How do you protect the corporate network?
There are several methods for countermeasures for corporate networks.Among them, the center is "redundant", which makes a double or triple configuration when a disability occurs.The method of redundant depends on the target, and if it is a core switch (layer 3 switch), the device is duplicated, the line connecting the device is multi -durated, and the floor switch (layer 2 switch) is the part.The method is to make a network poloji (network configuration) a ring configuration (Fig. 1).
Figure 1 How to redundant of the basic network
In addition, there are two main methods for redundancy of network devices (Fig. 2).One is a method of redundating parts (power supply, fans, interfaces, CPUs, etc.) in the device so that the operation can be continued even if a disability occurs.It is a function equipped with a large chassis type switch and some box -type switches.
Figure 2 Redundant network devices
Another method is to stop the device (operator) and switch to another device (spare aircraft) when a failure occurs.This method is further divided into hot standby and cold standby.Hot standby is a method of connecting spare aircraft to the network while operating and switching in the event of an operation machine failure.It is a function that has been implemented by Cisco Systems products, but is now standardized as "VRRP (RFC3768)".In addition to the preparation of the spare aircraft, a network to connect the spare aircraft is also required, which takes a lot of cost and initial settings.
On the other hand, cold standby is a method of turning on the spare aircraft and putting it into a network when an operational machine occurs.You only need to prepare a spare machine, so you can reduce the cost, and you don't need knowledge like VRRP.However, the downtime is basically long because it is basically switched manually.If you go down like a core switch, the entire corporate network will stop, so you should choose a redundation of parts or hot standby.
Redundant core switches with VRRP
VRRP is an abbreviation of "Virtual Router Redundance Protocol", and is a method of creating a virtual router (Layer 3 switch) by combining an operating machine (mastera) and a spare router (backup router) (Fig. 3).IP addresses are assigned to the virtual router, and this IP address is set as the default gateway for the subordinate PCs.Normally, this IP address is performed by the mastera, and the PC communicates with the mastera.In the unlikely event that the mastera goes down due to disability, the backup router is automatically effective.Even if it switches to a backup router, the default gateway MAC address and IP address are the same.Therefore, the subordinate PC etc. can continue communication without changing the settings.
Fig. 3 Layer 3 VRRP to redundant switches
Use the "Advertisement" to detect the mastala failure.This is a notification that the mastera sends it to the backup router regularly, so to speak, "the mastera is working normally."When VRRP ads are not reached, the backup router determines that the mastera has been down and starts operating.
In the basic configuration of VRRP, the layer 3 switch, which is the backup router, is not usually used.Therefore, instead of waiting for the backup router, create two virtual routers, router 1 in the virtual router A master, router 2 for backup, router 2 in the virtual router B master 2, and router 1 for backup.There is a method to assign.By doing so, the load is usually distributed in two routers, and if one failure occurs, the remaining one can be operated.
(Next page, following "Multiply the line")
