Defense Research and Engggineering Network IPv6 Pilot ... · DREN IPv6 Pilot Introduction DREN...
Transcript of Defense Research and Engggineering Network IPv6 Pilot ... · DREN IPv6 Pilot Introduction DREN...
Defense Research and Defense Research and Engineering Network Engineering Network Defense Research and Defense Research and Engineering Network Engineering Network g gg g
IPv6 Pilot IntroductionIPv6 Pilot Introduction–– 2003 to 2008 2003 to 2008 ––
g gg gIPv6 Pilot IntroductionIPv6 Pilot Introduction
–– 2003 to 2008 2003 to 2008 ––IPv6IPv6--teamteam
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
TopicsTopicsTopicsTopicsDREN in the HPCMPDREN in the HPCMPDREN History of IPv6DREN History of IPv6Review of DREN Pilot Review of DREN Pilot
I i i l Pl i EffI i i l Pl i Eff
DREN in the HPCMPDREN in the HPCMPDREN History of IPv6DREN History of IPv6Review of DREN Pilot Review of DREN Pilot
I i i l Pl i EffI i i l Pl i EffInitial Planning EffortsInitial Planning EffortsHow Goals were achievedHow Goals were achieved
Local preparation for IPv6 deploymentLocal preparation for IPv6 deployment
Initial Planning EffortsInitial Planning EffortsHow Goals were achievedHow Goals were achieved
Local preparation for IPv6 deploymentLocal preparation for IPv6 deployment
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
DREN in the HPCMPDREN in the HPCMP (continued)(continued)DREN in the HPCMPDREN in the HPCMP (continued)(continued) A DoD network supporting the A DoD network supporting the
Research, Engineering, Research, Engineering, Modeling & Simulation, Test & Modeling & Simulation, Test & Evaluation, and related Evaluation, and related communities.communities.
ProtocolProtocol--rich, high performance rich, high performance secure network environment with secure network environment with
A DoD network supporting the A DoD network supporting the Research, Engineering, Research, Engineering, Modeling & Simulation, Test & Modeling & Simulation, Test & Evaluation, and related Evaluation, and related communities.communities.
ProtocolProtocol--rich, high performance rich, high performance secure network environment with secure network environment with support of new technologies.support of new technologies.
High capacity, low latency, High capacity, low latency, predominately unclassified.predominately unclassified.
Peers with the Internet, numerous Peers with the Internet, numerous commercial, and other DoD and commercial, and other DoD and Federal networks.Federal networks.
Verizon Business service over the Verizon Business service over the vBNS backbone.vBNS backbone.
support of new technologies.support of new technologies.
High capacity, low latency, High capacity, low latency, predominately unclassified.predominately unclassified.
Peers with the Internet, numerous Peers with the Internet, numerous commercial, and other DoD and commercial, and other DoD and Federal networks.Federal networks.
Verizon Business service over the Verizon Business service over the vBNS backbone.vBNS backbone.
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
DREN History of IPv6DREN History of IPv6DREN History of IPv6DREN History of IPv6 19951995--20002000AdAd--hoc tunnels, playing on 6bone.hoc tunnels, playing on 6bone.Presentation at conferencesPresentation at conferences
Jan 2001 Jan 2001 DRENv6 “test bed”DRENv6 “test bed”
Native IPv6 (no tunnels)Native IPv6 (no tunnels)
19951995--20002000AdAd--hoc tunnels, playing on 6bone.hoc tunnels, playing on 6bone.Presentation at conferencesPresentation at conferences
Jan 2001 Jan 2001 DRENv6 “test bed”DRENv6 “test bed”
Native IPv6 (no tunnels)Native IPv6 (no tunnels) Logically separate from DREN IPv4 backboneLogically separate from DREN IPv4 backbone 8 core nodes (Cisco routers 8 core nodes (Cisco routers –– dedicated to IPv6)dedicated to IPv6) Sites connect via PVCs (native IPv6), or tunnels.Sites connect via PVCs (native IPv6), or tunnels.
New DREN2 backbone contract (MCI) includes IPv6New DREN2 backbone contract (MCI) includes IPv6 Jul 2003Jul 2003Selected as DoD IPv6 “pilot” Selected as DoD IPv6 “pilot”
Oct 2003Oct 2003Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6 Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6
interconnect between DoD and Abilene (UNH), “pilot” nodes at interconnect between DoD and Abilene (UNH), “pilot” nodes at Indian Head, MD (JITC East), Quantico, VA (MCNOSC)Indian Head, MD (JITC East), Quantico, VA (MCNOSC)
Logically separate from DREN IPv4 backboneLogically separate from DREN IPv4 backbone 8 core nodes (Cisco routers 8 core nodes (Cisco routers –– dedicated to IPv6)dedicated to IPv6) Sites connect via PVCs (native IPv6), or tunnels.Sites connect via PVCs (native IPv6), or tunnels.
New DREN2 backbone contract (MCI) includes IPv6New DREN2 backbone contract (MCI) includes IPv6 Jul 2003Jul 2003Selected as DoD IPv6 “pilot” Selected as DoD IPv6 “pilot”
Oct 2003Oct 2003Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6 Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6
interconnect between DoD and Abilene (UNH), “pilot” nodes at interconnect between DoD and Abilene (UNH), “pilot” nodes at Indian Head, MD (JITC East), Quantico, VA (MCNOSC)Indian Head, MD (JITC East), Quantico, VA (MCNOSC)
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
CEWES
WCISD
DREN History of IPv6 (con)DREN History of IPv6 (con)DREN History of IPv6 (con)DREN History of IPv6 (con) 2001 2001 –– Test bed started with Test bed started with
7 native ATM nodes tunneled 7 native ATM nodes tunneled across DREN and a few tunnels across DREN and a few tunnels to other IPv6 networks to other IPv6 networks
2001 2001 –– Test bed started with Test bed started with 7 native ATM nodes tunneled 7 native ATM nodes tunneled across DREN and a few tunnels across DREN and a few tunnels to other IPv6 networks to other IPv6 networks
GlobalCrossingHurricaneElectric
6TAP
C&W
Cisco
Abilene
FIX-West Abilene
JITC-W
2003 2003 –– Test bed Test bed connected to and connected to and peered with many peered with many IPv6 networks. IPv6 networks. FIXFIX--West and West and FHU TIC nodes FHU TIC nodes added for MoonV6added for MoonV6
2003 2003 –– Test bed Test bed connected to and connected to and peered with many peered with many IPv6 networks. IPv6 networks. FIXFIX--West and West and FHU TIC nodes FHU TIC nodes added for MoonV6added for MoonV6
Dayton
San Diego
Albuquerque
Wash D.C.
