Chapter 15 Data Network PDF
Document Details
Uploaded by SolicitousOklahomaCity
null
2021
Tags
Summary
This document details the data networking infrastructure of Indian Railways, encompassing Railnet, Unified Ticketing Network (UTN), and FOIS networks. It outlines various applications, communication media, and network speeds. The document also provides information about network topologies and architecture, specific to railway systems.
Full Transcript
CHAPTER XV DATA NETWORK 15.1 The interconnection of a large number of data processing devices through suitable communication links enabling data transfer between the data processing devices constitutes a DATA NET...
CHAPTER XV DATA NETWORK 15.1 The interconnection of a large number of data processing devices through suitable communication links enabling data transfer between the data processing devices constitutes a DATA NETWORK. Indian Railways has three major data networks viz. Railnet, Unified Ticketing network (UTN) and FOIS network. Special purpose data networks are also being established by the Railways like the network for monitoring the CCTV network, VoIP control communication network, etc. Several applications are already operating over the networks and many new applications are contemplated.The various applications are as under: Passenger Reservation System (PRS) & Unreserved Ticketing System (UTS) Freight Operations Information System ( FOIS), Coaching operations Information System (COIS), Control Office Automation (COA) & Crew Management System (CMS) Material Management Information System (MMIS) Integrated Coaching Management System (ICMS) Parcel management system (PMS) Software for Electric Locomotive Asset Management (SLAM) Time Table Management System (Satsang) E-procurement System Integrated Material Management System (iMMS) Locomotive Management System (LMS) Health Management Information System (HMIS) e-Office Track Management System (TMS) Works Program Management System Railway Land Management System RPF Security Management System (RSMS) e-Drishti – A Dashboard for Indian Railways TDMS – Traction Distribution Management System (Pilot project) EEMS – Electrical Energy Management System Signaling Maintenance Management System (SMMS) Real-time Train Information System (RTIS) Integrated Payroll and Accounting System (IPAS) and Web enabled Railway Budget System Computerization of Train Signal Registers (TSR) Human Resource Management System (HRMS) The data networks can also be used for other applications like Video Conferencing, Data Conferencing, VOIP, IVRS, Disaster Management, Office Automation etc. 15.2 Railway Networks: 15.2.1 Railway applications primarily run over Railways’ Private Network, i.e. Railway applications are normally transported by Railway network, The general purpose Indian Railways Telecom Manual - 2021 Page 194 wide area intranet of IR is known as Railnet. Railnet is also being used for accessing the Internet. 15.2.2 Railnet is built up by Railways own transport network, utilising bandwidth from RailTel Corporation of India (RCIL) or leasing bandwidth from BSNL or other service providers. In special cases, Railnet may be extended through the public networks like the Internet using Virtual Private Network (VPN) solutions taking sufficient security measures. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection. For Internet access, Railnet is connected to Internet at specific locations duly ensuring network security by means of suitable firewalls along with other devices to circumvent cyber threats. 15.3 Communication Media: The communication links making up the data network are a combination of media like OFC, GSM-R/LTE, IP Radio links, VSAT, Twisted pair copper for last mile connectivity. For Local Area Network (LAN) in the same building Optic Fibre Cable/Cat 6 cables are used. 15.4 Network Speeds: 15.4.1 The earlier networks were non-IP based and worked at speeds of 9.6 Kbps. Gradually some of the non-IP based network speeds were upgraded to 64 Kbps. Generally higher speeds were not adopted in non-IP networks. 15.4.2 Presently networks are mostly IP based and operate at speeds of 2 Mbps at the core and access levels. Some of the access level links are also working at 64kbps speed. In future, all IP networks should be planned with minimum 2 Mbps connectivity at distribution level and nX2 Mbps in the core. Preferably, Ethernet links may be used for all data networks with fibre connectivity. 15.5 Network Topology & Architecture 15.5.1 Railnet 15.5.1.1 Railnet is currently built as an L3 VPN over MPLS infrastructure of RCIL. 15.5.1.2 Each zone and division is connected to an MPLS router of RCIL with appropriate bandwidth ranging from 20Mbps to 300Mbps. Zonal Railways can increase/decrease this bandwidth based on the demand themselves. 