The Design And Implementation Of Northeast Securities Network System

With the continuous development of the Northeast Securities Co. Ltd., the existing wide area network (WAN) systems of the company are increasingly exposed its shortcomings and inadequacies. In order to meet the development of company's business, the network system needed be urgently reconstructed to optimize network structure and improve its rapidity, security and redundancy.Combined with actual situation of the sales departments, we designed a new WAN network structure through the comparative analysis approach, for solving the original WAN problems of the Northeast Securities Co. Ltd.. It increased the bandwidth of the core line by adopting new core routing equipment. Based on the new network architecture, we conducted a detailed comparison between dual-HSRP and full load balancing. The two load balancing programs had different cores of the Internet lines. Finally, we adopted the load balancing program with high stability and security, but line is slightly lower bandwidth utilization.We made planning and design to the wide-area network access of the sales departments in different regions. The sales departments of Northeast Securities were widely distributed throughout the country. We made a detailed design of WAN design and its implementation methods for actual situation of the sales departments, such as independent sales department, two or more sales departments in one city. And we also made the QOS design and its implementation methods of the sales department.For the selection of the core device in the network, we conducted a survey of the popular core router in the securities industry at first. Considering the future development of the company, we decide to select the CISCO7600 series devices as core routers and the CISCO2800 Series devices as access router for the sales department. Further more, we also introduced the foundation and implementation of WAN protocol OSPF in the company.In order to ensure exchange security of Northeast Securities, we connected redundant backup through the two companies'physical link in the whole WAN system, but also chose wireless link backup programs of the VPDN Telecom 3G. These designs improved the stability of the trading network and met the requirements of data transfer delay of the wireless network system.The planning and design of the network IP address was a very important aspect for the network planning of the company. Perfect planning program of IP address can not only reduce network load, but also laid a good foundation for future network expansion. This chapter made a unified planning according to the company's WAN access equipments. The unified naming convention of WAN access device improved the network manageability and maintainability. And it also laid a good foundation for the stable operation of company's exchange system.The division of the company's Wide Area Network IP address follows some principles: uniqueness, simplicity, continuity, expansibility, flexibility principles. Because the Wide Area Network of Northeast Securities Co., Ltd. is the inside the enterprise network, which is the Internet physical isolation, in the IP address allocation scheme controlled by the Internet address authorized agencies (IANA) uses three types of network numbers, 10.0.0.0,172.16. X.0,192.168.X.0, which are used the host computer IP address for the sales department, equipment LOOP address and address of the external introduction ,respectively.In the Wide Area Network system of Northeast Securities Co., Ltd., equipment adopt a uniform naming convention , device number is divided into five domains: (DB) - (WW) - (XX)-YYYYY-(VV), respectively means the city, sales department name, equipment type, the sequence number of the equipment with the same type.In the analysis of the original Local Area Network problems and Company's existing business of the Northeast Securities Co. Ltd., this paper designed a new architecture, improved the system efficiency, system security and stability. The specific measures are list as follow:For the internal and external network ,here we adopt firewall physical isolation for each network segment , with the firewall as the gateway approach bear trading system, online trading and the business systems of the three-network system, instead of the original adopting VLAN to divide network segment ,with three-layer switch as the gateway, and the firewall TRUNK isolation mode.The LAN is divided into transactions and main memory control system, data center, business client, support services, network management networks, extranets, online trading this seven networks, the network core equipment select CISCO 7600 series as the backbone router, connecting the transactions, business and online transactions in various regions of the firewall, and each connected region has HSRP, through witch send network segments of each region to the sales department to reach the communications between headquarters and branch.The transaction inside / outside network, online transactions, and information management within the network and other access-layer switches are replaced by cisco3750 and 2960, the distribution interfaces support Gigabit / Fast adaptive, all system servers are directly accessed to switch.There are six firewall devices selected NETSCREEN ISG1000 as the firewall between trading system, online transactions, supporting business and core network, isolating the transaction system and business system, by configuring some policy services ,allowed to other regions of the transaction access to the system, while pairs of devices to run NSRP do HA,as a broken link or a broken machine when the backup role.After years of construction, alteration, the Wide Area Network system of Northeast Securities Co., Ltd. has been basically completed, and formed the design specifications, stable operation, the domestic securities companies large WAN network, consisted of hundreds of the routers and switches, the building of Northeast Securities Network and security systems has a high level in the domestic securities industry, so this has a high reference value for the securities industry and real-time network, security, enterprises with the higher requirements.