The design of the LAN supporting VVoIP services does not provide for the interconnection of LAN NEs with redundant uplinks following physically diverse paths to physically diverse NEs in the layer above

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19521	VVoIP 5115 (LAN)	SV-21583r1_rule	DCBP-1 ECSC-1	Medium

Description
Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. The UCR in section 5.3.1.7.7.1 Single Product Redundancy states “In the event of a component failure in the network, all calls that are active shall not be disrupted (loss of existing connection requiring redialing) and the path through the network shall be restored within 5 seconds.” While the UCR is discussing hardware redundancy in this section it also discusses connectivity within the LAN as follows: 5.3.1.7.9 Survivability Network survivability refers to the capability of the network to maintain service continuity in the presence of faults within the network. This can be accomplished by recovering quickly from network failures quickly and maintaining the required QoS for existing services. For the ASLAN, survivability needs to be inherent in the design. The following guidelines are provided for the ASLAN: 1. Layer 3 Dynamic Rerouting. The ASLAN products that route (normally the Distribution and Core Layers) shall use routing protocols IAW the DISR to provide survivability. 2. Layer 2 Dynamic Rerouting. • Virtual Router Redundancy Protocol (VRRP) – RFCs 2787 and 3768. VRRP is able to provide redundancy to Layer 2 switches that lose connectivity to a Layer 3 router. The ASLAN shall employ VRRP to provide survivability to any product running Layer 2 (normally the Access Layer). These requirements translate into the need for redundant connections between all connected NEs within the LAN. As such this requires a single access layer or distribution layer NE to have two uplinks to the layer above. Additionally the physical paths these uplinks take should be physically diverse. Additionally, these paths should terminate in physically diverse locations (that is, different NEs in different locations) These measures represent best practices and should be utilized to support all VVUC users but are required for special-C2 and C2 users. The availability and reliability policy excerpts are repeated here in support of this requirement for convenience: From CJCSI 6215.01C Appendix A Enclosure C Based on the GIG MA ICD requirements associated with availability and reliability, the following requirements shall be met by IP based RTS. (a) Availability requirement for equipment/software serving Special C2 users is 0.99999 (b) Availability requirement for equipment/software serving C2 users is 0.99997 (c) Availability requirements for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. From UCR 5.3.1.7.6 Availability LAN [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN has two configurations depending on whether it supports special C2 or C2 users. The ASLAN shall have a hardware availability designed to meet the needs of its subscribers: 1. Special C2. An ASLAN that supports special C2 users is classified a High Availability ASLAN and must meet 99.999 percent availability to include scheduled maintenance. 2. C2. An ASLAN that supports C2 users is classified as a Medium Availability ASLAN and must have 99.997 percent availability to include scheduled maintenance. [Required: Non-ASLAN] The non-ASLAN shall provide an availability of 99.9 percent to include scheduled maintenance. From UCR 5.3.1.7.7 Redundancy [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN shall have no single point of failure that can cause an outage of more than 96 IP telephony subscribers. In order to meet the availability requirements, all switching/routing platforms that offer service to more than 96 telephony subscribers shall provide redundancy in either of two ways: 1. The product itself (Core, Distribution, or Access) provides redundancy internally. 2. A secondary product is added to the ASLAN to provide redundancy to the primary product. See UCR 5.3.1.7.7.1 Single Product Redundancy and 5.3.1.7.7.2 Dual Product Redundancy for details.

