IP DATA NETWORKS

 


IP DATA NETWORKS 



 


To accommodate the perceived design and functionality the next generation converged network shall include state of art IP network infrastructure hosting essential services such as voice, video, data, and other IT systems while providing high level of building security. The IP infrastructure is designed in a way to provide high level of performance, while maintaining integrity, reliability and scalability. These infrastructure services shall use converged wired and wireless IP based fiber optic Ethernet networks that meet the international, local Saudi CITC regulations, standards and best practices. The centralized Data Center solution will host the main equipment of each of the services and the systems and facilitate networks management and will simplify the operation and maintenance of all included systems. In the same time it will maintain the needed separation/segregation of the network traffic for QOS, security and administration purpose. Floor distribution rooms shall aggregate access points of the network (outlets) of the public areas at floor levels and structured media enclosure shall aggregate access points of each apartment level network(outlets) to fault tolerant redundant Modular Distribution switches at the datacenter level and then consolidate all links to redundant core switches in the main data center in the basement that will host all services and systems head ends.

1.1.4 Related works specified elsewhere This section shall be closely coordinated with other related sections & general requirements sections: - Grounding / Bonding. - Building Management System. - IP Video Surveillance CCTV - IP Access Control - IPTV 1.2 DEFINITIONS

 1.2.1 Converged Network: It is the switching network that will perform all switching and routing functions for voice ,video and data services. The converged network shall serve all IP based services such as voice over IP, HSIA (High Speed Internet Access), IPTV, IPCCTV, BMS ..etc. 

1.2.2 Core Switches: The Core Switches (which will be located in Main Data Center) will be located at the heart of the network and shall provide very fast switching ,intelligent high performance platform for deploying numerous concurrent intelligent services without degrading the overall performance of the network. The core switches shall perform various functions using various service modules for wan interfaces, security firewalls…etc.

 1.2.3 Distribution switches: The distribution switches again located at the data center level will be used to provide aggregation for various services and filter traffic that will reach the network core. The IP CCTV traffic is an example of the services that need to be aggregated at the distribution switches. Network video recorders/servers shall be connected to the distribution switches. Most of the IP Video traffic will be terminated at the distribution layer switches and the IP video traffic that will reach the core will be limited according to the required policy. Each distribution switch shall be connected to each core switch via 10GbE link 

 Edge Data Switch: Edge Switches will be located at the wiring closets (telecommunication closets at floor telecom or low current room for public spaces and at structured media enclosure at each apartment level) ,they will provide users with access to the network. The edge switches shall support power over Ethernet on all ports. Each Edge switch/edge switch stack shall be connected to distribution switch via two uplinks each one is 1GbE (1000 Base LX). Each link shall be on different module in the distribution switch.


.2.5 Network Equipment Management Software: The management software main function is to enable remote and centralized configuration of the different parameters and functions of switches and routers of the Converged Network. 

1.3 INTEGRATED SYSTEMS USING DATA NETWORK EQUIPMENTS All voice, data, and video system supported by IP networks shall be able to be integrated on to the converged Building Data Network, such as IP Data Devices, IP Telephony & Voice over IP, CCTV over IP, TV over IP etc. The development’s local area network shall provide the unified converged IP infrastructure required to provide the necessary bandwidth for the different applications, while segregating them through VLAN ultimately providing quality of service for all voice, video and data services.


1.8 NETWORK DESCRIPTION 1.8.1 The network design shall be modular in nature. The technology and communication closets are distributed over various floors and apartment areas. As each floor is serviced thru floor based distribution rooms. 1.8.2 The telecommunication closets contain the communication racks, the racks contain patch panel of floor based the access layer edge switches that provide the user with the network access. The distribution layer switches shall aggregate the traffic and connect to the core switches with two redundant 10GbE link for each distribution switch.

1.8.3 The facility main cross connect shall contain the network core switches. The LAN will contain IP based data center switches to serve the server farm. Core switches & distribution switches shall be interconnected together via 10 Gigabit Ethernet connections. 

1.8.4 The Network should be configured in a way that broadcast storms must be prevented from reaching the core layer. The network shall be divided into several broadcast domains to guarantee the optimum performance. Multicast / broadcast protection is a mandatory feature on the backbone layer. All switches shall be provided within resilient fail over functionality. The core switches in the main data center and floor distributions switches shall be fully redundant to provide resilient far over functionally and in load sharing mode. 

1.8.5 The backbone design and architecture must be fully resilient and LoadSharing (switching fabric/management modules, power supply, modules, Fans, etc…) in order to eliminate any single point of failure with highest performance. Two core switches shall be used to provide Load-Sharing and each distribution switch shall be connected to both core switches via 10 Gigabit Ethernet links without any blocking ports, virtual ports or unused links. The traffic shall be Load-Balanced on all links going from distribution Switches to the backbone Switches, and from Backbone switches to Data Center Switches. No advanced routing protocols shall be utilized with the access layer.

 1.8.6 The backbone switches and distribution switches shall be modular with enough backplane throughput or bandwidth that can deal efficiently with the connected traffic. Free Slots (at least 25% of chassis slots) should be available per each chassis in order to provide future expansion.

