Summary

This document is about the Indian Railways data network, and its various components, applications, and architectures. It describes different types of data networks used by Indian Railways, including Railnet, Unified Ticketing, and FOIS. The document provides details about the communication media, network speeds, and topology.

Full Transcript

CHAPTER XV DATA NETWORK ======================= 1. The interconnection of a large number of data processing devices through suitable communication links enabling data transfer between the data processing devices constitutes a DATA NETWORK. Indian Railways has three major data networks...

CHAPTER XV DATA NETWORK ======================= 1. The interconnection of a large number of data processing devices through suitable communication links enabling data transfer between the data processing devices constitutes a DATA NETWORK. Indian Railways has three major data networks viz. Railnet, Unified Ticketing network (UTN) and FOIS network. Special purpose data networks are also being established by the Railways like the network for monitoring the CCTV network, VoIP control communication network, etc. Several applications are already operating over the networks and many new applications are contemplated.The various applications are as under: - Passenger Reservation System (PRS) & Unreserved Ticketing System (UTS) - Freight Operations Information System ( FOIS), Coaching operations Information System (COIS), Control Office Automation (COA) & Crew Management System (CMS) - Material Management Information System (MMIS) - Integrated Coaching Management System (ICMS) - Parcel management system (PMS) - Software for Electric Locomotive Asset Management (SLAM) - Time Table Management System (Satsang) - E-procurement System - Integrated Material Management System (iMMS) - Locomotive Management System (LMS) - Health Management Information System (HMIS) - e-Office - Track Management System (TMS) - Works Program Management System - Railway Land Management System - RPF Security Management System (RSMS) - e-Drishti -- A Dashboard for Indian Railways - TDMS -- Traction Distribution Management System (Pilot project) - EEMS -- Electrical Energy Management System - Signaling Maintenance Management System (SMMS) - Real-time Train Information System (RTIS) - Integrated Payroll and Accounting System (IPAS) and Web enabled Railway Budget System - Computerization of Train Signal Registers (TSR) - Human Resource Management System (HRMS) 2. Railway Networks: ================= 1. Railway applications primarily run over Railways' Private Network, i.e. Railway applications are normally transported by Railway network, The general purpose 2. Railnet is built up by Railways own transport network, utilising bandwidth from RailTel Corporation of India (RCIL) or leasing bandwidth from BSNL or other service providers. In special cases, Railnet may be extended through the public networks like the Internet using Virtual Private Network (VPN) solutions taking sufficient security measures. A virtual private network (VPN) extends a [private](https://en.wikipedia.org/wiki/Private_network) [network](https://en.wikipedia.org/wiki/Private_network) across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. [Encryption](https://en.wikipedia.org/wiki/Encryption) is a common, although not an inherent, part of a VPN connection. For Internet access, Railnet is connected to Internet at specific locations duly ensuring network security by means of suitable firewalls along with other devices to circumvent cyber threats. Communication Media: ==================== 4. Network Speeds: =============== 1. The earlier networks were non-IP based and worked at speeds of 9.6 Kbps. Gradually some of the non-IP based network speeds were upgraded to 64 Kbps. Generally higher speeds were not adopted in non-IP networks. 2. Presently networks are mostly IP based and operate at speeds of 2 Mbps at the core and access levels. Some of the access level links are also working at 64kbps speed. In future, all IP networks should be planned with minimum 2 Mbps connectivity at distribution level and nX2 Mbps in the core. Preferably, Ethernet links may be used for all data networks with fibre connectivity. 5. Network Topology & Architecture =============================== 1. **Railnet** 1. Railnet is currently built as an L3 VPN over MPLS infrastructure of RCIL. 2. Each zone and division is connected to an MPLS router of RCIL with appropriate bandwidth ranging from 20Mbps to 300Mbps. Zonal Railways can increase/decrease this bandwidth based on the demand themselves. 