Contract No. GS00T06NSD0002

Modification Number: TBD

Effective Date: TBD

International Carriers and Service Providers Performance Standards (L.38.1.1(l))

(L.38.1.1(l)) Discussion of the performance standards associated with the international carriers and service providers the offeror proposes to use.)

Performance standards are continuing to evolve for both global and domestic Internet services. Sprint is a leader in providing Service Level Agreements for customers, including commitments for availability, busy-free access, and latency.

The Global IP service will provide high quality, public internet access for FTS2001 users. Global IP currently provides customers and peer networks throughout the world a variety of services. For example, Global IP provides transit to other peer networks and access to other Global IP customers.

Global IP is a premium global Internet service, offering worldwide Internet routes with high performance and minimal delay. Through peering relationships, the Global IP network efficiently exchanges traffic with other major networks at Internet exchange points around the world. Global One’s customer service and network management centers, staffed by Internet and IP experts, address the full support requirements of Internet providers and users.

X Backbone capacity (link and router) is continuously monitored and capacity is added as necessary. XGlobal IP routers are co-located at Global One Operation Centers—environmentally protected switch sites strategically situated throughout the world. Arranging the routers in this method enables Global One to take full advantage of local access to provisioned fiber optic transport facilities, which can be private leased line, International Private Lines (IPLs), or frame relay nodes, and accommodates local technical support from Global One engineering staff.

The overall design goals of the Global IP service include minimizing delay via the shortest path and minimizing the number of router hops. The Global IP network is designed so that customer traffic traverses an average of only two IP node sites before reaching potential interconnect sites.

Optimizing the Government’s Switched Data Cost Effectiveness (L.38.1.1(m))

(L.38.1.1(m))Network evolution approach to optimizing the Government’s switched data cost-effectiveness (e.g., by extending network concentration and switching points).

Sprint has both a near term and long term technological solutions to minimize access costs by provisioning Switched Data Services. Our plan is to utilize Switched Data Services to provide remote concentration XX

XXXX

XXXX The Sprint Government Services Division sales and engineering teams will develop customized solutions that exceed the Governments performance requirements and also minimize the Governments costs. Every solution will be evaluated based upon traffic pattern, traffic volume, as well as usage duration. Sprint will

minimize the Governments costs by conducting engineering trade-off studies to determine how to minimize access charges.

Approach to Achieve IPS Interoperability (L.38.1.1(o))

(L.38.1.1(n)) Approach to achieve IPS interoperability (see Section L.38.1.3.4)

Sprint will provide interoperability of IPS with Internet and the Federal Government IP networks through existing connectivity with every Network Access Point (NAP) for Internet and with both Federal Internet Exchange (FIX) points for the Federal Government IP networks. These FIXes are located at Moffit Field, CA and College Park, MD. After contract award, Sprint will coordinate with the Federal Networking Council for interconnection standards.

XThe Internet is essentially multiple networks that are linked. The links between networks are called interconnect points and are gateways between networks, (like Sprint Internet Access Service), to other National Service Providers (NSPs). The network of internetworked Internet Service Providers (ISPs), through high-speed interconnect points, forms the backbone of the Internet. Sprint Internet Access Service continues to maintain as many Internet Service Provider interconnect points as are reasonably required. Table 1.B.3-26 identifies Sprint’s Internet Access interconnect points and the speeds of the connections:

Table 1.B.3-26 Sprint’s Internet Interoperability
Interconnect Points / State / Speed
Commercial Internet Exchange (CIX) / CA / X
Federal Internet Exchange (FIX)-East (through ICMNet) / MD / X
Federal Internet Exchange (FIX)-West (through ICMNet) / CA / X
Metropolitan Area Exchange (MAE) - East / DC / X
MAE - West / CA / X
Pennsauken NAP / NY / X
Chicago NAP / IL / X
Stockton NAP / CA / X

Sprint privately peers with several National ISPs, offering connection to the global Internet.

