dod's ipv6 transition
TRANSCRIPT
2
UNCLASSIFIED
UNCLASSIFIED
Why IPv6 In The DoD?
• Future Combat Systems Demand:– Ubiquity (IP Centricity)– Mobility (+ Ad-Hoc) – Operability (Security, QOS, NetOps)
IPv4 Cannot Support Future Required Capabilities
• DoD has extensively deployed NATS.– For many reasons.– Even though we have 15% of IPv4 address space.– These are causing problems.
3
UNCLASSIFIED
UNCLASSIFIED
DoD IPv6 Addressing
• IPv6 (128-bit) Provides:– 340,282,366,920,938,463,463,374,607,431,768,211,456
Addresses• .34 duodecillion (1 x 1038)
• DoD Address Request (In Work):– /32 (Have Now) = 1 Internet Equivalent (4.3 Billion Networks)– /16 (2 Years) = .00152% of IPv6 Address Space)– /X (10 Years)– /Y (Reserved)
• 1.8 X 1019 (18,000,000,000,000,000,000) Host Addresses per Network
• Permits Geospatial Addressing– The Soldier is a site (network of networks)
4
UNCLASSIFIED
UNCLASSIFIED
Global “Geospatial” Grid
X.500
GPSSatcom
MobileForce
High-OrderNet Bits
Coordinates
5
UNCLASSIFIED
UNCLASSIFIED
IPv6 Address GridMobile & Ad-Hoc Communications
MOBILE & AD-HOCCOMMUNICATIONS
IPv6 GlobalAddress Grid
6
UNCLASSIFIED
UNCLASSIFIED
Operations & SupportMicro-Electronic Addressing
I-LevelShop-LevelDepot-Level
• Near Real-timeMaintenance Data
• Eye-Level Awareness• Improved Combat Turns
• Supply Requirements• Biometrics• Deployment & Movement
• Fleet Awareness• System Automation• Supply Chain
• Just In Time Delivery
7
UNCLASSIFIED
UNCLASSIFIED
Transition ImplicationsIPv6 Will Touch EVERYTHING
DoDNetworksEdgeC/P/S
Router
WorkStations
Servers
DoDApplications
TacticalRouter
LANLAN
TacticalLAN
DNSRoot &
Infrastructure
MobileDevices
IASecurity
COTSApps
PKI &Directory
FirewallsFiltering
Intrusion Detection
SATCOM
Internet
Command& Control
NetworkManagement
Majority of DoD Resources to:
• Upgrade DoD Applications• Upgrade DoD Networks• End-to-End Engineering• Integrate DoD/Partner Solutions• Develop Mobile/Ad Hoc Capability
Wireless
8
UNCLASSIFIED
UNCLASSIFIED
IPv6 Protocol Impacts
TCP UDP
IP
Network Interface Layer Protocols
BGP DNS BOOTP DHCP RIP RIP-2 RSVP
ICMP EGP IGMP IGMP-2 OSPF
ARP RARP InARP ATMARPInATMARP
Applications
9
UNCLASSIFIED
UNCLASSIFIED
DOD IPv6 Transition Direction*
9 June 2003 DoD(CIO) Memorandum, SUBJECT: IPv6
1. Minimize later transition costs by buying IPv6 capabilities now.
2. Address Enterprise issues early via large scale pilot implementations.
3. Execute an aggressive but thoughtful end-to-end transition.
4. Protect interoperability and security during transition.
Result:
Utilize already programmed technology refresh dollars to fund most of the transition.
Goal:
Complete transition by FY 2008.
10
UNCLASSIFIED
UNCLASSIFIED
Reducing Transition Risks via Pilots
What Constitutes “Proof” that DoD is ready to Complete Transition to IPv6? For Example:
–Demonstrate security of unclass networks ops, classified network ops, –Demonstrate end-to-end interoperability in a mixed IPv4-IPv6 environment–Verify equivalent or better performance than IPv4 based networks–Demonstrate voice, video, data integration–Demonstrate effective operation in low-bandwidth environments–Demonstrate scalability of IPv6 networks–Support mobile users (voice, data and video)–Demonstrate transition techniques–Demonstrate ability to provide netops of networks–Demonstrates tactical deployability and ad hoc networking
11
UNCLASSIFIED
UNCLASSIFIED
DoD IPv6 ProgramTransition Strategy & Critical Path Milestones
Test & Analysis
Initialization
CoreImplementation
Coexistence
IPv6 Native
Acquire IPv6Address Space
TransitionStrategy
FY03-04
FY05-06
~ FY07-9& Beyond
DNSMod
AddressingPlan
EstablishDNSRoot
ApplicationConversionGuidelines
NetworkEarly Adopters
Pilot CoreNetworks
Dual Stack
TestTransitionMechanism
Dual StackEnd-To-End
BeginWeaning
IPv4
Core NetworkIPv4
Tunneling
ApplicationDual Stack
Capable
EdgeNetworks
IPv6 Native
CoreNetworks
IPv6 Native
DoDCosting
DoD IPv6Policy
IAAssessment
Req’tsEngineering
COTSIPv6
Network SW
IA/Firewall
Capabilities
Switch/RouterASIC
Functionality
DoDSoftware
Implementation
IPv6Protocol Suite
Completion
IPv6FunctionalMatching
Full IPv6Integration
FY04-05
FY06-07
NetworkManagement
Tool Int.
