New Vistas for IPv6
RELEASE OF OPERATING SYSTEM SEEN SPURRING DEFENSE TRANSITION TO LATEST VERSION OF THE INTERNET.
The consumer market received its introduction to the new Internet Protocol version 6 (IPv6) at the end of January, whenMicrosoft introduced its Windows Vista operating system. But much of the general public remains in the dark about the capabilities of the new protocol, with its vastly increased number of Internet addresses.
Despite a deadline to transition the irnetwork backbone infrastructure over to IPv6 from the current IPv4 standard bymid-2008, analysts say many military and civilian workers at Department of Defense and the rest of the federal government also remain in the dark about IPv6 capabilities.
Up to this point, DoD people have hadvery little reason to get excited about the move to IPv6, acknowledged Sean Siler,program manager for IPv6 deployment and field readiness at Microsoft.
“There are a lot of things to consider,and one of the things that I hear quite a bit is, ‘What is the killer app?’ and, ‘What is going to drive this big change?’ The truth of the matter is that there really is no killer app right now, nor can there be in my opinion at least until we get the infrastructurein place and people start using it and trying to solve business problems with the new protocols,” Siler said.
“In the absence of that, what gets people excited about it? So far, it’s been nothing. Nobody has been very excited about it. Even in the DoD and federal civilian space, they are making plans and they are doing it, but it really is only because they have been told to in a lot of cases,” he added.
The most anticipated result of the change will be the increase of remaining IP addresses from several billion to a virtually unlimited number, sufficient to give every networked device on Earth its own unique location in cyberspace. But beyond solving the looming address shortage for the Internet, advocates say, IPv6 holds out the promise of fundamental changes in information operations by the military, government and industry.
Many dedicated and intelligent network administrators,engineers and others are working hard on the challenges of IPv6 migration,Siler stressed, but the change hasn’t caught the imagination of the information technology community as a whole.
With the emergence of Windows Vista for desktops and Windows Longhorn for servers, however, DoD personnel have something tangible to use and examine when it comes to IPv6. Both use IPv6 packets by default, and a network set up with that software and IPv6-compliant hardware would begin to realize some of the benefits of using the new protocol,Siler noted, adding, “We really see this as kind of the tipping point.”
Other operating systems make use of IPv6, but Microsoft’s market share, coupled with the standardization across many defense agencies on Microsoft platforms, ensure widespread adoption of the new protocol in some sectors over time.
Meanwhile, the federal government, and DoD in particular, are leading the charge, and a variety of companies are lining up to help them take full advantage of the change.
AGGRESSIVE APPROACH
A 2003 memorandum on IPv6 from the DoD chief information officer directed defense agencies to take an aggressive approach to implementing IPv6.
The Defense Information Systems Agency (DISA) is engaged in conversations and planning with industry and other defense agencies to ensure a smooth transition to IPv6, according to an agency spokesman. The CIO memo noted, for example, that network personnel might need to resolve some security issues before implementing IPv6 on DoD networks carrying operations traffic.
“Thus, for the IPv6 transition to move forward, it is essential that security issues be addressed and resolved on a progressive basis,” the spokesman said. “Security vulnerabilities may exist during the transition period when IPv6 product lines have not yet caught up with existing IPv4 capabilities in areas such as firewalls and intrusion detection systems.
“Advanced IPv6 features are expected to improve DoD’s overall security, such as widespread use of end-to-end authentication or encryption,” the spokesman emphasized. “Some of our other challenges in making the transitions fall within six categories: networking and infrastructure, information assurance, applications, standards, training and funding.”
Microsoft’s Siler noted that talking to DoD is a big part of his job. “I have been in constant communication with the transition offices from Army, Navy and Air Force, from DISA, and with many of the federal agencies as well,” he explained. “I have been communicating with each of them because many of them have questions. They want to get technical information as well as overall guidance. They want to find out some lessonslearned from our internal migration to IPv6.”