As a current operator of significant portions of the global Internet, Sprint achieves IPS interoperability continuously around the globe. Sprint engineers work closely with other NSP technical resources to ensure seamless routing, even distribution of traffic, and equitable allocation of capacity to all users. Using a variety of public and private peering arrangements, and the latest and most advanced routing and switching equipment, Sprint is already delivering complete IPS interoperability today to millions of Internet users. The Government will receive this proven, reliable IP service through our FTS2001 IP service.

3.3.1Internet Protocol Internetworking Service Access Requirements (C.2.3.3.1)

3.3.1.1Basic Service Description (C.2.3.3.1.1)

IPS shall support connectionless service between users (i.e., IP hosts) for execution of applications based on protocols, such as File Transfer Protocol (FTP), SMTP, Hyper-Text Transfer Protocol (HTTP), and connection to remote hosts (TELNET).

SprintIP will provide connectionless service between users (i.e., IP hosts) for execution of applications based on protocols, such as File Transfer Protocol (FTP), SMTP, Hyper-Text Transfer Protocol (HTTP), and connection to remote hosts (TELNET). Sprint IPS is comprised of a suite of Internet Protocol (IP) based services which will provide the Government global connectivity of LANs, hosts, and remote users. These services will support dedicated and modem dial-in access to the global internet, Virtual Private Networks (VPN) or Extranets, and firewall security services. Sprint’s suite of IP Services is comprised of:

• Internet Service – Provides access to the global Internet

• Intranet Service – Establishes Virtual Private Networks (VPNs) or Extranets

• Security Services – Provides comprehensive firewall security services

Sprint’s Intranet/Internet Service will provide connectionless data transmission based on the TCP/IP protocol. The Government’s LANs, hosts, and terminals can use the full suite of native TCP/IP services when communicating through Sprint’s Intranet/Internet Services. These services include:

File Transfer Protocol (FTP): Intranet will support the use of FTP to send character or binary files between network destinations. FTP lets users specify on the command line the host with which the file transfer will be initiated and the options for transferring the file. X• Simple Mail Transfer Protocol (SMTP): SMTP uses a client/server relationship similar to FTP to move readable text between Internet mailboxes. Similar to most mail services, the source sends the data using the Internet format and it is routed by Intranet to the local mail server at the target destination. Intranet/Internet routes E-mail datagrams to requested destinations. If the recipient is not logged onto the system, the datagram will be stored by the appropriate host mail server.

HyperText Transfer Protocol Daemon (HTTPD): HTTPD is the protocol that specifies the communication rules for the World-Wide Web (W3). Web pages are developed using hypertext markup language (HTML). HTML is an ASCII based language that is used to describe what the web page will look like. With the use of a

web browser a user may transfer these HTML files from a server, through our intranet network, to their workstation for viewing

• Telnet: Intranet/Internet offers will provide Telnet server functionality to allow terminal-oriented processes to communicate. Intranet Telnet service includes a user interface and command set through which a dial or dedicated terminal can open communications with a host, and send information character-by-character or line-by-line.

Domain Name Server (DNS): Intranet/Internet will support the automated mapping of machine-readable names to Internet addresses represented by the TCP/IP DNS service.

• Internet News: A USENET newsfeed service will be offered to Sprint’s Dedicated Internet customers. Sprint employs a nationwide network of news servers to optimize new availability and delivery performance. Users have the option of receiving a full or partial newsfeed from Sprint. Customers interested in receiving wire stories, syndicated newspaper columns, financial information, stock quotes and other professional news in the USENET news format may also subscribe to ClariNet e.News through Sprint via this service offering.

• Multicasting: To further improve Sprint’s Dedicated Internet service quality and performance, customers can more efficiently distribute their electronic content (e.g. new software, database updates, web mirroring, ticket-tape feeds, etc.) by utilizing Sprint’s Multicasting service. Multicasting allows customers to send only a single copy of their electronic content regardless of the number of recipients. Sprint’s Internet Network, not the customer, then multiplies the single copy for distribution to all the intended recipients. This service is only available within CONUS.

