The Road Ahead for DoD - US IPv6
Transcript of The Road Ahead for DoD - US IPv6
MOONv6:
The Road Ahead for DoD
9 December 2003
Major R.V. Dixon, JITCBen Schultz, UNH-IOL
2
Agenda
!The JITC and UNH IOL Labs
!Moonv6 Phase I
!Preliminary Findings
!Moonv6 Phase II
3
The MOONv6 Demonstration
The Joint Interoperability Test
Command (JITC)
4
JITC Advanced TechnologyIP Laboratory
!Certifies equipment for Joint Interoperability
!Provides the capability to replicate Joint C4 Architectures
!Offers access to services, combatant commands, and agencies within DoD
5
UNH InterOperability Lab (IOL)
! Operates as a non-profit lab as part of the University of New Hampshire
! Fully funded by the commercial communications industry and thus market driven
! Tests 15 different technologies, including IPv6
6
MOONv6 Participating Sites
DISNDISNDISNDISN----LESLESLESLES
DRENDRENDRENDREN
Internet 2Internet 2Internet 2Internet 2
AZ
CA CO
ILMD
MI NH
NJ
SC
SD
VA
UNH-IOLNew Hampshire
SPAWAR - WESTSan Diego, CA
JITC andthe TIC
Ft. HuachucaArizona
MSNOSCQuantico, VA
Ft. MonmouthNew Jersey
SPAWAR - EASTCharleston, SC
Scott AFBIllinois
Internet 2Michigan
NASA AmesInternet 2 and DREN
peering point
JITCIndian Head, MD
7
Phase I Interoperability Participants
8
MOONv6 ArchitectureHigh Level Architecture
UNH InteroperabilityNetwork
(Edge Network)
DISN-LES
ScottAFB
Router
Army TICTest Network
Ft MonmouthTest Network
Scott AFBTest Network
MCNOSCTest Network
Ft MonmouthCERDEC
Router
Ft MonmouthCell 1 Router
ARMY TICRouter
CiscoGSR
JITC
Internet 2
SPAWARCharelston
Router
NASAAmes Harvard
JITC IndianHead TestNetwork
MCNOSCRouter
SPAWAR TestNetwork
SPAWARWest
JITC Ft. HuachucaInteroperability Test
Network(Edge Network)
Cisco IOSFirewall
DREN IPv6Network
Satellite
JITC RouterDREN IPv6
Network
DRENATM Router
9
Final Topology Design
• Protocol-specific interoperability testing completed
• The final design has included– Dual Stack Transition– Multi-homed topology– BGP Route aggregation and hierarchical
addressing design– Argument about /64 addressing scheme for point-
to-point links, concluded to add both types, per AS to the network
Final JITC/UNH TopologyInternet Exchange Model
NECBF 5000
132.177.125.1 Microsoft CEGateway
132.177.125.18
Hexago132.177.125.29
AgilentRouterTester
132.177.125.24
AS2
AS1AS3
AS4
AS6
FujitsuGeoStream R920
132.177.125.4
Area 0Area 0
Area 0
Area 0
Area 0
6
5
4
3
9
7 1
16
14
113
9
15
12
4
20
21
10
19
11
3
5
4
3
9
2
5
6
78
2
3
4
22
1
3
4
5
18
3
17
Cisco7200
132.177.125.36
MarconiASX-4000
132.177.125.37
Cisco7200
132.177.125.38
HitachiGR 2000-6
132.177.125.3
NECBF730
132.177.125.9
Foundry132.177.125.8
Cisco GSR132.177.125.2
NokiaIP380
132.177.125.11
JuniperM5
132.177.125.10
Procket 2132.177.125.13
IP Infusion132.177.125.5
Cisco7600132.177.125.12
NECIX 2010
132.177.125.30
ExtremeBlack Diamond132.177.125.27
6Wind6100
132.177.125.26
Procket1132.177.125.6
HitachiGR 2000-4
132.177.125.7
6Wind6200
132.177.125.31
ExtremeSummit 48si
132.177.125.16
6Wind132.177.125.20
Cisco7300
132.177.125.22
6Wind6100
132.177.125.21
CheckpointFirewall
132.177.125.14
SpirentAX4000
132.177.125.28SpirentAX4000
132.177.125.17
Ixia132.177.125.19
AgilentRouterTester
132.177.125.23
RR
RR
EMC4 SUN1
Microsoft W2k3Web Server
HP2
HP3
EMC3 Windriver
EMC5
SUN2EMC2
S-NET1Server
Microsoft W2k3ISATAP Client
Microsoft W2k3Media Server
EMC1
Navtel
HP1
Microsoft CEWeb Client
10
6
4
11
S-NET2Client
7
2
7
IBM Checkpoint+SUN
132.177.125.15
1
6
To Internet2
Ixia132.177.125.35
2
Ixia132.177.125.34
2
Ixia132.177.125.32
6
Spirent132.177.125.33
Microsoft W2k3ISATAP Router132.177.125.39
Microsoft CEMedia Client
DHCPv4 sever132.177.125./26
5
2
8 1
1
8
10
8
9
11
MOONv6 ASSESSMENT
REPORTS
DEC 2003White Paper
DEC 2003
Feedback to the Vendorsand DOD
Preliminary Findings
13
Preliminary Findings
