TP ON VIN THNG QUN I CNG TY VIN THNG VIETTEL

XUT GII PHP:

MNG WAN CHO BO HIM X HI VIT NAM

H NI 12/2011

I. QUAN IM THIT K Gii php k thut uc xy dng da trn cc yu t sau: Chi ph: Vn v chi ph l mt vn phi c coi trng khi xy dng bt k mt h thng thng tin no. Chi ph ca mt h thng mng c tnh da trn nhiu phng din: Chi ph ban u l nhng chi ph cho vic ci t, chi ph u t thit b Chi ph nh k cho vic bo dng v duy tr h thng thng tin. Chi ph nng cp thit b khi mt thit b qu c m chi ph cho vic sa cha ln hn vic thay mi. Nh vy, vn chi ph l phi tit kim v mi mt ng thi vn m bo p ng c cht lng dch v cng nh tnh n nh ca h thng mng. Cng ngh: H thng mng ng truyn kt ni phi p ng c cc i hi v cc loi dch v CoS (Class of Services) v cht lng dch v QoS (Quality of Services), h tr v d dng pht trin ln a dch v. H thng phi c thit k v xy dng trn cc cng ngh tin tin trn th gii trong lnh vc cng ngh thng tin. An ton truyn thng: m bo truyn thng v an ton d liu. C c ch m bo, d phng s c cho h thng thng tin nh: d phng thit b truyn thng, d phng ng truyn m bo d liu trn ng truyn khng b r r hoc thay i v ni dung thng tin truyn. Tnh tng thch: H thng phi c tnh tng thch cao, cho php chy c tt c cc phn mm thng dng, cc loi dch vu khc nhau (Data, Video, Voice) cho php ni ghp vi cc mng khc trong h thng cng nh kt ni ra quc t khi c nhu cu. H thng phi c tnh k tha t nhng h thng c ang tn ti, m bo khi nng cp v m rng vn c th s dng c nhng thit b hin ti nh thit b mng, my tnh, cc chng trnh iu khin mng. C tnh m c th tch hp vi c s h tng trong tng lai. Trong tng lai, khi cn m rng kt ni mng hay nng cp s khng cn thay i cu trc m ch cn thm cc thit b kt ni vo h thng mng sn c ca phng my. Qun tr h thng:

 D dng qun tr l mt trong nhng yu cu c bn i vi thit k h thng mng thng tin do c nh hng quyt nh ti vic gim st cng nh vn hnh ton b h thng mng. Qun tr mng bng cc phn mm s dng nhiu giao thc qun tr mng tin tin cho php ngi qun l mng theo di ton b hot ng ca mng theo thi gian thc, ca cc thit b v ngi dng trn ton mng. H thng qun tr mng phi m bo d dng pht hin li trn mng, lu v khi phc c cu hnh mng d dng. Kh nng phn lp li: H thng cn c thit k sao cho d dng phn tch cng nh pht hin li khi c s c v s c ti mt im s ch nh hng ti cc im kt ni c lin quan v khng nh hng ti hot ng ca ton b mng. m bo thi gian s dng h tng lu di, mt ln v khng phi thay th nng cp trong vng t 3 n 5 nm, thit k phi da trn cng ngh tin tin, khng lc hu, p ng c cc yu cu s dng ca mng trong thi gian nu trn. Tnh mm do Cho php d dng thay i kin trc kt ni, m hnh kt ni mng m khng phi u t, b sung hoc thay th thit b. Cc chun thit b u cui c kh nng nng cp, lp t thm tng tnh p ng. T phn tch hin trng kt ni mng v yu cu ca Trung tm Thng tin Bo Him X Hi Vit Nam (TTTT BHXHVN), Cng ty Vin thng Viettel xin gi ti TT BHXHVN phng n xut kt ni nhm ti u v p ng nhng yu cu m pha Trung tm t ra. II. XUT GII PHP XUT S DNG GII PHP MPLS L2VPN CHO KT NI NI B V KNH TRUYN FTTH CHO KT NI INTERNET. M t dch v: L dch v cung cp cc tuyn kt ni kt ni cc im vi nhau nhm trao i thng tin, d liu . . . thng qua cng Ethernet ca mng Metro Ethernet da trn cng ngh IP/MPLS-Cng ngh ang c s dng ph bin nht hin nay v trn cp si quang, tng ng nh mt mng ring xt trn phng din cht lng, an ton, n nh v kh nng kim sot. Cc im kt ni thng nhau Layer2 trong m hnh OSI. Vi h tng Metro rng khp, ph u trn 63 tnh/thnh ph l sc mnh gip Viettel cung cp dch v truyn s liu vt tri v cht lng so vi cc nh cung cp khc. Topo mng:

