the core switch of the second data center module are both connected to the egress route of the first data center module and the egress route of the second data center module at the same time, wherein, Egress routing is used to connect the core network and external networks.

在本申请的一些实施例中,第一数据中心模块的出口路由与第二数据中心模块的出口路由之间通过裸光纤进行互联。In some embodiments of the present application, the egress route of the first data center module and the egress route of the second data center module are interconnected via a bare optical fiber.

在本申请的一些实施例中,核心交换机与出口路由之间进行连接的每条链路上均连接有边界防火墙,其中,边界防火墙用于监控和过滤进出核心网的网络流量。In some embodiments of the present application, a border firewall is connected to each link connecting the core switch and the egress router, wherein the border firewall is used to monitor and filter network traffic entering and leaving the core network.

在本申请的一些实施例中,核心交换机与出口路由之间进行连接的每条链路上还均连接有纵向加密设备,其中,纵向加密设备用于对链路中传输的链路进行加密和解密。In some embodiments of the present application, each link connecting the core switch and the egress route is also connected to a vertical encryption device, where the vertical encryption device is used to encrypt and encrypt the links transmitted in the link. Decrypt.

其中,出口路由用于解决内外网互通的问题,具体地,核心网中出口路由器的作用是将来自本地网络的数据包传送到目标网络中。出口路由器负责查找最佳路径,根据路由表将数据包转发到下一个网络节点,直到最终到达目标网络。出口路由器还可以进行网络地址转换(NAT)和网络包过滤等功能,增加网络安全性并优化网络性能。Among them, egress routing is used to solve the problem of interconnection between internal and external networks. Specifically, the role of the egress router in the core network is to transmit data packets from the local network to the target network. The egress router is responsible for finding the best path and forwarding the packet to the next network node according to the routing table until it finally reaches the destination network. The egress router can also perform functions such as network address translation (NAT) and network packet filtering to increase network security and optimize network performance.

纵向加密设备和防火墙用于提供边界安全防护能力,具体地,核心网中纵向加密设备的作用是对数据进行加密,以保护数据的机密性和完整性。通过加密数据,可以防止未经授权的个人或组织获取敏感信息,确保数据在传输过程中不被篡改或窃取。边界防火墙的作用是保护核心网与外部网络之间的边界,防止未经授权的访问和攻击。边界防火墙可以监控和过滤进出核心网的网络流量,根据设定的安全策略,阻止潜在的威胁和恶意活动,提高核心网的安全性和稳定性。Vertical encryption devices and firewalls are used to provide boundary security protection capabilities. Specifically, the role of vertical encryption devices in the core network is to encrypt data to protect the confidentiality and integrity of the data. By encrypting data, you can prevent unauthorized individuals or organizations from obtaining sensitive information and ensure that data is not tampered with or stolen during transmission. The function of the border firewall is to protect the boundary between the core network and the external network to prevent unauthorized access and attacks. The border firewall can monitor and filter network traffic in and out of the core network, block potential threats and malicious activities according to the set security policy, and improve the security and stability of the core network.

综合来说,纵向加密设备和边界防火墙在核心网中的作用是加强数据的安全性和保护核心网免受网络攻击的影响。In summary, the role of vertical encryption devices and border firewalls in the core network is to enhance data security and protect the core network from network attacks.

具体地,两个数据中心模块的出口路由器之间通过裸光纤进行互联;第一数据中心模块的核心交换机上联边界防火墙及纵向加密设备,与第二数据中心模块的出口路由器进行互联;第二数据中心模块的核心交换机上联边界防火墙及纵向加密设备,与第一数据中心模块的出口路由器进行互联,传递业务数据。Specifically, the egress routers of the two data center modules are interconnected through bare optical fiber; the core switch of the first data center module is connected to the border firewall and vertical encryption device, and is interconnected with the egress router of the second data center module; The core switch of the data center module is connected to the border firewall and vertical encryption equipment, and is interconnected with the egress router of the first data center module to transmit business data.

通过上述方案,通过两个数据中心互为备份,两个数据中心共享存储、网络以及服务器资源,两个数据中心均可对外提供服务,达到了使整个系统具有业务负载均衡和自动故障切换功能的目的,提升了通信系统集中监控能力及安全防护水平,提高通信设备监控可靠性及安全性,进而解决了由于相关技术中的通信系统网管网安全防护水平差,造成易发生因通信设备异常带来的网络安全运行隐患技术问题。Through the above solution, the two data centers back up each other. The two data centers share storage, network and server resources. Both data centers can provide services to the outside world, achieving the goal of enabling the entire system to have business load balancing and automatic failover functions. The purpose is to improve the centralized monitoring capabilities and security protection level of the communication system, improve the reliability and security of communication equipment monitoring, and then solve the problem of easy occurrences caused by abnormal communication equipment due to the poor security protection level of the communication system network management network in related technologies. Technical issues with hidden dangers in network security operations.

