Defense Research and Engggineering Network IPv6 Pilot ... · DREN IPv6 Pilot Introduction DREN...

Defense Research and Defense Research and Engineering Network Engineering Network Defense Research and Defense Research and Engineering Network Engineering Network g gg g

IPv6 Pilot IntroductionIPv6 Pilot Introduction–– 2003 to 2008 2003 to 2008 ––

g gg gIPv6 Pilot IntroductionIPv6 Pilot Introduction

–– 2003 to 2008 2003 to 2008 ––IPv6IPv6--teamteam

@[email protected]

@[email protected]

DREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot IntroductionDREN IPv6 Pilot Introduction

TopicsTopicsTopicsTopicsDREN in the HPCMPDREN in the HPCMPDREN History of IPv6DREN History of IPv6Review of DREN Pilot Review of DREN Pilot

I i i l Pl i EffI i i l Pl i Eff

DREN in the HPCMPDREN in the HPCMPDREN History of IPv6DREN History of IPv6Review of DREN Pilot Review of DREN Pilot

I i i l Pl i EffI i i l Pl i EffInitial Planning EffortsInitial Planning EffortsHow Goals were achievedHow Goals were achieved

Local preparation for IPv6 deploymentLocal preparation for IPv6 deployment

Initial Planning EffortsInitial Planning EffortsHow Goals were achievedHow Goals were achieved

Local preparation for IPv6 deploymentLocal preparation for IPv6 deployment


DREN in the HPCMPDREN in the HPCMP (continued)(continued)DREN in the HPCMPDREN in the HPCMP (continued)(continued) A DoD network supporting the A DoD network supporting the

Research, Engineering, Research, Engineering, Modeling & Simulation, Test & Modeling & Simulation, Test & Evaluation, and related Evaluation, and related communities.communities.

ProtocolProtocol--rich, high performance rich, high performance secure network environment with secure network environment with

A DoD network supporting the A DoD network supporting the Research, Engineering, Research, Engineering, Modeling & Simulation, Test & Modeling & Simulation, Test & Evaluation, and related Evaluation, and related communities.communities.

ProtocolProtocol--rich, high performance rich, high performance secure network environment with secure network environment with support of new technologies.support of new technologies.

High capacity, low latency, High capacity, low latency, predominately unclassified.predominately unclassified.

Peers with the Internet, numerous Peers with the Internet, numerous commercial, and other DoD and commercial, and other DoD and Federal networks.Federal networks.

Verizon Business service over the Verizon Business service over the vBNS backbone.vBNS backbone.

support of new technologies.support of new technologies.

High capacity, low latency, High capacity, low latency, predominately unclassified.predominately unclassified.

Peers with the Internet, numerous Peers with the Internet, numerous commercial, and other DoD and commercial, and other DoD and Federal networks.Federal networks.

Verizon Business service over the Verizon Business service over the vBNS backbone.vBNS backbone.


DREN History of IPv6DREN History of IPv6DREN History of IPv6DREN History of IPv6 19951995--20002000AdAd--hoc tunnels, playing on 6bone.hoc tunnels, playing on 6bone.Presentation at conferencesPresentation at conferences

Jan 2001 Jan 2001 DRENv6 “test bed”DRENv6 “test bed”

Native IPv6 (no tunnels)Native IPv6 (no tunnels)

19951995--20002000AdAd--hoc tunnels, playing on 6bone.hoc tunnels, playing on 6bone.Presentation at conferencesPresentation at conferences

Jan 2001 Jan 2001 DRENv6 “test bed”DRENv6 “test bed”

Native IPv6 (no tunnels)Native IPv6 (no tunnels) Logically separate from DREN IPv4 backboneLogically separate from DREN IPv4 backbone 8 core nodes (Cisco routers 8 core nodes (Cisco routers –– dedicated to IPv6)dedicated to IPv6) Sites connect via PVCs (native IPv6), or tunnels.Sites connect via PVCs (native IPv6), or tunnels.

New DREN2 backbone contract (MCI) includes IPv6New DREN2 backbone contract (MCI) includes IPv6 Jul 2003Jul 2003Selected as DoD IPv6 “pilot” Selected as DoD IPv6 “pilot”

Oct 2003Oct 2003Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6 Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6

interconnect between DoD and Abilene (UNH), “pilot” nodes at interconnect between DoD and Abilene (UNH), “pilot” nodes at Indian Head, MD (JITC East), Quantico, VA (MCNOSC)Indian Head, MD (JITC East), Quantico, VA (MCNOSC)

Logically separate from DREN IPv4 backboneLogically separate from DREN IPv4 backbone 8 core nodes (Cisco routers 8 core nodes (Cisco routers –– dedicated to IPv6)dedicated to IPv6) Sites connect via PVCs (native IPv6), or tunnels.Sites connect via PVCs (native IPv6), or tunnels.

New DREN2 backbone contract (MCI) includes IPv6New DREN2 backbone contract (MCI) includes IPv6 Jul 2003Jul 2003Selected as DoD IPv6 “pilot” Selected as DoD IPv6 “pilot”

Oct 2003Oct 2003Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6 Added DRENv6 node at Ft Huachuca (TIC, JITC) for Moonv6

interconnect between DoD and Abilene (UNH), “pilot” nodes at interconnect between DoD and Abilene (UNH), “pilot” nodes at Indian Head, MD (JITC East), Quantico, VA (MCNOSC)Indian Head, MD (JITC East), Quantico, VA (MCNOSC)


CEWES

WCISD

DREN History of IPv6 (con)DREN History of IPv6 (con)DREN History of IPv6 (con)DREN History of IPv6 (con) 2001 2001 –– Test bed started with Test bed started with

7 native ATM nodes tunneled 7 native ATM nodes tunneled across DREN and a few tunnels across DREN and a few tunnels to other IPv6 networks to other IPv6 networks

2001 2001 –– Test bed started with Test bed started with 7 native ATM nodes tunneled 7 native ATM nodes tunneled across DREN and a few tunnels across DREN and a few tunnels to other IPv6 networks to other IPv6 networks

GlobalCrossingHurricaneElectric

6TAP

C&W

Cisco

Abilene

FIX-West Abilene

JITC-W

2003 2003 –– Test bed Test bed connected to and connected to and peered with many peered with many IPv6 networks. IPv6 networks. FIXFIX--West and West and FHU TIC nodes FHU TIC nodes added for MoonV6added for MoonV6

2003 2003 –– Test bed Test bed connected to and connected to and peered with many peered with many IPv6 networks. IPv6 networks. FIXFIX--West and West and FHU TIC nodes FHU TIC nodes added for MoonV6added for MoonV6

Dayton

San Diego

Albuquerque

Wash D.C.