 1.8.7 The proposed design should avoid any kind of traffic bottlenecks in the backbone or the data center. The switch shall support hot-swap for easy dynamic expansions.

 1.8.8 The servers shall be connected to the data center switches with fully Load-Balanced Gigabit Ethernet Links ensuing standard IEEE 802.3ad. 10 Gig Ethernet shall be utilized to interconnect the data center to the core backbone switching.

 1.8.9 It is envisioned that the vast majority of the residents of the apartments will be satisfied with the standard set of services, however should they require any other service from a specific service provider the network shall support custom connections of individual tenants to third party service providers. There are two service models envisioned to provide such service and the network shall support both models of service: 

1.8.9.1 One is the “dark fiber” model, in which the apartment owner is provided with a pair of single mode fibers (Core) between the apartment and the Main Data Center. In this model the connection can continue onto 

PART 2 PRODUCTS 2.1 CORE AND DISTRIBUTION SWITCHES 

2.1.1 The network will have two core switches in addition to two aggregation switches for the data center to serve the server farm. The core and distribution switches shall be optimized to provide convergent network for voice, video and data. 

2.1.2 Each core and distribution switches shall have various redundant features including two switching fabric cards, two power supplies, management modules …etc.

 2.1.3 The core &distribution switches must be modular. Each chassis shall include slots supporting wide range of switching and service modules. 

2.1.4 Contractor/Systems Integrator shall provide bandwidth calculations indicating the appropriate required backplane switching fabric in Gbps along with required forwarding rates in Million packet per second for core and distribution switches. In general The Core switches shall have two 720 Gbps Switching fabric cards forming 1.44 Tbps , with L2-L7 capabilities . The core & distribution switches shall have extra slots to support 25% expansion of ports capacities. The switching fabric for the distribution switches shall be at least 136 Gbps. 

2.1.5 The following features are currently desirable & should be available in the providedequipment. Bidders shall state clearly any Deviations/omissions/additions/equivalent features & indicate which are the standard & proprietary supported protocols

2.2.2 LAYER 2 - 802.1Q (Virtual LAN support) - 802.3ad (Link aggregation) - Voice VLAN - 802.1D (Spanning tree protocol-STP) - 802.1w (Rapid spanning tree protocol-RSTP) - 802.1s (Multiple spanning tree protocol-MSTP) - BPDU (bridge protocol data unit ) protection - IGMP (Internet grouping management protocol) version 1,2,3 - Filtering for multicast groups 

2.2.3 LAYER 3 - All Layer2 Features Plus - RIPv1/v2 (Routing information protocol support) - Support static routing - Hardware based routing - Support routing policies

 2.2.4 Security - DHCP snooping - Support access lists at layers 2,3 & 4 - 802.1X - TACACS+/RADUIS - Port security based on MAC address - MAC and IP based filters 2.2.5 QoS (Quality of service ) Features - QoS Architecture to assure End-to-End QoS with the edge for all traffic types and not only VoIP. - Per-Switch/VLAN/Port QoS templates for granular control - 8 hardware queues per port

- Operational Management: • Weight Round Robin/Weighted Fair Queuing on all ports with 8 queues per port. All ports on the core switches shall support full Quality of Services without any additional hardware / software for future usage.

 • Per VLAN rate limiting. 

• Per port Ingress & Egress port limiting

 • SNMP v1, 2, 3

 • L2/3/4 Traffic classification in hardwired Application Specific Integrated Circuits (ASICs) at wire speed where applications are defined by their TCP/UDP/IP information. 

• Equal Cost Multiple Routing policy filters (ECMP) (RFC 2992) to provide link redundancy and load sharing across multiple paths to the same destination, and rapid convergence to the alternate path if a path becomes unavailable due to a network event. 

• Layer 3 load balancing on both backbone switches. 

• IP policy-based routing. • Service/Port/MAC Address - based VLANs IP routing

 • Remote port mirroring (multiple hops away) - Allow the user to mirror traffic on a certain port to a remote switch (multiple hops away). 

• Guarantees that a receiver in a multicast group either receives all data from transmissions and retransmissions, or is capable of detecting unrecoverable data packet loss

- Advanced Security: 

• Port security with MAC Address - based security and IEEE 802.1x EAP (Extensible Authentications Protocol). The Switch shall provide the ability of integration with End-Point Security Policy Enforcement agents and interface using Standard 802.1x EAP.

 • Network Address Translation (NAT) 

• Transmission Control Protocol (TCP) intercept hardware acceleration

 • IEEE 802.1x EAP • ACL (Access Lists)

 • SSH v1/2 (Secure Shell)

 • Denial of Service (DoS) attack prevention

 • VRRP response mode 

• OSPF MD5 encryption authentication 

• Discard Unknown MAC Security


- Firewall: The firewall functionality shall be performed in hardware using firewall module to be plugged into the core switches or a separate firewall box to be connected to the network. - Wide Area Networking communication: The communication with service providers shall be achieved using communication modules (or separate routers), the current design accommodates routers. Adequate number of E1 lines shall be supported for every core switch (except the server farm switches) . The cards/routers shall provide the required integration of VOIP gateways, analog, digital, conferencing and transcoding features shall be supported allowing for remote management. The cards shall be field upgradeable and hot swappable. 