All
PILO
TS
12
UNCLASSIFIED
UNCLASSIFIED
Transition Challenges For DoD
•Managing/Resourcing the Transition•Maintaining Interoperability and Security During Transition (and after)•IPv6 in the low-bandwidth/mobile environment•Evolving IPv6 standards/products•Residual Legacy
13
UNCLASSIFIED
UNCLASSIFIED
IPv6 Implementation Management
CIO Executive Board
IPv6 Transition Panel Flag Level
Tran
sitio
n O
ffice DoD IPv6 Transition Office
DISA Transition Panel Secretariat
Management/Coordination
NetworkTransition
Engineering
ApplicationTransition
EngineeringAdvanced
TechnologyOperational
Support
Architecture& Planning
Networks&
InfrastructureApplications
IA &Security
NetworkManagement Standards Test &
IntegrationNetOps
DoDWorking Groups(Topics)
14
UNCLASSIFIED
UNCLASSIFIED
TO ConOps - Context Diagram
OSDWorking Groups
Academia
Marine CorpsAir Force
NavyArmy
Industry
IPv6Transition
Office
NSF
IETF
IPv6 Forum
ARIN
Open Group
PolicyGuidanceReportingReviewsPlanning
Address AcquisitionAddressing Policy
Standards TrackingStandards Creation
Standards Testing
Technology InterchangeIPv6 Research
IPv6 Research Guidance
Contract SupportTechnical InterchangeStandardization & GuidelinesTest & Evaluation
Management & PlanningTechnology InterchangeTech & Policy Review
NATO/Coalitions
Technical Interchange
NAv6TFComponents
FederalAgencies
COCOMS
Product EvaluationProduct TestingProduct CertificationTechnology Interchange
NSAIndustry
AssociationsIC
15
UNCLASSIFIED
UNCLASSIFIED
TO ConOpsService Support
• Requirements Derivation (Engineering)– Develop DoD-Wide Interoperability Requirements– Develop DoD-Wide Derived System Requirements– Promulgate DoD Requirements to Industry & Standardization
• Technical Guidance & Infrastructure– IPv6 Addresses & DNS– Transition Mechanisms– Network Architecture Guidance– Application Development Guidance– IPv6 Capable COTS Availability
• Acquisition Guidance– Develop Acquisition Approach and Mechanisms
• Develop Procurement Strategy• Develop Statements of Work
DoD IPv6
PM Guidebook
DoD IPv6
NetworkEngineer’s
ToolkitDoD IPv6
ApplicationEngineer’s
Toolkit
16
UNCLASSIFIED
UNCLASSIFIED
TO ConOpsServices Support (cont)
• Stand up DoD Test Bed– Implement DoD IPv6 Transition Office Node– Implement ipv6.mil Domain– Develop IPv6 Exchange– Integrate DoD IPv6 Labs– Utilize Integrated DoD & Industry/Academic Labs– Multiply DoD Testbed Capabilities thru Vendor Support (HW/SW/People)
• Execute Knowledge Management Procedures– Implement SoA IPv6 Knowledge Management System
• DoD Internal• IPv6 Community External• Collect, Organize, Sanitize, & Distribute IPv6 Information Resources
– Policy/Document Repository– Technical Guidance Repository– Acquisition Repository
• Guidance• Hardware/Software Capabilities
17
UNCLASSIFIED
UNCLASSIFIED
Planning
DoD IPv6Transition
Plan
DoD IPv6 TO
SEMP
DoD IPv6 TO
Master TestPlan
e.g. DATA
ENTERPRISE ARCHITECTURE - A FRAMEWORK
Builder
SCOPE(CONTEXTUAL)
MODEL(CONCEPTUAL)
ENTERPRISE
Designer
SYSTEMMODEL(LOGICAL)
TECHNOLOGYMODEL(PHYSICAL)
DETAILEDREPRESEN- TATIONS(OUT-OF- CONTEXT)
Sub-Contractor
FUNCTIONINGENTERPRISE
DATA FUNCTION NETWORK
e.g. Data Definition
Ent = FieldReln = Address
e.g. Physical Data Model
Ent = Segment/Table/etc.Reln = Pointer/Key/etc.