15.5.1.3 Railnet setup at the zonal and divisional HQs may have the following setup: a. Railnet routers in high availability. b. UTM /Firewall c. L3 switches working in 1+1 redundancy. Indian Railways Telecom Manual - 2021 Page 195 d. DNS cache server e. Network Management server f. Other servers like DHCP, Web server, Antivirus server, Patch Management server, Proxy server etc. The same is shown in the figure below: 15.5.1.4 Railnet LAN Architecture: Indian Railways Telecom Manual - 2021 Page 196 i. The Railet LAN Architecture shall be as shown in the figure above. This should be followed at Railway Board, RDSO, zonal HQ, divisional HQ and other units. ii. The core switch should be a Layer 3 switch and the distribution/access switches shall be Layer 2. The L2 switches should be with PoE support to power the IP phones & security cameras. iii. Layer 2 switches should be used in the LAN for the purpose of interconnecting user nodes. These switches should support the following minimum features a. VLANs b. RSTP and MSTP c. DHCP relay d. DHCP snooping and trusted DHCP server support. e. MAC address authentication through a radius server. f. Non-blocking Gigabit PoE access ports iv. The connectivity of Layer 2 switch and the Layer 3 switch shall be on OFC. This shall be 1G or 10G multiple links with path protection. v. The distribution switch should have Gigabit access Copper ports. For connec-tivity to the Layer 3 switch, SFP based optical ports shall be supported. vi. The connectivity between the user (clients) and the distribution/access switch shall be through Cat-6 UTP cable/OFC. vii. The connectivity to the user nodes shall be upgraded to 1Gbps. viii. VLANs shall be used to limit the Ethernet broadcast domain in such a way that one VLAN should normally not have more than 70-100 computers. For simplicity, one VLAN should normally not cover more than one switch stack. One may configure multiple VLANs in one switch stack. ix. RSTP/MSTP may be configured in the switches with the Layer 3 core switch as the root bridge. x. Switches must be configured to recognize a trusted DHCP server and should not allow access to rough DHCP servers that may get enabled in the network. xi. Use of a DHCP server should be mandatory for a network node. Any node that does not obtain its IP address from the DHCP server should not be allowed network access. One way to achieve this may be to disable ARP based MAC learning and use DHCP snooping for building MAC address tables in the switch. xii. DHCP server shall be provided in redundancy. Two DHCP servers shall be provided in the network. Both these DHCP servers shall provide IP addresses from disjoint sets so as to avoid IP clash. xiii. All the local servers providing network services like DNS etc. shall be con-nected to the Layer 3 switch in a different VLAN either directly or through a distribu-tion/access switch. In this case, manual configuration of IP addresses can be done. xiv. When there are more than one Layer 2 switch at one location, they must be stacked. Stacking is better than connecting the switches using 1/10G port as it provides better speed and better forwarding rates. Indian Railways Telecom Manual - 2021 Page 197 xv. Layer 3 switches shall be used as the gateway for the nodes in each of the VLAN. Load balancing should be configured in such a way that one Layer 3 switch is the gateway for half the total VLAN and the other Layer 3 switch is the gateway for the balance VLANs. This will ensure that both the switches are in service and are handing half of the traffic of the LAN. xvi. VRRP(Virtual Router Redundancy Protocol) should be configured between the switches for the gateway IP for each VLAN. Thus, when one switch goes down the other takes over the role of traffic forwarding/routing. With this arrangement manual load balancing is achieved. xvii. The L3 switches shall be connected to the routers/switches on the WAN side and route the traffic out of the network towards MPLS network of RCIL. 15.5.2 Unified Ticketing Network 15.5.2.1 Unified Ticketing network in the unified PRS and UTS network. 15.5.2.2 The PRS network is used to issue reserved tickets to railway passengers. The UTS network is used to unreserved tickets to railway passengers. 15.5.2.3 The network is an IP network that spans all the stations with ticketing activity. The network is a tiered network. The general architecture is as shown below. The UTN uses OSPF as the routing protocol. Every division has been divided into one or more OSPF areas that are connected to area zero connecting the main UTS/PRS servers. 15.5.2.4 The following diagram shows the arrangements at the station: Indian Railways Telecom Manual - 2021 Page 198 15.5.3 FOIS network 15.5.3.1 FOIS network is used for operation of Freight Operation Information System. It also hosts almost all the operational intelligence software that helps in train operation. A few systems that are hosted on this network are Integrated Coach Management System, Crew Management System, Parcel management System, Control Office Application etc. 15.5.3.2 FOIS network is also an IP network spanning the whole of Indian Railways. It uses OSPF as the routing protocol and its architecture is similar to that of UTN. 15.5.3.3 The typical arrangement of FOIS at a station is shown in the diagram below. 