2.2 EDGE SWITCHES (FLOOR LEVEL & APARTMENT LEVEL) The following features are currently desirable & should be available in the provided equipment. Bidders shall state clearly any deviations/omissions/additions & indicate which are the standard & proprietary supported protocols. The required protocols shall be complied with the latest versions of related parameter/protocol. :

 2.2.1 General features - The edge switches meant for public areas on each floor shall be 8/12/24/48 port auto negotiating 10/100/1000 Base-TX supporting POE (power over Ethernet 802.3af), as per the riser diagram, in addition to at least two GBIC/SFP modular slots. Each edge switch stack shall be connected to the distribution layer switches via 2x1GbE (1000 Base-LX). The uplinks shall be upgradeable to 10GbE . - The edge switches at each apartment level shall be 8/12/24/48 port auto negotiating 10/100/1000 Base-TX.

 Edge switches at the floor level meant for public spaces shall have the ability to be connected to external redundant power supply.

 - The switching capacity /switching fabric shall not be less than 64 Gbps per switch. 

- Packet classification at Layers 2/3/4 at wire speed to provide security, filtering, and quality of service at the edge of the network.

 - Ability to aggregate ports from different switch stack members and operate in Active/Active load

-sharing mode either Fiber/Copper.

 - IPv6 &IPv4 support.

NETWORK MANAGEMENT SYSTEM The proposed NMS shall include a suite of applications to provide tools for multi-layer topology support, fault and performance management, network visualization, and statistics gathering. The fault and performance management tools shall enable multi-device alarm and event correlation; proactive base lining and threshold; and RMON performance management. It Shall include the ability to aggregate faults and provide detailed descriptions and solutions for faults. The visualization tools shall provide insight into the Internet, intranet, and the physical network, enabling users to better organize network resources. The offered NMS shall be able to manage larger and more complex Ethernet networks. It shall have the flexibility to grow as the network grows. The key requirements for the NMS are: - Ease of managing and troubleshooting Ethernet networks - Automated discovery and display of Ethernet topology and devices - Consolidation and correlation of network faults - Powerful diagnostic functions for multicast, unicast, and WAN protocols - Real-time performance analysis - Scalability and security for managing large networks

 2.4 CUSTOMER PREMISE EQUIPMENT Customer premise equipment must support following features. A. Voice Features:- - 

T1 ISDV PRI, CAS. - ISDN BRI - FXS, FXO - Direct Inward Dialing - Codec Supported G.711 A law, U law G.726, G.723.1, G.729A B. WAN, LAN and Routing Features:- - IPV4, IPV6 Support, including IPV4 – IPV6 tunnels - Static routing, RIP VI/V2, OSPF. - Inter-VLAN routing, Policy-based routing - ACL, NAT, GRE tunnel C. Ethernet LAN - 10/100/1000 Base-TX, 100/1000 Optical SFP. - VLAN, 802.1p, 802.1q, 802.1ad, 802.1x, 802.1s, 802.1ag

D. WAN Layer 2 - T1/E1, both Data and TDM, including ISDN-PRI support. - ISDN BRI (U and S/T). - ADSL E. WAN Layer 3 - PPP. - PPoE. F. IP Multicast - IGMP V1/V2/V3 for IPV4, MLD Vi/V2 for IPV6 - PIM-SM for IPV4 and IPV6 G. MPLS - LDP - RSVP-TE, OSPF-TE H. QoS - RED, WRED, Diffserv. - Traffic policing - 8 level priority class based queuing - VLAN classification (Port, Subnet or protocol-based). I. Security Features - IPSC VPN, NAT-traversal - DES / 3DES, AES, SHA, MD5 - Site-to-site and remote access support - VPN Tunnels - Stateful packet filtering. - Preventions of DDoS attacks. - Policy based NAT. - Zone Support - ACL J. Management - Telnet, SSHV2, SFTP, PAP, CHAP, SNMPV2, Syslog. DHCP, RADIUS, TACACS+, TCL Scripting.

Comments

Post a Comment

Popular posts from this blog

PUBLIC ADDRESS SYSTEM

Image
  PUBLIC ADDRESS SYSTEM GENERAL:  A. The Contractor will outfit and introduce all hardware, adornments what's more, material needed for the establishment of the predefined frameworks.Any material and additionally gear essential for the legitimate activity of the framework not indicated or portrayed in this will be considered piece of these details. The gear depicted and outfitted under these particulars will be the standard result of one of the satisfactory producer  B. Sound/paging framework will comprise of however not restricted to the accompanying : twofold tape player, smaller plate player, equalizer, computerized commentator, CD player, program selector, a focal control/appropriation rack with blender intensifier, power enhancer, roof and divider mounted boisterous speakers, mouthpieces, speaker select unit, blower board, screen board and intersection board. Sound framework hardware will be given maker's standard bureau rack.  C. Give total drafting public loca...
Read more