Stennis

Vicksburg

Aberdeen

ATM PVC (OC-3)tunnel

HICv6

LAVAnet

SPRINT

vBNS+

SSC CharlestonSSAPAC

SSC San Diego

WCISD

AOL

NRL

ARLWPAFB

ERDC

NAVO

NTTComVerio

AFRLKirtland AFB

Core Router “site” IXP ISP orBGP Neighbor

HP

FHU TIC

SD-NAP SDSC

Tunnel broker


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot In June 2003, DoD CIO said DoD will do IPv6In June 2003, DoD CIO said DoD will do IPv6 In June 2003, DDR&E said DREN will do IPv6In June 2003, DDR&E said DREN will do IPv6 In August 2003, HPCMP Director said HPCMP sites In August 2003, HPCMP Director said HPCMP sites

and DREN will do IPv6and DREN will do IPv6 In late 2003 the DREN IPv6 pilot team (TAP In late 2003 the DREN IPv6 pilot team (TAP

members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IP 6

In June 2003, DoD CIO said DoD will do IPv6In June 2003, DoD CIO said DoD will do IPv6 In June 2003, DDR&E said DREN will do IPv6In June 2003, DDR&E said DREN will do IPv6 In August 2003, HPCMP Director said HPCMP sites In August 2003, HPCMP Director said HPCMP sites

and DREN will do IPv6and DREN will do IPv6 In late 2003 the DREN IPv6 pilot team (TAP In late 2003 the DREN IPv6 pilot team (TAP

members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IP 6members & HPCMP personnel) made plans for IPv6members & HPCMP personnel) made plans for IPv6 In October 2003, DREN WAN was IPv6 enabledIn October 2003, DREN WAN was IPv6 enabled In late 2003In late 2003--mid 2004 many onmid 2004 many on--site visits were madesite visits were madeVarious briefings were presented to site personnelVarious briefings were presented to site personnel

0101 OverviewOverview –– briefing for executivesbriefing for executives0202 IntroductionIntroduction –– briefing for managersbriefing for managers0303 Implementation DetailsImplementation Details –– briefing for technical personnelbriefing for technical personnel

Interactions between IPv6 pilot team and site personnel Interactions between IPv6 pilot team and site personnel continued, and sites enabled IPv6 across their LANcontinued, and sites enabled IPv6 across their LAN

members & HPCMP personnel) made plans for IPv6members & HPCMP personnel) made plans for IPv6 In October 2003, DREN WAN was IPv6 enabledIn October 2003, DREN WAN was IPv6 enabled In late 2003In late 2003--mid 2004 many onmid 2004 many on--site visits were madesite visits were madeVarious briefings were presented to site personnelVarious briefings were presented to site personnel

0101 OverviewOverview –– briefing for executivesbriefing for executives0202 IntroductionIntroduction –– briefing for managersbriefing for managers0303 Implementation DetailsImplementation Details –– briefing for technical personnelbriefing for technical personnel

Interactions between IPv6 pilot team and site personnel Interactions between IPv6 pilot team and site personnel continued, and sites enabled IPv6 across their LANcontinued, and sites enabled IPv6 across their LAN


Review of DREN IPv6 PilotReview of DREN IPv6 PilotReview of DREN IPv6 PilotReview of DREN IPv6 PilotDREN IPv6 Pilot Goals in 2003:DREN IPv6 Pilot Goals in 2003:

1.1. IPv6 enabled Wide Area Network: all 120+ Service Delivery IPv6 enabled Wide Area Network: all 120+ Service Delivery Points (since grown to 170+), the backbone core, and the Points (since grown to 170+), the backbone core, and the Network Operations Center (NOC). Network Operations Center (NOC). CompleteComplete

2.2. Performance and Security as good as prePerformance and Security as good as pre--existing IPv4existing IPv4--only only network.network. CompleteComplete

DREN IPv6 Pilot Goals in 2003:DREN IPv6 Pilot Goals in 2003:1.1. IPv6 enabled Wide Area Network: all 120+ Service Delivery IPv6 enabled Wide Area Network: all 120+ Service Delivery

Points (since grown to 170+), the backbone core, and the Points (since grown to 170+), the backbone core, and the Network Operations Center (NOC). Network Operations Center (NOC). CompleteComplete

2.2. Performance and Security as good as prePerformance and Security as good as pre--existing IPv4existing IPv4--only only network.network. CompleteCompletenetwork. network. CompleteComplete

3.3. Facilitate IPv6 deployment into HPCMP sites and HPC Facilitate IPv6 deployment into HPCMP sites and HPC Computer Emergency Response Team (CERT). Computer Emergency Response Team (CERT). CompleteComplete

4.4. IPv6 enable:IPv6 enable: HPCMP funded sites’ infrastructures. HPCMP funded sites’ infrastructures. Mostly completeMostly complete HPCMP provided applications. HPCMP provided applications. CompleteComplete

5.5. Furnish feedback, lessons learned across DoD and to wider Furnish feedback, lessons learned across DoD and to wider Federal Agency community, via web and briefings. Federal Agency community, via web and briefings. OnOn--goinggoing Published via web site Published via web site https://kb.v6.dren.nethttps://kb.v6.dren.net

network. network. CompleteComplete3.3. Facilitate IPv6 deployment into HPCMP sites and HPC Facilitate IPv6 deployment into HPCMP sites and HPC

Computer Emergency Response Team (CERT). Computer Emergency Response Team (CERT). CompleteComplete4.4. IPv6 enable:IPv6 enable: HPCMP funded sites’ infrastructures. HPCMP funded sites’ infrastructures. Mostly completeMostly complete HPCMP provided applications. HPCMP provided applications. CompleteComplete

5.5. Furnish feedback, lessons learned across DoD and to wider Furnish feedback, lessons learned across DoD and to wider Federal Agency community, via web and briefings. Federal Agency community, via web and briefings. OnOn--goinggoing Published via web site Published via web site https://kb.v6.dren.nethttps://kb.v6.dren.net


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Functional AreasFunctional Areas

Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Functional AreasFunctional Areas

FA07: HPC Community involvement through:FA07: HPC Community involvement through:-- Information availability and technology transfer (via web site)Information availability and technology transfer (via web site)-- Information dissemination (publicity, briefings, conferences, meeting participation)Information dissemination (publicity, briefings, conferences, meeting participation)-- HPC Center and Service program/project site participation (education, training, assistance)HPC Center and Service program/project site participation (education, training, assistance)

FA06: Future planningFA06: Future planning-- Identify and provide support for new applications only possible with IPv6Identify and provide support for new applications only possible with IPv6-- Plan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludesPlan for continuing support after IPv6 pilot concludes

FA02: InfraFA02: Infra--structure servicesstructure services-- Protocols and toolsProtocols and tools

to ensure network to ensure network apps performapps perform

FA03: Network FA03: Network ManagementManagement-- Protocols and tools for Protocols and tools for

N/W managementN/W management

FA04: SecurityFA04: Security-- Devices (IDS, firewalls)Devices (IDS, firewalls)-- Accreditation processesAccreditation processes-- Access Control Lists Access Control Lists -- Encryption (H/W&S/W)Encryption (H/W&S/W)

