the road ahead for dod - ipv6 · the road ahead for dod 9 december 2003 major r.v. dixon, jitc ben...

MOONv6:

The Road Ahead for DoD

9 December 2003

Major R.V. Dixon, JITCBen Schultz, UNH-IOL

2

Agenda

The JITC and UNH IOL Labs

Moonv6 Phase I

Preliminary Findings

Moonv6 Phase II

3

The MOONv6 Demonstration

The Joint Interoperability Test

Command (JITC)

4

JITC Advanced TechnologyIP Laboratory

Certifies equipment for Joint Interoperability

Provides the capability to replicate Joint C4 Architectures

Offers access to services, combatant commands, and agencies within DoD

5

UNH InterOperability Lab (IOL)

Operates as a non-profit lab as part of the University of New Hampshire

Fully funded by the commercial communications industry and thus market driven

Tests 15 different technologies, including IPv6

6

MOONv6 Participating Sites

DISN-LES

DREN

Internet 2

AZ

CA CO

IL MD

MI NH

NJ

SC

SD

VA

UNH-IOLNew Hampshir

SPAWAR - WESTSan Diego, CA

JITC andthe TIC

Ft. HuachucaArizona

MSNOSCQuantico, VA

Ft. MonmouthNew Jersey

SPAWAR - EASTCharleston, SC

Scott AFBIllinois

Internet 2Michigan

NASA Amesnet 2 and DREN

peering point

JITCIndian Head, MD

e

Inter

7

Phase I Interoperability Participants

8

MOONv6 ArchitectureHigh Level Architecture

UNH InteroperabilityNetwork

(Edge Network)

DISN-LES

ScottAFB

Router

Army TICTest Network

Ft MonmouthTest Network

Scott AFBTest Network

MCNOSCTest Network

Ft MonmouthCERDEC

Router

Ft MonmouthCell 1 Router

ARMY TICRouter

CiscoGSR

JITC

Internet 2

SPAWARCharelston

Router

NASAAmes Harvard

JITC IndianHead TestNetwork

MCNOSCRouter

SPAWAR TestNetwork

SPAWARWest

JITC Ft. HuachucaInteroperability Test

Network(Edge Network)

Cisco IOSFirewall

DREN IPv6Network

Satellite

JITC RouterDREN IPv6

Network

DRENATM Router

9

Final Topology Design

• Protocol-specific interoperability testing completed

• The final design has included– Dual Stack Transition– Multi-homed topology– BGP Route aggregation and hierarchical

addressing design– Argument about /64 addressing scheme for point-

to-point links, concluded to add both types, per AS to the network

Final JITC/UNH TopologyInternet Exchange Model

NECBF 5000

132.177.125.1 Microsoft CEGateway

132.177.125.18

Hexago132.177.125.29

AgilentRouterTester

132.177.125.24

AS6

FujitsuGeoStream R920

132.177.125.4

Area 0

6

5

4

9

1

16

14

139

15

12

4

20

21

10

19

11

5

4

3

9

5

6

78

3

4

22

1

3

4

5

18

3

17

Cisco7200

132.177.125.36

MarconiASX-4000

132.177.125.37

Cisco7200

132.177.125.38

HitachiGR 2000-6

132.177.125.3

NECBF730

132.177.125.9

Foundry132.177.125.8

Cisco GSR132.177.125.2

NokiaIP380

132.177.125.11

JuniperM5

132.177.125.10

Procket 2132.177.125.13

IP Infusion132.177.125.5

Cisco7600132.177.125.12

NECIX 2010

132.177.125.30

ExtremeBlack Diamond132.177.125.27

6Wind6100

132.177.125.26

Procket1132.177.125.6

HitachiGR 2000-4

132.177.125.7

6Wind6200

132.177.125.31

ExtremeSummit 48si

132.177.125.16

6Wind132.177.125.20

Cisco7300

132.177.125.22

6Wind6100

132.177.125.21

CheckpointFirewall

132.177.125.14

SpirentAX4000

132.177.125.28SpirentAX4000

132.177.125.17

Ixia132.177.125.19

AgilentRouterTester

132.177.125.23

RR

RR

EMC4 SUN1

Microsoft W2k3Web Server

HP2

HP3

EMC3 Windriver

EMC5

SUN2EMC2

S-NET1Server

Microsoft W2k3ISATAP Client

Microsoft W2k3Media Server

EMC1

Navtel

HP1

Microsoft CEWeb Client

6

4

11

S-NET2Client

7

2

7

IBM Checkpoint+SUN

132.177.125.15

1

6

To Internet2

Ixia132.177.125.35

2

Ixia132.177.125.34

2

Ixia132.177.125.32

6

Spirent132.177.125.33

Microsoft W2k3ISATAP Router132.177.125.39

Microsoft CEMedia Client

DHCPv4 sever132.177.125./26

5

2

8 1

1

8

10

8

9

AS110

AS3Area 0Area 0

7

3

2

1

AS4

Area 0AS2Area 0 3 2

11

Feedback to the Vendorsand DOD

MOONv6 ASSESSMENT

REPORTS

DEC 2003White Paper

DEC 2003

13


• Common network applications– Simple applications such as FTP, TFTP, HTTP,

HTTPS, Telnet, SSH, DNS worked in most cases– Limited implementation with DoD apps

