REQUEST FOR INFORMATION (RFI)
Air Force Life Cycle Management Center (AFLCMC),
Communications System Quick Reaction Capability Branch (HNAA)
THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. This RFI is issued solely for informational, planning and market research purposes only. – it does not constitute a Request for Proposal (RFP), Request For Quotation (RFQ), or Invitation For Bid (IFB), or a promise to issue an RFP, RFQ or IFB in the future. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI. Not responding to this RFI does not preclude participation in any future RFP, RFQ, or IFB.
The Government is not obligated to pay for any information received from potential sources as result of responses to this RFI. All costs associated with responding this RFI will be solely at the interested vendor’s expense. This notice does not constitute a solicitation for bids and proposals, and it not to be construed as a commitment by the Government. The information provided herein is subject to change and in no way binds the Government to solicit for or award a contract. No solicitation regarding this announcement is available. Please be aware that all information submitted in response to this request, whether written, oral, electronic, graphic, or any other medium, may be subject to disclosure upon receipt of a proper Freedom of Information Act (FIOA) request from any person. Responses to the RFI should properly mark and identify any material that is exempt from disclosure under the FOIA, including confidential commercial or financial information or trade secrets. The Government will not pay for any material provided in response to this RFI and submittals will not be returned to the sender.
1.0 Purpose and Scope
The Government is seeking product recommendations on existing modern, commercial off the shelf technology that can perform micro-segmentation to keep sensitive data segregated and contained within a defined Virtual Private Network (VPN). The Government seeks hardware and/or software recommendations that would replace some or all of the existing system. Existing system functionality is described in Section 2.
2.0 Existing Functionality
The current system operates within a Ground Entry Point (GEP) to provide connectivity to the airborne platforms, and a means to connect the platforms into government services. The GEP is set up as the next-hop server in a hub/spoke architecture, and the airborne platforms are configured as spokes that connect over commercial satellite. Connectivity to the commercial SATCOM provider established at the GEP is through an External Border Gateway Protocol (eBGP) session while the aircraft connect through an Access Point Name resolution SwiftBroadband terminal. The airborne platforms utilize Cisco Dynamic Multipoint Virtual Private Network (DMVPN) technology to dynamically register their non-broadcast multiple access addresses with the GEP Cisco 3945 gateway routers. This connectivity provides an on-demand peer-to-peer operational capability reducing the configuration load on the gateway routers and providing secure communications. External BGP peering is obtained over the General Routing Encapsulating tunnel to complete the connection to the airborne platform and exchange routes. Multiple network interface modules are embedded within the 3900 router chassis to provide layer-two connectivity between the infrastructures. All the routers are laid out with a router-on-a-stick configuration.
The Wide Area Network (WAN) switch, which resides in the gateway routers (Slot 1), provides commercial SATCOM circuit connectivity, which the WAN router (ASR 1002-X) uses to establish an eBGP session to the commercial providers. An instance of Open Shortest Path First (OSPF) runs on the WAN routers to pass routes from BGP into the black core OSPF instance. The WAN switch also services the gateway router, which provides connectivity to the airborne platforms with DMVPN, provides interconnectivity to redistribute black core routes to the inner core with OSPF, and connectivity to the WAN side of the Riverbed Steelhead accelerators. The Local Area Network (LAN) switch also resides in the gateway router (Slot 2). This device connects to the LAN side of the Riverbed Steelhead accelerator, links to the PT core routers running OSPF, the trust side of the firewall, and servers running a virtual instance of Linux for authentication and windows 2012 for mIRC validation. The border switches are housed in the border routers, which interconnect the un-trust side of the firewall to the border routers. The border router peers with the firewall through OSPF to import trusted internal routes and is redistributed into an eBGP session to external government. One portion of the system uses Iridium narrowband to connect into the government DSN infrastructure. This portion utilizes embedded cards housed within a 3900 router chassis. SCIP encryption is applied over this Iridium service and provides a secure mIRC capability.