 Kt ni im a im (Point to Multipoint)
M HNH KT NI MPLS L2VPN & INTERNET CHO TRUNG TM THNG TIN BO HIM X HI
Rout er

Huyn Nhm 1

Cp quang

MPLS L2VPN

SL /FT TH

Rout er MPLS L2VPN Cp quang

INTERNET MPLS VIETTEL NETWORK

MPLS L2VPN Cp quang

Rout er

AD

Huyn Nhm 2

TH L/FT ADS

Tnh

MPLS L2VPN C qu p Rout an g er

TH L/FT ADS
AD SL /FT TH

ADSL/FTTH

Huyn Nhm 3

INTERNET

Huyn Nhm 4

Hnh 1: M hnh kt ni tng th MPLS L2VPN Thuyt minh Vi dch v MPLS L2VPN, Mng MPLS ca Viettel s tr thnh 1 thit b Switch o i vi TT BHXHVN. Cc im ti Tnh, Huyn s thng Layer 2 vi nhau tng ng vi vic cm chung vo 1 thit b Switch. Viettel s cung cp giao din Fast Ethernet cho khch hng thng qua b chuyn i quang in (Media Converter). Cc im Tnh, Huyn s c ko quang v thit b SiteRouter ca Viettel. Cc Router ti cc im kt ni cn quy hoch IP u ni thuc cng mt Subnet c th nh tuyn vi nhau. u im: Phm vi cung cp: Ton quc. Chi ph thp do ch to kt ni o. Tt c cc im c th kt ni trc tip vi nhau vi ch mt kt ni vt l duy nht ti mi a im.

 Tnh bo mt cao: kt ni gia cc im c m ha, gn nhn v thit lp ng hm (tunnel) ring trn h thng mng li ca Viettel. linh hot: D dng m rng m hnh, tng thm im kt ni, tng bng thng, tc trong thi gian s dng m khng cn phi thay i m hnh hay kin trc mng. Thit b: B chuyn i quang in Viettel cung cp, Router hoc SWL3 TT BHXHVN u t. Chi ph: Vi dch v MPLS L2VPN, ngoi ph lp t ban u, khch hng ch cn tr mt khon ph c nh hng thng s dng dch v m bo 24/24h. Cht lng dch v: Thi gian trin khai dch v: 7 - 10 ngy sau khi khch hng k hp ng (ph thuc vo bo co kho st thc t). i ng k thut v ng cu thng tin: 24/7/365 Bng thng cam kt: > 98% bng thng hp ng (Viettel lun khai bo trn h thng bng thng cao hn bng thng hp ng m bo bng thng khch hng lun t cam kt). tr ni tnh (T cc Huyn v Tnh):<10ms (H thng mng chuyn mch MPLS cng vi h tng truyn dn cp quang DWDM cho tr thp). tr lin tnh: 20 ms (H thng mng chuyn mch MPLS cng vi h tng truyn dn cp quang DWDM cho tr thp). Jitter:<5ms (H thng mng chuyn mch MPLS cng vi truyn dn cp quang DWDM cho Jitter thp). T l mt gi, li gi:< 0.01% (H thng mng chuyn mch MPLS cng vi truyn dn cp quang DWDM cho t l mt gi thp). MTU:1500 byte Kh nng trin khai thng sut cc dch v: VPN, VoIP, Video Conferencing... H tr cc tnh nng QoS (Quality of Service), CoS (Class of Service). Tnh sn sng (Availability): 99,9%. Thit b ti mi trm ca Viettel cng lun c d phng 1+1, 1+n, cc thit b c kt ni RING vi nhau m bo khi 1 Link down s chy theo link cn li m bo thi gian downtime l thp nht, cung cp dch v tt nht ti cho khch hng ca Viettel. H tr, x l s c Thi gian p ng h tr s c: 0.5h 1h. Thi gian x l s c sau khi nhn c thng bo: 2h - 4h

