DoD’s IPv6 Transition

Michael Brigbrigm@ncr.disa.mil

DISA/GE44_V

2

UNCLASSIFIED

UNCLASSIFIED

Why IPv6 In The DoD?

• Future Combat Systems Demand:– Ubiquity (IP Centricity)– Mobility (+ Ad-Hoc) – Operability (Security, QOS, NetOps)

IPv4 Cannot Support Future Required Capabilities

• DoD has extensively deployed NATS.– For many reasons.– Even though we have 15% of IPv4 address space.– These are causing problems.

3

UNCLASSIFIED

UNCLASSIFIED

DoD IPv6 Addressing

• IPv6 (128-bit) Provides:– 340,282,366,920,938,463,463,374,607,431,768,211,456

Addresses• .34 duodecillion (1 x 1038)

• DoD Address Request (In Work):– /32 (Have Now) = 1 Internet Equivalent (4.3 Billion Networks)– /16 (2 Years) = .00152% of IPv6 Address Space)– /X (10 Years)– /Y (Reserved)

• 1.8 X 1019 (18,000,000,000,000,000,000) Host Addresses per Network

• Permits Geospatial Addressing– The Soldier is a site (network of networks)

4

UNCLASSIFIED

UNCLASSIFIED

Global “Geospatial” Grid

X.500

GPSSatcom

MobileForce

High-OrderNet Bits

Coordinates

5

UNCLASSIFIED

UNCLASSIFIED

IPv6 Address GridMobile & Ad-Hoc Communications

MOBILE & AD-HOCCOMMUNICATIONS

IPv6 GlobalAddress Grid

6

UNCLASSIFIED

UNCLASSIFIED

Operations & SupportMicro-Electronic Addressing

I-LevelShop-LevelDepot-Level

• Near Real-timeMaintenance Data

• Eye-Level Awareness• Improved Combat Turns

• Supply Requirements• Biometrics• Deployment & Movement

• Fleet Awareness• System Automation• Supply Chain

• Just In Time Delivery

7

UNCLASSIFIED

UNCLASSIFIED

Transition ImplicationsIPv6 Will Touch EVERYTHING

DoDNetworksEdgeC/P/S

Router

WorkStations

Servers

DoDApplications

TacticalRouter

LANLAN

TacticalLAN

DNSRoot &

Infrastructure

MobileDevices

IASecurity

COTSApps

PKI &Directory

FirewallsFiltering

Intrusion Detection

SATCOM

Internet

Command& Control

NetworkManagement

Majority of DoD Resources to:

• Upgrade DoD Applications• Upgrade DoD Networks• End-to-End Engineering• Integrate DoD/Partner Solutions• Develop Mobile/Ad Hoc Capability

Wireless

8

UNCLASSIFIED

UNCLASSIFIED

IPv6 Protocol Impacts

TCP UDP

IP

Network Interface Layer Protocols

BGP DNS BOOTP DHCP RIP RIP-2 RSVP

ICMP EGP IGMP IGMP-2 OSPF

ARP RARP InARP ATMARPInATMARP

Applications

9

UNCLASSIFIED

UNCLASSIFIED

DOD IPv6 Transition Direction*

9 June 2003 DoD(CIO) Memorandum, SUBJECT: IPv6

1. Minimize later transition costs by buying IPv6 capabilities now.

2. Address Enterprise issues early via large scale pilot implementations.

3. Execute an aggressive but thoughtful end-to-end transition.

4. Protect interoperability and security during transition.

Result:

Utilize already programmed technology refresh dollars to fund most of the transition.

Goal:

Complete transition by FY 2008.

10

UNCLASSIFIED

UNCLASSIFIED

Reducing Transition Risks via Pilots

What Constitutes “Proof” that DoD is ready to Complete Transition to IPv6? For Example:

–Demonstrate security of unclass networks ops, classified network ops, –Demonstrate end-to-end interoperability in a mixed IPv4-IPv6 environment–Verify equivalent or better performance than IPv4 based networks–Demonstrate voice, video, data integration–Demonstrate effective operation in low-bandwidth environments–Demonstrate scalability of IPv6 networks–Support mobile users (voice, data and video)–Demonstrate transition techniques–Demonstrate ability to provide netops of networks–Demonstrates tactical deployability and ad hoc networking

11

UNCLASSIFIED

UNCLASSIFIED

DoD IPv6 ProgramTransition Strategy & Critical Path Milestones

Test & Analysis

Initialization

CoreImplementation

Coexistence

IPv6 Native

Acquire IPv6Address Space

TransitionStrategy

FY03-04

FY05-06

~ FY07-9& Beyond

DNSMod

AddressingPlan

EstablishDNSRoot

ApplicationConversionGuidelines

NetworkEarly Adopters

Pilot CoreNetworks

Dual Stack

TestTransitionMechanism

Dual StackEnd-To-End

BeginWeaning

IPv4

Core NetworkIPv4

Tunneling

ApplicationDual Stack

Capable

EdgeNetworks

IPv6 Native

CoreNetworks

IPv6 Native

DoDCosting

DoD IPv6Policy

IAAssessment

Req’tsEngineering

COTSIPv6

Network SW

IA/Firewall

Capabilities

Switch/RouterASIC

Functionality

DoDSoftware

Implementation

IPv6Protocol Suite

Completion

IPv6FunctionalMatching

Full IPv6Integration

FY04-05

FY06-07

NetworkManagement

Tool Int.