The firewalls maintain the boundary between the airborne platform trust zone and government services as the untrusted zone. These devices do not perform VPN termination but instead are used in a stateful firewall configuration providing layer four filtering for ports and protocols only.
The Riverbed Steelhead devices are a functional part of the system and cannot be replaced with another vendor, as that would be a change to the airborne platform.
The products proposed will act in a manner that fits the current functional requirements of the system. In addition, the current system has the following capabilities which must continue to be met: multipath resiliency using open standard dynamic routing protocols, redundant physical paths through switch fabric architecture, integrated fault tolerance providing operational availability, and secure communications through both open standard site-to-site VPN technology and Cisco proprietary DMVPN on-demand hub/spoke architecture to maintain aircraft-to-ground interoperability. The current system ensures a high level of availability by having a high level of redundancy built into the design which needs to be maintained, either physically or logically, moving forward.
It is essential to understand that the specific technology and concepts called out are required to maintain system functionality.
3.0 Submission Requirements
The Government requests that interested U.S. vendors provide the following product recommendation information in contractor format NO LATER THAN 13 November 2020 at 1600 EST via e-mail to the following: Contact Specialist, Adam Walker, firstname.lastname@example.org; and Contracting Officer, Jennifer Lau, email@example.com. Target date for submittal of questions is 8 October 2020 at 1400 EST. Questions received after the target date may not be answered or posted.
A. Statement of Interest (SOI) Describe alternate hardware and software recommendations based on current infrastructure functionality with available technologies that could be utilized, to include the following product-specific information
- Space requirements of any proposed hardware
- Nominal power requirements
- Performance parameters
- Hardware and software failover capability (if applicable to any proposed hardware or software)
- Hardware and software resiliency
- Required communications infrastructure to provide a capability for 40 Gbps interconnect on the core network and minimum 10 Gbps switch-to-switch connectivity. The switch interfaces will allow connectivity to host copper or fiber 1 Gbps or 100 Mbps small form-factor pluggable transceivers
- Ability to increase and decrease capacity/storage on demand as customers authenticate into the system (if applicable to any proposed hardware/software)
- Performance metrics monitoring capability embedded within the component(s) (if applicable)
- Interoperability between interconnecting solutions (if applicable to proposed interconnection equipment)
- FIPS 140-2 cryptographic capability and able to validate cryptographic module using NIST Cryptographic Module Validation Program
- PKI & 2-factor authentication capability
- NIAP product compliance
- Common Criteria Certification and/or DISA APLIST
- Acquisition of hardware, software, licensing, and support
- Product support and implementation
- Any end of life/end of support information related to recommended hardware and/or software
- Recommended product training and/or certifications associated with using proposed hardware and/or software
- Training and/or manual information for recommend hardware and/or software
- Technical support available for recommended products
- Required training for contractor administrators, ease of administration
- Lead time to deliver equipment
- Testing reports or documentation associated with recommended hardware and/or software
B. Company Information
- Identify company contact information
- Commercial and Government Entity (CAGE) Code
- Size of business pursuant to North American Industry Classification System (NAICS) Code 334210
- Small business status (if any)
- Identify any Indefinite Delivery Indefinite Quantity (IDIQ) vehicles the company holds with the Government
Responses to this RFI may be reviewed by military personnel, Government civilians, DoD contractors, Engineering and Professional Administrative Support Services (EPASS) and MITRE system engineers; all of whom are under non-disclosure agreements. The MITRE Corporation is a Federally Funded Research and Development Center (FFRDC) and, as such, fulfills an unbiased, non-profit role for the Government. The responses may be forwarded to other Government entities in consideration for applicability to other programs.
Please note that some email systems may block file types such as .zip or other macro-enabled extensions; respondents should verify receipt by email.
Primary Point of Contact:
Jennifer Lau, USAF Adam Walker, USAF
Contracting Officer Contract Specialist
AFMC AFLCMC/HNAK AFMC AFLCMC/HN AK
Phone: (781) 225-4889 Phone: (781) 225-4286
E-mail: firstname.lastname@example.org Email: email@example.com