15.5.3.3 At some of the stations only one FOIS PC is required and at such stations, the switch is not used and the PC is connected directly with the router. 15.5.3.4 The network topology of any new network is to be decided according to the type, size and requirement of the application. Mesh architecture is Indian Railways Telecom Manual - 2021 Page 199 recommended at the core and distribution levels. At the access level, point-to- point or point-to-multipoint architecture is followed. 15.6 Network path protection: Data networks are critical applications for Railway operation and the data devices at various locations are required to remain connected to the network all the time. At the core levels, the availability of 100% is required and this is achieved by adopting mesh architecture. It should be ensured that a single failure in the network will not cause interruption of services. At the access level, availability of better than 99.9% is desired for each location. This can be achieved through provision of proven equipment along with path diversity, equipment redundancy, multiple service providers connectivity etc. Wherever feasible channels utilized from Railways shall be protected by provision of alternative path by protection switching. Channels utilized from RCIL/other service providers shall always be protected by provision of alternative path by protection switching. In the event of any of the communication links being provided by the operators through public networks, adequate protection in the form of VPN and using encryption is to be taken. 15.7 Network Devices: The various devices used in the data network other than the nodes on which the applications reside, along with their interface specifications are given below: 1. Modems a. G.703/V.35 b. G.703/G.703 2. Switches a. L2 PoE switch b. L2 non-PoE switch c. L3 switches 3. Routers 4. UTM/Firewalls 5. LAN extenders 6. WiFi Access Points and Controllers 7. Interface Converters 8. Media converters 9. DSLAM, ADSL, 10. GPON/, EPON 15.8 Network extension: It should be possible to add new network devices either at existing locations or at new locations by extending the WAN. The network components should be so selected to permit scalability without having to replace existing network components. At least 25% spare equipment should be planned for equipment like modems, UPSs, switches, LAN Extenders etc. Spares are recommended in N+1 configuration in each critical location for core level network equipment like High end routers, manageable switches, Servers, Firewall etc., for efficient maintenance of the Networks. If any department has its own dedicated network installed by them, scope of S&T department will be limited to provision of railway telecom connectivity if it is feasible. Indian Railways Telecom Manual - 2021 Page 200 15.9 Access from public network: Wherever it is necessary to allow access to Railway Data networks from public networks like the Internet, such access may be permitted only at protected points where network must be adequately protected through provision of firewalls/Intrusion Prevention System (IPS)/ Intrusion Detection System (IDS) etc. 15.10 Network Security: The main aspects of security is: 15.10.1 Network Access Control: The access control protocols perform three functions: (a) Authentication: Authentication is the process of identifying and verifying a user. Only authorized personnel should be permitted access the network resources. This is important for Network and also wireless access. Network security starts with authentication, commonly with a username and a password (termed as one-factor authentication). With two-factor authentication, something the user 'has' is also used (e.g., a security token or 'dongle', digital certificate dongle, an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan). (b) Authorization: It provides capabilities to enforce policies on network resources after the user has gained access to the network resources through authentication. After the authentication is successful, authorisation can be used to determine what resources the user is allowed to access and the operations that can be performed. (c) Accounting: It provides the means of monitoring and capturing the events done by the user while accessing the network resources. It even monitors how long the user has an access to the network. The administrator can create an accounting method list to specify what should be accounted and to whom the accounting records should be sent. 15.10.2 Network Protection, Intrusion Detection and Intrusion Prevention: All computers on the network should be protected against viruses by installing suitable antivirus software. This is necessary as viruses can also slow down the network speeds apart from affecting the computers. Enterprise level antivirus software with control of the network administrator should be installed. Another important aspect of security is to prevent outsiders from monitoring the network or disrupting the network. Periodical