All

PILO

TS

12

UNCLASSIFIED

UNCLASSIFIED

Transition Challenges For DoD

•Managing/Resourcing the Transition•Maintaining Interoperability and Security During Transition (and after)•IPv6 in the low-bandwidth/mobile environment•Evolving IPv6 standards/products•Residual Legacy

13

UNCLASSIFIED

UNCLASSIFIED

IPv6 Implementation Management

CIO Executive Board

IPv6 Transition Panel Flag Level

Tran

sitio

n O

ffice DoD IPv6 Transition Office

DISA Transition Panel Secretariat

Management/Coordination

NetworkTransition

Engineering

ApplicationTransition

EngineeringAdvanced

TechnologyOperational

Support

Architecture& Planning

Networks&

InfrastructureApplications

IA &Security

NetworkManagement Standards Test &

IntegrationNetOps

DoDWorking Groups(Topics)

14

UNCLASSIFIED

UNCLASSIFIED

TO ConOps - Context Diagram

OSDWorking Groups

Academia

Marine CorpsAir Force

NavyArmy

Industry

IPv6Transition

Office

NSF

IETF

IPv6 Forum

ARIN

Open Group

PolicyGuidanceReportingReviewsPlanning

Address AcquisitionAddressing Policy

Standards TrackingStandards Creation

Standards Testing

Technology InterchangeIPv6 Research

IPv6 Research Guidance

Contract SupportTechnical InterchangeStandardization & GuidelinesTest & Evaluation

Management & PlanningTechnology InterchangeTech & Policy Review

NATO/Coalitions

Technical Interchange

NAv6TFComponents

FederalAgencies

COCOMS

Product EvaluationProduct TestingProduct CertificationTechnology Interchange

NSAIndustry

AssociationsIC

15

UNCLASSIFIED

UNCLASSIFIED

TO ConOpsService Support

• Requirements Derivation (Engineering)– Develop DoD-Wide Interoperability Requirements– Develop DoD-Wide Derived System Requirements– Promulgate DoD Requirements to Industry & Standardization

• Technical Guidance & Infrastructure– IPv6 Addresses & DNS– Transition Mechanisms– Network Architecture Guidance– Application Development Guidance– IPv6 Capable COTS Availability

• Acquisition Guidance– Develop Acquisition Approach and Mechanisms

• Develop Procurement Strategy• Develop Statements of Work

DoD IPv6

PM Guidebook

DoD IPv6

NetworkEngineer’s

ToolkitDoD IPv6

ApplicationEngineer’s

Toolkit

16

UNCLASSIFIED

UNCLASSIFIED

TO ConOpsServices Support (cont)

• Stand up DoD Test Bed– Implement DoD IPv6 Transition Office Node– Implement ipv6.mil Domain– Develop IPv6 Exchange– Integrate DoD IPv6 Labs– Utilize Integrated DoD & Industry/Academic Labs– Multiply DoD Testbed Capabilities thru Vendor Support (HW/SW/People)

• Execute Knowledge Management Procedures– Implement SoA IPv6 Knowledge Management System

• DoD Internal• IPv6 Community External• Collect, Organize, Sanitize, & Distribute IPv6 Information Resources

– Policy/Document Repository– Technical Guidance Repository– Acquisition Repository

• Guidance• Hardware/Software Capabilities

17

UNCLASSIFIED

UNCLASSIFIED

Planning

DoD IPv6Transition

Plan

DoD IPv6 TO

SEMP

DoD IPv6 TO

Master TestPlan

e.g. DATA

ENTERPRISE ARCHITECTURE - A FRAMEWORK

Builder

SCOPE(CONTEXTUAL)

MODEL(CONCEPTUAL)

ENTERPRISE

Designer

SYSTEMMODEL(LOGICAL)

TECHNOLOGYMODEL(PHYSICAL)

DETAILEDREPRESEN- TATIONS(OUT-OF- CONTEXT)

Sub-Contractor

FUNCTIONINGENTERPRISE

DATA FUNCTION NETWORK

e.g. Data Definition

Ent = FieldReln = Address

e.g. Physical Data Model

Ent = Segment/Table/etc.Reln = Pointer/Key/etc.

e.g. Logical Data Model

Ent = Data EntityReln = Data Relationship

e.g. Semantic Model

Ent = Business EntityReln = Business Relationship

List of Things Importantto the Business

ENTITY = Class ofBusiness Thing

List of Processes theBusiness Performs

Function = Class ofBusiness Process

e.g. "Application Architecture"

I/O = User ViewsProc .= Application Function

e.g. "System Design"

