General Services Administration (GSA) Enterprise ......attacker could guess IP addresses and send...

General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS)

Vol. 1 Technical RFP No. QTA0015THA3003 1-19 Use or disclosure of data contained on this page is subject to the restrictions on the title page of this proposal.

1.3 Mandatory EIS Services [L.29(2)(a), M.2.1, C.1.2] The Level 3 Team proposes the EIS services described in SOW

C.1.2:

. Details of the mandatory services Level

3 provides are given in response Sections 1.3.1 through 1.3.3.1. In accordance with

SOW C.1.2, is also included as a mandatory component, as

described in our response Section 1.4.9. As demonstrated in our response, we have the



On- or off-net access circuit: Access circuits can be on-net [i.e., on Level 3

infrastructure (metro private line or colocation)] or off-net (i.e., provided by third-

party providers—for example, circuits, where

available).

VPN port on the : VPNS port types include all

specified in C.2.1.1.3.

Class of Service (CoS) Bandwidth on the VPN port: Level 3 only uses

to connect to our VPNS service. CoS in a Layer 3

is implemented on Layer 3. The access circuit is for

the CoS mechanisms that operate between Level 3’s and the

agency’s .

The security and reliability of the Level 3 VPNS architecture provides the

foundation that agencies require for VPNS services and features. Our approach

includes

security features, as described in the following paragraphs.

Physical Access. All Level 3 facilities that house VPNS elements have

. Employees

are issued to the facilities and areas needed

for the employee to perform their duties.

When VPNS elements are housed in , they are

.

Authorized Personnel. Employees involved with

of the VPNS network have sufficient access to enable

them to perform their duties. In addition, employees who have access to assets in North

America must go through Level 3’s and

in compliance with Government guidelines.

Access to Equipment Configuration. Management access to the VPNS

elements is limited to Level 3 employees with valid

. Those employees needing to

actually change configurations on VPNS network elements must have

. These



. Each

agency interface is mapped into a

. These

and the route is tagged with a

which uniquely defines to which as the

Because the Level 3 core IP network uses , there is address separation

between the . A potential

attacker could guess IP addresses and send packets to these addresses. However,

because of the , each incoming packet is treated as

. Thus, it is impossible to reach an

. In fact, to avoid

. If a

is sent from an agency to the Level 3 network, it is dropped at the

We also use a different addressing scheme between our

.

attack to a particular network element protecting the rest of the network.

do not need to forward traffic to the Internet

natively, makes it

extremely difficult for an Internet site or one of our Internet customers to

attack to a and Internet access onto separate

routers, we can filter out all that has originated at an

The separation of access routers also helps to

protect against , such as an inadvertent bridging of the

, which could inadvertently lead to the VPNS network

being attacked. Additionally when IPS is utilized in conjunction with VPNS,

,

and may also be routed through an as specified in SOW C.1.8.8.



Given the internal structure of the Level 3 , core network

elements and the methods we employ for interfacing with the customer’s premises

routers, the Level 3

Extranet. The Level 3 VPNS

as required for segregation from agency internal

traffic. As specified in SOW C.1.8.8, Extranet routes may be routed to an

Remote Access. Level 3’s VPNS enables to gain

access to secure agency information through (see Figure1.3.1.1.1.1-1). The extend the security policies of

the to mobile users and other/remote sites not directly connected to the

. to

the agency.

Figure 1.3.1.1.1.1-1. Level 3 VPNS Secure Access Architecture. Our architecture

provides secure remote access.

A as specialized software, and

provides an into an



We continue to incorporate specifications as they

mature and products supporting those available. We keep

abreast of developments within the

1.3.1.1.3 Connectivity [L.29.2.1, M.2.1, C.2.1.1.1.3]The Level 3 VPNS service supports a dedicated site-to-site access via leased

lines. The Level 3 VPNS service supports secure remote access via either dialup, DSL

or Cable. The VPNS service provides for full meshing among VPN end-locations as a

default configuration. Partial meshing, if required, is supported. As discussed earlier,

access circuits can be on-net or off-net.

