1 of 26 Dan Chan Tactical Comm Division 732-532-1591 [email protected]@us.army.mil 19 April 2006 CE LCMC SEC’s IPv6 Transition Initiatives Briefing

1 of 26

Dan ChanTactical Comm [email protected]

19 April 2006

CE LCMC SEC’s

IPv6 Transition InitiativesBriefing

to

Army Configuration Control Board (ACCB)

2 of 26

• Inform on current IPv6 mandates and status of DoD and Army goals.

• Provide an overview of SEC’s IPv6 initiatives and efforts

• Provide technical details of SEC’s IPv6 Pilot Project

Briefing Objectives

3 of 26

• DoD CIO -- June 2003

– Established goal of FY 08 to complete the transition to IPv6

– Prohibited use of IPv6 on operational networks until IA risk assessment was complete

• DoD CIO -- September 2003

– Established policy that products and systems procured or acquired after October 1, 2003 must be IPv6 capable

• Office of Management and Budget -- August 2005

– Established June 2008 by which all federal agencies’ infrastructure (network backbones) must be using IPv6

IPv6 Policy Mandates

4 of 26

3 421Post FY13FY13FY10

3 421FY09

3 421FY08

3 421FY12

3 421FY07

3 421FY06

3 421

Phase 1 (FY04-FY10)

Phase 2 (FY10-FY13)

IPv6 Dominant

NOTIONAL -- CONTINGENT ON VALIDATION OF ASSUMPTIONS AND FUTURE TACTICAL NETWORK INTEGRATED PLAN

FY053 421

FY043 421

IPv6 Capable

IPv6 Dominant

IPv4 Native Post FY14

Coexist Fade

IPv4 and IPv6 Coexistence Period

Infrastructure (Core) Upgrades (via I3MP)

MACOM Transition (via Tech Refresh)

PEO Transition (via Tech Refresh)

Procure IPv6 Capable Equipment

SWB 4

Application Transition (via Tech Refresh)

Army IPv6 Timeline

5 of 26

IPv6 Transition Application Demo Project

Purpose – Establish SEC as an active participant and contributor to Army and DoD strategic plans for IPv6

Transition

– Demonstrate as a viable proof of concept and feasibility to transition a legacy tactical system’s messaging application to IPv6 compliant by leveraging capabilities/expertise across C4ISR community

– Elevate workforce’s awareness on DoD/OMB/Army’s IPv6 transition mandate, provide IPv6 training to C4ISR managers and engineers, and create a channel for IPv6 knowledge/information exchange within the C4ISR communities

Accomplishments– Developed an Application Layer Gateway (ALG) for the MCS-L CommServer to successfully

transitioned MCS-L messaging to IPv6 compliant.

– Elevated awareness within SEC/SED workforce and Fort Monmouth Community

• SEC/SEC Workforce Training: 7 February 2006

• CE LCMC Workforce Training: 8 February 2006

• Pilot Project Demonstration: 6 Feb 2006

• Establishment of an IPv6 web portal on AKO which consists of a forum, news, calendar of events schedule, archived documents, and links to other relevant IPv6 sites

• Leveraged from S&TCD IPv6 laboratory capability, PM GCC2 and PM TRCS assets, SEC’s BSSD & ABSD, and ILEX/Telcordia and SRI expertise

6 of 26

Army IPv6 Lab since 2000 DoD SME collaborating with Industry and Academia Participant of DoD and Industry Test Beds, i.e. MoonV6 Designated developer of Army IPv6 Transition Plan Commissioned by DoD, CIO/G-6, G8, SEC, PM WIN-T, and PdM CHS to conduct research, M&S analyses, testing, training on IPv6 SRI Team

Soft Engineers & Comp Scientists

Support

Soft Config Mgt Soft Mgt Support ILEX/Telcordia Team

Systems Soft Mgt Soft Apps Mgt Security, i.e. IAVAs

SoftwareEngineering

Support

Software Development and Sustainment

Management

Communication and Network

System Engineer.

