Title: Dr' Chuck Lynch
1DoD IPv6
- Dr. Chuck Lynch
- Chief, DoD IPv6 Transition Office
- 21 Jan 05
2IPv6 Myths
- Address space is the only driving force
- Address space is not a DoD concern
- IPv4 extensions can replicate IPv6 functionality
- Support for large diversity of network devices is
not a DoD end-user concern - IPv6 is primarily relevant to backbone routers,
not end-user applications or micro-electronics - Implementing IPv6 will not impact other network
layers (routers only) - Transition to IPv6 will require a short lead time
and will be accomplished quickly
3IPv6 Capabilities
- IPv6 features functional capabilities
- Expanded address space
- .34 Duodecilion (.34 X 1039)
- Multiple IPv6 addresses per interface
- Simplified header
- Extension headers
- Authentication and privacy
- mandatory IPsec
- Auto-configuration
- provides address mobility
- Source routing (no fragmentation)
- Flow Labels
- Quality of Service (QoS) (potential)
4IPv4 Packet Header20 Bytes
Version IHL TOS
Length
Identification
Flags Fragment Offset
TTL Protocol
Checksum
Source Address
Destination Address
Options and Padding
- Version (4)
- IHL IP Header Length
- TOS Type of Service
- Length size of datagram
- Identification
- Flags fragmentation flags
- Fragment Offset
- TTL Time To Live (hops)
- Protocol transport protocol
- Checksum 16 bit checksum
- Source IPv4 address
- Destination IPv4 address
- Options and padding (add to 20 Bytes)
5IPv6 Packet Header40 Bytes (Fixed Length)
Version
Flow Label
Traffic Class
Payload Length
Next Header
Hop Limit
Source IPv6Address
Destination IPv6 Address
6IPv6 Availability
- Asia and Europe Moving
- Japan and China
- German Ministry of Defense (MoD), UK MoD, Sweden
- Vendors Producing HW and SW
- all OSs
- Microsoft products, Longhorn (06)
- routers (Juniper, Cisco)
- ISP Moving
- NTT Vario (Now)
- Sprint (Now)
- MCI (06)
7Why IPv6 in the DoD?
- Future Combat Systems demand
- Ubiquity (IP Centricity)
- Mobility ( Ad-Hoc)
- Operability (Security, QoS, NetOps)
21st Century Net-Centricity
IPv4 Cannot Support Future Required Capabilities
8DoD IPv6 Mandate
- DoD IPv6 Mandate
- DoD CIO Jun 03 IPv6 by FY08
- DoD CIO Sep 03 acquire IPv6 Capable
products starting Oct 03 - DoD CIO Feb 04 establish DoD IPv6 Transition
Office (To) in DISA (w/10 personnel)
9IPv6 Capable
- Preferable
- Beginning 1 Oct 03 - all GIG assets being
acquired, procured or developed must be IPv6
capable -- i.e. - Compliant with JTA set of standards (including
some basis for compliance) - Migration path/commitment to upgrade as IPv6
evolves - Contractor/vendor technical support
- Maintain interoperability with IPv4 (generally
through dual IP layer) - If not possible, then
- Compliant with policy (if not part of pilot)
- funded contractual commitment to upgrade to IPv6
by FY07 - programmed technology refresh which will be IPv6
capable fielded by FY07 - If that is not possible, then waiver is needed
10Operations SupportMicro-Electronic Addressing
- Near Real-Time
- Maintenance Data
- Base-Level Awareness
- Improved Combat Turns
Base-Level
Shop-Level
Depot-Level
- Supply Requirements
- Biometrics
- Deployment Movement
- Fleet Awareness
- System Automation
- Supply Chain
- Just In Time Delivery
- Pin-Pont Logistics
11The Soldier Is A Network
12IPv6 Address GridMobile Ad-Hoc Communications
IPv6 Global Address Grid
Dynamic Network Convergence via Auto-Configuration
MOBILE AD-HOC COMMUNICATIONS
13IPv6 Impacts
HTTP
FTP
SMTP
Telnet
Application
SNMP
TFTP
NFS
Process/ Application
Presentation
Encryption (SSL) Compression Encoding (MIME)
Session
Host-To-Host
TCP
UDP
Transport
IP
ICMP
Internet
Network
ARP/RARP
Data Link
Network Interface
NIC / Media Access
Transmission Media
Physical
14IPv6 Protocol Impacts
Applications
DHCP
RIP-2
RSVP
BGP
BOOTP
RIP
DNS
TCP
UDP
IGMP-2
OSPF
ICMP
EGP
IGMP
IP
ATMARP InATMARP
ARP
RARP
InARP
Network Interface Layer protocols
15Transition ImplicationsIPv6 will touch EVERYTHING
SATCOM
Network Management
PKI Directory
DNS Root Infrastructure
DoD Applications
Mobile Devices
IA Security
DoD Networks
LAN
LAN
Servers
C/P/S Router
Edge
Work Stations
COTS Apps
Wireless
Command Control
Firewalls Filtering Intrusion Detection
Tactical LAN
Tactical Router
Internet
16DoD IPv6 Transition OfficeMission
- The mission of DOD IPv6 Transition Office (TO)
is to provide the overall coordination, common
engineering solutions, and technical guidance
across DOD to support an integrated and coherent
transition to IPv6.