An IP version 4 (v4) or optional version 6 (v6) host could be stand-alone or router connected to a LAN or in the Internet. The Government intends to use this service as a Government-wide intranet, and for access to extranets and to the global Internet.

SprintIP will support IPv4 stand-alone or router-connected hosts. Sprint’s Intranet/Internet Service provides global connectivity between hosts throughout the world and secure extranet services for the Government. These services support IP version 4 (IPv4) standards. X

The IPS shall conform to all RFCs cited as required or recommended by the Internet Architecture Board (IAB), as documented in the current version of RFC 2200 (Internet Official Protocol Standards).

Sprint is an active member of several standards organizations and is dedicated to adhering to industry standards. FTS2001 IPS will fully conform to all RFCs required or recommended by the Internet Architecture Board (IAB), as documented in RFC-2200 Internal Protocol Standards.

Pursuant to Section C.2.1.16, the contractor shall provide dedicated, and optionally internetworked originating and/or terminating access connections for IPS packets.Originating access arrangements shall connect IPS on-net originating locations with the associated POP. Terminating access arrangements shall connect the terminating POP with IPS on-net terminating locations.

Sprint will provide access to the Intranet/Internet Service network by dedicated and internetworked access connections, as described in Section C.2.1.16. On-net origination

locations are connected to originating Sprint IPS POPs that provide connectivity to all other Sprint IPS POPs supporting terminating on-net locations connected to the terminating POP.

IPS access shall be delivered directly to IP-terminals (e.g., router, computer) operating under IP protocol standard, as well as to LANs operating under LAN protocol standards, such as IEEE 802.3 Ethernet, 802.5 Token Ring, Fiber Distributed Data Interface (FDDI), through an IP-router operating under IP protocol standard. The interfaces to the equipment are defined in Section C.2.3.3.1.4.1.

IPS access will be delivered directly to IP-terminals, such as a router or computer, operating under the IP protocol standard and LAN protocol standards. Devices operating under LAN protocol standards, including IEEE 802.3 Ethernet, 802.5 Token Ring, Fiber Distributed Data Interface (FDDI), are supported through the an IP-router operating under the IP standard.

Sprint’s IPS will provide connectivity of Local Area Networks (LANs), access to the Internet, and dial-in access to LANs and/or Hosts for remote and mobile users. Under the umbrella of Sprint’s IP Services are included Internet Services for accessing the global Internet, Intranet Services for establishing Virtual Private Networks (VPNs), and Security Services for securing all WAN services.

The contractor may exceed the basic requirements by providing the following:

(a)IPS access would additionally be delivered directly to terminals operating under IBM SNA/SDLC, Data Link Switching (DLS), NetBIOS/NetBEUI, Switched Ethernet (up to 100 Mb/s), Switched FDDI, Fiber channel, and High Performance Parallel Interface (HPPI) protocols.

(b)When IPS is provided via internetworked access arrangement (see Section C.2.1.16), the following additional capabilities would be supported:

(1)The IPS would support outgoing connections to IP-hosts in the FTS2001 networks and the Internet.

(2)The contractor would provide an addressing plan for the IPS that is based on the standard for IPv4 and IPv6 addressing.

XX

X

X

X

X

MPLS VPN Service

At a high level, this solution provides the Agencies with an IP VPN solution with any-to-any intranet connectivity that is highly secure and provides a private means by which to connect their Agency sites. In addition Sprint offers Value Added Services (VAS), such as Secure Internet Access with Network-based Firewall, all on the same underlying network infrastructure. This solution is network-based meaning that the Agency outsources the management of their Agency inter-sites routing to Sprint. The Government’s routing information is maintained and processed on Sprint’s network edge routers versus on the Agency’s CPE.

MPLS Basic Components and Fundamentals

Sprint’s MPLS VPN solution combines the richness and redundancy of IP routing and the simplicity and security of Layer 2 technology (i.e. Frame Relay, ATM, etc) to provide the customer with a solution that is highly secure, extremely flexible, scalable, and very cost-effective. The following sections discuss the network components and MPLS-specific elements that come together to form Sprint’s MPLS VPN solution.