Description

Policy sets the minimum requirements for the availability and reliability of VVoIP systems and the supporting LAN with emphasis on C2 communications. The UCR in section 5.3.1.7.7.1 Single Product Redundancy states “In the event of a component failure in the network, all calls that are active shall not be disrupted (loss of existing connection requiring redialing) and the path through the network shall be restored within 5 seconds.” While the UCR is discussing hardware redundancy in this section it also discusses connectivity within the LAN as follows: 5.3.1.7.9 Survivability Network survivability refers to the capability of the network to maintain service continuity in the presence of faults within the network. This can be accomplished by recovering quickly from network failures quickly and maintaining the required QoS for existing services. For the ASLAN, survivability needs to be inherent in the design. The following guidelines are provided for the ASLAN: 1. Layer 3 Dynamic Rerouting. The ASLAN products that route (normally the Distribution and Core Layers) shall use routing protocols IAW the DISR to provide survivability. 2. Layer 2 Dynamic Rerouting. • Virtual Router Redundancy Protocol (VRRP) – RFCs 2787 and 3768. VRRP is able to provide redundancy to Layer 2 switches that lose connectivity to a Layer 3 router. The ASLAN shall employ VRRP to provide survivability to any product running Layer 2 (normally the Access Layer). These requirements translate into the need for redundant connections between all connected NEs within the LAN. As such this requires a single access layer or distribution layer NE to have two uplinks to the layer above. Additionally the physical paths these uplinks take should be physically diverse. Additionally, these paths should terminate in physically diverse locations (that is, different NEs in different locations) These measures represent best practices and should be utilized to support all VVUC users but are required for special-C2 and C2 users. The availability and reliability policy excerpts are repeated here in support of this requirement for convenience: From CJCSI 6215.01C Appendix A Enclosure C Based on the GIG MA ICD requirements associated with availability and reliability, the following requirements shall be met by IP based RTS. (a) Availability requirement for equipment/software serving Special C2 users is 0.99999 (b) Availability requirement for equipment/software serving C2 users is 0.99997 (c) Availability requirements for equipment/software serving C2 users that are authorized to originate Routine ONLY (C2R) and non C2 users is 0.999. From UCR 5.3.1.7.6 Availability LAN [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN has two configurations depending on whether it supports special C2 or C2 users. The ASLAN shall have a hardware availability designed to meet the needs of its subscribers: 1. Special C2. An ASLAN that supports special C2 users is classified a High Availability ASLAN and must meet 99.999 percent availability to include scheduled maintenance. 2. C2. An ASLAN that supports C2 users is classified as a Medium Availability ASLAN and must have 99.997 percent availability to include scheduled maintenance. [Required: Non-ASLAN] The non-ASLAN shall provide an availability of 99.9 percent to include scheduled maintenance. From UCR 5.3.1.7.7 Redundancy [Required: ASLAN – Conditional: Non-ASLAN] The ASLAN shall have no single point of failure that can cause an outage of more than 96 IP telephony subscribers. In order to meet the availability requirements, all switching/routing platforms that offer service to more than 96 telephony subscribers shall provide redundancy in either of two ways: 1. The product itself (Core, Distribution, or Access) provides redundancy internally. 2. A secondary product is added to the ASLAN to provide redundancy to the primary product. See UCR 5.3.1.7.7.1 Single Product Redundancy and 5.3.1.7.7.2 Dual Product Redundancy for details.

STIG	Date
Voice/Video Services Policy STIG	2014-04-07

Details

Check Text ( C-23785r1_chk )
Interview the IAO to confirm compliance with the following requirement: Ensure the LAN supporting VVUC services is designed to interconnect all LAN NEs with redundant uplinks following physically diverse paths to physically diverse NEs in the layer above. Additionally ensure that each uplink is designed to support the full bandwidth handled by the NE and the NE is capable of affecting a failover from one uplink to the other in the event of the failure of one. NOTE: This applies to access layer NEs connected to distribution layer NEs and distribution NEs connected to core layer NEs. Determine if the LAN supports Special-C2 or C2 users. If so, Determine which parts of the LAN support Special-C2 users, which parts support C2 users, and which parts support only C2R and Non-C2/admin users. Inspect the LAN design documentation, and as built schematics and physical cable routing diagrams to determine design compliance.

Check Text ( C-23785r1_chk )

Interview the IAO to confirm compliance with the following requirement:

Ensure the LAN supporting VVUC services is designed to interconnect all LAN NEs with redundant uplinks following physically diverse paths to physically diverse NEs in the layer above. Additionally ensure that each uplink is designed to support the full bandwidth handled by the NE and the NE is capable of affecting a failover from one uplink to the other in the event of the failure of one.
NOTE: This applies to access layer NEs connected to distribution layer NEs and distribution NEs connected to core layer NEs.

Determine if the LAN supports Special-C2 or C2 users. If so, Determine which parts of the LAN support Special-C2 users, which parts support C2 users, and which parts support only C2R and Non-C2/admin users. Inspect the LAN design documentation, and as built schematics and physical cable routing diagrams to determine design compliance.

Fix Text (F-20229r1_fix)
Ensure all LAN NEs supporting VVUC services are interconnected with redundant uplinks following physically diverse paths to physically diverse NEs in the layer above. Additionally ensure that each uplink can support the full bandwidth handled by the NE and the appropriate routing protocol is configured to affect the failover from one uplink to the other in the event of the failure of one. NOTE: This applies to access layer NEs connected to distribution layer NEs and distribution NEs connected to core layer NEs. Run cable, upgrade, or reroute as necessary.

Fix Text (F-20229r1_fix)

Ensure all LAN NEs supporting VVUC services are interconnected with redundant uplinks following physically diverse paths to physically diverse NEs in the layer above. Additionally ensure that each uplink can support the full bandwidth handled by the NE and the appropriate routing protocol is configured to affect the failover from one uplink to the other in the event of the failure of one.
NOTE: This applies to access layer NEs connected to distribution layer NEs and distribution NEs connected to core layer NEs.

Run cable, upgrade, or reroute as necessary.