Upload
keenan-colton
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
1 of 26
Dan ChanTactical Comm [email protected]
19 April 2006
CE LCMC SEC’s
IPv6 Transition InitiativesBriefing
to
Army Configuration Control Board (ACCB)
2 of 26
• Inform on current IPv6 mandates and status of DoD and Army goals.
• Provide an overview of SEC’s IPv6 initiatives and efforts
• Provide technical details of SEC’s IPv6 Pilot Project
Briefing Objectives
3 of 26
• DoD CIO -- June 2003
– Established goal of FY 08 to complete the transition to IPv6
– Prohibited use of IPv6 on operational networks until IA risk assessment was complete
• DoD CIO -- September 2003
– Established policy that products and systems procured or acquired after October 1, 2003 must be IPv6 capable
• Office of Management and Budget -- August 2005
– Established June 2008 by which all federal agencies’ infrastructure (network backbones) must be using IPv6
IPv6 Policy Mandates
4 of 26
3 421Post FY13FY13FY10
3 421FY09
3 421FY08
3 421FY12
3 421FY07
3 421FY06
3 421
Phase 1 (FY04-FY10)
Phase 2 (FY10-FY13)
IPv6 Dominant
NOTIONAL -- CONTINGENT ON VALIDATION OF ASSUMPTIONS AND FUTURE TACTICAL NETWORK INTEGRATED PLAN
FY053 421
FY043 421
IPv6 Capable
IPv6 Dominant
IPv4 Native Post FY14
Coexist Fade
IPv4 and IPv6 Coexistence Period
Infrastructure (Core) Upgrades (via I3MP)
MACOM Transition (via Tech Refresh)
PEO Transition (via Tech Refresh)
Procure IPv6 Capable Equipment
SWB 4
Application Transition (via Tech Refresh)
Army IPv6 Timeline
5 of 26
IPv6 Transition Application Demo Project
Purpose – Establish SEC as an active participant and contributor to Army and DoD strategic plans for IPv6
Transition
– Demonstrate as a viable proof of concept and feasibility to transition a legacy tactical system’s messaging application to IPv6 compliant by leveraging capabilities/expertise across C4ISR community
– Elevate workforce’s awareness on DoD/OMB/Army’s IPv6 transition mandate, provide IPv6 training to C4ISR managers and engineers, and create a channel for IPv6 knowledge/information exchange within the C4ISR communities
Accomplishments– Developed an Application Layer Gateway (ALG) for the MCS-L CommServer to successfully
transitioned MCS-L messaging to IPv6 compliant.
– Elevated awareness within SEC/SED workforce and Fort Monmouth Community
• SEC/SEC Workforce Training: 7 February 2006
• CE LCMC Workforce Training: 8 February 2006
• Pilot Project Demonstration: 6 Feb 2006
• Establishment of an IPv6 web portal on AKO which consists of a forum, news, calendar of events schedule, archived documents, and links to other relevant IPv6 sites
• Leveraged from S&TCD IPv6 laboratory capability, PM GCC2 and PM TRCS assets, SEC’s BSSD & ABSD, and ILEX/Telcordia and SRI expertise
6 of 26
Army IPv6 Lab since 2000 DoD SME collaborating with Industry and Academia Participant of DoD and Industry Test Beds, i.e. MoonV6 Designated developer of Army IPv6 Transition Plan Commissioned by DoD, CIO/G-6, G8, SEC, PM WIN-T, and PdM CHS to conduct research, M&S analyses, testing, training on IPv6 SRI Team
Soft Engineers & Comp Scientists
Support
Soft Config Mgt Soft Mgt Support ILEX/Telcordia Team
Systems Soft Mgt Soft Apps Mgt Security, i.e. IAVAs
SoftwareEngineering
Support
Software Development and Sustainment
Management
Communication and Network
System Engineer.