FA05: Upgrade/FA05: Upgrade/substitute/substitute/remediate remediate applicationsapplications

FA01: IP TransportFA01: IP Transport-- DREN WAN connectivityDREN WAN connectivity -- DRENv6 peeringDRENv6 peering -- SDREN connectivity and SDREN connectivity and -- Protocol translationProtocol translation

(layers 1 through 4 of the(layers 1 through 4 of the with other test bedswith other test beds performance tuningperformance tuning and tunnelingand tunnelingISO 7 layer model)ISO 7 layer model) and production DRENand production DREN


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Work Breakdown StructureWork Breakdown Structure

Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts Work Breakdown StructureWork Breakdown Structure

WBS01: Initiate IPv6 Pilot

WBS02: Benefit from History

WBS03: Obvious Initial Steps

WBS04: Deploy IPv6 in DREN WAN infrastructure

WBS05: Build infra-structure and prepare

| | | | | | |Q3 FY03 Q4 Q1 FY04 Q2 Q3 Q4 Q1 FY05

resources needed during the deployment

WBS06: Deploy IPv6 infrastructure to HPC

Centers and selected Service user sites

WBS07: Upgrade/ substitute/remediate

applications

WBS08: Open questions and ill-defined topics

WBS09: Evaluate results of IPv6 pilot


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEffortsReview of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEfforts

WBS01 (Initiate IPv6 Pilot)WBS01 (Initiate IPv6 Pilot)Goals, Pilot team formation, FAs, budget, draft plan*Goals, Pilot team formation, FAs, budget, draft plan*

WBS02 (Benefit from History)WBS02 (Benefit from History)DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development

WBS01 (Initiate IPv6 Pilot)WBS01 (Initiate IPv6 Pilot)Goals, Pilot team formation, FAs, budget, draft plan*Goals, Pilot team formation, FAs, budget, draft plan*

WBS02 (Benefit from History)WBS02 (Benefit from History)DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development

WBS03 (Obvious Initial Steps)WBS03 (Obvious Initial Steps)DREN networkers conf, MoonV6, early sites (HPCMPO, DREN networkers conf, MoonV6, early sites (HPCMPO,

CERT), peering DRENv6 with DREN production networkCERT), peering DRENv6 with DREN production network

WBS04 (Enable IPv6 in DREN WAN infrastructure)WBS04 (Enable IPv6 in DREN WAN infrastructure)SDPs, MCI infrastructure, NOC, dren.net nameserversSDPs, MCI infrastructure, NOC, dren.net nameservers

*Copies available on request (For Official Use Only)*Copies available on request (For Official Use Only)

DRENv6 test bed and address plan, IDSv6 developmentDRENv6 test bed and address plan, IDSv6 development

WBS03 (Obvious Initial Steps)WBS03 (Obvious Initial Steps)DREN networkers conf, MoonV6, early sites (HPCMPO, DREN networkers conf, MoonV6, early sites (HPCMPO,

CERT), peering DRENv6 with DREN production networkCERT), peering DRENv6 with DREN production network

WBS04 (Enable IPv6 in DREN WAN infrastructure)WBS04 (Enable IPv6 in DREN WAN infrastructure)SDPs, MCI infrastructure, NOC, dren.net nameserversSDPs, MCI infrastructure, NOC, dren.net nameservers

*Copies available on request (For Official Use Only)*Copies available on request (For Official Use Only)


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS05 Build Infrastructure and Prepare for DeploymentWBS05 Build Infrastructure and Prepare for Deployment

Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS05 Build Infrastructure and Prepare for DeploymentWBS05 Build Infrastructure and Prepare for Deployment

In 7 subIn 7 sub--tasks, one for each Functional Area:tasks, one for each Functional Area:Queries of what networking infrastructure and Queries of what networking infrastructure and

additional hardware resources are present, additional hardware resources are present, Queries of what software is present on those resources (to Queries of what software is present on those resources (to

be IPv6 enabled),be IPv6 enabled),

In 7 subIn 7 sub--tasks, one for each Functional Area:tasks, one for each Functional Area:Queries of what networking infrastructure and Queries of what networking infrastructure and

additional hardware resources are present, additional hardware resources are present, Queries of what software is present on those resources (to Queries of what software is present on those resources (to

be IPv6 enabled),be IPv6 enabled),Queries of HPC centers and user sites to identify some of Queries of HPC centers and user sites to identify some of

the applications software is present (to be IPv6 enabled),the applications software is present (to be IPv6 enabled),Investigation of vendor IPv6 plans and capabilitiesInvestigation of vendor IPv6 plans and capabilitiesEvaluation of possible IPv6 deployments, such as: Evaluation of possible IPv6 deployments, such as:

protocols, protocols, tools, tools, upgraded/substituted/remediated softwareupgraded/substituted/remediated software

Develop plans and approaches for deploymentDevelop plans and approaches for deployment

Queries of HPC centers and user sites to identify some of Queries of HPC centers and user sites to identify some of the applications software is present (to be IPv6 enabled),the applications software is present (to be IPv6 enabled),

Investigation of vendor IPv6 plans and capabilitiesInvestigation of vendor IPv6 plans and capabilitiesEvaluation of possible IPv6 deployments, such as: Evaluation of possible IPv6 deployments, such as:

protocols, protocols, tools, tools, upgraded/substituted/remediated softwareupgraded/substituted/remediated software

Develop plans and approaches for deploymentDevelop plans and approaches for deployment


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS06 Deploy IPv6 to Centers and sitesWBS06 Deploy IPv6 to Centers and sites

Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS06 Deploy IPv6 to Centers and sitesWBS06 Deploy IPv6 to Centers and sites

Facilitate IPv6 deployment into networks and systems at Facilitate IPv6 deployment into networks and systems at those Centers and program/project sitesthose Centers and program/project sites in the IPv6 pilot:in the IPv6 pilot:Perform an initial site visitPerform an initial site visit

Various briefings presented to site personnelVarious briefings presented to site personnel0101 OverviewOverview –– briefing for executive, management,briefing for executive, management,

contracting, and legal personnel (general audience)contracting, and legal personnel (general audience)

Facilitate IPv6 deployment into networks and systems at Facilitate IPv6 deployment into networks and systems at those Centers and program/project sitesthose Centers and program/project sites in the IPv6 pilot:in the IPv6 pilot:Perform an initial site visitPerform an initial site visit

Various briefings presented to site personnelVarious briefings presented to site personnel0101 OverviewOverview –– briefing for executive, management,briefing for executive, management,

contracting, and legal personnel (general audience)contracting, and legal personnel (general audience)0202 IntroductionIntroduction –– briefing for management, security, technical, briefing for management, security, technical,

and application support personnel (general audience)and application support personnel (general audience)0303 Implementation DetailsImplementation Details –– briefing about pilot details and briefing about pilot details and

deployment process presented to technical personneldeployment process presented to technical personnel Additional materials provided to technical personnel Additional materials provided to technical personnel