IPv6 Pilot Project Team

PM TRCS

Support

PM GCC2Support

7 of 26

Demo Essentials

– Migrated legacy MCS-L messaging capability to make it capable to operate in an IPv6 environment in peer-to-peer mode through Dual-Stacking, Tunneling, and Translation technologies

– Developed a transition methodology which may be replicated over other similar systems

– Network topology illustrates a configuration hosted in a current system (NOC-V) and depicting a legacy application (MCS-L) being IPv6 capable and interoperable

– Demonstration of 6 different interoperability test scenarios capturing a complete cross-section within a IPv4/IPv6 environment with MCS-L passing JVMF messages

IPv6 Transition ApplicationLive Demo

8 of 26

Army’s Tactical Networks

Army’s SBTC or FCS

Network ManagementSystem (NOC-V)

IPv4

IPv6

Seamless Connectivity

MCS-L w/ALG

(Dual Stack)

Legacy Application

(MCS-L)

Notional IPv6 Pilot Project

9 of 26

DemonstrationScenarios

10 of 26

Network Management Client•Sun Ray 1

NOC-V

Network Management Client•Sun Ray 2

Network Operation Center – Vehicle (NOC-V)Current Configuration

Satellite Van (TSC-85/93,

SMART-T START-T) to BSN

Voice Circuits

S2/S3 vehicle

FSE

NTDR

QEAM 1

EPLRS NM

QEAM 2

GBSDish

100 Base FX

100 Base FX

GPS

ISYSCON (V)4 (TIM) Laptop

FBCB2 SVGA Display Access

ENM LaptopTent Area

MSE10 Base 2

SINCGARS / EPLRS

Local Voice Services• 19 Analog Phones

SWLAN

SWLAN Black-Side Management Laptop

GBS Video Access

FBCB2

TOCServer

SUI LAN Access

Cisco 2950CE-net Switch

MCS Light

11 of 26

NOC-V

Operational Scenario – Upgraded MCSin Hybrid Network

EPLRSNetwork

MCS 4

MCS 6

Remote TOC with legacy IPv4 MCS

Remote TOC with new IPv6-only MCS

EPLRS

Cisco2924M

Cisco2912MF

Tent AreaMCS-6/4


MCS with Application Layer Gateway (ALG)

12 of 26

NOC-V

Demo Scenario with Upgraded MCSin Hybrid Network

Tent AreaMCS-6/4



Cisco2912MF

BSD dual-stacked router)

Cisco2924M

Virtual / LiveGateway

Simulated TOC with an IPv6-only MCSand virtual IPv6 Core Infrastructure

MCS-6/4 with Application Layer Gateway (ALG)

IPv6 / IPv4 Core(WIN-T / JTRS)


OPNETFuture Force

IPv6 CoreWIN-T/FCS

Node 2Node 1

Node 3

13 of 26

NOC-V

Demo Scenario 1 (Operational View)

Sustain IPv4 Legacy Baseline Interoperability

Tent AreaMCS-6/4



Cisco2912MF

Cisco2924M

MCS-6/4 with ApplicationLayer Gateway (ALG)




OPNETFuture Force

IPv6 CoreWIN-T/FCS

BSD dual-stacked router

Node 2 Node 1

Node 3


IPv4

14 of 26

IPv4 LegacyNetwork Core

Virtual Environment

LiveNetwork

Purpose: Demonstrate that the MCS with 6/4 CommServer retains IPv4 legacy operational functionalities

MCS with 6/4 CommServer (node 2) exchanges JVMF message with Legacy MCS (node 3)

• Node 2 initiates JVMF message addressed to node 3• 6/4 CommServer recognizes destination address of URN as IPv4 and adds IPv4 header• Message traverses IPv4 legacy core network (i.e., router or NOC-V)• Node 3 receives, processes, and displays message• Repeat with message originating from the legacy MCS

Node 3

Node 2

Node 1

IPv6MCS

MCS with6/4 Comm

Server

IPv4 JVMF Messages

OPNETFuture Force

IPv6 CoreWIN-T/FCS

VirtualLive

Gateway

VirtualLive

Gateway

Demo Scenario 1

Sustain IPv4 Legacy Baseline InteroperabilityIPv4

LegacyMCS

BSD Dual-stackedRouter

15 of 26

NOC-V

Tent AreaMCS-6/4



Cisco2912MF

Cisco2924M

MCS-6/4 with ApplicationLayer Gateway (ALG)




