Web viewFor Linux OC, it is required to collect statistical data on performance and settings of kernel ... multiplexing system, the client operating

711Date Sheet Sheets

Checked by Kramarenko M.G. February 28, 2017Checked by Mikhaylov A. L. February 28, 2017Checked by Shcherbakov O.A. February 28, 2017Developed by Khaustov G.A. February 28, 2017

TERMS OF REFERENCEto retrofit the technology network

to transmit the data in integratedsecurity system

of Marine Terminal and in West Region JSC CPC-R

JSC CASPIAN PIPELINE CONSORTIUM-R

TECHNOLOGY DEPARTMENT

TELECOMMUNICATIONS GROUP

APPROVED:

consultant on IT, communications, and control systems

_______________________ P. Wetterer

____ ___________________ 2017

TERMS OF REFERENCE

for upgrading the process network to transmit data in the integrated security system

of Marine Terminal and in the West Region

2017






Approvals sheet

CPC-R Design Group 1 Perov A. A. Engineer on Telecommunication

and Control Systems

2 Tovkan A. V. Senior Electric Power Supply Engineer

CPC-R Security Department3 Kozhekin M. A. Manager on Integrated Security

Systems4 Syromyatenko S. V. Senior Engineer of the

integrated oil pipeline security system (ISDN)

Technology Department 4 Savchenko K. I. Head of Telecommunications

Group5 Khaustov G.A. Lead Telecommunications

Engineer6 Mikhailov A.L. Telecommunications Engineer7 Kramarenko M.A. Telecommunications Engineer8 Shcherbakov O.A. Telecommunications EngineerMaintenance Department CPC-R9 Kunitsyn P. Yu. Lead Electrical Engineer10 Promyshlyaev A. V. Lead Electrical EngineerPrice control group 11 Barinova T. A. Head of Price Controls Team Procurement department12 Gilvanov A. Sh. Lead Procurement Expert






Table of contents

1. General................................................................................................................................72. Regulatory and technical documents......................................................................................83. Definitions...........................................................................................................................94. Overview and description of the work....................................................................................95. Requirements for conducting FEED survey.....................................................................136. Requirements to carry out fire prevention measures............................................................147. Requirements to develop survey and construction and assembly cost estimates.................148. Requirements to issuing documentation...............................................................................149. The rules to present, review and accept the design and cost estimate documentation (CED)...................................................................................................................................................1510. Requirements to comply with the Company approvals......................................................1511. Requirements to security regime........................................................................................1512. Requirements to generating functional design specifications for ISDN network having unit to integrate with monitoring and control systems.....................................................................1513. Requirements to developing network architectures............................................................1614. Requirements to developing functional diagrams of ISDN network and ISDN network monitoring system.....................................................................................................................1615. Requirements to format of project execution plan..............................................................1616. Test requirements................................................................................................................16

16.1 General..........................................................................................................................1616.2 Conceptual tests............................................................................................................1616.4 Local tests.....................................................................................................................1816.5 Integration tests.............................................................................................................1816.2 System Performance Testing and MTBF......................................................................19

17. Requirements to calculation of the optical budget..............................................................1918. Development of solutions and ways to increase the bandwidth to transmit video traffic.. 1919. Analysis of consumed power capacity in system’s nodes. Estimate of consumed power. Requirements to new UPS........................................................................................................2020. Information on existing backbone telecommunication network.........................................2021 Requirements to the network core level...............................................................................22

21.1 The architecture of the existing network core...............................................................2221.2 Dynamic routing protocol OSPF1................................................................................2421.3 Topology.......................................................................................................................2421.4 Addressing....................................................................................................................2421.5. Fast OSPF convergence...............................................................................................2421.6. Optimization of OSPF timers.......................................................................................2521.7 Optimization of Carrier Delay Timer...........................................................................2521.8 Implementation of BFD mechanism.............................................................................2521.9 Optimizing transmission of link status.........................................................................2521.10 SPF calculations..........................................................................................................25121.11 Maximum amount of paths 2....................................................................................2521.12. Authentication............................................................................................................2521.13 Recording OSPF System messages............................................................................2521.14. OSPF optimization (incremental ISPF update)..........................................................2521.15 Label Distribution Protocol (LDP) for Multiprotocol Label Switching (MPLS) 2....2521.16. Ethernet service transmission technology over a network having Multiprotocol Label Switching (EOMPLS)...........................................................................................................2721.17 The technology of virtual private networks................................................................2721.18. Configuration of MP-BGP protocol...........................................................................2921.19. VPLS..........................................................................................................................30






21.20. L2 VPN......................................................................................................................3021.21 Support of synchronous Ethernet................................................................................3121.22 Interaction with existing network...............................................................................31

22 Requirements to distribution level of ISDN network..........................................................3123 ISDN Network Access Level...............................................................................................3224. The safety and the management of network equipment.....................................................3325 Quality of Service QOS.......................................................................................................3426. System Time Synchronization in ISDN network................................................................3627. Protecting the control plane and data transmission infrastructure......................................3728. The requirement to AAA model.........................................................................................3729. Requirements to standardize equipment selected...............................................................3930. Requirements for the network storage subsystem..............................................................3931. The concept of virtualization subsystem.............................................................................4132. Composition of existing ISDN network management unit.................................................4233. List of sites and the scope of commissioning work............................................................45

33.1 General requirements....................................................................................................4533.2 CPC Marine Terminal...................................................................................................46

33.2.1 On-shore Facilities.................................................................................................4633.2.2 Tank Farm..............................................................................................................47

33.3 PS8................................................................................................................................4833.4 PS7................................................................................................................................4833.5 PS Kropotkin.................................................................................................................4933.6 P0037 PS-5....................................................................................................................4933.7 P0036 PS-4....................................................................................................................5033.8 Main line block valves (MLBV)...................................................................................5033.9 Main line block valves (MLBV) supporting E1 communication channels..................50

34. Technical requirements to communications equipment.....................................................5034.1 Requirements to core level routers...............................................................................5034.2 Requirements to AC/DC L3 device of the network access level for MLBV................5434.3 Requirements to AC/DC L2 (with an option to activate L3) network access devices. 5834.5 Requirements for AC/DC L3 network distribution level devices.................................5934.6 Requirements to AC/DC L2/3 network devices of DPC distribution level..................6134.7 Requirements to AC/DC SAN switches.......................................................................66

35. The qualification and managing work requirements..........................................................6836. Requirements to set out warranty obligations.....................................................................6837. Insurance.............................................................................................................................6938. Requirements to format the technical proposal of the tender.............................................69

List of abbreviations:

AS Autonomous system

BGP Border Gateway Protocol

BPDU STP frame

CDP Cisco Discovery Protocol

CE Customer Edge






COPP Control Plane Policing

COS Class of service

DSCP Differentiated Services Code Point

EoMPLS Ethernet over MPLS

EBI Enterprise Buildings Integrator

DVM Digital Video manager

Ethernet Packet Data Transfer

HSRP Hot Standby Router Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

L2 OSI model level 2

IQ Access Control System

L3 OSI model level 3

LACP Link Aggregation Control Protocol

LAN Local Area Network

LDP Label Discovery Protocol

LFIB Label Forwarding Information Base

LSP Label-switched path

MAC Media Access Control

MD5 Hashing Algorithm Message Digest 5

MEC Ether-Channel

MP-BGP Multi-protocol Border Gateway Protocol

MPLS MultiProtocol Label Switching

MTU Maximum Transmission Unit

NSF Non-stop Forwarding

NTP Network Time Protocol

OSI Open Systems Interconnection

OSPF Open Shortest Path First

PAGP Port Aggregation Protocol

PE Provider Edge

PFC Policy Feature Card

PVLAN Private VLAN






QoS Quality of service

RD Route Distinguisher

RED Random Early Detection

REP Resilient Ethernet Protocol

RFC Request for Comments

RSTP Rapid Spanning-Tree Protocol

SDH Synchronous Digital Hierarchy

SF Shore Facility

SNMP Simple Network Management Protocol

SPF Algorithm of Shortest Path First

STP Spanning-Tree Protocol

SVI Switched Virtual Interface

TCP Transmission Control Protocol

TF Tank Farm

UDP User Datagram Protocol

USB Universal Serial Bus

VLAN Virtual Local Area Network

VPN Virtual Private Network

VRF Virtual Routing and Forwarding

WAN Wide Area Network

AS Autonomous system

BWI Block Out of Band

FPS Future Pump Station

OCC Operations control center

CPC Joint Stock Company Caspian Pipeline Consortium-R

MLBV Main Line Block Valve

MT Marine Terminal

PS Pump Station

TF Tank Farm

BOCC Back Up Operations Control Center

ISDN Integrated Security Oil Pipeline System

OS Operating System






CI Computing Infrastructure

VSS Virtualization subsystem

SW Software

1.General.

1.1 Technological integrated security data network (ISDN network) ensures functioning of the integrated security system, transmitting video traffic, traffic of IP telephony in mainline block valve shelters, traffic from access controllers and security perimeter sensors in each CPC production facility.

1.2 ISDN network consists of new equipment to be installed within the scope of the expansion project and the project to upgrade outdated equipment operating since 2005. Spare parts for all equipment, including installations of the expansion project, are not commercially available. The type of equipment requiring replacement is shown in Table

Table 1.1Equipment Designation Date sales

discontinue Switch WS-3550-24-DC-SMI Access layer switch July 5, 2010Switch WS-C2950-12 Access layer switch September 4, 2004Switch WS-ME3400-24TS-D Access layer switch January 9, 2014






Switch WS-ME3750-24TE-M Access layer switch August 29, 2011Switch WS-ME6524GT-8S Access level/ recovery/ core layer switch March 31, 2012Router Cisco 7606-S Core router July 24, 2016Router Cisco 7606 Core router April 11, 20087600-ES20-GW3C Line card March 31, 2011RSP-720-3C-GE Supervisor - Control Card March 31, 20127600 ES + Linear core map November 29, 2011

1.4 Backbone network communication channel bandwidth in upgraded section requires an increase to 10 GigabitEtehrnet and support of synchronous Ethernet technology.

2. Regulatory and technical documents.

Publications listed below form an integral part of the technical requirements to be considered by Contractor at the designing stage. Except as modified in accordance with the requirements specified in this document it is required to follow the latest editions of each of regulatory document with amendments applicable at the time of executing the agreement. The works mentioned as meeting the technical requirements should be made in accordance with applicable provisions of these published regulatory documents (or equivalent Russian Standards).

2.1 The Electronic Industries Association.-TIA/EIA-TSB67 Technical specification of data channel during operational testing UTP cables;-TIA/EIA-TSB72 Guidelines on developing centralized fiber-optic cable networks;-TIA/EIA-568-A TIA/EIA-568-B Standard for cable communication lines developed inside industrial buildings;-TIA/EIA-569-A TIA/EIA-569-B Standard for route and space to accommodate communication lines inside industrial buildings;-EIA/TIA570 Standard for wired communication lines in residential areas and inside industrial buildings;-TIA/EIA-606 Standard to set up communication infrastructure and data transmission inside industrial buildings;-TIA/EIA-607 Requirements for grounding and connection of buildings hosting communication equipment by communication lines inside industrial buildings;-TIA/EIA-TSB75 Methods of horizontal laying additional cables inside office areas having

common usable open space.

2.2 Institute of Electrical and Electronic Engineers.-IEEE 802 Local and urban Networks - General provisions and architecture;-IEEE 802.7 Recommended methods to develop broadband local area networks;-IEEE 802.8 Technical Advisory Group on fiber optics.

2.3 ETL Testing Laboratories.- Documentation package for planning development of cable communication systems to be submitted to ETL;-ISO/IEC 11801 14763-1 14763-2 TIA/EIA568A 569A 607 Standard for indoor cabling;-CENELEC EN-50173 European technical requirements for cables;- Recommendations of IEC 61754. Fiber Optic Connector Interfaces, IEC 61755-1. Fiber optic connector optical interfaces;-Recommendations IPC -8497-01 (Optoelectronic Assembly and Packaging Technology) Cleaning Methods and contamination Assessment for Optical Assembly.

2.4 GOST, RD, and CPC internal documents.- Design work on implementing SCS and documentation is developed in accordance with GOST Series 34 and Series 19;- GOST 12.1.030-81 Occupational Safety Standards System. Electrical safety. Protective earthing, neutral connection;-GOST 464-79 Earthing for fixed installations of wired communication, relay stations, broadcasting, wire broadcasting nodes and antennas of communal TV receiving systems. Resistance Standards;- GOST R 50571.2-94 Electrical installations in buildings. Part 3. Main characteristics;- GOST R 50571.3-94 Electrical installations in buildings. Part 4. Requirements for Safety. Protection from electric shock;-GOST R 50571.10-96 Electrical installations in buildings. Part 5. Selection and assembly electric equipment. Chapter 54. Earthing and protection conductors;






- GOST 21.110-95 Guidelines to develop specifications for equipment, assemblies and materials;- OST 45.88-96 Industrial Standardization system. The procedure to develop industrial guidance documents;- OSTN-600-93 Industrial construction and technological Standards to develop facilities and devices for communication, radio and television broadcasting;-VSN-332-93 Guidelines on designing electrical wire installations in companies and structures aimed at wire broadcasting, radio and television broadcasting;-VSN 600-IV-87 Safe work practice during installation of process equipment and electric feeding devices;-VSN 332-93 Guidelines on designing electrical installations at enterprises and telecommunication, wire broadcasting, radio broadcasting and television installations;- Generating text documentation is made in accordance with RD 50-34.698.90 Information technology. Methodical guidelines. Set of Standards applied to automation systems. Automated systems. Requirements to composition of documents;-VRD CPC 107. Specification for structured cabling system;-RD 34.21.122-87 Guidelines on developing lightning protection in buildings and structures;-RD 45.091.195-90 Guidelines on designing telecommunication systems. General requirements and Standards for grounding equipment, cables and metal structures;- RD CPC Guidelines on Operating CPC FOCL;-RD 45.190-2001 Guiding industrial Document Elementary cable section in fiber optical transmission line; Standard Program of acceptance tests;-RD 45.155-2000 Guiding industrial document Grounding and potential bonding in FOTL equipment at wired communication facilities;- Guidelines of using optical cables, passive optical devices and devices for welding optical fibers. Order Mininformsvyaz No 46 dated April 19, 2006;-Standard NIST, FSTEC in scope of application to the project;-MDS81-35.2004. METHOD TO DETERMIN THE COST OF CONSTRUCTION PROJECT IN THE RUSSIAN FEDERATION MDS 81 - 35. 2004-GOST R21.1101-2013 NATIONAL STANDARD OF THE RUSSIAN FEDERATION System of project design documentation THE MAIN REQUIREMENTS TO DESIGN AND DETAIL DESIGN DOCUMENTATION-Ordinance of the Government of the Russian Federation dated February 16, 2008 No 87. On composition of design documentation and requirements to their content.-Ordinance the Government of the Russian Federation dated September 26, 2016 No 969 On approval of requirements to the functional properties of means to ensure secure transport and the Guidelines of compulsory certification of means of transport security- Order of the Federal Communications Agency on October 31, 2016 No. 237 "On giving the organization subordinate to the Federal Communications Agency the authority to perform procedures related to the mandatory certification of technical means of transport security"- Order of the Federal Communications Agency of December 23, 2016 No. 278 "On approval of methods for conducting certification tests of the functional properties of technical means of communication, receiving and transmitting information to ensure transport security and the form of a certificate of compliance"- Order of FGBU MIR IT Center dated March 27, 2017 No. 26 "On approval of the Regulations on the body for certification of technical means of ensuring transport security with respect to communication facilities, receiving and transmitting information"

3. Definitions.

Customer: The Joint Stock Company Caspian Pipeline Consortium - R.Contractor: Company winning the tender for designing, procuring, upgrading ISDN network and ISDN network management system.ISDN network - an integrated CPC pipeline security network.Network OTN2500 - is a redundant SDH network of STM16 level in double ring topology manufactured by OTN Systems.

4. Overview and description of the work.

4.1. Design and construction work should be performed by an organization having access to SRO or having other legally established permits for this type of activity; the company should have at least 3 year experience in the subject area.






4.2. All works are carried out at the facilities of the Marine Terminal and in the Western region of the CustomerThe list of Customer sites for FEED surveys-Krasnodarsky Territory, Novorossiysk city, Primorsky county, CPC Marine terminal, CPC Shore Facilities, CPC Tank Farm, Main valve stations KP 1499, KP 1498, CPC Marine terminal Shore Facilities.-Krasnodarsky Territory, Krymsk city, PS 8,-Krasnodarsky Territory, village Staromyshastovskaya, PS 7,-Krasnodarsky Territory, Kropotkin city, State Farm Kuban Flowers, PS Kropotkin,-Stavropolsky Territory, Izobilniy city, PS 5-Krasnodarsky Territory, mainline valve station shelters at KP 1489, 1482, 1476, 1459, 1433, 1412, 1410, 1395, 1374, 1373, 1353, 1349, 1348, 1312, 1293, 1268, 1253, 1237, 1215Radio mast shelters R1459, R1353-Stavropolsky Territory, mainline valve station shelters at KP 1193, 1192, 1165, 1159, 1138Radio mast shelters R1138

4.3. Requirements to work composition.

Contractor should engage into the following scope of work:Scope of work Documents subject to approval

FEED survey in line with requirements of Item 5 for facilities specified in Item 4.2Compilation of the Bill of Separation of equipment and materials.Designing the Plan of works on FEED survey.

The plan of work on FEED survey.Report on FEED survey with accompanying and analytical materials.Separating bill of equipment and materials.Certificate on FEED survey.Documents in Russian.

Detailed technical analysis of ISDN network equipment configurations in Marine Terminal - West region.Developing recommendations on existing configurations, network elements, and address plan.

Report on technical configuration and recommendations for network configuration and management elements with analytical materials.

Documents in Russian.Feasibility study on choosing communications equipment with data analysis not limited to the following list:-Total cost of ownership (including the cost of equipment, the cost of service contracts, the cost of repairs),-Support for all technology and equipment intended use,- The presence of a representative office of product manufacturing company in the Russian Federation,-Ensuring the Customer's access to the information database of identified defects and vulnerabilities on the manufacturer's website,-The presence of a complete and accessible operations package of documentation on the manufacturer's website- MTBF,- operational conditions,-compatibility with operating equipment,-Analysis of risks of failure in implementing a chosen migration strategy-availability of authorized training centers involved in retraining specialists on work with OEM equipment.Certification of equipment intended for installation to meet the requirements of Resolution of the Government of the Russian Federation No. 969 dated September 29, 16 with confirmation from controlling and regulating authority. Provision of certificates of technical means for ensuring transport security with regard to communication facilities, information reception and transmission.

Datasheets for equipment and materials having a complete description of required functionality, separate books describing equipment, network equipment, server hardware, storage, virtualization and management systems, and network monitoring.

Feasibility study on choosing ISDN network equipment, software and hardware to monitor the system of ISDN network.Valid Rossvyaz compliance certificates.Report on the results of a study on certifying the equipment as complying with requirements set forth in the Ordinance of the Government of the Russian Federation No 969 dated September 29, 2016 validated by the supervisory and regulatory authorities

Documents in Russian and English.

Development of the specifications on functional designing ISDN network with integration of systems monitor and control unit.(Item 12)

Development of functional diagrams of ISDN network

Specification on the functional ISDN network design with integrating the system monitoring and control unit.

Functional diagrams of ISDN network and the system to monitor ISDN network.






and the system of ISDN network monitoring.(Item 14)

Development and coordination with the Customer (Item 16) of the following:- procedures of test bench stand-alone testing of the whole new network.- procedures of local testing at CPC sites.- procedures of integrating testing.- procedures to test the performance of the entire system, taking into account migration of resources to be connected to the network.

Terms of information security with network infrastructure for network equipment, servers, operating systems, virtualization, storage systems used in the project.

Staging acceptance test. Management system acceptance test. Local CPC site acceptance test.System integration test.System performance integration test.Documents in Russian and English.

Development of network architecture for each site (Item 13).Development of general network architecture (Item 13)Development of network equipment configurations, virtualization and storage systems.Calculation of optic budget for communications channels (Item 17).

Analysis of consumed power capacity in system’s nodes. Estimate of consumed power. Requirements to new UPS.(Item 19)

Developing IP address plan for the whole network.

Development of solutions and ways to expand the bandwidth in communication channels to transmit video traffic (Item 18).

Detailed documentation, including:The overall ISDN network architecture.ISDN network architecture for each PS in the West Region.ISDN Network Architecture of Marine Terminal. On-shore facilities.ISDN Network Architecture of Marine Terminal. Reservoir Park.ISDN network architecture in unit to control networks in main and backup operations centers.ISDN network architecture of shelters in the West region.ISDN network architecture in radio shelters.ISDN network architecture in shelter of water wells at Marine Terminal.

ISDN address plan. Main IP-addresses.ISDN address plan. IP-addresses to control network devices.ISDN address plan. IP addresses of resources.Detailed design drawings (for each site):

1) Layout of ISDN network equipment in communication racks at PS sites

2) Layout of ISDN network equipment in backbone shelters

3) Layout of ISDN network equipment in PS shelters

4) Intercabinet ISDN connections5) Intracabinet ISDN Network

connections6) Wiring diagram for the power

supply and grounding connection7) Cable connection list8) General information on ISDN

Network configuration plan.Plan of configuration of virtualization, storage and backup systems.The explanatory note on the cost estimates for ISDN network.Bill of work scope for ISDN network.Local cost estimates for the projects to be upgraded.Consolidated cost estimate.All documents are in Russian and English.

Staging acceptance test (Item 16) Report on the staging acceptance test.Documents in English and Russian.

Developing project to execute work at CPC facilities. Work execution plan at CPC sites providing for installation of hardware and migration of services.






Documents in English and Russian.

