The multi-service MPLS IP network created by Company TTK on the basis of the DBN with nodes spread throughout the territory of Russia is the first MPLS network in the country of such a geographical scale and capacity.

The MPLS (Multiprotocol Label Switching) IP-network, based on advanced technology of multiprotocol label switching, was built according to a hierarchical two-tier architecture, which includes a backup layer (core) of MPLS switching of IP traffic and a boundary layer that bears a basic load of subscribers served, and is referred to as the network’s main "intellect."

The IP-network core is comprised of high-performance switching routers by Cisco Systems. The boundary layer consists of Cisco Systems routers, which ensure aggregation of IP-network subscribers' client traffic and Fast Ethernet and Gigabit Ethernet switchboards for integration of node infrastructure and connection of subscribers' equipment. The IP network includes an equipment and service management system and a set of servers that deliver traditional Internet services such as DNS, SMTP, and WWW.

The MPLS IP network serves as the basis for the most important services offered by TTK – primarily, IP VPN and Internet access.

The up-to-date MPLS IP infrastructure is the basis for multi-service operator and corporate networks, facilitating information communication services and integrating telecommunications and information services.

The MPLS IP network expansion and development of innovative services on its basis is the company’s priority.

MPLS Technology

Data is transmitted in VPN via MPLS protocol (MultiProtocol Label Switching), which is responsible for switching IP packages on the TTK backbone network. Safety and efficiency of data transmission is achieved in the network by switching IP-packages containing additional data bytes (Labels) with information on their route. With this technology IP packages are switched rather than routed, which greatly increases the rate of their transmission.
Compared with other technologies, which are used as a basis for VPNs (for example, Frame Relay, dedicated connections, traffic encryption in the Internet), MPLS is the most efficient for IP-traffic transfer, and is therefore the optimum for networking IP-based applications.

Security issues

Increased requirements for information security of IP-services offered by Company TTK are met thanks to:

  • technology features of MPLS technology;
  • organizational and technical activities conducted in the backbone IP network.

MPLS technology has a number of technology features that allow the realization of a level of information security that corresponds to the protection level of networks built on Frame Relay technology:

  • division of address space of different clients’ networks;
  • separation of routing information belonging to different clients;
  • encapsulation of backbone IP-network core structure;
  • resistance to attacks such as “Denial of Service”;
  • resistance to attacks based on “substitution” of labels – Label Spoofing.

The high requirements of information security provided by MPLS technology are confirmed by experts:
  • equipment manufacturers Cisco Systems, Inc., “Security of the MPLS Architecture. White Paper”,
  • Independent expert team Miercom group: “Cisco MPLS based VPNs: Equivalent to the security of Frame Relay. White Paper”,

These features are implemented through a special setup of corresponding interfaces of PE-routers, to which clients’ networks are connected.

Activities conducted by Company TTK in the backbone IP network to provide the necessary level of security include:
  • ensuring a high level of physical security through installation of equipment in special facilities with restricted access;
  • a management system implemented on the basis of a backbone MPLS network and having no interaction with external networks;
  • an engineering design “Backbone IP network of CJSC Company TransTeleCom” approved by the Russian State Technical Committee as regards data protection requirements;
  • availability of an Information safety system making equipment management possible only for authorized users and only within their authority and only from a limited number of network devices. Activity of such users can be audited.
  • work on network attestation for compliance with information security requirements.