Network Auditing should be done. Policies issued by Railway Board from time to time regarding network security should be complied during periodical network auditing. Network security is achieved through deployment of: (a) Firewall: First level of defence at the network perimeter. State full inspection of packets based on protocols. Indian Railways Telecom Manual - 2021 Page 201 (b) Intrusion detection and Protection system: Signature identification, Protocol identification etc. Detects and Drop the suspected packets. (c) UTM (Unified Threat Management) is just another name for an all in one security appliance. A UTM appliance will consist of a firewall as well as other key security features such as spam filtering, web filtering, anti-virus, anti-spyware, anti-phishing, IPS/IDS, DOS and DDOS protection, Application filtering, Network Access and Bandwidth Management Control , VPN's and so on. 15.11 Network Management system and Traffic Monitoring: 15.11.1 Network Management System (NMS) is an essential part of any data network to monitor the health of the network. It is an essential tool for managing the complete data networks using SNMP protocol based on open standards. The Network Management System can do various tasks like configuration, diagnostic, provisioning, security and originating various MIS reports to be utilized by the Network Manager. NMS also has the facility of performance monitoring through resource utilization graphs. As far as possible traffic logs from various network devices may be recorded at a central server for analysis purposes. 15.11.2 Indian Railway Data Network being very large in size there may be several NAMes at different locations controlling different segments of the network. Each division and zone should have integrated NMS at their Network Operation Center (NOC) in standby mode. Network administrators will exercise total control over the network through the NMS. 15.11.3 The policy for network access control shall be Approved by PCSTE and should be reviewed periodically. 15.11.4 The password for router, switches, servers, modems, UTM, CCTV and all other IT equipment in the division to be available with Test Room. It is to be ensured by all JE/SSE/Tele/Incharge to get it noted down to Test Room during commissioning of any system. 15.12 List of the Test and Measuring Equipments: Communication Analyzer Ethernet Analyzer Protocol Analyzer The measuring instruments generally used are BER meter LAN cable meter Other latest measuring instruments if any. 15.13 Measurements: The various measurements which are required to be done on Data network for trouble- shooting and for performance monitoring of the network are listed below: BERT: Simple bit error ratio test. Indian Railways Telecom Manual - 2021 Page 202 G. 821,G.826 and M.2100 performance analysis : The G.821 is an out of service measurement whereas G.826 and M.2100 are in-service measurements. The tests are normally conducted for 48hrs. These tests are required for the WAN segment for different bandwidth. For the LAN segment Ethernet analyzer is used for testing and monitoring the performance. Jitter and Wander: Intrinsic Jitter Maximum Tolerable Jitter Jitter Transfer Function Wander. LAN cable: By using LAN cable meters. Any other measurements or tests suggested by manufacturers. 15.14 Fault Diagnosis: The fault diagnosis is categorized into three Hardware Software Media/Channel - The datacom equipment is provided with visual indications by which the status of the equipment can be known. The next option is by login into the equipment and test the equipment with standard commands given by the manufacturer. - The software part like IOS of Routers and other intelligent/managed equipment can be checked or upgraded to higher versions depending on the type of the fault encountered. - The media which actually connects two locations through interface device can be checked with testing facility given on the interface device or through measuring instruments. The BER of the media/channel is generally measured to know the percentage of errors and other related information. 15.15 Environment, Rack and Flooring: All Core and critical network datacom equipment should be housed in air- conditioned rooms. Other datacom equipment should be housed in a dust free environment, preferably air-conditioned. The equipment should be housed in a standard 19” rack with front and back openings to facilitate ease of maintenance. The Datacom equipment rack should be provided with power supply distribution panel for AC/DC distribution. Good quality earth with value less than one Ohm should be provided. The rack should be placed in such a way that sufficient space is available in the rear and sides of the rack from the walls, typically 1.2 mtrs for ease of maintenance and proper air circulation. Cabinet/equipment cooling fans should be provided especially for the routers. False flooring is recommended for the Data Centre so that various cabling systems can be accommodated within the flooring. The flooring should