Geographically distributed VPN networks. Organization of corporate networks A corporate network unites

The possibility of connecting remote offices of a company to each other via secure communication channels is one of the most common tasks in building a distributed network infrastructure for companies of any size. There are several solutions to this problem:

Renting channels from a provider: A common and reliable option. The provider leases dedicated physical or logical communication channels. Such channels are often referred to as "point-to-point"

Advantages:

1. Ease of connection and use - maintenance of equipment and channels is entirely the responsibility of the provider;
2. Guaranteed channel width - the data transfer rate always corresponds to the one declared by the provider;

Flaws:

1. Security and control - the company cannot control the equipment on the provider's side.

Building your own (physical) communication backbones: A reliable and costly solution, since building a physical communication channel is entirely the responsibility of the company. With this solution, the company fully controls and maintains the constructed channels

Advantages:

1. Flexibility - the ability to deploy channels that meet all the necessary requirements;
2. Security and control - full control channel because it is owned by the company;

Flaws:

1. Deployment - building such private channels is a time-consuming and costly solution. Laying kilometers of optics along the poles can cost a round sum. Even if you do not take into account obtaining permits from all state. instances;
2. Maintenance – the maintenance of the channel is entirely the responsibility of the company, therefore, highly qualified specialists must be on staff to ensure its performance;
3. Low fault tolerance - external optical communication lines are often subject to unintentional damage (construction equipment, utilities, etc.). It may take several weeks for an optical link to be discovered and corrected.
4. Limited to one location - laying external optical communication lines is relevant only if the objects are located within a few tens of kilometers. Pulling a connection to another city for hundreds and thousands of kilometers is not possible for reasons of common sense.

Building a secure channel over the Internet (VPN): This solution is relatively budgetary and flexible. To unite remote offices, all you need is an Internet connection and network equipment with the ability to create VPN connections

Advantages:

1. Low cost - the company pays only for Internet access;
2. Scalability - to connect a new office, you need the Internet and a router;

Flaws:

1. Channel bandwidth - data transfer rate may vary (no guaranteed bandwidth);

This article will take a closer look at the last point, namely, what benefits VPN technology provides to businesses.
Virtual Private Network (VPN) - a set of technologies that provide a secure connection (tunnel) of two or more remote local networks through a public network (approx. Internet).

Unique Advantages of Wide Area VPNs

Protection of transmitted traffic: it is safe to transmit traffic through the VPN tunnel using strong encryption protocols (3DES, AES). In addition to encryption, data integrity and sender authentication are ensured, eliminating the possibility of information spoofing and connecting an attacker.

Connection reliability: leading equipment manufacturers are improving VPN connection technologies, providing automatic recovery VPN tunnels in the event of a momentary failure of the connection to the public network.
Mobility and ease of connection: you can connect to the company's local network from anywhere in the world and from almost any modern device (smartphone, Tablet PC, laptop), and the connection will be secure. Most multimedia device manufacturers have added VPN support to their products.

Redundancy and load balancing: if you use two providers when connecting to the Internet (for balancing / failover), then it is possible to balance VPN tunnel traffic between providers. In case of failure of one of the providers, the tunnel will use the backup connection.

Traffic prioritization: the ability to control traffic using QoS - prioritization of voice, video traffic in case of high load on the tunnel.

VPNs in business

Unified network

Consolidation of geographically distributed local networks of the company into a single network (connection of branches to the main office) greatly simplifies the interaction and data exchange within the company, reducing maintenance costs. Any corporate systems require a single network space for employees to work. It can be IP telephony, accounting and financial accounting systems, CRM, video conferencing, etc.

Mobile access

Regardless of the location of the employee, if there is an Internet connection and a laptop/smartphone/tablet, the employee can connect to the internal resources of the company. Thanks to this advantage, employees have the opportunity to perform work and quickly solve problems while away from the office.

Consolidation of networks of different companies

It is often necessary to unite the networks of business partners, and such an association can be organized both with and without restriction of access to the internal resources of each of the companies. This association simplifies the interaction between companies.

Remote management of IT infrastructure

Thanks to secure remote access to the equipment of the company's IT infrastructure, the administrator is able to quickly solve the tasks and respond to the problems that have arisen.

Quality of service

Video conferencing, IP telephony, and some other applications require a guaranteed bandwidth. Thanks to the use of QoS in VPN tunnels, for example, it is possible to combine IP telephony between a company's local network and a remote office.

Spheres of application of distributed VPN networks and corporate data transmission networks (CDTN)

After analyzing the requirements and tasks of organizations of various sizes, we have compiled an overall picture of the solutions for each of them. The following is a description of typical implementations of VPN technology in a company's network infrastructure.

Solutions for small business. Often the requirements for such a solution are the ability to connect remote users (up to 10) to an internal network and / or combine networks of several offices. Such solutions are simple and fast to deploy. For such a network, it is recommended to have a backup channel with a speed lower than or the same as that of the main one. The backup channel is passive and is used only if the main one is disabled (the VPN tunnel is automatically built over the backup channel). Reservation of edge equipment for such solutions is rarely used and often unreasonable.

Tunneled traffic - traffic internal applications(mail, web, documents), voice traffic.

Channel Reservation Needed: Medium

Need for equipment redundancy: low

Solutions for medium business. Along with the connection of remote employees (up to 100), the network infrastructure must ensure the connection of several remote offices. For such solutions, reservation of the Internet channel is mandatory, while the throughput of the backup channel must be comparable to the speed of the main channel. In many cases, the backup channel is active (load balancing is performed between the channels). It is recommended to reserve the equipment of critical network nodes (approx. central office border router). The topology of the VPN network is a star or partial mesh.

Need for equipment redundancy: Medium

Solutions for big business, a distributed network of branches. Such networks of sufficiently large scale are difficult to deploy and maintain. The topology of such a network in terms of organizing VPN tunnels can be: star, partial mesh, full mesh (the full mesh option is shown in the diagram). Channel redundancy is mandatory (more than 2 providers are possible), as well as equipment redundancy for critical network nodes. All or several channels are active. In networks of this level, leased physical channels (leased lines) or VPN provided by providers are often used. In such a network, it is necessary to provide maximum reliability and fault tolerance in order to minimize business downtime. Equipment for such networks is the flagship line of the enterprise class or provider equipment.

The traffic transmitted through the tunnel is the traffic of internal applications (mail, web, documents), voice traffic, video conferencing traffic.

Need for channel reservation: high

Need for equipment redundancy: high

Educational institutions. For educational institutions typical connection to the network control center. The volume of traffic is usually not high. Reservation requirements are set in rare cases.

Medical institutions. For medical institutions, there is an acute issue of reliability and high fault tolerance of communication channels and equipment. All branches of the wide area network use redundant channel-forming equipment and several providers.

Solutions for retail (shop chains). Store chains are distinguished by mass locations (it can be thousands of stores), and relatively low traffic to the main office (DPC). Reserving equipment in stores is most often not advisable. It is enough to reserve a connection to the provider (in the "second provider on the hook" format). However, the requirements for the equipment that is in the data center (head office) are high. Since this point terminates thousands of VPN tunnels. Constant monitoring of channels, reporting systems, compliance with security policies, etc. are required.

Implementation of distributed VPN networks and corporate data networks (CDTN)

The choice of the necessary equipment and the correct implementation of the service is a complex task that requires high expertise from the contractor. LanKey has been implementing the most complex projects for many years and has vast experience in such projects.

Examples of some projects for the implementation of KSPD and VPN implemented by LanKey

Customer	Description of work performed
	Equipment manufacturer: Juniper Solution: six remote branches of the company were connected to the main office using a star topology via secure communication channels.
	Solution: Connecting remote workers to corporate network resources via secure channels using Cisco Anyconnect technology.
	Hardware Manufacturer: Cisco Solution: Combining over a secure tunnel of the corporate network and cloud servers to provide employees various services(mail, document management, telephony). In addition, the solution allowed to connect to the corporate network and use cloud services remote employees.
	Hardware Manufacturer: Juniper Solution: connected to the Internet and built VPN tunnels in offices located in Moscow and Geneva.
	Hardware Manufacturer: Cisco Solution: Remote offices are united via a secure channel with fault tolerance by providers.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Hosted at http://www.allbest.ru/

Introduction

1. The design of modern corporate networks

2. Main characteristics of corporate computer networks

2.1 Network performance

2.2 Bandwidth

2.3 Reliability

2.4 Network manageability

2.5 Compatibility or integrability

2.6 Expandability and scalability

2.7 Transparency and assistance of different types of traffic

3. Organization of corporate networks

4. Stages of organization of computer networks

5. The role of the Internet in corporate networks

5.1 Potential dangers associated with connecting a corporate network to the Internet

5.2 Software and software-hardware methods of protection

Conclusion

Bibliography

INconducting

Our country is moving towards general computerization. The sphere of application of computers in the national economy, science, education, and everyday life is rapidly expanding. The production of computers is increasing from strong computers to PCs, small and microcomputers. But the probabilities of such computers are limited. Consequently, there is a need to combine such computers into an integral network, to connect them with large computers And computing centers, where the databases and data banks are located and where it is allowed in a limited time to make calculations of varying degrees of difficulty or to obtain the information stored there.

Now, any, even a small organization that has several computers, cannot imagine its functioning without computer networks.

Merging Separately standing computers in groups allowed us to obtain a number of advantages, including the collective use of expensive supercomputers, peripheral equipment, and so on. software computer traffic corporate

The network provided users with a large number of diverse sources, the opportunity to communicate and relax, surf the Internet, free calls to other countries, participation in trading on stock exchanges, the likelihood of making good money, etc.

The effective work of a firm, companies, enterprises of higher and secondary educational institutions today can no longer be realized without the use of technical means that allow optimizing production processes and learning processes, document management, office work.

At the present stage of the formation and use of corporate networks, such issues as assessing the productivity and quality of corporate networks and their components, optimizing existing or planned corporate networks have gained particular importance.

The performance and bandwidth of a corporate network is determined by a number of factors: the choice of servers and workstations, communication channels, network equipment, network data transfer protocol, network operating systems and operating systems of workstations, servers and their configurations, separating database files among servers in the network, organizing a distributed computing process, protecting, maintaining and correcting performance in case of failures and failures, etc.

In this course work, the task is to characterize corporate computer networks and their organization.

To achieve this goal in the course work, the following tasks are solved:

Objectives of the course work:

1. Disassemble the design of modern corporate networks.

2. Highlight the main characteristics of corporate computer networks:

3. Network performance

4. Bandwidth

5. Reliability

6. Network manageability

7. Compatibility or integrability

8. Expandability and scalability

9. Transparency and assistance of different types of traffic

10. Find out the organization of corporate networks.

11. Select the stages of organization of computer networks.

12. Description of the developed network

13. Designing an addressing scheme

14. Selection of active equipment

15. Switch selection

16. Choice of routers

17. Find out the role of the Internet in corporate networks:

18. Potential dangers associated with connecting a corporate network to the Internet:

19. Software and software-hardware methods of protection

1. TOdesign of modern corporate networks

Corporate network - it is a network, the main purpose of which is to support the work of a certain enterprise that owns this network. The users of the corporate network are only employees of the enterprise.

Corporate network- a communication system owned and/or operated by an organization in accordance with the rules of that organization. The corporate network differs from the network of, say, an Internet provider in that the rules for separating IP addresses, working with Internet sources, etc. are the same for the entire corporate network, while the provider controls only the backbone departments of the network, allowing its customers to independently manage their network departments, which can either be part of the provider's address space or be hidden by the network address translation mechanism behind one or more provider addresses.

The corporate network is considered as a complex system consisting of several interacting layers. At the base of the pyramid representing the corporate network lies a layer of computers - information storage and processing centers, and a transport subsystem (Fig. 1), providing high-quality transmission of information packets between computers.

Rice. 1. Norarchy of corporate network layers

A layer of network operating systems works on the transport system, it organizes the work of programs in computers and makes the resources of its computer available to the public through the transport system.

Different programs work on the operating system, but due to the main role of database management systems that store basic corporate information in a certain form and perform basic search operations on it, this class system applications allocated to a separate layer of the corporate network.

At the next level, there are system services that, using the DBMS as a tool for searching for the required information among the millions and billions of bytes stored on disks, provide users with this information in a form accessible for decision-making, and also perform some processing procedures that are common for enterprises of all types. information. These services include the WWW service, the system Email, systems of collective work and many others.

The upper level of the corporate network is represented by special software systems that implement tasks specific to a given enterprise or enterprises of a given type. Bank automation systems, accounting organization, computer-aided design, process control, etc. can serve as examples of such systems.

The ultimate goal of the corporate network is embodied in application programs ah of the top level, but for their successful operation, of course, it is necessary that the subsystems of other layers accurately perform their functions.

2. ABOUTmain characteristics of corporate computer networks

To corporate computer networks (Intranet), as well as to other types of computer networks, there are a number of requirements. The main requirement is that the network fulfill its main function: providing users with the potential probability of access to shared sources of all computers connected to the network. Other requirements are subordinated to the solution of this main task: performance, reliability, fault tolerance, security, manageability, compatibility, extensibility, scalability, transparency and support for different types of traffic.

