Contract No. GS00T99NRD2001

Modification Number: PS38

Effective Date: 07/15/02

3.3Internet Protocol Internetworking Service (C.2.3.3)

Networks based on the TCP/IP protocol suite are the most prevalent data communication networks in existence. This connectionless service interoperates with the widest variety of applications and external networks. As such, IPS is the leading candidate for providing true, Government-wide connectivity. Its interoperability with the Internet will also be a vital link between Government and public networks. The Government’s IPS user community is expected to be among the fastest growing and most widely used during the period of this contract. The following sections provide the requirements for IPS.

Sprint is currently the largest provider of Internet services in the world and has been instrumental in the Internet’s development from the beginning.

In 1991, the U.S. National Science Foundation (NSF) selected Sprint as its International Connections Manager, responsible for implementing and operating a TCP/IP-based router network service that connected the U.S.-based NSFnet with research and education networks overseas. Initially, Sprint connected research facilities and universities in the United States with networks in Stockholm, Sweden, and Sophia Antipolles, France. Still in operation today, Sprint’s international network has joined the international network of Global One to include Australia, Belgium, Brazil, Denmark, France, Guam, Hong Kong, Ireland, Italy, Japan, Jordan, Luxembourg, Netherlands, Norway, Portugal, Russia, South Africa, Spain, Switzerland, and United Kingdom.

In 1992, Sprint launched the first commercial internet service among inter-exchange carriers. Called “SprintLink”, the service became accessible to customers nationwide. Now utilizing our 100 percent digital, fiber-optic backbone, Sprint’s Internet service currently carries one (1) terabyte, or one trillion bytes, of information daily.

Sprint’s suite of Internet Protocol (IP) based services provides the Government global connectivity of LANs, hosts, and remote users. These services support all the Internet Protocol Internetworking Service (IPS) requirements including dedicated and modem dial-in access to the global internet, Virtual Private Networks (VPN) or Extranets, and firewall security services. Sprint’s suite of IP Services is comprised of:

• Internet Service – Provides access to the global Internet

• Intranet Service – Establishes Virtual Private Networks (VPNs) or Extranets

• Security Services – Provides comprehensive firewall security services

Service Delivery and Overall Network Architecture and Design (L.38.1.1(a))

(L.38.1.1(a)) The overall network architecture, including the types and capacity of the transmission and switching media, the transmission facility(ies) configuration, and the type of equipment used in its network.

Sprint’s Internet Service

Sprint’s Internet Service offered under FTS2001 will provide access to the global internet with a high speed IP over SONET, router based infrastructure that supports a significant portion of the global internet traffic. Sprint’s Internet Service network has nodes located throughout the United States and connects to all global internet exchange points, called Network Access Points (NAPs), as shown in Figure 1.B.3-17. NAPs are the inter-exchange point for National Service Providers of the internet. Sprint operates the Pennsauken, NJ NAP and supports a significant portion of the global Internet by transporting XXXXinternet traffic every day.

The network architecture for Sprint’s Internet Service network is two tiered, with an Access Layer and Transport Layer XXXXXXThe Access Layer provides users access to the global internet, through Dedicated Access Facilities (DAF) ranging from 56/64 kbps to DS3 (44.736 Mbps) data rates. The Transport Layer is a high speed SONET OC3/OC12 backbone infrastructure that interconnects all Access Layer nodes and transports traffic across the Internet Service network.

X

The Transport Layer XXXrouters in the backbone are interconnected by Sprint’s SONET ring network.XX

XTherefore, with Sprint’s implementation of SONET technology, the network is able to route around failures almost instantaneously to provide superior survivability and reliability.

Sprint’s Intranet Service

The Intranet Service is Sprint’s unique solution to establishing VPNs or Extranets for information sensitive and mission critical IP applications. Furthermore, with Sprint’s IP Services a user can connect to a host or LAN that is attached to the global internet or to the Government’s VPN via a local or toll free telephone number from anywhere in the CONUS and Canada.

