the road ahead for dod - ipv6 · the road ahead for dod 9 december 2003 major r.v. dixon, jitc ben...
TRANSCRIPT
MOONv6:
The Road Ahead for DoD
9 December 2003
Major R.V. Dixon, JITCBen Schultz, UNH-IOL
2
Agenda
The JITC and UNH IOL Labs
Moonv6 Phase I
Preliminary Findings
Moonv6 Phase II
3
The MOONv6 Demonstration
The Joint Interoperability Test
Command (JITC)
4
JITC Advanced TechnologyIP Laboratory
Certifies equipment for Joint Interoperability
Provides the capability to replicate Joint C4 Architectures
Offers access to services, combatant commands, and agencies within DoD
5
UNH InterOperability Lab (IOL)
Operates as a non-profit lab as part of the University of New Hampshire
Fully funded by the commercial communications industry and thus market driven
Tests 15 different technologies, including IPv6
6
MOONv6 Participating Sites
DISN-LES
DREN
Internet 2
AZ
CA CO
IL MD
MI NH
NJ
SC
SD
VA
UNH-IOLNew Hampshir
SPAWAR - WESTSan Diego, CA
JITC andthe TIC
Ft. HuachucaArizona
MSNOSCQuantico, VA
Ft. MonmouthNew Jersey
SPAWAR - EASTCharleston, SC
Scott AFBIllinois
Internet 2Michigan
NASA Amesnet 2 and DREN
peering point
JITCIndian Head, MD
e
Inter
7
Phase I Interoperability Participants
8
MOONv6 ArchitectureHigh Level Architecture
UNH InteroperabilityNetwork
(Edge Network)
DISN-LES
ScottAFB
Router
Army TICTest Network
Ft MonmouthTest Network
Scott AFBTest Network
MCNOSCTest Network
Ft MonmouthCERDEC
Router
Ft MonmouthCell 1 Router
ARMY TICRouter
CiscoGSR
JITC
Internet 2
SPAWARCharelston
Router
NASAAmes Harvard
JITC IndianHead TestNetwork
MCNOSCRouter
SPAWAR TestNetwork
SPAWARWest
JITC Ft. HuachucaInteroperability Test
Network(Edge Network)
Cisco IOSFirewall
DREN IPv6Network
Satellite
JITC RouterDREN IPv6
Network
DRENATM Router
9
Final Topology Design
• Protocol-specific interoperability testing completed
• The final design has included– Dual Stack Transition– Multi-homed topology– BGP Route aggregation and hierarchical
addressing design– Argument about /64 addressing scheme for point-
to-point links, concluded to add both types, per AS to the network
Final JITC/UNH TopologyInternet Exchange Model
NECBF 5000
132.177.125.1 Microsoft CEGateway
132.177.125.18
Hexago132.177.125.29
AgilentRouterTester
132.177.125.24
AS6
FujitsuGeoStream R920
132.177.125.4
Area 0
6
5
4
9
1
16
14
139
15
12
4
20
21
10
19
11
5
4
3
9
5
6
78
3
4
22
1
3
4
5
18
3
17
Cisco7200
132.177.125.36
MarconiASX-4000
132.177.125.37
Cisco7200
132.177.125.38
HitachiGR 2000-6
132.177.125.3
NECBF730
132.177.125.9
Foundry132.177.125.8
Cisco GSR132.177.125.2
NokiaIP380
132.177.125.11
JuniperM5
132.177.125.10
Procket 2132.177.125.13
IP Infusion132.177.125.5
Cisco7600132.177.125.12
NECIX 2010
132.177.125.30
ExtremeBlack Diamond132.177.125.27
6Wind6100
132.177.125.26
Procket1132.177.125.6
HitachiGR 2000-4
132.177.125.7
6Wind6200
132.177.125.31
ExtremeSummit 48si
132.177.125.16
6Wind132.177.125.20
Cisco7300
132.177.125.22
6Wind6100
132.177.125.21
CheckpointFirewall
132.177.125.14
SpirentAX4000
132.177.125.28SpirentAX4000
132.177.125.17
Ixia132.177.125.19
AgilentRouterTester
132.177.125.23
RR
RR
EMC4 SUN1
Microsoft W2k3Web Server
HP2
HP3
EMC3 Windriver
EMC5
SUN2EMC2
S-NET1Server
Microsoft W2k3ISATAP Client
Microsoft W2k3Media Server
EMC1
Navtel
HP1
Microsoft CEWeb Client
6
4
11
S-NET2Client
7
2
7
IBM Checkpoint+SUN
132.177.125.15
1
6
To Internet2
Ixia132.177.125.35
2
Ixia132.177.125.34
2
Ixia132.177.125.32
6
Spirent132.177.125.33
Microsoft W2k3ISATAP Router132.177.125.39
Microsoft CEMedia Client
DHCPv4 sever132.177.125./26
5
2
8 1
1
8
10
8
9
AS110
AS3Area 0Area 0
7
3
2
1
AS4
Area 0AS2Area 0 3 2
11
Feedback to the Vendorsand DOD
MOONv6 ASSESSMENT
REPORTS
DEC 2003White Paper
DEC 2003
Preliminary Findings
13
Preliminary Findings