2.1 Network performance

Network performance- one of the main properties of corporate networks. It is provided with the possibility of parallelizing work between several elements of the network. Network performance is measured using indicators of 2 types - temporal, which evaluate the delay introduced by the network when exchanging data, and throughput indicators, which reflect the amount of information transmitted by the network per unit of time. These two types of indicators are mutually inverse, and knowing one of them, you can calculate the other.

To assess the performance of the network, its main characteristics are used:

· reaction time;

throughput;

· transmission delay and transmission delay variation.

As a time characteristic of network productivity, such an indicator as reaction time is used. The term "reaction time" can be used in a very broad sense, therefore, in any particular case, it is necessary to clarify what is perceived by this term. In general, response time is defined as the time interval between the occurrence of a user request for some network service and the receipt of a result on given request as shown in fig. 2.1.

Rice. 2.1. Reaction time - interval between request and result

Obviously, the meaning and value of this indicator depends on the type of service that the user is accessing, on which user and which server is accessing, as well as on the current state of other network elements - the load on the sections through which the request passes, the load on the server, etc. .P.

The reaction time is made up of several components:

time of preparation of requests on the client computer;

time of transmission of requests between the customer and the server through network segments and intermediate communication equipment;

time of request processing on the server;

time of transfer of results from the server to the customer;

· processing time of results received from the server on the client computer.

Below are a few examples of the definition of the indicator "reaction time", illustrated rice. 2.2.

Rice. 2.2 Network performance indicators

In the first example, response time is the time that elapses from the moment the user accesses the FTP service to transfer a file from server 1 to client computer 1 until the end of this transfer. Obviously, this time has several components. A significant contribution is made by such components of the response time as: the processing time of requests for file transfer on the server, the processing time of the parts of the file received in IP packets on the client computer, the time of packet transmission between the server and the client computer via the Ethernet protocol within one coaxial segment.

For a more accurate assessment of network performance, it is rational to isolate from the response time the components corresponding to the stages of non-network data processing - searching for the required information on disk, writing it to disk, etc. The time resulting from such reductions can be considered another definition of network response time at the application layer.

Variants of this criterion can be the response times measured at different, but fixed network states:

1. Completely unloaded network. The response time is measured under conditions when only client 1 accesses server 1, that is, there is no other activity on the network segment connecting server 1 with client 1 - there are only frames of the FTP session on it, the performance of which is measured. In other network segments, traffic can circulate, the main thing is that its frames do not fall into the section in which measurements are taken. Because an unloaded section in a real network is an exotic phenomenon, this version of the efficiency indicator has limited applicability - its excellent values ​​​​only indicate that the software and data hardware of 2 nodes and the segment have the necessary efficiency to work in light conditions.

2. Loaded network. This is the most exciting case of testing the effectiveness of FTP service for a specific server and client. However, when measuring the productivity criterion in conditions when other nodes and services are operating in the network, there are some difficulties - there may be too many load options in the network, therefore, when determining criteria of this kind, measurements are taken under certain typical network operating conditions. Since network traffic is pulsatile and traffic characteristics change significantly depending on the time of day and day of the week, determining the typical load is a difficult procedure that requires long measurements on the network. If the network is just being developed, then the calculation of the typical load becomes more complicated.

In the second example, the network productivity criterion is the delay time between the transmission of an Ethernet frame to the network by the network adapter of the client computer 1 and its arrival at the network adapter of the server 3. This criterion also refers to criteria of the "response time" type, but corresponds to the service of the lower - link layer. Because the Ethernet protocol is a datagram type protocol, that is, connectionless, for which the definition of "response" is not defined, then under the response time in this case is perceived the time it takes for a frame to travel from the source node to the destination node. The frame transmission delay in this case includes the frame propagation time along the initial segment, the frame transmission time by the switch from section A to section B, the frame transmission time by the router from section B to section C, and the frame transmission time from section C to section D by the repeater. The criteria related to the lower level of the network perfectly characterize the quality of the transport service of the network and are more informative for network integrators, because they do not contain redundant information about the operation of the upper layer protocols.

When evaluating network productivity, not in relation to individual pairs of nodes, but to each node in the aggregate, two types of criteria are applied: weighted average and threshold.

Medium- suspended the criterion is the sum of the reaction times of all or some nodes when interacting with all or some network servers for a specific service, that is, the sum of the form:

(?i?jTij)/(nxm),

Where T ij- reaction time i - th customer when contacting j - mu server n - number of clients m- number of servers. If averaging is also performed over services, then one more summation will be added in the above expression - over the number of considered services. Optimization of the network according to this criterion consists in finding the parameter values ​​for which the criterion has a minimum value, or at least does not exceed a given number.

The threshold criterion reflects the worst response time for each valid combination of clients, servers, and services:

maxijkTijk,

Where i And j have the same meaning as in the first case, and k indicates the type of service. Optimization can also be performed with the aim of minimizing the criterion, or in order to achieve some given value, which is recognized as reasonable from a practical point of view.

2.2 Bandwidth

Bandwidth- reflects the amount of data transmitted by the network or part of it per unit of time. Distinguish between average, instantaneous and maximum throughput.

The average throughput is calculated by dividing the total amount of data transferred by the time of their transfer, and a rather long time interval is selected - an hour, a day, or a week.

The instantaneous throughput differs from the average throughput in that a very small time interval is chosen for averaging - say, 10 ms or 1 s.

The maximum throughput is the highest instantaneous throughput recorded during the tracking period.

The main task for which any network is built is the rapid transfer of information between computers. Therefore, the criteria related to the bandwidth of the network or part of the network perfectly reflect the quality of the network's performance of its main function.

There is a huge number of options for defining criteria of this type, as well as in the case of criteria of the "reaction time" class. These options may differ from each other: the chosen unit of measurement of the number of transmitted information, the nature of the considered data - only user or user together with service ones, the number of points for measuring the transmitted traffic, the method of averaging the totals per network in the aggregate. Let's take a look different methods construction of the throughput criterion in detail.

Criteria that differ in the unit of measurement of transmitted information. Packets (or frames, further these terms will be used as synonyms) or bits are traditionally used as a unit of measurement for transmitted information. Therefore, throughput is measured in packets per second or bits per second.

Since computer networks operate according to the thesis of packet switching (or frames), then measuring the number of transmitted information in packets makes sense, especially since the throughput of communication equipment operating at a channel level and higher is also measured in packets per second more often. However, due to the variable packet size (this is common to all protocols except for ATM, which has a fixed packet size of 53 bytes), measuring throughput in packets per second is associated with some uncertainty - which protocol packets and what size do you mean? Most often, they mean Ethernet protocol packets, as the most common, having the smallest protocol size of 64 bytes. Packets of the minimum length are chosen as reference ones because they create the most significant mode of operation for the communication equipment - the computational operations performed with any incoming packet depend slightly on its size, therefore, per unit of information transferred, the processing of a packet of the minimum length requires perform significantly more operations than for a packet of maximum length.

Measurement of throughput in bits per second (for local networks, speeds measured in millions of bits per second - Mb / s are more typical) gives a more accurate estimate of the speed of transmitted information than when using packets.

Criteria that differ in consideration service information. Any protocol has a header that carries service information and a data field that carries information that is considered user information for this protocol. Let's say, in the Ethernet protocol frame of the smallest size, 46 bytes (out of 64) are a data field, and the remaining 18 are service information. When measuring throughput in packets per second, separate user information from a service one is unthinkable, but with a bit-by-bit measurement it is possible.

If the throughput is measured without dividing the information into user and service, then in this case it is impossible to set the task of choosing a protocol or protocol stack for a given network. This is due to the fact that even if, when replacing one protocol with another, we get a high throughput network, this does not mean that the network will work faster for end users - if the share of service information per unit of user data is different for these protocols, then it is allowed to prefer a slower version of the network as optimal.

If the protocol type does not change when setting up the network, then criteria can be applied that do not separate user data from the general stream.

When testing network throughput at the application level, it is easier to measure throughput using user data. To do this, it is enough to measure the time it takes to transfer a file of a certain size between the server and the client and divide the file size by the resulting time. To measure overall throughput, special measurement tools are needed - protocol analyzers or SNMP or RMON agents built into operating systems, network adapters or communication equipment.

Criteria that differ in the number and location of measurement points. Bandwidth can be measured between any two nodes or network points, say, between client computer 1 and server 3 from the example shown in fig. 2.2. In this case, the resulting throughput values ​​will change under the same network operating conditions, depending on which two points are being measured between. Because a huge number of user computers and servers are working on the network at the same time, the complete data on network bandwidth is provided by a set of bandwidths measured for different combinations of interacting computers - the so-called network node traffic matrix. There are special measurement tools that fix the traffic matrix for the entire network node.

Due to the fact that in networks data on the way to the destination node traditionally passes through several transit intermediate stages of processing, the bandwidth of a separate intermediate network element - a separate channel, segment or communication device can be considered as a performance criterion.

Knowing the entire throughput between two nodes cannot give complete information about the acceptable ways of its increase, because from the general figure it is impossible to realize which of the intermediate stages of packet processing slows down the network the most. Therefore, data on the throughput of individual elements of the network can be useful for deciding on methods for optimizing it.

In this example, packets on the way from client computer 1 to server 3 pass through the following intermediate network elements:

AR segment Switch R segment BR Router R segment CR Repeater R segment D.

Each of these elements has a certain bandwidth, therefore, the total network bandwidth between computer 1 and server 3 will be equal to the minimum of the bandwidth of the route elements, and the transmission delay of one packet (one of the options for determining the response time) will be equal to the sum of the delays introduced by any element. To increase the throughput of a multipart path, you should first of all pay attention to the slowest elements - in this case, this element will most likely be a router.

It is necessary to define the overall network bandwidth as the average amount of information transferred between all network nodes per unit of time. The total network throughput can be measured in both packets per second and bits per second. When dividing the network into sections or subnets, the total network bandwidth is equal to the sum of the bandwidths of the subnets plus the bandwidth of inter-segment or inter-network links.

The transmission delay is defined as the delay between the moment a packet arrives at the input of some network device or part of the network and the moment it appears at the output of this device.

2.3 Reliability

Reliability is the ability to work faithfully for an extended period of time. This quality has three components: the actual safety, readiness and convenience of the service.

The increase in safety lies in the prevention of malfunctions, failures and failures through the use of electronic circuits and components with a high degree of integration, reducing the level of interference, lighter modes of operation of circuits, providing thermal conditions for their operation, as well as by improving the methods of assembling equipment. Reliability is measured by failure rate and mean time between failures. The reliability of networks as distributed systems is largely determined by the safety of cable systems and switching equipment - connectors, cross panels, switching cabinets, etc., providing the actual electrical or optical connectivity of individual nodes to each other.

Increased availability involves suppression, within certain limits, of the impact of failures and failures on the operation of the system with the support of error control and correction tools, as well as means of mechanically restoring the circulation of information in the network after a malfunction is detected. Increasing availability is a struggle to reduce system downtime.

The criterion for evaluating readiness is the readiness indicator, which is equal to the proportion of time the system is in a working state and can be interpreted as the probability of the system being in a working state. Availability is calculated as the ratio of the mean time between failures to the sum of the same value and the mean recovery time. Systems with high availability are also called fault-tolerant.

The main method of increasing availability is redundancy, on the basis of which different variants of fault-tolerant architectures are implemented. Computing networks include a huge number of elements of different types, and to ensure fault tolerance, redundancy is needed throughout all of the key elements of the network.

If we consider the network only as a transport system, then redundancy should exist for all backbone routes of the network, that is, routes that are common to a large number of network clients. Such routes are traditionally routes to corporate servers - database servers, Web servers, mail servers and so on. Therefore, in order to organize fault-tolerant operation, all elements of the network through which such routes pass must be reserved: there must be backup cable connections that can be used if one of the main cables fails, all communication devices on the main routes must either be implemented according to a fault-tolerant scheme with redundancy of all its main components, or a redundant similar device must be available for the entire communication device.

The transition from the main connection to the backup or from the main device to the backup can proceed both in mechanical mode and manually, with the participation of the administrator. Apparently, a mechanical transition increases the system availability indicator, because the network downtime in this case will be much less than with human intervention. To perform mechanical reconfiguration procedures, you need to have intelligent communication devices on the network, as well as a centralized control system that helps devices recognize network failures and respond appropriately to them.

A high degree of network availability can be ensured when the procedures for testing the operability of network elements and switching to redundant elements are built into communication protocols. An example of this type of protocol is the FDDI protocol, in which the physical links between the nodes and hubs of the network are continuously tested, and in case of failure, the links are mechanically reconfigured using a secondary backup ring.

There are also special protocols that support network fault tolerance, for example, the SpanningTree protocol, which performs a mechanical transition to redundant links in a network built on the basis of bridges and switches.