Stennis
Vicksburg
Aberdeen
ATM PVC (OC-3)tunnel
HICv6
LAVAnet
SPRINT
vBNS+
SSC CharlestonSSAPAC
SSC San Diego
WCISD
AOL
NRL
ARLWPAFB
ERDC
NAVO
NTTComVerio
AFRLKirtland AFB
Core Router “site” IXP ISP orBGP Neighbor
HP
FHU TIC
SD-NAP SDSC
Tunnel broker
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot In June 2003, DoD CIO said DoD will do IPv6In June 2003, DoD CIO said DoD will do IPv6 In June 2003, DDR&E said DREN will do IPv6In June 2003, DDR&E said DREN will do IPv6 In August 2003, HPCMP Director said HPCMP sites In August 2003, HPCMP Director said HPCMP sites
and DREN will do IPv6and DREN will do IPv6 In late 2003 the DREN IPv6 pilot team (TAP In late 2003 the DREN IPv6 pilot team (TAP
members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IP 6
In June 2003, DoD CIO said DoD will do IPv6In June 2003, DoD CIO said DoD will do IPv6 In June 2003, DDR&E said DREN will do IPv6In June 2003, DDR&E said DREN will do IPv6 In August 2003, HPCMP Director said HPCMP sites In August 2003, HPCMP Director said HPCMP sites
and DREN will do IPv6and DREN will do IPv6 In late 2003 the DREN IPv6 pilot team (TAP In late 2003 the DREN IPv6 pilot team (TAP
members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IPv6members & HPCMP personnel) made plans for IPv6 In October 2003, DREN WAN was IPv6 enabledIn October 2003, DREN WAN was IPv6 enabled In late 2003In late 2003--mid 2004 many onmid 2004 many on--site visits were madesite visits were madeVarious briefings were presented to site personnelVarious briefings were presented to site personnel
0101 OverviewOverview –– briefing for executivesbriefing for executives0202 IntroductionIntroduction –– briefing for managersbriefing for managers0303 Implementation DetailsImplementation Details –– briefing for technical personnelbriefing for technical personnel
Interactions between IPv6 pilot team and site personnel Interactions between IPv6 pilot team and site personnel continued, and sites enabled IPv6 across their LANcontinued, and sites enabled IPv6 across their LAN
members & HPCMP personnel) made plans for IPv6members & HPCMP personnel) made plans for IPv6 In October 2003, DREN WAN was IPv6 enabledIn October 2003, DREN WAN was IPv6 enabled In late 2003In late 2003--mid 2004 many onmid 2004 many on--site visits were madesite visits were madeVarious briefings were presented to site personnelVarious briefings were presented to site personnel
0101 OverviewOverview –– briefing for executivesbriefing for executives0202 IntroductionIntroduction –– briefing for managersbriefing for managers0303 Implementation DetailsImplementation Details –– briefing for technical personnelbriefing for technical personnel
Interactions between IPv6 pilot team and site personnel Interactions between IPv6 pilot team and site personnel continued, and sites enabled IPv6 across their LANcontinued, and sites enabled IPv6 across their LAN
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 PilotReview of DREN IPv6 PilotReview of DREN IPv6 PilotReview of DREN IPv6 PilotDREN IPv6 Pilot Goals in 2003:DREN IPv6 Pilot Goals in 2003:
1.1. IPv6 enabled Wide Area Network: all 120+ Service Delivery IPv6 enabled Wide Area Network: all 120+ Service Delivery Points (since grown to 170+), the backbone core, and the Points (since grown to 170+), the backbone core, and the Network Operations Center (NOC). Network Operations Center (NOC). CompleteComplete
2.2. Performance and Security as good as prePerformance and Security as good as pre--existing IPv4existing IPv4--only only network.network. CompleteComplete
DREN IPv6 Pilot Goals in 2003:DREN IPv6 Pilot Goals in 2003:1.1. IPv6 enabled Wide Area Network: all 120+ Service Delivery IPv6 enabled Wide Area Network: all 120+ Service Delivery
Points (since grown to 170+), the backbone core, and the Points (since grown to 170+), the backbone core, and the Network Operations Center (NOC). Network Operations Center (NOC). CompleteComplete
2.2. Performance and Security as good as prePerformance and Security as good as pre--existing IPv4existing IPv4--only only network.network. CompleteCompletenetwork. network. CompleteComplete
3.3. Facilitate IPv6 deployment into HPCMP sites and HPC Facilitate IPv6 deployment into HPCMP sites and HPC Computer Emergency Response Team (CERT). Computer Emergency Response Team (CERT). CompleteComplete
4.4. IPv6 enable:IPv6 enable: HPCMP funded sites’ infrastructures. HPCMP funded sites’ infrastructures. Mostly completeMostly complete HPCMP provided applications. HPCMP provided applications. CompleteComplete
5.5. Furnish feedback, lessons learned across DoD and to wider Furnish feedback, lessons learned across DoD and to wider Federal Agency community, via web and briefings. Federal Agency community, via web and briefings. OnOn--goinggoing Published via web site Published via web site https://kb.v6.dren.nethttps://kb.v6.dren.net
network. network. CompleteComplete3.3. Facilitate IPv6 deployment into HPCMP sites and HPC Facilitate IPv6 deployment into HPCMP sites and HPC
Computer Emergency Response Team (CERT). Computer Emergency Response Team (CERT). CompleteComplete4.4. IPv6 enable:IPv6 enable: HPCMP funded sites’ infrastructures. HPCMP funded sites’ infrastructures. Mostly completeMostly complete HPCMP provided applications. HPCMP provided applications. CompleteComplete
5.5. Furnish feedback, lessons learned across DoD and to wider Furnish feedback, lessons learned across DoD and to wider Federal Agency community, via web and briefings. Federal Agency community, via web and briefings. OnOn--goinggoing Published via web site Published via web site https://kb.v6.dren.nethttps://kb.v6.dren.net
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Functional AreasFunctional Areas
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Functional AreasFunctional Areas
FA07: HPC Community involvement through:FA07: HPC Community involvement through:-- Information availability and technology transfer (via web site)Information availability and technology transfer (via web site)-- Information dissemination (publicity, briefings, conferences, meeting participation)Information dissemination (publicity, briefings, conferences, meeting participation)-- HPC Center and Service program/project site participation (education, training, assistance)HPC Center and Service program/project site participation (education, training, assistance)
FA06: Future planningFA06: Future planning-- Identify and provide support for new applications only possible with IPv6Identify and provide support for new applications only possible with IPv6-- Plan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludes
FA02: InfraFA02: Infra--structure servicesstructure services-- Protocols and toolsProtocols and tools
to ensure network to ensure network apps performapps perform
FA03: Network FA03: Network ManagementManagement-- Protocols and tools for Protocols and tools for
N/W managementN/W management
FA04: SecurityFA04: Security-- Devices (IDS, firewalls)Devices (IDS, firewalls)-- Accreditation processesAccreditation processes-- Access Control Lists Access Control Lists -- Encryption (H/W&S/W)Encryption (H/W&S/W)