Sprint’s Intranet Services network is physically separate from the global internet providing remote dial-in connectivity for mobile users and VPN services with enhanced security, reliability, and performance.XX

XXXThe Intranet dial-in facilities provide dial-in modem connectivity to the Intranet and Internet Services networks. X

X

X

XXThe Intranet dial-in facilities allow users to dial-in within the CONUS to access a host or LAN connected to the global internet, Sprint’s Intranet, and Sprint’s frame relay network. A user with a PC and a modem can dial a local ten-digit number, an 800 toll free number, or ISDN BRI connection, and establish a PPP connection to an Intranet dial-in facility. All calls are validated, through an authentication process consisting of a User ID and Password combination administered by the Intranet Security Server. Once the call is

authenticated and a valid connection is established to the Intranet, the user may access any host or LAN attached to the Intranet network or the global internet. Furthermore, the dial-in user is able to access LANs or hosts on the frame relay network XXXSprint’s Security Services

Security is an architectural consideration for any IP network. Concerns about unauthorized computer access of both public and private networks, prompted Sprint to lobby Congress for passage of computer crime legislation during the mid-1980’s. These efforts were instrumental in the passage of the Computer Security Fraud and Abuse Act of 1987. As the Governments networking requirements continue to expand globally, the transport of data over internetworked networks becomes more widespread. Ironically, the very technology that lets information be shared by hundreds or thousands of employees also provides pathways through which unauthorized users can enter unprotected computer systems.

Recognizing the Government’s concerns for security, Sprint provides a comprehensive security solution that protects the Government’s computer systems and decreases your vulnerability to unauthorized users. Sprint has been providing security services since 1976, making Sprint one of the principal companies leading the fight against fraud. In addition, Sprint’s Security Services includes a complete IP Security Services consisting of design, implementation, maintenance, and dedicated 7x24 hour security system monitoring.

Sprint’s Security Services consist of the following:

Data Network Security Presentations and Consulting. Sprint’s dedicated data network security staff, experienced in the technical and investigative aspects of the IP security, are available to discuss security requirements and issues as well as develop a detailed data network security design.

24 Hour Investigative and Security Support. Security support is available 24 hours a day, 7 days a week, to address reported security breaches, attempted breaches, and other security concerns. A dedicated data network security group is ready to assist at the Government’s request.

Liaison, Law Enforcement, and Prosecution Assistance. Sprint will serve as a liaison between the Government, other data network providers, and law enforcement agencies, when appropriate. At the Government’s request, Sprint will provide expert technical witness services when needed.

Dedicated security support, 24 hours a day, every day. One of Sprint’s experienced regionally located Security Support Managers may be assigned to assist with security issues any time of the day.

Access Management Services. Sprint will configure initial basic access lists on all Sprint provided customer premise routers managed by Sprint. Access lists can be used as a first line of defense from unauthorized data network traffic from entering or leaving the FTS2001 network. The level of access list configuration is limited to specific protocols and provides very basic levels of protection. This technology should be coupled with Sprint’s other security solutions to provide a full line of defense.

Sprint Managed Security Solutions. Sprint offers a complete line of managed IP Security Services that include, firewalls, strong authentication, encryption, and VPN services. The Sprint Managed Security Solution contains the following services:

Design and Consulting Support- Sprint will work with the Government to identify and document all network security requirements and concerns. X

Implementation Support – Sprint will fully install and configure the security systems XXXX

Monitoring & Management – Sprint will provide real-time, proactive monitoring and management XXXXXXXXXXX

Security Reporting - Sprint will provide monthly security system activity reports XX.

Network Architecture (L.38.1.1(b))

(L.38.1.1(b)) The rationale for the network architecture design.

The hierarchical design modularizes Sprint’s complex and large Internet Protocol networks into component elements of functionality. The key functional elements of Sprint’s network design, as discussed earlier, are access and transport. The advantages of Sprint’s hierarchical network architecture are:

• Scalability

• Manageability

• Optimization of performance

Scalability

Scalability is the primary advantage of a hierarchical network. Sprint’s hierarchical design is more scalable because it segments the network into smaller components that can easily grow without encountering the difficulties associated with flat or linear architectures. XManageability

The hierarchical network design offers several management advantages. Partitioning the network into smaller elements reduces the complexity of the large Internet Protocol network.

XXXRationale for Intranet Service Network Architecture Design

The Intranet network shares the same two tiered architecture and design principles as the Internet Services network; however, the Intranet network is physically separate from the general internet, allowing users to perform IP applications in an environment that is removed from the security problems and instability associated with the general internet. This network’s hardware and software platforms are completely managed and maintain in-house by Sprint, creating a controlled, secure, and stable environment.The Intranet is a true VPN or Extranet solution designed for security and reliabilityXX Furthermore, this controlled environment, eliminates the fluctuating and chaotic nature of the general internet, and establishes a stable networking environment for mission critical and information sensitive IP applications.

