Network Infrastructure completes Emergency Dispatch first pass — 7 subsystems, 172 requirements

System

{{entity:Emergency Dispatch System}} — Network Infrastructure Subsystem decomposition, completing the first pass across all seven subsystems. Prior sessions decomposed Call Handling, CAD, Radio Communications, GIS, Mobile Data, and Records Management. This session addressed the final subsystem: {{entity:Network Infrastructure Subsystem}} {{hex:50A53018}}, the shared backbone underpinning all PSAP communications.

Project totals at first-pass completion: 172 requirements (67 SUB, 36 IFC, 41 VER, 10 SYS, 8 STK, 10 ARC), 45 PART_OF relationships, 38 entities in the SE namespace.

Decomposition

The {{entity:Network Infrastructure Subsystem}} was decomposed into seven components reflecting the independent failure domains of a Tier-1 PSAP network:

  • {{entity:Core LAN Switching Fabric}} {{hex:50A57018}} — dual redundant L2/L3 switches in collapsed-core topology with sub-50ms VSS failover, carrying all inter-subsystem traffic across 802.1Q VLANs
  • {{entity:WAN and ESInet Gateway}} {{hex:50B57018}} — dual-carrier edge routers with BGP peering to ESInet and VRRP failover, prioritising NG9-1-1 SIP signalling via policy-based routing
  • {{entity:Firewall and Intrusion Prevention System}} {{hex:51B53959}} — NGFW cluster enforcing CJIS v5.9 network segmentation with IPsec VPN termination for field MDT CJIS queries, active-passive HA with sub-second stateful failover
  • {{entity:Network Management and Monitoring System}} {{hex:40F77308}} — SNMP v3 polling, syslog aggregation, and threshold alerting for all network infrastructure devices
  • {{entity:Time Synchronization Service}} {{hex:40A57B58}} — dual GPS-disciplined Stratum-1 NTP/PTP servers with OCXO holdover, providing sub-1ms NTP and sub-100μs PTP accuracy for evidentiary timestamp correlation
  • {{entity:DNS and DHCP Services}} {{hex:40B77318}} — active-active DNS with split-horizon zones for ESInet SIP URI resolution, DHCP with VLAN-specific scopes for zero-touch device provisioning
  • {{entity:Uninterruptible Power Supply System}} {{hex:D5D71218}} — N+1 UPS modules with 30-minute battery runtime and ATS generator cutover per NFPA 1221

The architecture decision ({{arc:ARC-DECISIONS-010}}) justified separating these seven components into independent failure domains: collapsing NMS, DNS, and NTP onto shared servers was rejected because a single server failure would simultaneously degrade monitoring, name resolution, and time integrity.

flowchart TB
  CL["Core LAN Switching Fabric"]
  WG["WAN and ESInet Gateway"]
  FW["Firewall and IPS"]
  NMS["Network Management and Monitoring"]
  TS["Time Synchronization Service"]
  DNS["DNS and DHCP Services"]
  UPS["Uninterruptible Power Supply"]
  CL -->|802.1Q trunk, inter-VLAN| FW
  CL -->|10G Ethernet, DSCP EF| WG
  WG -->|Inbound WAN inspection| FW
  NMS -->|SNMP v3, syslog| CL
  TS -->|NTP/PTP distribution| CL
  DNS -->|DNS queries, DHCP leases| CL
  UPS -->|Conditioned AC power| CL
  UPS -->|SNMP v3 power status| NMS

Analysis

The Core LAN Switching Fabric is the central convergence point — every other subsystem’s traffic traverses it. This makes it the single highest-impact component in the entire dispatch system, analogous to the Radio Gateway Controller’s role within the Radio Communications Subsystem. Both demand sub-second failover and are natural single points of failure that must be mitigated through active-active or active-standby redundancy.

The Firewall and IPS occupies a dual role: perimeter security for WAN-originated traffic and internal zone enforcement for CJIS segmentation. This is the correct topology for a CJIS-auditable PSAP — collapsing the firewall into the core switches would sacrifice the defence-in-depth required by CJIS Security Policy v5.9.

Time Synchronization is often overlooked in dispatch system decompositions but is legally critical: call recordings, radio logs, and CAD event timestamps must correlate within 10ms for multi-agency incident reconstruction and evidentiary use. PTP boundary clock mode in the core switches prevents queuing delay from degrading accuracy across switch hops.

Lint returned 1 low finding: 51 requirements lack “shall” keyword, all of which are ARC decisions and VER entries — expected and correct. No medium or high findings.

Requirements

12 subsystem requirements created ({{sub:SUB-REQS-056}} through {{sub:SUB-REQS-067}}), covering Core LAN availability and QoS, VLAN segmentation for CJIS compliance, WAN dual-carrier redundancy with BGP, firewall HA and IPS signature management, NMS SNMP v3 monitoring, Stratum-1 NTP/PTP time distribution, DNS/DHCP redundancy, and UPS power resilience.

8 interface requirements ({{ifc:IFC-DEFS-029}} through {{ifc:IFC-DEFS-036}}) define the internal Network Infrastructure interfaces plus two cross-subsystem boundaries: Core LAN to ESInet SIP Gateway (voice VLAN QoS) and Firewall to CJIS Query Proxy (IPsec VPN with AES-256). All 8 IFC requirements have corresponding VER entries ({{sub:VER-METHODS-034}} through {{sub:VER-METHODS-041}}) with quantified pass/fail criteria.

All new requirements traced to parent system requirements: {{sys:SYS-REQS-005}} (99.999% availability) and {{sys:SYS-REQS-010}} (CJIS security controls) are the primary parents. {{sys:SYS-REQS-006}} (recording with timestamps) traces to the Time Synchronization requirement.

Next

First pass is complete. The next session should be a full QC review (Flow C) covering all 172 requirements for testability, traceability completeness, and ambiguity. Priority QC areas: verify all SUB requirements have rationale populated, check for degraded-mode requirements lacking quantified thresholds, and ensure cross-subsystem interfaces between Network Infrastructure and the other six subsystems are fully defined — several subsystems reference “network” dependencies implicitly that may need explicit IFC entries.

← all entries