E-government three-dimensional network construction plan

With the development of the informationization process, the global economic integration has been accelerating, and the development of the knowledge economy has been remarkable. Information technology makes the speed of corporate action faster and faster. The government's function is to provide a good competitive environment and service system for enterprises to facilitate the lives of the people. The construction of "e-government" has become one of the prominent signs of the new round of public administration management reform and the measurement of national competitiveness.

Faced with the tide of informationization, the Heilongjiang provincial government has keenly observed that opportunities and challenges coexist in the transition period between traditional economy and new economy. Competition is largely concentrated on the government's management functions and efficiency; it is imperative for the government to change its management functions, change its working methods, and quickly establish an administrative system that is efficient and coordinated. To this end, the Heilongjiang Provincial Government has clearly proposed the development strategy of "informatization of government affairs as an entry point and breakthrough point for promoting national economy and social informationization." The construction of the Internet platform is part of a city's infrastructure construction.

The Heilongjiang provincial government believes that the structure, function and operation of the government information network must conform to the organizational form, work functions and working methods of the provincial government. It is required that the provincial government information network is a high-speed broadband network platform to meet the needs of different applications such as multimedia information; security and confidentiality are the core of government information construction, and it is necessary to establish a security screen barrier both mentally and technically; Government agencies' office operations and support for scientific decision-making needs; choose the right partners, learn from the advanced experience of large-scale network construction at home and abroad, and ensure that the network has good forward-looking and sustainable development.

Three-dimensional government information network model in Heilongjiang Province

The government information network of Heilongjiang Province needs to establish a three-level vertical network of provinces, prefectures and counties for 67 bureaus in the province to meet the internal networking needs of the direct units of the provinces. At the same time, it is the province, 13 districts, and 66 county-level governments. The department establishes a horizontal network to meet the needs of resource sharing among various government departments. Its logical structure is a complex "grid" three-dimensional architecture. As shown on the right.

For each independent government department node, it has information interaction between horizontal departments and vertical network information interaction.

The government and its affiliated units have relatively independent independence and strong correlations. Vertically, users in each government department can access the corresponding resources of the vertical network; horizontally, only some authorized users at all levels of government can access horizontal network resources. The data access relationships are shown in the following table:

Access source access destination vpn traffic results
a vertical network internal host a vertical network internal host is the same ok
a vertical network internal host a vertical network internal authorized horizontal network access host the same ok
a vertical network internal authorized horizontal network access host a vertical network internal host the same ok
a vertical network internal authorized horizontal network access host a vertical network internal authorized horizontal network access host the same ok
a vertical network internal host b vertical network internal host different
a vertical network internal host b vertical network internal authorized horizontal network access host different no
a vertical network internal authorized horizontal network access host b vertical network internal host different no
a vertical network internal authorized horizontal network access host b vertical network internal authorized horizontal network access host different no
b vertical network internal authorized horizontal network access host a vertical network internal authorized horizontal network access host different no
a/b vertical network internal host horizontal network host different no
The horizontal host a/b vertical network internal host is different
A/b vertical network internal authorized horizontal network access host horizontal network host different ok
The horizontal network host a/b vertical network internal authorized horizontal network access host different ok

Facing the three-dimensional structure of the Heilongjiang government affairs information network, the intricate access relationship and a wide variety of business applications. How to establish a dedicated and public network platform to realize the interaction of vertical and horizontal networks, so that each government department only needs to build a regional network and use a communication line to realize all communication needs in vertical and horizontal directions. ?

At present, the network of most government departments and enterprises is based on frame relay or ATM network. Each virtual network node is connected through a virtual circuit, and a star, tree or semi-mesh topology is generally adopted. For the three-dimensional cross-topology network of the Heilongjiang government information network, if you want to achieve the best route in this mode, any-to-any mesh structure, which means that the entire network needs n*/2 vc. The dramatic increase in the number of vcs will further increase the complexity of the network and routing, which makes any changes to the network nodes cause great pain to the government and operators. At the same time, correctly setting vc requires understanding end-to-end business information, which makes traffic engineering more difficult. Simply put, this model does not have the good scalability and flexibility to adapt to the large topology of the Heilongjiang government information system.