IPv6 Pilot Project Team
PM TRCS
Support
PM GCC2Support
7 of 26
Demo Essentials
– Migrated legacy MCS-L messaging capability to make it capable to operate in an IPv6 environment in peer-to-peer mode through Dual-Stacking, Tunneling, and Translation technologies
– Developed a transition methodology which may be replicated over other similar systems
– Network topology illustrates a configuration hosted in a current system (NOC-V) and depicting a legacy application (MCS-L) being IPv6 capable and interoperable
– Demonstration of 6 different interoperability test scenarios capturing a complete cross-section within a IPv4/IPv6 environment with MCS-L passing JVMF messages
IPv6 Transition ApplicationLive Demo
8 of 26
Army’s Tactical Networks
Army’s SBTC or FCS
Network ManagementSystem (NOC-V)
IPv4
IPv6
Seamless Connectivity
MCS-L w/ALG
(Dual Stack)
Legacy Application
(MCS-L)
Notional IPv6 Pilot Project
9 of 26
DemonstrationScenarios
10 of 26
Network Management Client•Sun Ray 1
NOC-V
Network Management Client•Sun Ray 2
Network Operation Center – Vehicle (NOC-V)Current Configuration
Satellite Van (TSC-85/93,
SMART-T START-T) to BSN
Voice Circuits
S2/S3 vehicle
FSE
NTDR
QEAM 1
EPLRS NM
QEAM 2
GBSDish
100 Base FX
100 Base FX
GPS
ISYSCON (V)4 (TIM) Laptop
FBCB2 SVGA Display Access
ENM LaptopTent Area
MSE10 Base 2
SINCGARS / EPLRS
Local Voice Services• 19 Analog Phones
SWLAN
SWLAN Black-Side Management Laptop
GBS Video Access
FBCB2
TOCServer
SUI LAN Access
Cisco 2950CE-net Switch
MCS Light
11 of 26
NOC-V
Operational Scenario – Upgraded MCSin Hybrid Network
EPLRSNetwork
MCS 4
MCS 6
Remote TOC with legacy IPv4 MCS
Remote TOC with new IPv6-only MCS
EPLRS
Cisco2924M
Cisco2912MF
Tent AreaMCS-6/4
Cisco 2950CE-net Switch
MCS with Application Layer Gateway (ALG)
12 of 26
NOC-V
Demo Scenario with Upgraded MCSin Hybrid Network
Tent AreaMCS-6/4
Remote TOC with legacy IPv4 MCS
Cisco 2950CE-net Switch
Cisco2912MF
BSD dual-stacked router)
Cisco2924M
Virtual / LiveGateway
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
MCS-6/4 with Application Layer Gateway (ALG)
IPv6 / IPv4 Core(WIN-T / JTRS)
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
Node 2Node 1
Node 3
13 of 26
NOC-V
Demo Scenario 1 (Operational View)
Sustain IPv4 Legacy Baseline Interoperability
Tent AreaMCS-6/4
Remote TOC with legacy IPv4 MCS
Cisco 2950CE-net Switch
Cisco2912MF
Cisco2924M
MCS-6/4 with ApplicationLayer Gateway (ALG)
IPv6 / IPv4 Core(WIN-T / JTRS)
Virtual / LiveGateway
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
BSD dual-stacked router
Node 2 Node 1
Node 3
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
IPv4
14 of 26
IPv4 LegacyNetwork Core
Virtual Environment
LiveNetwork
Purpose: Demonstrate that the MCS with 6/4 CommServer retains IPv4 legacy operational functionalities
MCS with 6/4 CommServer (node 2) exchanges JVMF message with Legacy MCS (node 3)
• Node 2 initiates JVMF message addressed to node 3• 6/4 CommServer recognizes destination address of URN as IPv4 and adds IPv4 header• Message traverses IPv4 legacy core network (i.e., router or NOC-V)• Node 3 receives, processes, and displays message• Repeat with message originating from the legacy MCS
Node 3
Node 2
Node 1
IPv6MCS
MCS with6/4 Comm
Server
IPv4 JVMF Messages
OPNETFuture Force
IPv6 CoreWIN-T/FCS
VirtualLive
Gateway
VirtualLive
Gateway
Demo Scenario 1
Sustain IPv4 Legacy Baseline InteroperabilityIPv4
LegacyMCS
BSD Dual-stackedRouter
15 of 26
NOC-V
Tent AreaMCS-6/4
Remote TOC with legacy IPv4 MCS
Cisco 2950CE-net Switch
Cisco2912MF
Cisco2924M
MCS-6/4 with ApplicationLayer Gateway (ALG)
IPv6 / IPv4 Core(WIN-T / JTRS)
Virtual / LiveGateway
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
BSD dual-stacked router
Node 2Node 1
Node 3
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
Demo Scenario 2 (Operational View)
Send and Receive IPv6 JVMF MessagesIPv6
16 of 26
Purpose: Demonstrate that IPv6 JVMF messages can be transmitted, received, and processed between the 6/4 CommServer (node 2) and an IPv6-only MCS client
MCS with 6/4 CommServer (node 2) exchanges JVMF message with IPv6-only MCS via the virtual network
• Node 2 initiates a JVMF message addressed to node 1• 6/4 CommServer recognizes destination address of URN as IPv6, adds IPv6 header, and
sends message to virtual / live gateway (VLG)• The VLG processes the message and transmits it through the virtual network to the IPv6-
only MCS host.• Repeat with message originating from Node 1.