Siler said he has participated in many strategy meetings on the return on investment and the business value regarding IPv6, as well as many of the practical advantages to the transition to the new protocol.
One of the big practical advantages comes in the formof seamless networks. IPv6 networks have the capability to accept new devices instantaneously compared with their IPv4 counterparts, which are rather inflexible.
In an IPv4 network, an administrator could connect some computers and assign IP addresses to them and, with the proper infrastructure, everything would work. But once anyone tries to move a computer device from one network to another, calamity often ensues.
For example, a warfighter might attempt to move his laptop from a network at one base to a network in another. “Most of the time, these networks have overlapping address space,” Siler noted. “When you try to merge them or move machines or whatever, you get IP address conflicts and things like this start arising. Really these networks become very set and very sedentary. Once you make a network, it stays there forever.”
IPv6 uses a different standard than that defined in RFC 1918, which is the address allocation standard for IPv4, so joining new computers together becomes seamless. IPv6 also includes a mobility characteristic that enables a warfighting unit to deploy to the field and move around, even to different nations.
“And as they keep moving around, my headquarters back at base only has to keep sending packets of data to one place, the home router. That home router keeps track of where the deployed unit keeps moving. That way, my routing table stays fairly constant and I don’t have to worry about constantly updating a large number of routes. It makes things much smoother in terms of deployability for the military,” he said.
But Siler stressed that successfully using such capabilities requires testing and training on the part of those preparing to adopt the new protocol—particularly security architects and administrators. He recommended that each organization establish a test lab with some computers running Windows Vista in order to study the IPv6 protocol. Doing so is an inexpensive yet effective way to examine IPv6 capabilities and configurations.
“By default, v6 is not any more or less secure than v4, but it is different. There are things you need to be aware of. So training really becomes the first step in this migration process,” Siler said.
TRANSITION SERVICES
Cisco Systems has been fielding questions on IPv6 transition as well, leveraging its history and knowledge of networking hardware to advise defense activities on how to proceed. Indeed, Cisco began introducing IPv6 to the operating system of its routing infrastructure back in 2001 to prepare for the eventual transition to the protocol, recalled David West, director for field operations at the Cisco Federal Center of Excellence and head of the federal and worldwide IPv6 task force for Cisco.
Many networking offices may have questions about running IPv6 alongside IPv4 in a “dual stack” configuration in order to support legacy applications, West noted. “There is also legacy equipment out there that may not have the memory or could never run the memory or can’t hold the load or can’t provide the performance required to run a dual-stack network.”
Many of those devices would requirereplacement with new products, although many of the routers and switches introduced in the last few years could upgrade to IPv6 with a software patch.
Concerns over capability with IPv6 have led Cisco to develop services capabilities to augment its product offerings, West added.
“We have developed a services practice to help our customers make this transition,” he commented. “It’s going to be a long and difficult transition. In many cases, our customers do not have the in-house expertise to really understand how to make this move to IPv6, so we have built services practices to help advice them and to help move them along in that process.”
To support federal customers, Cisco listened to their feedback and developed a network assessment tool that can determine the compliance of network infrastructure with IPv6. The tool enables information technology professionals to automatically examine their network capabilities and then determine if they are capable of sustaining IPv6, or if they require upgrades.
It’s important that the military recognizes the business applicability and the return on investment realized by the transition to the IPv6 protocol, West contended. “In military terms, if I’m a warfighter out there and I’m on the battlefield and there are sensors out there, I can communicate directly with the sensors. If there is a UAV flying overhead, I would be able to seamlessly communicate with that device to pull down imagery.
“If I showed up with a coalition partner or NATO partner and we needed to communicate, to allow that communication to happen so that we could continue our operations without having to stop and reconfigure to make communications possible,” he continued. “The promise of IPv6 is that communications will no longer be hindered by having to reach back to some location to do the translation. You and I, who don’t know each other when we show up to fight on a battlefield, would be able to communicate seamlessly with one another if implemented and done in the way that IPv6 and the standards allow.”
