Design principles of 1 network
Standardization and scalability
The architecture design of the billing platform strictly follows international standards, and the standardized architecture of technology and products facilitates the continuous upgrading of equipment in the later period.
reality
Design the network according to the current demand and foreseeable demand growth, and avoid the huge cost of pursuing high-grade and unnecessary technology.
high reliability
The charging gateway equipment of DRCOM2 133 works stably, which can run continuously for more than two years, and can also ensure the normal operation of the network when the background database temporarily stops working.
Adaptability of network services
Adapt to the needs of multi-service development, provide flexible and diverse charging strategies, and provide a high-quality data service operation platform according to the specific needs of users.
Easy to manage and maintain
The billing platform has a good man-machine dialogue interface, detailed classification, simple setup, and an equipment operation monitoring interface, which is convenient for network administrators to manage, monitor and maintain.
Network security
The billing platform has strict access control mechanism, which can effectively control illegal visitors to access external resources through the network; At the same time, the database is isolated through the network to ensure the security of the billing database.
Openness of network routing protocol
DRCOM billing platform has good scalability, low network overhead, and supports international standard protocols to ensure interoperability between different devices.
2 Dr.COM 2033 NETC scope of application
Campus network; Wireless city; Internal network of government agencies; A large number of large and medium-sized enterprises and commercial institutions, computer training centers, Internet cafes and other workstations with high management requirements.
3 Dr.COM 2033 NETC network topology
Dr.COM 2033 NETC supports gateway mode and bypass monitoring mode:
3.12033 main product functions of netc
3. 1. 1 User-based network access management
Network access can be managed more accurately based on users instead of IP and Mac network parameters, and can be based on users:
management strategy
Target IP access control?
Target port control-effectively eliminating instant messaging function?
Source port control?
Bandwidth control?
Website filtering?
Source address control?
Data collection based on user level?
Time access control?
Traffic access control
Session number limit
3. 1.2 network virus isolation based on prevention (netc version)
Unique patent intelligent isolation of network connection
Terminals that can intelligently judge illegal identities access the network and actively isolate them to prevent them from accessing other legal terminals in the network;
Anti-virus terminal connection monitoring isolation
Intelligent real-time interception technology can effectively capture the terminals connected with viruses in the network and isolate the connections of other terminals in the network.
3. 1.3 application-based network monitoring means (netc version 2.0)
Monitoring strategy
Monitor the real-time status of the network, such as: export traffic monitoring, user online monitoring, you can see the user's current traffic, access time, IP address used.
Mail monitoring
Monitor and record the message body and attachments of incoming/outgoing messages.
Chat monitoring/control
Be able to monitor MSN, QQ, Yahoo and other instant chat tools in the intranet.
Internet monitoring/control
It can monitor the web address of the website, the publication of articles or application services on the web page, and there are various filter libraries;
statistics
The function of statistical query software is to query and summarize database data, generate various reports, charts, data analysis, usage analysis and printing. It is connected with the background database through the network management port of Dr.COM NETC gateway, and the network management port will collect the user's access records in real time and send them to the background. The accessed data are all based on the user's access time, time period, website visited, target address, source IP used, account number and so on.
Dr.COM Netcom MAN network monitoring software is developed based on SQL and Oracle database, which can handle massive data and use the latest data warehouse for deeper data mining.
Dr.COM 213B-RAS broadband remote access server is a server for authorizing, verifying, managing and accounting users accessing the Internet in the local network. It is also an IP router with three switched Ethernet ports and a firewall based on packet filtering. Provide ISP operation management software and database interface such as network management software, statistical software, operator software and monitoring software.
3.2 Features and functions of 2033 NETC products
User management function
The multi-level grouping management function of users with inheritance and combination characteristics can support up to 500,000 internal account management and a larger distributed network; Set an account and password for the user; The group manages the internal user account settings, which can be combined as date, usage period, usage period, filter table, designated ISP and Internet application; Can display the status of users and lines in real time.
network management functions
Built-in TCP/IP dynamic address assignment function (DHCP); Automatic wire control, automatic dial-up connection and disconnection according to network conditions, without manual control; Provide user login records and website access records; Bandwidth setting function, which can set communication bandwidth according to different TCP/IP ports; Limit the number of client TCP/IP connections.
Network security function
The application of NAT technology completely isolates the intranet from the Internet, so that internal users can access external users of the local area network, while external users cannot access internal users, which ensures the security of the intranet while allowing intranet users to enjoy the Internet. Support PAP and CHAP checks; Support account binding IP function; Detailed website visit records; Account number, login IP address and access IP address can be tracked and monitored for a long time; The use of a single user can be forcibly interrupted.
Anti-proxy function
Many manufacturers are looking for solutions, but in principle, only urban hotspots can fully realize anti-proxy and anti-private access. The gateway with anti-proxy and anti-private connection can cooperate with the client to realize the following functions:
1, to prevent proxy server based on proxy;
2. Prevent the proxy server based on Nat;
3. Prevent private connections by modifying IP and Mac addresses.
Radius caching function
With the standardized understanding of Radius protocol by existing manufacturers and the supplement of Radius extended attributes, the functions of Radius protocol are more and more comprehensive, and urban hotspots creatively put forward Radius cache function. Even if the Radius server crashes, the previously authenticated user information will remain in the Radius cache, so it will not affect the normal authentication of users, and fully make up for the serious consequences of being unable to authenticate due to the unstable factors of the Radius server.
802. 1X fully supports it.
At present, most manufacturers' support for the 802. 1X protocol is limited to authentication, and they do not support the management and billing of 802.1x. After long-term efforts, urban hotspots finally fully support 802. 1X, and combine the 802. 1X switch and RADIUS function to truly realize the AAA authentication of 802.1x. On the basis of 802. 1X protocol, the flexible charging of urban hotspots is brought into play, which is convenient for management and control. The full support of 802. 1X protocol provides a good choice for operators in operation mode and authentication mode.