Supply, installation and commissioning the equipment.Conducting local tests.(Item 16)Contractor should provide for safe keeping the equipment and materials to be installed at CPC facilities.

Local test report.Equipment installation Certificate.Documents in English and Russian.

System integration test (Item 16) Report on the System integration test.Documents in English and Russian.

The migration of network security resources to a new ISDN network.

Report on migrating network security resources to the new network.Documents in English and Russian.

System performance integration test (Item 16). Report on performance testing procedures.Documents are in English and Russian.

Development and submission of executive project documentation.

Package of as-built documentation.Technical data sheets or forms on equipment installed and materials used, or other documents confirming the quality of equipment and materials used.Package of operating documentation.Certificates on results of measuring insulation resistance in all power cables indicating the measurement objectives, environmental conditions during the measurements, the measurement results, the measurement error, measuring instruments giving the type, serial number, the date of the next verification and a copy of the verification certificate, official statement on compliance with requirements of the regulatory documentation, bearing signatures of experts conducting the tests and the head of electric-engineering laboratory)List of used testing equipment and measuring instruments indicating titles, types, serial numbers, measurement accuracy class, date of the last and the next validation sessions.Grounding resistance Certificate.Certificate of testing circuit breakers.Bill of installed equipment and leased materials and equipment.Certificate of acceptance testing the equipment.Certificate on handover of equipment to assembly.Certificate of completion of installation.The log with comments and suggestions on the assembly work.Corrected data confirmed by results of all test to verify specification of ISDN functional network design and the system of monitoring and managing ISDN network.Functional diagrams of ISDN network having adjustments introduced and confirmed by testing results and the sane for the network monitoring and management system.Documents are in English and Russian.

Procedure of warranty registration and meeting warranty obligations on upgrading equipment, including upgrades obtained.

The procedure for replacing faulty equipment having unexpired warranty term.The procedure of updating software using






firmware releases and fixing vulnerabilities.Documents are in Russian.

Development of procedures and user manuals, as well as Standard procedures for systems.

Developing regular maintenance procedures for Regulation of regular services for ISDN network.Developing emergency procedures to maintain ISDN network.Guidelines on developing ISDN network subsystems (virtualization, storage systems, SAN switches).Guidelines on backing up and recovery.ISDN Network User Guide.ISDN Network Administrator Guide.

Documents are in Russian.Developing plan on retraining personnel operating the network infrastructure (10 people).Generation of teaching materials.

Plan for retraining and training of personnel.Conducting training by a OEM manufacturer for two groups of 5 people having a gap in time.Educational materials

5. Requirements for conducting FEED survey.

5.1 Contractor should carry out a mandatory FEED survey making a site visit to the work area through obtaining ahead of time permits, passes, issuing permits to access the customs area of CPC marine terminal and undergoing induction in accordance with the rules, applicable at the time of the visit to CPC sites. No earlier than two weeks prior to the onset of FEED survey Contractor should develop and approve with the Customer a detailed FEED survey Work Execution Plan.

5.2 FEED survey should give all necessary and sufficient information for high quality designing and clarifying all issues before proceeding with implementation of the project.

5.3 According to the results of FEED survey it is necessary to do the following:- develop a report with the accompanying and analytical materials;- develop a separation bill for equipment and materials;- execute a certificate of inspection of the project site with the responsible CPC Telecommunications Group

engineer listing the information obtained.5.4 If it turns out during design and construction work that an additional surveys are required this extra

work should be carried out by Contractor resource without escalation of the Contract price.5.5 During FEED survey Contractor should study and make a report comprising without limitation the

following: Topological architectural scheme of ISDN network; Address plan of ISDN network; The composition and the logic of work of the active network equipment at the core level; The composition and the logic of work of the active network equipment at the distribution

level; The composition and the logic of work of the active network equipment at the access level; The composition and the logic of work of the server equipment in CCTV DVM system; The composition and the logic of work of access control of IQ system server equipment; The composition and the logic of EBI server equipment; Logic of interaction between ISDN systems; The composition and logic of voice telephony equipment; The composition and logic of systems to monitor ISDN network; Configuration of the whole network equipment in all network segments; Development configurations in operating equipment planned for connection to the

virtualization storage systems; The results execution of test instructions; FOTCL optic data sheets; Parameters of virtual machines, their composition, and running services; The current load on UPS, a survey of the cooling and ventilation system status; Electrical power supply circuits and grounding; Schemes to layout optical fibers in MDF; SCS cabling logs, inter-rack and intra-rack connections; The basic principles of marking communications equipment and communication cables;






Layout of communications racks, their location and location tolerances; For Linux OC, it is required to collect statistical data on performance and settings of kernel

configurations using open source tools such as collect, cfg2html. Design should provide for detailed overview of the three key components of systems CPU, memory, and I/O stack; To carry out analysis of updates for Linux, Windows, network equipment, storage and

virtualization systems, for software installed in ISDN network management systems. Verification of the current configuration settings in communication and ISDN control systems

with the best practices to ensure availability, security and performance. Performance evaluation of all communication and control systems A full identification of all resources connected to ISDN network in West Region and at On-

shore Terminal (asset hardware and software inventory) Scanning systems (ISDN networks, servers, workstations, and storage virtualization systems)

to detect vulnerabilities using security scanners

6. Requirements to carry out fire prevention measures

All work should be carried out with the implementation of the following requirements: Federal Law No 123 Technical Regulations on fire safety requirements, norms of fire safety; Guidelines on fire safety in the Russian Federation (as amended on February 17, 2014), in scope of

requirements set forth to manned areas; Guidelines on fire safety in operations of the pipeline system of JSC CPC-R, VRD CPC 77.01.2012*.

7. Requirements to develop survey and construction and assembly cost estimates.

7.1. The cost estimate should be developed according to MDS81-35.2004.7.1.1 The cost estimates for survey work should be developed per format 2P or 3P. Provide information on composition of sections of the project indicating names and number of pages in each section.7.1.2 The cost estimate documentation should be generated using a basic indexing method applying regional unit prices (TER) in updated version. In cases when basic rates TER-2001 are not available is required to follow updated federal rates FER-2001. To move to the current level of prices applied it is required to apply indexes on cost items published by the Regional Center for Pricing in Construction to be applied in the Ministry of Construction, architecture and road infrastructure.7.1.3 Overheads and profit estimates should be determined using MDS 81-33.2004 and MDS 81-25.2004 taking into account clarifying letters issued by Gosstroy No 2536-IP/12/GS dated November 27, 2012, Rosstroy No AP-5536/06 dated November 18, 2004 and the recent updates thereof.7.1.4 Chapter No 8 and No 9 of the consolidated cost estimate should include other works and costs in accordance with Construction method statement and MDS81-35.2004.7.1.5 Chapter No 10 should include costs according to MDS81-35.2004 and the Ordinance of the Government of the Russian Federation No 468 dated June 21, 2010.7.1.6 The contingency cost and expenses should be calculated according to MDS81-35.2004.7.2. The cost estimates should have an addendum providing for justification for the cost of materials and equipment to be purchased on supplier’s price list (through manufacturer or authorized dealer) with detailed description of the technical and functional specifications in data sheets for equipment (engineering data sheets, certificates of compliance and so on) and materials in scope sufficient to justify cost calculations.7.3. Develop a bill of works. Bill of works for the entire project should be developed as a separate volume (book), the site cost estimate and the explanatory note thereto should be translated into English.7.4. Detail design documentation, bills of works, specifications, cost estimates and documents confirming the prices of equipment and materials (correction factors, prices, etc.) should be sent through the Document-control into the price control group (PCG) for getting an official opinion.

8. Requirements to issuing documentation

8.1 Detail and executive documentation should be issued as 2 hard copies and in electronic format as .pdf, .word, .excel, .autocad format (versions no later than 2012) or .visio on CD (in part of applicability to the type of the document developed).If a document is issued as bilingual, 2 copies in each language should be submitted.Cost estimate should be available as a hard copy and as an electronic document in PDF, Excel, and XML formats (in exceptional cases as a file in unified exchange block format ARPS 1.10).






8.2 Contractor should approve the documents using the Document Control System of the Customer. The layout of detail design and executive documentation should comply with the Company Guidelines and Guidelines of Design Bureaus to generate the project design documentation.8.3 Approval (review) of the document set is organized using the system of Document control of the Customer through uploading the set of the documentation tested to the Company website and signing the sheet of the multi-discipline review. As soon as the sheet of the multi-discipline review is signed by the Customer the engineering solutions are deemed agreed and the design project documentation is getting an approval by the project design Company supervisor; following this Contractor starts developing BOW (bill of works) and cost estimating documentation.

9. The rules to present, review and accept the design and cost estimate documentation (CED)

To follow requirements of regulatory documents effective in JSC CPC. The documentation developed by the JSC CPC Contractor should be subject to interdisciplinary review by appointed employees of Contractor.

10. Requirements to comply with the Company approvals

Contractor coordinates the project documentation with all stakeholders in accordance with effective regulatory and legislative documents, coordinates the split sheet for materials and equipment as well as the composition of the cost estimates and manufacturers of main equipment and materials.

11. Requirements to security regime

The security regime requirements should be established in accordance with requirements set forth by the Security Function of JSC CPC-R for conditions of operating enterprise.

12. Requirements to generating functional design specifications for ISDN network having unit to integrate with monitoring and control systems.

Specification of functional design should ensure that:- the technical solutions are outlined in detail indicating the technical Standards and RFC specifications;- describe in detail logical system architecture in each network hierarchy level (core, distribution,

access, aggregation);- contain description of settings, test instruction command blocks specifying parameters and methods

for monitoring and management in network management systems;- provide for permissible boundary conditions of network protocols and parameters describing required

mib component to interact with the network management system;- describe the fundamental engineering solutions based on the life-packet principle featuring detailed

analysis of output of test instructions;- describe the process of integration into the network and configuration in operating virtualization, and

storage systems as well as setting their failover features and corruption resiliency- describe methods to optimize reliability indicators and availability of services using existing

equipment, the analysis of convergence protocols used in the network;- contain the calculation of required amount of spare parts to maintain desired level of network

availability over the period of network start-up, network operations, to establish specifications for materials and equipment necessary for the network operations

- describe the main methods to diagnose failures and response to them- contain guidelines on information security describing the network infrastructure (security check-list)

for network equipment, for the storage and virtualization systems- determine the norms of consumption and composition of the measuring and testing equipment to carry

out network maintenance and repair- describe the strategy and plan of migration, stages of replacing outdated equipment without impact on

the functionality of the system and to switch resources from the old network to the new one.






13. Requirements to developing network architectures.Network architecture should define all network elements, depict the physical connections between the

equipment indicating equipment tags and elements of a structured cabling system (SCS) identifying all intermediate passive SCS components. Marking equipment and SCS should be carried out in accordance with the schemes used by the Customer.

14. Requirements to developing functional diagrams of ISDN network and ISDN network monitoring system.

Logic diagrams of interacting network components should contain information on VRF/VPN, on the nature of these interactions, the circuit diagrams at VLAN level, address information in transport subnets, subnet access levels, core and distribution, description of route summing schemes, redistribution route schemes, methods of using tagging techniques indicating the methods and locations to avoid route looping. Network interaction diagrams are developed for each upgraded network node (PS, segments in main valve shelters, Marine Terminal)

15. Requirements to format of project execution plan.

The project execution plan to install and commission ISDN network upgrading should be developed on the basis of the Guidelines to develop and approve project execution plans (PEP) for Contractors engaged in work on control and communication systems approved as part of the document No CPE-GENR-TEC-PLN-CNI -0000-00003-00.

The initial data should contain a project design approved for work execution, specifications of the functional design and proven test results, information on the number and types of machines planned for use, mechanisms, measuring equipment and skilled workers broken down into disciplines with copies of documents proving the qualification of personnel, information, on conditions in operating roads to be used, utility lines of other companies, information on safe work conditions and environmental protection, a copy of instructions on appointing persons responsible for supervising work on site.

16. Test requirements.

16.1 General.Contractor should carry out tests in accordance with all applicable Russian regulations, with Standards

and regulations, including international Standards. If case supervising organizations require additional or special tests, Contractor should engage into carrying out further testing. All such additional tests and activities are included in the fixed cost of Contractor.

16.2 Conceptual testsThe concept testing to select the network equipment should be conducted to confirm the characteristics

declared by equipment manufacturer, to run load tests and prove compliance with information provided in Certificates, in Standards and in solutions proposed to implement the concepts and to confirm compatibility with technologies used in existing network.

Contractor should examine the results of concept tests listed in addenda to this terms of reference to eliminate the risk of making a wrong decision in choosing network equipment and to ensure reliability of basic technological solutions.

Contractor fully undertakes the risk of making correct choice of the type of network equipment proposed for use in this project.

If Contractor proposes using basic network equipment from manufacturers having no conceptual test results available, Contractor should carry out the conceptual test sessions inviting representatives of the manufacturer, Contractor and the Customer.

The costs on carrying out these tests should be borne by Contractor. The term of testing sessions, composition of equipment, test program should be agreed with the Customer in advance.

16.3 Acceptance stand-alone bench testingPrior to engaging into acceptance stand-alone bench testing Contractor should generate plans and test

procedures coordinating them with the Customer to ensure that the laboratory environment is ready for testing.






Acceptance bench tests are conducted after approval of the project detail design documentation covering all equipment and software to be supplied.

Rooms to be used for testing should be pre-inspected by representatives of the Customer for compliance with fire safety requirements, with electrical safety and with physical and electrostatic safety.Contractor will organize the test sessions at its own territory. Contractor should have own laboratory facilities adequate to model the whole network.

Contractor should use his own load test equipment for testing, including without limitation the following:- traffic generators,- packet and traffic analyzers,- multimeters,- optical power meter,- sources of optical radiation,- variable optical attenuators- spectrum analyzers, etc. All measuring testing equipment should not have expired validity or calibration term, it should be serviceable and safe to use. Contractor should perform all installation and dismantling activities to set up model test bench individually. All equipment of the test environment, power cables, grounding, SCS cables should be labeled featuring names of officials responsible for safety and efficiency in use.

Mounting and dismounting should include work on connecting electric power cables, grounding cables, installation of electric devices, connection of SCS cables, patch panels and other SCS components, meeting all conditions described in manufacturer requirements in safety regulation sections by each manufacturer for each type of hardware or software.Contractor should provide all necessary equipment and personnel to conduct tests. Contractor should provide 5 workstations for the Customer representatives to work during testing and free access to Internet during the tests.

The test program should include the following sections, including, but not limited to the following:- Verifying declared physical characteristics of equipment- Verifying declared l2/l3 functionality of equipment and network as a whole- Checking accuracy and functionality of device hardening- Checking functionality of all protocol types, generating alarms on snmp, Snmp-trap, rmon. syslog in

control systems- Checking network convergence and matching the calculated values, flapping stability in communication

channels- Verifying declared parameters of optical modules (optical transmission power, receiver sensitivity, the

spectrum analysis in backbone optic modules and checking spectral stability and compatibility with DWDM system transponders)

- Determining critical network operating parameters (determining system stability thresholds at elevated traffic levels, stability check during flapping in network channels, broadcast storm emulation and verification of the system stability, optimization and testing convergence of network protocols to detect deviations from design values under load testing)

- Load network testing using traffic generator and emulation of real network traffic.- Checking correct performance against QoS policies- Functional test of network security- Registering all signal parameters and comparing the data used in mib files to ensure their correctness

and accuracy.- Emulation of operating old network segment

Contractor should provide the registration document the elimination of all identified defects in software or hardware. List of all identified defects and way to fix them should be submitted to the Customer together with the test report.Contractor should provide a registration and detailed description of configuration changes; it is required to report the changes introduced into the functional specifications of the project. Contractor should control versions of configurations and software.

Contractor provides for tracking the security vulnerabilities and software defects during entire process of project implementation.

The Customer should be given access to producer online resources to access the vulnerability data base, the registry of software and manufacturer's documentation. This access should be granted before the start of the test.

The choice of software should be agreed with the Customer; it should be based on the latest releases of the manufacturer. The use of other versions of the software is justified by Contractor based on a detailed functional description.Contractor should perform all tests involving representatives of the manufacturer to eliminate defects detected.

According to results of completed tests a test report is generated and signed on the basis of approved testing procedures to form an equipment configuration plan, provide a full package of relevant documentation, including but not limited to the following:






- test results,- configurations,- copies of the software used,- software licenses,- network architectures,- technical data sheets for equipment and materials used during the test.

16.4 Local tests

Before the beginning local tests Contractor should prepare Plans and Test procedures to harmonize them with the Customer to engage in installation at CPC facilities and provide topological connectivity of the network.Local tests are carried out after the following:- the physical installation is made for equipment at all CPC facilities;- the latest released updates are installed in software used;The test program should include the following sections, including, but not limited to the following:

- Checking the actual physical characteristics of equipment and the power consumption- Verifying declared l2/l3 equipment functionality and the network as a whole- Checking accuracy and functionality of device hardening- Checking functionality of all types of protocols used, alarm signals delivered on snmp, Snmp-trap,

rmon, syslog in control systems- Checking network convergence and matching the calculated values, flapping stability in communication

channels- Checking consistency with declared parameters of optical modules- Determining critical operating parameters in the network- Checking correct performance against QoS policies- Functional test of network security- Registering all signal parameters and comparing the data used in mib files to ensure their correctness

and accuracy.- Stability and convergence of parameters of network protocols- Failover testContractor should ensure registering and documenting fixing all detected defects in software and hardware.

The list of all identified defects and the way to fix them is transferred to the Customer together with the test report.

Contractor should provide a registration and detailed description of configuration changes; it is required to report the changes introduced into the functional specifications of the project.

Contractor provides for tracking the security vulnerabilities and software defects during entire process of project implementation.

The choice of software should be agreed with the Customer and should be based on the most recent releases of the software by manufacturer.Contractor should perform all tests with the participation of manufacturer representatives to eliminate defects and faults detected.Based on results of tests the test procedures are developed and signed and the as-built and configuration work layout of equipment and network architecture is updated.

16.5 Integration tests

Prior to integration tests Contractor should prepare plans and test procedures to harmonize them with the Customer to make a complete integration of upgraded network segment with existing network as well as migrate the connected resources in security network.The test program should include the following:

- checking general system fault tolerance- emulation of emergencies and analysis of network behavior as a whole- traffic analysis and balancing the load in network segments- analysis and fine-tuning QoS at all levels of the network hierarchy- analysis and correctness of Netflow registration- analysis of system logs- conducting load tests and confirmation of system performance as a whole

The test results should be used to generate an official report on testing made.

16.2 System Performance Testing and MTBF






Before the start of performance tests Contractor should prepare plans and test procedures to harmonize them with the Customer, to make complete integration of upgraded network segment with existing network, migrate the connected network security resources and finalize integration tests in full scopeThe test program should include the following:- monitoring the network security for 2 weeks- analysis of the performance metrics in network equipment- traffic shaping and analysis of packets dropped at interfaces of upgraded network, network optimization settings- analysis of SYSLOG messages- the correct operation of all ISDN systemsThe test results should be used to generate an official report on testing made.

17. Requirements to calculation of the optical budget.

The basic calculation of the budget for the optical channels up to 2.5Gb/s should be carried out according to the formula:

LB = Ptx + G - L -M - Srx

WhereLB: is the link budgetPtx: is the minimum output transmitting power (dBm)G: is the gain level in presence of optical gain (dB)L: is the attenuation or loss over entire optical path (dB)M: is the margin of safety for receiver sensitivity (dB)Srx: is the minimum receiver sensitivity (dBm)

Typically, the margin should be greater by about 3 dB to provide the margin for time fiber degradation. This means that the optical power at the input of remote receiver should be 3 dB above the sensitivity of the receiver

Calculation for 10GigEthernet is based on the technical audit of CPC FOCL data (see report attached), accounting for chromatic dispersion values and domain-tip.

Calculation of optical budget should take into account the following:- the loss of the fiber- the loss in one parch cord and two terminals- the number of intermediate connections using optical patch cords at ODF- the type of polishing of optical patch cords.Contractor should supply all required optic patch cords taking into account the requirements of CPC to SCS specified in the latest edition of VRD 107.Contractor should calculate the optical link budget on the basis of the data sheets of items delivered and guarantee 100% checking of all optical patch cord using optical fiberscopes during in all kinds of tests according to the terms of reference to check physical integrity and optical purity.Contractor should comply with the rules to work with optical modules providing for cleaning optical equipment at all stages of the project and providing staff having all necessary materials and tools to carry out the work undertaken.

18. Development of solutions and ways to increase the bandwidth to transmit video traffic.

The bandwidth of ISDN network is not sufficient to set up work of more than 700 HD video cameras and more than 200 intercoms. To increase the capacity of the backbone communication channels it is necessary to deploy network 10 GigabitEthernet.At the time of approval of the terms of reference the wave multiplexing was not implemented. While generating proposals within the framework of the tender Contractor should allocate resources to purchase the regeneration






equipment, to make configuration, testing, commissioning and meeting warranty obligations during 4 years to deploy two regeneration areas in 10Gigabit Ethernet network.When determining the cost of works Contractor should include the work on splicing fiber optic cable FOCL on ODF in main valve shelters, the supply of optical patch cords, power cables, electric switch gear, and mounting kit to install equipment in communication racks at any specified line-pipe site specified in Item 4.2.As soon as the multiplexing system is deployed by Customer the scope of work and supply of equipment by Contractor will be adjusted accordingly and the contract value will be changed.In designing interface with the wavelength-division multiplexing Contractor should provide in the hardware specification the port capacity and optical modules with optical patch cords on network cards to connect communication equipment for connecting at least two 10GigabitEthernet channels to the wavelength-division multiplexing system, the client operating wavelength being 1310 nm.