Virtual Environment
LiveNetwork
Node 3
Node 2
Node 1
IPv6MCS
MCS with6/4 Comm
Server
LegacyMCS
OPNETFuture Force
IPv6 CoreWIN-T/FCS
VirtualLive
Gateway
VirtualLive
Gateway
IPv6 JVMF Messages
Demo Scenario 2
Send and Receive IPv6 JVMF Messages
IPv6
IPv4 LegacyNetwork
CoreBSD Dual-stacked
Router
17 of 26
NOC-V
Tent AreaMCS-6/4
Remote TOC with legacy IPv4 MCS
Cisco 2950CE-net Switch
Cisco2912MF
Cisco2924M
MCS with ALG andTransport Relay Translation (TRT)
IPv6 / IPv4 Core(WIN-T / JTRS)
Virtual / LiveGateway
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
BSD dual-stacked router
Node 2Node 1
Node 3
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
Demo Scenario 3 (Operational View)
Exchange IPv6 / IPv4 JVMF Message viaTransport Relay Translator
IPv6IPv4
18 of 26
IPv4 LegacyNetwork Core
Demo Scenario 3
Exchange IPv6 / IPv4 JVMF Message viaTransport Relay Translator
Purpose: Demonstrate that the MCS 6/4 can transparently translate and forward a message from an IPv4 node (node 3) to an IPv6 node (node 1) and vice-versa. Node 2 acts as a Transport Relay Translator (TRT) in this scenario.
Node 3 sends a single JVMF message to node 1• Node 3 initiates a JVMF message addressed to node 1 (but URN table points to node 2).• The 6/4 CommServer receives the message and notices that the destination URN is not its own.• It then looks up the IP address of the destination URN (node 1 in this case) and sends the
message on its way.• Node 1 receives, processes, and displays the JVMF message• Repeat with message originating from node 1
Virtual Environment
LiveNetwork
Node 3
Node 2
Node 1
IPv6MCS
MCS with6/4 Comm
Server
LegacyMCS
OPNETFuture Force
IPv6 CoreWIN-T/FCS
VirtualLive
Gateway
VirtualLive
Gateway
IPv6 / IPv4 Relayed JVMF Messages
TRTIPv6IPv4
BSD Dual-stackedRouter
19 of 26
NOC-V
Tent AreaMCS-6/4
Remote TOC with legacy IPv4 MCS
Cisco 2950CE-net Switch
Cisco2912MF
Cisco2924M
MCS with ApplicationLayer Gateway (ALG)
IPv6 / IPv4 Core(WIN-T / JTRS)
Virtual / LiveGateway
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
BSD dual-stacked router
Node 2Node 1
Node 3IPv6IPv4
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
Demo Scenario 4 (Operational View)
Multi-Destination Unicast JVMF Messages in a6/4 Hybrid Environment
20 of 26
Purpose: Demonstrate that the 6/4 MCS can distribute a single JVMF message to a mix of IPv4 and IPv6 clients
Node 2 distributes a single JVMF message to an IPv6 node (node 1) and an IPv4 node (node 3)
• Node 2 initiates a JVMF message addressed to nodes 1 and 3• 6/4 CommServer reads the URN for each destination and adds the appropriate v4 or
v6 header for each outgoing message• Each destination node receives, processes, and displays the JVMF message
IPv4 LegacyNetwork Core
Virtual Environment
LiveNetwork
Node 3
Node 2
Node 1
IPv6MCS
MCS with6/4 Comm
Server
LegacyMCS
OPNETFuture Force
IPv6 CoreWIN-T/FCS
VirtualLive
Gateway
VirtualLive
Gateway
IPv4 Unicast JVMF MessageIPv6 Unicast JVMF Message
Demo Scenario 4
Multi-Destination Unicast JVMF Messagesin a 6/4 Hybrid Environment
IPv6IPv4
BSD Dual-stackedRouter
21 of 26
NOC-V
Tent Area
Cisco 2950CE-net Switch
Cisco2912MF
IPv6 / IPv4 Core(WIN-T / JTRS)
Cisco2924M
IPv6 multicastIPv4 multicast
Virtual / LiveGateway
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
Node 2 Node 1
Node 3
MCS-6/4
MCS with ApplicationLayer Gateway (ALG)
Remote TOC withlegacy IPv4 MCSBSD dual-stacked router
with Multicast (rendezvous point)
Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure
Demo Scenario 5 (Operational View)
Multicast JVMF Messages in 6/4 Hybrid Environment
22 of 26
Purpose: Show that multicasting can be performed by a 6/4 MCS without loss of efficiency, i.e., one originating message distributed to all multicast members
Node 2 initiates a single multicast message to all multicast member – in this case, a v4-only node (node 3) and a v6-only node (node 1)
• Node 2 initiates a single IPv6 multicast message addressed to the multicast group• The BSD multicast router determines the URN of each multicast member, recognizes
the IP version of each member, and redistributes the message accordingly.• Each destination node receives, processes, and displays the multicast message
IPv4 LegacyNetwork Core
Virtual Environment
LiveNetwork
Node 3
Node 2
Node 1
IPv6MCS
MCS with6/4 Comm
Server
LegacyMCS
OPNETFuture Force
IPv6 CoreWIN-T/FCS
VirtualLive
Gateway
VirtualLive
Gateway
IPv4 Multicast JVMF MessageIPv6 Multicast JVMF Message
Demo Scenario 5
Multicast JVMF Messages in 6/4 Hybrid Environment
IPv6IPv4
BSD Dual-stackedRouter with Multicast
23 of 26
NOC-V
Tent AreaMCS-6/4with TB client
Cisco 2950CE-net Switch
Cisco2912MF
Cisco2924M
MCS IPv6-only
IPv4-only CoreIPv6-only Core
IPv6MCS
Virtual / LiveGateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
Virtual / LiveGateway
6-over-4Tunnel
Node 2
Node 1
MCS with ApplicationLayer Gateway (ALG)
Demo Scenario 6 (Operational View)
v6-over-v4 Automatic Tunnel Broker
IPv6IPv4Tunnel Broker
IPv4-only Router
24 of 26
VirtualLive
Gateway
VirtualLive
Gateway
OPNETFuture Force
IPv6 CoreWIN-T/FCS
Purpose: Demonstrate how a tunnel broker can be used to traverse a legacy IPv4 network when both communicating endpoints are IPv6 applications
Node 2 establishes a communication session with node 1. A 6-over-4 tunnel is transparently set up between the tunnel broker (TB) and the TB client
• Node 2 determines its interface is IPv4 but its destination is IPv6• TB client negotiates a 6-over-4 tunnel with the TB• Outgoing IPv6 message from node 2 is encapsulated in IPv4 header to create a tunnel
and transmits the message onto the IPv4 network.• The TB unwraps the IPv4 tunnel header and retransmits the message across the IPv6
network.• Node 1 receives, processes, and displays the message.
IPv4 Legacy Network
Virtual Environment
LiveNetwork
Node 2Node 1
IPv6MCS
IPv6-only MCS withTB Client
6-over-4 Tunnel
Tunnel Broker
Demo Scenario 6
v6-over-v4 Automatic Tunnel Broker
IPv6IPv4
IPv4-onlyRouter
IPv6Router
25 of 26
• Dual stack is main approach. Insert via Tech Refresh
• Applications (Must be able to use either v4 or v6 transport)
• Host Operating Systems
• Routers (via “integrated dual stack” )
• Servers (Including DNS), and Application Layer Gateways (ALGs) for communications gateways between C4ISR enclaves
• Configured Tunnels
• Brokered Automatic Tunneling
• Translation as a mechanism of last resort for legacy devices
Demo Summary
26 of 26
• The demo project represents only one transition solution but more evaluations and investigations will need to be explored
• The Army Community needs to evaluate all possible impacts when transitioning to IPv6
• SEC IPv6 Team can provide technical support if requested
• IPv6 Web Portal in AKO to serve as a channel for exchange of knowledgehttps://www.us.army.mil/suite/portal.do?$p=247087
• SEC POC: Dan Chan [email protected] Bruce Weimer [email protected]
Conclusion