# A5 — Network Architecture

**Project:** Kingsford Hotel Bacolod — BMS Rehabilitation (A/B run)
**Date:** 2026-04-28
**Status:** draft v1
**Sources:** A4 panel schedule (`A4-panel-schedule.yaml`), assumptions A-003 / A-011

## Topology

Star topology with the BMS Server at the head-end. A core managed L3 switch (1U, GbE, fiber-uplink-capable) sits in the BMS server cabinet at 2nd Floor (Plant Room). Six edge switches — one per panel location — each terminate the BACnet/IP traffic from the controllers in that panel and the small population of native-BACnet/IP equipment (DOAS, chillers) in their zone. Vertical interconnect is OS2 single-mode fiber (LC-LC duplex) on a riser path from the basement through to the roofdeck. A firewalled uplink connects the BMS LAN to the customer's IT LAN for remote monitoring (graphics-only, no controller writes).

```mermaid
graph TD
    BMS_SERVER[BMS Server / Engineering WS<br/>2F Plant Room]
    CORE[Core L3 Managed Switch<br/>24-port GbE + 4× SFP]
    UPS[UPS 1.5 kVA]
    FIREWALL[Firewall to IT LAN]
    IT[Customer IT LAN]

    BMS_SERVER --- CORE
    UPS --- BMS_SERVER
    UPS --- CORE
    CORE --- FIREWALL
    FIREWALL --- IT

    subgraph RD [Roofdeck]
        direction LR
        SW_RD[Edge Switch FCP-RD<br/>8-port GbE]
        FCP_RD[FCP-RD Controllers]
        DOAS_RD[DOAS-RD.1, RD.2<br/>BACnet/IP]
    end

    subgraph F3 [3rd Floor — Amenity]
        direction LR
        SW_3F[Edge Switch FCP-3F<br/>8-port GbE]
        FCP_3F[FCP-3F Controllers]
    end

    subgraph F2 [2nd Floor — Casino + BOH + Plant]
        direction LR
        SW_2F[Edge Switch FCP-2F<br/>8-port GbE]
        FCP_2F[FCP-2F Controllers]
        SW_PLANT[Edge Switch MCP-PLANT<br/>8-port GbE]
        MCP_PLANT[MCP-PLANT Controllers]
        DOAS_2M[DOAS-2M<br/>BACnet/IP]
        CH[Chillers CH-1..3<br/>BACnet/IP gateways]
    end

    subgraph GF [Ground Floor — BOH]
        direction LR
        SW_GF[Edge Switch FCP-GF<br/>8-port GbE]
        FCP_GF[FCP-GF Controllers]
    end

    subgraph BSMT [Basement / Lower Ground]
        direction LR
        SW_BSMT[Edge Switch FCP-BSMT<br/>8-port GbE]
        FCP_BSMT[FCP-BSMT Controllers]
    end

    CORE === SW_RD
    CORE === SW_3F
    CORE === SW_2F
    CORE === SW_PLANT
    CORE === SW_GF
    CORE === SW_BSMT

    SW_RD --- FCP_RD
    SW_RD --- DOAS_RD
    SW_3F --- FCP_3F
    SW_2F --- FCP_2F
    SW_PLANT --- MCP_PLANT
    SW_PLANT --- DOAS_2M
    SW_PLANT --- CH
    SW_GF --- FCP_GF
    SW_BSMT --- FCP_BSMT
```

## Switch inventory

| ID | Type | Location | Ports | Uplink | UPS | Source |
|----|------|----------|-------|--------|-----|--------|
| CORE-SW-1 | Core L3 managed | 2F Plant Room (BMS rack) | 24× GbE + 4× SFP+ | 2× 1 GbE LACP to firewall | 1.5 kVA | A-003 |
| FW-1 | Firewall (BMS↔IT) | 2F Plant Room (BMS rack) | 4× GbE | 1× GbE to customer IT LAN | 1.5 kVA | A-003 |
| EDGE-RD | L2 managed | Roofdeck (FCP-RD) | 8× GbE + 2× SFP | 1× LC-LC OS2 fiber to CORE | 0.6 kVA | A-003, A-011 |
| EDGE-3F | L2 managed | 3F Amenity (FCP-3F) | 8× GbE + 2× SFP | 1× LC-LC OS2 fiber to CORE | 0.6 kVA | A-003, A-011 |
| EDGE-2F | L2 managed | 2F BOH/Casino (FCP-2F) | 8× GbE + 2× SFP | 1× LC-LC OS2 fiber (short Cat6 lateral) | 0.6 kVA | A-003, A-011 |
| EDGE-GF | L2 managed | GF BOH (FCP-GF) | 8× GbE + 2× SFP | 1× LC-LC OS2 fiber to CORE | 0.6 kVA | A-003, A-011 |
| EDGE-BSMT | L2 managed | Basement (FCP-BSMT) | 8× GbE + 2× SFP | 1× LC-LC OS2 fiber to CORE | 0.6 kVA | A-003, A-011 |

## Cable inventory (network only — captured in A3 trunk rows)

| Run | Type | Length (m) | Source |
|-----|------|-----------|--------|
| Riser fiber backbone (CORE → 5 edge switches) | OS2 SM 1-pair LC-LC, 80 m avg per run | 5 × 80 = 400 m | A-001 |
| Switch-to-controller patches (in panel) | Cat6 1.5 m | 18 controllers × 2 = 36 patches | A-001 |
| Cat6 horizontal to native-BACnet equipment (DOAS, chillers) | Cat6 23-AWG U/UTP FRLS | 6 × 30 m = 180 m | A-001 |

## Network design notes

- **Subnetting:** single /24 BMS LAN (192.168.40.0/24) — head-end, switches, controllers, native BACnet equipment.
- **VLAN:** isolated VLAN; firewall-only path to IT LAN.
- **BACnet:** Device IDs allocated per panel (MCP-PLANT 1000–1099, FCP-RD 1100–1199, etc.). MS/TP and Modbus RTU branches local to each FCP — no MS/TP riser.
- **Reliability:** Each edge switch + UPS protects local controllers from network or power blips up to 30 minutes. Core switch + firewall have UPS as well.
- **Future:** Spare SFP at the core supports 2nd uplink for HA.

## Verification ledger

Reviewed against:
- A4 panel schedule (panels match)
- A1 I/O list `Network` rows (every native-BACnet/IP drop accounted for)
- DRC-004 BMS general specification narrative ("central network", "open protocol")

## Pending clarifications affecting A5

- Q-008 — IT integration scope. If integrations beyond graphics-only are required, the firewall config and rack-power sizing increase modestly.
- Q-004 — Vendor family will determine whether MS/TP is heavily used (some vendors prefer MS/TP for low-cost edge controllers).