There are different gradations of fault-tolerant computer systems, which include computer networks. Here are some commonly accepted definitions:

· high availability (high availability) - characterizes systems, executed by traditional computer special technology, using redundant hardware and software and allowing correction time in the range from 2 to 20 minutes;

· fault tolerance (faulttolerance) - a characteristic of such systems that have in stock redundant hardware for all functional units, including processors, power supplies, input / output subsystems, disk memory subsystems, and the recovery time in case of failure does not exceed one second;

continuous availability is the quality of systems that also provide recovery time within one second, but unlike systems tolerant of failures, continuous availability systems eliminate not only downtime resulting from failures, but also planned downtime associated with upgrade or maintenance of the system. All these works are carried out in online mode. An additional requirement for systems of constant availability is the absence of degradation, that is, the system must maintain a continuous level of functional probabilities and efficiency regardless of the origin of failures.

Basic for the theory of safety are the snags of reliability analysis and synthesis. The first is to quantify the safety of an existing or planned system in order to determine whether it meets the requirements. The purpose of reliable synthesis is to provide the required level of system security.

To assess the safety of difficult systems, a further set of characteristics is used:

· Readiness or readiness indicator (availability) - indicates the proportion of time during which the system can be used. Availability can be improved by introducing redundancy into the system design. In order for the network to be classified as highly reliable, it must at least have high availability, it is necessary to ensure the safety of data and protect them from distortion, the consistency (consistency) of data must be maintained (say, if, in order to increase security on several file servers multiple copies of the data are stored, it is necessary to continuously ensure their identity).

· Security (security) - the ability of the system to protect data from unauthorized access.

· Fault tolerance. In networks, fault tolerance is perceived as the ability of a system to hide from the user the failure of its individual elements. In a fault-tolerant system, the failure of one of its elements leads to some decrease in the quality of its work (degradation), and not to a complete stop. Collectively, the system will continue to perform its functions;

· Probability of delivering the packet to the destination node without distortion.

Along with this characteristic, other indicators can be used:

the probability of packet loss;

the probability of distortion of a single bit of transmitted data;

The ratio of lost packages to those delivered.

The basis of the security of all corporate networks is the security of communication networks (CC), but ensuring high security is not an end in itself, but is a means of achieving maximum network performance. The level of security at which the maximum CC performance indicator is achieved is optimal for it. This level is determined by many factors, including: the purpose of the SS, its design, the amount of losses caused by the loss of a service request, the control algorithms used, the level of safety of the SS elements, their cost, operating data, etc. Best Level The security of the SS is determined at the stage of system design of a high-order system, in which the SS is included as a subsystem.

Ensuring the required level of security at the stage of managing the present SS is first solved with the aim of using internal sources of the network for this, without the entry of structural redundancy, and is reduced to the formation of a set of routes for the entire gravitating pair, providing the required level of security.

The formation of a set of routes is carried out iteratively, and at each step, for the set formed by the beginning of this step, the probability of a successful implementation of the session is calculated. If this probability is not less than the desired one, the process ends.

The formation of the initial set of routes can be carried out in two ways:

- 1st is that the user includes in it the routes selected by him on the basis of some criterion, say, based on the previous experience of their use.

The 2nd method is used when the user is not likely to form this set independently. In this case, a certain number (traditionally no more than ten) of correct routes is selected, from which the user chooses a subset at his own discretion. If the security index of the subnetwork formed in this way is smaller than the required one, especially correct routes are selected from the remaining set (perhaps, one), the connectivity probability provided in this case is estimated, etc.

2.4 Network manageability

Network manageability- this is the ability to centrally monitor the status of the main elements of the network, identify and resolve problems that arise during the operation of the network, perform a productivity review and plan the development of the network. That is, the presence of probabilities for the interaction of maintenance personnel with the network in order to assess the health of the network and its elements, configure parameters and make changes to the process of network operation.

A great management system monitors the network and, when it finds a problem, takes action, fixes the situation, and notifies the administrator what happened and what steps were taken. At the same time, the control system must accumulate data on the basis of which it is possible to plan network developments.

The control system must be independent from the manufacturer and have a comfortable interface that allows you to perform all actions from one console.

The International Organization for Standardization (ISO) has defined the following five categories of management that a network management system should include:

· Configuration management. Within this category, the parameters that determine the state of the network are established and controlled;

· Fault handling. There is network detection, isolation, and troubleshooting;

· Accounting management. Main functions - recording and issuing information about the correction of network sources;

· Performance management. This is where the speed at which the network transmits and processes data is reviewed and controlled;

· Security management. The main functions are control of access to network sources and protection of information circulating in the network.

2.5 Compatibility or integrability

Compatibility or integrability means that the network is capable of including a wide variety of software and hardware, that is, it can coexist with different operating systems that support different stacks of communication protocols, and run hardware and applications from different manufacturers.

A network consisting of heterogeneous elements is called heterogeneous or heterogeneous, and if a heterogeneous network works without tasks, then it is integrated.

2.6 Expandability and scalability

Extensibility denotes the probability of relatively easy addition of individual network elements (users, computers, applications, services), increasing the length of the network elements and replacing the existing equipment with a stronger one. It is firmly significant that the ease of stretching the system occasionally can be provided in some extremely limited limits. Let's say an Ethernet local area network built on the basis of one segment of a thick coaxial cable, has excellent extensibility, in the sense that it allows you to easily connect new stations. However, such a network has a limit on the number of stations - their number should not exceed 30-40. True, the network allows physical connection to the segment and more stations (up to 100), but this most often greatly reduces the efficiency of the network. The presence of such a limitation is a sign of poor system scalability with excellent extensibility.

Scalability means that the network can increase the number of nodes and the length of connections over a wide range, while the network efficiency does not deteriorate. To ensure network scalability, it is necessary to use additional communication equipment and structure the network in a special way.

For example, a multi-segment network built using switches and routers and having a hierarchical link structure has excellent scalability. Such a network can include several thousand computers and at the same time provide all network users with the required quality of service.

2.7 Transparency and assistance of different types of traffic

Transparency- this is the quality of the network to hide the details of its internal device from the user, thereby simplifying his work on the network.

Network transparency is achieved when the network is presented to users not as a set of separate computers interconnected by a complex system of cables, but as an integral traditional computer with a time distribution system.

Support for different types of traffic - the main characteristic of the network, which determines its probabilities. There are such types of traffic as:

computer data traffic;

• traffic of multimedia data representing speech and video images in digital form.

Networks that use these two types of traffic are used for organizing video conferencing, education and entertainment based on video films, etc. Such networks are significantly complex in their software and hardware and in their organization of operation in comparison with networks where only computer data traffic or only multimedia traffic is transmitted and processed.

The traffic of computer data is characterized by a very uneven intensity of messages entering the network in the absence of strict requirements for the synchronism of the delivery of these messages. All computer communication algorithms, related protocols and communication equipment were designed specifically for this "pulsating" nature of traffic. The need to transmit multimedia traffic requires fundamental changes in both protocols and equipment. Virtually all new protocols today provide support for multimedia traffic to one degree or another.

3. Organization of corporate networks

When developing a corporate network, it is necessary to take all measures to minimize the amount of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process the information transferred over it.

Applications are perceived as system software - databases, mail systems, computing sources, file services, and more - as well as tools with which the final user works.

The main tasks of the corporate network are the interaction of system applications located in different nodes, and access to them by remote users.

The first task that needs to be solved when creating a corporate network is the organization of communication channels. If within one city it is allowed to count on the lease of leased lines, including high-speed ones, then when moving to geographically remote nodes, the cost of leasing channels becomes primitively astronomical, and their quality and safety often turn out to be extremely low. On fig. Figure 3.1 shows a corporate network as an example, including local and regional networks, public access networks and the Internet.

The natural solution to this snag is to use existing global networks. In this case, it is enough to provide channels from offices to the nearest network nodes. In this case, the global network will take over the task of delivering information between nodes. Even when creating a small network within one city, one should keep in mind the possibility of subsequent expansion and use special technologies that are compatible with existing global networks. Often the first, if not the only such network that comes to mind is the Internet.

Rice. 3.1. Combining different network communication channels into a corporate network.

On fig. 3.2. several topologies of local networks are given.

Rice. 3.2. Methods for connecting computers to a network.

Every, even the tiniest, network must have a manager (Supervisor). This is a person (or a group of persons) who set it up and ensure smooth operation. Managers' tasks include:

distribution of information among working groups and between certain customers;

Creation and support of a universal data bank;

protection of the network from unauthorized penetration, and protection of information from damage, etc.

If we touch on the technical aspect of building a local computer network, then it is possible to single out the following elements:

· Interface board in users' computers. This is a device for connecting a computer to a shared LAN cable.

· Cabling. With the support of special cables, a physical connection is organized between devices on a local network.

· LAN protocols. In general, protocols are programs that allow data to be transported between devices connected to a network. On fig. 3.3. schematically shows the rule of operation of any protocol, local network or Internet network:

Rice. 3.3. The rule for transmitting data over the network.

network operating system. This is a program that is installed on a file server and serves to provide an interface between users and data on the server.

· File server. It serves to store and host programs and data files that are used for shared user access.

· Network printing. It allows many users on a local network to share one or more printing devices.

· Local network protection. Network security is a set of methods used to protect data from damage by unauthorized access or some kind of accident.

· Bridges, gateways and routers. They allow networks to be interconnected.

· Local network management. This is all that relates to the tasks of the manager listed earlier.

The core function of any local network is the sharing of information between certain workers, so that two data are performed:

1. Any information must be protected from its unauthorized use. That is, any employee should work only with the information to which he has rights, regardless of the computer on which he entered the network.

2. Working in the same network and using the same technical means of data transmission, network clients are obliged not to interfere with each other. There is such a representation as network load. The network must be built in such a way that it does not fail and work fairly quickly with any number of customers and requests.

4. Stages of organization of computer networks

Computer networks it is better to represent in the form of a three-level hierarchical model. This model includes the following three levels of hierarchy:

- kernel level;

- separation level;

- access level.

The kernel layer is responsible for high-speed transmission of network traffic. The primary calling of network nodes is packet switching. In accordance with these theses, it is forbidden to introduce various special technologies on kernel-level devices, such as, say, access lists or rule-based routing, which interfere with rapid packet switching.

At the split layer, routes are summarized and traffic is aggregated. Route summation refers to the representation of several networks as one huge network with a short mask. Such summation makes it possible to reduce the routing table in devices at the kernel level, as well as to isolate the metamorphoses that occur within a huge network.

The access level is needed to generate network traffic and control access to the network. Access level routers are used to connect individual users (access servers) or individual local networks to the general computer network.

When designing a computer network, two requirements must be met: structuredness and redundancy.

The first requirement implies that the network must have a certain hierarchical structure. First of all, this refers to the addressing scheme, which must be designed in such a way that the summation of subnets can be carried out. This will reduce the routing table and hide topology metamorphosis from routers of higher levels.

Redundancy refers to the creation of alternate routes. Redundancy improves network security. At the same time, it creates a difficulty for addressing.

Description of the developed network

A mixed topology is chosen, which includes the topologies of a hierarchical star, a ring, "each with each".

The core level is the organization's three central offices located in different cities. The routers of these nodes - core routers (A, B, C) - are interconnected by means of special technology of IP-VPN MPLS global networks, forming a ring core of the network with redundant paths. A group of servers and router X are connected to each of the core routers through a switch, forming a demilitarized zone through which Internet access is provided. Connected to the core B router via a switch corporate servers. Separation-level functions will be performed by energetic kernel-level devices. Campus networks that make up the access layer are connected to each core-level router through campus routers and special technology of wide area networks IP-VPN MPLS. The entire campus consists of three buildings, the total number of jobs in which is determined according to the task.

The access layer router installed on all campuses is connected to the local network through the campus switch. The campus servers and the building switch are connected to the same switch. Switches of working groups are connected to switches of buildings. The topology of the designed network is shown in fig. 4.1.

Rice. 4.1. Topology of the designed network

Designing an addressing scheme

The address scheme is developed in accordance with the hierarchical thesis of computer network design.

The addressing scheme must allow address aggregation. This means that lower layer network addresses must be within the range of the higher layer network with a larger mask. In addition, it is necessary to provide for the possibility of stretching the address space on all tiers of the hierarchy.

The network is divided into three regions. Each region contains no more than 50 campuses. Each campus has no more than 10 departments, each of which is issued a subnet. At the bottom level of the hierarchy are host addresses, in the entire division there are no more than 200 hosts.

To distribute addresses within the designed corporate network, we use the 10.0.0.0 range, which has the largest capacity (24 bits of the address space).

Separation of bits in the IP address of the designed corporate network is shown in fig. 4.2 and in table 4.1.

Rice. 4.2. Separating bits in an IP address

Table 4.1. Separating bits in an IP address

The address ranges of the regions are shown in Table 4.2, the campus addresses for the second region - in Table 4.3 (for other regions, the addresses are constructed similarly), for the addresses of subdivisions of the second region of the first campus are shown in Table 4.4. Example host addresses are shown in Table 4.5. Other addresses are calculated similarly.

