# A5 — Network Architecture

**Project:** SMC MRT-7 FDAS+ACS Integration
**Date:** 2026-04-29
**Source:** ANNEX_B (6 A1 sheets — Overall Network Architecture); pre-bid network concept slides 8-10, 14-16, 19-22; TOR §4.7; Resp. Matrix; ANNEX_C1 §1124.2.8 (L2 switch w/ SFP).

---

## Topology overview

The MRT-7 FDAS + ACS integration network has three logical layers:

1. **Station-edge layer** (12 stations) — at each station, the per-station-respective contractor installs:
   - Notifier NFS2-3030 FACP (FDAS panel) on station-internal SLC loop
   - Suprema CoreStation CS-40 (ACS controller) on station-internal door network
   - L2 Network Switch (24× Ethernet + 4 SFP)
   - These connect to ROTEM's Communication Network (IP-MPLS) backbone at the station
   - **Our scope at each station: one FDAS Network Gateway (Notifier ONYXWorks NCM-W or equivalent) + one ACS Gateway / Media Converter** that bridges the panel-end protocols (EIA-485 SLC for FDAS; native Ethernet for ACS) to the station L2 switch's IP uplink.
   - 24 gateways total (12 stations × 2 systems).

2. **Backbone layer** — REC's IP-MPLS network over Fiber-Optic Cable (provided by REC main contractor) connects all 12 stations to the Depot Admin Building's CER L2 switch.
   - Our scope: connect our OCC + FCCR head-end L2 switches to REC's CER L2 switch via single-mode FOC patches (TOR §4.7).
   - Excluded: REC's IP-MPLS provisioning, station L2 switches, FOC trunk.

3. **Depot-side integration layer**:
   - **Phase 1 head-end (OCC, Operation Control Center)** — FDAS + ACS workstations + servers + L2 switches monitor all 12 stations + integrate with depot buildings.
   - **Phase 2 head-end (FCCR, Fire Command Center Room)** — FDAS + ACS workstations + servers + L2 switches dedicated to depot-compound monitoring.
   - **Inter-building cabling (our Phase 2 scope)** — single-mode FOC OS2 24-core trunk + STP Cat6A from FCCR/OCC to ~5 depot buildings hosting integration gateways. Underground conduit by Civil Contractor (TOR §9.1); we pull cables.

## Architecture diagram (mermaid)

```mermaid
flowchart TB
  subgraph "12 Stations (Stations 1-12; per-station contractor scope)"
    direction TB
    S_FACP["Station FACP\n(Notifier NFS2-3030)"]
    S_CS40["Station Suprema CS-40"]
    S_L2["Station L2 Switch\n(24×Eth + 4×SFP, per-station-contractor)"]
    S_FACP -->|EIA-485 SLC| OUR_FDAS_GW
    S_CS40 -->|Ethernet TLS 1.2| OUR_ACS_GW
    OUR_FDAS_GW["FDAS Gateway\n(Notifier NCM-W)\n*OUR SCOPE*"] --> S_L2
    OUR_ACS_GW["ACS Gateway\n(Media converter)\n*OUR SCOPE*"] --> S_L2
  end

  S_L2 -->|FOC by REC| REC_BACKBONE

  subgraph "REC IP-MPLS Backbone (ROTEM-EEI Consortium)"
    REC_BACKBONE["IP-MPLS over\nFiber Optic Cable\n*EXCLUDED — by REC*"]
  end

  REC_BACKBONE -->|FOC by REC| CER_L2

  subgraph "Depot Admin Building"
    CER_L2["CER L2 Switch\n*EXCLUDED — by REC*\n(per TOR §4.7)"]
    CER_L2 -->|"OUR FOC patch\n(single-mode LC)"| OUR_FDAS_OCC
    CER_L2 -->|"OUR FOC patch"| OUR_ACS_OCC
    CER_L2 -->|"OUR FOC patch"| OUR_FDAS_FCCR
    CER_L2 -->|"OUR FOC patch"| OUR_ACS_FCCR

    subgraph "OCC (Operation Control Center)"
      OUR_FDAS_OCC["FDAS L2 Switch @ OCC\n(industrial UL 508)"]
      OUR_FDAS_OCC --> FDAS_OCC_WS["FDAS Workstation +\nServer + UPS\n(Notifier OnyxWorks)"]
      OUR_ACS_OCC["ACS L2 Switch @ OCC"]
      OUR_ACS_OCC --> ACS_OCC_WS["ACS Workstation +\nServer + UPS\n(Suprema BioStar 2)"]
    end

    subgraph "FCCR (Fire Command Center Room)"
      OUR_FDAS_FCCR["FDAS L2 Switch @ FCCR"]
      OUR_FDAS_FCCR --> FDAS_FCCR_WS["FDAS Workstation +\nServer + UPS"]
      OUR_ACS_FCCR["ACS L2 Switch @ FCCR"]
      OUR_ACS_FCCR --> ACS_FCCR_WS["ACS Workstation +\nServer + UPS"]
    end
  end

  subgraph "Depot Buildings (Phase 2 — ~5 integration points)"
    DEP_BLDG["Depot Building\n(Civil-Contractor-installed FACP +\nSuprema CS-40)"]
    DEP_GW["Depot Gateway\n*OUR SCOPE*"]
    DEP_BLDG --> DEP_GW
  end

  OUR_FDAS_FCCR -->|"OUR FOC + STP\n(inter-building, through Civil-built ductbank)"| DEP_GW
  OUR_ACS_FCCR -->|"OUR FOC + STP"| DEP_GW

  classDef ours fill:#cfc,stroke:#080,stroke-width:2px
  classDef excluded fill:#fcc,stroke:#800,stroke-width:1px,stroke-dasharray:5
  class OUR_FDAS_GW,OUR_ACS_GW,OUR_FDAS_OCC,OUR_ACS_OCC,FDAS_OCC_WS,ACS_OCC_WS,OUR_FDAS_FCCR,OUR_ACS_FCCR,FDAS_FCCR_WS,ACS_FCCR_WS,DEP_GW ours
  class S_FACP,S_CS40,S_L2,REC_BACKBONE,CER_L2,DEP_BLDG excluded
```