1.3.1.1.4 Technical Capabilities [L.29.2.1, M.2.1, C.2.1.1.1.4] Our VPNS solution meets all the mandatory technical capabilities and thresholds

listed in PWS C.2.1.1.1.4. Elements of our solution are summarized in the following

paragraphs:

1. Meet Applicable Routing Requirements. The Level 3 VPNS solution meets

applicable routing requirements of SOW C.1.8.8, ensuring

2. Provide Multiple Tunneling Standards. The Level 3 network supports

The methods describing compliance

to SOW C.1.8.8 are provided in Section 1.4.13 of this Technical Volume.

3. Provide Various Encryption Levels. The Level 3 network supports



c) Site-to-Site Level QoS is supported by each pair of connected

This is similar to an

Level 3 also allows

d) Intserv (RSVP)-signaled QoS. Level 3 supports

needs of an

application's traffic in the through the network. This provides

a way to deliver the that require by

explicitly managing network resources to provide QoS to specific user packet

streams (flows).

e) Diffserv. Our provides a transparent

,

network transports those markings transparently through the network.

leaving

the agency ) intact.

8. Support QoS on Access. Level 3 supports QoS on the following access

networks:

a) 802.1p Prioritized Ethernet. Level 3 network equipment recognizes agency

b)

c)

d) QoS-Enabled Wireless.

e) Cable High-Speed Access (

to



securely connect for safe access to the network anywhere, anytime;

eliminating the need for all sites to . Key

service features include high availability and diverse path redundancy using

provides superior traffic

management on “best efforts” broadband access to prioritize mission-critical

applications and .

f) QOS-Enabled

9.

10.



11.

12. Provide Secure Routing Services. The

Level 3 has implemented technologies such as to ensure

that

administered on a site-to-site basis to ensure that is not routed

to other customers sharing the network.

13. Support Encryption, Decryption, and Key Management Profiles. Our VPNS

supports

standards.

14. Support Agency Internal Security Mechanisms. Level 3 supports an agency

deploying its own internal security mechanisms which are in addition to those

we employ in support of VPNS, to secure specific applications or traffic more

precisely than on a

15. Allow Agency Alternatives for Temporary Authentication. Level 3 allows an

agency to choose from for

authentication of temporary access users.

1.3.1.1.5 Features [L.29.2.1, M.2.1, C.2.1.1.2] Our VPNS includes the SOW-specified mandatory features, as described below:

High-availability Options for

Interworking Services: Level 3 provides interworking services for an agency’s

1.3.1.1.6 Interfaces [L.29.2.1, C.2.1.1.3] Level 3’s VPNS supports the specified in

SOW C.2.1.1.3.



through the proven application of the ), wherein agency

within unique, secure groups. If, for

coverage extension, Level 3 draws upon another carrier via an

is directly mapped to a across the network boundary. Additionally, for overall

security, Level 3 continuously monitor the threat landscape and take action as

needed.

1.3.1.2.1 Service and Functional Description [L29.2.1, M.2.1, C.2.1.2.1, C.2.1.2.1.1] Available throughout the , Level 3

This network is always expanding, enabling Level 3 to meet

customers’ never-ending demands for scale and scope.

Leveraging this high speed core is Level 3’s

Quality of Service (QoS) to be managed over the entire

network. Secure, diverse

. Consequently, Level 3 is able to provision all on-

net . Another

advantage of an as each internal router views the

forwarding table. Hence, when an , the router is

made aware of it instantaneously, with a .

Level 3

, shown in Figure 1.3.1.2.1-1. This enables agencies to

shown in Figure 1.3.1.2.1-2 (a) and (b) allow agencies to connect



Figure 1.3.1.2.1-1. Overview of Level 3

VLAN and Port Mapping. A

configuration where no service multiplexing is required.

Class of Service.

are used to signal CoS, although static treatments are also used. In the latter,

an .



As Level 3 , CoS is

mapped to .

Figure 1.3.1.2.1-2.

In May 2015, Level 3 announced

The agency is in

control of how long the additional bandwidth is available and can view all events in

historical reports. Costs are known before each event occurs, and there’s even a



monthly rate cap.

offers a via a commit with usage basis.

Figures 1.3.1.2.1-3 and 1.3.1.2.1–4 are examples of that

reflect the ease of harnessing Level 3’s capability.

Figure 1.3.1.2.1-3. Enhanced Management Customer Network Report View.