FA05: Upgrade/FA05: Upgrade/substitute/substitute/remediate remediate applicationsapplications
FA01: IP TransportFA01: IP Transport-- DREN WAN connectivityDREN WAN connectivity -- DRENv6 peeringDRENv6 peering -- SDREN connectivity and SDREN connectivity and -- Protocol translationProtocol translation
(layers 1 through 4 of the(layers 1 through 4 of the with other test bedswith other test beds performance tuningperformance tuning and tunnelingand tunnelingISO 7 layer model)ISO 7 layer model) and production DRENand production DREN
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Work Breakdown StructureWork Breakdown Structure
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Work Breakdown StructureWork Breakdown Structure
WBS01: Initiate IPv6 Pilot
WBS02: Benefit from History
WBS03: Obvious Initial Steps
WBS04: Deploy IPv6 in DREN WAN infrastructure
WBS05: Build infra-structure and prepare
| | | | | | |Q3 FY03 Q4 Q1 FY04 Q2 Q3 Q4 Q1 FY05
resources needed during the deployment
WBS06: Deploy IPv6 infrastructure to HPC
Centers and selected Service user sites
WBS07: Upgrade/ substitute/remediate
applications
WBS08: Open questions and ill-defined topics
WBS09: Evaluate results of IPv6 pilot
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEffortsReview of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEfforts
WBS01 (Initiate IPv6 Pilot)WBS01 (Initiate IPv6 Pilot)Goals, Pilot team formation, FAs, budget, draft plan*Goals, Pilot team formation, FAs, budget, draft plan*
WBS02 (Benefit from History)WBS02 (Benefit from History)DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development
WBS01 (Initiate IPv6 Pilot)WBS01 (Initiate IPv6 Pilot)Goals, Pilot team formation, FAs, budget, draft plan*Goals, Pilot team formation, FAs, budget, draft plan*
WBS02 (Benefit from History)WBS02 (Benefit from History)DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development
WBS03 (Obvious Initial Steps)WBS03 (Obvious Initial Steps)DREN networkers conf, MoonV6, early sites (HPCMPO, DREN networkers conf, MoonV6, early sites (HPCMPO,
CERT), peering DRENv6 with DREN production networkCERT), peering DRENv6 with DREN production network
WBS04 (Enable IPv6 in DREN WAN infrastructure)WBS04 (Enable IPv6 in DREN WAN infrastructure)SDPs, MCI infrastructure, NOC, dren.net nameserversSDPs, MCI infrastructure, NOC, dren.net nameservers
*Copies available on request (For Official Use Only)*Copies available on request (For Official Use Only)
DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development
WBS03 (Obvious Initial Steps)WBS03 (Obvious Initial Steps)DREN networkers conf, MoonV6, early sites (HPCMPO, DREN networkers conf, MoonV6, early sites (HPCMPO,
CERT), peering DRENv6 with DREN production networkCERT), peering DRENv6 with DREN production network
WBS04 (Enable IPv6 in DREN WAN infrastructure)WBS04 (Enable IPv6 in DREN WAN infrastructure)SDPs, MCI infrastructure, NOC, dren.net nameserversSDPs, MCI infrastructure, NOC, dren.net nameservers
*Copies available on request (For Official Use Only)*Copies available on request (For Official Use Only)
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS05 Build Infrastructure and Prepare for DeploymentWBS05 Build Infrastructure and Prepare for Deployment
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS05 Build Infrastructure and Prepare for DeploymentWBS05 Build Infrastructure and Prepare for Deployment
In 7 subIn 7 sub--tasks, one for each Functional Area:tasks, one for each Functional Area:Queries of what networking infrastructure and Queries of what networking infrastructure and
additional hardware resources are present, additional hardware resources are present, Queries of what software is present on those resources (to Queries of what software is present on those resources (to
be IPv6 enabled),be IPv6 enabled),
In 7 subIn 7 sub--tasks, one for each Functional Area:tasks, one for each Functional Area:Queries of what networking infrastructure and Queries of what networking infrastructure and
additional hardware resources are present, additional hardware resources are present, Queries of what software is present on those resources (to Queries of what software is present on those resources (to
be IPv6 enabled),be IPv6 enabled),Queries of HPC centers and user sites to identify some of Queries of HPC centers and user sites to identify some of
the applications software is present (to be IPv6 enabled),the applications software is present (to be IPv6 enabled),Investigation of vendor IPv6 plans and capabilitiesInvestigation of vendor IPv6 plans and capabilitiesEvaluation of possible IPv6 deployments, such as: Evaluation of possible IPv6 deployments, such as:
protocols, protocols, tools, tools, upgraded/substituted/remediated softwareupgraded/substituted/remediated software
Develop plans and approaches for deploymentDevelop plans and approaches for deployment
Queries of HPC centers and user sites to identify some of Queries of HPC centers and user sites to identify some of the applications software is present (to be IPv6 enabled),the applications software is present (to be IPv6 enabled),
Investigation of vendor IPv6 plans and capabilitiesInvestigation of vendor IPv6 plans and capabilitiesEvaluation of possible IPv6 deployments, such as: Evaluation of possible IPv6 deployments, such as:
protocols, protocols, tools, tools, upgraded/substituted/remediated softwareupgraded/substituted/remediated software
Develop plans and approaches for deploymentDevelop plans and approaches for deployment
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS06 Deploy IPv6 to Centers and sitesWBS06 Deploy IPv6 to Centers and sites
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS06 Deploy IPv6 to Centers and sitesWBS06 Deploy IPv6 to Centers and sites
Facilitate IPv6 deployment into networks and systems at Facilitate IPv6 deployment into networks and systems at those Centers and program/project sitesthose Centers and program/project sites in the IPv6 pilot:in the IPv6 pilot:Perform an initial site visitPerform an initial site visit
Various briefings presented to site personnelVarious briefings presented to site personnel0101 OverviewOverview –– briefing for executive, management,briefing for executive, management,
contracting, and legal personnel (general audience)contracting, and legal personnel (general audience)
Facilitate IPv6 deployment into networks and systems at Facilitate IPv6 deployment into networks and systems at those Centers and program/project sitesthose Centers and program/project sites in the IPv6 pilot:in the IPv6 pilot:Perform an initial site visitPerform an initial site visit
Various briefings presented to site personnelVarious briefings presented to site personnel0101 OverviewOverview –– briefing for executive, management,briefing for executive, management,
contracting, and legal personnel (general audience)contracting, and legal personnel (general audience)0202 IntroductionIntroduction –– briefing for management, security, technical, briefing for management, security, technical,