Congestion and Flow Control (L.38.1.1(c))

(L.38.1.1(c)) Congestion and flow control strategy including redundant switch and transmission facilities, control mechanisms, and the degree of flexibility inherent in the architectural design to handle predicted and unpredicted increased traffic loads and/or switch and transmission failures

Redundant Switch and Transmission Facilities

X

XThe Intranet/Internet networks have a SONET infrastructure that provides instantaneous rerouting capabilities. XXXX

Sprint Equipment at Government Locations (L.38.1.1(d))

(L.38.1.1(d)) The amount of the offeror’s equipment that would be required at Government locations to deliver the services, including the amount of power, floor space, along with heating, ventilation, and air conditioning loads.

Sprint’s IPS may require equipment at the Government’s Service Delivery Point (SDP). As illustrated in Figure 1.B.3-21, IPS service requires a router and a physical termination device. Sprint’s IPS may require the following equipment at the Government’s SDP:

• Router

• Power Conversion Equipment

• Physical Termination Devices:

– Channel Bank

– Channel Service Unit/Data Service Unit (CSU/DSU)

– Inverse Multiplexer (IMUX)

–Intelligent Digital Service Unit (IDSU)

XXRouter

A router is a special-purpose, dedicated device that attaches to two or more local area networks (LANs), encapsulates multiple protocols into IP packets, and routes the IP packets from one network to the other over Sprint’s Internet Protocol wide area network (WAN). The networks can use different LAN protocols. Routers forward packets between your internal network(s) and Sprint’s Internet Protocol network.

The power and environmental requirements for a typical router are detailed in
Table 1.B.3-19.

Table 1.B.3-19 Power and Environmental Requirements for a Router
Mount: / Rack Mountable
Power Supply: / -48 Volts dc nominal
Equipment size: / 1.75” x 17.5” x 10.56”
Temperature: / 40 to 185 degrees F (-40 to 85 degrees C)
Humidity: / 95 percent (non-condensing)

Power Conversion Equipment

Power distribution may be required in instances where there are large amounts of specialized equipment located at Government locations. Power, in the simplest form, will require a standard 110-120 Vac/15A grounded plug into a wall receptacle. The floor space and power requirements for these power conversion units detailed in Table 1.B.3-20

Table 1.B.3-20 Floor Space and Power Requirements

Mount: / Rack-mounted
Equipment size: / 22-1/2” x 16” nominal
Power: / 109-125 Volts AC
Temperature: / 0 to 50 degrees Celsius
Humidity: / 95 percent (non-condensing)

Physical Termination Devices

Physical Termination Devices include Channel Banks, Channel Service Unit/Data Service Units (CSU/DSUs), Inverse Multiplexers (IMUXs), and Intelligent Digital Service Units (IDSUs). Sprint will select the appropriate Physical Termination Device to meet the Government’s access requirements.

Channel Bank (CB)

Channel Banks are employed to provide DS1 circuit termination at a Government location requiring mostly voice service and minimal data services. Sprint provides integrated voice and data service XXXXXXXXas specified by the Bellcore Pub: SR-TSV-002275 and the ANSI T1.102/107/403 standards. The typical power and environmental requirements for a typical Channel Bank are listed in Table 1.B.3-21.

Table 1.B.3-21 Power and Environmental Requirements for Channel Bank

Mount: / Rack-mounted or standalone
Equipment Size: / 22-3/8” x 15” nominal
Power: / -48 Volts DC nominal
Temperature: / 0 to 50 degrees Celsius
Humidity: / 95 percent (non-condensing)

Channel Banks multiplex and demultiplex the DS0 sub-channels into a DS1 channelized or fractional DS1 channelized circuit to support voice and data traffic, as illustrated in Figure1.B.3-22.

XXChannel Service Unit/Data Service Unit (CSU/DSU)

The CSU/DSU is required for service monitoring, troubleshooting and signal conversion and to provide the proper interface for DS1 circuit termination. The CSU/DSU provided will

be resident on Government sites. CSU/DSUs are required for data services at fractional DS1, 64/56 kbps, 19.2 kbps, 9.6 kbps, and 4.8 kbps data rates. The typical power and environmental requirements for a typical CSU/DSU are listed in Table 1.B.3-22.

