Public security network construction program
Preface
 
The rapid development of information technology to information technology security systems to continuously improve the application requirements, how to build a set up a high-performance IP-based, secure, intelligent data, voice and video triple play network has become a public security system for communications network requirements The trend of the times.
 
Construction requirements
National public security ministries of two, three, four clear network requirements, it is necessary to follow the Golden Shield, gold, gold seized engineering design program, we should insist technologically advanced and practical, of open interconnection standards and the future direction of technology development, network safe, reliable, easy-to-manage, with the expansion of capacity, taking into account the protection of the principle of the existing capital investment, so that two, three-tier network towards IP-based data, voice, video, network integration direction.
1, network topology
According to the actual situation in the provinces, two star-Net can be used, stars add ring network topology. Star-shaped network structure is simple, low-cost construction, easy maintenance, but poor reliability; stars add ring network can be solved, such as ministries and agencies a single point of failure problem, but the construction and operation costs are relatively high.
 
2, the provincial public security recommendations of the three-tier network using star topology
Municipalities and some of the better large-scale city construction of public security network with fiber optics as the backbone of the network; the three other most of the Nets can make full use of current resources in all metropolitan cities. In order to improve network security and operational service quality, public security network in the municipality building, attention should be given the use of routers and switches混合组网.
 
3, bandwidth planning
Taking into account the needs of network operations and future development of the ministries and agencies all over the city line, in principle, lower than the bandwidth of 4 × 2M b / s; county line to downtown and not, in principle, lower than the bandwidth of 2M b / s. Bearer network should select the current SDH lines.
Net secondary lines should give full consideration to the physical backup, consideration should be given the choice of a number of different physical routing line operators in order to ensure the reliability of the secondary network.
 
4, routing strategy
Net and Net secondary level, as well as between two and three-Net Net static routing between all the way through the mutual isolation between all levels of the network to exchange routing information in order to reduce the lower-level change on the backbone network impact.
Net 2 recommend the use of the routing protocol OSPF. Has been used for EIGRP dynamic routing protocol and other provinces, can be replaced to maintain the status quo or OSPF. The three-tier network routing protocol can be used static routing or OSPF, RIP2 and other dynamic routing protocol.
 
5, IP Address Planning
IP address planning should follow the following principles:
Adapt to network topology hierarchy, in the effective use of address space at the same time, to ensure network scalability, flexibility and levels.
Polymerization to facilitate routing to shorten the length of routing tables.
Network address should be easy to manage.
Try to save IP address.
Net secondary and tertiary network design must strictly follow the ministries about the management of IP address of IP address allocation and management, and ICT报上一级approval of the record department to ensure that the IP address and can only scalability.
 
6, local area network design
In accordance with the level and scale of the local area network, local area network can be divided into the provincial authorities, cities (counties) as well as grass-roots network Bureau Branch, the LAN team.
Local area network using structured cabling systems, and divided into VLAN, network isolation.
 
7, the network access units
Units permit the use of a variety of access: SDH way line figure, DDN / FR and other green methods, fiber mode Ethernet, PSTN / ISDN mode, wireless mode, satellite mode, xDSL, Cable Modem, etc.. In line with the "Golden Shield Project" "The law works," "The seized works" security and manageability requirements of the premise, according to the local operators to provide access services and charges, the flexibility to access program selection and ICT报上一级approval.
 
8, the industry's access to public security
Public access into the industry a unified access and nearby access to two kinds of models.
Various sectors of public security information required and the Ministry of Public Security Bureau in full consultation to decide what kind of access.
 
9, with other computer network interconnection
Network and other public security department of the computer network connection in general can be divided into two categories: political and legal department and other network; with other computer network society (such as hotels, social security, Medicare) connection.
Interconnection with other networks through appropriate security mechanisms (such as the demilitarized zone set up, physical isolation systems, etc.) to ensure network security. Connect each报上一级ICT department should be approved.
 
10, network reliability
Two public security, the three-tier network backup lines and equipment can be a backup way to improve network reliability. At the discretion of the province set up a disaster backup center to enhance the security of information networks.
 
11, equipment selection
Selected node equipment at all levels should follow the following basic principles: the network to meet business needs at all levels, with a unified network of technical route, with good scalability, the country follow the relevant international standards, better compatibility with high cost performance .