Table 4.2. Region address ranges

	binary code	Address range
		10.32.0.1 - 10.63.255.254/12
		10.64.0.1 - 10.95.255.254/12
		10.96.0.1-10.127.255.254/12
		10.128.0.1 - 10.143.255.254/12

Table 4.3. Campus address ranges for the second region

	binary code	Address ranges
		10.32.33.1 - 10.32.42.254
		10.32.65.1 - 10.32.74.254
		10.32.97.1-10.32.106.254
		10.38.65.1-10.38.74.254

Table 4.4. Unit address ranges for the second region of the first campus

Subdivision	binary code	Address range
		10.32.33.1 - 10.32.33.254
		10.32.34.1 - 10.32.34.254
		10.32.35.1-10.32.35.254
		10.32.42.1-10.32.42.254

Table 4.5. Host Address Examples

Table 4.6. Service network addresses

Selection of active equipment

Active equipment is selected in accordance with the requirements of the network being designed, taking into account the type of equipment (switch or router), its characteristics - the number and type of interfaces, supported protocols, bandwidth. Should be preferred:

- network core routers;

- campus routers;

- Internet access routers;

- campus switches;

- building switches;

- switches of working divisions.

Switch selection

Workgroup switches are used to connect computers directly to a network. This group of switches does not require high switching speed, routing support, or other additional features.

Enterprise-level switches are used to combine workgroup switches into a single network. Since traffic from many users passes through these switches, they must have a high switching speed. These switches also perform the functions of routing traffic between virtual subnets.

Choice of routers

Core routers are designed to quickly route all data flows coming from the lower tiers of the network hierarchy. These are modular routers with high speed interface modules.

Internet access routers for connecting small local networks to a public one. These are small modular routers, with interfaces for connecting to both local and public networks. In addition to routing packets, such devices perform additional functions, such as, say, traffic filtering, VPN organization, etc.

5. The role of the Internet in corporate networks

If we look inside the Internet, we will see that information passes through a large number of, of course, independent and for the most part non-commercial nodes, connected through the most diverse channels and data transmission networks. The insane growth of services provided on the Internet leads to an overload of nodes and communication channels, which drastically reduces the speed and security of information transfer. At the same time, Internet service providers do not bear any responsibility for the functioning of the network in the aggregate, and communication channels progress very unevenly and mainly where the state considers it necessary to invest in it. In addition, the Internet binds users to one protocol - IP (InternetProtocol). It's great when we use standard applications working with this protocol. The use of other systems with the Internet turns out to be difficult and expensive.

...

Similar Documents

Virtualized 5G network architecture. Requirements for the fifth generation of networks. Network bandwidth, the number of simultaneous connection of devices. Potential technologies in the 5G standard. The future of medicine with the development of 5G. 5G in the evolution of cars.

abstract, added 12/21/2016


Signs of corporate product. Features and specifics of corporate networks. A layer of computers (information storage and processing centers) and a transport subsystem for transferring information packets between computers at the core of a corporate network.

test, added 02/14/2011


Classification of computer networks. Purpose of a computer network. The main types of computer networks. Local and global computer networks. Ways to build networks. peer-to-peer networks. Wired and wireless channels. Data transfer protocols.

term paper, added 10/18/2008


The essence and classification of computer networks according to various criteria. Network topology - a scheme for connecting computers to local networks. Regional and corporate computer networks. Internet networks, WWW concept and Uniform Resource Locator URL.

presentation, added 10/26/2011


Basic information about corporate networks. VPN organization. Implementation of VPN technologies in the corporate network and their comparative evaluation. Creation of a corporate network monitoring complex. Monitoring the status of servers and network equipment. Traffic accounting.

thesis, added 06/26/2013


The concept and main characteristics of a local area network. Description of the typology "tire", "ring", "star". Studying the stages of network design. Traffic analysis, creation of virtual local computer networks. Estimation of total economic costs.

thesis, added 07/01/2015


Application of network technologies in management activities. The concept of a computer network. The concept of open information systems. Benefits of combining computer networks. Local computer networks. Global networks. International network INTERNET.

term paper, added 04/16/2012


Principles of organization of local networks and their hardware. Basic exchange protocols in computer networks and their technologies. network operating systems. Information security planning, structure and economic calculation of the local network.

thesis, added 01/07/2010


Architecture and topology of IP networks, principles and stages of their construction. The main equipment of corporate IP networks of backbone and local levels. Routing and scalability in internetworks. Analysis of campus network design models.

thesis, added 03/10/2013


Internet. Internet protocols. How the Internet works. Application programs. Opportunities on the Internet? Legal regulations. Politics and the Internet. Ethics and the private commercial Internet. Security considerations. The volume of the Internet.

Introduction. From the history of network technologies. 3

The concept of "Corporate networks". Their main functions. 7

Technologies used in the creation of corporate networks. 14

The structure of the corporate network. Hardware. 17

Methodology for creating a corporate network. 24

Conclusion. 33

List of used literature. 34

Introduction.

From the history of network technologies.

The history and terminology of corporate networks is closely related to the history of the birth of the Internet and the World Wide Web. Therefore, it does not hurt to remember how the very first network technologies appeared, which led to the creation of modern corporate (departmental), territorial and global networks.

The Internet began in the 1960s as a project of the US Department of Defense. The increased role of the computer brought to life the need to both share information between different buildings and local networks, and maintain the overall performance of the system when individual components fail. The Internet is based on a set of protocols that allow distributed networks to direct and transmit information to each other independently; if one network node is unavailable for some reason, the information reaches the final destination through other nodes, which in this moment in working order. The protocol developed for this purpose is called the Internetworking Protocol (IP). (The acronym TCP/IP stands for the same.)

Since then, the IP protocol has become accepted by the military as a way to make information publicly available. Since many projects of these departments were carried out in various research groups at universities around the country, and the way information was exchanged between heterogeneous networks proved to be very effective, the application of this protocol quickly went beyond the military departments. It began to be used in NATO research institutes and universities in Europe. Today, the IP protocol, and hence the Internet, is the global standard.

In the late eighties, the Internet faced new problem. Initially, information was either emails, or simple data files. Corresponding protocols were developed for their transfer. Now, however, a number of new types of files have emerged, usually united by the name multimedia, containing both images and sounds, as well as hyperlinks that allow users to navigate both within a single document and between different documents containing related information.

In 1989, the Particle Physics Laboratory of the European Center for Nuclear Research (CERN) successfully launched a new project, the goal of which was to create a standard for transmitting this kind of information over the Internet. The main components of this standard were multimedia file formats, hypertext files, and a protocol for receiving such files over the network. The file format was named HyperText Markup Language (HTML). It was a simplified version of common standard Standard General Markup Language (SGML). The request service protocol is called HyperText Transfer Protocol(HTTP). On the whole it looks in the following way: The server running the HTTP daemon (HTTP demon) sends HTML files upon request from Internet clients. These two standards formed the basis for a fundamentally new type of access to computer information . Standard multimedia files can now not only be received at the user's request, but also exist and be displayed as part of another document. Since the file contains hyperlinks to other documents that may be on other computers, the user can access this information with a light click of the mouse. This fundamentally removes the complexity of accessing information in a distributed system. Multimedia files in this technology are traditionally called pages. A page is also called information that is sent to the client machine in response to each request. The reason for this is that a document usually consists of many individual parts linked together by hyperlinks. Such a partition allows the user to decide which parts he wants to see in front of him, saves his time and reduces network traffic. The software product that the user directly uses is usually called a browser (from the word browse - graze) or a navigator. Most of them allow you to automatically get and display a specific page that contains links to documents that the user accesses most often. This page is called home page (home), to access it usually provides a separate button. Each non-trivial document is usually supplied with a special page, similar to the "Contents" section in a book. This is usually where the study of a document begins, which is why it is also often referred to as the home page. Therefore, in general, a home page is understood as some index, an entry point into information of a certain type. Usually the name itself includes a definition of this section, for example, the Microsoft Home Page. On the other hand, each document can be accessed from many other documents. The entire space of documents referring to each other on the Internet is called the World Wide Web (acronyms WWW or W3). The document system is completely distributed, and the author does not even have the opportunity to trace all the links to his document that exist on the Internet. The server providing access to these pages can log all those who read such a document, but not those who link to it. The situation is the reverse of the existing printed matter in the world. Many research fields have periodic indexes of articles on a particular topic, but it is impossible to track all those who read a given document. Here we know those who read (had access to) the document, but we do not know who referred to it. Another interesting feature is that with this technology it becomes impossible to keep track of all the information available via the WWW. Information appears and disappears continuously, in the absence of any central control. However, this should not be scared, the same thing happens in the world of printed matter. We do not try to hoard old newspapers if we have fresh ones every day, and the effort is negligible.

Client software products that receive and display HTML files are called browsers. The first of the graphical browsers was called Mosaic, and it was made at the University of Illinois (University of Illinois). Many of the modern browsers are based on this product. However, due to the standardization of protocols and formats, any compatible software product can be used. Viewers exist on most major client systems capable of supporting smart windows. These include MS/Windows, Macintosh, X-Window systems, and OS/2. There are also viewing systems for those operating systems where windows are not used - they display text fragments of documents that are being accessed.

The presence of viewers on such heterogeneous platforms is of great importance. The operating environments on the author's machine, server and client are independent of each other. Any client can access and view documents created using HTML and related standards and transmitted through an HTTP server, regardless of the operating environment in which they were created or where they came from. HTML also supports form design and feedback features. It means that user interface allows you to go beyond point-and-click when both querying and retrieving data.

Many stations, including Amdahl, have written interfaces for interaction between HTML forms and older applications, creating a universal client-side user interface for the latter. This makes it possible to write client-server applications without thinking about client-level coding. In fact, programs are already emerging that treat the client as a viewing system. An example is Oracle's WOW interface, which replaces Oracle Forms and Oracle Reports. Although this technology is still very young, it is already able to change the situation in the field of information management as much as the use of semiconductors and microprocessors at one time changed the world of computers. It allows us to turn functions into separate modules and simplify applications, taking us to a new level of integration that is more in line with the business functions of the enterprise.

Information overload is the bane of our time. The technologies that were created to alleviate this problem only made it worse. This is not surprising: it is worth looking at the contents of the wastebaskets (regular or electronic) of an ordinary employee dealing with information. Even apart from the inevitable heaps of advertising "garbage" in the mail, most of the information is sent to such an employee just "just in case" he needs it. Add to this "out of time" information that you will most likely need, but later - and here you have the main contents of the trash can. An employee is likely to store half of the information that "may be needed" and all the information that is likely to be needed in the future. When the need arises, he will have to deal with a cumbersome, poorly structured archive personal information, and at this stage additional difficulties may arise due to the fact that it is stored in files of different formats on different media. The advent of photocopiers made the situation with information "which may suddenly be needed" even worse. The number of copies, instead of decreasing, only increases. Email only exacerbated the problem. Today, a "publisher" of information can create his own, personal mailing list and, with a single command, send an almost unlimited number of copies "in case" they may be needed. Some of these disseminators realize that their lists are no good, but instead of correcting them, they place a note at the beginning of the message that reads something like: "If you're not interested in ... destroy this message." The letter will still score Mailbox, and the addressee in any case will have to spend time getting acquainted with it and destroying it. The exact opposite of information "which may come in handy" is "timely" information, or information for which there is a demand. Computers and networks were expected to help in working with this particular type of information, but so far they have not coped with this. In the past, there were two main methods for delivering timely information.

When using the first of them, information was distributed between applications and systems. To gain access to it, the user had to learn and then constantly perform many complex access procedures. Once access was granted, each application required its own interface. Faced with such difficulties, users usually simply refused to receive timely information. They were able to master access to one or two applications, but they were no longer enough for the rest.

To solve this problem, some enterprises have made attempts to accumulate all distributed information on one main system. As a result, the user received a single way of access and a single interface. However, since in this case all the requests of the enterprise were processed centrally, these systems grew and became more complex. More than ten years have passed, and many of them are still not filled with information due to the high cost of its input and support. There were other problems here as well. The complexity of such unified systems made them difficult to modify and use. In order to maintain discrete data of transaction processes, a toolkit was developed to manage such systems. Over the past decade, the data we deal with has become much more complex, which makes the information support process difficult. The changing nature of information needs, and how difficult it is to change in this area, has given rise to these large, centrally controlled systems that slow down requests at the enterprise level.

Web technology offers new approach to the delivery of information "on demand". Because it supports the authorization, publication, and management of distributed information, the new technology does not introduce the same complexity as older centralized systems. Documents are written, maintained, and published directly by the authors, so they don't have to ask programmers to create new data entry forms and reporting programs. When dealing with new browsing systems, the user can access and view information from distributed sources and systems through a simple, unified interface without having the slightest idea of ​​the servers they are actually accessing. These simple technological changes will revolutionize information infrastructures and fundamentally change how our organizations work.

The main distinguishing feature of this technology is that the flow of information is controlled not by its creator, but by the consumer. If the user can easily receive and view information as needed, it will no longer have to be sent to him "in case" he needs it. The publishing process can now be independent of automatic information dissemination. This includes forms, reports, standards, meeting scheduling, sales support tools, training materials, charts, and a host of other documents that usually clog our wastebaskets. For the system to work, as mentioned above, not only a new information infrastructure is needed, but also a new approach, a new culture. As creators of information, we must learn to publish it without distributing it, as users to take more responsibility in defining and tracking our information requests, actively and efficiently obtaining information if we need it.

