企業監控網絡系統升級改造
原創【51CTO專稿】我單位因為安全生產需要,部署了涉及整個下級生產部門及各生產崗位的全天候監控系統。同時該系統也負責向上級管理單位提供視頻監控的實時查看以及錄像資料調取和上傳功能。因為單位地理位置分散,主干網絡采用了廣域網技術進行實施,為了支持7X24小時應用的需求,網絡在鏈路層被設計為星環網結構。但方案實施后發現,因為早期投入的不足以及設計上的缺陷,網絡依然不能很好的支持7X24應用的要求,經常發生網絡中斷或者下級單位硬盤錄像機無法回傳圖像等問題。尤其是作為網絡核心層的匯聚路由器,因為涉及的下級單位2M接入端口多,只能使用多臺路由器進行匯聚,再將各路由器通過交換機進行連接,同時其中一臺路由器需要擔當網絡邊界路由器功能,為處于辦公網絡環境中的各主機節點以及上級單位用戶提供視頻監控服務功能,交換機因此長期處于高負荷狀態,同時因為匯聚路由器只能相對單獨工作,其中某一路由器故障后,在其上所有的接入點網絡都將故障,導致該視頻監控系統不能很好的穩定工作,影響視頻監控的圖像回傳質量和效果。
需求分析
通過技術部門對前期網絡存在問題的分析以及對未來網絡必須滿足7X24小時應用的強實時要求,此次項目升級改造目標是構建一個"安全穩定,實時有效,高效負載"的系統架構。以達到安全生產監控系統對安全工作實時有效的監控和管理,此次網絡改造主要是對網絡匯聚核心層從新設計和部署,同時從新規劃主干網絡中星環網的拓撲,并在匯聚核心層提供路由器的在線熱負載備份模式。
實施方案
1、網絡核心層規劃:
將原核心層路由器由4臺接入層普通路由器更換為2臺H3C MSR36-20匯聚路由器,并在核心層路由器中使用VRRP路由熱負載技術對該兩臺核心路由器進行LAN口熱備模式設置,將其中的一個LAN口設置為WLAN口地址進行WLAN口數據的直接交換。核心層路由器核心參數分別配置如下:
1.1、Master路由器配置:
- sysname MASTER_JiangKong_2
- #
- telnet server enable
- #
- router id 196.*.*.5
- #
- ospf 196
- peer 196.*.*.50
- peer 196.*.*.62
- peer 196.*.*.86
- peer 196.*.*.106
- peer 196.*.*.122
- peer 196.*.*.126
- peer 196.*.*.142
- peer 196.*.*.154
- peer 196.*.*.241
- area 0.0.0.0
- network 10.*.*.0 0.0.0.255
- network 196.*.*.0 0.0.0.255
- network 196.*.*.48 0.0.0.3
- network 196.*.*.60 0.0.0.3
- network 196.*.*.84 0.0.0.3
- network 196.*.*.104 0.0.0.3
- network 196.*.*.120 0.0.0.3
- network 196.*.*.124 0.0.0.3
- network 196.*.*.140 0.0.0.3
- network 196.*.*.152 0.0.0.3
- network 196.*.*.240 0.0.0.3
- #
- system-working-mode
- password-recovery enable
- #
- vlan 1
- #
- controller Cellular0/0
- #
- controller Cellular0/1
- #
- interface Aux0
- #
- interface Serial5/0
- fe1 unframed
- ip address 196.*.*.49 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/1
- fe1 unframed
- ip address 196.*.*.61 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/2
- fe1 unframed
- ip address 196.*.*.85 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/3
- fe1 unframed
- ip address 196.*.*.105 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/0
- fe1 unframed
- ip address 196.*.*.121 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/1
- fe1 unframed
- ip address 196.*.*.153 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/2
- fe1 unframed
- ip address 196.*.*.141 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/3
- fe1 unframed
- ip address 196.*.*.125 255.255.255.252
- ospf network-type p2p
- #
- interface NULL0
- #
- interface GigabitEthernet0/0
- port link-mode route
- combo enable copper
- ip address 196.*.*.5 255.255.255.0
- vrrp vrid 1 virtual-ip 196.*.*.1
- vrrp vrid 1 priority 120
- vrrp vrid 1 preempt-mode delay 5
- #
- interface GigabitEthernet0/1
- port link-mode route
- ip address 196.*.*.242 255.255.255.252
- #
- interface GigabitEthernet0/2
- port link-mode route
- ip address 10.*.*.252 255.255.255.0
- vrrp vrid 2 virtual-ip 10.*.*.2
- vrrp vrid 2 priority 120
- vrrp vrid 2 preempt-mode delay 5
- #
1.2、Backup路由器重要參數配置:
- sysname BACKUP_JianKong_1
- #
- telnet server enable
- #
- router id 196.*.*.4
- #
- ospf 196
- peer 196.*.*.5
- peer 196.*.*.9
- peer 196.*.*.14
- peer 196.*.*.18
- peer 196.*.*.26
- peer 196.*.*.46
- peer 196.*.*.66
- peer 196.*.*.82
- peer 196.*.*.158
- peer 196.*.*.174
- peer 196.*.*.178
- peer 196.*.*.194
- peer 196.*.*.198
- peer 196.*.*.210
