Accelerated Routing Strategy of Application Service in the Multi-addressing Mode of College Campus Network

According to the situation that the multi-addressing universally exists in present domestic college campus network, taking the network of Henan University of Technology as the model, we put forward the accelerated routing strategy of campus application service interview under the conditions of multi-campus, multi-network supplier and multi-addressing.


Introduction
The construction of new school area and the combination of multiple school areas have been the multiple-school areas schooling mode universally adopted by various colleges, and the network construction of multiple school areas is implementing subsequently.Because of further extension and complexity of network size under the mode of multiple school areas, the information points increase quickly and the network flux multiples.And the interlink speed between CERNET and public net is the problem which should be solved for a long time, so the single network address only depending on CERNET becomes into the main bottleneck to limit the campus network flux.Therefore, when we construct the new school area for domestic colleges, we should introduce the support of the third party network except for CERNET such as CNC or Telecom.In the network environment with multiple school areas and multi-addressing, the former application service interview mode with single address has been broken, many colleges adopted different methods such as multiple domain, multiple service images and multiple chains DNS analysis to realize the application service utilization with higher speed and higher efficiency in the complex environment.Taking the network of Henan University of Technology as the model, we put forward a sort of simple and highly efficient application service routing interlink method based on generalized routing concept, which would further enhance the interview speed of application system, strengthen the security of application system, and optimize the network structure.

Description of network structure
Actual network structures of various colleges may be different, and the actual application mainly includes address position, bandwidth and the interview rationality of application service.The network structure based on multiple school areas and multi-addressing is seen in Figure 1.
Many school areas are interlinked by kilomega fibers.The addressing of old school area is the address of CERNET, and it is connected with CERNET through firewall.The new school area is linked with CNC by the router.The DNS address of old school area and the application service address of new school area are addresses identified by CERNET, and some addresses are unchangeable.Because the interview objects include campus network, CERNET and Telecom network, so the speed that users interview the application service in the school can be found directly by OSPF and be not influenced by the router.The problem we should solve is to try to let CNC users and CERNET users rapidly interview application service.Simple service offering only depending on the address of CERNET or CNC would limit the interview speed of another part of interview objects.

Concrete implementation strategy
To further save sources of software and hardware, the implementation method of concrete routing strategy is implemented based on following conditions such as the application service doesn't apply for multiple domains, the service image of hardware is not offered to the application service, the CNC IP addresses in the new school area are limited, so the application server is used to offer services through private network address.

Establishment of multi-link DNS service
Multiple chains DNS service is also called intelligent DNS service which is mainly used to distinguish the network types of interview users such as CERNET or Telecom network, and offer different IP analysis to same one domain according to user network type.There are many construction methods for the service and there are many products with mature hardware in the society.The intelligent DNS software used in the article is developed by us.Whether for hardware or for software, the service is mainly to distinguish different network types, and the network IP address segment with different types could be found in CERNET and Telecom and kept updating at any time.The explanation of intelligent analysis taking WEB service as the example is seen in Figure 2.
In the Figure 2, the networks with different types are distinguished strictly, and the interior network IP address is used for campus network users.From Figure 1, the addresses in the article only include CNC address, but for colleges with Telecom address, they can fill in the address of Telecom such as the address in Figure 2. The construction of concrete intelligent DNS also includes many contents.

Routing collocation
The routing collocation mainly aims at the operation of the router in the new school area of Figure 1, and it mainly solves the interview of public network (non-CERNET) to application service.The CNC addressing router of Henan University of Technology is the NE40 ten thousands high end router made by Huawei Company, and the address pool for exterior NAT conversion is 123.15.55.1/29.As seen in Figure 1, the routing conversion principle taking WEB service as the example is to take an effective address such as 123.15.55.10 to be the conversion address of users' interview.When interview users acquire effective CNC address through intelligent DNS analysis, the router NE40 convert the effective address in the address pool into the private network address such as 172.18.22.11 of WEB server through NAT conversion from exterior to interior.The concrete implementation process includes following approaches.
(1) Establishing the address pool nat address-group cncmain 123.15.55.8 123.15.55.16 mask 255.255.255.240The reversing NAT is the core approach for routing conversion, and the port 80 is the service port from reverse conversion to application service, and we can add necessary service ports according to actual application when implementing above approaches, i.e. above orders can be repeated.
For the college with Telecom address, we can add the address of Telecom according to above setups, but the WEB server should be required to collocate double network card and double private network address, and we can take out an effective address in the address pool as the conversion address and point to another private network address.For campus users who interview application service, we can point to any one private network address.

Port image of firewall
In 3.2, we solve the problem of non-CERNET network interview application service.Because some special addresses of application system in the interior of CERNET must be used after enrollment on CERNET, so the address that CERNET interviews WEB service is fixed CERNET addresses such as DNS or WEB, and the intelligent DNS must be required to return an effective CERNET address such as 202.196.110.3.The concrete implementation is actualized through the port image of firewall.
(1) Bidirectional conversion between CERNET address with private network address on the firewall 202.196.110.3 172.18.22.11(2) Setting up interview control on the firewall, and opening the interview limitation of any address to the private network address 172.18.22.11Because present anti-firewalls have status supervision system with the character of anti-attack, so the interview user after conversion should be ensured to obtain correct answer of private network address, which is very important.The effective IP 202.196.110.3 of CERNET is only taken as a dummy address actually, and it is only used in address conversion, and the address is analyzed through intelligent DNS analysis.The answer routing should be appointed on the router through this approach, for example, rule-map intervlan test ip any 202.196.110.3 0.0.0.0 flow-action to111 redirect ip 202.196.111.1 GigabitEthernet2/0/0 Where, the address of 202.196.111.1 is the port address of router and firewall on the firewall.
The port image is the special function of firewall, and it can be converted correspondingly according to actual situation in the process of implementation.

Conclusions
We solve the problem of application service interview speedup for users coming from different network types under the conditions of multiple school area, multiple network supplier and multi-addressing, and convert the address of application service to the private network address through NAT and port image, which further ensures the security and stability of application service and strengthen the anti-attack ability of application server.The strategy is being applied in the campus network of Henan University of Technology, and we achieve anticipated effect from the views of speed and security through half years' observation.But under the condition that the network structures are largely different, the routing strategy may not be the optimal choice, so we only put forward the method to offer references for further researches.

Figure 1 .
Figure 1.Network Structure Based on Multi-campus and Multi-addressing