The concept of "Corporate networks". Their main functions.

Before talking about private (corporate) networks, you need to define what these words mean. Recently, this phrase has become so common and fashionable that it has begun to lose its meaning. In our understanding, a corporate network is a system that provides information transfer between various applications used in the corporation system. Based on this quite abstract definition, we will consider various approaches to the creation of such systems and try to fill the concept of a corporate network with specific content. At the same time, we believe that the network should be as versatile as possible, that is, it should allow the integration of existing and future applications with the lowest possible costs and restrictions.

The corporate network, as a rule, is geographically distributed, i.e. uniting offices, divisions and other structures located at a considerable distance from each other. Often the nodes of the corporate network are located in different cities, and sometimes countries. The principles by which such a network is built are quite different from those used to create a local network, even covering several buildings. The main difference is that geographically distributed networks use rather slow (today - tens and hundreds of kilobits per second, sometimes up to 2 Mbps) leased communication lines. If, when creating a local network, the main costs fall on the purchase of equipment and cable laying, then in geographically distributed networks, the most significant element of the cost is the rent for the use of channels, which grows rapidly with an increase in the quality and speed of data transmission. This limitation is fundamental, and when designing a corporate network, all measures should be taken to minimize the amount of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process the information transferred over it.

By applications, here we mean both system software - databases, mail systems, computing resources, file services, etc. - and the tools that the end user works with. The main tasks of the corporate network are the interaction of system applications located in different nodes, and access to them by remote users.

The first problem that has to be solved when creating a corporate network is the organization of communication channels. If within one city you can count on the lease of leased lines, including high-speed ones, then when moving to geographically remote nodes, the cost of leasing channels becomes simply astronomical, and their quality and reliability often turn out to be very low. The natural solution to this problem is to use already existing global networks. In this case, it is enough to provide channels from offices to the nearest network nodes. In this case, the global network will take over the task of delivering information between nodes. Even when creating a small network within a single city, one should keep in mind the possibility of further expansion and use technologies that are compatible with existing global networks.

Often the first, if not the only such network that comes to mind is the Internet. Use of the Internet in corporate networks Depending on the tasks to be solved, the Internet can be considered at different levels. For the end user, this is primarily a worldwide system for providing information and postal services. The combination of new technologies for accessing information, united by the concept of the World Wide Web, with a cheap and publicly available global computer system Internet communications actually spawned a new medium often referred to simply as the Net. Anyone who connects to this system perceives it simply as a mechanism that gives access to certain services. The implementation of this mechanism turns out to be absolutely insignificant.

When using the Internet as the basis for a corporate data network, it turns out to be very interesting thing. It turns out that the network is just not a network. This is the Internet - the inter-network. If we look inside the Internet, we see that information passes through many completely independent and mostly non-commercial nodes, connected through the most diverse channels and data networks. The rapid growth of services provided on the Internet leads to an overload of nodes and communication channels, which sharply reduces the speed and reliability of information transfer. At the same time, Internet service providers do not bear any responsibility for the functioning of the network as a whole, and communication channels develop extremely unevenly and mainly where the state considers it necessary to invest in it. Accordingly, there are no guarantees for the quality of the network, the speed of data transfer, or even simply the reachability of your computers. For tasks in which reliability and guaranteed time of information delivery are critical, the Internet is far from the best solution. In addition, the Internet binds users to one protocol - IP. This is good when we use standard applications that work with this protocol. Using any other system with the Internet turns out to be difficult and expensive. If you need to provide access mobile users to your private network - the Internet is also not the best solution.

It would seem that there should be no big problems here - Internet service providers are almost everywhere, take a laptop with a modem, call and work. However, a provider in, say, Novosibirsk, has no obligations to you if you connect to the Internet in Moscow. He does not receive money for services from you and, of course, will not provide access to the network. Either you need to conclude an appropriate contract with him, which is hardly reasonable if you are on a two-day business trip, or call from Novosibirsk to Moscow.

Another Internet problem that has been widely discussed lately is security. If we are talking about a private network, it seems quite natural to protect the transmitted information from someone else's eyes. The unpredictability of information paths between many independent Internet nodes not only increases the risk that some overly curious network operator can store your data on disk (technically this is not so difficult), but also makes it impossible to determine the place of information leakage. Encryption tools solve the problem only partially, since they are mainly applicable to mail, file transfer, etc. Solutions that allow real-time encryption of information at an acceptable speed (for example, when working directly with a remote database or file server) are inaccessible and expensive. Another aspect of the security problem is again related to the decentralization of the Internet - there is no one who can restrict access to the resources of your private network. Since this is an open system where everyone can see everyone, anyone can try to get into your office network and gain access to data or programs. There are, of course, means of protection (for them the name Firewall is accepted - in Russian, more precisely in German "firewall" - a fire wall). However, they should not be considered a panacea - remember about viruses and anti-virus programs. Any defense can be broken, as long as it pays for the cost of hacking. It should also be noted that it is possible to disable an Internet-connected system without intruding into your network. There are known cases of unauthorized access to the management of network nodes, or simply using the peculiarities of the Internet architecture to violate access to a particular server. Thus, the Internet cannot be recommended as a basis for systems that require reliability and closeness. Connecting to the Internet within a corporate network makes sense if you need access to that huge information space, which is actually called the Network.

A corporate network is a complex system that includes thousands of various components: computers of various types, from desktops to mainframes, system and application software, network adapters, hubs, switches and routers, cabling. The main task system integrators and administrators is to ensure that this cumbersome and very expensive system copes as best as possible with the processing of information flows circulating between employees of the enterprise and allows them to make timely and rational decisions that ensure the survival of the enterprise in a tough competitive struggle. And since life does not stand still, the content of corporate information, the intensity of its flows and the methods of its processing are constantly changing. The latest example of a drastic change in the technology of automated processing of corporate information in full view - it is associated with the unprecedented growth in the popularity of the Internet in the last 2 - 3 years. The changes brought about by the Internet are multifaceted. The hypertext service WWW has changed the way information is presented to a person, having collected on its pages all its popular types - text, graphics and sound. The Internet transport - inexpensive and accessible to almost all enterprises (and through telephone networks to single users) - has greatly facilitated the task of building a territorial corporate network, while highlighting the task of protecting corporate data when they are transmitted through a highly public public network with a multi-million population. ".

Technologies used in corporate networks.

Before presenting the basics of the methodology for building corporate networks, it is necessary to give comparative analysis technologies that can be used in corporate networks.

Modern data transmission technologies can be classified according to the methods of data transmission. In general, there are three main methods of data transfer:

channel switching;

message switching;

packet switching.

All other methods of interaction are, as it were, their evolutionary development. For example, if we represent data transmission technologies in the form of a tree, then the packet switching branch will be divided into frame switching and cell switching. Recall that packet switching technology was developed over 30 years ago to reduce overhead and improve performance. existing systems data transmission. The first packet-switching technologies, X.25 and IP, were designed to handle poor quality links. With the improvement in quality, it became possible to use a protocol such as HDLC for information transmission, which has found its place in Frame Relay networks. The desire to achieve greater performance and technical flexibility was the impetus for the development of SMDS technology, the capabilities of which were then expanded by the standardization of ATM. One of the parameters by which technologies can be compared is the guarantee of information delivery. Thus, X.25 and ATM technologies guarantee reliable packet delivery (the latter using the SSCOP protocol), while Frame Relay and SMDS operate in a mode where delivery is not guaranteed. Further, the technology can ensure that the data arrives at its recipient in the order in which it was sent. Otherwise, the order must be restored on the receiving side. Packet-switched networks may rely on pre-connection or simply pass data on the network. In the first case, both permanent and switched virtual connections can be supported. Important parameters are also the availability of data flow control mechanisms, traffic management systems, congestion detection and prevention mechanisms, etc.

Technology comparisons can also be made on criteria such as the effectiveness of the addressing scheme or routing methods. For example, the addressing used may be based on geographic location (telephone numbering plan), use in WANs, or Hardware. For example, the IP protocol uses a 32-bit logical address that is assigned to networks and subnets. The E.164 addressing scheme can be an example of a geographically oriented scheme, and a MAC address is an example of a hardware address. The X.25 technology uses a Logical Channel Number (LCN), and the switched virtual connection in this technology uses the X.121 addressing scheme. In Frame Relay technology, several virtual channels can be "embedded" into one channel, while a separate virtual channel is identified by a DLCI identifier (Data-Link Connection Identifier). This identifier is indicated in each transmitted frame. DLCI has only a local meaning; in other words, the sender's virtual channel can be identified by one number, and the receiver's by a completely different one. The switched virtual connections in this technology are based on the E.164 numbering scheme. ATM cell headers contain unique VCI/VPI identifiers that change as cells pass through intermediate switching systems. Switched virtual connections in ATM technology can use the E.164 or AESA addressing scheme.

Packet routing in a network can be done statically or dynamically and either be a standardized mechanism for a particular technology or act as a technical basis. Examples of standardized solutions are the dynamic routing protocols OSPF or RIP for IP. With regard to ATM technology, the ATM Forum has defined a protocol for routing requests for establishing switched virtual connections PNNI, the distinguishing feature of which is the consideration of information about the quality of service.

The ideal option for a private network would be to create communication channels only in those areas where it is necessary, and to carry any network protocols required by running applications over them. At first glance, this is a return to leased communication lines, however, there are technologies for building data networks that allow organizing channels within them that appear only in right time and in the right place. Such channels are called virtual. It is natural to call a system that unites remote resources using virtual channels a virtual network. There are two main technologies for virtual networks today - circuit-switched networks and packet-switched networks. The former include the conventional telephone network, ISDN, and a number of other, more exotic technologies. Packet-switched networks are represented by X.25, Frame Relay and, more recently, ATM. It is too early to talk about the use of ATM in geographically distributed networks. Other types of virtual (in various combinations) networks are widely used in the construction of corporate information systems.

Circuit-switched networks provide the subscriber with multiple communication channels with a fixed bandwidth per connection. The well-known telephone network gives us one communication channel between subscribers. If you need to increase the number of simultaneously available resources, you have to install additional telephone numbers, which is very expensive. Even if we forget about the low quality of communication, the limitation on the number of channels and the long connection establishment time do not allow using telephone communication as the basis of a corporate network. To connect individual remote users, this is a fairly convenient and often the only available method.

Another example virtual network circuit-switched is ISDN (Integrated Services Digital Network). ISDN provides digital channels (64 kbps) over which both voice and data can be transmitted. A basic ISDN (Basic Rate Interface) connection includes two of these channels and an additional 16 kbps control channel (this combination is referred to as 2B+D). It is possible to use a larger number of channels - up to thirty (Primary Rate Interface, 30B + D), but this leads to a corresponding increase in the cost of equipment and communication channels. In addition, the cost of renting and using the network increases proportionally. In general, the restrictions on the number of simultaneously available resources imposed by ISDN lead to the fact that this type of communication is convenient to use mainly as an alternative to telephone networks. In systems with a small number of nodes, ISDN can also be used as the main network protocol. It should only be borne in mind that access to ISDN in our country is still the exception rather than the rule.

An alternative to circuit-switched networks are packet-switched networks. When using packet switching, one communication channel is used in a time-sharing mode by many users - approximately the same as in the Internet. However, unlike networks such as the Internet, where each packet is routed separately, packet-switched networks require a connection between end resources to be established before information is transmitted. After the connection is established, the network "remembers" the route (virtual channel) along which information should be transmitted between subscribers and remembers it until it receives a signal to disconnect. For applications running on a packet-switched network, virtual circuits look like regular communication lines, with the only difference being that their throughput and latency changes depending on network congestion.