19. Analysis of consumed power capacity in system’s nodes. Estimate of consumed power. Requirements to new UPS.

Contractor should analyze the power consumption in existing network nodes.The power consumption of installed equipment should not exceed the values of the existing equipment consumption rating without hindering capabilities of operating UPS systems.

The calculation of the power consumed should contain the following data:- Name of building/facility- Room number- Equipment part number- Brief description- Manufacturer- Redundant power unit Yes/No- The height of device in 19” installation units- AC/DC- Voltage V- Maximum current A- Cabinet- Maximum power consumption at 48V DC (W)- Typical power consumption at 48V DC- Maximum AC power consumption (W)- Typical AC power consumption- The maximum heat loss (BTU/h)- The typical heat loss (BTU/h)- Product weight

In case when new UPS should be supplied it is required to use rack-type on-line UPS, smart APC, with n + 1 batteries and design the time to work on batteries for telecom load at least 4 hours.If case the circuit breakers and power line cables do not meet the requirements of newly installed equipment Contractor should provide for their replacement. When breakers in supply lines do not meet requirements of power supply to main valve shelters in the line-pipe Contractor should provide for replacement of 0.4 kV switchboards.The grounding of newly installed equipment should be provided.When the work is in progress to install new on-line type UPS (SMART UPS) a formal request should be sent to the regional function of Chief Electric Engineer of the Customer to obtain additional points to connect to existing 0.4 kV line; this request should be sent no earlier than 2 months before the start of work on the site.

20. Information on existing backbone telecommunication network

The existing backbone fiber-optic line at the segment to be upgraded portion is made of Siemens cable A-DF (ZN) 6x6E9/125 0.36F3.5 + 0.21H18 LG.Fiber-optic cable comprising 36 OF.Manufactured by Siemens.Sketch of cable cross-section is shown in Fig. 1.






1. The polyethylene coating;2. Rip cord;3. Reinforcing cords;4. Swelling water-repellent film;5. Optical fibers;6. A module with a hydrophobic filler;7. Dielectric central member;8 Hydrophobic filler.

Fig. 1 The main parameters and features of design Optic strand consists of 6 elements having a central cable

member (CCM) of diameter 2 mm. Attenuation index, no greater than :

0.2 dB/km for a wavelength of 1.55 µm, 0.4 dB/km for a wavelength of 1.31 µm.

Tensile strength: 3.5 kN. Temperature range: -40 С…+50 С. Fiber manufactured by Corning SMF-20e,

complying with Standard G.652.D. Weight, no greater than: 137 kg/km.

Outside diameter: 13.3 mm. Number of optics fibers: 36.

Characteristics of single mode fiber are shown in Table below:

Table 20.1

Characteristics of the optical fiber Single mode cable without dispersion shiftCore diameter 8.3 µmDiameter of fiber cladding 125.0 12.0 microns Out-of-roundness of fiber cladding 11.0%Diameter of the colored fiber 250 µmThe diameter of coating 245 110 micronsConcentricity in core and in optical cladding

10.8 microns

Mode guidance beam diameter 9.20 10.50 m at a wavelength of 1310 nm10.50 11.00 microns at a wavelength of 1550 nm

The minimum arbitrary yield strength 100,000 f-F/sq.inchEvenness of attenuation No more than 0.10 dB at 1310 nm or 1550 nm Maximum dispersion 3.2 ps/nm-km over the range from 1285 to 1330 nm

< 18 ps/nm-km at 1550 nmCutoff optic fiber wavelength < 1260 nmZero dispersion wavelength (λ) 1301.5 nm < λ < 1321.5 nmZero dispersion gradient < 0.092 ps/nm2-kmDispersion in polarization mode < 0.5 ps/km1/2

Table 20.2






Parameter OF GradeSMF-28e®

Operational wavelength, nm 1260…1625Attenuation factor, dB/km, no more than:

at a wavelength of 1310 nm 0.34at a wavelength of 1383 nm 0.31at a wavelength of 1550 nm 0.20at a wavelength of 1625 nm 0.22Chromatic dispersion factor, ps/nm•km:within the wavelength band of

(1285-1330) nm≤ 3.5

within the wavelength band of (1530-1565) nm

≤ 18


≤ 22

Zero dispersion point, nm 1302…1322Slope of dispersion curve in zero dispersion wavelength, ps/nm2•km, no greater than:


0.089

Polarized mode dispersion, ps/µm, no more than:individual fiber 0.2line (20 connected fibers) 0.06

Cable cutoff wavelength, nm, no more than

1260

Mode field diameter, µmat a wavelength of 1310 nm ±0.4at a wavelength of 1550 nm 10.4±0.5

Glass geometryinherent fiber curvature, m ≥ 4.0reflecting jacket diameter, µm 125.0 ± 0.7core and jacket eccentricity, µm ≤ 0.5jacket out-of-roundness, % ≤ 0.7

FOCL CPC technical audit results are listed in Addendum.

21 Requirements to the network core level

MPLS network is a current security network that provides transport of VPN L3, VPN L2 technology for ISDN network clients.

21.1 The architecture of the existing network core.

Typical physical topology of pump stations has the following layout: it is shown in Schematic diagram No 21.1.






Schematic diagram No 21.1

When designing a new ISDN network it should be taken into account that the architecture at the core level is represented by a high-speed third layer OSI model.

Core network architecture should provide for a permanent availability level without a single point of failure including but not limited to the following:

chassis redundancy; redundancy in power supply in each chassis; hot-swappable network equipment modules without interruption of service; use of direct redundant links between pump stations; using redundant overlap compounds through DWDM infrastructure in pump station; using back-door links for certain VPN; total network convergence should be less than 3 seconds; network availability should be no less than 99.97% the bandwidth should be used in efficient manner; the data transfer should be maximum fast; transmission of isolated traffic streams should be arranged. The data transmission rate should be 10 Gigabit Ethernet, 1 GigEthernet

The core of the network should include two connections 10 Gigabit Ethernet in the main link and 2 connections in 1Gigabit Ethernet in the fast backbone. The network core is using L3 switched links to communicate with the distribution network level. From MPLS network point of view the network core equipment should perform P and PE router functions.Network core level should meet the following requirements and support:

each pump station should have two multi-level routers having a modular architecture installed; the network core level should provide for interaction with the distribution level equipment; the network core level should provide for traffic balancing. high scalability without chassis modifications; communication channel aggregation technology (protocol 802.1ad, static);






access lists (ACL based on levels L3, L2); time synch protocol (NTP); secure management/monitoring protocols (SSH, SNMP v2c, v3); protocol of logging Syslog events;

These functions should be implemented through the use at the following protocols and technologies at the core level:

dynamic routing protocol OSPF v2; Multiprotocol MPLS Label Switching with label transmission using LDP protocol; transmission of Ethernet services over MPLS network (EoMPLS); virtual infrastructure in MPLS (MPLS VPN) networks using MP-BGP protocol.

21.2 Dynamic routing protocol OSPF1

Designing should provide for use of OSPF dynamic routing protocol, given its capabilities and the following properties:

control over OSPF Hello and OSPF Dead timers; mechanism of identification of bilateral BFD accessibility; the same type of OSPF networks on interfaces; use of multiple routs having the same convergence; mechanisms for optimizing transmission of routing information; mechanisms to optimize SPF algorithm; authentication.

21.3 Topology

The following types of communication channels should be designed at the core level: direct channels between the network core 10GigabitEthernet and 1GigaitEthernet equipment; backup channels organized in OTN2500 network. Direct communication links between the core routers

should be used as main channels. Direct channels should be connected using Gigabit Ethernet technology having MTU values and duplex parameters at adjacent interfaces supported.Two loops of OTN 2500 network are used as a backup; each loop features a distributed hub. Technology to connect redundant Fast Ethernet channels having MTU values up to 1522 bytes accounting for the headers at the link level and duplex parameters supported. It is required to provide for an additional aggregation level network equipment in case this is impossible to match the rate of the core level routers connected to OTN sites.It is required to provide for an appropriate channel value to prevent Equal Cost routes in redundant channels.To provide for a connection topology to ensure that the first core routers in each station are connected to the first OTN ring. The second core router in each station is connected to the second OTN ring.Two direct point-to-point or point-to-multi-point channels should be designed between the network equipment at the core level.Protocol OSPF is activated only on interfaces and in networks that connect core level devices.It is required to use logic loopback interface having number 0 (loopback0) to identify routers using OSPF Protocol (OSPF Router ID). It allows improving the overall stability in protocol; performance.

21.4 AddressingWhen designing the communication channels used between the core equipment (point to point) using network mask /29 or /28The data channels include the following: direct links between core routers; telecommunication network to connect to the backup communication channels;To identify a router within OSPF protocol it is required to provide for use of addresses having /32 mask.Summing routes at the core level is unacceptable as it affects accurate performance of LDP and MP-BGP protocols. Therefore, there is no need to split different core levels into various OSPF domains. The core layer should be fully contained in OSPF Area 0.

21.5. Fast OSPF convergenceProject should provide for changing the basic characteristics of this protocol. Reduce the convergence

time of OSPF protocol in the following ways: optimize mechanisms to detect line incidents (OSPF Hello and OSPF Dead timers, BFD mechanism, Carrier Delay timer); optimize performance of SPF algorithm (SPF Throttling and SPF mechanisms); optimize propagation of link state information (mechanisms of LSA Throttling, LSA Group Pacing, LSA Flood Pacing).21.6. Optimization of OSPF timersIn the design process to optimize the frequency of timer sending OSPF Hello and OSPF Dead messages.






In the Standard configuration the minimum value OSPF Hello timer can be equal to 1 second. OSPF Dead timer value should be at least 4 times greater than that of OSPF Hello timer or be equal to 4 seconds. This is the time required to determine an incident and it is also too long and requires reduction.Design should provide for the minimum potential value of OSPF Hello and OSPF Dead timer.21.7 Optimization of Carrier Delay TimerDesigning should provide for optimization of Carrier Delay timer to speed up the convergence process when a failure occurs at the physical layer of OSI model. This timer is set to 0 for interfaces in all direct channels between core routers. Parameters of mechanism to limit Half Life Period, Reuse Threshold, Suppress Threshold, Max Suppress, Restart Penalty events should be left having their default values.

21.8 Implementation of BFD mechanismDesign should provide for detecting failure in bilateral connection in a physical channel using BFD

mechanisms. The following parameters should be optimized in BFD mechanism performance: BFD Interval; Minimum RX; Multiplier.

21.9 Optimizing transmission of link statusDesign should prevent generating a large number of packets by optimizing intervals to send LSA packets.It is required to optimize the following timer parameters: Start-Interval — the minimum delay before the onset of generating the first update package; Hold-Interval — the dynamically changeable delay time used to calculate the time to generate update

packages. When the second event occurs during the time, sending the packet is delayed by the Hold-Interval time. When subsequent events occur, the delay will amount to 2*Hold-Interval, 4*Hold-Interval and so on for each event until the delay value becomes equal to the Max-Interval;

Max-Interval — is the maximum delay before the onset of generating next LSA packages; OSPF Group Pacing.

21.10 SPF calculationsDesign should provide for optimization of SPF Throttling mechanism which allows restraining SPF process start and as a result restricting the procedure for calculating the shortest route algorithm when network is unstable.By default the delay in triggering OSPF process is disabled in routers. But it should be used to obtain a more stable operation of the network.

121.11 Maximum amount of paths 2To provide for load balancing across multiple routes having the same value to the network segment. Optimize the maximum path setting.

21.12. AuthenticationAuthentication should be used to improve security level in OSPF protocol performance. Use MD5 algorithm - a Digital Signature Algorithm, described in RFC1321 for authentication.

21.13 Recording OSPF System messagesCore-level routers are capable of recording the changes in OSPF-neighborhood status to the local system log and send relevant messages to a Syslog server. This functionality should be enabled on all core switches to facilitate and speed up the search and help resolve problems.

21.14. OSPF optimization (incremental ISPF update)A function of incremental OSPF optimization (ISPF) should be provided as an OSPF protocol optimization option allowing to calculate through SPF algorithm not the whole a graph but only the changed part.Use of ISPF will reduce the operational time of SPF algorithm. Due to necessity to speed up the network convergence process ISPF application in core level routing is a justified and necessary requirement.

21.15 Label Distribution Protocol (LDP) for Multiprotocol Label Switching (MPLS) 2

21.15.1 To provide for distribution of multiprotocol label switching (MPLS) in ISDN network at the core-level by dedicated Label Distribution Protocol (LDP).

21.15.2 Operation of LDP Protocol should be determined by the following parameters and properties: tag exchange mode; protection of sessions; authentication.

21.15.3 When considering the option of using of MPLS and LDP in design it is required to analyze compatibility of solutions with protocols used in operating equipment.

21.15.4 The results of comparative analysis should be included into description of the following:






list of supported MPLS standards in operating and planned equipment; description of Link-layer protocol support in existing and designed equipment; review of assigning mpls label; comparative analysis of special MPLS labels, BGP VPN Route distribution and penultimate

routers and assess of their impact on overall compatibility in design solutions developed and existing design;

comparative analysis of LSP types used based on deployment of solutions on traffic engineering;

analysis of feasibility of using Constrained Shortest Path First algorithm in LSP computation; analysis of using Fast Reroute and Link Protection;

21.15.5 Running LDPUse Unsolicited Downstream Label Distribution Mode;Label saving mode corresponds to the Liberal Label Retention (LLR) mode;Path control mode corresponds to Independent LSP Control Mode.21.15.6. Basic LDP configurationTo simplify troubleshooting each router should be capable of setting a range of the locally used labels. Router ranges should be set equal to NN 0000 through NN 9999, where NN is the number of the facility where the router is installed. A complete list of ranges should be presented in a separate table.The auto configuration LDP protocol should not be used. At the same time activation of LDP protocol is made manually for each core interface. These interfaces include all direct channel communication interfaces between core routers.21.15.7 Router ID for LDPTo identify core routers within LDP Protocol (LDP Router-ID) to use the logical loopback interface; it is also used to identify in OSPF - loopback0 protocol.Determine transport address used as LDP as Router-ID.

21.15.8 TTL DistributionWhen designing the lifetime (Time-To-Live, TTL) should be used as a function to prevent occurrence of routing loops at the core level.121.15.9. MPLS MTU2When the network is set up using MPLS, it is required to provide MTU interface values looking towards the core level in the following technologies:-technology MPLS L2VPN-technology MPLS L3VPN-technology EoMPLS21.15.10. Control of label distributionDesign should provide for support of label spread control mechanisms:- Controlling the Advertisement of Labels;- LDP Inbound Label Binding Filtering.

Both technologies aim at reducing the number of logs about labels in the router memory.It is required to evaluate the potential of applying LDP IPv4 FEC filtering. Design solutions should include the use of LDP ACES policers and describe the rules for its application in the context of designed QoS model in ISDN network.

21.15.11. Protection of MPLS LDP SessionsProvide for protection of LDP sessions for each core level router. LDP sessions should not terminate to ensure the fastest potential recovery of correct network performance after an incident. Timeout to restore direct link between routers is not established.21.15.12. Synchronization of LDP-IGPprotocolsProvide synchronization of OSPF routing with LDP protocol in all core routers.21.15.13. LDP authenticationISDN network should use MD5-authentication or stronger to improve the security level in LDP protocol.

21.15.14. Recording LDP system logsTo provide for recording changes in LDP-neighborhood status in the local system log and sending these messages to Syslog server. Also the routers should allow reporting authentication errors in LDP-sessions. This functionality should be enabled in all core switches to facilitate and accelerate potential troubleshooting.Provide for the activation of collecting statistics on LDP and describe limitations.

21.15.15. LDP convergenceTo ensure the maximum potential convergence time in LDP protocol. (Unsolicited Downstream Label Distribution Mode, Liberal Label Retention Mode, Independent LSP Control Mode).Assess LDP configuring timers for hello, HOLD timer, and Keepalive timer messages.






Assess the potential of using strict targeted hello messages for LDP.Describe application of filtering Inbound Outbound LDP label binding in the process of migrating network segments.To provide for using BFD for LDP LSPs and describe its operating modes.It is required to use LDP link protection both for unicast, and for multicast LSPs.21.16. Ethernet service transmission technology over a network having Multiprotocol Label Switching (EOMPLS).

In case EoMPLS technology is selected (Ethernet over MPLS, EoMPLS) to close segments contours in chains of the main shut-off valve shelters on the second level of OSI model.

The project design should provide for the following:- potential access load balancer (using EoMPLS) on MPLS core;- estimating the maximum packet size (MTU) for all intermediate channels between the terminal points

and use of TE (RSVP) function for the basic core communication channels;- describe methods for placing information on membership in VLAN in Ethernet frames;- spanning tree and REP (or equivalent) works for VLAN having Ethernet over MPLS;- limiting the use of EoMPLS technology for proposed version of software installed in communication

equipment; - compatibility of equipment used; - optimization of migration procedures or equipment replacement.

21.16.1 EoMPLS switchingRequirements to pseudowire to connect MLBV circuit segments:

the possibility of organizing each pseudowire on a separate physical interface; ability to transmit frames with headlines IEEE 802.1Q; the potential of choosing Port Mode;

provide for a completely transparent transmission for all second level frames in OSI model; provide a separate identifier for each pseudowire on the calculation basis accounting for the

first two digits are the same as the code of the site where the segment terminates and the third digit indicating the segment number.

21.16.2 To design the topology of ring segments for the whole ISDN network using protocol ensuring rapid convergence of Resilient Ethernet Protocol (REP) or an analogue thereof for a chain of main shutoff valve shelters.To analyze the compatibility of REP protocol in operating equipment with new design solutions for parallel operations and describe migration steps.

21.16.3 Transparency of dot1q for EoMPLSSegments in main shutoff valve shelter chain in ISDN network should be designed using multiple virtual networks (VLAN). EoMPLS technology should close the segment contours with potential tunneling of all required virtual networks. Use this technology due to transparent transmission of Ethernet frames having IEEE 802.1Q headers through pseudowire. Port Mode allows sending frames with both IEEE 802.1Q headers and without them.

21.16.4 Running MPLS TE technologyThe project design should provide for use of MPLS TE project for EoMPLS pseudowires. Use RSVP as a signaling protocol. EoMPLS should use only the basic core channels.RSVP protocol is used in all core level routers; it is only allowed in direct communication channels between routers. This should provide for analyzing the maximum bandwidth available for MPLS TE tunnels.

21.16.5 Running MPLS TE tunnelsMPLS TE tunnels should be used for explicit specifying the traffic path indicating parameters of traffic progressing in the network. In the future these tunnels should be used for EoMPLS traffic transmission. The number and direction of tunnels should be determined in the project design.

21.16.6 MPLS MTUThe project should describe the use of the optimal MTU value for EoMPLS-frame having TE tunnel to ensure the necessary level of service.

21.17 The technology of virtual private networks

ISDN network should support L2 and L3 MPLS VPN, Multicast VPNTotal VPN number, the nature of their interactions should be specified during FEED survey.Below is an approximate list of required VPN (given for information purposes only):

VPN (CL) to connect work stations, engineering stations, maintenance stations, uninterrupted power supply systems; this VPN should support multicast. It is present at each physical facility;

7128

TCP Port 80 (HTTP),TCP Port 135 (DCOM),Configurable DCOM PortsTCP Port 10000 (Event Server)TCP Port 60000 (DVA Configuration)TCP Port 443 (HTTPS –DVM Console Logon) NEW!

UDP Port 10001 (Multi-monitor ping)TCP Port 135 (DCOM) (for multi-monitor clients only)

Multicast Address 226.0.x.x Port 1 (Multicast Live Video)

UDP/TCP Port 10001(Camera Manager Ping and Health Status),TCP Port 135 (DCOM)Configurable DCOM Ports

TCP Port 135 (DCOM)Configurable DCOM Ports

TCP Port 443 (HTTPS – DVM Console Logon NEW!

EBI

DVM Database Server

StationInternet Explorer

Streamers or Network Cameras(All supported DVM models)

TCP Port 135 (DCOM)Configurable DCOM PortsTCP Port 1433 (SQL Server)TCP Port 10000 (Event Server)

UDP/TCP Port 135 (DCOM)Configurable DCOM Ports

TCP Port 135 (DCOM)Configurable DCOM PortsTCP Port 10001 (Live Video)TCP Port 10001 (Playback)TCP Port 10001 (VMD Tuning)TCP Port 10010 (Authentication)

TCP Port 80 (MJPEG Video)TCP Ports 80 & 554 (MPEG-4 Video)TCP Port 5001 (PTZ – for camera control types other than « Fixed Camera » and « Use Streamer Settings »)

DVM Database Server

TCP Port 10000 (Event Server)TCP Port 1433 (SQL Server)

Configurable DCOM PortsTCP Port 135 (DCOM)

TCP Port 40200 (DVM Service Framework) NEW!TCP Port 12000 (DVM Point Server LinkD) NEW!

TCP Port 12001 (DVM Point Server RPC) NEW!TCP Port 12002 (DVM Point Server Notifications) NEW!

TCP Port 135 (DCOM),UDP Port 10002 (IntegrityService Ping)Configurable DCOM Ports,TCP Port 1433 (SQL Server)TCP Ports 137, 139, 445TCP Port 60000 (DVA)

TCP Port 10001(Video loss alarms)

DVM Camera Server

UDP/TCP Port 135 (DCOM),Configurable DCOM PortsTCP Port 10001 (Camera Control)TCP Port 10010 (Authentication)(Custom application/scripts usingDVM Object Model)

Date Sheet SheetsChecked by Kramarenko M.G. February 28, 2017Checked by Mikhaylov A. L. February 28, 2017Checked by Shcherbakov O.A. February 28, 2017Developed by Khaustov G.A. February 28, 2017




VPN (DVM): it is required to connect DVM Database Servers, DVM Camera Servers, Streamers or Network Cameras. It is present at each facility;Current system limitation:

DVM server can require connecting to the subnet hosting cameras; camera should be able to redirect traffic to different DVM servers installed at geographically

remote PS sites.The nature of interaction is shown schematically in diagram No 2, the character should be rectified at design stage (here it is shown for informational purposes only). It should support both fixed addressing, and automatic address assignment when connecting to the network.