(See backup slides)(See backup slides)»» SelfSelf--assessment kitassessment kit»» Pointers to onPointers to on--line training and information sourcesline training and information sources

Over an extended period of time Over an extended period of time –– further interactions further interactions between IPv6 pilot team and involved site personnelbetween IPv6 pilot team and involved site personnel

Eventually, site personnel deploy IPv6Eventually, site personnel deploy IPv6

0202 IntroductionIntroduction –– briefing for management, security, technical, briefing for management, security, technical, and application support personnel (general audience)and application support personnel (general audience)

0303 Implementation DetailsImplementation Details –– briefing about pilot details and briefing about pilot details and deployment process presented to technical personneldeployment process presented to technical personnel

Additional materials provided to technical personnel Additional materials provided to technical personnel (See backup slides)(See backup slides)»» SelfSelf--assessment kitassessment kit»» Pointers to onPointers to on--line training and information sourcesline training and information sources

Over an extended period of time Over an extended period of time –– further interactions further interactions between IPv6 pilot team and involved site personnelbetween IPv6 pilot team and involved site personnel

Eventually, site personnel deploy IPv6Eventually, site personnel deploy IPv6


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS07 Upgrade/substitute/remediate applicationsWBS07 Upgrade/substitute/remediate applications

Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– Efforts Efforts WBS07 Upgrade/substitute/remediate applicationsWBS07 Upgrade/substitute/remediate applications

Facilitate application transition during IPv6 deployment at Facilitate application transition during IPv6 deployment at each site. For each application identified for transition (by each site. For each application identified for transition (by either the DREN IPv6 pilot applications team or by the site’s either the DREN IPv6 pilot applications team or by the site’s deployment team):deployment team):Transition that application at the site where the Transition that application at the site where the

application is installed using a previously prepared planapplication is installed using a previously prepared plan

Facilitate application transition during IPv6 deployment at Facilitate application transition during IPv6 deployment at each site. For each application identified for transition (by each site. For each application identified for transition (by either the DREN IPv6 pilot applications team or by the site’s either the DREN IPv6 pilot applications team or by the site’s deployment team):deployment team):Transition that application at the site where the Transition that application at the site where the

application is installed using a previously prepared planapplication is installed using a previously prepared planapplication is installed, using a previously prepared plan application is installed, using a previously prepared plan Each time that application is upgraded/substituted/ Each time that application is upgraded/substituted/

remediated, the plan will be refinedremediated, the plan will be refinedAfter an application is upgraded/substituted/remediated After an application is upgraded/substituted/remediated

at all DREN IPv6 pilot sites, the final revision of the plan at all DREN IPv6 pilot sites, the final revision of the plan will stay on the HPC community web site for later use by will stay on the HPC community web site for later use by the DoD communitythe DoD community

application is installed, using a previously prepared plan application is installed, using a previously prepared plan Each time that application is upgraded/substituted/ Each time that application is upgraded/substituted/

remediated, the plan will be refinedremediated, the plan will be refinedAfter an application is upgraded/substituted/remediated After an application is upgraded/substituted/remediated

at all DREN IPv6 pilot sites, the final revision of the plan at all DREN IPv6 pilot sites, the final revision of the plan will stay on the HPC community web site for later use by will stay on the HPC community web site for later use by the DoD communitythe DoD community


Review of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEffortsReview of DREN IPv6 Pilot Review of DREN IPv6 Pilot –– EffortsEfforts

WBS08 (Open questions and illWBS08 (Open questions and ill--defined topics) defined topics) track open questions and illtrack open questions and ill--defined topics until closed or defined topics until closed or

wellwell--defined and assigned to one of the functional areas defined and assigned to one of the functional areas for implementationfor implementation

WBS08 (Open questions and illWBS08 (Open questions and ill--defined topics) defined topics) track open questions and illtrack open questions and ill--defined topics until closed or defined topics until closed or

wellwell--defined and assigned to one of the functional areas defined and assigned to one of the functional areas for implementationfor implementation

WBS09 (WBS09 (Evaluate results of IPv6 Evaluate results of IPv6 pilot) pilot) lessons learned from DRENv6 test bed for input to lessons learned from DRENv6 test bed for input to

MoonV6 (done)MoonV6 (done)lessons learned from pilot to use in the DoD Enterpriselessons learned from pilot to use in the DoD Enterprise--

wide deployment of IPv6wide deployment of IPv6work remaining to be done by the HCPMP to finish work remaining to be done by the HCPMP to finish

efforts begun as part of the DREN IPv6 pilot efforts begun as part of the DREN IPv6 pilot

WBS09 (WBS09 (Evaluate results of IPv6 Evaluate results of IPv6 pilot) pilot) lessons learned from DRENv6 test bed for input to lessons learned from DRENv6 test bed for input to

MoonV6 (done)MoonV6 (done)lessons learned from pilot to use in the DoD Enterpriselessons learned from pilot to use in the DoD Enterprise--

wide deployment of IPv6wide deployment of IPv6work remaining to be done by the HCPMP to finish work remaining to be done by the HCPMP to finish

efforts begun as part of the DREN IPv6 pilot efforts begun as part of the DREN IPv6 pilot


Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSecurely peer with DRENv6 test bedSecurely peer with DRENv6 test bed

Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSecurely peer with DRENv6 test bedSecurely peer with DRENv6 test bed

DRENv6 (test bed)SSC-SD

ERDC

ARL-APG

To Abilene and IPv6 enabled ISPs and test beds IPv6 demonstrations (such as MoonV6)

Native IPv6 backbone

links run native IPv6 where possible, otherwise tunneled in IPv4

DREN (production IPv4/ Pilot IPv6)sdp.arlapgsdp.sandiego

sdp.erdc

100 Mb/s 100 Mb/s100 Mb/s

v6 IDSv6 IDS v6 IDS

v6 ACLv6 ACLv6 ACL

Dual stack IPv4 and IPv6 wide-area infrastructure

sdp sdp sdp

Type “A” (IP) production service to DREN sitesIPv4 and IPv6 provided over the same interface

Test bed atDREN site

Test bed atDREN site

Goal: Pilot as secure asGoal: Pilot as secure asproduction IPv4 networkproduction IPv4 network


Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– Goals Goals Securely peer with DRENv6 test bedSecurely peer with DRENv6 test bed


Continue to operate DRENv6 test bed as an Continue to operate DRENv6 test bed as an untrusteduntrusted native native IPv6 network that peers with other open IPv6 networksIPv6 network that peers with other open IPv6 networks

Existing DREN IDS architecture incompatible with IPv6Existing DREN IDS architecture incompatible with IPv6Juniper router port mirroring lacks IPv6 supportJuniper router port mirroring lacks IPv6 support

So, split the packets out to a separate portSo, split the packets out to a separate port

