Networx Unit Pricer

Home
Unit Pricer
ICB Pricer
Contract Mods
Lookup Tools
Service Guides: Network Based IP-VPN Service (NBIPVPN)
Return to full list of service guides.

1. Overview

2. NBIP-VPNS Technical Description

NBIP-VPNS Technical Summary

NBIP-VPNS provides secure, reliable transport of Agency applications across a contractor's multiprotocol label switching (MPLS) backbone infrastructure for geographically dispersed Agency locations. The service footprint covers CONUS, OCONUS and Non-Domestic locations. NBIP-VPNS is equivalent to FTS2001 services such as Private IP (PIP), Multiprotocol Label Switching (MPLS), and Very high performance Backbone Network Service (VBNS).

A virtual private network (VPN) is a network that is layered on top of an underlying transport network. The private nature of a VPN derives from the implementation of the VPN in an encapsulated form that is not visible to the underlying network. Virtual paths called 'tunnels' are established within the network. The main characteristic of a Network-based VPN is that all devices involved in building the VPN are systems owned by the contractor and located at the edge of the contractor's backbone. Tunnels usually terminate at the contractor's edge router.

The following diagram illustrates a layered architecture for NBIP-VPNS with its basic building blocks. The figure shows two independent network based VPNs interconnecting Agency sites with various forms of dial, broadband, and dedicated access to the contractor's network.

The basic building blocks are comprised of the following:

  • CE1 - CE4 : Customer Edge Devices : Service Enabling Devices (SEDs)
  • P1 - P3 : IP/MPLS Backbone Core Devices
  • PE1 - PE5 : Provider Edge Devices
  • VS (Voice Service) : Analog dialup at 56 Kbps
  • ISDN : Circuit Switched Data Service (CSDS) at 64 Kbps and 128 Kbps
  • High Speed Cable Access : 320 Kbps up to 10 Mbps
  • SSL (Secure Sockets Layer) : Tunneling standard to facilitate flexible and secure access to the Agency network
  • IPSec (IP Security): IPSec can be used in tunnel mode (entire packet is encrypted) or transport mode (only data is encrypted).

MPLS is a labeling scheme that is used by a network edge router to create paths across the network with specific constraints, such as acceptable packet delay. MPLS remains independent of the layer 2 and 3 protocols. IP packets are encapsulated, labeled, and switched between the source and destination PEs. Each CE and PE pair creates a local loop/access.

  • VPN1 is a closed user group with PE1, PE3, and PE4 edge devices.
  • VPN2 is a closed user group with PE2, PE3, PE4, and PE5 edge devices.

Note that an edge device can belong to multiple VPNs as illustrated by the PE3 and PE4 devices.

3. NBIP-VPNS Technical Detail

The NBIP-VPNS managed solution facilitates the shift of an Agency's capital and operational expenditure burdens to the Networx contractor. The contractor's core MPLS infrastructure can be used to create Agency specific topologies from partially-meshed to fully-meshed networks.

NBIP-VPNS supports a complete set of Agency site types:

  • Intranet - provides secure tunnels between remote sites
  • Extranet - enables trusted business partners to gain access to corporate information via secure/encrypted tunnels
  • Remote Access - enables mobile/remote workers to gain access to secure corporate information via secure encrypted tunnels.

NBIP-VPNS allows Agencies to interconnect sites served by ATMS, FRS, PLS, and Ethernet services. The MPLS backbone creates virtual circuits between MPLS-enabled endpoints on the network, and provides the ability to establish Classes of Service (CoS) categorized by the type of traffic. The classification of traffic is defined at the Agency SED, and may be categorized as:

  • Premium - Time-critical traffic such as voice, video, and VoIP
  • Enhanced - Business-critical traffic such as database transactions
  • Standard - Non-critical traffic such as email, http, ftp, etc.

End-to-end Quality of Service (QoS) can be provided through traffic classification and prioritization at the CE, PE, or core P devices (see the example figure). Agencies will receive customized NBIP-VPNS solutions that meet the Agency's specific requirements.

NBIP-VPNS features are available that include:

  • Class of Service - Premium, Enhanced, and Standard as defined above
  • High availability options for Customer Premises Equipment
  • Internet Gateway Service - hardened trusted gateway between the internet and the IP-VPN service
  • Interworking Services - transparent interworking across locations with ATMS, FRS, Ethernet, and the contractor's IPS
  • Key Management - generation, distribution, storage, and security of encryption keys
  • Security Services.

Basic service level agreements (SLAs) supported include:

  • Availability
  • Latency
  • Time to Restore.

Each Networx contractor may provide variations or alternatives to the offering and pricing for NBIP-VPNS. The specific details can be found within each Contractor's Networx contract files and pricing notes for NBIP-VPNS.

For more information on the general NBIP-VPNS specifications and requirements, please refer to Section C.2.7.3 of the Networx contract for technical specifications and Section B.2.7.3 for pricing.

4. NBIP-VPNS Price Description

NBIP-VPNS Price Basics

NBIP-VPNS provides network-based private data transport between user locations. The pricing associated with NBIP-VPNS is based on a number of factors such as number of sites, bandwidth requirements, security services, and the type of access. CLINs are distinguished by access type:

  • Embedded: One CLIN is ordered to obtain both access and transport with one rate.
  • Independent (aka Access Services): A separate CLIN for the access is ordered from one contractor to connect an agency's site to another contractor's network.
  • No access (i.e. Dedicated Access Arrangements (DAA)): A separate CLIN for the access is ordered along with transport service from the same contractor. This is the most commonly ordered option as shown in Example 1 below.

NBIP-VPNS is equivalent to FTS2001 services such as Private IP (PIP), Multiprotocol Label Switching (MPLS), and Very high performance Backbone Network Service (VBNS).

Price components required for full end-to-end service for Domestic and Non-Domestic NBIP-VPNS:

  • NBIP-VPNS Transport monthly recurring charge per port
  • DAA Originating and Terminating Wireline Access (MRC) and (NRC)
  • Features ordered as needed by the Agency:
    • Class of Service (CoS)
    • High Availability Options for CPE
    • Internet Gateway Service
    • Interworking Services
    • Key Management
    • Security Services.
  • Service Enabling Devices (SEDs) may be required to implement NBIP-VPNS. [Please note that SEDs under Networx replace the FTS2001 User-to-Network Interfaces and Access Adaptation Functions (UNIs/AAFs). SEDs may differ between Networx providers. The pricing structure for SEDs provides for either a one-time payment or monthly term payments for purchase, plus a NRC for installation, and a MRC for maintenance.]
  • Network Design and Engineering (NRC ICB), if necessary.

Example 1: NBIP-VPNS CONUS Dedicated T1

  • NBIP-VPNS Transport: Choose CLIN 213145 (Port T1 MRC)
  • Access NRC: Choose CLIN 760111 Routine DAA T1 NRC
  • Access MRC: Choose CLIN 760311 Routine DAA T1 MRC
  • SEDs must be chosen based on equipment required at each location. CLINs may differ between contractors.
  • A Network Design and Engineering NRC may be applicable.

This document only addresses the NBIP-VPN service at contract award. Each Networx contractor may provide variations or alternatives to the offering and pricing for NBIP-VPNS. The specific details can be found within each Contractor's Networx contract files and pricing notes for NBIP-VPNS.

For more information on the general NBIP-VPNS specifications and requirements, please refer to Section C.2.7.3 of the Networx contract for technical specifications and Section B.2.7.3 for pricing.