3. Railnet setup at the zonal and divisional HQs may have the following setup: a. Railnet routers in high availability. b. UTM /Firewall c. L3 switches working in 1+1 redundancy. d. DNS cache server e. Network Management server f. Other servers like DHCP, Web server, Antivirus server, Patch Management server, Proxy server etc. 4. Railnet LAN Architecture: ![](media/image2.jpeg) i. The Railet LAN Architecture shall be as shown in the figure above. This should be followed at Railway Board, RDSO, zonal HQ, divisional HQ and other units. ii. The core switch should be a Layer 3 switch and the distribution/access switches shall be Layer 2. The L2 switches should be with PoE support to power the IP phones & security cameras. iii. Layer 2 switches should be used in the LAN for the purpose of interconnecting user nodes. These switches should support the following minimum features a. VLANs b. RSTP and MSTP c. DHCP relay d. DHCP snooping and trusted DHCP server support. e. MAC address authentication through a radius server. f. Non-blocking Gigabit PoE access ports iv. The connectivity of Layer 2 switch and the Layer 3 switch shall be on OFC. This shall be 1G or 10G multiple links with path protection. v. The distribution switch should have Gigabit access Copper ports. For connec tivity to the Layer 3 switch, SFP based optical ports shall be supported. vi. The connectivity between the user (clients) and the distribution/access switch shall be through Cat-6 UTP cable/OFC. vii. The connectivity to the user nodes shall be upgraded to 1Gbps. viii. VLANs shall be used to limit the Ethernet broadcast domain in such a way that one VLAN should normally not have more than 70-100 computers. For simplicity, one VLAN should normally not cover more than one switch stack. One may configure multiple VLANs in one switch stack. ix. RSTP/MSTP may be configured in the switches with the Layer 3 core switch as the root bridge. x. Switches must be configured to recognize a trusted DHCP server and should not allow access to rough DHCP servers that may get enabled in the network. xi. Use of a DHCP server should be mandatory for a network node. Any node that does not obtain its IP address from the DHCP server should not be allowed network access. One way to achieve this may be to disable ARP based MAC learning and use DHCP snooping for building MAC address tables in the switch. xii. DHCP server shall be provided in redundancy. Two DHCP servers shall be provided in the network. Both these DHCP servers shall provide IP addresses from disjoint sets so as to avoid IP clash. xiii. All the local servers providing network services like DNS etc. shall be con nected to the Layer 3 switch in a different VLAN either directly or through a distribu tion/access switch. In this case, manual configuration of IP addresses can be done. xiv. When there are more than one Layer 2 switch at one location, they must be stacked. Stacking is better than connecting the switches using 1/10G port as it provides better speed and better forwarding rates. xv. Layer 3 switches shall be used as the gateway for the nodes in each of the VLAN. Load balancing should be configured in such a way that one Layer 3 switch is the gateway for half the total VLAN and the other Layer 3 switch is the gateway for the balance VLANs. This will ensure that both the switches are in service and are handing half of the traffic of the LAN. xvi. VRRP(Virtual Router Redundancy Protocol) should be configured between the switches for the gateway IP for each VLAN. Thus, when one switch goes down the other takes over the role of traffic forwarding/routing. With this arrangement manual load balancing is achieved. xvii. The L3 switches shall be connected to the routers/switches on the WAN side and route the traffic out of the network towards MPLS network of RCIL. 2. Unified Ticketing Network ========================= 5. Unified Ticketing network in the unified PRS and UTS network. 6. The PRS network is used to issue reserved tickets to railway passengers. The UTS network is used to unreserved tickets to railway passengers. 7. The network is an IP network that spans all the stations with ticketing activity. The network is a tiered network. The general architecture is as shown below. 8. The following diagram shows the arrangements at the station: 3. FOIS network ============ 9. FOIS network is used for operation of Freight Operation Information System. It also hosts almost all the operational intelligence software that helps in train operation. A few systems that are hosted on this network are Integrated Coach Management System, Crew Management System, Parcel management System, Control Office Application etc. 10. FOIS network is also an IP network spanning the whole of Indian Railways. It uses OSPF as the routing protocol and its architecture is similar to that of UTN. 11. The typical arrangement of FOIS at a station is shown in the diagram below. ![](media/image5.png) 3. At some of the stations only one FOIS PC is required and at such stations, the switch is not used and the PC is connected directly with the router. 