Table 1.B.3-22Power and Environmental Requirements for CSU/DSU

Mount: / Standalone
Equipment size: / 3.125” X 12” X 8.5” nominal
Power: / 115 Volts AC
Temperature: / 0 to 45 degrees Celsius
Humidity: / 95 percent (non-condensing)

Inverse Multiplexer (IMUX)

Inverse Multiplexers are required at the Government’s SDP for dedicated access rates ranging from 6 to 12 Mbps service on Sprint’s IPS. The typical power and environmental requirements for a typical IMUX are in Table 1.B.3-23.

Table 1.B.3-23 Power and Environmental Requirements for IMUX

Mount: / Rack-mounted or standalone
Equipment size: / 17.2” X 2.8” X 11” nominal
Power: / 120 Volts AC
Temperature: / 0 to 50 degrees Celsius
Humidity: / 0 to 95 percent (non-condensing)

Intelligent Digital Service Unit (IDSU)

The Intelligent Digital Service Unit (IDSU) is required at the Government’s SDP for Sprint’s IPS DS3 (45 Mbps) data rate dedicated access. The IDSU provides the physical layer interface between the router and the network to support the DS3 circuit. The typical power and environmental requirements for a typical IMUX are in Table 1.B.3-24.

Table 1.B.3-24Power and Environmental Requirements for IDSU

Mount: / Rack-mounted or standalone
Equipment size: / 17.2” X 2.8” X 11” nominal
Power: / 120 Volts AC
Temperature: / 0 to 45 degrees Celsius
Humidity: / 0 to 95 percent (non-condensing)

Traffic Calculations (L.38.1.1(e))

(L.38.1.1(e)) Traffic calculations that indicate network and service performance during estimated normal, 10 percent, 25 percent, and 50 percent above the estimated normal FTS2001 traffic loads and the means to ensure achieving the required performance as specified in this solicitation.

Sprint’s network can pass the toughest stress test under any predictable GSA loading scenario. Our network will function without effect on quality of performance when various percentages of loading increase are applied to projected FTS2001 average switched data service loading. XXX

XXXImpact of Feature Usage on Service Performance (L.38.1.1(f))

(L.38.1.1(f)) An assessment of the impact of various levels of feature usage on service performance.

XXX

Network Control and Diagnostics (L.38.1.1(g))

(L.38.1.1(g)) A description of network control and diagnostic capabilities and systems, including equipment and procedures for monitoring and testing each of the services and associated features.

Sprint’s Internet/Intranet Service Center (ISC) is dedicated to supporting Sprint’s Internet and Intranet services. It operates continuously – 24 hours-a-day, 7 days-a-week, 365 days-a-year. The ISC is a fully-integrated, technical assistance center, staffed by trained Internet engineers. The ISC focuses on customer support and fast problem resolution.

XX

Network Transmission and Synchronization Plans (L.38.1.1(h))

(L.38.1.1(h)) Network transmission and synchronization plans for the various services

Network synchronization, the communication timing within and between networks, plays a critical role as high-speed communication networks span the globe. Sprint is particularly well suited to handle the Government’s demand for worldwide data transmission because of our 100 percent digital, fiber-optic network in the U.S.—the ideal transmission medium for high-speed data transmission.

Digital network synchronization as implemented on the Sprint network, assures that the network can transport data end-to-end and interconnect with other networks with minimal degradation. The benefits of Sprint synchronization include transmission clarity, virtually error-free operation, and survivability using Digital Cross-connect System (DCS) devices.

Sprint uses either a LORAN (long range navigation) or a GPS (Global Positioning Satellite) Primary Reference Source at all of our nodes and switch sites to the Government with state of the art plesiochronous synchronization.XXXXXAs the first U.S. carrier to provide 100 percent fiber-optic transport with plesiochronous synchronization, Sprint delivers advanced, reliable telecommunications services. The Sprint network uses a plesiochronous method of providing Stratum 1 timing sources at different network nodes rather than one centralized source. The plesiochronous technique does not experience timing degradation of long timing distribution links. This synchronization method is uniquely suitable to a total fiber-optic network because of the automatic reconfiguration capability provided by diverse fiber links from a node to different Stratum 1 clocks, which are provided via Loran-C systems.