上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above-mentioned embodiments of the present application are for description only and do not represent the advantages or disadvantages of the embodiments.

在本申请的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments of the present application, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, please refer to the relevant description of other embodiments.

在本申请所提供的几个实施例中,应该理解到,所揭露的技术内容,可通过其它的方式实现。其中,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,可以为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of the units may be a logical functional division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or may be Integrated into another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the units or modules may be in electrical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit. The above integrated units can be implemented in the form of hardware or software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including a number of instructions to enable a computer device (which can be a personal computer, server or network device, etc.) to perform all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage medium includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, disk or CD-ROM and other media that can store program codes.

以上所述仅是本申请的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本申请的保护范围。The above are only the preferred embodiments of the present application. It should be pointed out that for those of ordinary skill in the art, several improvements and modifications can be made without departing from the principles of the present application. These improvements and modifications can also be made. should be regarded as the scope of protection of this application.

Claims (10)

1.一种核心网架构,其特征在于,包括:第一数据中心模块和第二数据中心模块,其中,1. A core network architecture, comprising: a first data center module and a second data center module, wherein: 所述第一数据中心模块与所述第二数据中心模块相连,且所述第一数据中心模块与所述第二数据中心模块的组成单元相同,均包括:网管服务器和心跳网交换机;The first data center module is connected to the second data center module, and the first data center module and the second data center module have the same component units, both including: a network management server and a heartbeat network switch; 所述网管服务器,用于管理和监控核心网中的网络设备,并为用户提供业务服务;The network management server is used to manage and monitor network equipment in the core network, and provide business services to users; 所述心跳网交换机与所述网管服务器连接,且所述第一数据中心模块的所述心跳网交换机与所述第二数据中心模块的所述心跳网交换机连接,用于在所述第一数据中心模块和所述第二数据中心模块之间传递控制信息、配置信息和进行数据同步。The heartbeat network switch is connected to the network management server, and the heartbeat network switch of the first data center module is connected to the heartbeat network switch of the second data center module for controlling the first data Control information, configuration information and data synchronization are transmitted between the central module and the second data center module. 2.根据权利要求1所述的核心网架构,其特征在于,所述第一数据中心模块和所述第二数据中心模块中均包括客户端接入交换机,其中,2. The core network architecture according to claim 1, wherein the first data center module and the second data center module each include a client access switch, wherein, 所述客户端接入交换机均同时与所述第一数据中心模块的核心交换机,以及所述第二数据中心模块的核心交换机连接,所述客户端接入交换机用于为网管客户端提供接入服务。The client access switches are connected to the core switch of the first data center module and the core switch of the second data center module at the same time, and the client access switches are used to provide access services for the network management client. 3.根据权利要求2所述的核心网架构,其特征在于,所述网管客户端与所述客户端接入交换机连接,用于为目标对象提供对核心网中网络设备进行监控、管理和配置的前端交互界面。3. According to the core network architecture described in claim 2, it is characterized in that the network management client is connected to the client access switch to provide a front-end interactive interface for the target object to monitor, manage and configure the network equipment in the core network. 4.根据权利要求3所述的核心网架构,其特征在于,所述核心交换机通过业务交换机与所述网管服务器连接,用于负责转发所述核心网中的数据流量。4. The core network architecture according to claim 3, wherein the core switch is connected to the network management server through a service switch and is responsible for forwarding data traffic in the core network. 5.根据权利要求4所述的核心网架构,其特征在于,所述第一数据中心模块和所述第二数据中心模块中的所述业务交换机均同时与所述第一数据中心模块的核心交换机,以及所述第二数据中心模块的核心交换机连接,所述业务交换机用于实现对不同业务流量的转发和交换。5. The core network architecture according to claim 4, characterized in that the service switches in the first data center module and the second data center module are simultaneously connected to the core of the first data center module. The switch is connected to the core switch of the second data center module, and the service switch is used to forward and switch different service traffic. 6.根据权利要求3所述的核心网架构,其特征在于,所述第一数据中心模块的所述核心交换机和所述第二数据中心模块的所述核心交换机分别与一个负载均衡设备连接,且所述第一数据中心模块的所述核心交换机与所述第二数据中心模块的所述核心交换机之间相互连接,其中,所述负载均衡设备用于将网络流量均匀地分配到核心网中不同的服务器或网络设备。6. The core network architecture according to claim 3, wherein the core switch of the first data center module and the core switch of the second data center module are respectively connected to a load balancing device, And the core switch of the first data center module and the core switch of the second data center module are connected to each other, wherein the load balancing device is used to evenly distribute network traffic to the core network. Different servers or network devices. 7.根据权利要求6所述的核心网架构,其特征在于,所述第一数据中心模块的所述核心交换机和所述第二数据中心模块的所述核心交换机均同时与所述第一数据中心模块的出口路由和所述第二数据中心模块的出口路由连接,其中,所述出口路由用于连通核心网与外部网络。7. The core network architecture according to claim 6, characterized in that, the core switch of the first data center module and the core switch of the second data center module all communicate with the first data center module at the same time. The egress route of the central module is connected to the egress route of the second data center module, where the egress route is used to connect the core network and the external network. 8.根据权利要求7所述的核心网架构,其特征在于,所述第一数据中心模块的出口路由与所述第二数据中心模块的出口路由之间通过裸光纤进行互联。8. The core network architecture according to claim 7 is characterized in that the export route of the first data center module and the export route of the second data center module are interconnected through bare optical fiber. 9.根据权利要求7所述的核心网架构,其特征在于,所述核心交换机与所述出口路由之间进行连接的每条链路上均连接有边界防火墙,其中,所述边界防火墙用于监控和过滤进出核心网的网络流量。9. The core network architecture according to claim 7, characterized in that each link connecting the core switch and the egress route is connected to a border firewall, wherein the border firewall is used to Monitor and filter network traffic to and from the core network. 10.根据权利要求9所述的核心网架构,其特征在于,所述核心交换机与所述出口路由之间进行连接的每条链路上还均连接有纵向加密设备,其中,所述纵向加密设备用于对链路中传输的链路进行加密和解密。10. The core network architecture according to claim 9, characterized in that each link connecting the core switch and the egress route is also connected to a vertical encryption device, wherein the vertical encryption The device is used to encrypt and decrypt data transmitted over the link.
CN202322347882.6U 2023-08-30 2023-08-30 Core network architecture Active CN220693169U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202322347882.6U CN220693169U (en) 2023-08-30 2023-08-30 Core network architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202322347882.6U CN220693169U (en) 2023-08-30 2023-08-30 Core network architecture