- peer 196.*.*.214
- peer 196.*.*.230
- peer 196.*.*.242
- area 0.0.0.0
- network 10.*.*.0 0.0.0.255
- network 196.*.*.0 0.0.0.255
- network 196.*.*.4 0.0.0.3
- network 196.*.*.8 0.0.0.3
- network 196.*.*.12 0.0.0.3
- network 196.*.*.16 0.0.0.3
- network 196.*.*.24 0.0.0.3
- network 196.*.*.44 0.0.0.3
- network 196.*.*.64 0.0.0.3
- network 196.*.*.80 0.0.0.3
- network 196.*.*.156 0.0.0.3
- network 196.*.*.172 0.0.0.3
- network 196.*.*.176 0.0.0.3
- network 196.*.*.192 0.0.0.3
- network 196.*.*.196 0.0.0.3
- network 196.*.*.208 0.0.0.3
- network 196.*.*.212 0.0.0.3
- network 196.*.*.228 0.0.0.3
- network 196.*.*.240 0.0.0.3
- #
- ip unreachables enable
- ip ttl-expires enable
- #
- system-working-mode
- password-recovery enable
- #
- vlan 1
- #
- controller Cellular0/0
- #
- controller Cellular0/1
- #
- interface Aux0
- #
- interface Serial5/0
- fe1 unframed
- ip address 196.*.*.197 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/1
- fe1 unframed
- ip address 196.*.*.209 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/2
- fe1 unframed
- ip address 196.*.*.177 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/3
- fe1 unframed
- ip address 196.*.*.193 255.255.255.252
- #
- interface Serial5/4
- fe1 unframed
- ip address 196.*.*.157 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/5
- fe1 unframed
- ip address 196.*.*.173 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/6
- fe1 unframed
- ip address 196.*.*.25 255.255.255.252
- ospf network-type p2p
- #
- interface Serial5/7
- fe1 unframed
- ip address 196.*.*.45 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/0
- fe1 unframed
- ip address 196.*.*.17 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/1
- fe1 unframed
- ip address 196.*.*.13 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/2
- fe1 unframed
- ip address 196.*.*.6 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/3
- fe1 unframed
- ip address 196.*.*.10 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/4
- fe1 unframed
- ip address 196.*.*.229 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/5
- fe1 unframed
- ip address 196.*.*.213 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/6
- fe1 unframed
- ip address 196.*.*.65 255.255.255.252
- ospf network-type p2p
- #
- interface Serial6/7
- fe1 unframed
- ip address 196.*.*.81 255.255.255.252
- ospf network-type p2p
- #
- interface NULL0
- #
- interface GigabitEthernet0/0
- port link-mode route
- combo enable copper
- ip address 196.*.*.4 255.255.255.0
- vrrp vrid 1 virtual-ip 196.*.*.1
- #
- interface GigabitEthernet0/1
- port link-mode route
- ip address 196.*.*.241 255.255.255.252
- #
- interface GigabitEthernet0/2
- port link-mode route
- ip address 10.*.*.254 255.255.255.0
- vrrp vrid 2 virtual-ip 10.*.*.2
2、修改網絡拓撲結構
將下級單位12個環網中的24個鏈路定義為出口及入口個12個,分別交叉接入接入MASTER及BACKUP路由器的WLAN端口進行物理環路保護。增設監控網絡核心交換機,從網絡層隔離監控網絡及辦公網絡數據包,同時也減輕了原核心交換機高負載壓力。改造前后拓撲圖如下:
后記
該網絡改造方案中重新將單位安全監控網絡核心路由器由4臺減少為了兩臺,并將兩臺理由器對辦公網絡以及監控網絡都通過VRRP技術進行了LAN網絡接口的熱備負載模式,將下級單位中環網的出口及入口鏈路分別匯聚在兩臺熱備路由器中。這樣可以保證即使兩臺路由器中的一臺完全宕機,監控網絡也可以通過另一臺路由器的工作完成應用的良好可訪問性以及各下級單位視頻圖像的有效實時回傳。從而達到了更新改造需要達到的各項技術指標。同時因為在兩臺路由器中進行了1000MEthernet端口的路由模式直連,使得數據路由時間大大提高。網絡延時明顯減少,原網絡中從視頻服務器到各下級單位路由器平均延時在12MS,經過改造后該延時減少到7MS以內。