The classic packet switching technology is the X.25 protocol. Now it is customary to wrinkle your nose at these words and say: "this is expensive, slow, outdated and not fashionable." Indeed, today there are practically no X.25 networks using speeds above 128 kbps. The X.25 protocol includes powerful error correction facilities, providing reliable information delivery even on bad lines and is widely used where there are no high-quality communication channels. In our country, they are not almost everywhere. Naturally, you have to pay for reliability - in this case, the speed of network equipment and relatively large - but predictable - delays in information propagation. At the same time, X.25 is a universal protocol that allows you to transfer almost any type of data. "Natural" for X.25 networks is the operation of applications using the stack OSI protocols. These include systems using the X.400 (e-mail) and FTAM (file exchange) standards, as well as some others. Tools are available to implement OSI-based interoperability between Unix systems. Another standard feature of X.25 networks is communication over regular asynchronous COM ports. Figuratively speaking, the X.25 network extends the cable connected to the serial port, bringing its connector to remote resources. Thus, almost any application that can be accessed via a COM port can be easily integrated into an X.25 network. As examples of such applications, one should mention not only terminal access to remote host computers, such as Unix machines, but also the interaction of Unix computers with each other (cu, uucp), Lotus Notes-based systems, e-mail cc:Mail and MS Mail, etc. To combine LANs in nodes connected to the X.25 network, there are methods for packing ("encapsulating") information packets from the local network into X.25 packets. Part of the service information is not transmitted in this case, since it can be uniquely restored on the recipient side. The standard encapsulation mechanism is considered to be the one described in RFC 1356. It allows you to transfer various protocols of local networks (IP, IPX, etc.) simultaneously through one virtual connection. This mechanism (or the older implementation of RFC 877, which allows only IP transmission) is implemented in almost all modern routers. There are also transfer methods over X.25 and other communication protocols, in particular SNA used in IBM mainframe networks, as well as a number of proprietary protocols from various manufacturers. Thus, X.25 networks offer a universal transport mechanism for transferring information between almost any application. In this case, different types of traffic are transmitted over one communication channel, "not knowing" anything about each other. When LAN bonding over X.25, separate fragments of the corporate network can be isolated from each other, even if they use the same communication lines. This facilitates the solution of security and access control problems that inevitably arise in complex information structures. In addition, in many cases, there is no need to use complex routing mechanisms by shifting this task to the X.25 network. There are dozens of global X.25 networks in the world today common use , their nodes are available in almost all major business, industrial and administrative centers. In Russia, X.25 services are offered by Sprint Network, Infotel, Rospak, Rosnet, Sovam Teleport and a number of other providers. In addition to connecting remote sites, X.25 networks always provide means of access for end users. In order to connect to any X.25 network resource, the user only needs to have a computer with an asynchronous serial port and a modem. At the same time, there are no problems with access authorization in geographically remote nodes - firstly, X.25 networks are quite centralized and by concluding an agreement, for example, with the Sprint Network company or its partner, you can use the services of any of the Sprintnet nodes - and these are thousands of cities around the world, including more than a hundred in the former USSR. Secondly, there is a protocol for interaction between different networks (X.75), which also takes into account payment issues. Thus, if your resource is connected to the X.25 network, you can access it both from the nodes of your provider and through the nodes of other networks - that is, from almost anywhere in the world. From a security point of view, X.25 networks provide a number of very attractive features. First of all, due to the very structure of the network, the cost of intercepting information in the X.25 network is high enough to already serve as a good defense. The problem of unauthorized access can also be quite effectively solved by means of the network itself. If any - however small - risk of information leakage is unacceptable, then, of course, it is necessary to use encryption tools, including in real time. Today, there are encryption tools designed specifically for X.25 networks that allow you to work at fairly high speeds - up to 64 kbps. Such equipment is produced by Racal, Cylink, Siemens. There are also domestic developments created under the auspices of FAPSI. The disadvantage of X.25 technology is the presence of a number of fundamental speed limitations. The first of them is connected precisely with the developed possibilities of correction and restoration. These tools cause information transfer delays and require high processing power and performance from the X.25 equipment, as a result of which it simply "cannot keep up" with fast communication lines. Although there is equipment that has 2-megabit ports, the actual speed they provide does not exceed 250 - 300 kbps per port. On the other hand, for modern high-speed communication lines, the X. 25 turn out to be redundant and when they are used, the equipment power often runs idle. The second feature that makes X.25 networks considered slow is the encapsulation features of LAN protocols (primarily IP and IPX). Ceteris paribus, LAN communications over X.25 are, depending on network parameters, 15 to 40 percent slower than when using HDLC over a leased line. Moreover, the worse the communication line, the higher the performance loss. We are again dealing with obvious redundancy: LAN protocols have their own correction and recovery tools (TCP, SPX), but when using X.25 networks, you have to do this again, losing speed.

It is on these grounds that X.25 networks are declared slow and obsolete. But before saying that any technology is obsolete, it should be indicated for what applications and under what conditions. On low-quality communication lines, X.25 networks are quite effective and provide a significant advantage in price and capabilities compared to leased lines. On the other hand, even if you count on a rapid improvement in the quality of communication - necessary condition X.25 obsolescence - even then the investment in X.25 hardware will not be wasted, as modern equipment includes the ability to migrate to Frame Relay technology.

Frame relay networks

Frame Relay technology emerged as a means to realize the benefits of packet switching on high-speed communication lines. The main difference between Frame Relay networks and X.25 is that they exclude error correction between network nodes. The task of restoring the flow of information is assigned to the terminal equipment and user software. Naturally, this requires the use of sufficiently high-quality communication channels. It is believed that for successful operation with Frame Relay, the probability of an error in the channel should be no worse than 10-6 - 10-7, i.e. no more than one bad bit in several million. The quality provided by conventional analog lines is usually one to three orders of magnitude lower. The second difference between Frame Relay networks is that today almost all of them implement only the mechanism of permanent virtual connections (PVC). This means that when connecting to a Frame Relay port, you must determine in advance which remote resources you will have access to. The principle of packet switching - many independent virtual connections in one communication channel - remains here, but you cannot select the address of any network subscriber. All resources available to you are determined when you configure the port. Thus, on the basis of Frame Relay technology, it is convenient to build closed virtual networks used for the transmission of other protocols, by means of which routing is carried out. A "closed" virtual network means that it is completely inaccessible to other users on the same Frame Relay network. For example, in the United States, Frame Relay networks are widely used as a backbone for the Internet. However, your private network can use Frame Relay virtual circuits on the same lines as Internet traffic - and be completely isolated from it. Like X.25 networks, Frame Relay provides universal environment transmission for virtually any application. The main area of ​​application of Frame Relay today is the consolidation of remote LANs. In this case, error correction and information recovery is performed at the level of LAN transport protocols - TCP, SPX, etc. Losses for LAN traffic encapsulation in Frame Relay do not exceed two or three percent. Methods for encapsulating LAN protocols in Frame Relay are described in RFC 1294 and RFC 1490. RFC 1490 also defines the transmission of SNA traffic over Frame Relay. The Annex G specification of ANSI T1.617 describes the use of X.25 over Frame Relay networks. This uses all the X.25 addressing, correction, and recovery functions - but only between end nodes implementing Annex G. A permanent connection through the Frame Relay network in this case looks like a "straight wire" through which X.25 traffic is transmitted. The X.25 parameters (packet size and window size) can be chosen to obtain the lowest possible propagation delays and rate losses when encapsulating LAN protocols. The lack of error correction and complex packet switching mechanisms typical of X.25 make it possible to transmit information over Frame Relay with minimal delays. Additionally, it is possible to enable a prioritization mechanism that allows the user to have a guaranteed minimum information transfer rate for a virtual channel. This feature allows Frame Relay to be used to transmit delay-critical information such as voice and real-time video. This relatively new feature is gaining popularity and is often the main reason for choosing Frame Relay as the backbone of a corporate network. It should be remembered that today the services of Frame Relay networks are available in our country in no more than a dozen cities, while X.25 is available in about two hundred. There is every reason to believe that as communication channels develop, Frame Relay technology will become more widespread - primarily where X.25 networks currently exist. Unfortunately, there is no single standard that describes the interaction of different Frame Relay networks, so users are tied to one service provider. If it is necessary to expand the geography, it is possible to connect at one point to the networks of different providers - with a corresponding increase in costs. There are also private Frame Relay networks operating within one city or using long-distance - usually satellite - dedicated channels. Building private networks based on Frame Relay allows you to reduce the number of leased lines and integrate voice and data transmission.

The structure of the corporate network. Hardware.

When building a geographically distributed network, all the technologies described above can be used. To connect remote users, the easiest and most affordable option is to use a telephone connection. Where possible, ISDN networks may be used. To unite network nodes, in most cases, global data networks are used. Even where it is possible to lay leased lines (for example, within one city), the use of packet switching technologies makes it possible to reduce the number of required communication channels and, which is important, ensure system compatibility with existing global networks. Connecting your corporate network to the Internet is justified if you need access to the appropriate services. It is worth using the Internet as a data transmission medium only when other methods are not available and financial considerations outweigh the requirements of reliability and security. If you will use the Internet only as a source of information, it is better to use the technology "connection on demand" (dial-on-demand), ie. in such a way of connection, when the connection with the Internet node is established only on your initiative and for the time you need. This dramatically reduces the risk of unauthorized entry into your network from outside. The simplest way to make this connection is to use a dial-up dial-up to the Internet host or, if possible, ISDN. Another, more reliable way to provide a connection on demand is to use a leased line and X.25 protocol or, much more preferable, Frame Relay. In this case, the router on your side must be configured to drop the virtual connection when there is no data for a certain amount of time, and re-establish it only when there is data on your side. Widespread connection methods using PPP or HDLC do not provide such an opportunity. If you want to expose your information to the Internet - for example, set up a WWW or FTP server, a pull connection is not applicable. In this case, you should not only use access restriction using the Firewall, but also isolate the Internet server from other resources as much as possible. A good solution is to use a single point of connection to the Internet for the entire wide area network, the nodes of which are connected to each other using X.25 or Frame Relay virtual circuits. In this case, access from the Internet is possible to a single site, while users in other sites can access the Internet using a connection on demand.

To transfer data within a corporate network, it is also worth using virtual channels of packet switching networks. The main advantages of this approach - versatility, flexibility, security - were discussed in detail above. Both X.25 and Frame Relay can be used as a virtual network when building a corporate information system. The choice between them is determined by the quality of the communication channels, the availability of services at connection points and, last but not least, financial considerations. Today, the cost of using Frame Relay for long-distance communications is several times higher than for X.25 networks. On the other hand, a higher data transfer rate and the ability to simultaneously transmit data and voice can be decisive arguments in favor of Frame Relay. In those sections of the corporate network where leased lines are available, Frame Relay technology is more preferable. In this case, it is possible to combine local networks and connect to the Internet, as well as use those applications that traditionally require X.25. In addition, telephone communication between nodes is possible over the same network. For Frame Relay, it is better to use digital communication channels, however, even on physical lines or voice frequency channels, you can create a quite effective network by installing the appropriate channel equipment. Good results are achieved with the use of Motorola 326x SDC modems, which have unique capabilities for correcting and compressing data in synchronous mode. Thanks to this, it is possible - at the cost of introducing small delays - to significantly improve the quality of the communication channel and achieve an effective speed of up to 80 kbps and higher. On physical lines of short length, short-range modems can also be used, which provide fairly high speeds. However, here it is necessary high quality lines, since short-range modems do not support any error correction. RAD short-range modems are widely known, as well as PairGain equipment, which allows reaching speeds of 2 Mbit / s on physical lines about 10 km long. To connect remote users to the corporate network, access nodes of X.25 networks, as well as their own communication nodes, can be used. In the latter case, it is necessary to allocate the required amount phone numbers(or ISDN channels), which may be too expensive. If you need to connect a large number of users at the same time, then using X.25 network access nodes, even within the same city, may be a cheaper option.

A corporate network is a fairly complex structure that uses Various types connections, communication protocols and ways to connect resources. From the point of view of the convenience of building and manageability of the network, one should focus on the same type of equipment from one manufacturer. However, practice shows that there are no suppliers offering the most effective solutions for all emerging tasks. A working network is always the result of a compromise - either it is a homogeneous system that is not optimal in terms of price and features, or a combination of products from different manufacturers that is more difficult to install and manage. Next, we'll look at networking tools from several leading vendors and give some guidance on how to use them.

All data transmission network equipment can be divided into two large classes -

1. peripheral, which is used to connect end nodes to the network, and

2. backbone or backbone, which implements the basic functions of the network (channel switching, routing, etc.).

There is no clear boundary between these types - the same devices can be used in different capacities or combine those and other functions. It should be noted that backbone equipment usually has increased requirements in terms of reliability, performance, number of ports and further expandability.

Peripheral equipment is necessary component any corporate network. The functions of backbone nodes can be assumed by the global data transmission network, to which resources are connected. As a rule, backbone nodes in the corporate network appear only in cases where leased communication channels are used or own access nodes are created. The peripheral equipment of corporate networks can also be divided into two classes in terms of their functions.

Firstly, these are routers (routers) that serve to combine homogeneous LANs (usually IP or IPX) through global data networks. In networks that use IP or IPX as the main protocol - in particular, in the same Internet - routers are also used as backbone equipment that provides junction of various channels and communication protocols. Routers can be made both as stand-alone devices and as software tools based on computers and special communication adapters.

The second widely used type of peripheral equipment is gateways) that implement the interaction of applications running in different types of networks. Corporate networks primarily use OSI gateways to provide LAN connectivity to X.25 resources, and SNA gateways to connect to IBM networks. A full-featured gateway is always an appliance because it must provide the software interfaces needed for applications. Cisco Systems Routers Among the routers, perhaps the most well-known are the products of Cisco Systems, which implement a wide range of tools and protocols used in the interaction of local networks. Cisco equipment supports a variety of connectivity methods, including X.25, Frame Relay, and ISDN, allowing you to create quite complex systems. In addition, among the Cisco router family, there are excellent servers for remote access to local networks, and in some configurations, gateway functions are partially implemented (what is called Protocol Translation in Cisco terms).