Publications (1)

Publication Number Publication Date
CN220693169U true CN220693169U (en) 2024-03-29

Family

ID=90403985

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202322347882.6U Active CN220693169U (en) 2023-08-30 2023-08-30 Core network architecture

Country Status (1)

Country Link
CN (1) CN220693169U (en)

Similar Documents

Publication Publication Date Title
US11558293B2 (en) Network controller subclusters for distributed compute deployments
EP1891780B1 (en) Methods and devices for networking blade servers
US7941837B1 (en) Layer two firewall with active-active high availability support
US7483374B2 (en) Method and apparatus for achieving dynamic capacity and high availability in multi-stage data networks using adaptive flow-based routing
CN102984057B (en) A kind of Multi-service integration dual-redundancy network system
US20170111230A1 (en) Hybrid control/data plane for packet brokering orchestration
CN113645119B (en) A cloud-network integration architecture and Internet cafe cloud platform
EP3298737A1 (en) Method and system for site interconnection over a transport network
Shao et al. Accessing cloud with disaggregated {Software-Defined} router
CN118214731A (en) Core, convergence and access three-layer network system based on Infiniband network
JPWO2013146808A1 (en) Computer system and communication path changing method
JP2024109623A (en) Systems and methods for supporting heterogeneous and asymmetric dual-rail fabric configurations in high performance computing environments - Patents.com
Abdullahi et al. A review of scalability issues in software-defined exchange point (SDX) approaches: state-of-the-art
CN220693169U (en) Core network architecture
Verma et al. Effective VTP Model for Enterprise VLAN Security
CN116170389B (en) Service container drainage method, system and computer cluster
KR101202702B1 (en) Method for avoiding unicast flooding in a redundant network therfor network system
Algarni et al. SoftwareDefinedNetworking Overview and Implementation
CN119743378A (en) Communication method and device based on dynamic firewall in K8s cluster
Vadivelu et al. Design and performance analysis of complex switching networks through VLAN, HSRP and link aggregation
Fisher Investigation and Design of Software Defined Networking Applied to Storage Area Network Connectivity
CN114826822A (en) Multi-layer network security architecture method for iron and steel enterprise
CN106559322A (en) A kind of security protection gateway based on many Godson parallel processing architectures
Fang et al. Network Equipment Selection Scheme of University Informatization Construction
CN118827361A (en) A high availability method and system for cloud dedicated line based on SDN

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant