By the end of 2005, our campus network had two outlets, CERNET and CHINANET, with a total export bandwidth of 2300M, including CERNET 1000m and CHINANET 1300m. Our school applied for 20480 IP addresses of CERNET and 80 IP addresses of CHINANET. There are more than 50 servers connected to the campus network, 1 1800 end-user computers, more than 2,000 e-mail users, and the school's WWW portal has nearly 300,000 visitors every day. Campus network provides a good support service for teaching and scientific research in our school, and provides a good communication platform for teachers, researchers and managers. The campus network of Hunan University generally adopts a network topology structure combining ring and star, and the backbone adopts 1000M network technology. All the Internet computers in the whole school are connected to the convergence layer switch in this area through the building convergence switches of each department building. The regional convergence switches are respectively connected to two different core switches, and then are respectively connected to CERNET and China Telecom Network through two routers. (See: Figure 2 Schematic Diagram of Campus Network Topology of Hunan University for details)
1, core switching layer
At present, there are four core switches, one Cisco 6509 and one Ruijie 68 10E in the network center, one Huawei 8505 in the south campus and one Cisco 6509 in the north campus. Four core switches form the core switching layer of the campus network through ring connection, and the open shortest path first (OSPF) dynamic routing protocol is adopted to ensure the robustness of the network. In the topology diagram, the core switching layer is displayed in the dotted box of the core switching layer of the central campus network.
2. Regional convergence switching layer
As shown in figure 1, the regional convergence switching layer of the campus network consists of nine regional convergence switches on the periphery of the core switching layer, of which four are Huawei's 6506R for teaching, scientific research and office work, and five are Huawei's 55 16 for student dormitories. Four convergence layer facilities in teaching, scientific research and office areas are distributed in the southeast, southwest, northwest and original design area of the South Campus; three campus dormitory areas are distributed in boys' dormitory areas, girls' dormitory areas and students' dormitory areas in the North Campus; and two off-campus dormitory areas are distributed in Tianma Apartment and Dezhiyuan Apartment. The regional convergence layer network equipment is connected to two different core switches by two 1000M optical fiber links, except the north campus student dormitory and Dezhiyuan apartment student dormitory, which improves the switching performance from convergence layer to the core layer and the robustness of the links.
3. Building convergence layer
From convergence layer switch, connect to the building convergence switch of each building on campus with 1000M optical fiber. This part of the building convergence switch constitutes the building convergence layer of the campus network, which is the backbone node of the campus network. Gigabit optical fiber switches of backbone nodes mainly include Cisco 4006/4003 series, Cisco 3500/2950 series, Huawei 55 16/E026 series, Ruijie 2 126G series and so on. At present, 1000M backbone nodes basically cover all teaching, scientific research, office buildings, department main buildings and laboratories in our school, and the total number of 1000M backbone nodes in the whole school is 84. The distribution is as follows:
(1) 1000m south campus teaching office area has 33 backbone nodes. They are ■ Fu Lin Building ■ Qianjin Building ■ Teaching Middle Building (former Department of Architecture) ■ Teaching North Building ■ Teaching East Building (Key Laboratory of Physics) ■ Library ■ Yuelu Academy (including Wangjiang Building) ■ School of Materials and Mathematics ■ School of Chemical Engineering (old) ■ Electrical Building ■ Business School ■ Physics Building ■ Meiya College ■ Bioengineering College ■ Environmental Engineering College ■ Foreign Language College ■ ■ Law School ■ Modeling Department ■ Civil Engineering Experimental Building ■ Mechanical Engineering Experimental Building ■ Physics Experimental Building ■ HVAC Laboratory ■ Training Building (former) ■ Training Building (new and former continuing education college teaching building) ■ Graduate School ■ School Office Building (former Science and Technology Museum) ■ Infrastructure Logistics Building (former student dormitory) ■
(2) There are 1000M backbone nodes in the teaching office area of the North Campus, namely: ■ Economic Information Data Center (Electronic Building) ■ Network College ■ Network Classroom of Network College ■ New Teaching Building ■ Water Teaching Building ■ Adult Education Building (North Campus Hotel) ■ Administrative Complex Building ■ Second Office Building (Red Building) ■ Library ■ Gymnasium.
(3) There are 1 1 backbone nodes in the south campus 1000m student dormitory area, namely: ■ eight buildings ■ ten buildings ■ twelve buildings ■ fourteen buildings ■ sixteen buildings ■ seventeen buildings ■ five buildings ■ nine buildings ■ thirteen buildings ■ fifteen buildings ■ eighteen buildings.