and application support personnel (general audience)and application support personnel (general audience)0303 Implementation DetailsImplementation Details –– briefing about pilot details and briefing about pilot details and
deployment process presented to technical personneldeployment process presented to technical personnel Additional materials provided to technical personnel Additional materials provided to technical personnel
(See backup slides)(See backup slides)»» SelfSelf--assessment kitassessment kit»» Pointers to onPointers to on--line training and information sourcesline training and information sources
Over an extended period of time Over an extended period of time –– further interactions further interactions between IPv6 pilot team and involved site personnelbetween IPv6 pilot team and involved site personnel
Eventually, site personnel deploy IPv6Eventually, site personnel deploy IPv6
0202 IntroductionIntroduction –– briefing for management, security, technical, briefing for management, security, technical, and application support personnel (general audience)and application support personnel (general audience)
0303 Implementation DetailsImplementation Details –– briefing about pilot details and briefing about pilot details and deployment process presented to technical personneldeployment process presented to technical personnel
Additional materials provided to technical personnel Additional materials provided to technical personnel (See backup slides)(See backup slides)»» SelfSelf--assessment kitassessment kit»» Pointers to onPointers to on--line training and information sourcesline training and information sources
Over an extended period of time Over an extended period of time –– further interactions further interactions between IPv6 pilot team and involved site personnelbetween IPv6 pilot team and involved site personnel
Eventually, site personnel deploy IPv6Eventually, site personnel deploy IPv6
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS07 Upgrade/substitute/remediate applicationsWBS07 Upgrade/substitute/remediate applications
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS07 Upgrade/substitute/remediate applicationsWBS07 Upgrade/substitute/remediate applications
Facilitate application transition during IPv6 deployment at Facilitate application transition during IPv6 deployment at each site. For each application identified for transition (by each site. For each application identified for transition (by either the DREN IPv6 pilot applications team or by the site’s either the DREN IPv6 pilot applications team or by the site’s deployment team):deployment team):Transition that application at the site where the Transition that application at the site where the
application is installed using a previously prepared planapplication is installed using a previously prepared plan
Facilitate application transition during IPv6 deployment at Facilitate application transition during IPv6 deployment at each site. For each application identified for transition (by each site. For each application identified for transition (by either the DREN IPv6 pilot applications team or by the site’s either the DREN IPv6 pilot applications team or by the site’s deployment team):deployment team):Transition that application at the site where the Transition that application at the site where the
application is installed using a previously prepared planapplication is installed using a previously prepared planapplication is installed, using a previously prepared plan application is installed, using a previously prepared plan Each time that application is upgraded/substituted/ Each time that application is upgraded/substituted/
remediated, the plan will be refinedremediated, the plan will be refinedAfter an application is upgraded/substituted/remediated After an application is upgraded/substituted/remediated
at all DREN IPv6 pilot sites, the final revision of the plan at all DREN IPv6 pilot sites, the final revision of the plan will stay on the HPC community web site for later use by will stay on the HPC community web site for later use by the DoD communitythe DoD community
application is installed, using a previously prepared plan application is installed, using a previously prepared plan Each time that application is upgraded/substituted/ Each time that application is upgraded/substituted/
remediated, the plan will be refinedremediated, the plan will be refinedAfter an application is upgraded/substituted/remediated After an application is upgraded/substituted/remediated
at all DREN IPv6 pilot sites, the final revision of the plan at all DREN IPv6 pilot sites, the final revision of the plan will stay on the HPC community web site for later use by will stay on the HPC community web site for later use by the DoD communitythe DoD community
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEffortsReview of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEfforts
WBS08 (Open questions and illWBS08 (Open questions and ill--defined topics) defined topics) track open questions and illtrack open questions and ill--defined topics until closed or defined topics until closed or
wellwell--defined and assigned to one of the functional areas defined and assigned to one of the functional areas for implementationfor implementation
WBS08 (Open questions and illWBS08 (Open questions and ill--defined topics) defined topics) track open questions and illtrack open questions and ill--defined topics until closed or defined topics until closed or
wellwell--defined and assigned to one of the functional areas defined and assigned to one of the functional areas for implementationfor implementation
WBS09 (WBS09 (Evaluate results of IPv6 Evaluate results of IPv6 pilot) pilot) lessons learned from DRENv6 test bed for input to lessons learned from DRENv6 test bed for input to
MoonV6 (done)MoonV6 (done)lessons learned from pilot to use in the DoD Enterpriselessons learned from pilot to use in the DoD Enterprise--
wide deployment of IPv6wide deployment of IPv6work remaining to be done by the HCPMP to finish work remaining to be done by the HCPMP to finish
efforts begun as part of the DREN IPv6 pilot efforts begun as part of the DREN IPv6 pilot
WBS09 (WBS09 (Evaluate results of IPv6 Evaluate results of IPv6 pilot) pilot) lessons learned from DRENv6 test bed for input to lessons learned from DRENv6 test bed for input to
MoonV6 (done)MoonV6 (done)lessons learned from pilot to use in the DoD Enterpriselessons learned from pilot to use in the DoD Enterprise--
wide deployment of IPv6wide deployment of IPv6work remaining to be done by the HCPMP to finish work remaining to be done by the HCPMP to finish
efforts begun as part of the DREN IPv6 pilot efforts begun as part of the DREN IPv6 pilot
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSecurely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSecurely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
DRENv6 (test bed)SSC-SD
ERDC