be anti-static. Data Centre floor strength shall be designed to carry loads up to 600 Kg/sq.meter. Illuminated & usable clear space of at least 7.5 feet to 8.5 feet shall be provided between the false floor & false ceiling for housing the Indian Railways Telecom Manual - 2021 Page 203 Data Centre equipment. The raised floor height should be 24” and in any case not less than 18”. On-line UPS should be provided preferably with two UPS systems, one for the main system and the other as backup supply. The datacom equipment shall be installed in n x U size racks of required size. The equipment room shall be free from dust and temperature within the room shall be maintained as per the equipment manufacturer data sheet. In addition to equipment room, maintenance supervisor room cum store room shall be provided to store spares and other important equipment. At Zonal Headquarters where Network management System is proposed, the room size can be decided as per requirement. 15.16 Earthing: Earthing is extremely important for reliable working of Datacom equipment and for protection from lightning and surges. Earthing arrangement has to be done as per chapter on earthing and surge protection for telecom installation (chapter XXIII ) 15.17 Power Supply: The power supply whether it is AC or DC is the heart of any equipment. Standard values at the input to be made available to the equipment. The type as well as capacity of power supply required for the equipment to be decided at the time of designing of new networks and for existing networks enhancement of power supply has to be done whenever necessary. Uninterrupted Power supply has to be provided to increase the life of the equipment as well as to keep up the availability of the location/node. The capacity and redundancy of the UPS is to be decided taking into consideration availability of local power supply, standby supply , importance of the location. UPS in N+1 redundancy mode with sync control option shall be provided for all core network equipment. Wherever feasible –48V DC supply shall be used for Data Communication Equipments. 15.18 Maintenance Schedule: i The datacom equipment shall be kept clean and tidy without dust and shall be cleaned regularly and to be inspected once in a year by SSE/JE incharge. ii The diversity channels shall be checked at least once a month by switching off main channels and ensure that automatic switch over/routing is taking place. iii Condition of underground cables to be checked by carrying out routine checks done for U/G cables. iv OFC cables and connectors to be checked as per routine checks done on OFC. v The Antivirus patches to be updated in NMS system time to time. vi In addition to the above, any other checks suggested by manufacturers Indian Railways Telecom Manual - 2021 Page 204 15.19 Do’s and Don'ts: Do's: i. Do write the configurations changes if any done in a register so that proper documentation is done for performance analysis and recode purpose. ii. Take the print outs of the configuration of the routers and document them. iii. Store the configuration files of the routers in softcopy so that they will be useful at emergency whereby with one command entire configuration can be copied thereby reducing the down time. Take backup of the router configuration every time the configuration is changed. iv. Do proper lacing of the internal wiring, v. Protect the cables from rodents where cabling is done through false flooring. vi. Train the staff and update the knowledge to maintain the network more efficiently. vii. Use ESD wrist bands while handling datacom equipments viii. Use a good quality earth and maintain the earth resistance below 1 Ohms ix. Change the password of router/servers once in a month x. Follow the housekeeping procedure of clearing the event and performance logs of the NMS at specified intervals. xi. Plan replacement of UPS batteries as per the specified lifecycle. xii. Keep the operation and maintenance manual handy. xiii. The bills and Guarantee/warranty cards of the datacom equipment should be kept handy to use it when required. xiv. Check the backup links at least once a month. Don’t's: i. Do not change the hardware of the routers like data cards when the router power supply is ON unless it is clearly mentioned that it supports hot swapping. ii. Do not change the V.35 Data cable when the router and modems are ON. iii. Do not change the IP addressing scheme and IP address of the working network without the written permission of the Network Administrator. iv. Do not change the configuration of the router without the permission of the Network administrator. v. Do not run down the batteries of the UPS below specified level. vi. Never switch off the datacom equipment without following the proper shut down procedure vii. Do not share the passwords of routers’ and servers with your colleagues. viii. Never use water to clean the equipment room. ix. Don’t use water based fire extinguishers for datacom installations. -x-x-x- Indian Railways Telecom Manual - 2021 Page 205