Cisco routers are primarily used in complex networks that use IP or, more rarely, IPX as the primary protocol. In particular, Cisco equipment is widely used in the core nodes of the Internet. If your corporate network is designed primarily for connecting remote LANs and requires complex IP or IPX routing over heterogeneous communication channels and data networks, then using Cisco equipment will most likely be the best choice. Means of working with Frame Relay and X.25 are implemented in Cisco routers only to the extent that is needed to combine local networks and access them. If you want to build your system based on packet-switched networks, then Cisco routers can only work in it as purely peripheral equipment, and many of the routing functions turn out to be redundant, and the price, accordingly, is too high. The most interesting for use in corporate networks are the Cisco 2509, Cisco 2511 access servers and the new Cisco 2520 series devices. The main area of ​​​​their application is the access of remote users to local networks via telephone lines or ISDN with dynamic IP address assignment (DHCP). Motorola ISG Equipment Among the equipment designed to work with X.25 and Frame Relay, the most interesting are products manufactured by Motorola Corporation's information systems group (Motorola ISG). Unlike backbone devices used in global data transmission networks (Northern Telecom, Sprint, Alcatel, etc.), Motorola equipment is able to work completely autonomously, without a special network control center. The set of capabilities that are important for use in corporate networks is much wider for Motorola equipment. Of particular note are the advanced means of hardware and software upgrades, which make it easy to adapt equipment to specific conditions. All Motorola ISG products can work as X.25/Frame Relay switches, multi-protocol access devices (PAD, FRAD, SLIP, PPP, etc.), support Annex G (X.25 over Frame Relay), provide SNA (SDLC/ QLLC/RFC1490). Motorola ISG equipment can be divided into three groups, which differ in the set of hardware and scope.

The first group, intended to serve as peripherals, makes up the Vanguard series. It includes Vanguard 100 (2-3 ports) and Vanguard 200 (6 ports) serial nodes, as well as Vanguard 300/305 routers (1-3 serial ports and an Ethetrnet/Token Ring port) and Vanguard 310 ISDN routers. Routers Vanguard, in addition to a set of communication capabilities, includes the transmission of IP, IPX and Appletalk protocols over X.25, Frame Relay and PPP. Naturally, at the same time, the gentleman's set necessary for any modern router is supported - RIP and OSPF protocols, filtering and access restriction tools, data compression, etc.

The next group of Motorola ISG products includes the Multimedia Peripheral Router (MPRouter) 6520 and 6560 devices, which differ mainly in performance and expandability. In the basic configuration, the 6520 and 6560 have five and three serial ports and an Ethernet port, respectively, while the 6560 has all high-speed ports (up to 2 Mbps), while the 6520 has three ports with speeds up to 80 kbps. MPRouter supports all communication protocols and routing options available for Motorola ISG products. The main feature of MPRouter is the ability to install various additional boards, which reflects the word Multimedia in its name. There are serial port cards, Ethernet/Token Ring ports, ISDN cards, Ethernet hub. The most interesting feature of MPRouter is Voice over Frame Relay. For this, special boards are installed in it, allowing the connection of conventional telephone or fax machines, as well as analog (E&M) and digital (E1, T1) PBXs. The number of simultaneously served voice channels can reach two or more dozens. Thus, MPRouter can be used as a voice/data integration tool, a router, and an X.25/Frame Relay node at the same time.

The third group of Motorola ISG products is the backbone equipment of wide area networks. These scalable 6500plus family devices are fault-tolerant and redundant, designed to create powerful switching and access nodes. They include various sets of processor modules and I/O modules, allowing you to get high-performance nodes with 6 to 54 ports. In corporate networks, such devices can be used to build complex systems with a large number of connected resources.

It is interesting to compare Cisco and Motorola routers. We can say that for Cisco, routing is primary, and communication protocols are only a means of communication, while Motorola focuses on communication capabilities, considering routing as another service implemented using these capabilities. In general, the routing tools of Motorola products are poorer than those of Cisco, but they are quite sufficient for connecting end nodes to the Internet or a corporate network.

The performance of Motorola products, other things being equal, is perhaps even higher, and at a lower price. So Vanguard 300 with a comparable set of features is about one and a half times cheaper than its closest analogue Cisco 2501.

Eicon Solutions

In many cases, it is convenient to use the solutions of the Canadian company Eicon Technology as the peripheral equipment of corporate networks. The basis of Eicon's solutions is the EiconCard universal communication adapter, which supports a wide range of protocols - X.25, Frame Relay, SDLC, HDLC, PPP, ISDN. This adapter is installed in one of the computers on the local network, which becomes a communication server. This computer can be used for other tasks as well. This is possible due to the fact that EiconCard has a sufficiently powerful processor and its own memory and is able to process network protocols without loading the communication server. Eicon software tools allow you to build both gateways and routers based on EiconCard, operate under almost all operating systems on the Intel platform. Here we will consider the most interesting of them.

Eicon's Unix family of solutions includes the IP Connect router, X.25 Connect gateways, and SNA Connect. All of these products can be installed on a computer running SCO Unix or Unixware. IP Connect allows you to carry IP traffic over X.25, Frame Relay, PPP or HDLC and is compatible with third party equipment such as Cisco and Motorola. The package includes Firewall, data compression tools and SNMP management tools. The main area of ​​application for IP Connect is to connect Unix-based application servers and Internet servers to a data network. Naturally, the same computer can also be used as a router for the entire office where it is installed. Using an Eicon router instead of "pure hardware" devices has a number of advantages. First, it's easy to install and use. From the point of view of the operating system, the EiconCard with IP Connect installed looks like another network card. This makes configuring and administering IP Connect enough a simple matter for anyone who has dealt with Unix. Secondly, the direct connection of the server to the data network allows you to reduce the load on the office LAN and provide the very only connection point to the Internet or to the corporate network without installing additional network cards and routers. Third, this "server-based" solution is more flexible and expandable than traditional routers. There are a number of other benefits that come with sharing IP Connect with other Eicon products.

X.25 Connect is a gateway that allows LAN applications to interact with X.25 resources. This product allows Unix users and DOS/Windows and OS/2 workstations to connect to remote email systems, databases, and other systems. It should be noted, by the way, that Eicon gateways are perhaps the only common product on our market today that implements the OSI stack and allows you to connect to X.400 and FTAM applications. In addition, X.25 Connect allows you to connect remote users to a Unix machine and terminal applications on local network stations, as well as organize the interaction of remote Unix computers through X.25. Using with X.25 Connect standard features Unix, it is possible to implement protocol conversion, i.e. translation of a Unix access via Telnet into an X.25 call and vice versa. It is possible to connect a remote X.25 user using SLIP or PPP to a local network and, accordingly, to the Internet. In principle, similar protocol translation capabilities are available in Cisco routers with IOS Enterprise software, but this solution is more expensive than Eicon and Unix products combined.

Another product mentioned above is SNA Connect. This is a gateway designed to connect to the IBM mainframe and AS/400. It is typically used in conjunction with user software - the 5250 and 3270 terminal emulators and APPC interfaces - also produced by Eicon. Analogues of the solutions discussed above exist for other operating systems - Netware, OS / 2, Windows NT and even DOS. Of particular note is Interconnect Server for Netware, which combines all of the above features with remote configuration and administration tools and a client authorization system. It includes two products - Interconnect Router, which allows you to route IP, IPX and Appletalk and is, in our opinion, the most successful solution for interconnecting remote networks Novell Netware, and Interconnect Gateway, which provides powerful SNA connectivity, among other things. Another Eicon product designed to work in the Novell Netware environment is WAN Services for Netware. This is a set of tools that allows you to use Netware applications on X.25 and ISDN networks. Using it with Netware Connect allows remote users to connect to a local network via X.25 or ISDN, as well as provide an exit from the local network in X.25. WAN Services for Netware is available with Novell's Multiprotocol Router 3.0. This product is called Packet Blaster Advantage. A Packet Blaster ISDN is also available, which does not work with EiconCard, but with ISDN adapters also supplied by Eicon. At the same time, various connection options are possible - BRI (2B + D), 4BRI (8B + D) and PRI (30B + D). WAN Services for NT is designed to work with Windows NT applications. It includes an IP Router, tools for connecting NT applications to X.25 networks, support for Microsoft SNA Server, and a means for remote users to access a local network via X.25 using Remote Access Server. To connect windows server NT to ISDN network can also be used with the Eicon ISDN adapter together with the ISDN Services for Netware software.

Methodology for building corporate networks.

Now, having listed and compared the main technologies that a developer can use, let's move on to the basic questions and methods used in the design and development of a network.

Network requirements.

Network designers and network administrators are always looking to ensure that the three basic requirements of a network are met, namely:

scalability;

performance;

controllability.

Good scalability is required so that both the number of users working on the network and the application software can be changed without much effort. High network performance is required for normal operation most modern applications. Finally, the network must be manageable enough to be reconfigured to meet the ever-changing needs of the organization. These requirements reflect a new stage in the development of network technologies - the stage of creating high-performance corporate networks.

The uniqueness of new software tools and technology complicates the development of enterprise networks. Centralized resources, new classes of programs, other principles of their application, changes in the quantitative and qualitative characteristics of the information flow, an increase in the number of simultaneously working users and an increase in the power of computing platforms - all these factors must be taken into account in their totality when developing a network. Now there are a large number of technological and architectural solutions on the market, and choosing the most suitable one from them is a rather difficult task.

In modern conditions, for the correct design of the network, its development and maintenance, specialists must consider the following issues:

o Change in organizational structure.

When implementing a project, one should not "separate" software specialists and network specialists. When developing networks and the entire system as a whole, a single team of specialists from different profiles is needed;

o Use of new software tools.

It is necessary to get acquainted with the new software at an early stage of network development in order to be able to make the necessary adjustments in a timely manner to the tools planned for use;

o Exploring different solutions.

It is necessary to evaluate various architectural solutions and their possible impact on the operation of the future network;

o Checking networks.

It is necessary to test the entire network or parts of it in the early stages of development. To do this, you can create a network prototype that will allow you to evaluate the correctness of the decisions made. This way you can prevent the emergence of various kinds of "bottlenecks" and determine the applicability and approximate performance of different architectures;

o Choice of protocols.

To choose the right network configuration, you need to evaluate the capabilities of various protocols. It is important to determine how network operations that optimize the performance of one program or software package can affect the performance of others;

o Choice of physical location.

When choosing a server installation site, it is necessary, first of all, to determine the location of users. Is it possible to move them? Will their computers be on the same subnet? Will users have access to the global network?

o Calculation of critical time.

It is necessary to determine the acceptable reaction time of each application and the possible periods of maximum load. It's important to understand how emergency situations can affect the network performance, and determine whether a reserve is needed to organize the continuous operation of the enterprise;

o Analysis of options.

It is important to analyze different use cases software online. Centralized storage and processing of information often creates additional load in the center of the network, and distributed computing may require strengthening the local networks of workgroups.

Today, there is no ready-made, well-established universal methodology, following which you can automatically carry out the entire range of activities for the development and creation of a corporate network. First of all, this is due to the fact that there are no two absolutely identical organizations. In particular, each organization is characterized by a unique leadership style, hierarchy, business culture. And if we take into account that the network inevitably reflects the structure of the organization, then we can safely say that there are no two identical networks.

Network architecture

Before you start building a corporate network, you must first determine its architecture, functional and logical organization and take into account the existing telecommunications infrastructure. A well-designed network architecture helps evaluate the applicability of new technologies and applications, serves as a basis for future growth, determines the choice of network technologies, helps avoid overhead, reflects the interconnection of network components, greatly reduces the risk of incorrect implementation, etc. The network architecture is the basis of the terms of reference for network being created. It should be noted that the network architecture differs from the network design in that, for example, it does not define the exact circuit diagram network and does not regulate the placement of network components. The network architecture, for example, determines whether certain parts of the network will be based on Frame Relay, ATM, ISDN, or other technologies. The network design should contain specific guidelines and parameter estimates, such as the required bandwidth, the actual bandwidth, the exact location of the communication channels, etc.

There are three aspects, three logical components in the network architecture:

construction principles,

network templates

and technical positions.

Construction principles are used in network planning and decision making. Principles are a set simple instructions, which describe with a sufficient degree of detail all the issues of building and operating a deployed network for a long period of time. As a rule, the formation of principles is based on corporate goals and basic business methods of the organization.

The principles provide the primary link between corporate development strategy and network technologies. They serve to develop technical positions and network templates. When developing a technical task for a network, the principles of building a network architecture are set out in the section that defines the general goals of the network. A technical position can be considered as a target description that determines the choice between competing alternative network technologies. The technical position specifies the parameters of the selected technology and gives a description of a single device, method, protocol, service provided, etc. For example, when choosing a LAN technology, speed, cost, quality of service, and other requirements must be taken into account. Developing technical positions requires a deep knowledge of network technologies and careful consideration of the requirements of the organization. The number of technical positions is determined by the specified level of detail, the complexity of the network and the scale of the organization. The network architecture can be described by the following technical positions:

Network transport protocols.

What transport protocols should be used to transfer information?

Network routing.

What routing protocol should be used between routers and ATM switches?

Quality of service.

How will the choice of service quality be achieved?

Addressing in IP networks and addressing domains.

What address scheme should be used for the network, including registered addresses, subnets, subnet masks, forwarding, etc.?

Switching in local networks.

What switching strategy should be used in LANs?

Unification of switching and routing.