• Base specifications– Mature specs and implementations

• Transition mechanisms– Very important part of the DoD transition phase– RFC 2893, RFC 3056 and ISATAP worked in most

cases

14

Mobility and Security

Basic Mobility proof of concept

Limited number of vendor implementations

IP Security was successful with limited number of mandated RFC’s addressed

Security was proven to work with ICMP and TCP in a Host to Host scenario

Extra time needed to execute extensive testing for Security and Mobility

Must be further investigated in Phase II

15

Routing Protocols

BGP Interoperability was tested in small and larger network scenarios. Rerouting was demonstrated to work in most cases

Larger OSPFv3 networks were built.

Dual IPv4 (OSPFv2) and IPv6 (OSPFv3) operation was enabled.

In the center of these networks a IPV4/OSPFv2 only router was installed.

Rerouting testing was performed with link-down and link metric increase scenarios.

It was discovered that IPv4 packets route through networks differently than IPv6 packets. Network designers need to exercise care in mixed IPv4/IPv6 architectures.

16

Reroute Test Topology for OSPFv2 and OSPFv3 Network

IPv6 TrafficFlow

Metric 4

Metric 4

Metric 4

Metric 4,Link Pulled OR

MetricChanged to 40

Metric 5

Metric 5Metric 5

Area 1

Area 2

IPv4 OnlyRouter

Area 3

Area 0

IPv4 TrafficFlow

17

Additional Findings

The Government-Academia-Commercial partnership is working well to advance IPv6 implementations.

The cooperation of all participants helped

Create the final network design and addressing architecture.

In test item selection for writing of Phase II test plans.

Inter-vendor cooperation at both JITC and UNH greatly facilitated identification and resolution of interoperability issues.

We’re building a solid technical database, not reflected in findings, of how to configure IPv6 systems and architectures.

VTC significantly facilitates distributed testing.

18

Feedback to the Vendorsand DOD

MOONv6 ASSESSMENT

REPORTS

DEC 2003White Paper

DEC 2003

Moonv6 Phase II

20

Phase II Testing

Distributed Network1. E-Mail, PKI, WWW, 2. PPP, VTC, DCTS, 3. IP Security, Mobility, 4. Performance, Anomalies

Local Network1. Node Specifications2. Routing Protocols3. Conformance4. Anomalies

21

Possible Phase II Test Items

More Detailed Security and Mobility TestingMore Detailed Routing Protocol Testing, possibly IS-ISNetwork Stability – clearly define (routing convergence, delay, reordering, long-term traffic forwarding)Network ManagementMulticast and Multimedia Streaming VoIP and Video TeleconferencingDNS Performance TestingContent Delivery NetworkPPPEdge and Tactical Network TestingCommercial Carrier Connectivity and Peering testsMPLS Services for IPv6

22

Moonv6 Phase II Timeline

• Test success requires a stable network prior to beginning testing

ID Task Name Start End DurationFeb 2004

3/213/72/22 4/43/142/1

1 5d2/6/20042/2/2004E-mail

2 5d2/6/20042/2/2004PKI

3 5d2/6/20042/2/2004WWW

4 5d2/13/20042/9/2004PPP

5 5d2/13/20042/9/2004VTC

6 5d2/20/20042/16/2004DCTS

7 10d3/5/20042/23/2004Mobility

8 5d3/5/20043/1/2004Security

9 5d3/19/20043/15/2004Performance/Network Load

10 8d3/31/20043/22/2004Link Failures

Mar 2004

3/28

Apr 2004

4/182/29

11 7d4/9/20044/1/2004Router Conformance and Interop

13 10d4/29/20044/16/2004Report

2/8 2/15 4/11

12 5d4/16/20044/12/2004Data Analysis

23

Phase II Keys to Success• Validate network stability prior to test

• Provide appropriate access to all participating vendors

• Isolate intrusive testing from non-intrusive testing

• Tune participation at remote sites to their capacity/willingness

• Manage scope creep

Questions?