Scheme No 2 describing interaction between ISDN systems

- VPN (IQ) is used to ensure the efficiency of security access control systems around the perimeter. Controls access to CPC premises. It is present on all key points (PS, FNS and in shelters);For these clients the project should include both L3 VPN, and L2 VPN. Potentially it is required to support multicast when necessary. Character of interaction should be specified during design; it will comprise interacting with VPN CL, DVM VPN, VPN SUP, and interaction areas in each PS;






-VPN IPG - is a stand-alone L3 VPN systems managing channel forming equipment (optical amplifiers, DWDM). Places where only PS and shelters of future are present;-VPN OTN - is an isolated L3 VPN for SDH-OTN network management systems; it is deployed at Marine Terminal and PS Kropotkin.-VPN PHN - is a transport L3 VPN to connect ip phones; deployed at all sites;-VPN RAD - is an isolated L3 VPN for control radio systems equipment. Available only in PS radio and in radio shelters in future PS;-VPN NMS - L3 VPN to control elements of access level network. Places of presence - all sites, interaction with all VPN1;-VPN SUP - L3 VPN to connect Contractors on maintenance of security systems, places of presence are all facilities, access to VPN DVM. VPN CL. VPN IQ;-The requirement to set up VPN for virtualization solutions should be determined by the project;-The requirement and implementation of central VPN services, and their locations should be determined by the project.The design should provide for potential future scaling up of design to set up as many as 15 L3 VPN, and up to 4 L2 VPN.Project should describe MPLS Data Forwarding operations, BGP VPN Route distribution for compatibility with existing equipment, in case of finding incompatibility risks with operating equipment a solution should be given for migration mechanisms and mitigation of risks identified.The design should provide for analysis of interactions between VPN, describe implementation architecture according to different topologies (e.g., HUB-and-SPOKE, FULL MESH etc.) pay special attention to examining potential traffic asymmetry between L2 L3 VPN having multiple regional interaction points.Analyze the existing addressing scheme and describe the necessary changes (if required). ISDN network should use the private address space (RFC 1918) ipv4.Design should describe PE-CE interaction on sites both using L3 OSPFv2 protocol and static connection similar to that of existing design.A solution should be given on Service Level Agreement (SLA) for existing equipment, as well as for the future one.Design solutions on network routing should include an analysis and description of the following:

the maximum number of routes advertised in VPN network and setting appropriate restrictions; backdoor connections between sites using designed VPNs, redundant communication lines

(e.g., dedicated Fast Ethernet links in existing SDH OTN-2500 ring); mechanisms to protect against cycling in routing protocols when backdoor connections are

active; optimization of convergence in routing protocols; load balancing when connecting.

21.18. Configuration of MP-BGP protocol

Provide the following parameters and protocol settings, including but not limited to: autonomous system; Address family; Route Distinguisher; Route Target Community; Virtual Routing and Forwarding instance; import/Export policy; definition of neighbor groups ; balancing load; monitoring protocol MP-BGP. Performance Tuning and Optimization route reflectors

ISDN network is represented as a single autonomous system comprising all routers at the network core level; in case the virtual pseudowires technology is deployed the network should also comprise routers in main shut-off valve shelters.All routers making up the autonomous system should establish direct neighbor adjacencyContractor deploys route reflectors analyzing fault tolerance and reliability, and merging with existing network; the use of virtual route reflectors is not allowed.BGP protocol is required to provide distribution of routing information of protocol IPv4 in global routing table. Also, it should provide for transmission of VPNv4 family routes and VPN MDT multicast. This address family should be explicitly specified in BGP protocol configuration, thereby enabling multiprotocol extension in BGP (MP-BGP).It is required to provide route redistribution parameters in BGP protocol of specific VRF as part of MP-BGP protocol for a family of multicast addresses.The project design should provide for route distinguisher to develop unique VPNv4 prefixes for each VPN.






The network management system should provide for monitoring state in MP-BGP protocol using SNMP v2c, v3 protocol.The equipment should support the most critical SNMP sites that control BGP neighborhood:

bgpPeerLastError; 12bgpPeerState; 12cbgpPeerLastErrorTxt; 12cbgpPeerPrevState.

Carry out optimization of BGP performance: change BGP timers and TCP transportation mechanisms at accordance with recommendations

RFC 4271; Fast peering deactivation; suppression of swinging routs; Bidirectional Forwarding Detection for BGP; BGP NextHop Tracking.

When the changes appear in the network BGP Event-Based VPN Import mechanism allows importing VRF information from neighboring routers much faster than periodic table scanning.Use BGP security mechanisms:

switch off ibgp (internal bgp) synchronization; activate registration of changes in status of bgp-neighbors; use of authentication; harmonization of bgp versions is disabled for accelerating start up process; activate limitation for the maximum number of prefixes; loopback interface should be used for ibgp announcements; turns off the automatic summing prefix announcements; use next hop-self in re-routers; avoid having excessively detailed routes;

21.19. VPLS

VPLS technology allows an existing network segments combining geographically distant LAN into a single bridged domain over a packet MPLS network. In accordance with the model to deploy VPLS the backbone network plays the role of a logic bridge. Topology and alarm in backbone network are transparent to the Customer local area network segments that are interconnected in the same manner as if they were connected to a chain of LAN switches. The use of VPLS in existing design of the network is caused by the need to ensure the efficiency of security applications and the fact that the same logical subnet contains camcorders and DVM servers, IQ controllers and EBI servers, respectively.This restriction is important and requires reflection in the project documentation.It is required to evaluate design options, reliability and stability of use, it is also required to describe mechanisms of protection from broadcast storms or loops.The following options should be considered:

full mesh VPLS; H-VPLS for boundary MPLS segments; single-domain VPLS for full mesh topology; multidomain VPLS at full mesh topology at for each domain level; multidomain VPLS at H-VPLS configuration of HUB and SPOKE type with HUB redundancy.

It is necessary to evaluate the risks of traffic asymmetry while implementing Multi-site connections for these domains to other VPN L3.

21.20. L2 VPN

The current implementation of VPLS domains is not optimal:- Existing VPLS solutions do not involve work in all-active standby mode on flows- There is a probability of traffic looping from PE- Duplicating packets from spreading in the network core- MAC flip-flopping effect occurring through pseudowires

The project should involve using EVPN/PBB-EVPN with detailed description of all components giving technology (I - components, B- component) analysis, package encapsulation accounting for mtu size restrictions in ISDN network.

The project should examine solutions of multi-home topology describing selection of designated forwarder (DF), Split Horizon for Ethernet segment, aliasing, notifications MAC-flush in core direction and network access, as well as all-active balancing.






The project should describe the network fault tolerance for all types of faults and assessment of network convergence for each situation.

Analysis of convergence should contain information on all interdependent protocols.

The project design should develop a migration policy and configuration of existing network when new L2 VPN technology gets implemented.

21.21 Support of synchronous Ethernet

The project design should provide for core equipment supporting synchronous Ethernet, to ensure transfer using two E1 channels based on availability of operating radio-relay lines (RRL) across navigable rivers Kuban from PS Kropotkin to On-shore CPC facilities (channels are terminated in telecommunication rooms). One of E1 channel is a redundant channel for telephony systems, the other E1 channel will provide a connection to the network management VPN ISDN through radio RRL. In the case of a rupture of the main optical cable E1 data flows should be redirected to the radio relay links, after recovery of the main fiber optic cable the traffic is routed to the main communication channel.Thus it is required to provide solutions on time synchronization, on use of QoS and TE technologies to provide automatic and independent switching between RRL and backbone fiber optic telecommunication channels.

21.22 Interaction with existing networkThe network designed should be connected to the existing in order to ensure continuity of current technological operations. All devices in the old network should be accessible from the new and vice versa.The design process should take into account the feasibility of gradual replacement of failed equipment, the project should describe different ways of migration and describe the risks associated with migration procedure and their mitigation.

22 Requirements to distribution level of ISDN network.

The existing network has a collapsed core design.

To overcome these operational limitations of design the project is required to describe the use of new equipment in collapsed core design, and in design of the 2-level approach (PE-CE).

At critical sites such as On-shore facilities, Tank Farms, and PS Kropotkin the distribution level should be implemented as a pair of 3 (L3) Level switches; for the rest of PS the distribution level should contain one switch.

The distribution level should ensure efficient collection of routing information as it leaves the distribution units and is routed to the core layer using IGP protocol (OSPF v2).

The distribution level should support the following protocols: OSPF, VLAN, PVLAN, EoMPLS, MPLS, EtherChannel, VRRP, and GLBP for backup default gateway, MP-BGP, MPLS-TE, QoS DiffServ.

ISDN network distribution level should meet the following requirements: the fastest data transfer; load balancing across multiple active routs to the core; connection aggregation; routing between VLAN; use of active gateway redundancy protocols; redundancy on chassis; redundancy on power supply for each chassis; providing quick convergence of the network when topology changes; transfer of isolated traffic flows; connection to the core level; connection of remote buildings and access level; Termination of IP traffic from directly connected terminal devices, as well as from remote L2

buildings.






These functions should be implemented by applying the following protocols and technologies at the distribution level:

OSPF dynamic routing protocol; virtual infrastructures (VRF); Etherchannel technology.

The project is necessary to provide for interaction of the distribution level with core, aggregation and access levels. Telecommunication between devices at the distribution level with other network levels is carried out using aggregated communication channels with application of EtherChannel technology. For the formation of a logical interface protocols PAgP or LACP should be used.

Design solutions should describe circuits to sum routes, filtering circuits, addressing circuits; the solutions should describe the use of methods to prevent loops at both L2 protocol layer, and L3 protocol layer, the setup of backdoor connections for VPN specified by the project.

23 ISDN Network Access Level

ISDN Network Access Level should provide a connection of terminal network devices (video servers, video tape drives, video cameras, IQ access controllers, operator workstations, printers, phones, communication systems, control ports, etc.) located in remote buildings of pipeline sites both at the territory of PS and the territory of the line-pipe section. Access level is connected to the network distribution level using two redundant connections to form a fully connected scheme.

ISDN Network Access Level should meet the following requirements: packet switching; port security; PoE support (optional); connection of network clients using channels and protocols corresponding to Gigabit Ethernet

specifications; design solution should provide for ability to scale-up without replacing equipment and/or

changing the architecture proposed; the network should be a fault-tolerant architecture, eliminating a single point of failure at any

level; the equipment should provide for support of quality of service (QoS) mechanisms in the

framework of the whole network; network segmentation using VLAN technology, including setting up trunk channels of data

transfer (802.1q); network protection at L2 level from appearance of Spanning Tree Protocol (Item VST +, Rapid

+ PVST, MSTP) loops; support of 10Gbps and 1Gbps interfaces to interact with core/distribution level; link aggregation technology (protocol 802.1ad, static); access lists (ACL based on levels L3, L2); time synch protocol (NTP); secure management/monitoring protocols (SSH, SNMP v2c, v3); protocol of logging Syslog events;

Hardware and software components of the access layer should provide:

high availability for services of ISDN system users; use of redundant power supplies and interface hot-swappable modules; redundant gateways using dual connections to redundant systems (distribution level switches)

using GLBP, HSRP and VRRP protocols. prioritization of critical network traffic using QoS functions. The access level should provide

for implementing the priority mechanisms and traffic classification as close to the network inlet as possible.

additional network protection from unauthorized access should use the following tools: 802.1x protocol, port security, Dynamic ARP Inspection, IP source guard.

use of protocols Rapid PVST + (802.1w) or Multiple STP (MST 802.1s) having the following improvements in the Spanning Tree Protocol:

PortFast - It allows the port to skip listening and learning phases






UplinkFast - provides for convergence during 3..5 sec after connection break BackboneFast - decreases the convergence time to MaxAge value for indirect disruptions Loop Guard - Excludes the capability of choosing an alternative Root Port when BDPU

(Bridge protocol Data Units) data blocks are absent Root Guard - is preventing capability of using external switch as a root BPDU Guard - disables port supporting PortFast functions on receiving BPDU data block BPDU filter - prevents BPDU sending or receiving data blocks using ports supporting PortFast

function It is necessary to consider the possibility of organizing L3 at the access layer using

pseudowiring redundancy

The project should be provided to connect remote buildings using both L2, and L3 (OSPFv2) with description of the routing schemes, summing, filtering, route tagging, organizing backdoor connections for VPN specified by project.

24. The safety and the management of network equipment.

ISDN network is a stand-alone network having no access to Internet, to SCADA network and to the corporate network; nevertheless, the network design should provide for basic network security solutions at all levels of the network hierarchy.

The technologies and methods should be used to ensure the following necessary level of security on access switches including, but not limited to:

Port Security; DHCP Snooping; Dynamic ARP Inspection;- IP Source Guard;- Storm Control;- STP protocol security features.

The mechanism of Port Security should be used on interfaces to limit the number of MAC-addresses.

The project should describe the following for all equipment (existing and planned): methods of device and service hardening; main data to ensure control - plane and data - plane security; security in routing and switching protocols; infrastructure security mechanisms; control over using equipment resources; mechanisms to protect signaling network device plane; mirroring ports to transmit traffic.

The project should provide for installing Cisco ASA firewalls to ensure secure access to the systems monitoring network infrastructure in OCC (On-shore facilities) and in BCC (redundant control center) in the failover realization.

Design should provide for automatic assignment of addresses when the maintenance personnel is connecting to the network using DHCP in all equipment at access and distribution levels.

25 Quality of Service QOS

25.1 Designing QOS policy should involve analysis of the traffic transmitted by all systems to undergo further correct labeling and classification.The policy of Quality of Service implies ability of the network to ensure predictable loss and delay.25.2 Design should explicitly specify which devices perform QoS on software and hardware level, and have analysis made for risk of ensuring compatibility of operating equipment with designed.25.3 Classify and mark traffic applications as close as potential to its source. This involves using network-wide unified principles of Differential Services and incremental maintenance strategies. All connected terminal devices such as servers, workstations, ISDN, IQ controllers will not be trusted in terms of traffic marking, but






the camcorders, video tape drives can support traffic marking. Based on analysis of provided detail documentation the most optimal deployment strategy QoS is selected.25.4 Limit unwanted traffic as close to the source as possible. This is especially important for denial of service traffic or undesired traffic generated by worms.25.5 Designing introducing queue management policy at all sites potentially exposed to overload, no matter how often the overload situation can happen. This is especially important for redundant communication channels using links between switches prone to overload.25.6 The control plane and the data plane should be protected using Control Plane Policing, as well as using restriction of the scavenger traffic in the network.25.7 The following mechanisms including, but not limited to should be implemented to meet QoS requirements:

Classification and marking allows classifying traffic against various parameters such as values in headings of Ethernet, IP and MPLS, and perform a subsequent marking respective packets having specified value usually located in Type-of-Service byte of IPv4 header experimental field of MPLS header or User Priority 802.1p field in Ethernet-frame 802.1q. When packets are assigned a specific labeling their traffic class can be easily identified by other network sites.

Overload control allows establishing traffic priorities inside network devices when overload occurs. If outlet channel is overloaded, the packets designated for telecommunication form a queue. Overload control mechanisms allow redistributing the packets queuing for transmission that makes that ensures guaranteeing the throughput capacity and delay time for certain traffic classes.

To avoid congestion it is required to prevent overloading before it becomes dominant over telecommunications through proactive rejecting packets when the queue is longer than a certain threshold value; in this case it is necessary to determine limits for UDP and TCP traffic

Restriction and shaping the traffic allows limiting the flow of incoming or outgoing traffic to the set profile speed. In case of restrictions the traffic exceeding permissible rate is rejected. The shaping is trying to regulate traffic which can temporarily exceed the profile rate sending it to queue which results in the total traffic rate being smoothed to make a better match with profile rate due to additional delay.

25.9 Classification and labeling

The network traffic entering DiffServ domain should undergo classification and coordination. Traffic should be classified against many different parameters, such as source address, destination address, or traffic type; the traffic can be attributed to a certain traffic class. Traffic classifiers should take for processing any DiffServ markings in received packets.During classification the switches should analyze incoming packets (frames) and have an appropriate «QoS label» (Internal DSCP) assigned. QoS label further determines QoS activities to be applied to the packet between the input and output ports. «QoS label» is an internal switch label; it is assigned based on DSCP or CoS packet values and determines the queuing techniques and the packet scheduling actions. In the framework of the project «QoS label» coincides with corresponding packet DSCP.In case of using other classification mechanisms the project should provide for a complete description of desired functionality in devices designed.Network equipment should be able to classify traffic against the following criteria:

On DSCP IP-packets field. Using IP precedence field. Using 802.1P CoS Ethernet frame field. Using MPLS EXP field. Classification should be made using Standard or extended IP access lists. Classification should

be made based on VLAN ID Labeling should be made accounting for IP Explicit Congestion Notification (IP ECN) field

value. Making classification based on signature of applications using NBAR technology (only on

routers - optional).

ISDN types of network equipment and the necessary means of input traffic classification are given in Table 25.1.

Ability to classify at the inlet

Table 25.1

Hierarchy level

IP Preced

ence

IP DSCP

802.1p

CoS

MAC

ACL

IP ACL VLAN ID

MPLS EXP

Access level X X X X X






Hierarchy level

IP Preced

ence

IP DSCP

802.1p

CoS

MAC

ACL

IP ACL VLAN ID

MPLS EXP

X X X X X

X X X X X

Distribution level X X X X X X

Core level X X X X X X X

The main provisions on labeling traffic in ISDN network are as follows: all connected resources are not trusted from the standpoint of traffic labeling except the traffic

generated by video cameras and streamers; the traffic is labeled at the network inlet (at the access level and on the distribution level) using

access ip lists with filled ip dscp fields corresponding to table of classes; marking traffic connected sites is made in port-based and vlan-based modes. Marking is

performed individually for each device for port-based mode or marking is made for a group of devices in the case of vlan-based mode;

all connections between the active network equipment are trusted. Classification is made for ip-traffic using fields ip dscp, 802.1p, mpls exp;

at the boundary mpls-core of network the traffic is re-marked from ip dscp field into mpls exp field and vice versa;

during delivery using mpls core traffic marking ip is dscp saved and recovered at the outlet of mpls-core of the network (pipe mode).

125.10 Classes of traffic2 modelISDN network should have a model developed to classify traffic on 8 classes basis. This classification is shown in Table 25.2 and is given for informational purposes only; it will be corrected, and rectified during designing.

Traffic classes1 Table 25.2 2

Class

Classification L3 Classification L2

DesignationDSCP PHB Priorit

y

802.1p CoS,

MPLS EXP

Critical 56 CS7 7 7 Critical traffic

Network 48 CS6 6 6BGP, OSPF, HSRP, VRRP, LDP, RSVP

Real-time 46 EF 5 5 Real Time ISDN Traffic

Interactive 32 CS4 4 4 High priority traffic

Normal 24 CS3 3 3 Normal priority traffic

Transactional 16 CS2 2 2 Low priority traffic

Scavenger 8 CS1 1 1 Scavenger traffic

Unclassified (Best Effort)(Unclassified (without guarantees)) 0 0 0 0 The rest of (non-

classified) traffic

This 8-class model should be implemented at all levels, including the core of the network where the traffic classification can be made using only 3 MPLS EXP bits.These classes of traffic should be processed as queues having different mechanisms; for different classes of traffic different bandwidths should be guaranteed.

25.11 QOS Domains






In ISDN network 2 QoS domains should be implemented. One domain should contain MPLS-core, the trunk and redundant communication channels. The second domain involves facilities connected to MPLS-core namely all the PS, On-shore facilities and Tank farm.Qos policy should apply to all network interfaces uplink, downlink, EtherChannel, etc. An important aspect that should be considered when deploying QoS policies on EtherChannel-interface refers to the load distribution. It is necessary to distribute the load based on the source IP-address and destination point as this makes it possible to improve statistically load distribution.When configuring QoS algorithms on EtherChannel-interfaces algorithms should be divided in two ways:Input algorithms such as trust or labeling and/or restriction policy are attached to PortChannel-interface.Output algorithms to set up a queue are applied directly to (physical) interfaces that make up EtherChannel package.

125.12 Queuing and traffic reset 2For real-time traffic service it is required to use a priority queue while the rest of the traffic is processed using CBWFQ mechanism.Designing should provide for the following functions to set up queues in different models of network equipment:

queue types at outlet; establishing queue restrictions; configuration of priority queue; configuration of standard queues; configuration of thresholds; configuration of threshold for wred-reset queue based on service classes; threshold configuration is reset when creating the last element of the queue based on dscp field

value;25.13 Applicable solutions for QoS should include solutions to prevent asymmetric data flows in the network.

26. System Time Synchronization in ISDN network.

Design should provide for use of time synchronization protocol NTPv4, providing authentication of time sources and maintaining time on network equipment.The following features of NTPv4 should be taken into account as a selection criterion:

NTPv4 is compatible with NTPv3 in case of using equipment that does not support NTPv4; NTPv 4 is an new protocol officially supported by software and network equipment vendor; MD5 algorithm is used to authenticate time server; NTPv4 defined in RFC 5905: http://tools.ietf.org/html/rfc5905.