Continue to operate DRENv6 test bed as an Continue to operate DRENv6 test bed as an untrusteduntrusted native native IPv6 network that peers with other open IPv6 networksIPv6 network that peers with other open IPv6 networks

Existing DREN IDS architecture incompatible with IPv6Existing DREN IDS architecture incompatible with IPv6Juniper router port mirroring lacks IPv6 supportJuniper router port mirroring lacks IPv6 support

So, split the packets out to a separate portSo, split the packets out to a separate portHPC IDS lacks IPv6 supportHPC IDS lacks IPv6 support

So, upgrade IDS software to handle IPv6 packetsSo, upgrade IDS software to handle IPv6 packets Router ACLs lack necessary IPv6 featuresRouter ACLs lack necessary IPv6 featuresSo, upgrade memory where required and Juniper (pilot) So, upgrade memory where required and Juniper (pilot)

and Cisco (test bed) routers to support IPv6 ACLsand Cisco (test bed) routers to support IPv6 ACLs Firewalls didn’t support IPv6 (except a few beta units)Firewalls didn’t support IPv6 (except a few beta units)Not a problem, since DREN peering points don’t use themNot a problem, since DREN peering points don’t use them

HPC IDS lacks IPv6 supportHPC IDS lacks IPv6 support So, upgrade IDS software to handle IPv6 packetsSo, upgrade IDS software to handle IPv6 packets

Router ACLs lack necessary IPv6 featuresRouter ACLs lack necessary IPv6 featuresSo, upgrade memory where required and Juniper (pilot) So, upgrade memory where required and Juniper (pilot)

and Cisco (test bed) routers to support IPv6 ACLsand Cisco (test bed) routers to support IPv6 ACLs Firewalls didn’t support IPv6 (except a few beta units)Firewalls didn’t support IPv6 (except a few beta units)Not a problem, since DREN peering points don’t use themNot a problem, since DREN peering points don’t use them




DREN IPv6 pilot recognized that DREN IPv6 pilot recognized that Firewalls are an issue for some Firewalls are an issue for some sites so Firewalls were tested:sites so Firewalls were tested:

DREN IPv6 pilot recognized that DREN IPv6 pilot recognized that Firewalls are an issue for some Firewalls are an issue for some sites so Firewalls were tested:sites so Firewalls were tested:

DREN

(Pilot)

DREN2 (Pilot)

IPv4 unicast andmulticast services+ IPv6 unicast

WAN

sites, so Firewalls were tested:sites, so Firewalls were tested: Netscreen IPv6 capability early “beta”Netscreen IPv6 capability early “beta”

Wanted to test on SSCWanted to test on SSC--SD NSSD NS--500 500 firewall (previously in operation) … firewall (previously in operation) … but the 500 didn’t work in transparent but the 500 didn’t work in transparent modemode

So NSSo NS--208 procured and installed for IPv6 208 procured and installed for IPv6 beta … tested it in “routing mode” but with beta … tested it in “routing mode” but with RIP, RIP, notnot OSFPv3 as desiredOSFPv3 as desired

Had to install “beta” and production in Had to install “beta” and production in parallel as shown.parallel as shown.

Status: Both now announced IPv6 products Status: Both now announced IPv6 products from Juniper (who acquired Netscreen)from Juniper (who acquired Netscreen) Results favorable, with some minor caveatsResults favorable, with some minor caveats

sites, so Firewalls were tested:sites, so Firewalls were tested: Netscreen IPv6 capability early “beta”Netscreen IPv6 capability early “beta”

Wanted to test on SSCWanted to test on SSC--SD NSSD NS--500 500 firewall (previously in operation) … firewall (previously in operation) … but the 500 didn’t work in transparent but the 500 didn’t work in transparent modemode

So NSSo NS--208 procured and installed for IPv6 208 procured and installed for IPv6 beta … tested it in “routing mode” but with beta … tested it in “routing mode” but with RIP, RIP, notnot OSFPv3 as desiredOSFPv3 as desired

Had to install “beta” and production in Had to install “beta” and production in parallel as shown.parallel as shown.

Status: Both now announced IPv6 products Status: Both now announced IPv6 products from Juniper (who acquired Netscreen)from Juniper (who acquired Netscreen) Results favorable, with some minor caveatsResults favorable, with some minor caveats

SPAWARBorder router(Juniper M20)

Netscreen 500Firewall

to LAN

Netscreen 208Firewall

switch

IPv4 IPv6

IDS

ProductionFirewall

IPv6 Firewall


Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsSupport MoonV6 commencing 6 October 2003Support MoonV6 commencing 6 October 2003


see www.moonv6.orgsee www.moonv6.org




existing DREN SDP(Juniper M5)

sdp1.fthuachuca

DS3 toDREN

“A” (IP) “B” (ATM)Fast-E OC-3

cell-relay

DREN IPv4

Connection between TIC and JITC isa 2 km fiber run (SM) converted to multimode at the endpoints.

new DRENv6 node (Juniper M7i)

MARCONI ASX-200 Switch

jitc.v6.dren.net

OC-3

Fast-E

service to TIC local nets

Technology Integration Center, Bldg B323DISA, Joint Interoperability Test Command, Bldg 698

new Cisco 2600 router at JITC West

for IPv6 peering

IPv6 overATM

IPv6 over FastEthernet

OC-3

Service can be delivered aseither ATM or FastEthernet

Fast-E

to IPv6 test bednets at TIC?

These are the pieces that are new for this initiative.

MARCONI ASX-200 Switch

Arrows show flow of inbound IPv6packets

MarconiViPr


Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals

FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):IPv6 deployed on DREN infrastructure IPv6 deployed on DREN infrastructure

all SDPsall SDPs the MCI provided Widethe MCI provided Wide--Area Networking infrastructureArea Networking infrastructure

h DREN N k O i Ch DREN N k O i C

FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):IPv6 deployed on DREN infrastructure IPv6 deployed on DREN infrastructure

all SDPsall SDPs the MCI provided Widethe MCI provided Wide--Area Networking infrastructureArea Networking infrastructure

h DREN N k O i Ch DREN N k O i C the DREN Network Operations Centerthe DREN Network Operations Center provide IPv6 dren.net DNS supportprovide IPv6 dren.net DNS support

IPv6 deployed on HPCMP funded assets and servicesIPv6 deployed on HPCMP funded assets and services MSRCsMSRCs ADCs (extent will vary by site)ADCs (extent will vary by site) Some DDCs volunteered: NRLSome DDCs volunteered: NRL--DC, SSCDC, SSC--SD, RTTC, SD, RTTC,

WSMR, NAWCWSMR, NAWC--ADAD

the DREN Network Operations Centerthe DREN Network Operations Center provide IPv6 dren.net DNS supportprovide IPv6 dren.net DNS support

IPv6 deployed on HPCMP funded assets and servicesIPv6 deployed on HPCMP funded assets and services MSRCsMSRCs ADCs (extent will vary by site)ADCs (extent will vary by site) Some DDCs volunteered: NRLSome DDCs volunteered: NRL--DC, SSCDC, SSC--SD, RTTC, SD, RTTC,

