Networx Unit Pricer

Premises - Based IP VPN Service (PBIP-VPNS) Technical Summary

PBIP-VPNS provides secure, reliable transport of Agency applications across a contractor's multiprotocol label switching (MPLS) backbone infrastructure for geographically dispersed Agency locations. The service footprint covers CONUS, OCONUS and Non-Domestic locations. PBIP-VPNS is similar to FTS2001 services such as Private IP (PIP), Multiprotocol Label Switching (MPLS), and Very high performance Backbone Network Service (VBNS).

A virtual private network (VPN) is a network that is layered on top of an underlying transport network. The private nature of a VPN derives from the implementation of the VPN in an encapsulated form that is not visible to the underlying network. Virtual paths called "tunnels" are established within the network.

The following diagram illustrates a layered architecture for PBIP-VPNS with its basic building blocks. The figure shows two independent premises-based VPNs interconnecting Agency sites with various forms of dial, broadband, and dedicated access to the contractor's network.

The basic building blocks are comprised of the following:

• CE1 - CE5 -> Customer Edge Devices
  • Service Enabling Devices (SEDs)
• PE1 - PE5 -> Provider Edge Devices
• VS (Voice Service) -> Analog dialup at 56 Kbps
• ISDN -> Circuit Switched Data Service (CSDS) at 64 Kbps and 128 Kbps
• High Speed Cable Access -> 320 Kbps up to 10 Mbps
• SSL (Secure Sockets Layer) -> Tunneling standard to facilitate flexible and secure access to the Agency network
• IPSec (IP Security) -> IPSec can be used in tunnel mode (entire packet is encrypted) or transport mode (only data is encrypted).
• Each CE and PE pair creates a local loop/access.
• VPN1 is a closed user group with PE1, PE3, and PE4 edge devices.
• VPN2 is a closed user group with PE2, PE4, and PE5 edge devices.

Note that an edge device can belong to multiple VPNs as illustrated by the PE4 device.

Premises- Based IP VPN Service (PBIP-VPNS) Technical Detail

The PBIP-VPNS solution gives the Agency full end-to-end security control of the traffic; but carries a higher burden of capital and operational expenditure. The contractor's core MPLS infrastructure can be used to create Agency specific topologies from partially-meshed to fully-meshed networks.

The main characteristics of a premises-based VPN are:

1. VPNs are typically IPSec tunnel-based, with customer edge (CE) devices encrypting and decrypting traffic before it enters and leaves the contractor's network.
2. Because security is provided on an end-to-end basis, the contractor has no visibility into the IP tunnel.
3. Contractor provides any-to-any connectivity via IP routing to build paths across the contractor's cloud.
4. The CE may either be furnished by an Agency or by the contractor as part of a managed service.

PBIP-VPNS supports a complete set of Agency site types:

• Intranet - provides secure tunnels between remote sites
• Extranet - enables trusted business partners to gain access to corporate information via secure/encrypted tunnels
• Remote Access - enables mobile/remote workers to gain access to secure corporate information via secure encrypted tunnels

PBIP-VPNS allows Agencies to interconnect sites served by ATMS, FRS, PLS, and Ethernet services. The MPLS backbone creates virtual circuits between MPLS-enabled endpoints on the network and Agencies will receive customized PBIP-VPNS solutions that meet the Agency's specific requirements.

PBIP-VPNS features are available that include:

• High availability options for Customer Premises Equipment (CPE)
• Internet Gateway Service - hardened trusted gateway between the internet and the IP-VPN service
• Interworking Services - transparent interworking across locations with ATMS, FRS, Ethernet, and the contractor's IPS
• Key Management - generation, distribution, storage, and security of encryption keys
• Security Services

Basic service level agreements (SLAs) supported include:

• Availability
• Latency
• Time to Restore.

Each Networx contractor may provide variations or alternatives to the offering and pricing for PBIP-VPNS. The specific details can be found within each Contractor's Networx contract files and pricing notes for PBIP-VPNS.