e.g. Logical Data Model
Ent = Data EntityReln = Data Relationship
e.g. Semantic Model
Ent = Business EntityReln = Business Relationship
List of Things Importantto the Business
ENTITY = Class ofBusiness Thing
List of Processes theBusiness Performs
Function = Class ofBusiness Process
e.g. "Application Architecture"
I/O = User ViewsProc .= Application Function
e.g. "System Design"
I/O = Screen/Device FormatsProc.= Computer Function
e.g. "Program"
I/O = Control BlockProc.= Language Stmt
e.g. FUNCTION
e.g. Business Process Model
Proc. = Business ProcessI/O = Business Resources
List of Locations in which the Business Operates
Node = Major BusinessLocation
e.g. Logistics Network
Node = Business LocationLink = Business Linkage
e.g. "Distributed System
Node = I/S Function(Processor, Storage, etc)Link = Line Characteristics
e.g. "System Architecture"
Node = Hardware/SystemSoftware
Link = Line Specifications
e.g. "Network Architecture"
Node = AddressesLink = Protocols
e.g. NETWORK
Architecture"
Planner
Owner
Builder
ENTERPRISEMODEL
(CONCEPTUAL)
Designer
SYSTEMMODEL
(LOGICAL)
TECHNOLOGYCONSTRAINED
MODEL(PHYSICAL)
DETAILEDREPRESEN-
TATIONS (OUT-OF
CONTEXT)
Sub-Contractor
FUNCTIONING
MOTIVATIONTIMEPEOPLE
e.g. Rule Specification
End = Sub-conditionMeans = Step
e.g. Rule Design
End = ConditionMeans = Action
e.g., Business Rule Model
End = Structural AssertionMeans =Action Assertion
End = Business ObjectiveMeans = Business Strategy
List of Business Goals/Strat
Ends/Means=Major Bus. Goal/Critical Success Factor
List of Events Significant
Time = Major Business Event
e.g. Processing Structure
Cycle = Processing CycleTime = System Event
e.g. Control Structure
Cycle = Component CycleTime = Execute
e.g. Timing Definition
Cycle = Machine CycleTime = Interrupt
e.g. SCHEDULE
e.g. Master Schedule
Time = Business EventCycle = Business Cycle
List of Organizations
People = Major Organizations
e.g. Work Flow Model
People = Organization UnitWork = Work Product
e.g. Human Interface
People = RoleWork = Deliverable
e.g. Presentation Architecture
People = UserWork = Screen Format
e.g. Security Architecture
People = IdentityWork = Job
e.g. ORGANIZATION
Planner
Owner
to the BusinessImportant to the Business
What How Where Who When Why
Copyright - John A. Zachman, Zachman International
SCOPE(CONTEXTUAL)
Architecture
e.g. STRATEGY ENTERPRISE
e.g. Business Plan
TM
Zachman Institute for Framework Advancement - (810) 231-0531
DoD IPv6 TO
IA Plan
IETF RFC 1886, DNS Extensions to Support IPv6 IETF RFC 3152, Delegation of IPv6. ARPAIETF RFC 2428, FTP Extensions to Support IPv6 and NATsIETF RFC 2470, OSPF for IPv6 IETF RFC 2858, Multiprotocol Extensions for BGP-4 IETF RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain RoutingIETF RFC 2460, Internet Protocol, Version 6 (IPv6) SpecificationIETF RFC 2461, Neighbor Discovery for IP Version 6, (IPv6) IETF RFC 2462, IPv6 Stateless Address Autoconfiguration IETF RFC 2463, Internet Control Message Protocol (ICMPv6) for the IPv6 Specification
MANDATED
DoD IPv6
Address Plan
• Strategic Objectives• Governance• Operational View
• DoD IPv6 TO ConOps• Technical Plan• Schedules• Reviews
IPv6 Standards Profile
18
UNCLASSIFIED
UNCLASSIFIED
Planning
FY04
JointStaff
Criteria
• Demonstrate security and IA.• Demonstrate end-to-end interoperability• Verify IPv6 performance • Demonstrate voice, video, data integration• Demonstrate effective operation in low-bandwidth environments• Demonstrate scalability of IPv6 networks• Support mobile terminals (voice, data, and video)• Demonstrate transition techniques• Demonstrate ability to provide netops of networks• Demonstrate tactical deployment and ad-hoc networking
FY05
FY06
FY07
FY08
GIG-BE(Secret, SCI)NIPRNET GCSS CITS NCES
DREN DISN-LES
NMCI GSRNet DCTS GCCSDeveloper’sGuidance
SIPRNET
ICE2 DCGS CHCS
WARP
GNCST
Net-BLTSNORA
JIVA BCT
Everyone
GCCS
Derived Requirements
Verification/Demonstration Matrix • Derive Engineering Requirements• Develop Demonstration Matrix• Validate JS Criteria• Validate Pilot programs• Develop Validation/Demonstration
Milestones• Integrate Into:
• Transition Plan• SEMP• Master Test Plan• IA Plan