WSMR, NAWCWSMR, NAWC--ADAD


Review of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoalsReview of DREN IPV6 pilot Review of DREN IPV6 pilot –– GoalsGoals FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued)

Other sites, such as HPC CERT, HPCMPO, SDREN Other sites, such as HPC CERT, HPCMPO, SDREN SNOCSNOC

Various applications enabledVarious applications enabled HPCMP infrastructure applications, such as Kerberos, HPCMP infrastructure applications, such as Kerberos,

FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Other sites, such as HPC CERT, HPCMPO, SDREN Other sites, such as HPC CERT, HPCMPO, SDREN

SNOCSNOCVarious applications enabledVarious applications enabled

HPCMP infrastructure applications, such as Kerberos, HPCMP infrastructure applications, such as Kerberos, Information Environment, OnInformation Environment, On--line Knowledge Centerline Knowledge Center

thirdthird--party applications (requires vendor cooperation)party applications (requires vendor cooperation)»» COTS, GOTS, CHSSI, and the likeCOTS, GOTS, CHSSI, and the like

at the HPC Centersat the HPC Centers»» used by the program/project user sitesused by the program/project user sites

Selected HPC userSelected HPC user--developed applicationsdeveloped applications»» depending on who is interested/willing to convertdepending on who is interested/willing to convert

Information Environment, OnInformation Environment, On--line Knowledge Centerline Knowledge Center thirdthird--party applications (requires vendor cooperation)party applications (requires vendor cooperation)

»» COTS, GOTS, CHSSI, and the likeCOTS, GOTS, CHSSI, and the like at the HPC Centersat the HPC Centers

»» used by the program/project user sitesused by the program/project user sites Selected HPC userSelected HPC user--developed applicationsdeveloped applications

»» depending on who is interested/willing to convertdepending on who is interested/willing to convert


FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Allocate DREN IPv6 address space (maintaining autonomy)Allocate DREN IPv6 address space (maintaining autonomy)

FY04 goals for the DREN IPv6 pilot (continued)FY04 goals for the DREN IPv6 pilot (continued) Allocate DREN IPv6 address space (maintaining autonomy)Allocate DREN IPv6 address space (maintaining autonomy)


2001 0480 sssn subnet Interface ID/32 /48 /64

DREN Site

/128

sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ site ID site ID (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, F00..FFF = DRENv6 and other test beds), F00..FFF = DRENv6 and other test beds), NOTENOTE: “s” is a hex digit: “s” is a hex digit

Allocate a block of sixteen /48 prefixes to each SDPAllocate a block of sixteen /48 prefixes to each SDP»» Each site behind an SDP is allocated its own /48 Each site behind an SDP is allocated its own /48 »» n = 0..F (for up to 16 sites or enclaves behind each SDP)n = 0..F (for up to 16 sites or enclaves behind each SDP)

Smallest subnet is a /64, even pointSmallest subnet is a /64, even point--toto--point links!point links! Loopback interfaces are /128 (still) Loopback interfaces are /128 (still)

sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ sss = 001..299 Each SDP assigned an arbitrary ‘decimal’ site ID site ID (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, (sss = 000 for DREN NOC and infrastructure, 300..EFF reserved, F00..FFF = DRENv6 and other test beds), F00..FFF = DRENv6 and other test beds), NOTENOTE: “s” is a hex digit: “s” is a hex digit

Allocate a block of sixteen /48 prefixes to each SDPAllocate a block of sixteen /48 prefixes to each SDP»» Each site behind an SDP is allocated its own /48 Each site behind an SDP is allocated its own /48 »» n = 0..F (for up to 16 sites or enclaves behind each SDP)n = 0..F (for up to 16 sites or enclaves behind each SDP)

Smallest subnet is a /64, even pointSmallest subnet is a /64, even point--toto--point links!point links! Loopback interfaces are /128 (still) Loopback interfaces are /128 (still)



FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):facilitate IPv6 deployment into infrastructure at both HPC facilitate IPv6 deployment into infrastructure at both HPC

Centers and selected Service program/project sitesCenters and selected Service program/project sitesEventually, IPv6 deployed locally as part of IPv6 pilotEventually, IPv6 deployed locally as part of IPv6 pilotProvide product availability, functionality, maturity, Provide product availability, functionality, maturity,

standards compliance other lessons learned to HPCstandards compliance other lessons learned to HPC

FY04 goals for the DREN IPv6 pilot (continued):FY04 goals for the DREN IPv6 pilot (continued):facilitate IPv6 deployment into infrastructure at both HPC facilitate IPv6 deployment into infrastructure at both HPC

Centers and selected Service program/project sitesCenters and selected Service program/project sitesEventually, IPv6 deployed locally as part of IPv6 pilotEventually, IPv6 deployed locally as part of IPv6 pilotProvide product availability, functionality, maturity, Provide product availability, functionality, maturity,

standards compliance other lessons learned to HPCstandards compliance other lessons learned to HPCstandards compliance, other lessons learned to HPC standards compliance, other lessons learned to HPC community via the webcommunity via the webstandards compliance, other lessons learned to HPC standards compliance, other lessons learned to HPC community via the webcommunity via the web



Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (throughthrough FY07)FY07)::Facilitate DoD test beds and development efforts to deploy Facilitate DoD test beds and development efforts to deploy

IPv6IPv6Facilitate DoD transition to IPv6Facilitate DoD transition to IPv6

Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (throughthrough FY07)FY07)::Facilitate DoD test beds and development efforts to deploy Facilitate DoD test beds and development efforts to deploy

IPv6IPv6Facilitate DoD transition to IPv6Facilitate DoD transition to IPv6Capture of lessons learned and transfer of experience with Capture of lessons learned and transfer of experience with

IPv6 pilot and DRENv6 test bed to larger DoD community IPv6 pilot and DRENv6 test bed to larger DoD community (See Backup Slides)(See Backup Slides)

Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (beyondbeyond FY07)FY07)::Turn off wideTurn off wide--area native IPv4 support for DREN IPv6 area native IPv4 support for DREN IPv6

pilot resources pilot resources

Capture of lessons learned and transfer of experience with Capture of lessons learned and transfer of experience with IPv6 pilot and DRENv6 test bed to larger DoD community IPv6 pilot and DRENv6 test bed to larger DoD community (See Backup Slides)(See Backup Slides)

Longer term goals Longer term goals for the DREN IPv6 pilot (for the DREN IPv6 pilot (beyondbeyond FY07)FY07)::Turn off wideTurn off wide--area native IPv4 support for DREN IPv6 area native IPv4 support for DREN IPv6

pilot resources pilot resources


Local preparation for IPv6 deploymentLocal preparation for IPv6 deploymentWhat deployment of IPv6 means to a siteWhat deployment of IPv6 means to a site