Figure 1.3.1.2.1-4. Dynamic Capacity “Activate Now” Screen.



In this proven

technology, a unique tag is assigned to the traffic of a given agency/ customer so that

traffic of different customers can be segregated on distinct logical networks within the

Level 3 network. Therefore, each customer (or customer network) is completely isolated

from other customers’ domains,

Should an agency site be a member of more

than one ; the

within the core network.

As noted previously, when ,

continuity is maintained across the interface as part of the

is directly mapped

to a . Therefore, traffic segregation and security are

maintained.

1.3.1.2.2 Standards [L.29.2.1, C.2.1.2.1.2] SOW C.2.1.2.1.2 calls for compliance with a number of standards and

documents of:

Consistent with Level 3’s leadership in

. Particularly as

Level 3 personnel are active in a variety of industry forums and working groups related

to , per item 5), Level 3 will review new versions, amendments, and



Quality of Services. Level 3 ensures voice quality across the network by

carrying . This queue has

. Level 3 meets the

Level 3 performs quality measurements through on-net and off-net to on-net

analysis tools. On-net quality is measured using probes that determine voice quality

across the Level 3 network. These devices generate ,

providing real-time feed-back on network voice quality. These devices also actively

. Level 3 can also provide statistically significant

data on calls traversing the hosted .

Six CoS levels are carried through the Level 3 network and subsequently

delivered to customers. IPVS, being real-time traffic, is carried at the highest CoS level.

The CoS mappings

To deliver on the agreed QoS, queuing mechanisms such as

are employed to

assure output queues deliver traffic with defined service level attributes appropriately.

In addition to , no the hosted IPVS

solution in the core data centers provides a so that if all

connectivity to the

etc.). The

voicemail system also remains active and can be accessed from either

Service Coverage. Level 3’s solution for IPVS extends to all

in SOW C.1.3. The Level 3 IPVS is provided over the

global Level 3 network, which has integrated

, and

and and end offices as a . Level 3’s



Security. Level 3 IPVS employs security measures such as

If the

For Agencies deploying a hosted

IPVS solution, Level 3 recommends archiving

Level 3 applies the following safeguards to ensure the security of our IPVS,

which is delivered over our secure :

Denial of service (DoS):

Intrusion:

Invasion of privacy:

Section 2.1 Information Security of this volume provides specific details on Level

3’s approach to Information Security requirements listed in the RFP.

1.3.2.1.1 Service and Functional Description [L.29.2.1, M.2.1, C.2.2.1.1] Level 3 offers a feature-rich, flexible, and cost-effective IPVS solution to meet

EIS program requirements and accommodate future growth. Our IPVS architecture

supports with



A

and, if required, connectivity to the Internet.

The Level 3 IPVS solution employs QoS enabled IP access connections that may

. A single access

connection .

Figure 1.3.2.1.1-2. Level 3 IPVS –

Our



1.3.2.1.2 Standards [L.29.2.1, M.2.1, C.2.2.1.1.2]Level 3’s TFS offering is compliant with the standards listed in SOW C.2.2.1.1.2.

Our IPVS offering supports all .

1.3.2.1.3 Connectivity [L.29.2.1, M.2.1, C.2.2.1.1.3]The Level 3 IPVS solution provides connectivity and interoperability with the

Within the hosted environment, the Level

3 IPVS solution includes a to the

hosted VoIP data centers. VPNS service has

IPVS provides managed onsite

suitable for analog

telephone sets or legacy fax machines. We provide feature transparent services

between agency locations via the Level 3 , which

includes extended connectivity to remote offices.

Level 3’s IPVS administrator features provide secure with

, ,

and . Administrators can make

to the system, including

; ;

1.3.2.1.4 Technical Capabilities [L.29.2.1, M.2.1, C.2.2.1.1.4] Level 3’s IPVS solution offers a sophisticated suite of personalized settings for

features and capabilities. Through secure

.

They can control

; ;



EIS agency customers with a

connection to Level 3 and need not purchase traditional . Customers simply

connect the premise device to the IP network to handle voice and data traffic. Level 3’s

SIP Trunking solution supports agencies with traditional TDM phone equipment

requiring at the edge of the

(an is no longer needed for a handoff

as opposed to legacy ). We also provide access to optional

network-based features that allow the agency to expand the capabilities of the .