17 Core Functions
- Actively promote DOD IPv6 interest within the
standards organizations - Ensure the effective management of DOD IPv6
infrastructure assets, including address space
and DNS - Develop common technical solutions for network
transition, C3 applications, and mobility in
support of DOD services and components - Coordinate service and component IPv6 activities
and actively influence the insertion of IPv6
technology - Lead/support IPv6 working groups by providing
technical and secretariat support - 6. Maintain DOD IPv6 transition plans. Ensure
that component and DOD plans are consistent and
supportive - Lead/support detailed guidance and/or policies
for implementation schedules and designs - Coordinate on behalf of DOD, IPv6 related issues
with other Federal Agencies, NATO countries, and
Coalition partners - Track DOD IPv6 transition progress and provide
assessments and recommendations to DOD CIO - Provide a DOD wide IPv6 portal and knowledge base
for information exchange and outreach
18DoD IPv6 Transition Office
JS/MCEB
OSD
DoD IPv6 Leadership
DoD IPv6 Transition Office DISA
Transition Office
IPv6 Transition Steering Group (ITSG)
Transition Engineering
Management/ Coordination
Systems Engineering
Advanced Technology
Operational Support
Architecture Planning WG
IA Security
Networks Infrastructure
Applications
Test Integration
Standards
NetOps
19ConOps - Context Diagram
Joint Staff
OSD
MCEB
NATO/Coalitions
Working Groups
ARIN
- Army
- Navy
- Air Force
- Marine Corp
- Components
- COCOMS
- NSA
IPv6 Transition Office
IETF
Open Group
IC
IPv6 Association
NSF
Federal Agencies
Industry
Academia
20DoD Integration
NII
JS
DoD E2E SE
MCEB
DoD IP Convergence Working Group
Programmatic Issues
IPv6 Transition Steering Group (ITSG)
DoD IPv6 Transition Office
Technical Issues
Army IPv6 Transition Office
Navy IPv6 Transition Office
AF IPv6 Transition Office
DoD IPv6 Architecture Planning WG
MC IPv6 Transition Office
OSD IPv6 Transition Team
Sub-WG
Sub-WG
Sub-WG
21ConOpsServices Support
- Requirements derivation (engineering)
- Develop DoD-wide derived system requirements
- Promulgate DoD requirements to industry
standardization - DoD common engineering
- IPv6 addresses DNS
- Transition mechanisms
- Technical guidance
- Network Engineering Guidance
- Application Development Guidance
- IPv6 capable COTS availability
- Acquisition guidance
- Program Manager Guidance
- DoD test bed
- Integrate DoD IPv6 labs
- Knowledge Management
- Implement IPv6 Knowledge Management System
- Policy/document repository
- Technical guidance repository
- Acquisition repository
DoD IPv6
Network Engineers Toolkit
DoD IPv6
Application Engineers Toolkit
22IPv6 Technology Insertion
- Unprecedented technology insertion effort
- Requires state transitions
- focus on interoperability
- Not all systems will achieve the same state
simultaneously - Rigorous Systems Engineering required to manage
interoperability
IPv4/IPv6 Enclave Initiation
IPv4/IPv6 Parity - All Systems
IPv4/IPv6 Advanced Capability
IPv6 Native
IPv4
IPv4/IPv6 Transport Initiation
New Comms Systems
23IPv6 Systems Engineering
- GE3 SE process compliant
- (MIL-STD-499A, IEEE 1220, DAU SE Guidebook)
- Define time-phased IPv6 milestones
- IPv6 Capable Definitions
- Define critical Systems Engineering functions
- Develop Master Schedule
- Integrate Service Component schedules
- Integrate IP advanced feature schedules
- VoIP, QoS, etc.
