CaseStudy_ICBC_Network_Solution in China.pdf

Background

To enhance industrial competition, meet high requirements of customers and keep its leading position, ICBC (Industrial and Commercial Bank of China) decides to rebuild the previous network system and improve hardware environments of over 600 system nodes so as to accommodate to the development demands of new generation of finance industry.

Project Analysis

1. This system needs rebuild the existing system, which has run for many years, on a large scale, and construct one hardware platform with powerful extensibility for coming services.
2. Due to the intrinsic limitations of previous network design, the existing network can not meet expansion requirement of coming services. For example, the previous network mode can not smoothly access OA network and has no way to transmit IP packets to network nodes; simultaneously, the communication bandwidth is too narrow, services of network nodes are too simple, and the extensibility is poor. Moreover, high fault rate and low efficiency have emerged.
3. With the increase of system services, in a word, the existing network is far from adapting to new requirements. So, it is necessary to construct one new system to expand service scope, enhance QoS and fully advance hardware performance.

After comprehensive technology demonstration and analog testing, Maipu MP2600 enterprise router and Maipu Modem are chosen finally to rebuild the network from  ICBC suboffices to service nodes on a large scale.

Implementation

1. Use MP2600 router to connect new and old equipments on one network node. This application can not only substitute for hosts and multi-user cards, which have relatively high fault rate, so as to relieve network maintenance of engineers and enhance the efficiency of network nodes, but also realize IP packet transmission of network nodes so as to provide a good application environment for a variety of applications under the IP network and coming system services such as E-Bank.
2. For the access of previous terminals on banking system nodes, the function of FixedTerminal, which MP2600 router possesses, is adopted to realize perfect terminal access. And one virtual terminal number can be fixed onto one client, without adopting TELNET or RLOGIN mode. By means of the function, network engineers can manage and monitor each client so as to meet the new systems requirements to terminal fixation. Additionally, this function has unexampled advantages on system security. As an advanced technology aiming at terminal security access of finance industry, FixedTerminal can, without opening port 23 of one host, realize client terminal access of network node and fix terminal number. By means of the technology, an important security hole can be covered so that network attackers can be prevented effectively. This is very important for E-Bank.
3. In addition, when realizing security access of previous client terminals, MP2600 series routers can simultaneously provide a powerful hardware platform for you to realize many applications such as easy access of OA network and IP phone modules. Moreover, modular design and modules MP2600 router provides can offer great upgrade space for future network rebuilding. That is to say, little investment in future network rebuilding can greatly enhance network performance, for example, multiple Ethernet/WAN ports and 2M access can be provided. With the development of finance informationization, the advantages of network rebuilding will emerge more in following years.
4. Allowing for passive 2-core cables of remote network nodes, this solution adopts high-performance MP128 series base-band Modems, which can realize 128K speed and 5~7 Km transmission distance as transmission equipments. And the special Modem network management system has been established to realize the remote maintenance of all Modems. At the same time, in view of how to ensure normal business of network nodes when main line is broken, this solution also adopts built-in frequency-band Modem module as dialing-up backup line to realize automatic switch of services from master line to backup line.

Network Topology Graph

Solution

1. Remote network node uses MP2642 router to connect with the center router of one ICBC subbranch via telecom DDN or leased lines. And local service terminals in ICBC subbranch can connect directly to MP2642 sub-center router (with one 16/32-asynchronous-serial-port module) to realize the integration access of client/terminal, ATM and IP services.
2. Through the MP2600 router, one terminal can access up to 5 FEPs (Front-End Processor) in different LANs of ICBC subbranches and branches, without enabling the TELNET service of FEPs. This mode can not only realize integrated client services easily, but also ensure the security of FEPs. Additionally, this mode occupies little resource of FEPs and has no need of additional IP addresses.
3. MP2600 router supports SNA and DLSw, and can adopt SDLC mode to realize ATM access so that one WAN port, which connects with one access router (such as Cisco 2522) can be saved. In this solution, the Ethernet mode is adopted for ATM to connect with MP2600 router.
4. The main line of MP2600 router on each network node adopts the built-in transmission mode. Moreover, the design of route transmission all-in-one can enhance network reliability. The dialing-up backup of built-in frequency-band MODEM or ISDN module can keep services uninterrupted.
5. ICBC subbranch can adopt MP2644/MP2642 as an access router, without occupying ports of Cisco router. All MP2600 series routers not only support an IP phone module (with particular second-dialing), which can be used to realize free IP phone within the network, but also provide one IPSEC hardware encryption module, which has passed state authentication, to meet system requirements to network security.
6. MP9600 can provide up to 8.192Mbps serial-ports to satisfy the demand of future high-speed communication. Moreover, MP9600 can also provide IP-based value-added services.
7.  Wide application of this solution can provide a platform for ICBC CB2000 system to run.

User Feedbacks

After Maipu2600 series routers and Modems were applied to the network rebuilding of  ICBC, the efficiency of the previous finance system are enhanced widely. Since the new network operated, the performance of each network node has been advanced greatly. Presently, the system has passed the pressure testing of six training classrooms of CB2000 saving system and has operated for about three months, MP2600 and the whole network system is running steadily and each service of the new system is in order. It is clearly that the new network can fully meet the requirements of new services. Thus, the construction of E-Finance will be strengthened continuously, and one saving system with higher performance will be realized by the end of July.