NTP protocol should be used to synchronize the system time in network equipment and in ISDN security system equipment. It is required to implement a two-tier scheme of time synchronization.Two servers should be used as sources of exact time of the first level (Stratum 0)These servers should provide the system time with an accuracy of 10 microseconds. Time synchronization of Stratum 0 level should be carried out through GPS satellite channels. The local server clock built on crystal oscillator having a temperature compensation (Stratum 12 level) is used as backup time sources. It is not expected that external NTP-servers will be used for this purpose.The second layer (Stratum 1) in the time synchronization system is implemented at the core level routers. All other network equipment installed in the pipeline sites is using them as time sources.Design should describe the time synchronization schemes for different levels of the network hierarchy.When the synchronous Ethernet is used Contractor should provide for solutions on PTPv2/IEEE1588-2008 synchronization; the choice of the timing requires having support of synchronization solutions such as using both NTP and PTPv2/IEEE1588-2008.The tender offer should contain the technical characteristics and the basic principles of time synchronization that are proposed for use in the project.The equipment will be installed in On-shore facility and PS Kropotkin radio shelters.

27. Protecting the control plane and data transmission infrastructure

27.1 Design should provide for protection mechanisms of control and infrastructure plane, which include the following technologies:

Mechanisms to protect Control Plane. Mechanism to protect Data Plane.






Mechanism to protect Management Plane. These mechanisms should be implemented for the following network equipment level: Assess Distribution Core

27.2 Traffic Control PlaneThe project should implement traffic policing in control plane and protection of the control plane. Engineering solutions should be implemented through defining traffic classes and restricting rate for each class in traffic processing using Routing Processor. In accordance with design solutions the traffic control mechanism is implemented at the core MPLS routers and at Distribution Routers at points of presence data transfer network.

27.3 Traffic classes that should be adjusted to control the traffic in control plane: service traffic dynamic routing protocols (Routing); Management Traffic (SSH, Telnet, HTTP, TFTP, FTP, SYSLOG, NTP, DNS, WEB, SNMP); malicious traffic. normal traffic; Default Traffic - the rest of the traffic by default.

28. The requirement to AAA model28.1 Project should implement the model of Authentication, Authorization and Accounting representing three independent and consistent protection levels that should be passed by user before obtaining controlled access to the active network equipment or a network service. AAA model should provide for the following functions:

authentication (a set of methods identifying remote user). User ID should be made at the level of selecting the user’s Login and Password.

Authorization (a set of methods to restrict the level of user access to operating system installed in the active network equipment and/or to network service).

Reporting (represents a collection of methods on gathering and exporting statistical information about users’ activity to remote).

28.2 These methods should be implemented both locally and remotely based on Access Control Server (ACS/ISE). The design solution should use a mixed method wherein the basic user database and policies will be maintained on remote access server which is a distributed disaster tolerant cluster whereas the emergency database (in case ACS/ISE servers are unavailable) will be maintained locally on each device.28.3 ACS system should provide for the following logging categories:

changes introduced into acs configuration parameters. all events when changes are introduced into acs configuration parameters. in case a new element is added or a change is made in existing element a detailed information

is entered on modified attributes and on new values of these attributes. if, as a result of the change request, new values of attributes are not set, an entry is not made in

the audit configuration parameter log; acs administrator access: registration of all events that occurred from the moment an

administrator logs into the system and until the administrator logs out of the system. Also, the type of administrator logout from the system is logged: is it an explicit request or session termination after elapsing the maximum idle time. This log also monitors abortive login attempts because of the account inactivity. The log records information about such abortive login attempt, as well as the reason for login refusal;

making changes in acs operations: registering all operations requested by administrators, including activating acs from the deployment point as a primary system, requesting full replication, downloading software, backing up or recovery from a backup copy, creating and restoring pac, etc.;

changing password of internal user: logging all events dealing with password changes for internal users in all control interfaces;

in addition, the reports of administrative and operational audit are logged in the local storage. Additionally, a configuration can be made to record these messages into remote event logs;

aaa audit, which covers events of successful and unsuccessful authentication with radius and tacacs +, events of successful and unsuccessful authentication using command access, password change events and answers on radius queries;

aaa diagnostics, which includes information about the authentication, authorization, and accounting records for diagnostic query of radius and tacacs +, as well as queries on radius attribute and






information about the identity storage and the authentication flow. Logging these messages is not mandatory;

system diagnostics covering events of startup and shutdown of the system, as well as diagnostic messages relating to the registration of events:

diagnostic events administration dealing with command line interface and Web interface; logs associated with external server; local data base messages; the local service messages; logging these messages is not mandatory; system statistics, which includes information about system performance and resource

consumption. This information includes the use of CPU and memory resources, as well as the state of the processes and waiting time to process requests;

account messages, which include start, end or change session messages, as well as messages related to accounting commands. In addition, it is possible to configure registering these messages in the local store.

28.4 Each registered message should contain the following information: event ID - the unique message code; logging category - determines the category to which the message is registered; severity level - specifies the severity level for diagnostic messages. message class - specifies the group of messages with the same content, such as messages

related to RADIUS, to policy or EAP; text messages - brief explanatory text message in English; description - English text describing the reasons for registering the message, information about

how to correct an error (if applicable), and links to external resources for further information; reason for refusal (optional) - specifies whether the recorded message is related to any of

refusal reasons.

28.5 The project should provide for description of the licensing model of device and the use of licenses, procedures to set up an automatic backup of ACS system configurations, description of policy elements, user roles, hierarchy of regions and network devices, and a description of command shell for user role accounting for privileges. Design should provide for the following roles and privileges:

administrators of all system having full rights and having accesses to all equipment; regional administrators having full rights and access to regional equipment; PS administrators having full rights to access PS equipment and selected sites on the line-pipe; administrators of all system having limited rights to execute commands on checking system

functionality and access to all equipment; regional administrators having restricted rights to execute commands on checking system

functionality and access to regional equipment; PS administrators having restricted rights to execute commands on checking PS hardware

functionality and access to certain sites of the line-pipe; access to NMS control systems, the auditor with the right to perform only strictly defined

commands.28.6 Secure Access to the equipment using SSH protocol

The project design should implement secure remote access to active ISDN network equipment using SSH protocol. The second version should be used in this realization.The following changes should be introduced into the configuration of the active network equipment to activate secure remote access mechanism using SSH:

activate SSH server and generate a pair of 2048 bit RSA/RSA keys; this SSH server configuration of will feature: prohibiting the use of the first version of SSH protocol; the number of attempts to authenticate/reauthenticate will be increased to five; SSH negotiation timeout will be reduced to 60 seconds; Virtual terminal lines 0-15 will be accessed only through SSH;- AAA model set will be indicated as a method to authenticate in virtual terminal lines.

It is important that prior to activating SSH-server and generate an RSA key pair the operating system of the active network equipment has already changes introduced in part of the hostname and domain.






29. Requirements to standardize equipment selected

Contractor should describe in project design a purposeful level of harmonization and standardization of all project hardware and software taking into account achieving the optimal limit at which further increasing this level will have a negative impact on the technical and economic performance of ISDN network.Contractor should provide for a detailed specification of items, equipment and materials where the standardization, PS equipment and software are applied to attain the optimal level of standardization equal to 65%.

30. Requirements for the network storage subsystem

30.1 PS connected to ISDN network are divided into the following types:- Main Control Center (On-shore Facilities - Tank farm, Novorossiysk)- Back up Control Center, PS Kropotkin- According to results of FEED survey PS should be selected to implement failover server connections to

store ISDN system and ISDN network management data using virtualization technology and storage area networks (SAN)

- Conventional PS which is not planned to have virtualization and storage features

30.2The general topology of setting up the system to monitor and manage OCC ISDN network is shown for information purpose in the picture

Существующая сеть

TOPiLO

UID

4 1

A

B

1

2

DC AC

x22

DC AC

x22

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

1200W

1200W

FAS2240-2FAS2240-2

LNK LNK

0a0b

e0a

e0b

e0c

e0d

LNK LNK

0a0b

e0a

e0b

e0c

e0d

LNK LNK

1a 1b

LNK LNK

1a 1b

73625140 15111410139128 2319221821172016HP StorageWorks 8/24 SAN Switch

NC364TNC364TAJ762AAJ762A

ProLiantDL360pGen8

UIDSID

3

4

1

2

5

6 7 8

460WPLC B

94 %

460W

AJ76

2A

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

1200W

1200W

NC364TNC364TAJ762AAJ762A

HPSto ra ge Works

MS L4048Ta pe

Li br ary

Ready Clean Attention Error

OK

Po rt A Port B

LTO3280 Fibre

73625140 15111410139128 2319221821172016HP StorageWorks 8/24 SAN Switch

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241

LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK LINK

24 PORT 100FX-MMF

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241


24 PORT 100FX-MMF

Front

Rear

Front

Rear

Rear

Front

Rear

Front

Rear Front DL360p Gen8 8-SFF

NetApp 2240-2Ethernet1G service1G vMotion1G Management

Fibre Channel8G FibreChannel

AJ762A

The overall topology of proposed integration OCC RCC into ISDN network is shown below for information






FAN ST AT

FAN ST AT FAN1

FAN2

PS1

PS2

FAIL

OK

FAIL

OK

FAN1

FAN2

CONS OL EL2

MGMT 0L1

ST AT

ID

3

CIS CO N EXU S N5548 UP

STAT

ID

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

Существующая сеть

TOPiLO

UI D

4 1

A

B

1

2

DC AC

x22

DC AC

x22

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

1200W

1200W

FA S22 40-2FAS 22 40-2

LNK LNK

0a0b

e0a

e0b

e0c

e0d

LNK LNK

0a0b

e0a

e0b

e0c

e0d

NC364 TNC364 T

Pr oLiantDL 360 pGe n8

UI DSID

3

4

1

2

5

6 7 8

460 WPLC B

94%

460 W

AJ76

2A

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

120 0W

120 0W

NC364TNC364T

HPStorage Works

MS L404 8Tape

Library

Re ady Clea n Atten tion Error

OK

Port A Port B

LTO3280 Fibre

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241


24 PORT 100FX-MMF

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241


24 PORT 100FX-MMF

DL 580 G7Front

Rear

Front

Rear

Rear

Front

Rear

Front

Rear Front DL360p Gen8 8-SFF

NetApp 2240-2

HP MSL 4048

HP 8/24 SAN Switch

FAN ST AT

FAN ST AT FAN1

FAN2

PS1

PS2

FAIL

OK

FAIL

OK

FAN1

FAN2

CONS OL EL2

MGMT 0L1

ST AT

ID

3

CISC O NE XUS N554 8UP

STAT

ID

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN 1100e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100 e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100 e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100 e

LNK LNK

e1a e1b

LNK LNK

e1a e1b

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241


24 PORT 100FX-MMF

STATUS

WS-X6524-100FX-MM

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 241


24 PORT 100FX-MMF

ГЦУ

Ethernet1G service1G vMotion1G Management10G Ethernet

Fibre Channel8G FibreChannel

FAN ST AT

FAN ST AT FAN1

FAN2

PS1

PS2

FAIL

OK

FAIL

OK

FAN1

FAN2

CONS OL EL 2

MGMT 0L 1

ST AT

ID

3

CIS CO N EXU S N55 48U P

STAT

ID

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

A

B

1

2

DC AC

x22

DC AC

x22

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

120 0W

120 0W

FA S22 40 -2FA S22 40 -2

LNK LNK

0a0b

e0a

e0b

e0c

e 0d

LNK LNK

0a0b

e0a

e0b

e0c

e0d

NC364 TNC 364T

87642

531

SID

2 3 41UID

PLAYER

HPProLiant

DL580 G7

TOP

TOP

PS 1

PS 2

PS 3

PS 4

10 9 811 7 6 5 4 3 2 1

iLO 3

12

34

UID

120 0W

120 0W

NC364 TNC364 T

DL 580 G7Front

Rear

Front

Rear

Rear

Front NetApp 2240-2

HP 8/24 SAN Switch

FAN ST AT

FAN ST AT FAN1

FAN2

PS1

PS2

FAIL

OK

FAIL

OK

FAN1

FAN2

CONS OL EL 2

MGMT 0L 1

ST AT

ID

3

CIS CO N EXU S N554 8UP

STAT

ID

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100 e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN 1100e

POR T 1

10GbESFP

POR T 2L A

L A

TX

RX

TX

RX

CN1100 e

LNK LNK

e1a e1b

LNK LNK

e1a e1b

РЦУ

The project design work should include clarifying above telecommunication network connectivity architectures, developing design configurations of existing network equipment and means of its integration and migration into proposed design solutions.

30.3 Contractor is carrying out survey on determining and rationale of the best optimal SAN connectivity designs. The analysis of design proposed should include the following:- consolidation- performance- security- connectivity- reliability- manageability- scalability- capacity

30.4 Project solution should contain the technological justification of using proposed SAN technologies.Technology solution needs to track the major trends in industry and it should be relevant for staying deployed for at least 7 years.Each SSSD fabric should be developed in a manner to provide for future flexible scalability of the storage network resources without compromising requirements on performance and availability. The further expansion of SSSD hardware will be carried out according to Core-Edge (Star) topology.The project should describe the criteria for selecting the main protocol in the storage area network.

30.5 Storage Area Network should be separated from the data transmission network.Requirements for Storage Area Network subsystem:

presence of protection mechanisms from locking providing for parallel operation of switch ports;

support of such functions as VSAN & IVR, NPV, Smart Zonning, FCoE, PortChannel, QoS, SAN protection, SAN management, hardware zoning and software updates during operations (ISSU);

support of Fiber Channel protocols having rate no lower than 16 Gbit/s.30.6 SSSD should provide for data replication between OCC and a geographically remote PS to be determined during designing.The project should provide for replication of the data between repositories hosted on different sites using MetroCluster technology. The solution should provide for network infrastructure failover processing using the following algorithm:- in synchronous regime - by default- if a failure occurs then replication is switched into an asynchronous mode until telecommunication channel is recovered.- after recovery of communications, synchronous mode should be able to recover

31. The concept of virtualization subsystemWhen designing the virtualization subsystem (MF) the principle should be followed of combining multiple virtual servers on a single physical server; each virtual server should have necessary separate resources allowing to optimize use of the hardware resources, saving power consumption by the servers.The system should have the following main features:

Virtualization of x86 server resources and their grouping into logical pools that can be allocated with several operational loads;






abstraction of server hardware resources and ensuring their joint use by VM; Centralized initialization, administration and monitoring the network due to association of the

network at the data processing center level; intellectual placement of VM and load balancing on the basis of delay in I/O and storage

capacity; a high-performance cluster file system optimized for use with VM.

Basic requirements to MF: compatibility with existing centralized control system Vcenter Server. capability in using for VM disk growing in number as the data volume grows. Availability of Failover VM allowing automatic restart VM from the common repository in

case the physical host server fails. capability of migrating VM between physical servers without interrupting its work and

disruption in telecommunication networks; ability of Hot adding/removing VM devices during operations (processors and RAM memory); Availability of facilities to ensure virtual infrastructure network security including control over

different types of traffic; Availability of facilities to ensure permanent VM availability which allows keeping a backup

VM copy running on another server to undertake load instantly in case the main machine fails; capacity of dynamic relocation of VM storage between arrays without interrupting applications

in guest OS; Availability of facilities to balance the load on host servers through dynamic migration as well

as means to reduce power consumption by bringing idle servers into a standby mode; Availability of technologies to prioritize VM access to storage, allowing to guarantee service

levels for I/O applications; Availability of technology to prioritize the traffic of different type within network adapters; central management means and configuration in host network interaction (Virtual Distributed

Switch, Vdistributed Switch ); automatic deployment - deployment of multiple hosts on the fly; load balancing on volumes based on performance parameters of the disk system; developing multiple tiers of storage having own performance characteristics; Compatibility with virtualization means currently used in ISDN network: Vmware Vsphere

Enterprise Plus. Parameters of virtual machines, their composition, running services should be determined at

the stage of FEED survey.

UCS VI should ensure compatibility with network server hardware HP Proliant currently available in ISDN.

Parameters of virtual machines, their composition, running services should be determined at the stage of FEED survey.

32. Composition of existing ISDN network management unit.

Equipment in the ISDN network system management

Table 32.1Main site

M42-SW-SAN-M01HP 8/24 SAN Switch AM868B SAN

M42-SW-SAN-M02HP 8/24 SAN Switch AM868B SAN

M42-NS-BKP-M01 HP DL360p Gen8 654081-B21 Backup server

M42-STG-2240-M01NetApp FAS-2240-2 --- DSS






M42-NS-ESX-M01 HP DL580R07 643086-B21 ESXM42-NS-ESX-M02 HP DL580R07 643086-B21 ESXM42-NS-360-M01 HP DL360Gen8 654081-B21 Admin serverM42-TL-4048-M01 HP MSL4048 G3 --- TapeLibrary

Back up siteM42-NS-580G-m01 HP DL580R07 643086-B21 ESXM42-NS-580G-m02 HP DL580R07 643086-B21 ESX

M42-STG-2240-M02NetApp FAS-2240-2 --- DSS

M42-NS-380G-M01 HP DL380 G7 583970-421 Backup serverM42-NS-380G-M02 HP DL380 G7 583970-421 Admin serverThe device N5548UP Storage Solutions Bundle, 32 port storage serv Licen ~ N5548UP Storage Solutions Bundle, 32 port storage serv LicenIncluding: DS-SFP-FC8G-SW Cisco 8 Gbps Fiber Channel SW SFP+, LC N55-32P-SSK9 Cisco Nexus 5500 Storage License, 32 Ports N55-DL2 Cisco Nexus 5548 Layer 2 Daughter CardIncluded: DS-SFP-FC8G-SW Cisco 8 Gbps Fiber Channel SW SFP+, LC N55-32P-SSK9 Cisco Nexus 5500 Storage License, 32 Ports N55-DL2 Cisco Nexus 5548 Layer 2 Daughter CardCisco

N5K-C5548UP-B-S32 4 pieces

Table 32.2 The software installed in ISDN network management system

Equipment tag Manufacturer Description Number Amoun

tM42VSNNM (M42NSESX) HPE HP iSPI NET 250+toNNMiUlt Migr SW E-

LTU A7Z96AAE14/140

M42VSNNM (M42NSESX) HPE HP NNMi Ultimate Ed 250+/50 SW E-LTU A7Z74AAE 4/200

M42VSNNM (M42NSESX) HPE HP iSPI 5001+toNNMi Ult Migr SW E-

LTU A8A67AAE 70/350

M42VSNNM (M42NSESX) HPE HP NNM iSPI 100+/100 SW E-LTU TA237AAE 20

M42VSNNM (M42NSESX) HPE HP NNMi Ult Ed 2000+/50 NdPk SW E-

LTU A7Z76AAE 56

M42VSNNM (M42NSESX) HPE HPE SW ENTERPRISE BASIC SUPPORT HM611AC 56

--- ManageEngine

NetFlow Analyzer Essential Single Installation License fee for 250 Interfaces Pack

44359.8N 1

--- RedHatRed Hat Enterprise Linux 2 Sockets Unlimited Guests 5 year Subscription 24x7 Support

1






--- RedHat Red Hat Enterprise Linux Workstations, Standard (1-2 sockets) 3-Year 1

--- RedHatRed Hat Enterprise Linux High-Availability Add-on 2 Sockets 3 year Subscription Lic E-LTU

1

--- RedHat Red Hat Enterprise Linux Load Balancer Add-on 2 Sockets 3 year Subscription Lic 1

--- RedHat Red Hat Enterprise Linux Resilient Storage Add-on 2 Sockets 3 year Subscription Lic 1

--- RedHat Red Hat Enterprise Virtualization1 Sockets 3 year Subscription 24x7 Support No Media 1

--- RedHat Red Hat Network Satellite 3 year Subscription 24x7 Support No Media 1

--- RedHatRH0149450F3 Red Hat Enterprise Linux Server, Premium (1-2 sockets) (Unlimited guests) with Smart Management, 3Year

2

--- RedHat RH0958488F3 Red Hat Enterprise Linux Workstation, Standard, 3 Year 2

M42NSBKP

RedHat Red Hat Enterprise Linux Server, Standard (Physical (2CPU) or 2 Virtual Nodes) 4

M42NSADM SolarWinds SolarWinds Engineer's Toolset v10 3

M42-NS-ADMN-E01

SolarWinds SolarWinds CatTools 4

P25-NS-ADMN-E01

M42NSADM(IPSS)

expired/renewed and replaced Veritas Symantec NetBackup Server Enterprise 7.5

WIN/LNX/SOLX64 Tier 2 2

expired/renewed and replaced

Veritas

SYMC NETBACKUP CLIENT APPLICATION AND DATABASE PACK 7.5 WIN/LNX/SOLX64 1 SERVER TIER 2 STD

6

expired/renewed and replaced Veritas Symantec NetBackup Client Enterprise 7.5 8

expired/renewed and replaced Veritas

SYMC NETBACKUP OPTION LIBRARY BASED TAPE DRIVE 7.5 XPLAT PER DRIVE STD

1

M42NSBKP Veritas Symantec NetBackup Server Enterprise 7.5 WIN/LNX/SOLX64 Tier 2 2

M42NSBKP Veritas

SYMC NETBACKUP CLIENT APPLICATION AND DATABASE PACK 7.5 WIN/LNX/SOLX64 1 SERVER TIER 2 STD

6

M42NSBKP Veritas Symantec NetBackup Client Enterprise 7.5 8






M42NSBKP VeritasSYMC NETBACKUP OPTION LIBRARY BASED TAPE DRIVE 7.5 XPLAT PER DRIVE STD

1

Notebook Vmware VMware Workstation WS9-LW-CE 1

M42NSESX1/2 Vmware VMware vSphere with Operations Management Enterprise Plus for 1 processor VS5-OEPL-C 8

M42NSESX1/2 Vmware VMware vSphere Data Protection Advanced (per processor) VS5-DPA-C 6

M42NSESX1/2 Vmware VMware vCenter Server 5 Standard for vSphere 5 (Per Instance) VCS5-STD-C 1

VmwareUpgrade: VMware vSphere 5 Enterprise to vSphere with Operations Management Enterprise Plus for 1 processor Promo

VS5-ENT-OEPL-UG-PRO 8

Vmware VMware vCenter Server 5 Standard for vSphere 5 (Per Instance)

VCS6-STD-3G-SSS-C 1

Vmware VMware vCenter Site Recovery Manager 5 Standard (25 VM Pack)

VC-SRM6-25S-3G-SSS-C 1

Contractor should integrate operating systems with upgraded ISDN network.All integration work should be carried out at the Customer sites.