Network Components

At a high level, the MPLS VPN technical architecture consists of the following network components:

(1)Customer Edge (CE) Router– is also called the Customer Premise Equipment (CPE) and denotes the customer’s physical premise router. This router can be customer provided or Sprint provided. The CE connects the customer to Sprint’s Provider Edge (PE) router via a routing protocol. No additional MPLS-specific configuration is needed on the CE devices. The CEs peer only with their connected PE router (not other CEs). Additionally, this service does not require Cisco CPE nor are there any incremental requirements placed on the CE. The CE is simply functioning as an IP router – it is not “MPLS-aware.”

(2)Provider Edge (PE) Router –refers to Sprint’s edge router to which the CE connects. The PE is typically a Cisco 7500 router or a Cisco GSR router. The PE routers use a modified IP forwarding paradigm; a distinct IP routing and forwarding table (called virtual routing and forwarding table, or VRF) is created for each customer that is homed to the PE router. VRF’s are discussed in more detail later in this section.

(3)Provider (P) Router– refers to Sprint’s core routers. These routers are located in Sprint’s network and only focus on transmitting traffic between the PEs. These routers do not connect directly to CE routers. P routers have no knowledge of customer’s VPN routes or topology; they only maintain routes to the PE routers (e.g. PE loopback addresses). The P routers are not MPLS enabled/aware, which means that the core is native IP and the edge is MPLS.

(3)

For reference on the network components, the Figure 1.B.3-38 depicts where each router sits on the network.

Figure 1.B.3-38 MPLS Network Components

MPLS Features and Protocols

The router/network components utilize features and protocols to exchange control information and to transmit customer data securely over a shared IP network. Listed below are the key features and protocols that are used to create a MPLS VPN followed by an illustration in Figure 1.B.3-39:

(1)Virtual Routing and Forwarding (VRF) Table – is an essential element to the MPLS VPN solution. The VRF is located on the PE router and can be thought of as a logical “container” in which routes for a specific VPN are housed. The VRF is tightly associated to a Label Forwarding Information Base (LFIB) that is also located on the PE router. These two tables cross-index each other by using IP addresses (with specific Route Distinguishers for uniqueness) when assigning inner and outer labels. Each VRF instance on a PE is mapped to one or more customer ports (or port sub-interfaces). Each VRF instance will contain all the routes for their specific VPN. These routes can be separated into local and remote routes. Local routes are routes that originate on CEs that are directly connected to the PE on which the VRF instance is located. Each VRF instance is mapped to one or more ports on the PE and any routes learned over these ports are automatically installed. Each VRF instance learns the routes from remote CEs (those connected to other PEs) via Multi-Protocol BGP sessions. Each VRF will have its own Route Target (RT) policy that determines which remote routes advertised via the Multi-protocol BGP session, it will install. Consequently, a specific VPN’s VRF instance will exist on a PE router only if one of its sites are directly connected to that PE. Each PE router only stores routes for the VPNs of which its directly-connected CEs are a member.

(2)Route Distinguishers (RDs) – are prefixes that are assigned to all addresses/routes within a VRF. The customer’s addresses are extended with 64 bit route distinguishers to make non-unique RFC 1918 32-bit IP addresses globally unique within Sprint’s backbone. Route distinguishers allow for RFC 1918 private address space to be used, by ensuring that potential customer overlaps are prevented. Route distinguishers are automatically created for each address/route in all VRFs during the provisioning process.

(3)CE-PE Routing Protocol - runs between the CE and PE for all customer VPNs. The routing protocol provides the means by which the CE and the PE’s VRF share routes. The routing protocol can be static or one of several supported dynamic routing protocols.

(4)Multi-protocol BGP (MBGP) – is the routing protocol that is used to distribute routes to other PEs and their VRF instances. MBGP ensures that each VRF instance (that is a member of specific VPN) has all the routes that are associated with the VPN. As new routes are added or deleted within a single VRF, MBGP updates all other associated VRFs according to the route target that is specified for each VRF. This protocol is isolated to the Sprint backbone and is completely transparent to customers.