4. The network topology of any new network is to be decided according to the type, size and requirement of the application. Mesh architecture is 6. **Network path protection:** Data networks are critical applications for Railway operation and the data devices at various locations are required to remain connected to the network all the time. At the core levels, the availability of 100% is required and this is achieved by adopting mesh architecture. It should be ensured that a single failure in the network will not cause interruption of services. At the access level, availability of better than 99.9% is desired for each location. This can be achieved through provision of proven equipment along with path diversity, equipment redundancy, multiple service providers connectivity etc. Wherever feasible channels utilized from Railways shall be protected by provision of alternative path by protection switching. Channels utilized from RCIL/other service providers shall always be protected by provision of alternative path by protection switching. In the event of any of the communication links being provided by the operators through public networks, adequate protection in the form of VPN and using encryption is to be taken. 7. **Network Devices:** The various devices used in the data network other than the nodes on which the applications reside, along with their interface specifications are given below: 1. Modems 2. Switches a. L2 PoE switch b. L2 non-PoE switch c. L3 switches 3. Routers 4. UTM/Firewalls 5. LAN extenders 6. WiFi Access Points and Controllers 7. Interface Converters 8. Media converters 9. DSLAM, ADSL, 10. GPON/, EPON 8. **Network extension:** It should be possible to add new network devices either at existing locations or at new locations by extending the WAN. The network components should be so selected to permit scalability without having to replace existing network components. At least 25% spare equipment should be planned for equipment like modems, UPSs, switches, LAN Extenders etc. Spares are recommended in N+1 configuration in each critical location for core level network equipment like High end routers, manageable switches, Servers, Firewall etc., for efficient maintenance of the Networks. If any department has its own dedicated network installed by them, scope of S&T department will be limited to provision of railway telecom connectivity if it is feasible. 9. **Access from public network:** Wherever it is necessary to allow access to Railway Data networks from public networks like the Internet, such access may be permitted only at protected points where network must be adequately protected through provision of firewalls/Intrusion Prevention System (IPS)/ Intrusion Detection System (IDS) etc. 10. **Network Security:** The main aspects of security is: 1. **Network Access Control:** The access control protocols perform three functions: a. **Authentication**: Authentication is the process of identifying and verifying a user. Only authorized personnel should be permitted access the network resources. This is important for Network and also wireless access. Network security starts with authentication, commonly with a username and a password (termed as one-factor authentication). With two-factor authentication, something the user \'has\' is also used (e.g., a security token or \'dongle\', digital certificate dongle, an ATM card, or a mobile phone); and with three-factor authentication, something the user \'is\' is also used (e.g., a fingerprint or retinal scan). b. **Authorization:** It provides capabilities to enforce policies on network resources after the user has gained access to the network resources through authentication. After the authentication is successful, authorisation can be used to determine what resources the user is allowed to access and the operations that can be performed. c. **Accounting:** It provides the means of monitoring and capturing the events done by the user while accessing the network resources. It even monitors how long the user has an access to the network. The administrator can create an accounting method list to specify what should be accounted and to whom the accounting records should be sent. 2. Network Protection, Intrusion Detection and Intrusion Prevention: ================================================================= d. **Firewall**: First level of defence at the network perimeter. State full inspection of packets based on protocols. e. **Intrusion detection and Protection system**: Signature identification, Protocol identification etc. Detects and Drop the suspected packets. f. **UTM (Unified Threat Management)** is just another name for an all in one security appliance. A UTM appliance will consist of a firewall as well as other key security features such as spam filtering, web filtering, anti-virus, anti-spyware, anti-phishing, IPS/IDS, DOS and DDOS protection, Application filtering, Network Access and Bandwidth Management Control , VPN\'s and so on. 11. Network Management system and Traffic Monitoring: ================================================= 1. Network Management System (NMS) is an essential part of any data network to monitor the health of the network. It is an essential tool for managing the complete data networks using SNMP protocol based on open standards. The Network Management System can do various tasks like configuration, diagnostic, provisioning, security and originating various MIS reports to be utilized by the Network Manager. NMS also has the facility of performance monitoring through resource utilization graphs. As far as possible traffic logs from various network devices may be recorded at a central server for analysis purposes. 