• Common network applications– Simple applications such as FTP, TFTP, HTTP,
HTTPS, Telnet, SSH, DNS worked in most cases– Limited implementation with DoD apps
• Base specifications– Mature specs and implementations
• Transition mechanisms– Very important part of the DoD transition phase– RFC 2893, RFC 3056 and ISATAP worked in most
cases
14
Mobility and Security
! Basic Mobility proof of concept
! Limited number of vendor implementations
! IP Security was successful with limited number of mandated RFC’s addressed
! Security was proven to work with ICMP and TCP in a Host to Host scenario
! Extra time needed to execute extensive testing for Security and Mobility
! Must be further investigated in Phase II
15
Routing Protocols
! BGP Interoperability was tested in small and larger network scenarios. Rerouting was demonstrated to work in most cases
! Larger OSPFv3 networks were built.
! Dual IPv4 (OSPFv2) and IPv6 (OSPFv3) operation was enabled.
! In the center of these networks a IPV4/OSPFv2 only router was installed.
! Rerouting testing was performed with link-down and link metric increase scenarios.
! It was discovered that IPv4 packets route through networks differently than IPv6 packets. Network designers need to exercise care in mixed IPv4/IPv6 architectures.
16
Reroute Test Topology for OSPFv2 and OSPFv3 Network
IPv6 TrafficFlow
Metric 4
Metric 4
Metric 4
Metric 4,Link Pulled OR
MetricChanged to 40
Metric 5
Metric 5Metric 5
Area 1
Area 2
IPv4 OnlyRouter
Area 3
Area 0
IPv4 TrafficFlow
17
Additional Findings
! The Government-Academia-Commercial partnership is working well to advance IPv6 implementations.
! The cooperation of all participants helped
! Create the final network design and addressing architecture.
! In test item selection for writing of Phase II test plans.
! Inter-vendor cooperation at both JITC and UNH greatly facilitated identification and resolution of interoperability issues.
! We’re building a solid technical database, not reflected in findings, of how to configure IPv6 systems and architectures.
! VTC significantly facilitates distributed testing.
18
MOONv6 ASSESSMENT
REPORTS
DEC 2003White Paper
DEC 2003
Feedback to the Vendorsand DOD
Moonv6 Phase II
20
Phase II Testing
Distributed Network1. E-Mail, PKI, WWW, 2. PPP, VTC, DCTS, 3. IP Security, Mobility, 4. Performance, Anomalies
Local Network1. Node Specifications2. Routing Protocols3. Conformance4. Anomalies
21
Possible Phase II Test Items
! More Detailed Security and Mobility Testing! More Detailed Routing Protocol Testing, possibly IS-IS! Network Stability – clearly define (routing convergence, delay,
reordering, long-term traffic forwarding)! Network Management! Multicast and Multimedia Streaming ! VoIP and Video Teleconferencing! DNS Performance Testing! Content Delivery Network! PPP! Edge and Tactical Network Testing! Commercial Carrier Connectivity and Peering tests! MPLS Services for IPv6
22
Moonv6 Phase II Timeline
• Test success requires a stable network prior to beginning testing
ID Task Name Start End DurationFeb 2004
3/213/72/22 4/43/142/1
1 5d2/6/20042/2/2004E-mail
2 5d2/6/20042/2/2004PKI
3 5d2/6/20042/2/2004WWW
4 5d2/13/20042/9/2004PPP
5 5d2/13/20042/9/2004VTC
6 5d2/20/20042/16/2004DCTS
7 10d3/5/20042/23/2004Mobility
8 5d3/5/20043/1/2004Security
9 5d3/19/20043/15/2004Performance/Network Load
10 8d3/31/20043/22/2004Link Failures
Mar 2004
3/28
Apr 2004
4/182/29
11 7d4/9/20044/1/2004Router Conformance and Interop
13 10d4/29/20044/16/2004Report
2/8 2/15 4/11
12 5d4/16/20044/12/2004Data Analysis
23
Phase II Keys to Success• Validate network stability prior to test
• Provide appropriate access to all participating vendors
• Isolate intrusive testing from non-intrusive testing
• Tune participation at remote sites to their capacity/willingness
• Manage scope creep
Questions?