To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be usingthe warfighter will be using

To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so that itlearn a new protocol and update their program so that it

To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be usingthe warfighter will be using

To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so that itlearn a new protocol and update their program so that itlearn a new protocol and update their program so that it learn a new protocol and update their program so that it works like it used toworks like it used to

To computer users To computer users –– ‘Someone’ updates the software on ‘Someone’ updates the software on their system, and then everything works like it used totheir system, and then everything works like it used to

To system administrators and network managers To system administrators and network managers –– They They learn to support new protocols, update system software (and learn to support new protocols, update system software (and possibly some hardware), and then reconfigure, and then possibly some hardware), and then reconfigure, and then everything works like it used toeverything works like it used to

learn a new protocol and update their program so that it learn a new protocol and update their program so that it works like it used toworks like it used to

To computer users To computer users –– ‘Someone’ updates the software on ‘Someone’ updates the software on their system, and then everything works like it used totheir system, and then everything works like it used to

To system administrators and network managers To system administrators and network managers –– They They learn to support new protocols, update system software (and learn to support new protocols, update system software (and possibly some hardware), and then reconfigure, and then possibly some hardware), and then reconfigure, and then everything works like it used toeverything works like it used to




To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be using. Without having access to an the warfighter will be using. Without having access to an IPv4/IPv6 environment:IPv4/IPv6 environment:Development must occur in an IPv4 environmentDevelopment must occur in an IPv4 environment

Testing would have to be done either:Testing would have to be done either:

To system developers To system developers –– They can develop, test, They can develop, test, andand evaluate evaluate future operational systems using the future operational systems using the samesame environment that environment that the warfighter will be using. Without having access to an the warfighter will be using. Without having access to an IPv4/IPv6 environment:IPv4/IPv6 environment:Development must occur in an IPv4 environmentDevelopment must occur in an IPv4 environment

Testing would have to be done either:Testing would have to be done either:Testing would have to be done either:Testing would have to be done either: First in an IPv4 environment, and then port the First in an IPv4 environment, and then port the

system to an IPv6 environment for regression testing, system to an IPv6 environment for regression testing, oror

After being ported to an IPv6 environment, with any After being ported to an IPv6 environment, with any inconsistencies iteratively fixed back on the separate inconsistencies iteratively fixed back on the separate IPv4 development environmentIPv4 development environment

Evaluation in either case would take more time/effort/ Evaluation in either case would take more time/effort/ moneymoney

Testing would have to be done either:Testing would have to be done either: First in an IPv4 environment, and then port the First in an IPv4 environment, and then port the

system to an IPv6 environment for regression testing, system to an IPv6 environment for regression testing, oror

After being ported to an IPv6 environment, with any After being ported to an IPv6 environment, with any inconsistencies iteratively fixed back on the separate inconsistencies iteratively fixed back on the separate IPv4 development environmentIPv4 development environment

Evaluation in either case would take more time/effort/ Evaluation in either case would take more time/effort/ moneymoney




To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so it works learn a new protocol and update their program so it works like it used tolike it used toThe source code must be availableThe source code must be available

R f RFC 3493 B i S k I f E iR f RFC 3493 B i S k I f E i

To programmers (if their programs now use IPv4) To programmers (if their programs now use IPv4) –– They They learn a new protocol and update their program so it works learn a new protocol and update their program so it works like it used tolike it used toThe source code must be availableThe source code must be available

R f RFC 3493 B i S k I f E iR f RFC 3493 B i S k I f E iReference RFC 3493 Basic Socket Interface Extensions Reference RFC 3493 Basic Socket Interface Extensions for IPv6, February 2003for IPv6, February 2003

Fairly simple series of source code changes:Fairly simple series of source code changes: Replace IPv4Replace IPv4--specific calls “gethostbyname” specific calls “gethostbyname”

“getservbyname” to IPv4/6 “getaddrinfo” calls“getservbyname” to IPv4/6 “getaddrinfo” calls Update socket calls and data structures,Update socket calls and data structures, Et ceteraEt cetera

Reference RFC 3493 Basic Socket Interface Extensions Reference RFC 3493 Basic Socket Interface Extensions for IPv6, February 2003for IPv6, February 2003

Fairly simple series of source code changes:Fairly simple series of source code changes: Replace IPv4Replace IPv4--specific calls “gethostbyname” specific calls “gethostbyname”

“getservbyname” to IPv4/6 “getaddrinfo” calls“getservbyname” to IPv4/6 “getaddrinfo” calls Update socket calls and data structures,Update socket calls and data structures, Et ceteraEt cetera




To programmers (continued) To programmers (continued) –– There are some good There are some good software tools publicly available that can automatically software tools publicly available that can automatically determine if an IPv4 program contains IPdetermine if an IPv4 program contains IP--specific calls, and specific calls, and suggest needed changes. A few are:suggest needed changes. A few are:http://msdn.microsoft.com/library/http://msdn.microsoft.com/library/

IP 6 G id f Wi d S k A li iIP 6 G id f Wi d S k A li i

To programmers (continued) To programmers (continued) –– There are some good There are some good software tools publicly available that can automatically software tools publicly available that can automatically determine if an IPv4 program contains IPdetermine if an IPv4 program contains IP--specific calls, and specific calls, and suggest needed changes. A few are:suggest needed changes. A few are:http://msdn.microsoft.com/library/http://msdn.microsoft.com/library/

IP 6 G id f Wi d S k A li iIP 6 G id f Wi d S k A li i IPv6 Guide for Windows Sockets ApplicationsIPv6 Guide for Windows Sockets Applications Checkv4.exe utility programCheckv4.exe utility program

http://wwws.sun.com/software/solaris/ipv6/http://wwws.sun.com/software/solaris/ipv6/ IPv6 Socket Scrubber IPv6 Socket Scrubber

http://wwws.sun.com/software/solaris/ipv6/porting_guidehttp://wwws.sun.com/software/solaris/ipv6/porting_guide_ipv6.pdf_ipv6.pdf Porting Networking Applications to the IPv6 APIsPorting Networking Applications to the IPv6 APIs

Linux tools also availableLinux tools also available

IPv6 Guide for Windows Sockets ApplicationsIPv6 Guide for Windows Sockets Applications Checkv4.exe utility programCheckv4.exe utility program

http://wwws.sun.com/software/solaris/ipv6/http://wwws.sun.com/software/solaris/ipv6/ IPv6 Socket Scrubber IPv6 Socket Scrubber

http://wwws.sun.com/software/solaris/ipv6/porting_guidehttp://wwws.sun.com/software/solaris/ipv6/porting_guide_ipv6.pdf_ipv6.pdf Porting Networking Applications to the IPv6 APIsPorting Networking Applications to the IPv6 APIs

Linux tools also availableLinux tools also available




To programmers (continued) To programmers (continued) –– Suggestions for writing new programs or Suggestions for writing new programs or rere--writing old ones:writing old ones: Build applicationBuild application--specific address structure in the code.specific address structure in the code. This would This would

typically be a structure that includes the address type, address data, typically be a structure that includes the address type, address data, and optionally address size.and optionally address size. This allows a single structure for This allows a single structure for dealing with multiple address types.dealing with multiple address types.