ARL-APG
To Abilene and IPv6 enabled ISPs and test beds IPv6 demonstrations (such as MoonV6)
Native IPv6 backbone
links run native IPv6 where possible, otherwise tunneled in IPv4
DREN (production IPv4/ Pilot IPv6)sdp.arlapgsdp.sandiego
sdp.erdc
100 Mb/s 100 Mb/s100 Mb/s
v6 IDSv6 IDS v6 IDS
v6 ACLv6 ACLv6 ACL
Dual stack IPv4 and IPv6 wide-area infrastructure
sdp sdp sdp
Type “A” (IP) production service to DREN sitesIPv4 and IPv6 provided over the same interface
Test bed atDREN site
Test bed atDREN site
Goal: Pilot as secure asGoal: Pilot as secure asproduction IPv4 networkproduction IPv4 network
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– Goals Goals Securely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– Goals Goals Securely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
Continue to operate DRENv6 test bed as an Continue to operate DRENv6 test bed as an untrusteduntrusted native native IPv6 network that peers with other open IPv6 networksIPv6 network that peers with other open IPv6 networks
Existing DREN IDS architecture incompatible with IPv6Existing DREN IDS architecture incompatible with IPv6Juniper router port mirroring lacks IPv6 supportJuniper router port mirroring lacks IPv6 support
So, split the packets out to a separate portSo, split the packets out to a separate port
Continue to operate DRENv6 test bed as an Continue to operate DRENv6 test bed as an untrusteduntrusted native native IPv6 network that peers with other open IPv6 networksIPv6 network that peers with other open IPv6 networks
Existing DREN IDS architecture incompatible with IPv6Existing DREN IDS architecture incompatible with IPv6Juniper router port mirroring lacks IPv6 supportJuniper router port mirroring lacks IPv6 support
So, split the packets out to a separate portSo, split the packets out to a separate portHPC IDS lacks IPv6 supportHPC IDS lacks IPv6 support
So, upgrade IDS software to handle IPv6 packetsSo, upgrade IDS software to handle IPv6 packets Router ACLs lack necessary IPv6 featuresRouter ACLs lack necessary IPv6 featuresSo, upgrade memory where required and Juniper (pilot) So, upgrade memory where required and Juniper (pilot)
and Cisco (test bed) routers to support IPv6 ACLsand Cisco (test bed) routers to support IPv6 ACLs Firewalls didn’t support IPv6 (except a few beta units)Firewalls didn’t support IPv6 (except a few beta units)Not a problem, since DREN peering points don’t use themNot a problem, since DREN peering points don’t use them
HPC IDS lacks IPv6 supportHPC IDS lacks IPv6 support So, upgrade IDS software to handle IPv6 packetsSo, upgrade IDS software to handle IPv6 packets
Router ACLs lack necessary IPv6 featuresRouter ACLs lack necessary IPv6 featuresSo, upgrade memory where required and Juniper (pilot) So, upgrade memory where required and Juniper (pilot)
and Cisco (test bed) routers to support IPv6 ACLsand Cisco (test bed) routers to support IPv6 ACLs Firewalls didn’t support IPv6 (except a few beta units)Firewalls didn’t support IPv6 (except a few beta units)Not a problem, since DREN peering points don’t use themNot a problem, since DREN peering points don’t use them
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– Goals Goals Securely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– Goals Goals Securely peer with DRENv6 test bedSecurely peer with DRENv6 test bed
DREN IPv6 pilot recognized that DREN IPv6 pilot recognized that Firewalls are an issue for some Firewalls are an issue for some sites so Firewalls were tested:sites so Firewalls were tested:
DREN IPv6 pilot recognized that DREN IPv6 pilot recognized that Firewalls are an issue for some Firewalls are an issue for some sites so Firewalls were tested:sites so Firewalls were tested:
DREN
(Pilot)
DREN2 (Pilot)
IPv4 unicast andmulticast services+ IPv6 unicast
WAN
sites, so Firewalls were tested:sites, so Firewalls were tested: Netscreen IPv6 capability early “beta”Netscreen IPv6 capability early “beta”
Wanted to test on SSCWanted to test on SSC--SD NSSD NS--500 500 firewall (previously in operation) … firewall (previously in operation) … but the 500 didn’t work in transparent but the 500 didn’t work in transparent modemode
So NSSo NS--208 procured and installed for IPv6 208 procured and installed for IPv6 beta … tested it in “routing mode” but with beta … tested it in “routing mode” but with RIP, RIP, notnot OSFPv3 as desiredOSFPv3 as desired
Had to install “beta” and production in Had to install “beta” and production in parallel as shown.parallel as shown.
Status: Both now announced IPv6 products Status: Both now announced IPv6 products from Juniper (who acquired Netscreen)from Juniper (who acquired Netscreen) Results favorable, with some minor caveatsResults favorable, with some minor caveats
sites, so Firewalls were tested:sites, so Firewalls were tested: Netscreen IPv6 capability early “beta”Netscreen IPv6 capability early “beta”
Wanted to test on SSCWanted to test on SSC--SD NSSD NS--500 500 firewall (previously in operation) … firewall (previously in operation) … but the 500 didn’t work in transparent but the 500 didn’t work in transparent modemode
So NSSo NS--208 procured and installed for IPv6 208 procured and installed for IPv6 beta … tested it in “routing mode” but with beta … tested it in “routing mode” but with RIP, RIP, notnot OSFPv3 as desiredOSFPv3 as desired
Had to install “beta” and production in Had to install “beta” and production in parallel as shown.parallel as shown.
Status: Both now announced IPv6 products Status: Both now announced IPv6 products from Juniper (who acquired Netscreen)from Juniper (who acquired Netscreen) Results favorable, with some minor caveatsResults favorable, with some minor caveats
SPAWARBorder router(Juniper M20)
Netscreen 500Firewall
to LAN
Netscreen 208Firewall
switch
IPv4 IPv6
IDS
ProductionFirewall
IPv6 Firewall
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSupport MoonV6 commencing 6 October 2003Support MoonV6 commencing 6 October 2003
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSupport MoonV6 commencing 6 October 2003Support MoonV6 commencing 6 October 2003
see www.moonv6.orgsee www.moonv6.org
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSupport MoonV6 commencing 6 October 2003Support MoonV6 commencing 6 October 2003
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSupport MoonV6 commencing 6 October 2003Support MoonV6 commencing 6 October 2003
existing DREN SDP(Juniper M5)
sdp1.fthuachuca
DS3 toDREN
“A” (IP) “B” (ATM)Fast-E OC-3
cell-relay
DREN IPv4
Connection between TIC and JITC isa 2 km fiber run (SM) converted to multimode at the endpoints.
new DRENv6 node (Juniper M7i)
MARCONI ASX-200 Switch
jitc.v6.dren.net
OC-3
Fast-E
service to TIC local nets
Technology Integration Center, Bldg B323DISA, Joint Interoperability Test Command, Bldg 698
new Cisco 2600 router at JITC West
for IPv6 peering
IPv6 overATM
IPv6 over FastEthernet
OC-3
Service can be delivered aseither ATM or FastEthernet
Fast-E
to IPv6 test bednets at TIC?
These are the pieces that are new for this initiative.