- Define test criteria and events
- Consolidate plans
- Execute and refresh
DoD IPv6
Systems Engineering Master Plan
24IPv6 Systems Engineering
Analyze Needs
System Analysis Control
Engineer Validate Reqts
- Develop Sys Architecture
- Design Integrate Sys
- Control Sys Baseline
- Plan Manage Sys Progress
- Review Sys Progress
- Determine
- Needs
- Develop Ops
- Scenarios
- Develop Goal
- Requirements
Analyze Functions/ Allocate
- Develop MEFs
- Derive Eng
- Requirements
- Integrate
- Validate Reqts
- Develop Specs
Design Synthesize
- Analyze
- Functions
- Allocate Reqts
- Resources
- Analyze System
- Elements
- Determine
- Effectiveness
Integrate Test
- Determine
- Alternatives
- Synthesize
- Solutions
- Perform Eng
- Design Tasks
- Design System
- Life-Cycle
- Elements
Evaluate Verify
- Plan Testing
- Conduct
- Element Tests
- Integrate Sys
- Elements
- Conduct
- Integration Tests
- Evaluate Sys
- Functionality
- Evaluate Sys
- Effectiveness
- Verify System
Validation
Verification
25SE WBS
- 1.0 DoD IPv6 Transition Effort
- 1.1 Manage DoD Transition Effort
- 1.2 Perform DoD IPv6 Coordination
- 1.3 Perform DoD IPv6 Systems Engineering
- 1.4 Perform DoD IPv6 Network Engineering
- 1.5 Perform DoD IPv6 Application Engineering
- 1.6 Perform DoD IPv6 IA Engineering
- 1.7 Perform DoD IPv6 Testing
- 1.8 Define and Perform DoD IPv6 Net Management
- Decomposed to over 400 activities
- DoD-wide, not just the TO
26DoD IPv6 Architecture
Transition Requirements Design Parameters
DoD IPv6 Transition
- Strategic Objectives
- Governance
- Operational View
Strategic Reqts
Operational Reqts
Plan
System Reqts
DoD IPv6 TO
- DoD IPv6 TO ConOps
- Technical Plan
- Schedules
- Reviews
Technical Reqts
SEMP
IPv6 Standards Profile
MANDATED
IETF RFC 1886, DNS Extensions to Support IPv6
IETF RFC 3152, Delegation of IPv6. ARPA IETF RFC
2428, FTP Extensions to Support IPv6 and
NATs IETF RFC 2470, OSPF for IPv6 IETF RFC 2858,
Multiprotocol Extensions for BGP-4 IETF RFC
2545, Use of BGP-4 Multiprotocol Extensions for
IPv6 Inter-Domain Routing IETF RFC 2460, Internet
Protocol, Version 6 (IPv6) Specification IETF
RFC 2461, Neighbor Discovery for IP Version 6,
(IPv6) IETF RFC 2462, IPv6 Stateless Address
Autoconfiguration IETF RFC 2463, Internet
Control Message Protocol (ICMPv6) for the IPv6
Specification
DoD IPv6 TO
DoD IPv6 TO
DoD IPv6
Master Test Plan
IA Plan
Address Plan
27Master ScheduleNotional
Acceptance
Preference
Dominance
Equivalence
AO1
AO2
OC
ACN
FOC
AC1
AC2
AC3
Regular Functionality
Intermediate Functionality
Advanced Functionality
Planning
Feasibility Studies
Lab Testing
Field Trials
Pilots
IP Systems
Advanced IPv6 Capabilities
All Communications Systems
Extract IPv4
04
05
06
07
08
09
10
11
12
Beyond
AO Authority to Operate OC Operating
Capability AC Advanced Capability FOC Final
Operating Capability
28IPv6 Capable Terminology
- PRELIMINARY DEFINITIONS
- Authority to Operate 1 (AO1)
- Fundamental functional IPv6 capabilities
essential for initial limited operation - Provide operational experience on a manageable
scale - Authority to Operate 2 (AO2)
- Select subset of IPv6 features and applications
needed for cross domain boundary networking - Operating Capability 1 (OC1)
