KINH NGHIM QUN L,

VN HNH NOC

H Ni, 01/2008

GiI THIU NOC-VN

Thit

b mng
01 Router 7206, standard image IOS
01 Switch 6506, standard Image IOS
02 Server HP DL380: 01 cho Web Server, 01 cho
DNS qun tr tn min vinaren.vn
02 PC cho k s lm vic
Bng thng kt ni
Kt ni H Ni Hng Kng: 45Mbps (01
Active, 01 backup)
Kt ni t NOC-VN n NACESTI: 100Mbps
02 kt ni t NOC-VN n Netnam: 100Mbps

GiI THIU NOC-VN

Ti

nguyn mng hin ang tm thi

qun l:
a

ch IP: 8 Class C
Tn min: vinaren.vn
Kt

ni ni b H Ni trong tng lai gn:

Kt

ni n B GD&T: 100Mbps
Kt ni n H Kinh t quc dn: 100Mbps
Kt ni n Bnh vin Bch Mai: 100Mbps
Cc im khc theo qui hoch ca d n

GiI THIU NOC-VN

H

thng phn mm (t xy dng)

Phn

mm qun l, gim st kt ni mng TEIN2

v cc kt ni trong ni b mng mt s thnh
vin VinaREN (Nagios, Cacti) bao gm cc
module: WeatherMap (hin th % s dng bng
thng kt ni In/Out), Monitor (hin th trng thi
thit b, my ch: Down/up/Threshold breach)
Phn mm thc hin thng k lu lng s dng,
% s dng ng truyn ca cc thnh vin phc
v cng tc thng k hng thng.

S DNG, PHT TRIN V TRIN KHAI

CC PHN MM M NGUN M
1. Xy dng, trin khai cc cng c h tr phn
tch, qun tr, gim st mng m ngun m vi
nhiu mun chc nng nh Nagios, Cacti,
MRTG vi cc tnh nng:
Xy dng s hin th thng tin cc gi tin
vo/ra trn Router, switch layer 3 (s dng cng c
thu thp thng tin trn thit b nh Netflow trn
thit b Router, SW Layer 3 ca Cisco, ca Juniper)

S DNG, PHT TRIN V TRIN KHAI CC

PHN MM M NGUN M

Gim

st lu thng vo/ra (theo % bng thng

ng truyn) pht hin cc cuc tn cng lm
nghn mng do Virus hoc do Hacker (biu hin:
thng chim vi trm % bng thng thc t)
T ng gi e-Mail cnh bo n cc qun tr vin
khi kt ni b t, hoc bng thng qu ti.
M phng % s dng bng thng cho tng kt ni
bng hnh nh trc quan
Cho php hin th thng tin v bng thng s dng
ca tng giao din mng (interfaces) theo gi, ngy,
thng, qu, nm.

S DNG, PHT TRIN V TRIN KHAI

CC PHN MM M NGUN M
2. Xy dng cc cng c gim st, qun
tr, cu hnh cc dch v tp trung trn
my ch dng phn mm ngun m
nh Webmin

NGHIN CU
Trin khai ci t, cu hnh v chy th nghim cc
bn th nghim (Demo, Evaluation) cc phn mm
phn tch, gim st, qun tr mng thng mi nh
NetFlow Analyzer, Solarwinds hoc HP OpenView
tm hiu tnh nng, c ch lm vic v c nh gi,
so snh vi cc phn mm ngun m v u, nhc
im ca chng. Cc phn mm thng mi thng
d vn hnh, qun tr nhng nhc im l t tin,
hay li khim khuyt v l mc tiu ca hacker v
khi nng cp phi mt nhiu kinh ph.
Tham gia cc ti nghin cu cp c s, cp B

NGHIN CU

Thit lp c ch bo mt trn ton mng,

cc thit b mng, my ch, my trm

Thit lp Firewall/IDS (s dng thit b cng

hoc phn mm m ngun m: Firewall-IP
Table, IDS-Snort) bo v tn cng mng t bn
ngoi, bo v vng DMZ/ServerFarm cho cc
my ch
Xy dng Firewall cc b trn tng my ch
ng dng, dch v theo c ch Self-Defence
ng ht cc cng khng cn thit, ch m
cng dch v tht cn thit
Thng xuyn cp nht phn mm, cc bn v
li trn my ch v my trm

Thit lp c ch bo mt trn ton mng,

cc thit b mng, my ch, my trm
Ci t v thng xuyn cp nht phn mm Virus
trn PC ca ngi s dng
Thit lp cc c ch truy cp an ton vo cc thit
b mng qun tr t bn ngoi hoc t bn trong
theo c ch bo mt (s dng SSH thay cho Telnet,
https i vi e-Mail, cc dch v qun tr, cu hnh
qua Website bng giao thc https, )
Hng dn ngi s dng v c ch bo mt nh
hn ch chia s tp, m cc dch v/cc cng khng
cn thit trnh l hng bo mt.