MARCONI ASX-200 Switch
Arrows show flow of inbound IPv6packets
MarconiViPr
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals
FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):IPv6 deployed on DREN infrastructure IPv6 deployed on DREN infrastructure
all SDPsall SDPs the MCI provided Widethe MCI provided Wide--Area Networking infrastructureArea Networking infrastructure
h DREN N k O i Ch DREN N k O i C
FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):IPv6 deployed on DREN infrastructure IPv6 deployed on DREN infrastructure
all SDPsall SDPs the MCI provided Widethe MCI provided Wide--Area Networking infrastructureArea Networking infrastructure
h DREN N k O i Ch DREN N k O i C the DREN Network Operations Centerthe DREN Network Operations Center provide IPv6 dren.net DNS supportprovide IPv6 dren.net DNS support
IPv6 deployed on HPCMP funded assets and servicesIPv6 deployed on HPCMP funded assets and services MSRCsMSRCs ADCs (extent will vary by site)ADCs (extent will vary by site) Some DDCs volunteered: NRLSome DDCs volunteered: NRL--DC, SSCDC, SSC--SD, RTTC, SD, RTTC,
WSMR, NAWCWSMR, NAWC--ADAD
the DREN Network Operations Centerthe DREN Network Operations Center provide IPv6 dren.net DNS supportprovide IPv6 dren.net DNS support
IPv6 deployed on HPCMP funded assets and servicesIPv6 deployed on HPCMP funded assets and services MSRCsMSRCs ADCs (extent will vary by site)ADCs (extent will vary by site) Some DDCs volunteered: NRLSome DDCs volunteered: NRL--DC, SSCDC, SSC--SD, RTTC, SD, RTTC,
WSMR, NAWCWSMR, NAWC--ADAD
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued)
Other sites, such as HPC CERT, HPCMPO, SDREN Other sites, such as HPC CERT, HPCMPO, SDREN SNOCSNOC
Various applications enabledVarious applications enabled HPCMP infrastructure applications, such as Kerberos, HPCMP infrastructure applications, such as Kerberos,
FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Other sites, such as HPC CERT, HPCMPO, SDREN Other sites, such as HPC CERT, HPCMPO, SDREN
SNOCSNOCVarious applications enabledVarious applications enabled
HPCMP infrastructure applications, such as Kerberos, HPCMP infrastructure applications, such as Kerberos, Information Environment, OnInformation Environment, On--line Knowledge Centerline Knowledge Center
thirdthird--party applications (requires vendor cooperation)party applications (requires vendor cooperation)»» COTS, GOTS, CHSSI, and the likeCOTS, GOTS, CHSSI, and the like
at the HPC Centersat the HPC Centers»» used by the program/project user sitesused by the program/project user sites
Selected HPC userSelected HPC user--developed applicationsdeveloped applications»» depending on who is interested/willing to convertdepending on who is interested/willing to convert
Information Environment, OnInformation Environment, On--line Knowledge Centerline Knowledge Center thirdthird--party applications (requires vendor cooperation)party applications (requires vendor cooperation)
»» COTS, GOTS, CHSSI, and the likeCOTS, GOTS, CHSSI, and the like at the HPC Centersat the HPC Centers
»» used by the program/project user sitesused by the program/project user sites Selected HPC userSelected HPC user--developed applicationsdeveloped applications
»» depending on who is interested/willing to convertdepending on who is interested/willing to convert
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Allocate DREN IPv6 address space (maintaining autonomy)Allocate DREN IPv6 address space (maintaining autonomy)
FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Allocate DREN IPv6 address space (maintaining autonomy)Allocate DREN IPv6 address space (maintaining autonomy)
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals
2001 0480 sssn subnet Interface ID/32 /48 /64
DREN Site
/128
sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ site ID site ID (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, F00..FFF = DRENv6 and other test beds), F00..FFF = DRENv6 and other test beds), NOTENOTE: “s” is a hex digit: “s” is a hex digit
Allocate a block of sixteen /48 prefixes to each SDPAllocate a block of sixteen /48 prefixes to each SDP»» Each site behind an SDP is allocated its own /48 Each site behind an SDP is allocated its own /48 »» n = 0..F (for up to 16 sites or enclaves behind each SDP)n = 0..F (for up to 16 sites or enclaves behind each SDP)
Smallest subnet is a /64, even pointSmallest subnet is a /64, even point--toto--point links!point links! Loopback interfaces are /128 (still) Loopback interfaces are /128 (still)
sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ site ID site ID (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, F00..FFF = DRENv6 and other test beds), F00..FFF = DRENv6 and other test beds), NOTENOTE: “s” is a hex digit: “s” is a hex digit
Allocate a block of sixteen /48 prefixes to each SDPAllocate a block of sixteen /48 prefixes to each SDP»» Each site behind an SDP is allocated its own /48 Each site behind an SDP is allocated its own /48 »» n = 0..F (for up to 16 sites or enclaves behind each SDP)n = 0..F (for up to 16 sites or enclaves behind each SDP)
Smallest subnet is a /64, even pointSmallest subnet is a /64, even point--toto--point links!point links! Loopback interfaces are /128 (still) Loopback interfaces are /128 (still)
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals
FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):facilitate IPv6 deployment into infrastructure at both HPC facilitate IPv6 deployment into infrastructure at both HPC
Centers and selected Service program/project sitesCenters and selected Service program/project sitesEventually, IPv6 deployed locally as part of IPv6 pilotEventually, IPv6 deployed locally as part of IPv6 pilotProvide product availability, functionality, maturity, Provide product availability, functionality, maturity,
standards compliance other lessons learned to HPCstandards compliance other lessons learned to HPC
FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):facilitate IPv6 deployment into infrastructure at both HPC facilitate IPv6 deployment into infrastructure at both HPC
Centers and selected Service program/project sitesCenters and selected Service program/project sitesEventually, IPv6 deployed locally as part of IPv6 pilotEventually, IPv6 deployed locally as part of IPv6 pilotProvide product availability, functionality, maturity, Provide product availability, functionality, maturity,
standards compliance other lessons learned to HPCstandards compliance other lessons learned to HPCstandards compliance, other lessons learned to HPC standards compliance, other lessons learned to HPC community via the webcommunity via the webstandards compliance, other lessons learned to HPC standards compliance, other lessons learned to HPC community via the webcommunity via the web
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals
Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (throughthrough FY07)FY07)::Facilitate DoD test beds and development efforts to deploy Facilitate DoD test beds and development efforts to deploy
IPv6IPv6Facilitate DoD transition to IPv6Facilitate DoD transition to IPv6
Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (throughthrough FY07)FY07)::Facilitate DoD test beds and development efforts to deploy Facilitate DoD test beds and development efforts to deploy
IPv6IPv6Facilitate DoD transition to IPv6Facilitate DoD transition to IPv6Capture of lessons learned and transfer of experience with Capture of lessons learned and transfer of experience with
IPv6 pilot and DRENv6 test bed to larger DoD community IPv6 pilot and DRENv6 test bed to larger DoD community (See Backup Slides)(See Backup Slides)
Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (beyondbeyond FY07)FY07)::Turn off wideTurn off wide--area native IPv4 support for DREN IPv6 area native IPv4 support for DREN IPv6
pilot resources pilot resources
Capture of lessons learned and transfer of experience with Capture of lessons learned and transfer of experience with IPv6 pilot and DRENv6 test bed to larger DoD community IPv6 pilot and DRENv6 test bed to larger DoD community (See Backup Slides)(See Backup Slides)
Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (beyondbeyond FY07)FY07)::Turn off wideTurn off wide--area native IPv4 support for DREN IPv6 area native IPv4 support for DREN IPv6
pilot resources pilot resources
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be usingthe warfighter will be using