Back-up Slides

26

Local Test Network(FHU and/or UNH)

Ethernet

Ethernet Ethernet

Ethernet

GigE LX or SX

100 Base T

100 Base T

ATM OC-3

Computer Server

ComputerServer

Server

Laptop

Printer

Printer

PDA

PDA

Router

Router Router

Router

Workstation

Workstation

IBM Compatible

Server

Computer

Computer

Computer

Printer

XX

XX

IPv4-OnlyNetwork

IPv6-OnlyNetwork

27

Network Segregation

Addressing, DNS, Addressing, DNS, SNMP, SecuritySNMP, Security

DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer

DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA

PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian

Head, IP Security

DNS, DCTS, E-Mail, Web

DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA

Node Specs., RoutingProtocols, Transition Mechanisms

Scott

CECOM

MCNOSC

IndianHead

Additional Distributed Nodes as participation

grows.

Native v6 over MPLS-AT&T Red Net

Native v6 over MPLS-AT&T Blue Net

Existing Transport (Phase I)

UNH

JITC

28

Phase II Transition MechanismArchitecture

DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,

Correspondent Node, Security



Head




Scott

CECOM

MCNOSC

IndianHead

UNH

JITC

Native v6 over MPLS-AT&T Red Net

Native v6 over MPLS-AT&T Blue Net

Configured Tunnel

Automatic Tunnel

Encapsulated v4

29

Moonv6 Phase II WWW and E-mail

Ethernet

Ethernet

Ethernet

Ethernet

Ethernet




Head, IP Security




Scott

CECOM

MCNOSC

Indian Head

UNH

JITC

Ethernet

WWW Server

WWW Server

WWW Server

WWW Server

WWW Server

WWW Server

Web/Mail Client

Web/Mail Client

Web/Mail Client

Web/Mail Client

Web/Mail Client

Web/Mail Client

Mail Server Mail Server

Mail Server

Mail Server

Mail Server

Mail Server

30

MOONv6 PKI Architecture

Ethernet

Ethernet




Head, IP Security




Scott

CECOM

MCNOSC

Indian Head

UNH

JITC

Native v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net

Configured TunnelAutomatic TunnelEncapsulated v4

Workstation Workstation

PKIServer

31

Phase II DMS Architecture

E th e rn e t

E th e rn e t

E th e rn e t

E th e rn e t

E th e rn e t

D N S , D C T S , E -M a il, W e b , W ire le s s M o b ileN o d e s o ff J IT C H A , C o r re s o n d e n t N o d e s ,IP S e c u r ity , N o d e S p e c s . , R o u tin gP ro to c o ls , T ra n s it io n M e c h a n is m s ,L in k L a y e r , P h y s ic a l L a y e r

D C T S , V T C , E -M a il, W ire le s s M o b ile N o d e s o ffM C N O S C H A

P K I, D C T S , X .5 0 0 o r L D A P , E -M a il, H o m eA g e n t & C o rre s p o n d e n t N o d e s fo r In d ia n

H e a d , IP S e c u r ity

D N S , D C T S , E -M a il, W e b

D M S , D C T S , W e b , E -M a il, M o b ile N o d e s o ff J IT C H A

N o d e S p e c s ., R o u tin gP ro to c o ls , T ra n s it io n M e c h a n is m s

S c o tt

C E C O M

M C N O S C

In d ia nH e a d

U N H

J IT C

E th e rn e t

D M S C lie n t

D M S C lie n t

D M S C lie n t

D M S C lie n t

D M S C lie n t D M S S e rv e r

D M S S e rv e r(O p t io n a l)

32

Phase II VTC Architecture

33

DCTS Architecture

34

Ethernet

Ethernet

Ethernet

DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,

Correspondent Node, Security



Head




Scott

CECOM

MCNOSC

IndianHead

UNH

JITC

CISCOSYSTEMS

CN

Ethernet

CISCOSYSTEMS HA

Ethernet

CISCOSYSTEMS HA

WirelessMobile Nodes

WirelessMobile Nodes

Mobile Node

Mobile NodeNative v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net

Configured TunnelAutomatic TunnelEncapsulated v4

CISCOSYSTEMS

CN

CN

Ethernet

CISCOSYSTEMS

Ethernet

CISCOSYSTEMS

Phase II Mobility Architecture

35

Phase II IP Security Testing

Ethernet

Ethernet




Head, IP Security




Scott

CECOM

MCNOSC

IndianHead

UNH

JITC

Ethernet

IP SecEnabled

Host

IP SecEnabled

Host

IP SecEnabled

Host

IP SecEnabled

Host

the road ahead for dod - ipv6 · the road ahead for dod 9 december 2003 major r.v. dixon, jitc ben...

Documents