Back-up Slides
26
Ethernet
Ethernet Ethernet
Ethernet
GigE LX or SX
100 Base T
100 Base T
ATM OC-3
Computer Server
ComputerServer
Server
Laptop
Printer
Printer
PDA
PDA
Router
Router Router
Router
Workstation
Workstation
IBM Compatible
Server
Computer
Computer
Computer
Printer
XX
XX
IPv4-OnlyNetwork
IPv6-OnlyNetwork
Local Test Network(FHU and/or UNH)
27
Network Segregation
Addressing, DNS, Addressing, DNS, SNMP, SecuritySNMP, Security
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
Additional Distributed Nodes as participation
grows.
Native v6 over MPLS-AT&T Red Net
Native v6 over MPLS-AT&T Blue Net
Existing Transport (Phase I)
28
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,
Correspondent Node, Security
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
Native v6 over MPLS-AT&T Red Net
Native v6 over MPLS-AT&T Blue Net
Configured Tunnel
Automatic Tunnel
Encapsulated v4
Phase II Transition MechanismArchitecture
29
Ethernet
Ethernet
Ethernet
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
Indian Head
UNH
JITC
Ethernet
WWW Server
WWW Server
WWW Server
WWW Server
WWW Server
WWW Server
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Web/Mail Client
Mail Server Mail Server
Mail Server
Mail Server
Mail Server
Mail Server
Moonv6 Phase II WWW and E-mail
30
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
Indian Head
UNH
JITC
Native v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net
Configured TunnelAutomatic TunnelEncapsulated v4
Workstation Workstation
PKIServer
MOONv6 PKI Architecture
31
E th e rn e t
E th e rn e t
E th e rn e t
E th e rn e t
E th e rn e t
D N S , D C T S , E -M a il, W e b , W ire le s s M o b ileN o d e s o f f J IT C H A , C o rre s o n d e n t N o d e s ,IP S e c u r ity , N o d e S p e c s . , R o u t in gP ro to c o ls , T ra n s it io n M e c h a n is m s ,L in k L a y e r, P h y s ic a l L a y e r
D C T S , V T C , E -M a il, W ire le s s M o b ile N o d e s o f fM C N O S C H A
P K I, D C T S , X .5 0 0 o r L D A P , E -M a il, H o m eA g e n t & C o r re s p o n d e n t N o d e s fo r In d ia n
H e a d , IP S e c u r ity
D N S , D C T S , E -M a il, W e b
D M S , D C T S , W e b , E -M a il, M o b ile N o d e s o f f J IT C H A
N o d e S p e c s . , R o u tin gP ro to c o ls , T ra n s it io n M e c h a n is m s
S c o t t
C E C O M
M C N O S C
In d ia nH e a d
U N H
J IT C
E th e rn e t
D M S C lie n t
D M S C lie n t
D M S C lie n t
D M S C lie n t
D M S C lie n t D M S S e rv e r
D M S S e rv e r(O p tio n a l)
Phase II DMS Architecture
32
Phase II VTC Architecture
33
DCTS Architecture
34
Ethernet
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Home Agent,
Correspondent Node, Security
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
CISCOSYSTEMS
CN
Ethernet
CISCOSYSTEMS HA
Ethernet
CISCOSYSTEMS HA
WirelessMobile Nodes
WirelessMobile Nodes
Mobile Node
Mobile NodeNative v6 over MPLS-AT&T Red NetNative v6 over MPLS-AT&T Blue Net
Configured TunnelAutomatic TunnelEncapsulated v4
CISCOSYSTEMS
CN
CN
Ethernet
CISCOSYSTEMS
Ethernet
CISCOSYSTEMS
Phase II Mobility Architecture
35
Ethernet
Ethernet
DNS, DCTS, E-Mail, Web, Wireless MobileNodes off JITC HA, Correspondent Nodes,IP Security, Node Specs. , RoutingProtocols, Transition Mechanisms,Link Layer, Physical Layer
DCTS, VTC, E-Mail, Wireless Mobile Nodes offMCNOSC HA
PKI, DCTS, X.500 or LDAP, E-Mail, HomeAgent & Correspondent Nodes for Indian
Head, IP Security
DNS, DCTS, E-Mail, Web
DMS, DCTS, Web, E-Mail, Mobile Nodes off JITCHA
Node Specs., RoutingProtocols, Transition Mechanisms
Scott
CECOM
MCNOSC
IndianHead
UNH
JITC
Ethernet
IP SecEnabled
Host
IP SecEnabled
Host
IP SecEnabled
Host
IP SecEnabled
Host
Phase II IP Security Testing