To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so that itlearn a new protocol and update their program so that it
To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be usingthe warfighter will be using
To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so that itlearn a new protocol and update their program so that itlearn a new protocol and update their program so that it learn a new protocol and update their program so that it works like it used toworks like it used to
To computer users To computer users –– ‘Someone’ updates the software on ‘Someone’ updates the software on their system, and then everything works like it used totheir system, and then everything works like it used to
To system administrators and network managers To system administrators and network managers –– They They learn to support new protocols, update system software (and learn to support new protocols, update system software (and possibly some hardware), and then reconfigure, and then possibly some hardware), and then reconfigure, and then everything works like it used toeverything works like it used to
learn a new protocol and update their program so that it learn a new protocol and update their program so that it works like it used toworks like it used to
To computer users To computer users –– ‘Someone’ updates the software on ‘Someone’ updates the software on their system, and then everything works like it used totheir system, and then everything works like it used to
To system administrators and network managers To system administrators and network managers –– They They learn to support new protocols, update system software (and learn to support new protocols, update system software (and possibly some hardware), and then reconfigure, and then possibly some hardware), and then reconfigure, and then everything works like it used toeverything works like it used to
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be using. Without having access to an the warfighter will be using. Without having access to an IPv4/IPv6 environment:IPv4/IPv6 environment:Development must occur in an IPv4 environmentDevelopment must occur in an IPv4 environment
Testing would have to be done either:Testing would have to be done either:
To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be using. Without having access to an the warfighter will be using. Without having access to an IPv4/IPv6 environment:IPv4/IPv6 environment:Development must occur in an IPv4 environmentDevelopment must occur in an IPv4 environment
Testing would have to be done either:Testing would have to be done either:Testing would have to be done either:Testing would have to be done either: First in an IPv4 environment, and then port the First in an IPv4 environment, and then port the
system to an IPv6 environment for regression testing, system to an IPv6 environment for regression testing, oror
After being ported to an IPv6 environment, with any After being ported to an IPv6 environment, with any inconsistencies iteratively fixed back on the separate inconsistencies iteratively fixed back on the separate IPv4 development environmentIPv4 development environment
Evaluation in either case would take more time/effort/ Evaluation in either case would take more time/effort/ moneymoney
Testing would have to be done either:Testing would have to be done either: First in an IPv4 environment, and then port the First in an IPv4 environment, and then port the
system to an IPv6 environment for regression testing, system to an IPv6 environment for regression testing, oror
After being ported to an IPv6 environment, with any After being ported to an IPv6 environment, with any inconsistencies iteratively fixed back on the separate inconsistencies iteratively fixed back on the separate IPv4 development environmentIPv4 development environment
Evaluation in either case would take more time/effort/ Evaluation in either case would take more time/effort/ moneymoney
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so it works learn a new protocol and update their program so it works like it used tolike it used toThe source code must be availableThe source code must be available
R f RFC 3493 B i S k I f E iR f RFC 3493 B i S k I f E i
To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so it works learn a new protocol and update their program so it works like it used tolike it used toThe source code must be availableThe source code must be available
R f RFC 3493 B i S k I f E iR f RFC 3493 B i S k I f E iReference RFC 3493 Basic Socket Interface Extensions Reference RFC 3493 Basic Socket Interface Extensions for IPv6, February 2003for IPv6, February 2003
Fairly simple series of source code changes:Fairly simple series of source code changes: Replace IPv4Replace IPv4--specific calls “gethostbyname” specific calls “gethostbyname”
“getservbyname” to IPv4/6 “getaddrinfo” calls“getservbyname” to IPv4/6 “getaddrinfo” calls Update socket calls and data structures,Update socket calls and data structures, Et ceteraEt cetera
Reference RFC 3493 Basic Socket Interface Extensions Reference RFC 3493 Basic Socket Interface Extensions for IPv6, February 2003for IPv6, February 2003
Fairly simple series of source code changes:Fairly simple series of source code changes: Replace IPv4Replace IPv4--specific calls “gethostbyname” specific calls “gethostbyname”
“getservbyname” to IPv4/6 “getaddrinfo” calls“getservbyname” to IPv4/6 “getaddrinfo” calls Update socket calls and data structures,Update socket calls and data structures, Et ceteraEt cetera
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To programmers (continued) To programmers (continued) –– There are some good There are some good software tools publicly available that can automatically software tools publicly available that can automatically determine if an IPv4 program contains IPdetermine if an IPv4 program contains IP--specific calls, and specific calls, and suggest needed changes. A few are:suggest needed changes. A few are:http://msdn.microsoft.com/library/http://msdn.microsoft.com/library/
IP 6 G id f Wi d S k A li iIP 6 G id f Wi d S k A li i
To programmers (continued) To programmers (continued) –– There are some good There are some good software tools publicly available that can automatically software tools publicly available that can automatically determine if an IPv4 program contains IPdetermine if an IPv4 program contains IP--specific calls, and specific calls, and suggest needed changes. A few are:suggest needed changes. A few are:http://msdn.microsoft.com/library/http://msdn.microsoft.com/library/
IP 6 G id f Wi d S k A li iIP 6 G id f Wi d S k A li i IPv6 Guide for Windows Sockets ApplicationsIPv6 Guide for Windows Sockets Applications Checkv4.exe utility programCheckv4.exe utility program
http://wwws.sun.com/software/solaris/ipv6/http://wwws.sun.com/software/solaris/ipv6/ IPv6 Socket Scrubber IPv6 Socket Scrubber
http://wwws.sun.com/software/solaris/ipv6/porting_guidehttp://wwws.sun.com/software/solaris/ipv6/porting_guide_ipv6.pdf_ipv6.pdf Porting Networking Applications to the IPv6 APIsPorting Networking Applications to the IPv6 APIs
Linux tools also availableLinux tools also available
IPv6 Guide for Windows Sockets ApplicationsIPv6 Guide for Windows Sockets Applications Checkv4.exe utility programCheckv4.exe utility program
http://wwws.sun.com/software/solaris/ipv6/http://wwws.sun.com/software/solaris/ipv6/ IPv6 Socket Scrubber IPv6 Socket Scrubber
http://wwws.sun.com/software/solaris/ipv6/porting_guidehttp://wwws.sun.com/software/solaris/ipv6/porting_guide_ipv6.pdf_ipv6.pdf Porting Networking Applications to the IPv6 APIsPorting Networking Applications to the IPv6 APIs
Linux tools also availableLinux tools also available
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To programmers (continued) To programmers (continued) –– Suggestions for writing new programs or Suggestions for writing new programs or rere--writing old ones:writing old ones: Build applicationBuild application--specific address structure in the code.specific address structure in the code. This would This would
typically be a structure that includes the address type, address data, typically be a structure that includes the address type, address data, and optionally address size.and optionally address size. This allows a single structure for This allows a single structure for dealing with multiple address types.dealing with multiple address types.