III. THIT K CHI TIT

1. Kt ni t cc Huyn n Tnh
HUYN

CONVERTER

Cp quang FastEthernet

Si

Si

Si

HUYN
Si Si

Si

VIETTEL METRO NETWORK

Si Si Si Si

Si

TNH

Si

HUYN

Hnh 2: M hnh kt ni chi tit ca TNH ti cc HUYN Thit b u cui Viettel lp t ti mi a im l 01 Media Converter bn giao 01 giao din Ethernet, dng khai bo chung cho tt c c kt ni n, thit b ca TTTT BHXHVN l 01 Router kt ni Wan. Trng hp TTTT BHXHVN cn tch ri cc mng ca Huyn kt ni ti TNH th ti cc im kt ni ti TNH cn s dng 01 SWL3 kt ni thay cho Router ( trng hp Router c th cu hnh Subinterface chia VLAN th khng cn), SWL3 nu l port quang Viettel s bn giao giao din quang GE (khng cn Media Converter) cn port in th ng nh m hnh trn.

IV. D TON CHO D N 1. CC HNG MC CN U T

STT 1 2 3 4 KIU KT NI Tnh nhm 1 Tnh nhm 2, 3 Huyn hm 1, 2 Huyn nhm 3, 4 HNG MC DO VIETTEL M BO Media Converter Media Converter Media Converter Media Converter HNG MC DO BHXH U T Router mng WAN Router mng WAN Router mng WAN Router mng WAN Chi ph knh truyn Chi ph knh truyn Chi ph knh truyn Chi ph knh truyn

2. D TON KINH PH BHXH CN U T 2.1 CHI PH KT NI WAN

2.2 CHI PH PHN THIT B

TNG D TON THIT B STT LOI TNH M T K THUT THIT B Firewall performance (max) 1.5 Gbps IPS performance (NSS 4.2.1) 230 Mbps AES256+SHA-1 / 3DES+SHA-1 VPN performance 300 Mbps Maximum concurrent sessions 64 K (Base) / 128 K (High Mem) New sessions/second (sustained, TCP, 3way) 9,000 Maximum security policies 4,096 1 Tnh nhm 1 Maximum users supported Unrestricted Maximum available slots for IOCs N/A WAN / LAN fixed ports 16 x 10/100/1000BASE-T CX111 3G/4G modem support Yes WAN / LAN PIMs T1/E1 ADSL2 Annex A ADSL2 Annex B G.SHDSL VDSL2 Annex A Ci N V S LNG N GI VAT (10%) TNG GHI CH

$2.999,00

$299,90

$6.597,80

Tham kho Juniper SRX240 B

 DOCSIS 3.0 Cable Modem GbE SFP Sync Serial Routing and Multicast Static routes RIPv2 +v1 OSPF/OSPFv3 BGP BGP Router Reflector IS-IS Multicast (Internet Group Management Protocol (IGMPv1/2/3), )VPN Tunnels (GRE, IP-IP, IPsec) IPsec, Data Encryption Standard (DES) (56-bit), triple Data Encryption Standard (3DES) (168-bit), Advanced Encryption Standard (AES) (128-bit+) encryption Message Digest 5 (MD5),ShA-1 , ShA128, ShA-256 authentication Firewall performance (max) 750 Mbps IPS performance (NSS 4.2.1) 60 Mbps AES256+SHA-1 / 3DES+SHA-1 VPN performance Firewall performance (max) 750 Mbps IPS performance (NSS 4.2.1) 60 Mbps Maximum concurrent sessions 32 K (Base) / 64 K (High Mem) New sessions/second (sustained, TCP, 3way) 2,000 Maximum security policies 512

