Layer 3 Public IP Service (L3PIP) | Layer 3 VPN Core Connection Service | Voice Service | Custom-Engineered Service | Lab Service | Training | DTSNet Access (to include OPost)
The DTSPO L3VPN service provides "any-to-any" IP connectivity between customer-subscribed locations. The DTSPO L3VPN service is based on industry standard Multi-Protocol Label Switched Virtual Private Network (MPLS-VPN) technology, and includes Class-of-Service (CoS) attributes. It isolates and protects each customer's traffic by not routing between VPNs and including commercial encryption (AES-256). L3VPN supports IP voice, video or data topologies.
Location
Customers designate a location for each L3VPN service. Customers may achieve end-to-end service by ordering L3VPN service at multiple locations.
Speed
Standard L3VPN service is available with speeds ranging from 100 kbps to 70 Mbps. Any requests for bandwidth speed above 70 Mbps, or requests for asymmetrical bandwidth are considered Custom-Engineered Services.
Path Type
Each path type has unique cost and performance characteristics.
¨ Terrestrial - Provides lower latency and supports Real Time, Premium and Bulk traffic.
¨ Satellite - Has higher latency than terrestrial and supports Real Time, Premium and Bulk.
¨ Internet - Latency and performance guarantees are not provided by the vendor; only Best Effort CoS is supported.
VPN
DTSPO has pre-allocated up to five (5) VPN assignments for each customer. Customers may elect to order multiple services at a single Post, each with a unique VPN assignment. The DTS Network does not support routing between multiple VPNs for one customer.
IP Space
DTSPO will assign a /29 IPv4 subnet to interface between DTSPO and customer equipment at each service location. Customers will be allocated two usable addresses within this /29 subnet. Requests for DTSPO provided subnets other than /29 is a Custom-Engineered Service. Any customer requirements that require IPv6 addressing are Custom-Engineered Services. Customers also have the option to utilize alternative address space.
Attachment Type
¨ Single Switch Attached - one Ethernet connection per VPN
¨ Dual Switch Attached - two Ethernet connections per VPN
¨ Single Switch Trunked - one Ethernet connection, dot1Q trunked to support transport of multiple customer VPNs
¨ Dual Switch Trunked - two Ethernet connections, dot1Q trunked to support transport of multiple customer VPNs
Interface Type
¨ Ethernet 10 Mbps / Half Duplex (10/H)
¨ Ethernet 10 Mbps/ Full Duplex (10/F)
¨ Ethernet 100 Mbps / Half Duplex (100/H)
¨ Ethernet 100 Mbps / Full Duplex (100/F)
Routing
The default routing option is "direct." With this routing option, DTSPO will deliver traffic with a destination address in a directly connected network.
Class of Service (CoS)
CoS allows customers to differentiate their traffic into multiple classes. If customers do not select CoS, DTSPO provisions Premium class, regardless of customer packet markings. If a customer orders CoS, they must provide a speed associated with each class and must mark their packets according to the DTS standards. Class types are: Real Time, Premium, Bulk and Best Effort.
Transport Redundancy
Transport redundancy allows the purchase of equivalent bandwidth for use over a second transport in the event the primary transport fails. The redundant transport is only used when the primary transport is unavailable. Terrestrial, Satellite, and Internet may be used as redundant transports.
L3 Public IP Service is a basic transport service with Class of Service. It does not interoperate with L3VPN service. With L3PIP, DTSPO does not provide VPN isolation or encryption of customer data. Availability of L3PIP is dependent upon the equipment and transport types at Post. However, locations with one customer and no DTSPO equipment may have the option to connect directly to a DTS carrier for L3PIP service.
Location, Speed, Class of Service, and Transport Redundancy
Location, Speed, Class of Service, and Transport Redundancy attributes are the same as for L3VPN.
Path Type
Only Terrestrial and Satellite options are available.
IP Space
Customers must select a private (RFC 1918) IP address space from blocks of IP space predetermined by DTSPO. A customer may select up to five /19 blocks, one per service. These assigned IP addresses are required to allow filtering and assigning BGP communities. BGP communities allow DTSPO to assign customer traffic to a particular aggregate. A customer must use either a /28 or /29 subnet per customer connection.
Attachment Type
All connections between customer equipment and DTS equipment must be Ethernet. The default method is a single Ethernet connection via a DTS public switch. Port redundancy and Non-DTS attachment are optional characteristics of Public IP Service.
Routing
Customer routing is an optional PIP service attribute that supports forwarding beyond a customer's DTSPO connection.
¨ Direct routing allows traffic to be delivered only to a destination in a directly connected subnet.
¨ Custom-engineered BGP allows delivery beyond a directly connected network.
The DTSPO L3VPN Core connection service is a special L3VPN service used to deliver a customer VPN at a DTS Core facility. The Core connection service often acts as the exit point from the DTS network for traffic destined for customer Headquarters facilities. Customers are responsible for the transport between their facility and the DTS Core facility. At least one Core connection service is required for each customer VPN utilized. Customers may elect multiple Core connection services to provide diversity or performance optimization.
Location
The service location must be a DTS Core facility. Current options are RRF BIMC, RRF Brandy, RRF Miami, RRF Croughton, RRF Frankfurt, and RRF Opana.
VPN
The core connection VPN must match customer-subscribed VPN assignments. Multiple VPNs may be implemented on a single core connection.
IP Space & Routing
IP Space and Routing attributes are the same as for L3VPN.
Attachment and Interface Type
Several interface and connection options are available when establishing the L3VPN Core connection service.
Voice Service
DTSPO provides voice services to all diplomatic sites that have the appropriate equipment and bandwidth to handle International Voice Gateway (IVG) and Voice Over IP (VoIP) services. Currently, bandwidth for these services is not chargeable and is provided as part of the standard FASTNet infrastructure. A predetermined number of simultaneous calls is permitted based on the bandwidth of the specific DTSPO aggregate that carries the voice services at a particular Post. Voice Service is provided in close cooperation with the Department of State/ Information Resources Management/Operations/Information Technology Infrastructure Directorate (DOS/IRM/OPS/ITI).
Station Directed Tie Line (SDTL) is similar to OPX (Off-Premise Extension). The SDTL is an extension telephone that terminates at a customer's distant-end office from the International Voice Gateway (IVG) PBX in Beltsville. SDTL is generally used to provide customers with access to the DOS IVG Post while outside the DOS network. It is a dedicated voice circuit. Calls to customer's Post office can be made from the (commercial) Public Switch Network by dialing thru Beltsville's IVG PBX (301.985.xxxx). Like the IVG, the SDTL customer from Post can make non-toll calls (local DC Metro, DSN, etc.) and toll calls (long distance calls such as California) with a calling card. There is a limit of 4 SDTLs at each Post.
Any telecommunications transport service that is not listed as a part of this Service Catalog will be treated as a Custom-Engineered Service, and are subject to DTSPO Corporate Board approval.
Lab Service
DTSPO maintains an engineering lab which can simulate any Post or Core equipment within the DTS Network. This lab replicates the transmission characteristics of terrestrial, satellite, and Internet transport. DTSPO customers are invited to test applications in the lab prior to deployment at Post. Use of the laboratory is based upon availability.
Training
DTSPO has a facility staffed by certified instructors to train personnel and customers in the operation and maintenance of Post and Core equipment. DTSPO customers are invited to partake in either classroom or Internet-based training.
DTSNet Access (to include OPost)
Providing access to network performance data ensures a successful inter-agency partnership. Access to DTSNet is available to individuals designated by their Agency/Department either on-site at DTSPO (SA43) or remotely via RSA. Please contact your customer account manager to request access.
