As an information and communication solution provider, Juwei has always been innovating around the needs of society and the public, helping public utilities and government departments in various countries to comprehensively use information technology to provide the public with more secure, reliable, timely and diverse services and guarantees. Juwei works with partners to help realize a prosperous, harmonious and innovative society based on industry-leading ICT equipment and technologies.
Needs and challenges
The municipal government affairs network belongs to the third level of the national e-government extranet. It is responsible for horizontally connecting all commissions, offices and bureaus in the city, upwardly connecting the provincial government affairs extranet, and downwardly connecting the subordinate district and county government affairs extranets. It is a vertically connected and horizontally shared network.
Those who independently build municipal-level government extranets generally belong to provinces that build government extranets at different levels across the province. Under the hierarchical construction model, general municipalities establish their own independent autonomous domains.
In order to ensure the routing efficiency, network reliability, scalability and traffic load balance of the government network, it is necessary to design routing plans that conform to different construction modes.
Routing Protocol
The internal routing of the municipal autonomous domain adopts the separation method of IGP and BGP. IGP is used to route the reachability of network devices, while BGP and MP-BGP are used to distribute user IP and VPN routes.
In order to be consistent with the protocols in the national government extranet, the intra-domain routing protocol IGP in the municipal extra-government network adopts OSPFv2; and the inter-domain routing protocol BGP at the provincial autonomous domain adopts the BGPv4 or MP-BGP protocol.
Route planning
To avoid the flapping of service routes of the user network affecting the routes of the bearer network, and to achieve clear management layers, local changes do not affect the upper-layer routing configuration and the global routing configuration. It is recommended to separate the bearer network routes and user routes during route planning.
- The bearer network routes are carried by OSPF, including internal interconnection address routes, LOOPBACK address routes, and network management center address routes.
- User routes are carried by BGP or MP-BGP, including user service address routes and data center service address routes.
- OSPF is responsible for carrying network routing and user routing on the small-scale municipal government extranet.
- IGP protocol planning
- The municipal-level e-government extranet adopts OSPF as the internal IGP routing protocol to construct the entire network routing of the municipal-level e-government extranet.
- Planning Router ID
To ensure the stability of OSPF operation in the municipal government extranet, the router ID division should be determined and manually configured during network planning. When manually configuring router IDs, ensure that the IDs of any two routers in the AS are different. It is recommended that the municipal e-government external network configure the router's ID to be the same as the IP address of the router's loopbak interface.
OSPF Area (AREA) Planning
In order to reduce the amount of data generated by the OSPF protocol, improve the operation efficiency of the OSPF protocol in the municipal government extranet, and reduce the impact of changes in the urban network topology on the entire backbone network, it is recommended to divide the municipal network into areas.
Divide the wide-area backbone network from the city to the county into the backbone area, that is, Area 0, which is the core area of the entire OSPF domain. The function of the backbone area is to distribute routing information among different non-backbone areas.
The city-level MAN is divided into an independent area, Area 1, which is connected to the backbone area. Since the district/county MAN is used as a MAN service routing area to access the municipal autonomous domain through static routes, and runs dynamic routing and static routing independently, area division is not performed within the municipal autonomous domain.
Figure 1: Municipal government extranet implementation reference map
BGP routing implementation
Since MPLS VPN is used in the government extranet to achieve business isolation between different commissions, offices and offices, and in the MPLS environment, the MP-IBGP protocol needs to be used to carry VPN-IPV4 routes. Therefore, all PE devices need to run the MP-IBGP protocol. . An iBGP relationship is established between all PEs, and the RR technology is used to reduce the number of iBGP connections. It is recommended to use the two core routers at the core layer of the city wide area as route reflectors (RR). On the ASBR device at the border of the autonomous domain, establish an eBGP connection.
Routing load balancing
When the municipal extranet is connected to the provincial extranet, in order to ensure the reliability of the link, different links (such as GE links and 155M links) of two operators are generally leased. It is recommended to use UCMP (Unequal Link Load Balancing) on the access router to distribute the traffic proportionally according to the link layer bandwidth, so that the bandwidth of each link can be fully utilized.
National Public App Routing Points to Settings
The National External Network Management Center applied for 64 Class B IP addresses (59.192.0.0/10) from CNNIC for the planning and construction of the national e-government external network IP addresses. Among them, the central government extranet uses a class B IP address of 59.252.0.0/16 for the Internet public IP.
In order to ensure that municipal government extranet users can correctly access the Internet IP address resources and national public IP address resources of the central government extranet, for nodes with dual exits (accessing the government extranet and the Internet at the same time), two border routers must be configured on the border router. There are two routes, a coarse route (59.192.0.0/10) points to the egress of the government affairs extranet, and a fine route (59.252.0.0/16) points to the Internet egress.
Program Highlights
Meet the characteristics of the government-level management system and make full use of the leased link bandwidth to balance the link traffic load. Routing efficiency, high reliability, and strong scalability make full use of the internal bandwidth of the external network for central Internet government affairs applications, which is more efficient.