33. List of sites and the scope of commissioning work.

33.1 General requirements33.1.1 Contractor separately develops the cost estimate for work, equipment and materials. Contractor should generate quotes on works for each PS and the trunk pipeline block-box, quote for supplied equipment, materials, license fees and guarantee support in accordance with Item 7 of this Terms of Reference. The cost of work should be provided broken down in specific works in accordance with Item 4.3 of these Terms of Reference. Purchasing equipment should be made after documentation is approved.33.1.2 The costs of works provided by contractor should account for expenses incurred on acquisition, supply and transportation of all materials and equipment required to perform the work, including temporary and consumable materials. The cost of work should include all costs on execution of all activities on logistics; they should be given in the cost estimate documents as a separate line item.33.1.3 In the tender offer Contractor should account for the need to supply spare parts for materials and equipment for a period of start-up and commissioning, 4 years of operations, and emergency parts, ensuring having in place the service contracts with manufacturers to access updates and have the option of correcting software vulnerabilities identified. 33.1.4 Any materials or equipment that are not specifically mentioned in equipment specifications of equipment and materials supplied by Contractor which are required to execute and complete work in accordance with the quality Standards and requirements of the guiding equipment manufacturer documents should be purchased by Contractor and will be deemed included into the contract price; these inherent documents cannot changes in the contract price.33.1.5 All materials and equipment supplied by Contractor should fully comply with the applicable technical requirements of the Customer.33.1.6 All materials and equipment should not be a second-hand or reconditioned equipment; it should be purchased directly for the project and should be tested by Customer and/or independent inspecting body appointed at the Customer’s discretion.33.1.7 Contractor should carry out customs clearance of incoming materials and equipment on the timely basis, using services of licensed, experienced and competent Customs brokers and complying with requirements set forth in effective legislation of the country where the work is carried out.






33.1.8 Contractor should keep accurate records and timely document all steps of moving materials and equipment in accordance with the applicable procedures of the Customer and requirements of effective legislation of the country where the work is carried out.33.1.9 Contractor should generate package slips for materials and equipment to be sent to specific job sites. The package slips should contain a complete list of materials and equipment indicating tag numbers corresponding to the network architecture, serial numbers, part numbers, and factory data sheets. The copies of the package slips should be sent in advance to the Customer in electronic format as excel spread-sheets.33.1.10 Contractor should be solely responsible for the safety of all materials and equipment, taking all risks of damage, destruction or loss of equipment and materials from the date the equipment is accepted from supplier until the moment the completed projects are accepted by the Customer.33.1.11 Contractor should ensure full and strict compliance by all personnel involved in procurement activities and requirements of all rules and HSE procedures set forth by the Customer.33.1.12 Contractor is responsible for meeting deadlines and ensure quality of procurement work33.1.13 All work on installation of equipment includes delivery, testing and verification of certified electrical laboratory of required electric cables, grounding cables, electric machines, terminals and connectors according to the program approved by CPC.33.1.14 Calculation of patch cords (connecting cords) parameters is carried out according to the number of ports in the active equipment; the prices of materials are provided for the following cord lengths: 1m, 2m, 3m, 5m, 8m, 10m; the cables should comply with relevant requirements, the color should be black, all cross-connecting cables should be red. The range of cables and SCS components is determined by the specification for the structured cabling system CPC VRD CPC 107.12.2016. Installing the equipment in telecommunication racks should provide for required amount of cable organizers with a lid. All equipment supplied for SCA should have the factory data sheet; when patch cords are made on sites all equipment should be manufactured by certified personnel using calibrated measuring equipment with final checking the conformity with categories declared.

33.2 CPC Marine Terminal.

33.2.1 On-shore FacilitiesAdministration building No 1

Supply, installation, configuration, commissioning, testing and migration:-2 DC core level routers-2 DC distribution level switchboards-2 L2 DC access switches-2 switches for connecting virtualization and storage systems-1 router for organizing CE-CE backdoor connection-1 router with support of E1 through synchronous Ethernet-2 ASA5545-X firewalls in multicontext mode having context number no less than 5 each to protect control systems and telephony DC/AC- Failover cluster of access control systems (ACS/ISE) of three AC devices- 3 access control system (ACS/ISE)- 1 network analysis module systemThe Customer cannot allocate resources to deploy virtual NAM solution. Contractor provides a solution to integrate NAM using a dedicated appliance.Integrating existing storage, virtualization and backup systems.Supply and replacement of two communication racks with installation and connection of two distribution DC power boxes, two distribution AC power boxes, connection of grounding cables, grounding bus, and circuit breakers required for the project telecommunication equipment. Carrying out all the required verification using certified electrical laboratory

Check point at OF in MT Supply, installation, configuration, commissioning, testing and migration:one AC L2 access switch

SHED-0000095Radio-Shelter

Supply, installation, configuration, commissioning, testing and migration:one AC L2 access switch.Time server LANTIME M600/MRS/PTP: PTPv2/IEEE 1588-2008 Ordinary Clock and NTP Time Server synchronized GPS/GLONASS/1PPS/10MHz/IRIG/NTP/PTP with PTP GSM/GLONASS antenna, the antenna installation is carried out on the open antenna site, Contractor should provide for all installation work, including installation of lightning protection systems and galvanic isolation, development of grounding equipment and antennas

Check point No 2 Supply, installation, configuration, commissioning, testing and migration:one AC L2 access switch

Laboratory building for oil quality Supply, installation, configuration, commissioning, testing and migration:






control. (6) one AC L2 access switchFire water pump station (11)42-LP1-SDB-0142-LPE1-0242-LP1-02

Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch- one on-line UPS with the battery life at least 4 hours- one wall cabinet to install telecommunication and UPS equipment

Building of dispatching station to maintain LACT unit (37)

Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Administration building No 2 Supply, installation, configuration, commissioning, testing and migration:

- two AC L3 Access Switches

Administration building No 3 Supply, configuration, commissioning, testing and migration:- two AC L3 Access SwitchesDue to unavailability of the site installing switches in the administrative building No 3 is not expected.

Water well No 3 Supply, installation, configuration, commissioning, testing and migration:- one AC L2/L3 Access Switch- one on-line UPS with the battery life at least 4 hours

On-shore MLBV 1498 Supply, installation, configuration, commissioning, testing and migration:- One DC L2/L3 Access Switch- installation of circuit breakers,- an extra terminal block in DC power distribution box

On-shore MLBV 1499 Supply, installation, configuration, commissioning, testing and migration:- One L2/L3 Access Switch- installation of circuit breakers,- an extra terminal block in DC power distribution box

Water well No 2 Supply, installation, configuration, commissioning, testing and migration:- One AC L2/L3 access switch- one on-line UPS with the battery life at least 4 hours

Water well No 1 Supply, installation, configuration, commissioning, testing and migration: - One AC L2/L3 access switch- one on-line UPS with the battery life at least 4 hours

Certification of equipment intended for installation to meet the requirements of Resolution of the Government of the Russian Federation No. 969 dated September 29, 16 with confirmation from controlling and regulating bodies

Provision of certificates of technical means for ensuring transport security with regard to communication facilities, information reception and transmission

33.2.2 Tank Farm

M41 Tank FarmSS110/10KV “Neftenalivnaya” Supply, installation, configuration, commissioning, testing and migration:

-One AC/DC L2 access switchWarehouse in the Tank farm of CPC Marine Terminal. Service and utility rooms.Logistics base at the Tank Farm of CPC Marine Terminal. Staff rooms and service rooms.

Supply, installation, configuration, commissioning, testing and migration:- of existing two L2 access switches

Warehouse in the Tank farm of CPC Marine Terminal. Security post.Logistics base at the Tank Farm of CPC Marine Terminal. Guard Post.

Supply, installation, configuration, commissioning, testing and migration:- existing one L2 access switch

Local Control center (41-23) Supply, installation, configuration, commissioning, testing and migration:- 2 core-level DC routers






- 2 DC distribution level routers- 2 SAN AC/DC Switches- Setting up and delivery of updates for NNMi, SYSLOG, NETFLOW, VMWARE, NETAPP management system and operating systems, firmware for servers- 2 switches SAN AC/DC, data storage system- Backup System- virtualization System

Supply and replacement of the two racks connected to installation and connection of two distribution boxes of DC power supply box, two distribution boxes of AC power supply, connection of grounding cables, grounding bus, circuit breakers required for designed communication equipment. Carrying out full scope of required electrical verification using certified laboratory.Integration of operating routers ASR9001 ASR920

Telecommunication building (radio-shelter) (Item 1)

Supply, installation, configuration, commissioning, testing and migration:- 2 distribution level routers- one L2 access switch

Support base (41-32) Supply, installation, configuration, commissioning, testing and migration:- two distribution-layer/core routers DC/AC- two L2 access switches DC/AC

Fire Station with 2 exits (41-38) Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Fire water booster station (41-17) Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Security Post No 2 (41-36) Supply, installation, configuration, commissioning, testing and migration- one AC L2 access switch

Outdoor perimeter protection cabinet TC-006 Supply, installation, configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch

Power substation No 2 (41-25) Supply, installation, configuration, commissioning, testing and migration:- two AC L2/L3 switches- 220V online type UPS having battery life no less than 4 hours

Outer cabinet for protection of perimeter zone 1 M41-TC-5004

Configuration, commissioning, testing and migration, if necessary, communication equipment certification:- existing one L2 IE3000 access switch

Outer cabinet to protect perimeter zone 2M41-TC-5003

Configuration, commissioning, testing and migration, if necessary, communication equipment certification:- existing one L2 IE3000 access switch

Guard post (41-124) Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Wastewater treatment facility Installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Foam Fire-Fighting Station No 4 Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Foam Fire-Fighting Station No 3 Supply, installation, configuration, commissioning, testing and migration:- one AC L2 access switch

Fire water booster station (17) Installation, configuration, commissioning, testing and migration:- two AC L2/L3 switches- 220V online type UPS having battery life no less than 4 hours






33.3 PS8

Control room building (8.1) Integration work on connecting existing core, distribution and access level equipment, or relocation of existing core-level equipment as redundant for the other network segment.Installation, configuration, commissioning, testing and migration:- 2 DC core level routers having enhanced bandwidth.- 2 DC distribution switches, 2 pcs.

SWGR and PTS building (7.1) Configuration, commissioning, testing and migration, certification:- existing one L2 IE3000 access switch

Check point with car searching (8.3) Configuration, commissioning, testing and migration, certification:- existing one L2 IE3000 access switch

Switchgear room (Bypass Shelter) (12.3) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch

MLBV shelter (w/n) Supply, installation, configuration, commissioning, testing and migration:- one AC/DC L2/L3 access switch

Radio shelter (w/n) Supply, installation, configuration, commissioning, testing and migration:- one AC/DC L2 access switch

33.4 PS7

Control room building (8.1) Integration work on connecting existing core, distribution and access level equipment, or relocation of existing core-level equipment as redundant for the other network segment.Installation, configuration, commissioning, testing and migration:- 2 DC core level routers having enhanced bandwidth.- 2 DC distribution switches, 2 pcs.

SWGR and PTS building (7.1) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch

Check point with car searching (8.3) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch


MLBV shelter (w/n) Installation, configuration, commissioning, testing and migration:- one AC/DC L2/L3 access switch

Radio shelter (w/n) Installation, configuration, commissioning, testing and migration:- one AC/DC L2 access switch

33.5 PS Kropotkin

Control room building and Secondary Control Center (13). Communication equipment room (3)

Installation, configuration, commissioning, testing and migration:-2 core level DC routers-2 distribution level DC switches-2 L2 DC access switches-2 ASA5545-X firewalls in multicontext mode having the number of contexts no less that 10 each to protect control and telephony DC/AC systems- Failover cluster of access control systems (ACS/ISE) of three AC devicesTime server LANTIME M600/MRS/PTP: PTPv2/IEEE 1588-2008 Ordinary Clock and NTP Time Server synchronized by GPS/GLONASS/1PPS/10MHz/IRIG/NTP/PTP with PTP GSM/GLONASS antenna, installation of antenna is carried out on the open antenna site, Contractor provides all installation work including installation of lightning protection systems and galvanic isolation,






development of grounding equipment and antennasCommunications shelter (14) Installation, configuration, commissioning, testing and migration:

- one AC/DC L2 access switchAutomated gas distribution station (no #) / Installation, configuration, commissioning, testing and migration:

- one AC/DC L2/L3 access switchGate House (11a) Installation, configuration, commissioning, testing and migration:

- one AC/DC L2 access switch- one on-line UPS with the battery life at least 4 hours

33.6 P0037 PS-5Control room building (8.1) Integration work on connecting existing core, distribution and access

level equipment, or relocation of existing core-level equipment as redundant for the other network segment.Installation, configuration, commissioning, testing and migration:- 2 DC core level routers having enhanced bandwidth.- 2 DC distribution switches, 2 pcs.


Check point with car searching (8.4) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch

Check point (8.3) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch









33.7 P0036 PS-4

Control room building (8.1) Integration work on connecting existing core, distribution and access level equipment, or relocation of existing core-level equipment as redundant for the other network segment.Supply, installation, configuration, commissioning, testing and migration:- 2 DC core level routers having enhanced bandwidth.- 2 DC distribution switches, 2 pcs.


Check point (8.3) Configuration, commissioning, testing and migration:- existing one L2 IE3000 access switch



33.8 Main line block valves (MLBV).- Krasnodar, block valve shelters in line-pipe KP 1489 1482, 1476, 1459, 1433, 1412, 1410, 1395, 1374, 1373, 1353, 1349, 1348, 1312, 1293, 1268, 1253, 1237, 1215- Stavropol, block-valve shelters in line-pipe KP 1193, 1192, 1165, 1159, 1138, 1116, 1114, 1113, 1102, 1098, 1077, 1046, 1045, 1042, 1031, 1019, 1018, 990, 961, 953

MLBV shelter (w/n) Supply, installation, configuration, commissioning, testing and migration:- one DC L2/L3 access level network applianceSupply, installation of circuit breakers,Supply, installation of additional terminal box in power DC distribution cabinet.Dismantling existing equipment

33.9 Main line block valves (MLBV) supporting E1 communication channels

MLBV shelter (w/n) KP 1482 KP 1077 Supply, installation, configuration, commissioning, testing and migration:- one DC L3 access level network appliance with E1 support, synchronous Ethernet.Supply, installation of circuit breakers,Supply, installation of additional terminal box in power DC distribution cabinet.Dismantling existing equipment

34. Technical requirements to communications equipment.

34.1 Requirements to core level routers Type RouterProcessing rate of 64-byte packets No less than 55 million

packets per secondPerformance No less than 80 Gb/sModular OS The efficiency of the

system should allow starting, stopping, reloading individual






software processes without affecting other running processes

Support of Synchronous Ethernet Compliance Requirements to physical interfacesThe maximum number of Ethernet 1000Base-X-SFP ports when installing interface modules At least 10Number of integrated 10GigabitEthernet ports At least 4The number of additional Gigabit Ethernet ports is 10 At least 2Physical parametersMounting height, RU No more than 4 RU router depth No more than 480 mmDesigns for installation corresponding to ANSI/EIA-310 standard in 19” closure ComplianceCompliance with ETSI Standard 300 ComplianceDC power Should be compliant

with range -40 - 60VAvailability of backup power supply ComplianceAccess to the power supply unit from the front panel ComplianceThe minimum operation temperature 0 CThe maximum operating temperature No less than +40 CPower consumption No more than 550Watt at

peak loadRelative humidity under working condition 10-85% without

condensation Direction of air flow Side to sideExchangeable fan unit ComplianceReplaceable power supplies ComplianceAccessibility of all router elements from the front panel without the need to access the rear panel

Compliance

Support of E1 interfaces, GigabitEthernet, 10 GigabitEthernet ComplianceSupport of interface modules GigabitEthernet, E1, having extended temperature operational range (better than -5 to + 55°C)

Compliance

Supply kit should include a console, cable kit for rack mounting Compliance Software RequirementsSupport of function to customize software samples in the form of ICMPs Certificate, UDP/TCP, HTTP packets to determine availability of network nodes and parameters of communication channels

Compliance

Requirements to L2 level functionalityAmount of supported Vlan At least 16,000Number of supported MAC addresses At least 512,000Support of IEEE802.1 ah PBB ComplianceSupport of long frames No less than 9192 bytes Support of Integrated routing and bridging (IRB) ComplianceSupport of Multiple VLAN Registration Protocol. IEEE 802.1ak Compliance (optional)

Required it is used in design

Support of Standard IEEE 802.3ad Link aggregation control Protocol LACP ComplianceSupported of Spanning Tree protocols: -IEEE802.1s Multiple Spanning Tree Protocol (MSTP) Compliance






-IEEE802.1w Rapid Spanning Tree Protocol (RSTP) Compliance-IEEE802.1D Spanning Tree Protocol (STP) Compliance (optional)

It is required in case design solutions support 802.1.D in network sections

-Per-Vlan Spanning Tree (Item VST +) ComplianceSupport of Standards IEEE 802.1AB Link Discovery Protocol(LDP) ComplianceIEEE 802.1p: Class-of service (CoS) prioritization; 802.1ad (Q-in-Q) ComplianceSupport of L2 protocol tunneling ComplianceSupport of Ethernet Automatic Protection Switching in part G.8032 ComplianceSupport of PPoE ComplianceRequirements to third level functionality Maximum amount of IPv4 unicast routes in FIB no less than 1 000 000Availability of IPv4 unicast routing support no less than 256 000Number of IPv6 unicast routes in FIB no less than 500 000Number of ARP entries no less than 110 000Number of VPLS at least 4000Number of VRRP at least 1000The maximum number of routes in BGP in RIB table at least 4 000 000Support of Static Routing (RFC 1812) ComplianceSupport of Bidirectional Forwarding Detection (BFD) protocol ComplianceSupport for routing protocols, OSPFv2, BGPv4, MP-BGP, IS-IS ComplianceSupported protocols ICMPv6, OSPFv3, RIPng, DHCPv6, IPv6 MLD, BGP extensions for Ipv6

Compliance

Support of Access Node Control Protocol Compliance (optional)Required it is used in design

Supports of ISO Connectionless Network Service (CLNS) ComplianceSupport of GRE, IP-IP tunnels ComplianceSupport of IP MPLS ComplianceSupport of MPLS Transport Profile ComplianceSupport of RSVP protocol ComplianceSupport of LDP protocol ComplianceSupport of MPLS Layer 3 VPN ComplianceSupport of MPLS Layer 2 VPN ComplianceSupport of VPLS ComplianceSupport of MPLS Fast Reroute ComplianceSupport of Multitopology Routing (MTR) ComplianceSupport of EVPN ComplianceSupport of L2VPN PWE3 ComplianceSupport of BFD ComplianceSupport of determining virtual routers in context of logic devices Obligatory conformity at

VRF level. Other functions - optionally in cases of using in design solutions

High availability






Function BGP Graceful protocol restart ComplianceFunction IS-IS Graceful protocol restart ComplianceFunction OSPF Graceful protocol restart function ComplianceSupport of VRRP protocol ComplianceMulticastSupport for multicast protocols :Internet Group Management Protocol (IGMPv1/2/3),PIM-SM/SSM

Compliance

The maximum number of PIM groups at least 1500Supports of RFC 5015 ComplianceSupport of IGMPv1/v2/v3, MLD v1/v2 ComplianceSupport of IP MPLS Multicast VPN, P2MP LSP ComplianceQuality of service (QoS) Support of Hierarchical quality of service, HQoS at the level:- VLAN groups- VLAN- interface module ports

Compliance

Support of Standard RFC2474 IPv4 Diffserv ComplianceSupport of QoS mechanisms at the port level:- Shaping at the queue level- Weighted round-robin (WRR) for each priority class- Random early detection (RED)- Weighted random early detection (WRED)

Compliance

The number of queues per port at least 8Support of QoS mechanisms at the level of VLAN:- gathering statistics, filtering, policing- Remarking IEEE 802.1p- classification- marking

Compliance

Support of QoS mechanisms at the level of the subscriber interface PPPoE or DHCP:- gathering statistics, filtering, policing- Remarking IEEE 802.1p- classification- marking- shaping at the queue level- scheduling queues using algorithm Weighted round-robin (WRR) for each priority class- Weighted random early detection (WRED)

Compliance

Support of Access control lists (ACL), Port-based ACL ComplianceControlSupport of HTTP/HTTPs management ComplianceSupport of IEEE 802.3ah ComplianceSupport of IEEE 802.1ag Ethernet OAM Continuity Check, Linktrace, Loopback protocol ComplianceSupport of Two-Way active Measurement protocol ComplianceSupport of SSH protocol ComplianceSupport of SNMP v2c/v3 protocol Compliance

Support of reconciled mib for chassis and cards, OPSF v2/v3, MP-BGP, MPLS-LDP, MPLS-TE, MPLS-VPN, MulticastVPN, IGMP v2/v3; RFC 1907, RFC2863, RFC2925; RFC2819a RMON mib; BGP 4 MIB; OSPF Trap MIB; RFC 3812 MPLS; RFC 4382 L3VPN; RFC 2787 RFC 6527; AAA MIB; Alarm Mib; BFD MIB; Flow collection Services MIB

Compliance

Support of RADIUS, TACACS + protocols ComplianceSupport dof storing device backup configuration on the device ComplianceSupport of device roll-back to the previous configuration ComplianceThe number of stored configurations which can be used for rolling-back to device configuration

at least 50






The number of configurations that are automatically stored in the memory of appliance allowing rollback to previous configuration

at least 49

Support of device roll back to previous software version ComplianceChecking configuration consistency before application ComplianceSupport of NTP protocols, DNS, Syslog ComplianceSupport of DHCPv4/v6 server, DHCP Relay, DHCP client functionality Compliance Automatically saving configuration on dedicated ftp/scp resource when making changes and saving or making the same in scheduled manner

