1、 Common network exit models
(1) Single outlet design. In the construction and deployment of campus network exports, many enterprises adopt the single export design. The single outlet design mainly includes two design models: single equipment single outlet and multi equipment single outlet. The export device mainly adopts the router and firewall, and the application model of single device and single outlet. This model is the simplest application model. The deployment and implementation of its export functions are relatively simple, whether the router or firewall is used, or whether the Netcom outlet or the telecommunications outlet is used, You only need to enable the following main functions on the router or firewall: ① enable static routing to the intranet and default routing to the internet; ② Enable the NAT function. On the one hand, enable the PAT function so that intranet users can access the Internet, and on the other hand, enable the static NAT or NAT port mapping function to realize external server publishing: ③ If the fire end is used, the DMZ area can be deployed to realize external server publishing; ④ enable the router ACL or firewall overflow rules to achieve security access control of key data
(2) Multi outlet design. Website construction In the construction and deployment of campus network exits, there are many cases where there is not only one exit line, but also two or more exits to meet the access of different network resources, speed based bandwidth considerations, redundant backup of lines, etc. The multi outlet design also includes two design models: single device multi outlet Cl and multi device multi outlet. When two Internet lines are deployed at the campus network outlet, in most cases, two different access operators are selected for the following purposes: ① Access to different network resources and go to different operators, So as to speed up the access to resources: for example, access to Netcom's servers and information resources through Netcom's lines. Access to other resources through telecommunications lines; ② When the Internet flow is large, if there is only one line at the exit, it is likely to cause congestion and bottlenecks in the exit access, so the two lines will share the Internet traffic and speed up the access to resources; ③ When one of the lines fails (there are many reasons for failure), the other line can immediately accept all outlet traffic, thus realizing automatic redundant backup of the line. 2、 Network address translation
(1) What is NAT technology. NAT (Network Address Translator) is a technology used to establish a corresponding relationship between a private address domain (internal LAN or Intranet) and another address domain (such as the Internet). It enables a private network to connect to the outside world through an Internet registered IP address, so that a host in a network with a private address appears on the Internet with a legal address, The NA7 router located on the outside network boundary of the Inside network is responsible for translating the internal private IP address into the external legal IP address before sending data packets.
(2) There are three ways to implement NAT. Namely, static conversion StaticNat, dynamic conversion Dynamic Nat and port multiplexing Overload. ① Static conversion refers to the conversion of the private IP address of the internal network to the public IP address. The IP address pair is one-to-one and unchanging. A private IP address is only converted to a public IP address. With the help of static transformation, the external network can access certain specific devices (such as servers) in the internal network. ② Dynamic conversion means that when the private IF address of the internal network is converted to a public IP address, the IP address pair is uncertain, but random. All private IP addresses authorized to access the Internet can be converted to any specified legal IP address along with. In other words, as long as you specify which internal addresses can be converted and which legal addresses can be used as external addresses, you can perform dynamic conversion. Dynamic transformation can use multiple legal external address sets. When the legitimate IP address provided by the ISP is slightly less than the number of computers inside the network. Dynamic conversion can be adopted. ③ Port multiplexing refers to port conversion by changing the source port well of outgoing data packets, that is, port address translation (PAT), which uses port multiplexing. All hosts in the internal network can share a legal external 1P address to access Intern, which can save IP address resources to the maximum extent. At the same time, all hosts in the network can be hidden to effectively avoid attacks from the Internet. Therefore, port multiplexing is the most widely used method in the network at present.