(4) There are 9 main nodes in the north campus student dormitory area 1000M, namely ■ dormitory 1 ■ dormitory 2 ■ dormitory 3 ■ dormitory 4 ■ dormitory 5 ■ dormitory 6 ■ girls' apartment ■ postgraduate dormitory ■ accounting building.
(5) There are 7 1000M backbone nodes in the area where the network center is located, namely ■ Computer College (2) ■ Software College ■ Network Technology Engineering Research Center ■ Computer College Computing Center ■ High Performance Center ■ Publishing House.
(6) Tianma Student Apartment Phase II 1000M student dormitory area has seven main nodes, namely: ■ one building ■ two buildings ■ three buildings ■ four buildings ■ five buildings ■ six buildings ■ seven buildings.
(7) Dezhiyuan Student Apartment 1000M Student Dormitory Area has seven main nodes, namely: ■ one building ■ two buildings ■ three buildings ■ four buildings ■ five buildings ■ six buildings ■ seven buildings.
4. End User Access Layer
From the convergence layer exchange in the building, access the end user to the exchange with 100M twisted pair, and then access the end user with 10/ 100M bandwidth. Switches mainly include Huawei 2403H/2026B/20 16B series, Ruijie 1926F+ series, etc. The total number of network information points in the whole school is 14038. These include:
There is a 5 103 teaching office area in the south campus. They are: Institute of Materials (including Computing Center 600), former Institute of Chemical Engineering (50), Library (600), Electrical Building (300), School of Business Administration (50), Physics Building (20), Physics Laboratory Building (70), Physics Key Laboratory (20) and Jixian Hotel (1. School office building (former Science and Technology Museum 326), former school office building (65444 New Architecture Department (70), Modeling Department (20), Teaching Middle Building (16), Teaching North Building (340), Enrollment and Employment Center (40), Original Training Building (150), etc.
There are 1006 network information points in the teaching office area of the north campus, namely: comprehensive building (160), second office building (80), library (200), gymnasium (4), electronic building (400), network college (100) and network.
There are 170 1 network information points in the dormitory area of the south campus.
There is a 1023 network information point in the student dormitory area of the North Campus.
There are 1340 network information points in the area where the network center is located, namely: Computer College (500), Software College (300), Engineering Center (40), Computer College Computing Center (400), High Performance Center (40) and Publishing House (60).
There are 2470 network information points in the student dormitory area of Tianma Apartment Phase II.
Dezhiyuan apartment student dormitory area has 1395 network information point.
5. Network exit
Our school has two exits to access the Internet, namely CERNET and China Telecom (163), of which CERNET's exit bandwidth is 1000M, China Telecom's exit bandwidth is 1300M, China Telecom's exit bandwidth is Huawei NE40-8 and Education Network's exit bandwidth is Huawei NE40.
In order to ensure the safe operation of the campus information network in our school, the campus network information center installed a transparent hardware firewall at the exit of the school network, and configured internal rules for external access, so as to open normal services and effectively isolate other connections with external networks. At present, the main services and applications provided by the network center inside and outside the school are: email service, WEB service and virtual host service, FTP service, DNS and proxy service.
1, e-mail service
The mail system is based on LINUX server with high performance and stable kernel. The software was purchased from Beijing Yiyou Company, and the mail gateway adopted MessageSoft SMG. The firewall of Meixunzhi professional mail system filters and kills the mail viruses flooding between the Internet at the mail server, which can effectively prevent spam and mail bombs from attacking the mail server. The long-term, stable and safe e-mail service for teachers and students in the school has been realized. The user level of this system is 10000. At present, our school has 1600 e-mail users.
2. Network and virtual hosting services
The portal website of Hunan University and the secondary websites of departments, departments and laboratories are all hosted by virtual hosts. WEB server operating systems include Windows2000 server, Linux, IBM Aix, etc. Use WEB servers such as IIS5.0 and Apache to provide virtual hosting services for various departments and departments. At present, there are 8 1 virtual hosts in our school, including 30 departments, 3 1 school institutions,1/directly affiliated units, 7 scientific research institutions and 3 portals. The virtual host server has taken a series of measures to ensure the safe operation of the virtual host server, such as setting up the system reasonably, updating the system patch in time, installing anti-virus software and installing a firewall.