Build a small set of functions that deal with the above address Build a small set of functions that deal with the above address
To programmers (continued) To programmers (continued) –– Suggestions for writing new programs or Suggestions for writing new programs or rere--writing old ones:writing old ones: Build applicationBuild application--specific address structure in the code.specific address structure in the code. This would This would
typically be a structure that includes the address type, address data, typically be a structure that includes the address type, address data, and optionally address size.and optionally address size. This allows a single structure for This allows a single structure for dealing with multiple address types.dealing with multiple address types.
Build a small set of functions that deal with the above address Build a small set of functions that deal with the above address structures.structures. Functions may include: setting, comparing, printing, etc., Functions may include: setting, comparing, printing, etc., address structures.address structures.
Hostname lookups:Hostname lookups: expect multiple addresses to be returned.expect multiple addresses to be returned. This This should be obvious for hosts with multiple IPv4 addresses, but should be obvious for hosts with multiple IPv4 addresses, but account for several IP addresses (at least 2) per interface.account for several IP addresses (at least 2) per interface. Also, Also, consider linkconsider link--local, multicast, and anycast addresses.local, multicast, and anycast addresses.
When replacing IPv4 addresses in code, rename variables or When replacing IPv4 addresses in code, rename variables or structure members so that the compiler can help you find all structure members so that the compiler can help you find all instances of the address variable that need to be adjustedinstances of the address variable that need to be adjusted
Consider the use of "struct sockaddr_storage" and then cast it to the Consider the use of "struct sockaddr_storage" and then cast it to the appropriate sockaddr_* for the address family.appropriate sockaddr_* for the address family.
structures.structures. Functions may include: setting, comparing, printing, etc., Functions may include: setting, comparing, printing, etc., address structures.address structures.
Hostname lookups:Hostname lookups: expect multiple addresses to be returned.expect multiple addresses to be returned. This This should be obvious for hosts with multiple IPv4 addresses, but should be obvious for hosts with multiple IPv4 addresses, but account for several IP addresses (at least 2) per interface.account for several IP addresses (at least 2) per interface. Also, Also, consider linkconsider link--local, multicast, and anycast addresses.local, multicast, and anycast addresses.
When replacing IPv4 addresses in code, rename variables or When replacing IPv4 addresses in code, rename variables or structure members so that the compiler can help you find all structure members so that the compiler can help you find all instances of the address variable that need to be adjustedinstances of the address variable that need to be adjusted
Consider the use of "struct sockaddr_storage" and then cast it to the Consider the use of "struct sockaddr_storage" and then cast it to the appropriate sockaddr_* for the address family.appropriate sockaddr_* for the address family.
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To computer users To computer users –– ‘Someone’ updates the software on their ‘Someone’ updates the software on their system, and then everything works like it used tosystem, and then everything works like it used toAn IT support organization representative, a local systems An IT support organization representative, a local systems
administrator, or a knowledgeable computer user:administrator, or a knowledgeable computer user: Installs patches or a new version of the O/S (Windows Installs patches or a new version of the O/S (Windows
To computer users To computer users –– ‘Someone’ updates the software on their ‘Someone’ updates the software on their system, and then everything works like it used tosystem, and then everything works like it used toAn IT support organization representative, a local systems An IT support organization representative, a local systems
administrator, or a knowledgeable computer user:administrator, or a knowledgeable computer user: Installs patches or a new version of the O/S (Windows Installs patches or a new version of the O/S (Windows p (p (
XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or UNIX patches)UNIX patches)
Installs patches or new versions of the communications, Installs patches or new versions of the communications, WWW, and distributed applications on the systemWWW, and distributed applications on the system
Installs new Kerberos clients Installs new Kerberos clients And, the user would notice very little in the way of new or And, the user would notice very little in the way of new or
improved functionalityimproved functionality
p (p (XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or UNIX patches)UNIX patches)
Installs patches or new versions of the communications, Installs patches or new versions of the communications, WWW, and distributed applications on the systemWWW, and distributed applications on the system
Installs new Kerberos clients Installs new Kerberos clients And, the user would notice very little in the way of new or And, the user would notice very little in the way of new or
improved functionalityimproved functionality
DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site
To system administrators and network managers To system administrators and network managers –– They learn They learn to support new protocols, update system software (and to support new protocols, update system software (and possibly some hardware), and then reconfigure, just to keep possibly some hardware), and then reconfigure, just to keep everything working like it used to. They need to:everything working like it used to. They need to:Learn new terminology and concepts. IPv6 is an expanded Learn new terminology and concepts. IPv6 is an expanded
protocol with more configuration optionsprotocol with more configuration options
To system administrators and network managers To system administrators and network managers –– They learn They learn to support new protocols, update system software (and to support new protocols, update system software (and possibly some hardware), and then reconfigure, just to keep possibly some hardware), and then reconfigure, just to keep everything working like it used to. They need to:everything working like it used to. They need to:Learn new terminology and concepts. IPv6 is an expanded Learn new terminology and concepts. IPv6 is an expanded
protocol with more configuration optionsprotocol with more configuration optionsp g pp g pInstall patches or a new version of the computer O/S Install patches or a new version of the computer O/S
(recent Linux or UNIX patches) and router O/S(recent Linux or UNIX patches) and router O/SInstall patches or new versions of the communications, Install patches or new versions of the communications,
WWW, DNS, SNMP, and other distributed applications WWW, DNS, SNMP, and other distributed applications on the systems and routerson the systems and routers
New Kerberos application servers, KDCs, et ceteraNew Kerberos application servers, KDCs, et ceteraAll to notice very little in the way of improved All to notice very little in the way of improved
functionality, but with lots of new choicesfunctionality, but with lots of new choices
p g pp g pInstall patches or a new version of the computer O/S Install patches or a new version of the computer O/S
(recent Linux or UNIX patches) and router O/S(recent Linux or UNIX patches) and router O/SInstall patches or new versions of the communications, Install patches or new versions of the communications,
WWW, DNS, SNMP, and other distributed applications WWW, DNS, SNMP, and other distributed applications on the systems and routerson the systems and routers
New Kerberos application servers, KDCs, et ceteraNew Kerberos application servers, KDCs, et ceteraAll to notice very little in the way of improved All to notice very little in the way of improved
functionality, but with lots of new choicesfunctionality, but with lots of new choices