Thit lp c ch bo mt trn ton mng,

cc thit b mng, my ch, my trm
Thng

xuyn cp nht tin tc bo mt trn cc

trang Web v bo mt nh:
Website Microsoft
www.microsoft.com/security/default.mspx
www.windowsecurity.com/whitepaper
Website an ninh mng ca Trung Quc:
http://www.ccert.cn
www.cert.com
www.us-cert.gov

Thit lp c ch bo mt trn ton mng, cc

thit b mng, my ch, my trm

o to k s
o

to trong nc: tham gia cc kha o to

c bn v qun tr mng
Nu NOC c iu kin th gi i o to cc
chng ch chuyn mn (cc chng ch MCSE ca
MS, CCNA, CCNP, CCIE ca Cisco, ...)
Gi cn b tham gia cc kha o to ti
nc ngoi: tham gia cc kha o to ngn
hn, tp trung chuyn su vo tng vn :
nh tuyn (tnh, ng) c bn, nh tuyn (tnh,
ng) nng cao, DNS c bn, DNS nng cao,
Multicast, Network Security,

o to k s
T o to
Ngi bit nhiu hng dn ngi bit t
Tinh thn t tm hiu chuyn su l chnh
S dng cc phn mm gi lp, my tnh PC
th nghim, m phng (thit lp m hnh
mng, xy dng Router mm, cu hnh nh
tuyn dng phn mm m phng Router nh
DYMAMIPS, DYNAGEN, RouterSIM)
Thng xuyn t chc Seminar chuyn mn
theo nh k (1-2 tun/ln)
Trao i kinh nghim k thut vi cc NOC
khc

nh tuyn (Routing)

Thit lp h thng nh tuyn IP ng vi

TEIN2 NOC (Hongkong) s dng giao thc
BGP
Thit lp h thng nh tuyn IP ng vi
mt s thnh vin trong VinaREN s dng
giao thc nh tuyn OSPF
Thit lp h thng nh tuyn IP ng vi
trong ni b mng HBKHN vi NOC-VN.

nh tuyn (Routing)

u im ca nh tuyn ng:
Tn dng c c ch tm ng thng
minh, ti u
Gim thiu cng sc ca qun tr mng khi
vic thng xuyn cp nht bng nh tuyn
khi c s thay i tuyn ng t mng bn
ngoi
Thun tin cho ngi dng: khng phi thay
i Gateway nhng vn c th truy cp c
mng Internet hoc TEIN2 m khng cn
thay i g trong cu hnh thng s mng

nh tuyn (Routing)

Trin khai th nghim

Trin khai th nghim cc cng ngh mi, cc
ng dng, dch v trn nn IPv6 (Routing,
Multicast-eLearning, DNS, Web, ...).
Tuy nhin trin khai dch v nhng phi kim
sot c v mt an ninh, bng thng cng
nh iu phi dch v khng nh hng
n ngi dng.

S dng cc cng c qun tr mng c

bn nhng hiu qu
Cng

c tm ng tracert (v d:
c:\>tracert www.dante.net xem vic i
n ich www.dante.net t my ca ngi
dng th i theo ng TEIN2 hay Internet
thng mi)
Nu cc n v c iu kin c th mua
thit b m phng sinh ra cc lung d liu
kim tra thit b mng, thit b Wireless
(LanForge: http://www.candelatech.com/)

S dng cc cng c
qun tr mng c bn nhng hiu qu

Cng c PING o thi gian RTT (Round

Trip Time) ca gi tin t ngun n ch
xem c ln khng (thng i theo ng
TEIN2 th RTT ch mt khong vi chc ms,
nu i theo Internet thng mi trc
tip/gin tip n cc Website quc t
thng phi mt 170ms tr ln).
Cng c o bng thng cn d, sn sng
cho truyn d liu (nh PathLoader,
netperf, iperf, )

S dng thit b cn bng ti

Nu mng c nhiu kt ni Internet

(Leasedlines, ADSLs) th nn s dng b cn
bng ti chia ti cho cc ng truyn ra
Internet, ti u c bng thng v kim sot
c cht lng dch v (t QoS theo mc u
tin theo i tng s dng hoc dch v, a
ch IP, )

Th nghim dch v, ng dng,

m phng hot ng
Thc

hin cc m phng s dng cc dch v, ng

dng yu cu bng thng ln kim tra ng
truyn cng nh mc chu ti, kh nng h tr
multimedia ca thit b mng nh DVTS, Video
Conferencing,
Thc hin th nghim cc cuc tn cng hoc d
qut mng t bn ngoi/trong mng ca mnh
pht hin l hng bo mt trn cc thit b mng,
my ch, phn mm,
Dng cc cng c (nh Ethereal) khi cn bt
cc gi tin truyn trn mng phn tch giao thc
s dng c th pht hin ra cc bt thng xy
ra trong mng,

Qun l ti nguyn mng

C

chnh sch s dng, qui hoch mng, a ch

IP, tn min r rng, ng b v lu di, c kh
nng m rng
Qun l cht ch vic s dng a ch IP thc, tn
min trnh l cc l hng v bo mt v
trnh vic ngi s dng li dng mng pht
tn, truyn b thng tin cm qua Web, dch v FTP
Cc n v c 2 kt ni mng Leasedline tr ln
(MultiHoming) c th ng k xin cp AS number
v a ch IP thun tin hn trong qun tr mng
c kt ni n mng TEIN2 v Internet thng mi.

iu kin vn hnh trong phng my ch

cc thit b lu in, n nh in p
tng tui th ca thit b, my tnh
Phng my ch, thit b mng, PC phi
c iu ha m bo tui th thit b
c cao.

Phi hp vi i tc v
m bo thng tin lin lc gia cc NOC

Phi

hp vi i tc, ISP hoc B cng an khi cn

thit phi x l cc vi phm v an ninh mng
m bo thng tin lin lc
Giao cho ngi lu thng tin v ti nguyn c
cp pht tra cu khi cn
Lu a ch lin h trao i k thut vi cc
NOCs v Cng ty vin thng khi cn thit (nh s c
t ng truyn, gin on mng, )
Trao i trn cc din n IT, Network Security,
OpenSource