OPNETFuture Force

IPv6 CoreWIN-T/FCS


Node 2Node 1

Node 3



Send and Receive IPv6 JVMF MessagesIPv6

16 of 26

Purpose: Demonstrate that IPv6 JVMF messages can be transmitted, received, and processed between the 6/4 CommServer (node 2) and an IPv6-only MCS client

MCS with 6/4 CommServer (node 2) exchanges JVMF message with IPv6-only MCS via the virtual network

• Node 2 initiates a JVMF message addressed to node 1• 6/4 CommServer recognizes destination address of URN as IPv6, adds IPv6 header, and

sends message to virtual / live gateway (VLG)• The VLG processes the message and transmits it through the virtual network to the IPv6-

only MCS host.• Repeat with message originating from Node 1.

Virtual Environment

LiveNetwork

Node 3

Node 2

Node 1

IPv6MCS

MCS with6/4 Comm

Server

LegacyMCS

OPNETFuture Force

IPv6 CoreWIN-T/FCS

VirtualLive

Gateway

VirtualLive

Gateway

IPv6 JVMF Messages

Demo Scenario 2

Send and Receive IPv6 JVMF Messages

IPv6

IPv4 LegacyNetwork

CoreBSD Dual-stacked

Router

17 of 26

NOC-V

Tent AreaMCS-6/4



Cisco2912MF

Cisco2924M

MCS with ALG andTransport Relay Translation (TRT)




OPNETFuture Force

IPv6 CoreWIN-T/FCS


Node 2Node 1

Node 3



Exchange IPv6 / IPv4 JVMF Message viaTransport Relay Translator

IPv6IPv4

18 of 26


Demo Scenario 3

Exchange IPv6 / IPv4 JVMF Message viaTransport Relay Translator

Purpose: Demonstrate that the MCS 6/4 can transparently translate and forward a message from an IPv4 node (node 3) to an IPv6 node (node 1) and vice-versa. Node 2 acts as a Transport Relay Translator (TRT) in this scenario.

Node 3 sends a single JVMF message to node 1• Node 3 initiates a JVMF message addressed to node 1 (but URN table points to node 2).• The 6/4 CommServer receives the message and notices that the destination URN is not its own.• It then looks up the IP address of the destination URN (node 1 in this case) and sends the

message on its way.• Node 1 receives, processes, and displays the JVMF message• Repeat with message originating from node 1

Virtual Environment

LiveNetwork

Node 3

Node 2

Node 1

IPv6MCS

MCS with6/4 Comm

Server

LegacyMCS

OPNETFuture Force

IPv6 CoreWIN-T/FCS

VirtualLive

Gateway

VirtualLive

Gateway

IPv6 / IPv4 Relayed JVMF Messages

TRTIPv6IPv4


19 of 26

NOC-V

Tent AreaMCS-6/4



Cisco2912MF

Cisco2924M

MCS with ApplicationLayer Gateway (ALG)




OPNETFuture Force

IPv6 CoreWIN-T/FCS


Node 2Node 1

Node 3IPv6IPv4



Multi-Destination Unicast JVMF Messages in a6/4 Hybrid Environment

20 of 26

Purpose: Demonstrate that the 6/4 MCS can distribute a single JVMF message to a mix of IPv4 and IPv6 clients

Node 2 distributes a single JVMF message to an IPv6 node (node 1) and an IPv4 node (node 3)

• Node 2 initiates a JVMF message addressed to nodes 1 and 3• 6/4 CommServer reads the URN for each destination and adds the appropriate v4 or

v6 header for each outgoing message• Each destination node receives, processes, and displays the JVMF message


Virtual Environment

LiveNetwork

Node 3

Node 2

Node 1

IPv6MCS

MCS with6/4 Comm

Server

LegacyMCS

OPNETFuture Force

IPv6 CoreWIN-T/FCS

VirtualLive

Gateway

VirtualLive

Gateway

IPv4 Unicast JVMF MessageIPv6 Unicast JVMF Message

Demo Scenario 4

Multi-Destination Unicast JVMF Messagesin a 6/4 Hybrid Environment

IPv6IPv4


21 of 26

NOC-V

Tent Area


Cisco2912MF


Cisco2924M

IPv6 multicastIPv4 multicast



OPNETFuture Force

IPv6 CoreWIN-T/FCS

Node 2 Node 1

Node 3

MCS-6/4


Remote TOC withlegacy IPv4 MCSBSD dual-stacked router

with Multicast (rendezvous point)