3.FTP service
At present, about 3T of FTP storage space is provided by three power6800 SCSI memories and an IBM fast600 external memory. The FTP service in the campus network is only for teachers and students on campus, providing all kinds of free or * * * resources. Since its operation, FTP service has provided great convenience for the study, work and entertainment of teachers and students at school.
4.DNS and proxy services
At present, the school has four DNS servers, using SUN OS and solaris9 operating systems. Two of them are campus DNS servers, which only provide domain name query services on campus; One provides educational domain name query, and the other provides Internet domain name query.
In order to solve the shortage of IP address resources. We adopted the solution of proxy service. The role of proxy server is to communicate the campus network and the Internet, and solve the problem of intranet accessing the Internet. Moreover, this kind of proxy is irreversible, and it can also ensure the security of data inside the campus. The proxy server includes squid proxy socks proxy. Use HP ML 150 server, install linux operating system based on stable kernel, and run reasonably compiled squid and socks proxy software. Through this proxy service, the campus network center can establish a one-to-one correspondence between "IP users", limit the open ports of network users, and clearly define the users and uses of IP. From the perspective of the Internet, it also ensures the safety and health of the information flow from Hunan University to the public network. From the actual operation, it has achieved good results.
5. Reverse proxy service
Reverse proxy is another form of proxy service. Through reverse proxy, faculty and staff who use telecom or other ISP operators can easily access a wealth of teaching books at home or on business trips. At present, there are more than 600 registered users, and the users have responded well in the actual use process. In order to ensure the 24-hour on-line service of equipment, the network center and the school logistics and hydropower department have carried out power supply transformation between power supply equipment. In the central computer room, dual AC main power supply is provided. In addition, three 30KVA parallel UPS power supplies (2+ 1 redundancy) are provided.
The power supply between the regional convergence network computer room and the building convergence network computer room is changed into the mode of directly supplying power from the main distribution box of the building, which is not controlled by other switches, so as to ensure that as long as the building has electricity, the computer room will have electricity, and the building network users can surf the Internet at any time within 24 hours.
notification
Colleges, departments, offices and directly affiliated units: Campus network is the basic condition for providing resources, information exchange and collaborative work for school teaching, scientific research and management. For a time, the campus network of our school provided unlimited free services to all teachers and students, which led to some behaviors such as uncontrolled downloading and watching movies and videos online for a long time. According to the statistical analysis of campus user traffic usage, individual users even download more than 1000 GB a month, which greatly wastes campus network resources and affects the normal study and work of teachers and students. In order to allocate the bandwidth resources of campus network more reasonably and provide better network quality for teachers and students, the user traffic of campus network is controlled and managed, and the relevant standards are adjusted. I. Specific measures: Total monthly usage (GB) 0-20 Personal account implementation measures exceeding 20GB will be closed for free use, and users can log in to the campus personal information portal to unlock and open it themselves. When the total amount of traffic exceeding the free quota is 1.5 yuan /GB, the personal account will be closed. If it is really necessary to open, a written application must be submitted and approved by the user management department and the information office before opening. Two. Description of related matters: (1) This method. (2) The above flow refers to the downstream flow, and the upstream flow is not counted; (3) Traffic generated by accessing campus network resources (such as campus information system, IPTV, campus website, etc.). ) not counting; Traffic generated by accessing IPv6 resources is not counted; (4) Statistics of traffic by account, that is, whether the same account uses wired network or wireless network, the generated traffic will be counted; (5) Statistics of traffic by day, that is, assuming that the total traffic usage of users in the current month exceeds the shutdown value of a certain day, the user account will be shut down the next day; (6) The monthly settlement method is adopted for the traffic fee, that is, if the excess traffic fee is generated in the current month, it will be settled uniformly on the following month 1, and there will be a three-day payment buffer period, and the user account that fails to pay the arrears in time will be shut down; (7) Calculate the cost by the method of rounding off the tail, that is, the part less than 1GB will be rounded off without calculating the cost, for example, the part exceeding 1.88GB will be calculated as1GB; (eight) the monthly traffic usage of less than 20GB is not accumulated to the next month; (9) Users can log on to the personal information portal of Hunan University to check the usage of personal network traffic; (ten) if there are special requirements, special treatment can be made as appropriate. Three. This notice has been implemented since April 20 16 1 day, and the difference between this notice and the original document (Hudaxingzi [2011] No.40) shall be subject to this article.