Background
China’s eGovernment extranet is the most important communication network in China’s move toward a more service-oriented government. The extranet connects multiple government departments, councils, and courts to provide data transmission services. It supports network connection, service collaboration, and information sharing to meet the requirements of social management and public services. The network carries public-oriented service application systems and enables nationwide basic information sharing.
Challenges
Non-compatible IT systems
WAN IP addresses in some locales did not comply with China’s unified network development standards, slowing cross-level eGovernment services deployment.
Inadequate network security protection
The legacy network security protection system could not meet service requirements because the:
Network had no unified security protection policy
Protection system was not standardized
Network egresses suffered from weak security
Solution
Huawei provided a state-of-the-art network architecture for the extranet project. The solution used advanced reliability protection technology, such as a Hierarchical Virtual Private Networks (HVPN) to enhance information security and key services protection without increasing investment.
Isolates departments at different levels
The solution uses Huawei NE80E and NE40 routers to develop the:
Central Metropolitan Area Network (MAN) and backbone Wide Area Network (WAN)
Internet egresses
Network management center
Local government access network
Department access network
Virtual Private Networks (VPNs) at all levels directly access the backbone and departments from municipal and county levels, municipal VPN Internet access, and visiting Internet traffic go through a special VPN. Internet surfing data streams are separate from service data for better security.
Interconnects departments
The system uses Multi-Protocol Label Switching (MPLS) VPN technology to connect central government and provincial ministries on a horizontal plane. Vertically, it achieves the interconnection inside a department among different government levels. Huawei network management software keeps the original service model unchanged while upgrading the extranet and service reorganization connects departments both horizontally and vertically.
Isolates eGovernment subsystems
The VPN tunnels divide the government extranet into ministry networks and services networks where HVPN technology separates the ministry and services networks. This enables the system to locate and rectify faults in a VPN without interfering with services outside the VPN, enhancing network reliability.
The network provides network access, application support, and security protection for government departments, enabling level-based services classification and multi-service bandwidth resource sharing to improve bandwidth use. When an active node or transmission link fails, the system supports the automatic service switch-over within 50 ms, which improves the system stability and reliability.