Tnh nhm 2,3

Ci

61

$1.099,00

$109,90

$73.742,90

Tham kho Juniper SRX210 B

Huyn nhm

Maximum users supported Unrestricted Maximum available slots for IOCs N/A WAN / LAN fixed ports 2 x 10/100/1000BASE-T + 6 x 10/100 BASE-T 1 x 3G USB port CX111 3G/4G modem support Yes WAN / LAN PIMs T1/E1 ADSL2 Annex A ADSL2 Annex B G.SHDSL VDSL2 Annex A DOCSIS 3.0 Cable Modem GbE SFP Routing and Multicast Static routes RIPv2 +v1 OSPF/OSPFv3 BGP BGP Router Reflector IS-IS Multicast (Internet Group Management Protocol (IGMPv1/2/3), VPN Tunnels (GRE, IP-IP, IPsec) IPsec, Data Encryption Standard (DES) (56-bit), triple Data Encryption Standard (3DES) (168-bit), Advanced Encryption Standard (AES) (128-bit+) encryption Message Digest 5 (MD5),ShA-1 , ShA128, ShA-256 authentication Firewall performance (max) 700 Mbps

Ci

313

$420,00

$42,00

$144.606,00

Tham

1,2

IPS performance (NSS 4.2.1) 60 Mbps AES256+SHA-1 / 3DES+SHA-1 VP performance 65 Mbps Maximum concurrent sessions 16 K (Base) / 32 K (High Mem) New sessions/second (sustained, TCP, 3-way) 2,000 Maximum security policies 384 Maximum users supported Unrestricted WAN / LAN fixed ports 8 x 10/100 1 x 3G USB port Routing and Multicast Static routes RIPv2 +v1 OSPF/OSPFv3 BGP BGP Router Reflector IS-IS Multicast (Internet Group Management Protocol (IGMPv1/2/3), PIM-SM/DM/SSM, Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), source-specific, Multicast inside IPsec tunnel), MSDP MPLS (RSVP, LDP, Circuit Cross-connect (CCC), Translational Cross-connect (TCC), Layer 2 VPN (VPLS), Layer 3 VPN, VPLS, NGMVPN) VPN Tunnels (GRE, IP-IP, IPsec) IPsec, Data Encryption Standard (DES) (56-bit), triple Data Encryption Standard (3DES) (168-bit), Advanced Encryption Standard (AES) (128-bit+) encryption

kho Juniper SRX110 B

Huyn nhm 3,4

Message Digest 5 (MD5),ShA-1 , ShA-128, ShA256 authentication Firewall performance (max) 700 Mbps IPS performance (NSS 4.2.1) 60 Mbps AES256+SHA-1 / 3DES+SHA-1 VP performance 65 Mbps Maximum concurrent sessions 16 K (Base) / 32 K (High Mem) New sessions/second (sustained, TCP, 3-way) 2,000 Maximum security policies 384 Maximum users supported Unrestricted WAN / LAN fixed ports 8 x 10/100 1 x 3G USB port Routing and Multicast Static routes RIPv2 +v1 OSPF/OSPFv3 BGP BGP Router Reflector IS-IS Multicast (Internet Group Management Protocol (IGMPv1/2/3), PIM-SM/DM/SSM, Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), source-specific, Multicast inside IPsec tunnel), MSDP MPLS (RSVP, LDP, Circuit Cross-connect (CCC), Translational Cross-connect (TCC), Layer 2 VPN (VPLS), Layer 3 VPN, VPLS, NGMVPN) VPN Tunnels (GRE, IP-IP, IPsec) IPsec, Data Encryption Standard (DES) (56-bit), triple Data

Ci

380

$420,00

$42,00

$175.560,00

Tham kho Juniper SRX100 B

 Encryption Standard (3DES) (168-bit), Advanced Encryption Standard (AES) (128-bit+) encryption Message Digest 5 (MD5),ShA-1 , ShA-128, ShA256 authentication

TNG

$400.506,70

8.410.640.7 00,00
$21.000,00