For more information on the general PBIP-VPNS specifications and requirements, please refer to Section C.2.7.2 of the Networx contract for technical specifications and Section B.2.7.2 for pricing.

Premises- Based IP VPN Service (PBIP-VPNS) Price Basics

PBIP-VPNS provides secure, reliable transport of Agency applications across a contractor's multiprotocol label switching (MPLS) backbone infrastructure for geographically dispersed Agency locations. Pricing for PBIP-VPNS is based on a number of factors such as number of sites, bandwidth requirements, security services, and the type of access.

PBIP-VPNS provides three basic solutions:

• Intranet - provides secure tunnels between remote sites
• Extranet - enables trusted business partners to gain access to corporate information via secure/encrypted tunnels
• Remote Access - enables mobile/remote workers to gain access to secure corporate information via secure encrypted tunnels

Price components required for full end-to-end service for Intranet and Extranet PBIP-VPNS:

• VPN Gateway Management (MRC ICB)
• PBIP-VPNS uses an underlying, separately priced, contractor-provided, IP network (see Section B.2.4.1 Internet Protocol Service (IPS) for pricing)
• DAA Originating and Terminating Wireline Access (MRC) and (NRC)
• Features ordered as needed by the Agency:
  • High Availability Options for CPE
  • Internet Gateway Service
  • Interworking Services
  • Key Management
  • Security Services
• Service Enabling Devices (SEDs) may be required to implement PBIP-VPNS. [Please note that SEDs under Networx replace the FTS2001 User-to-Network Interfaces and Access Adaptation Functions (UNIs/AAFs). SEDs may differ between Networx providers. The pricing structure for SEDs provides for either a one-time payment or monthly term payments for purchase, plus a NRC for installation and a MRC for maintenance.]
• Network Design and Engineering Service (NRC ICB), if necessary

  Example 1: PBIP-VPNS Intranet or Extranet

  
  

  

  
  

  • PBIP-VPNS VPN Gateway Management: Choose CLIN 200005 (VPN Gateway Management). Prices for this CLIN are not available in the unit pricer. Prices are ICB.
  • IPS Transport: Choose CLIN 744349 (Routine Dedicated T1 - CONUS MRC per port)
  • Access NRC: Choose CLIN 760111 Routine DAA T1 NRC
  • Access MRC: Choose CLIN 760311 Routine DAA T1 MRC
  • SEDs must be chosen based on equipment required at each location. CLINs may differ between contractors.
  • A Network Design and Engineering NRC may be applicable

For a remote access solution, two types of access arrangements are possible:

• Independent Access - With Independent Access, an agency may use access from a different contract to connect with the contractor's IPS transport network. There are no additional charges for interfacing with independent access.
• Embedded Access - With Embedded Access, the access prices are included in the contractor's port prices.

Price components required for full end-to-end service for Remote Access PBIP-VPNS:

• VPN Gateway Management (MRC ICB)
• PBIP-VPNS uses an underlying, separately priced, contractor-provided, IP network (see Section B.2.4.1 Internet Protocol Service (IPS) for pricing)
• Features ordered as needed by the Agency
• Service Enabling Devices (SEDs) may be required to implement PBIP-VPNS. [Please note that SEDs under Networx replace the FTS2001 User-to-Network Interfaces and Access Adaptation Functions (UNIs/AAFs). SEDs may differ between Networx providers. The pricing structure for SEDs provides for either a one-time payment or monthly term payments for purchase, plus a NRC for installation and a MRC for maintenance.]
• Network Design and Engineering Service (NRC ICB), if necessary

Each Networx contractor may provide variations or alternatives to the offering and pricing for PBIP-VPNS. The specific details can be found within each Contractors Networx contract files and pricing notes for PBIP-VPNS.

For more information on the general PBIP-VPNS specifications and requirements, please refer to Section C.2.7.2 of the Networx contract for technical specifications and Section B.2.7.2 for pricing.