Network infrastructure and network control center in the data center
In continuation of a series of posts about the elements of the data center today we will talk about the network infrastructure, its composition and functions. In addition, the Network Control Center (NOC) will get its share of attention, we will tell about who it consists of and what its employees do.
Attention, there is a lot of text and photos inside!
')
While the data center provides the services of providing everything necessary for the efficient operation of the infrastructure equipment, a separate structure is required to implement data transmission on the Internet, data exchange between data centers, or organization of channels. Its functions and performs the control center network, speaking, in fact, its own carrier data center. The center is engaged in the development and maintenance of the network, technical user support and quality management services. These three categories fit a lot of areas of responsibility, from designing and laying copper and optical networks, advising clients to drawing up and complying with service level agreements (SLAs).
The network control center (NOC, network operations center) "Oversan-Mercury" employs ten people, with at least one of them present in the center around the clock. It is on them that the tasks of promptly resolving all arising network problems or conflicts, responding to attacks, and fine-tuning equipment in the framework of the current situation are borne.
The NOC Manager manages both the NOC team and the portfolio of data transfer, network security and quality of service solutions. The data transmission department provides round-the-clock monitoring and technical support to the Company's customers, as well as performs the necessary actions to configure the network infrastructure and troubleshoot. The tasks of the network services development department include the creation of new services, and the optimization / improvement of existing ones, as well as the timely development of the network and the quality control of services.
NOC employs two Cisco network technology experts (CCIE), three scalable network technology professionals (CCNP), one network security professional (CCSP) and four CCNA professionals.
Employees of the network control center who are not associated with round-the-clock monitoring do not have to be directly in the data center. Access to equipment control panels can be obtained via an encrypted channel from virtually anywhere in the world. But this is an option for an emergency case, and most of the time employees are in a comfortable office a couple of hundred meters from the data center. A direct fiber-optic channel is thrown from the office to the telecommunications core of the data center, so there are no problems with connectivity.
The network infrastructure of the data center is built in accordance with the Cisco Service-Oriented Network Architecture (SONA) and has three switching levels with a dedicated core, allowing you to effectively increase both the physical topology of the existing data center and the number of data centers without degrading system performance. All communication channels are redundant, and the logical topology relies on dynamic routing and switching protocols capable of converging the network in a matter of seconds after the failure of any of the systems or communication channels.
The main switching nodes are Cisco Catalyst 6509 equipment with ADM / AGM security modules and high density Gigabit and ten Gigabit Ethernet ports. Distributed switching system dCEF allows to transmit through each switch up to 720 Gbit traffic per second. The security system is extended by Cisco ASA5580 failover clusters that can filter or pass traffic at speeds up to 10 Gbit / s and organize up to 5000 VPN connections. In addition, in the arsenal of protection there are several IPS4270 systems that prevent intrusion in real time and a MARS system (Monitoring, Analysis and Response System) that analyzes attacks and is able to identify the source of the invasion. The security system is based on a cascade principle, the essence of which is that the system is able to first remove the total malicious amount of traffic (Anti-DDOS), then select and prevent personal attacks (Firewall) and then recognize application-level attacks and access attacks (IPS) . Passive security systems do not allow attacks to develop within the network and disrupt its stability.
All network systems are duplicated in N + N mode. This means that the failure of any system will not allow the quality of network services to deteriorate. The power supply of each unit of network equipment is connected to independent power inputs through uninterruptible power supply systems.
The presence at the traffic exchange points M9 and M10 is provided by backbone fiber channels of 96 cores. At each of the points, several Internet operators are connected (RETN, Telia Sonera, Golden Telecom, Rostelecom), complementing the independence in traffic transmission. The effective bandwidth of the channels is 400 Gbit / s.
If desired, the client can receive legal guarantees and back up the responsibility of the data center with a service level agreement (SLA), which guarantees compliance with the quality parameters of each of the consumed services.
In addition to directly managing and monitoring the network, the NOC also provides some customer services. In particular, these are client technical support, operational monitoring of the client’s network, as well as the development and examination of network solutions.
Cisco Catalyst 6509 switches during installation.
One of the switch modules.
Optical and copper switching panels.