## Switch inventory

| Switch ID | Location | Brand class | Port count | SFP slots | Owner | Purpose |
|-----------|----------|-------------|-----------|-----------|-------|---------|
| OCC-FDAS-L2 | OCC, Depot Admin | Hirschmann/Moxa/Phoenix industrial UL 508 | 24× 10/100/1000 | 4 | OUR | FDAS workstation + server + uplink to CER + future expansion |
| OCC-ACS-L2 | OCC | same class | 24 | 4 | OUR | ACS workstation + server + badge + uplink |
| FCCR-FDAS-L2 | FCCR, Depot Admin | same | 24 | 4 | OUR | FDAS at FCCR (depot-compound monitoring) |
| FCCR-ACS-L2 | FCCR | same | 24 | 4 | OUR | ACS at FCCR |
| CER-L2 | CER, Depot Admin | (REC supplied) | 24 + 4 | — | REC | Backbone aggregation; we interface per TOR §4.7 |
| Station L2 (×12) | per station | (per-station contractor) | 24 + 4 | — | per-station-contractor | Station-side aggregation; we interface via station gateway |

## VLAN allocation (proposed; pending Q-007 + Q-021 confirmation)

| VLAN | Purpose | Coverage | Notes |
|------|---------|----------|-------|
| 10 | FDAS data | All FDAS gateways (12 stations + 5 depot) → OCC + FCCR | OnyxWorks server traffic |
| 20 | ACS data | All ACS gateways → OCC + FCCR | BioStar 2 server traffic + TLS 1.2 |
| 30 | Mgmt | All L2 switches + UPS SNMP | Network management |
| 40 | Spare | Future expansion | — |

## IP plan (proposed; refined at Q-007 + Q-021 closure)

- **Subnet for FDAS gateways:** 10.x.10.0/24 (32 hosts: 12 station + ~5 depot + 4 head-end + spare)
- **Subnet for ACS gateways:** 10.x.20.0/24
- **Subnet for OCC + FCCR head-end servers:** 10.x.30.0/24
- **Default gateway:** REC-supplied gateway IP at CER (TBD)
- **DNS / NTP:** REC-supplied or customer-IT-supplied (TBD)
- **Firewall:** customer IT (assume isolated FDAS+ACS VLANs with single uplink to customer LAN; rule set per Q-007)

## Security considerations

- **TLS 1.2** between Suprema BioStar 2 server and CS-40 controllers (per ANNEX_D2)
- **OnyxWorks** uses Notifier proprietary network protocol over the high-speed ONYX network (up to 200 NFS2-3030 nodes per ANNEX_D1)
- **No internet access** from FDAS or ACS VLANs (isolated by customer firewall)
- **No China-made equipment** (TOR §8.10)

## Open architecture items (Q-### closure)

- Q-007 — IP-MPLS protocol details (BACnet/IP, SNMP, proprietary?) — affects gateway sizing + license
- Q-021 — REC's CER L2 switch make/model/IP/VLAN/port spec
- Q-024 — DOTr touchpoints in network (any DOTr-facing read-only views?)

## Notes

- ANNEX_B 6 A1 sheets contain detailed view of the network topology; this A5 captures the high-level structure derivable from pre-bid concept + TOR + Resp. Matrix. Detailed VLAN/IP plan to be developed jointly with REC + customer IT during ICD phase (TOR §4.6).
- Mermaid diagram is the "best-of" agent-driven visualization per Phase 5a Step 5 (visualization sub-routine). Customer-friendly version in Phase 10 customer-facing PPTX.