Multicast JVMF Messages in 6/4 Hybrid Environment

22 of 26

Purpose: Show that multicasting can be performed by a 6/4 MCS without loss of efficiency, i.e., one originating message distributed to all multicast members

Node 2 initiates a single multicast message to all multicast member – in this case, a v4-only node (node 3) and a v6-only node (node 1)

• Node 2 initiates a single IPv6 multicast message addressed to the multicast group• The BSD multicast router determines the URN of each multicast member, recognizes

the IP version of each member, and redistributes the message accordingly.• Each destination node receives, processes, and displays the multicast message


Virtual Environment

LiveNetwork

Node 3

Node 2

Node 1

IPv6MCS

MCS with6/4 Comm

Server

LegacyMCS

OPNETFuture Force

IPv6 CoreWIN-T/FCS

VirtualLive

Gateway

VirtualLive

Gateway

IPv4 Multicast JVMF MessageIPv6 Multicast JVMF Message

Demo Scenario 5

Multicast JVMF Messages in 6/4 Hybrid Environment

IPv6IPv4

BSD Dual-stackedRouter with Multicast

23 of 26

NOC-V

Tent AreaMCS-6/4with TB client


Cisco2912MF

Cisco2924M

MCS IPv6-only

IPv4-only CoreIPv6-only Core

IPv6MCS


OPNETFuture Force

IPv6 CoreWIN-T/FCS


6-over-4Tunnel

Node 2

Node 1



v6-over-v4 Automatic Tunnel Broker

IPv6IPv4Tunnel Broker

IPv4-only Router

24 of 26

VirtualLive

Gateway

VirtualLive

Gateway

OPNETFuture Force

IPv6 CoreWIN-T/FCS

Purpose: Demonstrate how a tunnel broker can be used to traverse a legacy IPv4 network when both communicating endpoints are IPv6 applications

Node 2 establishes a communication session with node 1. A 6-over-4 tunnel is transparently set up between the tunnel broker (TB) and the TB client

• Node 2 determines its interface is IPv4 but its destination is IPv6• TB client negotiates a 6-over-4 tunnel with the TB• Outgoing IPv6 message from node 2 is encapsulated in IPv4 header to create a tunnel

and transmits the message onto the IPv4 network.• The TB unwraps the IPv4 tunnel header and retransmits the message across the IPv6

network.• Node 1 receives, processes, and displays the message.

IPv4 Legacy Network

Virtual Environment

LiveNetwork

Node 2Node 1

IPv6MCS

IPv6-only MCS withTB Client

6-over-4 Tunnel

Tunnel Broker

Demo Scenario 6

v6-over-v4 Automatic Tunnel Broker

IPv6IPv4

IPv4-onlyRouter

IPv6Router

25 of 26

• Dual stack is main approach. Insert via Tech Refresh

• Applications (Must be able to use either v4 or v6 transport)

• Host Operating Systems

• Routers (via “integrated dual stack” )

• Servers (Including DNS), and Application Layer Gateways (ALGs) for communications gateways between C4ISR enclaves

• Configured Tunnels

• Brokered Automatic Tunneling

• Translation as a mechanism of last resort for legacy devices

Demo Summary

26 of 26

• The demo project represents only one transition solution but more evaluations and investigations will need to be explored

• The Army Community needs to evaluate all possible impacts when transitioning to IPv6

• SEC IPv6 Team can provide technical support if requested

• IPv6 Web Portal in AKO to serve as a channel for exchange of knowledgehttps://www.us.army.mil/suite/portal.do?$p=247087

• SEC POC: Dan Chan [email protected] Bruce Weimer [email protected]

Conclusion

Documents

1 of 26 Dan Chan Tactical Comm Division 732-532-1591 [email protected]@us.army.mil 19 April 2006 CE LCMC SEC’s IPv6 Transition Initiatives Briefing