Cascade security system.
Optical switching cabinet HUBER + SUHNER LISA.
Attention, there is a lot of text and photos inside!
')
While the data center provides the services of providing everything necessary for the efficient operation of the infrastructure equipment, a separate structure is required to implement data transmission on the Internet, data exchange between data centers, or organization of channels. Its functions and performs the control center network, speaking, in fact, its own carrier data center. The center is engaged in the development and maintenance of the network, technical user support and quality management services. These three categories fit a lot of areas of responsibility, from designing and laying copper and optical networks, advising clients to drawing up and complying with service level agreements (SLAs).
The network control center (NOC, network operations center) "Oversan-Mercury" employs ten people, with at least one of them present in the center around the clock. It is on them that the tasks of promptly resolving all arising network problems or conflicts, responding to attacks, and fine-tuning equipment in the framework of the current situation are borne.
The NOC Manager manages both the NOC team and the portfolio of data transfer, network security and quality of service solutions. The data transmission department provides round-the-clock monitoring and technical support to the Company's customers, as well as performs the necessary actions to configure the network infrastructure and troubleshoot. The tasks of the network services development department include the creation of new services, and the optimization / improvement of existing ones, as well as the timely development of the network and the quality control of services.
NOC employs two Cisco network technology experts (CCIE), three scalable network technology professionals (CCNP), one network security professional (CCSP) and four CCNA professionals.
Employees of the network control center who are not associated with round-the-clock monitoring do not have to be directly in the data center. Access to equipment control panels can be obtained via an encrypted channel from virtually anywhere in the world. But this is an option for an emergency case, and most of the time employees are in a comfortable office a couple of hundred meters from the data center. A direct fiber-optic channel is thrown from the office to the telecommunications core of the data center, so there are no problems with connectivity.
The network infrastructure of the data center is built in accordance with the Cisco Service-Oriented Network Architecture (SONA) and has three switching levels with a dedicated core, allowing you to effectively increase both the physical topology of the existing data center and the number of data centers without degrading system performance. All communication channels are redundant, and the logical topology relies on dynamic routing and switching protocols capable of converging the network in a matter of seconds after the failure of any of the systems or communication channels.
The main switching nodes are Cisco Catalyst 6509 equipment with ADM / AGM security modules and high density Gigabit and ten Gigabit Ethernet ports. Distributed switching system dCEF allows to transmit through each switch up to 720 Gbit traffic per second. The security system is extended by Cisco ASA5580 failover clusters that can filter or pass traffic at speeds up to 10 Gbit / s and organize up to 5000 VPN connections. In addition, in the arsenal of protection there are several IPS4270 systems that prevent intrusion in real time and a MARS system (Monitoring, Analysis and Response System) that analyzes attacks and is able to identify the source of the invasion. The security system is based on a cascade principle, the essence of which is that the system is able to first remove the total malicious amount of traffic (Anti-DDOS), then select and prevent personal attacks (Firewall) and then recognize application-level attacks and access attacks (IPS) . Passive security systems do not allow attacks to develop within the network and disrupt its stability.
All network systems are duplicated in N + N mode. This means that the failure of any system will not allow the quality of network services to deteriorate. The power supply of each unit of network equipment is connected to independent power inputs through uninterruptible power supply systems.
The presence at the traffic exchange points M9 and M10 is provided by backbone fiber channels of 96 cores. At each of the points, several Internet operators are connected (RETN, Telia Sonera, Golden Telecom, Rostelecom), complementing the independence in traffic transmission. The effective bandwidth of the channels is 400 Gbit / s.
If desired, the client can receive legal guarantees and back up the responsibility of the data center with a service level agreement (SLA), which guarantees compliance with the quality parameters of each of the consumed services.
In addition to directly managing and monitoring the network, the NOC also provides some customer services. In particular, these are client technical support, operational monitoring of the client’s network, as well as the development and examination of network solutions.
Cisco Catalyst 6509 switches during installation.
One of the switch modules.
Optical and copper switching panels.
Cascade security system.
Optical switching cabinet HUBER + SUHNER LISA.
Source: https://habr.com/ru/post/92346/
All Articles