Compliance

*) MLPPP support is mandatory for routers connected to radio relay communication channels

34.2 Requirements to AC/DC L3 device of the network access level for MLBVType - Router ComplianceRouter performance , Gb/s at least 60Work under modular operating system allowing start, stop, restart individual software processes without affecting other running processes

Compliance

Designed for installation compliant with ANSI /EIA-310 standard having 19” mounting rack ComplianceThe requirement to physical interfacesNumber of built-in combo ports that can be used either in 1Gigabit Ethernet SFP or 1Gigabit Ethernet RJ-45 mode

at least 4

Number of built-in 1Gigabit Ethernet SFP ports at least 2

Number of built-in 1Gigabit Ethernet RJ-45 ports at least 4

Number of built-in E1 RJ-45 ports at least 8

Physical parameters

Mounting height no more than 3 RU Router depth, mm no more than 240Compliance with ETSI Standard 300 ComplianceDC power supply having rating: -48V, -60V, + 24V CompliancePower consumption, W no more than 300Backup power supply having N + N redundancy ComplianceThe minimum operation temperature no higher than -40°CThe maximum operating temperature no lower than + 65°CMaximum humidity at which the operation is ensured without condensation no less than 95%Noise level during operations no more than 90 dBSupply kit should include a console, cable kit for rack mounting ComplianceSoftware Requirements

Supporting static routing and dynamic OSPF, IS-IS, BGP routing protocols ComplianceSupporting MPLS functionality: static LSP, Fast-reroute (FRR), E-LINE, DiffServ traffic engineering, traffic engineering, monitoring IEE802.1ag CC, Virtual Private Wire Service (VPWS), L3 VPN, L2 VPN

Compliance

Support of ICMP , BFD, ARP ComplianceSupporting EFM 802.3ah, 802.1ag CFM, IEE802.1ag interface-status type, length, and value (TLV), Y.1731

Compliance

Supporting RADIUS, TACACS + ComplianceSupporting Structure-Agnostic TDM over Packet (SAToP) ComplianceDomain Name System (DNS) ComplianceTrivial File Transfer Protocol (TFTP), FTP ComplianceTACACS + Compliance802.1p Classification Compliance802.1p Rewrite ComplianceDSCP Classification ComplianceDSCP IPv6 Classification and Rewrite ComplianceDifferentiated Services Code Point (DSCP) rewrite ComplianceEXP rewriting ComplianceEight queues per logical L2 interface ComplianceExperimental (EXP) bits Compliance






Fixed classification ComplianceHost protection ComplianceInternal buffer of 2 MB with per-egress queue buffer management ComplianceLocal loopback ComplianceMultiple strict-priority queues per port at least 2 CompliancePer-physical-port shaping CompliancePer-queue committed information rate (CIR) and peak information rate (Item IR) CompliancePhysical interface-based classifiers CompliancePolicing - per family CompliancePolicing - per logical interface CompliancePriority queuing ComplianceRate control ComplianceResource Reservation Protocol (RSVP) ComplianceRewrite MPLS and DSCP to different values ComplianceScheduling with two different priorities ComplianceSrTCM (color blind) ComplianceStrict priority queuing or Low Latency Queuing (LLQ) ComplianceTrTCM (color blind) ComplianceUp to eight forwarding classes ComplianceWeighted random early detection (WRED) ComplianceDHCP Client ComplianceDHCP Server ComplianceLink aggregation groups (LAGs) ComplianceTwo-way active measurement protocol (TWAMP) compliance with RFC 5357 ComplianceKeepalives ComplianceAddress Resolution Protocol (ARP) ComplianceDynamic Host Configuration Protocol (DHCP) Compliance802.1ag optional type, length, and value (TLV) support ComplianceAutomatic clock selection ComplianceAutonegotiation on Gigabit Ethernet interfaces ComplianceBERT algorithms ComplianceBuilding-integrated timing supply (BITS) ComplianceClock Source Selection Algorithm ComplianceCombined operation of Synchronous Ethernet and Precision Time Protocol or hybrid mode

Compliance

Configured or received clock selection ComplianceDenied packets counter ComplianceDual-speed Gigabit Ethernet interface ComplianceEthernet Local Management Interface (E-LMI) ComplianceEthernet link aggregation support ComplianceEthernet ring protection switching ComplianceEthernet synthetic loss measurement ComplianceEvent handling of SFP insertion and removal ComplianceExplicit disabling of the physical interface ComplianceExternal and internal loopback ComplianceExternal clock synchronization ComplianceGigabit Ethernet interface ComplianceIEEE 802.1ag CFM for Ethernet OAM ComplianceLogical tunnels ComplianceLoopback interface ComplianceLoss of signal (LOS) alarm ComplianceMAP ATM service categories to PW EXP bits ComplianceMaximum transmission unit (MTU) CompliancePHY timestamping for grandmaster clock CompliancePIM and IGMP in global domain CompliancePTP over Ethernet CompliancePTP over User Datagram Protocol (UDP) over IPv4 CompliancePTP slave performance metrics Compliance






Packet/byte counters per VP and VC CompliancePoint-to-Point Protocol (PPP) encapsulation CompliancePower over Ethernet (PoE) CompliancePower over Ethernet (PoE) - High-power mode CompliancePrecision Timing Protocol (PTP) - IEEE 1588v2 CompliancePrecision Timing Protocol (PTP) - Ordinary clock (slave only) ComplianceRFC4717 ATM Encapsulation: S6.1 ATM N to one cell mode (required as per standard)

Compliance

RFC4717: S6.3 – ATM AAL5 SDU encap ComplianceRemote fault notification for 10-Gigabit Ethernet interfaces ComplianceScaling and performance - Address Resolution Protocol (ARP) parameters ComplianceScaling and performance - Interfaces ComplianceScaling and performance - Next-hop parameters ComplianceScaling and performance - Route parameters ComplianceStatistics collection and handling ComplianceStructure-aware TDM Circuit Emulation Service over Packet-Switched Network (CESoPSN)

Compliance

Synchronous Ethernet ComplianceT1 and E1 interfaces time-division multiplexing (TDM) ComplianceT1 or E1 BITS interface ComplianceT1/E1 channelization ComplianceT1/E1 encapsulation (SAToP) ComplianceTDM CESoPSN ComplianceTDM CESoPSN: CESoPSN encapsulation ComplianceTDM CESoPSN: CESoPSN options ComplianceTDM CESoPSN: CESoPSN pseudowires ComplianceTDM CESoPSN: Channelization up to the ds0 level ComplianceTDM CESoPSN: Interfaces show commands ComplianceTDM CESoPSN: Packet latency ComplianceTDM CESoPSN: Protocol support ComplianceTiming and synchronization ComplianceTiming-1588-v2, 1588-2008-slave clock ComplianceUnicast mode (IPv4 on Gigabit Ethernet interfaces only) ComplianceUser-defined alarms ComplianceBFD support for VCCV ComplianceDisabling local switching in bridge domains ComplianceDying-gasp PDU generation ComplianceEthernet alarm indication signal ComplianceEthernet loopback support for RFC 2544-based benchmarking test ComplianceHierarchical VPLS ComplianceHost path ComplianceIEEE 802.1ad classifier ComplianceIntegrated routing and bridging (IRB) ComplianceLayer 2 bridging ComplianceLayer 2 control packets ComplianceLayer 2 protocol tunneling (L2PT) ComplianceLayer 2 security ComplianceRFC 2544-based benchmarking tests for Layer 2 and Layer 3 Ethernet services ComplianceSpanning-tree Certificates support for Layer 2 bridging and VPLS ComplianceIP fragmentation ComplianceInternet Control Message Protocol (ICMP) ComplianceMultiprotocol Border Gateway Protocol(MBGP) ComplianceStatic routes ComplianceException handling ComplianceUnicast reverse-path forwarding (URPF) ComplianceControl word ComplianceDiffserv traffic engineering ComplianceE-LINE Compliance






EXP classification ComplianceEthernet connectivity fault management (CFM) - Connection protection for Ethernet pseudowires

Compliance

Ethernet connectivity fault management (CFM) - Path protection for Ethernet pseudowires

Compliance

Exception packet handling for MPLS ComplianceFast Reroute (FRR) ComplianceIP Fast Reroute (FRR) (OSPF, ISIS) ComplianceLabel Distribution Protocol (LDP) ComplianceLabel Switching Router (LSR) ComplianceLabel edge router (LER) Compliance

Link protectionCompliance

MPLS OAM ComplianceMPLS ping and traceroute ComplianceNode-link protection Compliance

Pseudowire redundancy - Hot and cold standbyOptional complying with cold standby.

Pseudowire redundancy CompliancePseudowire redundancy - Protect interface CompliancePseudowire standby CompliancePseudowire transport service ComplianceStatic LSPs ComplianceTraffic engineering ComplianceUniform and pipe mode ComplianceIGMP Snooping ComplianceChassis management ComplianceDistinguish each 802.1ag connection by vlan-id ComplianceDrop packet statistics ComplianceHybrid mode of autoinstallation ComplianceInterface Passive-monitor-mode ComplianceInterface byte and packet statistics ComplianceInterface queue statistics ComplianceNetworks Enterprise-Specific MIBs ComplianceLocal port mirroring ComplianceNetwork Time Protocol (NTP) ComplianceRMON events, alarms and history ComplianceReal-time performance monitoring (RPM) ComplianceSNMP get and walk management ComplianceSNMP support for the timing feature ComplianceSimple Network Management Protocol (SNMP) ComplianceStandard SNMP MIBs ComplianceTraceroute ComplianceEthernet frame delay measurement (ETH-DM, Y.1731) ComplianceIEEE 802.3ah Link Fault Management (LFM) for Ethernet OAM ComplianceOAM with Layer 2 bridging as a transport mechanism ComplianceTime domain reflectometry (TDR) ComplianceStorm Control ComplianceDHCPv6 relay agent ComplianceExtended DHCP relay agent ComplianceFilter-based forwarding for routing instances ComplianceHierarchical policer CompliancePhysical interface policers CompliancePolicers and three-color policers ComplianceStandard Firewall Filter Match Conditions for MPLS Traffic ComplianceBidirectional Forwarding Detection (BFD) ComplianceEqual-cost multipath (ECMP) flow-based forwarding ComplianceIPv6 VPN Provider Edge Routing ComplianceIntermediate System-to-Intermediate System (IS-IS) Compliance






Layer 3 VPNs for IPv4 and IPv6 address families ComplianceOpen Shortest Path First (OSPF) ComplianceVirtual Router Redundancy Protocol (VRRP) ComplianceControl plane DOS prevention ComplianceIP and MAC address validation ComplianceCounters and statistics ComplianceStatistics collection and reporting for Gigabit Ethernet interfaces ComplianceAutoinstallation ComplianceMemory utilization CompliancePacket Forwarding Engine management ComplianceSystem snapshot support Compliance802.1ag CC monitoring on active and standby pseudowires ComplianceEdge protection using static VPWS ComplianceLayer 2 Circuits CompliancePseudowire Emulation Edge to Edge [PWE3 (signaled)] ComplianceStatic Ethernet PWs ComplianceControlCertificate support SNMP v2c/v3 SYSLOG RMON ComplianceSupport dof storing device backup configuration on the device ComplianceSupport of device roll-back to the previous configuration ComplianceThe number previous configurations stored on device at least 40Support of device roll back to previous software version ComplianceChecking configuration consistency before application ComplianceArchiving configurations during changing and in a scheduled basis at dedicated external ftp resource

Compliance

34.3 Requirements to AC/DC L2 (with an option to activate L3) network access devices

type switch● 1-GB DRAM● 256-MB onboard flash memory● 1-GB removable SD flash memory card● Mini-USB connector● RJ-45 traditional console connector● GPS antenna input● Analog Timing I/O interface● Digital Timing I/O interface

Compliance

Dimensions 1,75 x 17.5 x 14.0 in. (4,45 x 44,5 x 35,6 cm), 1RU (rack unit) height

Weight Up to 7 kgThe maximum power consumption level No more than 90 W not

including PoEPerformance dataCommutation bandwidth No less than 56 GbpsForwarding bandwidth No less than 26 GbpsForwarding Rate No less than

41.67Mpps for 64-byte packets

Number of queues 4 outputUnicast of MAC address At least 16,000IGMP multicast groups 1000Number of VLANs 1005Layer 2 Switching:IEEE 802.1, 802.3, 802.3at, 802.3af standard, VTPv2, NTP, UDLD, CDP, LLDP, Unicast Mac filter, Flexlink, Resilient Ethernet Protocol (REP), Parallel Redundancy Protocol (PRP), VTPv3, EtherChannel, Voice VLAN, QinQ tunneling

Compliance






SecuritySCP, SSH, SNMPv3, TACACS+, RADIUS Server/Client, MAC Address Notification, BPDU Guard, Port -Security, Private VLAN, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard, 802.1x, Guest VLAN, MACAuthentication Bypass, 802.1x Multi-Domain Authentication, Storm Control

Compliance

Layer 2 MulticastIGMPv1, v2, v3 Snooping, IGMP filtering, IGMP Querier

Compliance

ManagementFast Boot, Express Setup, Web Device Manager, Cisco Network Assistant, Cisco Prime™ Infrastructure, MIB, SmartPort, SNMP, syslog, Storm Control - Unicast, Multicast, Broadcast, SPAN Sessions, RSPAN, DHCP Server, Customized TCAM/SDM size configuration, DOM (digital optical management), Hardware Watchdog

Compliance

Quality of ServiceIngress Policing, Rate-Limit, Egress Queuing/shaping, AutoQoS, Modular QoS CLI (MQC)

Compliance

Layer 3 Routing with option to activate OSPF, EIGRP, BGPv4, IS-IS, RIPv2, Policy-Based Routing (PBR), HSRP /VRRPPIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode

Compliance

UtilityIEEE 1588 v2 PTP Power Profile, dying gasp, GOOSE messaging, SCADA protocol classification, MODBUS TCP/IP, utility SmartPort macro, BFD, Ethernet OAM, IEEE 802.3ah, CFM (IEEE 802.1ag)

Compliance

Archiving configurations during changing and in a scheduled basis at dedicated external ftp resource

Compliance

Support of vrf-lite Compliance

34.5 Requirements for AC/DC L3 network distribution level devicesPhysical requirementsDimensions and shape No more than 1.5RU Weight No more than 7 kgPresence of rack mounting kit ETSI rack-mount kit

19-in. rack-mount kit23-in. rack-mount kit

Power supply unit AC 220V/DC (range: -48-54V), modular hot sawap enabledMaximum power consumption: no more than 200W

Mean time before failure (MTBF) No less than 400,000 hours

Support of network synchronization - ANSI T1.101- GR-1244-CORE- GR-253-CORE- ITU-T G.703 clause 5- ITU-T G.703 clause 9- ITU-T G.781- ITU-T G.813- ITU-T G.823- ITU-T G.824- ITU-T G.8261/Y.1361- ITU-T G.8262- ITU-T G.8264- IEEE1588-2008

Operating system requirements Support of Ethernet servicesEthernet Flow Point (EFP) with support for:

Compliance






◦ 802.1q◦ Selective QinQ◦ Inner and Outer VLAN classification◦ VLAN local significance◦ One VLAN tag ingress push◦ Pop one VLAN tag◦ Pop two VLAN tags◦ Trunk-EFP construct for configuration simplification● IEEE 802.1s Multiple Spanning Tree (MST)● Resilient Ethernet Protocol (REP)● ITU G.8032● 802.3ad/802.1ax Link Aggregation Control Protocol(LACP)● Layer 2 Protocol Tunneling (L2PT)● VPLS, HVPLS, Virtual Private Wire Service (VPWS), and EoMPLS● Pseudowire redundancy● Hot Standby Pseudowire● Multisegment Pseudowire● Dual RateL3 and MPLS services● Hot Standby Router Protocol (HSRP)● Layer 3 routing on Routed interfaces and Bridge Domain Interfaces (BDI)● Cisco Express Forwarding (CEF) load sharing of Equal Cost Paths (ECMP)● OSPF● BGP● BGP 4-byte Autonomous System number (ASN)● BGP TCP Path MTU Discovery● BGP Prefix-Independent Convergence (Item IC) Edge and Core for IPv4 and MPLS VPN● IS-IS● BFD for OSPF, IS-IS, BGP, and static routes● BFD over Ethernet, Routed port interfaces● BFD for HSRP group client● MPLS● LDP with Label Edge Router (LER) and Label Switch Router (LSR)● MPLS L3VPN● MPLS-TP for Ethernet Pseudo Wires● MPLS Traffic Engineering Fast Reroute (TE-FRR)● IP Loop Free Alternate Fast Re-Route (LFA FRR)● Remote Loop Free Alternate Fast Re-Route (R-LFA FRR)

Compliance

QoS● Modular QoS CLI (MQC)● Hierarchical QoS (HQoS)● Port shaper and Low Latency Queuing (LLQ) in the presence of an EFP● IEEE 802.1p Class of Service (COS) based QoS● Classification based on inner and outer CoS● IP Precedence Type of Service (ToS) based QoS● Differentiated Services Code Point (DSCP) based QoS● Egress marking of COS, ToS, DSCP and MPLS EXP QoS fields● Classification using Access Control List (ACL)● 2-rate 3-color (2R3C) ingress Policing● Differentiated Services Code Point (DSCP) traffic shaping● Class-Based Weighted Fair Queuing (CBWFQ)● Priority Queuing with up to 2 priority queues● Weighted Random Early Detect (WRED)● Egress shaping per queue● Egress policing per queue

Compliance

Timing● IEEE 1588-2008 Ordinary Clock over Ethernet, IP● IEEE 1588-2008 Boundary Clock over Ethernet, IP● IEEE 1588-2008 precision time protocol (PTP) telecom profile for frequency synchronization - ITU-T G.8265.1/Y.1365.1● Hybrid clocking● Time of Day (ToD),1 Pulse Per Second (1PPS)

Compliance






● Building Integrated Timing Supply (BITS)● ITU-T SyncE with Ethernet Synchronization Messaging Channel (ESMC)● Synchronization Status Messages (SSM)OAM● IEEE 802.1ag Connectivity Fault Management (CFM) over EFP● IEEE 802.3ah Link OAM● MPLS OAM● ITU-T Y. 1731 Performance Management (PM) over EFP for Delay Measurement (DM) and Synthetic Loss Measurement (SLM)● Ethernet Local Management Interface (E-LMI), as a provider edge (PE) device

Compliance

Security● Authentication, authorization, and accounting (AAA) with TACACS+ and RADIUS● Secure Shell (SSH) Protocol v2● MAC limiting per bridge domain (BD)● Storm control for Port Mode● Layer 3 Access Control Lists (ACL) for IPv4 and IPv6● IPv4 unicast reverse path forwarding (uRPF) strict mode● MAC security capabilities● Dynamic Arp Inspection (DAI)● DHCP Snooping with option 82 insertion● DHCP Option 82 Configurable Circuit ID and Remote ID

Compliance

Archiving configurations during changing and in a scheduled basis at dedicated external ftp resource

Compliance

Support PIM/IGMP in VRF Compliance Support of VPLS (LDP-based.BGP-based) Compliance Routed VPLS/Pseudowire conformityMST/REP ACCESS Gateway ComplianceLabel Stack least 5 markers ComplianceSupport of Policy Base Routing ComplianceSupport of Netflow ComplianceSupport of telecom profile G8265.1 (frequency) G8275.1 (phase) Compliance

34.6 Requirements to AC/DC L2/3 network devices of DPC distribution level

Requirements to performance Layer 2 and 3 hardware forwarding No less than 1.44 Tbps

1071 million packets per second (mpps; 64-byte packets)

The number of MAC addresses and ARP entries No less than 256 000- low delay of approximately 1 microsecond using cut-through forwarding for predictable, integral traffic delay independent of the packet size, of the traffic kind and functions activated in 10 and 40 Gigabit Ethernet interfaces,- 25-MB buffer on 12 x 10 Gigabit Ethernet SFP +- line-rate traffic throughput for all ports in L2 L3 modes

Compliance

Interfaces48 fixed 1/10 Gigabit Ethernet SFP+ ports with 16 of the 48 ports being unified, and 6 fixed 40 Gigabit Ethernet QSFP+ ports with 10 and 40 Gigabit Ethernet FCoE support on all respective ports and 2/4/8-Gbps Fiber Channel on all the unified ports

Compliance

The possibility of extending fabrics with outrigger fabric platforms ComplianceL2 functions--Layer 2 switch ports and VLAN trunks● IEEE 802.1Q VLAN encapsulation● Support for up to 4000 VLANs● Support for up to 4000 access control list (ACL) entries

Compliance






● Rapid Per-VLAN Spanning Tree Plus (PVRST+) (IEEE 802.1w compatible)● Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s): 64 instances● Spanning Tree PortFast● Spanning Tree root guard● Spanning Tree Bridge Assurance● Cisco EtherChannel technology (up to 16 ports per EtherChannel)● Cisco vPC technology● vPC configuration synchronization● vPC shutdown● Link Aggregation Control Protocol (LACP): IEEE 802.3ad● Advanced port-channel hashing based on Layer 2, 3, and 4 information● Jumbo frames on all ports (up to 9216 bytes)● Pause frames (IEEE 802.3x)● Storm control (unicast, multicast, and broadcast)● Private VLANs● Private VLAN over trunks (isolated and promiscuous)● Private VLANs over vPC and EtherChannels● VLAN remapping● FabricPath● EvPC and vPC+ with FabricPath● Adapter FEX● Data Center VM-FEX● Support for up to 24 fabric extenders (Layer 2) with each Cisco Nexus 5672UP, 5672UP-16G, and 56128P Switch● RDMA over Converged Ethernet (RoCE) using Data Center Bridging (DCB) support (DCB Exchange [DCBX] no drop and priority flow control [PFC])L3 features