• Common network applications– Simple applications such as FTP, TFTP, HTTP,
HTTPS, Telnet, SSH, DNS worked in most cases– Limited implementation with DoD apps
• Base specifications– Mature specs and implementations
• Transition mechanisms– Very important part of the DoD transition phase– RFC 2893, RFC 3056 and ISATAP worked in most
cases
14
Mobility and Security
Basic Mobility proof of concept
Limited number of vendor implementations
IP Security was successful with limited number of mandated RFC’s addressed
Security was proven to work with ICMP and TCP in a Host to Host scenario
Extra time needed to execute extensive testing for Security and Mobility
Must be further investigated in Phase II
15
Routing Protocols
BGP Interoperability was tested in small and larger network scenarios. Rerouting was demonstrated to work in most cases
Larger OSPFv3 networks were built.
Dual IPv4 (OSPFv2) and IPv6 (OSPFv3) operation was enabled.
In the center of these networks a IPV4/OSPFv2 only router was installed.
Rerouting testing was performed with link-down and link metric increase scenarios.
It was discovered that IPv4 packets route through networks differently than IPv6 packets. Network designers need to exercise care in mixed IPv4/IPv6 architectures.
16
Reroute Test Topology for OSPFv2 and OSPFv3 Network
IPv6 TrafficFlow
Metric 4
Metric 4
Metric 4
Metric 4,Link Pulled OR
MetricChanged to 40
Metric 5
Metric 5Metric 5
Area 1
Area 2
IPv4 OnlyRouter
Area 3
Area 0
IPv4 TrafficFlow
17
Additional Findings
The Government-Academia-Commercial partnership is working well to advance IPv6 implementations.
The cooperation of all participants helped
Create the final network design and addressing architecture.
In test item selection for writing of Phase II test plans.
Inter-vendor cooperation at both JITC and UNH greatly facilitated identification and resolution of interoperability issues.
We’re building a solid technical database, not reflected in findings, of how to configure IPv6 systems and architectures.
VTC significantly facilitates distributed testing.
18
Feedback to the Vendorsand DOD
MOONv6 ASSESSMENT
REPORTS
DEC 2003White Paper
DEC 2003
Moonv6 Phase II
20
Phase II Testing
Distributed Network1. E-Mail, PKI, WWW, 2. PPP, VTC, DCTS, 3. IP Security, Mobility, 4. Performance, Anomalies
Local Network1. Node Specifications2. Routing Protocols3. Conformance4. Anomalies
21
Possible Phase II Test Items
More Detailed Security and Mobility TestingMore Detailed Routing Protocol Testing, possibly IS-ISNetwork Stability – clearly define (routing convergence, delay, reordering, long-term traffic forwarding)Network ManagementMulticast and Multimedia Streaming VoIP and Video TeleconferencingDNS Performance TestingContent Delivery NetworkPPPEdge and Tactical Network TestingCommercial Carrier Connectivity and Peering testsMPLS Services for IPv6
22
Moonv6 Phase II Timeline
• Test success requires a stable network prior to beginning testing
ID Task Name Start End DurationFeb 2004
3/213/72/22 4/43/142/1
1 5d2/6/20042/2/2004E-mail
2 5d2/6/20042/2/2004PKI
3 5d2/6/20042/2/2004WWW
4 5d2/13/20042/9/2004PPP
5 5d2/13/20042/9/2004VTC
6 5d2/20/20042/16/2004DCTS
7 10d3/5/20042/23/2004Mobility
8 5d3/5/20043/1/2004Security
9 5d3/19/20043/15/2004Performance/Network Load
10 8d3/31/20043/22/2004Link Failures
Mar 2004
3/28
Apr 2004
4/182/29
11 7d4/9/20044/1/2004Router Conformance and Interop
13 10d4/29/20044/16/2004Report
2/8 2/15 4/11
12 5d4/16/20044/12/2004Data Analysis
23
Phase II Keys to Success• Validate network stability prior to test
• Provide appropriate access to all participating vendors
• Isolate intrusive testing from non-intrusive testing
• Tune participation at remote sites to their capacity/willingness
• Manage scope creep
Questions?