Build a small set of functions that deal with the above address Build a small set of functions that deal with the above address

To programmers (continued) To programmers (continued) –– Suggestions for writing new programs or Suggestions for writing new programs or rere--writing old ones:writing old ones: Build applicationBuild application--specific address structure in the code.specific address structure in the code. This would This would

typically be a structure that includes the address type, address data, typically be a structure that includes the address type, address data, and optionally address size.and optionally address size. This allows a single structure for This allows a single structure for dealing with multiple address types.dealing with multiple address types.

Build a small set of functions that deal with the above address Build a small set of functions that deal with the above address structures.structures. Functions may include: setting, comparing, printing, etc., Functions may include: setting, comparing, printing, etc., address structures.address structures.

Hostname lookups:Hostname lookups: expect multiple addresses to be returned.expect multiple addresses to be returned. This This should be obvious for hosts with multiple IPv4 addresses, but should be obvious for hosts with multiple IPv4 addresses, but account for several IP addresses (at least 2) per interface.account for several IP addresses (at least 2) per interface. Also, Also, consider linkconsider link--local, multicast, and anycast addresses.local, multicast, and anycast addresses.

When replacing IPv4 addresses in code, rename variables or When replacing IPv4 addresses in code, rename variables or structure members so that the compiler can help you find all structure members so that the compiler can help you find all instances of the address variable that need to be adjustedinstances of the address variable that need to be adjusted

Consider the use of "struct sockaddr_storage" and then cast it to the Consider the use of "struct sockaddr_storage" and then cast it to the appropriate sockaddr_* for the address family.appropriate sockaddr_* for the address family.

structures.structures. Functions may include: setting, comparing, printing, etc., Functions may include: setting, comparing, printing, etc., address structures.address structures.

Hostname lookups:Hostname lookups: expect multiple addresses to be returned.expect multiple addresses to be returned. This This should be obvious for hosts with multiple IPv4 addresses, but should be obvious for hosts with multiple IPv4 addresses, but account for several IP addresses (at least 2) per interface.account for several IP addresses (at least 2) per interface. Also, Also, consider linkconsider link--local, multicast, and anycast addresses.local, multicast, and anycast addresses.

When replacing IPv4 addresses in code, rename variables or When replacing IPv4 addresses in code, rename variables or structure members so that the compiler can help you find all structure members so that the compiler can help you find all instances of the address variable that need to be adjustedinstances of the address variable that need to be adjusted

Consider the use of "struct sockaddr_storage" and then cast it to the Consider the use of "struct sockaddr_storage" and then cast it to the appropriate sockaddr_* for the address family.appropriate sockaddr_* for the address family.




To computer users To computer users –– ‘Someone’ updates the software on their ‘Someone’ updates the software on their system, and then everything works like it used tosystem, and then everything works like it used toAn IT support organization representative, a local systems An IT support organization representative, a local systems

administrator, or a knowledgeable computer user:administrator, or a knowledgeable computer user: Installs patches or a new version of the O/S (Windows Installs patches or a new version of the O/S (Windows

To computer users To computer users –– ‘Someone’ updates the software on their ‘Someone’ updates the software on their system, and then everything works like it used tosystem, and then everything works like it used toAn IT support organization representative, a local systems An IT support organization representative, a local systems

administrator, or a knowledgeable computer user:administrator, or a knowledgeable computer user: Installs patches or a new version of the O/S (Windows Installs patches or a new version of the O/S (Windows p (p (

XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or UNIX patches)UNIX patches)

Installs patches or new versions of the communications, Installs patches or new versions of the communications, WWW, and distributed applications on the systemWWW, and distributed applications on the system

Installs new Kerberos clients Installs new Kerberos clients And, the user would notice very little in the way of new or And, the user would notice very little in the way of new or

improved functionalityimproved functionality

p (p (XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or XP with SP2, Mac OS X 10.2 or 10.3, recent Linux or UNIX patches)UNIX patches)

Installs patches or new versions of the communications, Installs patches or new versions of the communications, WWW, and distributed applications on the systemWWW, and distributed applications on the system

Installs new Kerberos clients Installs new Kerberos clients And, the user would notice very little in the way of new or And, the user would notice very little in the way of new or

improved functionalityimproved functionality




To system administrators and network managers To system administrators and network managers –– They learn They learn to support new protocols, update system software (and to support new protocols, update system software (and possibly some hardware), and then reconfigure, just to keep possibly some hardware), and then reconfigure, just to keep everything working like it used to. They need to:everything working like it used to. They need to:Learn new terminology and concepts. IPv6 is an expanded Learn new terminology and concepts. IPv6 is an expanded

protocol with more configuration optionsprotocol with more configuration options

To system administrators and network managers To system administrators and network managers –– They learn They learn to support new protocols, update system software (and to support new protocols, update system software (and possibly some hardware), and then reconfigure, just to keep possibly some hardware), and then reconfigure, just to keep everything working like it used to. They need to:everything working like it used to. They need to:Learn new terminology and concepts. IPv6 is an expanded Learn new terminology and concepts. IPv6 is an expanded

protocol with more configuration optionsprotocol with more configuration optionsp g pp g pInstall patches or a new version of the computer O/S Install patches or a new version of the computer O/S

(recent Linux or UNIX patches) and router O/S(recent Linux or UNIX patches) and router O/SInstall patches or new versions of the communications, Install patches or new versions of the communications,

WWW, DNS, SNMP, and other distributed applications WWW, DNS, SNMP, and other distributed applications on the systems and routerson the systems and routers

New Kerberos application servers, KDCs, et ceteraNew Kerberos application servers, KDCs, et ceteraAll to notice very little in the way of improved All to notice very little in the way of improved

functionality, but with lots of new choicesfunctionality, but with lots of new choices

p g pp g pInstall patches or a new version of the computer O/S Install patches or a new version of the computer O/S

(recent Linux or UNIX patches) and router O/S(recent Linux or UNIX patches) and router O/SInstall patches or new versions of the communications, Install patches or new versions of the communications,

WWW, DNS, SNMP, and other distributed applications WWW, DNS, SNMP, and other distributed applications on the systems and routerson the systems and routers

New Kerberos application servers, KDCs, et ceteraNew Kerberos application servers, KDCs, et ceteraAll to notice very little in the way of improved All to notice very little in the way of improved

functionality, but with lots of new choicesfunctionality, but with lots of new choices

Defense Research and Engggineering Network IPv6 Pilot ... · DREN IPv6 Pilot Introduction DREN...

Documents

Transcript of Defense Research and Engggineering Network IPv6 Pilot ... · DREN IPv6 Pilot Introduction DREN...