● Layer 3 interfaces: Routed ports, switch virtual interface (SVI), port channels, subinterfaces, and port-channel subinterfaces● Support for up to 32,000 IPv4 and 8000 IPv6 host prefixes● Support for up to 8000 multicast routes (IPv4)● Support for up to 8000 IGMP snooping groups● Support for 4000 Virtual Routing and Forwarding (VRF) entries● Support for up to 4096 VLANs● Equal-Cost Multipathing (ECMP) up to 64 ways● 4000 flexible ACL entries● Routing protocols: Static, Routing Information Protocol Version 2 (RIPv2), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First Version 2 (OSPFv2), Border Gateway Protocol (BGP), and Intermediate System-to-Intermediate System (IS-IS)● IPv6 routing protocols: Static, OPFv3, BGPv6, and EIGRPv6● IPv6 VRF-lite● BFD support: OSPFv2, BGPv4, EIGRP, and VRF instances● Policy-Based Routing (IPv4 and IPv6)● Hot-Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)● IP direct broadcast● vPC+ routing protocol peering● ACL: Routed ACL with Layer 3 and 4 options to match ingress and egress ACL● Multicast: Protocol Independent Multicast Version 2 (PIMv2) sparse mode, Source-Specific Multicast (SSM), Bidir-PIM, Multicast Source Discovery Protocol (MSDP), IGMPv2 and v3, and Multicast VLAN Registration (MVR)● VRF: VRF-lite (IP VPN); VRF-aware unicast; and BGP-, OSPF-, RIP-, and VRF-aware multicast● Unicast Reverse-Path Forwarding (uRFP) with ACL; strict and loose modes● Jumbo frame support (up to 9216 bytes)● Support for up to 24 fabric extenders on each 10-Gbps platform switchQoS● Layer 2 IEEE 802.1p (class of service [CoS])● 8 unicast queues and 8 multicast queues per port● Per-port QoS configuration● CoS trust● Port-based CoS assignment

Compliance






● Modular QoS CLI (MQC) compliance: IPv4 and IPv6● ACL-based QoS classification (Layers 2, 3, and 4)● Flexible TCAM carving● MAC and ARP hardware carving● MQC CoS marking● Per-port virtual output queuing● CoS-based egress queuing● Egress strict-priority queuing● Egress port-based scheduling: Deficit Weighted Round-Robin (DWRR)● Control-Plane Policing (CoPP): IPv4 and IPv6

Security● Ingress ACLs (standard and extended) on Ethernet and virtual Ethernet ports● Standard and extended Layer 2 ACLs: MAC addresses, protocol type, etc.● Standard and extended Layer 3 and 4 ACLs: IPv4 and IPv6, Internet Control Message Protocol (ICMP and ICMPv6), TCP, User Datagram Protocol (UDP), etc.● Ingress policing● VLAN-based ACLs (VACLs)● Port-based ACLs (PACLs)● Named ACLs● Optimized ACL distribution● ACLs on virtual terminals (vtys)● ACL logging (IPv4 only)● Dynamic Host Configuration Protocol (DHCP) snooping with Option 82● Dynamic ARP Inspection● IP source guard● DHCP relay (up to 32 destinations)● Ethernet port security● IPv6 RACL, PACL, and VACL Compliance● iSCSI type-length-value (TLV)

Compliance

High availability - In-Service Software Upgrade (ISSU) for Layer 2

● Hot-swappable field-replaceable power supplies and fan modules● N+1 and N+N power redundancy● N+1 fan module redundancy

Compliance

Control● Switch management using 10/100/1000-Mbps management or console ports● CLI-based console to provide detailed out-of-band management● In-band switch management● Port-based locator and beacon LEDs● Configuration synchronization● Configuration rollback● Secure Shell Version 2 (SSHv2)● Telnet● Authentication, authorization, and accounting (AAA)● AAA with RBAC● RADIUS● TACACS+● Syslog (8 servers)● Embedded packet analyzer● SNMPv1, v2, and v3 (IPv4 and IPv6)● Enhanced SNMP MIB support● XML (NETCONF) support● Remote monitoring (RMON)● Advanced Encryption Standard (AES) for management traffic● Unified username and passwords across CLI and SNMP● Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)● Digital certificates for management between switch and RADIUS server● Cisco Discovery Protocol Versions 1 and 2● RBAC● SPAN on physical, PortChannel and VLAN● ERSPAN

Compliance






● Ingress and egress packet counters per interface● Network Time Protocol (NTP)● Cisco Generic Online Diagnostics (GOLD)● Comprehensive bootup diagnostic tests● Cisco Embedded Event Manager (EEM)● Cisco Call Home● Cisco Smart Call Home● Default Interface● Cisco Fabric Manager● Cisco Prime DCNM● CiscoWorks LAN Management Solution (LMS)Support of data center bridging-CEE- and IEEE-compliant PFC (per-priority Pause frame support: IEEE 802.1Qbb)● PFC link distance support: 20 km● CEE-compliant DCBX Protocol● CEE- and IEEE-compliant enhanced transmission selection

Compliance

FCoE function● T11 standards-compliant FCoE (Fiber Channel-BB-5)● T11 FCoE Initialization Protocol (FIP) (Fiber Channel-BB-5)● Any 10 or 40 Gigabit Ethernet port configurable as FCoE● SAN administration separate from LAN administration● Fiber Channel forwarding (FCF)● Fiber Channel enhanced port types: VE, VF and VNP● Direct attachment of FCoE targets● Fabric Device Management Interface (FDMI)● Fiber Channel ID (FCID) persistence● Distributed device alias services● In-order delivery● Port tracking● Cisco FCoE NPV technology● N-port identifier virtualization (NPIV)● Fabric services: Name server, registered state change notification (RSCN), login services, and name-server zoning● Per-VSAN fabric services● Cisco Fabric Services● Distributed device alias services● Host-to-switch and switch-to-switch Fiber Channel-SP authentication● Fabric Shortest Path First (FSPF)● Standard zoning● Enhanced zoning● Cisco Fabric Analyzer● Cisco DCNM-SAN● Storage Management Initiative Specification (SMI-S)● Boot from SAN over vPC and Enhanced vPC (EvPC)● FCP● VSAN trunking● Fabric Device Management Interface (FDMI)● Fiber Channel ID (FCID) persistence● Distributed device alias services● In-order delivery● Port tracking● Cisco NPV technology● Fabric binding for Fiber Channel● Port security● Fiber Channel traceroute● Fiber Channel ping● Fiber Channel debugging

Compliance

Support of reconciled mib● SNMPv2-SMI● CISCO-SMI● SNMPv2-TM● SNMPv2-TC● IANA-ADDRESS-FAMILY-NUMBERS-MIB

Compliance






● IANA if Type-MIB● IANA ip route protocol-MIB● HCNUM-TC● CISCO-TC● SNMPv2-MIB● SNMP-COMMUNITY-MIB● SNMP-FRAMEWORK-MIB● SNMP-NOTIFICATION-MIB● SNMP-TARGET-MIB● SNMP-USER-BASED-SM-MIB● SNMP-VIEW-BASED-ACM-MIB● CISCO-SNMP-VACM-EXT-MIB● UDP-MIB● TCP-MIB● OSPF-MIB● BGP4-MIB● CISCO-HSRP-MIB● CISCO-VLAN-MEMBERSHIP-MIB● CISCO-Virtual-Interface-MIB● CISCO-VTP-MIB● CISCO-VLAN-MEMBERSHIP-MIB● CISCO-Virtual-Interface-MIB● CISCO-VTP-MIB● ENTITY-MIB● IF-MIB● CISCO-ENTITY-EXT-MIB● CISCO-ENTITY-FRU-CONTROL-MIB● CISCO-ENTITY-SENSOR-MIB● CISCO-FLASH-MIB● CISCO-SYSTEM-MIB● CISCO-SYSTEM-EXT-MIB● CISCO-IP-IF-MIB● CISCO-IF-EXTENSION-MIB● CISCO-SERVER-INTERFACE-MIB● CISCO-NTP-MIB● CISCO-IMAGE-MIB● CISCO-IMAGE-CHECK-MIB● CISCO-IMAGE-UPGRADE-MIB● CISCO-CONFIG-COPY-MIB● CISCO-ENTITY-VENDORTYPE-OID-MIB● CISCO-BRIDGE-MIB● DIFFSERV-DSCP-TC● NOTIFICATION-LOG-MIB● DIFFSERV-MIB● CISCO-CALLHOME-MIB● CISCO-SYSLOG-EXT-MIB● CISCO-PROCESS-MIB● RMON-MIB● CISCO-RMON-CONFIG-MIB● CISCO-HC-ALARM-MIB● LLDP-MIB● CISCO-AAA-SERVER-MIB● CISCO-AAA-SERVER-EXT-MIB● CISCO-COMMON-ROLES-MIB● CISCO-COMMON-MGMT-MIB● CISCO-RADIUS-MIB● CISCO-SECURE-SHELL-MIB● TCP/IP MIBs● INET-ADDRESS-MIB● TCP-MIB● CISCO-TCP-MIB● UDP-MIB● IP-MIB● CISCO-IP-PROTOCOL-FILTER-MIB






● CISCO-DNS-CLIENT-MIB● CISCO-PORTSECURITY-MIB● START-MIB● CISCO-LICENSE-MGR-MIB● CISCO-FEATURE-CONTROL-MIB● CISCO-CDP-MIB● CISCO-RF-MIB● CISCO-ETHERNET-FABRIC-EXTENDER-MIB● CISCO-BRIDGE-MIB● CISCO-FCOE-MIB● CISCO-PORTCHANNEL-MIB● CISCO-ZS-MIB

Standards Supported● IEEE 802.1D: Spanning Tree Protocol● IEEE 802.1p: CoS prioritization● IEEE 802.1Q: VLAN tagging● IEEE 802.1Qaz: Enhanced transmission selection● IEEE 802.1Qbb: Per-priority Pause● IEEE 802.1s: Multiple VLAN instances of Spanning Tree Protocol● IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol● IEEE 802.3: Ethernet● IEEE 802.3ad: LACP with fast timers● IEEE 802.3ae: 10 Gigabit Ethernet● IEEE 802.3ba: 40 Gigabit Ethernet (Applies to 40G SR4, SR4-S, LR4, LR4-S, and CSR4 optics only)● SFF 8431 SFP+ CX1 support● RMON

Maximum peak power No more than 1100WThe direction of the air blowing Front-to-back (fan-side

intake) airflow power supplyBack-to-front (port-side intake) airflow power supply

Operating Temperature range 0-40СSecurity compliance● UL 60950-1 Second Edition● CAN/CSA-C22.2 No. 60950-1 Second Edition● EN 60950-1 Second Edition● IEC 60950-1 Second Edition● AS/NZS 60950-1● GB4943● 47CFR Part 15 (CFR 47) Class A● AS/NZS CISPR22 Class A● CISPR22 Class A● EN55022 Class A● ICES003 Class A● VCCI Class A● EN61000-3-2● EN61000-3-3● KN22 Class A● CNS13438 Class A● EN55024● CISPR24● EN300386● KN 61000-4 series

Compliance

34.7 Requirements to AC/DC SAN switches.Requirements to the system architectureFiber Channel ports At least 48 ports






(Universal E, F, M, D, EX)

compatibility8/8 SAN Switch8/24 SAN Switch1606 Extension SAN SwitchSN4000B SAN Extension SwitchSN8000B 8-Slot SAN Backbone DirectorSN8000B 4-Slot SAN DirectorSN6500B Fiber Channel SwitchSN6000B Fiber Channel SwitchSN3000B Fiber Channel SwitchBrocade 8Gb SAN Switch for HPE BladeSystem c-ClassBrocade 16Gb SAN Switch for HPE BladeSystem c-Class

PerformanceAuto-sensing of 4, 8, and 16 Gbps port speeds; 10 Gbps and optionally programmable to fixed port speedISL trunkingFrame-based trunking with up to eight 16 Gbps ports per ISL trunk; up to 128 Gbps per ISL trunk. Exchange-based load balancing across ISLs with DPS included in Fabric OS. There is no limit to how many trunk groups can be configured in the switch.aggregation band (bandwidth aggregation) No less than 768 gb/sFabric delayLatency for locally switched ports is 700 ns; encryption/compression is 5.5 sec per node; Forward Error Correction (FEC) adds 400 ns between E_Ports (enabled by default).Maximum frame size 2112-byte payloadClasses of service Class 2, Class 3, Class F

(inter-switch frames)Port typesD_Port (Diagnostic Port), E_Port, EX_Port, F_Port, M_Port (Mirror Port); self-discovery based on switch type (U_Port); optional port type controlAccess Gateway mode: F_Port and NPIV-enabled N_Port

Compliance

Data traffic types Fabric switches supporting unicast

Media typesHot-pluggable, B-Series Branded Small Form Factor Pluggable (SFP), LC connector; Short-Wave Laser (SWL), Long-Wave Laser (LWL); distance depends on fiber-optic cable and port speed. Supports SFP+ (16/10/8 Gbit/sec) optical transceivers.

Compliance

USBOne USB port for system log file downloads or firmware upgrades

Compliance

Fabric services

Advanced Performance Monitoring (APM) (including Top Talkers for E_Ports, F_Ports, and Fabric mode); Adaptive Networking (Ingress Rate Limiting, Traffic Isolation, QoS); Bottleneck Detection; Advanced Zoning (default zoning, port/WWN zoning, broadcast zoning); Dynamic Fabric Provisioning (DFP); Dynamic Path Selection (DPS); Extended Fabrics; Enhanced BB credit recovery; Fabric Watch; FDMI; Frame Redirection; Frame-based Trunking; FSPF; Integrated Routing; IPoFC; ISL Trunking; Management Server; NPIV; NTP v3; Port Fencing; Registered State Change Notification (RSCN); Reliable Commit Service (RCS); Server Application Optimization (SAO); Simple Name Server (SNS); Virtual Fabrics (Logical Switch, Logical Fabric)

Compliance

SecurityAES-GCM-256 encryption on ISLs; DH-CHAP (between switches and end devices), FCAP switch authentication; FIPS 140-2 L2-compliant, HTTPS, IPsec, IP filtering, LDAP with IPv6, Port Binding, RADIUS, User-defined Role-Based Access Control (RBAC), Secure Copy (SCP), Secure RPC, SFTP, SSH v2, SSL, Switch Binding, Trusted Switch.

Compliance






ExpansionFiber Channel, in-flight compression and encryption (AES-GCM-256); integrated 10 Gbps Fiber Channel for DWDM MAN connectivity

Compliance

ControlHTTP, SNMP v1/v3 (FE MIB, FC Management MIB), SSH; Auditing, Syslog; Advanced Web Tools, APM, Fabric Watch; SAN Network Advisor Enterprise or SAN Network Advisor Professional/Professional Plus; Command Line Interface (CLI); SMI-S compliant; Administrative Domains; trial licenses for add-on capabilities10/100 Mbps Ethernet (RJ-45), in-band over Fiber Channel, serial port (RJ-45), and one USB port

Compliance

DiagnosticsD_Port offline diagnostics, including electrical/ optical loopback, link traffic/latency/distance; POST and embedded online/offline diagnostics, including environmental monitoring, FCping and Pathinfo (FC traceroute), frame viewer, non-disruptive daemon restart port mirroring (SPAN port), optics health monitoring, power monitoring, RAStrace logging, and Rolling Reboot Detection (RRD)

Compliance

Physical dimensions Width 438 mmHeight 43 mmDepth 443 mm

Weight No more than 10 kgOperating temperature regime 0-40СPower supplies, redundant, hot-swappable AC 240V Consumption

Current no more than 2.5 AThe total power consumption no more than 200 Watts

35. The qualification and managing work requirements.

35.1 Contractor engages into the project and in installation and commissioning activities specialists having the following qualifications:

a university graduation diploma with major in natural sciences, IT, and telecommunications; having valid certificates Cisco Juniper VmWare Netapp of the EXPERT level; Portfolio of work performed, including contact persons or references on the quality of work performed.

35.2 Contractor should provide copies of all documents certifying qualifications, education and professional experience.35.3 Contractor cannot change engineer responsible for design without consent of the Customer.35.4 The Customer has the right to request removing any Contractor employee (engineer, designer) during project execution without giving any reasons.35.5 Contractor replace experts so that the change does not affect the timing of performance of the contract.35.6 Contractor should provide a report on the progress of work at least once a week.35.7 Meetings to discuss the work progress are carried out at least once a month. The date of the meeting of the Parties should be agreed no later than 10 calendar days before the meeting date through exchanging e-mails between the contact persons of the Parties to the Contract35.8 Contractor should generate minutes of meetings and registry of e-mails relevant to the performance of the contract; at the end of performance of the contract the registry should be delivered to the Customer.35.9 Contractor should provide personnel having appropriate competence and experience to engage into and manage logistic operations.35.10. Contractor should ensure that all matters dealing with handling imported materials and equipment are attended by qualified employees having information regarding the requirements and regulations of the existing norms and customs legislation in the country where the work is carried out.






36. Requirements to set out warranty obligations.

The warranty term should be equal to 4 years from the moment of signing the certificate confirming the performance of the entire system. Contractor should provide cost estimates on the guarantee service separately for each of maintenance support year. The Customer is considering the possibility of paying guaranteed support for each year; in case the payment is not made the warranty support can be deemed withdrawn without any claims on the part of Contractor.

The scope of guarantee support should include the following:- Replacing faulty and equipment coming out of commission on emergency reasons, including all costs of

shipping the equipment to the Customer at the place of installation;- Replacing faulty and equipment coming out of commission on emergency reasons including all costs of

shipping the equipment to the warehouse of the Customer in Kropotkin;- Replacing faulty and equipment coming out of commission on emergency reasons including all costs of

shipping the equipment to the warehouse of the Customer at Marine Terminal;- Carrying out diagnostic procedures, gathering and analyzing analytical and debugging information during

troubleshooting operations at CPC sites with network to be upgraded- Opening tickets on eliminating defects with the manufacturer and informing the Customer about these

initiatives- Prompt coordination of the configuration changes on the Customer request- Analysis of applicability of upgraded software and upgrades of the software for the network to be made at

retrofitted sections of the network equipment at least twice a year- Carrying out the analysis of vulnerability of network software and issuing recommendations on software

updates- Making network testing procedures during updating the software and eliminating the faults identified- Providing customers with access to the manufacturers’ websites to get detail on technological

information, on software updates, and licenseThe response time to queries should be no longer than 2 hours 24/7. Requests for opening tickets cases

should be delivered by phone, e-mail or via Internet portal.The time to diagnose the problem, the development of response measures to recover operability of the

system should be no longer than 6 hours following the time the ticket is open.Time to replace faulty equipment should be no longer than 24 hours 24/7 following time the ticket is open.The remote access to the network is not granted.

37. Insurance.

37.1 Without any limitation of liability Contractor will issue exclusively at its own expense with insurance companies to be agreed with the Customer to the following types of insurance coverage as well as other types of insurances required (mandatory) in accordance with the applicable law.37.1.1 All types of social insurance under the law applicable to Contractor including the laws of the State at the territory of which Contractor employees are doing the work.37.1.2 Liability insurance to third parties for bodily injury and harm to health and/or property covering the activities of Contractor in specified scope of work. The limit of liability on such insurance amounts to no less than 1,000,000 (one million US dollars) for each and every insurance event.37.1.3 In case Contractor is using vehicles of to execute works and provide services, in addition to the compulsory liability of owners of vehicles as required by applicable law, Contractor should additionally execute a contract on liability insurance of vehicle owners in the amount of no less than 1,000,000 (one million US dollars) for each and every insurance event.

38. Requirements to format the technical proposal of the tender.

38.1 Contractor should provide a complete and sufficient information for evaluating technical proposals in accordance with requirements of all sections of these Terms of Reference.38.2 The tenderer participant should organize implementing requirements of Section 16.2 in the case manufacturers did not undergo conceptual tests.38.3 The description of the technical proposals should include the following:

- 38.3.1 Commercial offers for each type of work specified in the table given in Section 4.3 to be made in accordance with requirements to provide calculation of project survey and cost estimate outlined in






Section 7 and taking into account all above requirements to each type of work as given in relevant sections of these Terms of Reference

- 38.3.2 Technical specifications for each type of proposed communication equipment in accordance with technical specifications for telecommunication equipment given in Section 34

- 38.3.3 A brief description of model proposed (architecture) to implement solutions and concepts to retrofit the network accounting for equipment proposed and requirements set out in Sections 21,22,23,24,25,26,27,28,29,30,31,32 of these Terms of Reference

- 38.3.4 Copies of certificates of conformity on telecommunication issued by Rossvyaz for each type of telecommunication equipment, or warranty to obtain these certificates for the equipment proposed by the time of approval of detail design documentation

- 38.3.5 Determination of the costs incurred by supply of regeneration equipment, its configuration, testing, commissioning and implementation of warranty obligations for 4 years to deploy two regeneration sections in 10Gigabit Ethernet network with taking into account the requirements of Section 18 of these Terms of Reference. This information should bit be duplicated in the proposals referred to in Item 38.3.1. In the case the wavelength-division multiplexing (DWDM) gets commissioned the scope of work on deploying 10 Gigabit Ethernet backbone infrastructure will be taken out of the scope of work of Contractor

- 38.3.6 Copies of diplomas, certificates and licenses of key engineers in disciplines of virtualization, storage networks, data transmission networks who will participate in implementing the project against these Terms of Reference in line with requirements set forth in Section 35 of the ToR

- 38.3.7 The cost on guarantee support of engineering solutions for 4 years to meet requirements of Section 36 of the Terms of Reference.