Back-up Slides
26
Local Test Network(FHU and/or UNH)
Ethernet
Ethernet Ethernet
Ethernet
GigE LX or SX
100 Base T
100 Base T
ATM OC-3
Computer Server
ComputerServer
Server
Laptop
Printer
Printer
PDA
PDA
Router
Router Router
Router
Workstation
Workstation
IBM Compatible
Server
Computer
Computer
Computer
Printer
XX
XX
IPv4-OnlyNetwork
IPv6-OnlyNetwork
27
Network Segregation
Addressing, DNS, Addressing, DNS, SNMP, SecuritySNMP, Security
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
Additional Distributed Nodes as participation
grows.
Native v6 over MPLS-AT&T Red Net
Native v6 over MPLS-AT&T Blue Net
Existing Transport (Phase I)
UNH
JITC
28
Phase II Transition MechanismArchitecture
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,
Correspondent Node, Security
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
Native v6 over MPLS-AT&T Red Net
Native v6 over MPLS-AT&T Blue Net
Configured Tunnel
Automatic Tunnel
Encapsulated v4
29
Moonv6 Phase II WWW and E-mail
Ethernet
Ethernet
Ethernet
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
Indian Head
UNH
JITC
Ethernet
WWW Server
WWW Server
WWW Server
WWW Server
WWW Server
WWW Server
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Mail Server Mail Server
Mail Server
Mail Server
Mail Server
Mail Server
30
MOONv6 PKI Architecture
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
Indian Head
UNH
JITC
Native v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net
Configured TunnelAutomatic TunnelEncapsulated v4
Workstation Workstation
PKIServer
31
Phase II DMS Architecture
E th e rn e t
E th e rn e t
E th e rn e t
E th e rn e t
E th e rn e t
D N S , D C T S , E -M a il, W e b , W ire le s s M o b ileN o d e s o ff J IT C H A , C o r re s o n d e n t N o d e s ,IP S e c u r ity , N o d e S p e c s . , R o u tin gP ro to c o ls , T ra n s it io n M e c h a n is m s ,L in k L a y e r , P h y s ic a l L a y e r
D C T S , V T C , E -M a il, W ire le s s M o b ile N o d e s o ffM C N O S C H A
P K I, D C T S , X .5 0 0 o r L D A P , E -M a il, H o m eA g e n t & C o rre s p o n d e n t N o d e s fo r In d ia n
H e a d , IP S e c u r ity
D N S , D C T S , E -M a il, W e b
D M S , D C T S , W e b , E -M a il, M o b ile N o d e s o ff J IT C H A
N o d e S p e c s ., R o u tin gP ro to c o ls , T ra n s it io n M e c h a n is m s
S c o tt
C E C O M
M C N O S C
In d ia nH e a d
U N H
J IT C
E th e rn e t
D M S C lie n t
D M S C lie n t
D M S C lie n t
D M S C lie n t
D M S C lie n t D M S S e rv e r
D M S S e rv e r(O p t io n a l)
32
Phase II VTC Architecture
33
DCTS Architecture
34
Ethernet
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,
Correspondent Node, Security
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
CISCOSYSTEMS
CN
Ethernet
CISCOSYSTEMS HA
Ethernet
CISCOSYSTEMS HA
WirelessMobile Nodes
WirelessMobile Nodes
Mobile Node
Mobile NodeNative v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net
Configured TunnelAutomatic TunnelEncapsulated v4
CISCOSYSTEMS
CN
CN
Ethernet
CISCOSYSTEMS
Ethernet
CISCOSYSTEMS
Phase II Mobility Architecture
35
Phase II IP Security Testing
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
Ethernet
IP SecEnabled
Host
IP SecEnabled
Host
IP SecEnabled
Host
IP SecEnabled
Host