Our SIP trunking is offered to the EIS agency’s over Level 3-provided

dedicated IP connections. All voice traffic remains on Level 3’s premium IP backbone

until it needs to communicate with other , helping to improve overall

service quality and easing problem resolution. Our solution is built to enhance service

quality through infrastructure redundancy. It supports configurable call management and

routing failover capabilities, while at the same time allowing customers to leverage their

investments in legacy as they make the transition to an

Level 3 offers SIP Trunking over dedicated IP connections or

hand-offs to the customer resides, as shown

in Figure 1.3.2.3-1. Multiple access options are available, including ,

for the flexibility to meet connectivity

requirements for all sites, including branches, regional offices, headquarters, and data

centers.



Figure 1.3.2.3-1. Level 3’s SIP Trunking Functionality.

Level 3 can converge the with data traffic onto the

same access facility,

infrastructure’s available bandwidth when it is not needed for voice traffic. This ability

does not apply to native in which the circuit has to be dedicated to the

. This is supported through our extensive MPLS QoS and CoS capabilities.

Level 3 offers two deployment models to our EIS customer agencies:

1.3.2.3.1 SIP Trunking Technical Capabilities [L.29.2.1, M.2.1, C.2.2.1.6.1] Supporting our

consolidates

. Our service

also reduces voice communication costs, and, being IP-based, improves reliability and

disaster recovery capability. Our works with a diversity of devices

and applications.



1.3.3.1.3 Connectivity [C.2.8.1.1.3] The provided by Level 3 interfaces with, uses, and interoperate with the

underlying global Level 3 network which supports EIS services worldwide. We use the

most appropriate EIS services, such as VPNS, Ethernet, and Private Line Services, to

ensure seamless connectivity to, and optimal performance with, agency networking

environments.

1.3.3.1.4 Technical Capabilities [C.2.8.1.1.4] In delivering , Level 3 provides all of the technical capabilities specified by

the SOW. The capabilities we provide in support of and

, as well as .

1.3.3.1.4.1 Design and Engineering Services [C.2.8.1.1.4.1] Level 3 provides agency

requirements. The right people and a proven process form the cornerstones of Level 3’s

.

The Right People. The Level 3 Team provides subject matter experts and end-

to-end project management for design, implementation, installation, access

coordination, provisioning, equipment configuration, hardware testing, and service

activation. Level 3’s design and engineering services under the EIS contract includes

subject matter experts carefully matched to agency and project needs with:

Agency-based focus and understanding, combined with the ability to rapidly

respond to evolving agency needs

Work with agency requirements and make design recommendations such as

performance levels and network capacities

Highly professional technical backgrounds, with certifications in relevant

systems

Proven Methodology and Processes. Level 3’s design objectives are based on

customer needs and specifications when providing , and incorporate the following

overall objectives to the extent possible: high network availability; increased network

performance; network architecture scalability; lower total cost of ownership; enterprise

control and visibility; and industry best practices.



deploy appropriate tools to measure

and provide integrated management of services provided by Level

3 and other contractors.

Maintenance. Level 3 technicians provide as

required by the RFP. Maintenance activities include

. Our

. To ensure

timely updates, agency users can subscribe to email notifications on maintenance

activities and trouble tickets. Level 3 supports two types of network maintenance

activities: Scheduled and Unscheduled:

Scheduled Maintenance. Scheduled maintenance includes any foreseen/

predictable need to make a change to the network, including upgrades and

augments. If the scheduled maintenance activity is expected to produce any

service interruption, advanced notification .

Unscheduled Maintenance. Unscheduled maintenance is defined as an

unplanned and immediate need to make changes to the network. Such an

environment demands prompt action to restore a high-risk condition or failure

status to normal operating status. The need for unscheduled maintenance is

directly related to an outage, potential outage, or degradation of service.

Agency stakeholders are notified

.

Figure 1.3.3.1.4.2-1 provides specific details pertaining to each of the

Implementation, Management and Maintenance SOW requirements elements, showing

how the Level 3 fully complies with SOW implementation, management and

maintenance requirements.

Date post:	02-Jan-2021
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

General Services Administration (GSA) Enterprise ......attacker could guess IP addresses and send...

Documents