Cisco mpls vpn to create a three-dimensional government information network

The Cisco mpls-vpn technology builds 68 virtual private networks for 67 offices and horizontal government networks on a single infrastructure. The logical structure is shown on the right.

A router is deployed in the province, 13 cities, and 66 counties to form the backbone of the mpls network. Each unit is configured with a router that is connected to the local mpls network backbone node through the Ethernet metropolitan area network.

As shown on the right, standard ip forwarding is used between the pe and ce routers. Through routing protocols, pe can understand the network topology of each VPN, simplify the routing between ce, and easily realize any-to-any packet forwarding in the VPN. The flexibility of the government network may adjust and add VPN at any time. Very adaptable.

The vpn internal any-to-any route will also allocate the best forwarding path for the packet, maximizing the optimal traffic. Since the pe and the local ce are connected through the Ethernet network, the reasonable vlan design also has the ability to further optimize the local horizontal network traffic.

Simply put, mpls-vpn satisfies the wide-ranging needs of the Heilongjiang government information network for flexible mobility and any-to-any connectivity.

Comparable to the safety of the special line

Separation of address space - The mpls core uses the "vpn-ipv4 address" route. By adding a route identifier to the ipv4 route, it is ensured that the unique address in the vpn is also unique in the mpls core. Therefore, each government department's vertical network has the flexibility to maintain its own addressing scheme and the freedom to use public or private address space.

Not only are they independent of each other, but also independent of the global routing table. Even if the vertical networks of two government departments use the same address space, they are completely isolated from each other.

Core Hidden - The interface that connects to the vpn inside mpls is bgp, there is no need to disclose any information about the core to the user, even for each government unit's ce router. If a dynamic routing protocol is used between pe and ce, the only information that ce knows is the address of the pe router. If this information is not needed, you can configure a static route between pe and ce to completely hide the mpls core, just as we are in the Heilongjiang government. Made in the information network.

As shown on the right, when using the trace tool, the mpls cloud does not display hops when it is output.

In summary

In summary, it is impossible to invade another vpn or core from one vpn, which makes mpls-vpn even exceed all security features based on frame relay or atm.

Cisco ios builds end-to-end qos

Due to the application of government information network services and the rich and diverse nature of data, network data traffic bursts are inevitable. The network must have good congestion control capabilities and processing capabilities for different data streams for leaders and governments at all levels. The department provides high quality services.

The Cisco ios enhanced qos feature provides the device with the intelligence to handle business by priority. In the Heilongjiang government information network, all devices use cisco unified ios operating system, so qos is not only a simple device feature, but the entire network end-to-end architecture - network administrators can completely Control network bandwidth allocation, latency, jitter, packet drop, and more.

By assigning a set of tags to the corresponding service level, the mpls core significantly reduces the processing power of the qos and enables the network to achieve better performance. Improve efficiency without losing functionality.

In addition, cisco mpls provides an advanced set of traffic management mechanisms - resource reservation routing. Managers can explicitly configure routing, transport selected services along specific paths, and perform congestion control and load balancing.

Limited investment creates unlimited benefits

The Heilongjiang Government Information Network has created a precedent in the construction of inter-provincial government e-government with its "unified overall network structure, unified information interaction mode and unified information resources organization system". It is currently the largest and most technologically advanced government information in China. One of the networks. After the completion of the project, a government-dedicated broadband network system will be formed with the provincial government as the hub, the upper party and government organs and the provinces, the lower party, county and township party and government organs, and the horizontally connected units directly under the province. Realize the province's government information system with "three networks and one library" as the basic structure. Formed the prototype of the province's e-government. Realize the comprehensive utilization and sharing of government information resources in the province. Achieve the goal of improving management and service levels, enhancing competitiveness and paying attention to economic and social benefits.

With the construction of electronic information resources library becoming more and more complete, Heilongjiang Province government information network will play an increasingly important role in the process of promoting informationization in Heilongjiang Province, and make great contributions to the political and economic development of the province.