I/O = Screen/Device FormatsProc.= Computer Function

e.g. "Program"

I/O = Control BlockProc.= Language Stmt

e.g. FUNCTION

e.g. Business Process Model

Proc. = Business ProcessI/O = Business Resources

List of Locations in which the Business Operates

Node = Major BusinessLocation

e.g. Logistics Network

Node = Business LocationLink = Business Linkage

e.g. "Distributed System

Node = I/S Function(Processor, Storage, etc)Link = Line Characteristics

e.g. "System Architecture"

Node = Hardware/SystemSoftware

Link = Line Specifications

e.g. "Network Architecture"

Node = AddressesLink = Protocols

e.g. NETWORK

Architecture"

Planner

Owner

Builder

ENTERPRISEMODEL

(CONCEPTUAL)

Designer

SYSTEMMODEL

(LOGICAL)

TECHNOLOGYCONSTRAINED

MODEL(PHYSICAL)

DETAILEDREPRESEN-

TATIONS (OUT-OF

CONTEXT)

Sub-Contractor

FUNCTIONING

MOTIVATIONTIMEPEOPLE

e.g. Rule Specification

End = Sub-conditionMeans = Step

e.g. Rule Design

End = ConditionMeans = Action

e.g., Business Rule Model

End = Structural AssertionMeans =Action Assertion

End = Business ObjectiveMeans = Business Strategy

List of Business Goals/Strat

Ends/Means=Major Bus. Goal/Critical Success Factor

List of Events Significant

Time = Major Business Event

e.g. Processing Structure

Cycle = Processing CycleTime = System Event

e.g. Control Structure

Cycle = Component CycleTime = Execute

e.g. Timing Definition

Cycle = Machine CycleTime = Interrupt

e.g. SCHEDULE

e.g. Master Schedule

Time = Business EventCycle = Business Cycle

List of Organizations

People = Major Organizations

e.g. Work Flow Model

People = Organization UnitWork = Work Product

e.g. Human Interface

People = RoleWork = Deliverable

e.g. Presentation Architecture

People = UserWork = Screen Format

e.g. Security Architecture

People = IdentityWork = Job

e.g. ORGANIZATION

Planner

Owner

to the BusinessImportant to the Business

What How Where Who When Why

Copyright - John A. Zachman, Zachman International

SCOPE(CONTEXTUAL)

Architecture

e.g. STRATEGY ENTERPRISE

e.g. Business Plan

TM

Zachman Institute for Framework Advancement - (810) 231-0531

DoD IPv6 TO

IA Plan

IETF RFC 1886, DNS Extensions to Support IPv6 IETF RFC 3152, Delegation of IPv6. ARPAIETF RFC 2428, FTP Extensions to Support IPv6 and NATsIETF RFC 2470, OSPF for IPv6 IETF RFC 2858, Multiprotocol Extensions for BGP-4 IETF RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain RoutingIETF RFC 2460, Internet Protocol, Version 6 (IPv6) SpecificationIETF RFC 2461, Neighbor Discovery for IP Version 6, (IPv6) IETF RFC 2462, IPv6 Stateless Address Autoconfiguration IETF RFC 2463, Internet Control Message Protocol (ICMPv6) for the IPv6 Specification

MANDATED

DoD IPv6

Address Plan

• Strategic Objectives• Governance• Operational View

• DoD IPv6 TO ConOps• Technical Plan• Schedules• Reviews

IPv6 Standards Profile

18

UNCLASSIFIED

UNCLASSIFIED

Planning

FY04

JointStaff

Criteria

• Demonstrate security and IA.• Demonstrate end-to-end interoperability• Verify IPv6 performance • Demonstrate voice, video, data integration• Demonstrate effective operation in low-bandwidth environments• Demonstrate scalability of IPv6 networks• Support mobile terminals (voice, data, and video)• Demonstrate transition techniques• Demonstrate ability to provide netops of networks• Demonstrate tactical deployment and ad-hoc networking

FY05

FY06

FY07

FY08

GIG-BE(Secret, SCI)NIPRNET GCSS CITS NCES

DREN DISN-LES

NMCI GSRNet DCTS GCCSDeveloper’sGuidance

SIPRNET

ICE2 DCGS CHCS

WARP

GNCST

Net-BLTSNORA

JIVA BCT

Everyone

GCCS

Derived Requirements

Verification/Demonstration Matrix • Derive Engineering Requirements• Develop Demonstration Matrix• Validate JS Criteria• Validate Pilot programs• Develop Validation/Demonstration

Milestones• Integrate Into:

• Transition Plan• SEMP• Master Test Plan• IA Plan

19

UNCLASSIFIED

UNCLASSIFIED

PlanningCorrelation Matrix

DoD IPv6Transition

Plan

Service IPv6Transition

Plans

DoD IPv6 TO

SEMP

ComponentIPv6

Transition

Plans

DoD IPv6

Address Plan

DoD IPv6 TO

Master TestPlan

DoD IPv6 TO

IA Plan