2. Indian Railway Data Network being very large in size there may be several NAMes at different locations controlling different segments of the network. Each division and zone should have integrated NMS at their Network Operation Center (NOC) in standby mode. Network administrators will exercise total control over the network through the NMS. 3. The policy for network access control shall be Approved by PCSTE and should be reviewed periodically. 4. The password for router, switches, servers, modems, UTM, CCTV and all other IT equipment in the division to be available with Test Room. It is to be ensured by all JE/SSE/Tele/Incharge to get it noted down to Test Room during commissioning of any system. 12. List of the Test and Measuring Equipments: ========================================== - Communication Analyzer - Ethernet Analyzer - Protocol Analyzer - The measuring instruments generally used are - BER meter - LAN cable meter - Other latest measuring instruments if any. 13. Measurements: ============= Fault Diagnosis: ================ - Hardware - Software - Media/Channel - The datacom equipment is provided with visual indications by which the status of the equipment can be known. The next option is by login into the equipment and test the equipment with standard commands given by the manufacturer. - The software part like IOS of Routers and other intelligent/managed equipment can be checked or upgraded to higher versions depending on the type of the fault encountered. - The media which actually connects two locations through interface device can be checked with testing facility given on the interface device or through measuring instruments. The BER of the media/channel is generally measured to know the percentage of errors and other related information. Environment, Rack and Flooring: =============================== Earthing: ========= Power Supply: ============= Maintenance Schedule: ===================== i. The datacom equipment shall be kept clean and tidy without dust and shall be cleaned regularly and to be inspected once in a year by SSE/JE incharge. ii. The diversity channels shall be checked at least once a month by switching off main channels and ensure that automatic switch over/routing is taking place. iii. Condition of underground cables to be checked by carrying out routine checks done for U/G cables. iv. OFC cables and connectors to be checked as per routine checks done on OFC. v. The Antivirus patches to be updated in NMS system time to time. vi. In addition to the above, any other checks suggested by manufacturers 19. Do's and Don\'ts: ================= i. Do write the configurations changes if any done in a register so that proper documentation is done for performance analysis and recode purpose. ii. Take the print outs of the configuration of the routers and document them. iii. Store the configuration files of the routers in softcopy so that they will be useful at emergency whereby with one command entire configuration can be copied thereby reducing the down time. Take backup of the router configuration every time the configuration is changed. iv. Do proper lacing of the internal wiring, v. Protect the cables from rodents where cabling is done through false flooring. vi. Train the staff and update the knowledge to maintain the network more efficiently. vii. Use ESD wrist bands while handling datacom equipments viii. Use a good quality earth and maintain the earth resistance below 1 Ohms ix. Change the password of router/servers once in a month x. Follow the housekeeping procedure of clearing the event and performance logs of the NMS at specified intervals. xi. Plan replacement of UPS batteries as per the specified lifecycle. xii. Keep the operation and maintenance manual handy. xiii. The bills and Guarantee/warranty cards of the datacom equipment should be kept handy to use it when required. xiv. Check the backup links at least once a month. i. Do not change the hardware of the routers like data cards when the router power supply is ON unless it is clearly mentioned that it supports hot swapping. ii. Do not change the V.35 Data cable when the router and modems are ON. iii. Do not change the IP addressing scheme and IP address of the working network without the written permission of the Network Administrator. iv. Do not change the configuration of the router without the permission of the Network administrator. v. Do not run down the batteries of the UPS below specified level. vi. Never switch off the datacom equipment without following the proper shut down procedure vii. Do not share the passwords of routers' and servers with your colleagues. viii. Never use water to clean the equipment room. ix. Don't use water based fire extinguishers for datacom installations. -x-x-x- =======

Use Quizgecko on...
Browser
Browser