IPv6 provides an essentially infinite amount of IP addresses, West observed, thus opening up the possibility that many individual devices could receive compatible IP addresses and communicate directly with warfighters through a computing device of choice. No longer would warfighters require bridging devices to enable communications.
But while much of the focus now is on the network transition and upgrading hardware, West urged information technology professionals to also begin to ponder business applicability, value-added services and new capabilities that will emerge after the IPv6 transition.
“That’s where the real return is,” West stated. “So as we make this move to IPv6, it’s not just about moving to a new protocol, especially as you talk to businesses. It’s truly about return on investment, business applicability, profitability, productivity and mission effectiveness. That’s what v6 has to enable. As we move down this road and as more customers move to IPv6 and into this dual-stack environment and as more vendors such as Microsoft and their partners start to develop new applications, the promise of v6 will become very evident.”
HOLISTIC TRAINING
The task of training personnel up on IPv6 falls to specialized centers with the people, information and resources to bring their students up to speed on mission-critical capabilities. One of those companies, Command Information, emphasizes its holistic approach to IPv6 services.
The company offers the Command Information Training Laboratory to federal employees, who have been using it to learn the ins and outs of IPv6 in recent years. But Command Federal has been making a subtle shift in its training strategy recently, according to David Kriegman, president of Command Federal, the federal arm of Command Information.
“What we are starting to see now and what Command Information is emphasizing is how to take advantage of the features of the IPv6 to really improve the mission,” Kriegman said. “So we see the next step as how to now take advantage of those features and do the mission functions better.
“A lot of what we have been emphasizing is education in a broad sense, not just hands-on training,” he added. “It’s important to get the programmers and the information assurance people and everybody understanding how to do it. But we also need to educate folks on return on investment, what the real business case is, and why the move is going to help people, agencies and programs do their job better, faster and cheaper.”
The Carlyle Group founded Command Information several years ago to specifically address the U.S. transition to IPv6, explained Chief Executive Officer Tom Patterson. The company employs about 350 people, who staff an enterprise division and the federal division. Command Information formed the Command Federal division with the acquisition of networking solutions company AnviCom.
Patterson agreed that focusing on the return on investment for the switch to IPv6 has become very important to DoD clients, and that the rollout of Windows Vista would demonstrate capabilities and offer the beginning of realizing a return on investment.
“As you start to see greater adoption of Microsoft Vista, that defaults to being IPv6. Once that is out in the majority of the desktops throughout industry and the federal government, it is much easier to find a return on investment model to leverage some of these new features and functions,” Patterson remarked.
In a specific example of immediately realizing a return on IPv6 investment, Patterson pointed to a client of Command Information that has been examining live deployments of IPv6 for part of its network. The client would realize an immediate and real cost savings after the transition because they must move their networks frequently after building them.
“By their current plan, it takes them about 21 days to disassemble it, move it, reassemble it and hook it back into the global network,” Patterson described. “In an IPv6 world, you can unplug the devices, put them on a plane or transport and then power them up in any other part of the world, and it will automatically maintain a secure state and be reconnected in about half a day.
“That’s real money. That’s actual cost savings out of a budget already being able to be realized today without having to wait for the rest of the world to catch up. That’s an absolute return on investment right there,” he said.
Kriegman pointed out that DoD historically has faced challenges with integrating data in its major programs. Data feeds come to defense centers through a variety of sensors, such as environmental sensors, medical sensors and video cameras, via transmissions through proprietary channels.
“They are not on any sort of standard. The Internet Protocol is a global standard. If each sensor were transmitting their data on a global standard on an IP protocol, it would just make sense that it is easier to integrate that data. It would take less programming and less effort to get all of that data on one situational awareness screen in one common operational picture,” Kriegman asserted.
Indeed, the concept of technology transformation depends on a successful transition to IPv6, Kriegman said. “What this technology does is allow for really true net-centricity. So when we talk about net-centric warfare and achieving those goals, this is really the enabling technology.” ♦