Where and how switching and routing should be used; how should they be combined?

Organization of the city network.

How should the departments of the enterprise located, say, in the same city be contacted?

Organization of the global network.

How should the departments of the enterprise communicate over the WAN?

Remote Access Service.

How do remote branch users access the enterprise network?

Network patterns are a set of models of network structures that reflect the relationship between network components. For example, for a given network architecture, a set of templates is created to "show" the network topology of a large branch or wide area network, or to show the layering of protocols. Network patterns illustrate a network infrastructure that is described by a complete set of technical positions. Moreover, in a well-thought-out network architecture, network templates can be as close as possible in their content to technical positions in terms of detail. In fact, network templates are a description of the functional diagram of a network section that has specific boundaries, the following main network templates can be distinguished: for a global network, for a city network, for a central office, for a large branch of an organization, for a branch. Other templates can be developed for sections of the network that have some particularities.

The described methodological approach is based on studying a specific situation, considering the principles of building a corporate network in their totality, analyzing its functional and logical structure, developing a set of network templates and technical positions. Various implementations of corporate networks may include certain components. In the general case, the corporate network consists of various departments connected by communication networks. They can be global (WAN) or metropolitan (MAN). Branches can be large, medium and small. A large department can be a center for processing and storing information. stands out Main office from which the entire corporation is managed. Small branches include various service units (warehouses, workshops, etc.). Small branches are essentially remote. The strategic purpose of the remote branch is to place sales and technical support services closer to the consumer. Customer communications, which have a significant impact on corporate revenue, will be more productive if all employees can access corporate data at any time.

At the first step of building a corporate network, the proposed functional structure is described. The quantitative composition and status of offices and departments is determined. The necessity of deploying one's own private communication network is substantiated, or a service provider is selected that is able to meet the requirements. The development of the functional structure is carried out taking into account the financial capabilities of the organization, long-term development plans, the number of active network users, running applications, and the required quality of service. The development is based on the functional structure of the enterprise itself.

The second step defines the logical structure of the corporate network. Logical structures differ from each other only in the choice of technology (ATM, Frame Relay, Ethernet ...) for building a backbone, which is the central link of a corporation's network. Consider the logical structures built on the basis of cell switching and frame switching. The choice between these two methods of information transmission is based on the need to provide a guaranteed quality of service. Other criteria may also be used.

The data transmission backbone must meet two basic requirements.

o Ability to connect a large number of low-speed workstations to a small number of powerful, high-speed servers.

o Acceptable speed of response to customer requests.

An ideal backbone should have high reliability of data transmission and a developed control system. The management system should be understood, for example, as the ability to configure the backbone taking into account all local features and maintaining reliability at such a level that even if some parts of the network fail, the servers remain available. The listed requirements will probably determine several technologies, and the final choice of one of them remains with the organization itself. You need to decide what matters most - cost, speed, scalability or quality of service.

The cell-switched logical structure is used in networks with real-time multimedia traffic (video conferencing and high-quality voice transmission). At the same time, it is important to soberly assess how necessary such an expensive network is (on the other hand, even expensive networks are sometimes not able to meet some requirements). If this is the case, then it is necessary to take as a basis the logical structure of the frame-switched network. The logical switching hierarchy that combines the two levels of the OSI model can be represented as a three-level scheme:

The lower level is used to combine local Ethernet networks,

The middle layer is either an ATM local area network, a MAN network, or a WAN backbone network.

The top level of this hierarchical structure is responsible for routing.

The logical structure allows you to identify all possible communication routes between individual sections of the corporate network

Backbone based on cell switching

When using cell switching technology to build a network backbone, the integration of all switches Ethernet layer workgroups implement high-performance ATM switches. Operating at layer 2 of the OSI reference model, these switches transmit 53-byte fixed-length cells instead of variable-length Ethernet frames. This networking concept implies that a workgroup Ethernet switch must have an ATM segmentation and reassembly (SAR) egress port that converts variable-length Ethernet frames into fixed-length ATM cells before passing information to the ATM backbone switch.

For WANs, basic ATM switches are capable of providing connectivity to remote regions. Also operating at layer 2 of the OSI model, these WAN switches can use T1/E1 links (1.544/2.0Mbps), T3 links (45Mbps), or SONET OC-3 links (155Mbps). To provide urban communications, a MAN network can be deployed using ATM technology. The same ATM backbone network can be used to communicate between telephone exchanges. In the future, within the client/server telephone model, these stations may be replaced by voice servers in the local area network. In this case, the ability to guarantee the quality of service in ATM networks becomes very important when organizing communication with client personal computers.

Routing

As already noted, routing is the third and most high level in the hierarchical structure of the network. Routing, which operates at the third layer of the OSI reference model, is used to organize communication sessions, which include:

o Communication sessions between devices located in different virtual networks (each network is usually a separate IP subnet);

o Communication sessions that go through global/city

One of the strategies for building a corporate network is to install switches at the lower levels common network. The local networks are then linked using routers. Routers are required to divide a large organization's IP network into many separate IP subnets. This is to prevent the "broadcast explosion" associated with protocols such as ARP. To contain the spread of unwanted traffic over the network, all workstations and servers must be divided into virtual networks. In this case, routing controls communication between devices belonging to different VLANs.

Such a network consists of routers or routing servers (logical core), a network backbone based on ATM switches, and a large number of Ethernet switches located at the periphery. Except in special cases, such as the use of video servers that connect directly to the ATM backbone, all workstations and servers must be connected to Ethernet switches. Such a network design will allow localizing internal traffic within workgroups and preventing the transfer of such traffic through ATM backbone switches or routers. Ethernet switch teaming is performed by ATM switches, usually located in the same branch. Note that multiple ATM switches may be required to provide enough ports to connect all of the Ethernet switches. As a rule, 155Mbps communication over multimode fiber optic cable is used in this case.

The routers are located away from the backbone ATM switches, as these routers need to be moved out of the routes of the main communication sessions. This construction makes routing optional. It depends on the type of communication session and on the type of traffic in the network. Routing should be avoided when transmitting real-time video information, as it can introduce unwanted delays. Routing is not needed for communication between devices located in the same virtual network, even if they are located in different buildings on the territory of a large enterprise.

In addition, even in a situation where routers are required for certain communications, placing routers away from ATM backbone switches minimizes the number of routing hops (a routing hop refers to the network section from the user to the first router or from one router to another). This not only reduces latency, but also reduces the load on routers. Routing has become widespread as a technology for connecting local area networks in a global environment. Routers provide a variety of services designed for multilayer control of the transmission path. This includes a general addressing scheme (at the network layer) independent of how previous layer addresses are formed, as well as conversion from one control layer frame format to another.

Routers make decisions about where to forward incoming data packets based on the address information they contain. network layer. This information is extracted, parsed, and matched against the contents of the routing tables to determine which port a particular packet should be sent to. The link layer address is then extracted from the network layer address if the packet is to be sent to a network segment such as Ethernet or Token Ring.

In addition to processing packets, routers also update the routing tables in parallel, which are used to determine the destination of each packet. Routers create and maintain these tables in dynamic mode. As a result, routers can automatically respond to changing network conditions, such as congestion or broken links.

Determining the route is a rather difficult task. In a corporate network, ATM switches should function in much the same way as routers: information exchange should take place taking into account the network topology, available routes, and transmission costs. The ATM switch needs this information in order to select the best route for a particular session initiated by end users. In addition, route determination is not limited to just deciding on the path that a logical connection will take after a request is made to create it.

The ATM switch can choose new routes if, for some reason, communication channels become unavailable. At the same time, ATM switches must ensure network reliability at the level of routers. To create an expandable network with high economic efficiency, it is necessary to transfer the routing functions to the periphery of the network and provide traffic switching in its backbone. ATM is the only network technology that can do this.

To select a technology, you need to answer the following questions:

Does the technology provide an adequate quality of service?

Can it guarantee the quality of service?

How scalable will the network be?

Is it possible to select a network topology?

Are the services provided by the network cost-effective?

How effective will the management system be?

The answers to these questions determine the choice. But, in principle, different technologies can be used in different parts of the network. For example, if individual sites require support for real-time multimedia traffic or 45Mbps, then ATM is installed in them. If a section of the network requires interactive processing of requests, which does not allow significant delays, then Frame Relay must be used if such services are available in this geographical area (otherwise you will have to resort to the Internet).

So, a large enterprise can connect to the network via ATM while branch offices connect to the same network via Frame Relay.

When building a corporate network and choosing a network technology with the appropriate software and hardware, price/performance should be considered. It is difficult to expect high speeds from cheap technologies. On the other hand, it is pointless to use the most complex technologies for the simplest tasks. Different technologies should be correctly combined to achieve maximum efficiency.

The choice of technology should take into account the type of cabling and required distances; compatibility with already installed equipment (significant cost minimization can be achieved if new system you can turn on the already installed equipment.

Generally speaking, there are two ways to build a high-speed local network: evolutionary and revolutionary.

The first way is based on an extension of the good old frame relay technology. Within the framework of this approach, it is possible to increase the speed of a local network by upgrading the network infrastructure, adding new communication channels and changing the way packets are transmitted (which is what is done in switched Ethernet). A typical Ethernet network shares bandwidth, that is, the traffic of all users of the network compete with each other, claiming the entire bandwidth of the network segment. Switched Ethernet creates dedicated routes, allowing users to access real bandwidth of 10Mbps.

The revolutionary path involves the transition to radically new technologies, such as ATM for local area networks.

The rich practice of building local networks has shown that the main issue is the quality of service. This is what determines whether the network will be able to work successfully (for example, with applications such as video conferencing, which are increasingly used in the world).

Conclusion.

To have or not to have their own communication network is a “personal matter” for each organization. However, if building a corporate (departmental) network is on the agenda, it is necessary to conduct a deep, comprehensive study of the organization itself, the tasks it solves, draw up a clear workflow scheme in this organization and, on this basis, proceed to the choice of the most appropriate technology. One of the examples of building corporate networks is the currently widely known Galaktika system.

List of used literature:

1. M. Shestakov "Principles of building corporate data transmission networks" - "Computerra", No. 256, 1997

2. Kosarev, Eremin "Computer systems and networks", Finance and statistics, 1999

3. Olifer V. G., Olifer N. D. “Computer networks: principles, technologies, protocols”, St. Petersburg, 1999

4. Site materials rusdoc.df.ru

For companies with remote branches, pressing problem is the organization of a fast, reliable exchange of information and prompt access to data, regardless of the territorial remoteness of offices.

The company "Infosel" offers solutions for the integration of geographically dispersed offices into a single corporate information network.

Corporate network - a network built using various topologies and uniting disparate offices into a single network system. Often, corporate networks use the Internet as a data transmission channel, despite this, access from the outside to the enterprise network is prohibited or strictly limited both at the physical level and at the administrative level.
Due to its logical structure, the network allows organizing the simultaneous work of employees of different departments with distributed or centralized territorial applications, databases and other services (processing, systematization and storage of intracorporate information data).

The corporate network is logically separated from public networks, that is, your traffic is completely protected from unauthorized access from the outside;

Enterprise network features

Modern data transmission technologies provide their users with ample opportunities for organizing various types of services:

• organization electronic document management and maintenance of general archives of documents;
• Organization of a corporate telephone network with a single numbering plan;
• Organization of conference communication systems, including video conferencing;
• Building distributed video surveillance systems with a single data storage center;
• Organization of remote access to files and servers with databases;
• Connection to the Internet with the possibility of organizing a unified corporate information security policy;
• Providing access to global financial, trading and information systems.

In addition to providing security, a corporate network also brings economic benefits. One example is the organization of long-distance calls within a multi-service corporate network using VoIP, which is much cheaper than the cost of regular long-distance traffic.

The main advantages of deploying the Corporate Data Transmission Network by Infosel specialists for the customer are:

• consolidation of geographically distributed objects into a single IT infrastructure;
• high level of information system protection;
• centralized control and management of IT infrastructure;
• reduces the cost of long-distance telephone communication and business trips of employees;
• reduces significant costs for maintaining and operating the network infrastructure;
• solves the problem of using modern applications and introducing new services necessary for the successful operation of the organization.

The company "Infosel" implements complex solutions in the field of building corporate data transmission networks, and also offers a wide range of professional services covering the entire life cycle of the systems implemented by the company, from the pre-project stage of creation to the commissioning of the system and subsequent support.

Infosel specialists will help you plan and organize a reliable, secure connection between geographically separated offices. The technology of virtual private networks provides for the construction of a corporate communication network over the Internet, or any other public network. A more powerful, functional unifying network equipment is installed in the central unified office. At the same time, to protect the transmitted data from unauthorized access, and. After consolidation, the local corporate network becomes a geographically distributed secure corporate routed network.

Your mobile partners and colleagues will be able to independently connect to the corporate network via encrypted communication channels and use its resources, according to the security policies defined for them, from anywhere, having Internet access at hand.

The main official partner of Infosel in the field of network solutions and building corporate data transmission networks is the leading manufacturer of active network equipment and software - Cisco Systems. To implement projects for specific requirements and business tasks of the customer, equipment and software from other manufacturers can be used.