- Functional parity with IPv4, plus select IPv6
unique features - Operating Capability 2 (OC2)
- Improved functionality and performance through
advanced IPv6 unique features - Represent the significant deployment of IPv6
within the DoD - Final Operating Capability (FOC)
29Milestone Definitions
- AO1 - Authority to use IPv6 within an isolated
network domain (Enclave) - Systems opting to enable IPv6 at AO1 must meet
the AO1 requirements - Fundamental functional capabilities essential for
initial limited operation - AO2 - Authority to use IPv6 across cooperative
multi-domain environments (Transport) - Systems opting to enable IPv6 at AO2 must meet
the AO2 requirements - Individual programs will generally have
additional specific operational and functional
requirements - OC - Represents operational deployments achieved
(Goal) - Functional parity with IPv4 (in FY08) plus select
IPv6 features (e.g. Security) - Required by OSD policy
- AC - Advanced IPv6 capability milestones
30IPv6 Capable Definitions
IPv6 Milestones
IPv6 Criteria
- Ops Requirements
- New Functions
- New Features
- New Applications
Categories
Map Criteria Into Milestones
- Base Protocol
- Transition
- Applications
- Operations
- Net Mgt
- Link Layers
- Routing
- Mobility
Map RFCs Into Categories And Functional Classes
- New Standards
- Emerging Standards
Functional Classes
- End Systems
- Intermediate Systems
- Security Devices
- Applications
Categories Functional Classes Into Levels
- Regular
- Intermediate
- Advanced
- AO1
- AO2
- General IPv6 Reqts
- Specific IA Reqts
- AC
- FOC
- Future Requirements
- OC
- Specific Reqts
- Acquisition Guidance
Verification Matrix
31IPv6 SpecificationExample
32DoD IPv6 Standards Effort
- DoD Technical Leadership
- Technology is the key to the dominance in the
modern warfare - Leadership in standards correlates with technical
leadership - Opportunity to lead Federal Agencies, Coalition
Partners, Applications Developers, Service
Providers, Equipment Vendors, and others - Global Interactions
- Interactions with the brightest members of
industry, government and academia - Forming industry partnerships
- Getting insights into emerging technologies and
innovations
33Standards Complexity
- Hundreds of standards bodies
- Main for IPv6 IETF
- Others for Networking ITU-T, MPLS and Frame
Relay Alliance, Others - Others for Services Open Group, Others
- Thousands of IETF RFCs
- 96 active IETF Working Groups (WG) with some IPv6
context - IPv6 related RFCs
- Standards Track 167
- Informational 87
- Experimental 17
34IPv6 Test BedsPotential
- DoD-Wide Test Bed
- Integrate DoD Labs for IPv6 Engineering
- Utilize Existing Infrastructure (DREN)
- NATO/Coalition Coordination Integration
- Integrate Coalition IPv6 Efforts
- Plan To Work With CFBL To Support Their
Transition To IPv6
35Engineering Lab vs. TE Lab
- Engineering Lab (Validation)
- Live environment
- Constructive demonstration
- Simulated real world
- Optimize integration
- Test scenarios
- including worst case
- TE Lab (Verification)
- Individual tests
- test plans reports
- Clean environment
- Standards conformance
- Does device/software meet specification
36(No Transcript)