Upload
gogo6
View
3.849
Download
0
Embed Size (px)
DESCRIPTION
gogo6 IPv6 Video Series. Event, presentation and speaker details below: EVENT gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com November 12 – 14, 2012 at San Jose State University, California Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp PRESENTATION Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? Abstract: http://www.gogo6.com/profiles/blogs/the-largest-transition-to-v6-ever-small-steps-for-usgv6-a-giant Presentation video: http://www.gogo6.com/video/panel-discussion-small-steps-for-usgv6-giant-leap-for-internet-at Interview video: http://www.gogo6.com/video/interview-with-john-leland-lee-at-gogonet-live-3-ipv6-conference SPEAKER John Leland Lee - CTO, Internet Associates - Moderator Bio/Profile: http://www.gogo6.com/profile/JohnLelandLee MORE Learn more about IPv6 on the gogoNET social network http://www.gogo6.com Get free IPv6 connectivity with Freenet6 http://www.gogo6.com/Freenet6 Subscribe to the gogo6 IPv6 Channel on YouTube http://www.youtube.com/subscription_center?add_user=gogo6videos Follow gogo6 on Twitter http://twitter.com/gogo6inc Like gogo6 on Facebook http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777
Citation preview
1
Federal IPv6 Working Group
Innovative IPv6 Implementation with
Least Cost Funding
Internet Associates, LLC A Certified VOSB
November 13, 2012 •©2012 Internet Associates, LLC; All Rights Reserved..
John L Lee, CTO
Co-Chair, IPv6 Address Planning Team, ACT-IAC,
Federal IPv6 Task Force
Disclaimer
The opinions contained in this brief are
those of the author and do not reflect an
official position of the United States
Government, ACT-IAC, Internet Associates
or any other entity
2
USG IPv6 Strategy
Integration with other CIO/IT initiatives
Integral to Digital Government
DNSSEC, Trusted Internet Connection (TIC)
No or small incremental costs for v6
deployment – this is a funded initiative
Federal Acquisition Regulations (FAR)
Federal Enterprise Architecture (FEA)
Sustainment and Technology refresh dollars
Conformance Testing 3
USG IPv6 Timeline
1994 Forward - USG involved in Next Gen Network
Oct. 2003 - DoD mandates IPv6
August 2005 - Memorandum M-05-22, “Transition Planning
for Internet Protocol Version 6 (IPv6)” (June 2008)
June 2008 - IPv6 traffic passed on USG backbones
May 2009 - Initial release of Roadmap Document
Dec. 2009 - FAR IPv6 regulations go into affect
Sept. 2010 - OMB Memo on “Transition to IPv6”
July 2012 - Version 2.0 Roadmap Document Released
Sept. 2012 - 35% of USG Domains
Sept. 2014 - v6 supported on certain backbone elements 4
Federal IPv6 Task Force
5
6
is a non-profit, public-private partnership dedicated to
improving government through the application of
information technology. ACT-IAC provides an objective,
ethical and trusted forum where government and industry
exchange information and collaborate on technology
issues in the public sector
Networks & Telecommunications SIG
IPv6 Working Group
Address Management
Project Plan
Security
FAR IPv6 Requirements FAR 7.105(b)(4)
(iii) For information technology acquisitions using Internet Protocol, discuss whether the requirements
documents include the Internet Protocol compliance requirements specified in 11.002(g) or a waiver of these
requirements has been granted by the agency’s Chief Information Officer.
FAR 11.002(g)
(g) Unless the agency Chief Information Officer waives the requirement, when acquiring information technology
using Internet Protocol, the requirements documents must include reference to the appropriate technical
capabilities defined in the USGv6 Profile (NIST Special Publication 500-267) and the corresponding
declarations of conformance defined in the USGv6 Test Program. The applicability of IPv6 to agency networks,
infrastructure, and applications specific to individual acquisitions will be in accordance with standards identified
in the agency’s Enterprise Architecture (see OMB Memorandum M-05-22 dated August 2, 2005).
FAR 12.202(e)
(e) When acquiring information technology using Internet Protocol, agencies must include the appropriate
Internet Protocol compliance requirements in accordance with 11.002(g).
FAR 39.101(e)
(e) When acquiring information technology using Internet Protocol, agencies must include the appropriate
Internet Protocol compliance requirements in accordance with 11.002(g).
7
Federal CIO Initiatives
Digital Government -Building a 21st Century
Platform to Better Serve the American
People
IT Modernization, USG Configuration
Baseline, HSPD-12 ( Secure ID)
Cloud Computing: Cloud First Strategy
Federal Data Center Consolidation Initiative
(FDCCI)
Server, Appliance or Virtual Machine 8
Federal CIO Initiatives …
2012 Planning Guide/Roadmap Toward
IPv6 Adoption within the U.S. Government
Supports a Central Addressing Authority
Secure Network wide Access
Automated IP Address Planning, Design,
Management and Deployment
Multi-vendor DNS, DHCP AND AAA
Auto generation of A, AAAA and reverse zone RR
9
This is not your fathers v4
network …
Do not apply v4 thinking and design
constraints to v6 networks
Ron Broersma, DREN Chief Engineer
10
Network Reliability Categories National Command Authority
Life Safety FAA, Medical, Fire, Police
Service Provider 5,000 - 10,000
Enterprise 100 - 1,000
“Home” or Subscriber 1 - 10
Service Provider Network Requirements
Designed, Engineered, Secured and Tested
Integrated, Automated systems
Two vendor policy for devices, network services
(DNS, DHCP, AAA) and circuits
11
IP Address List
IP Address List IP Address List
Operating Support Systems
Cyber Security
Network Management
Device Inventory
Device & Interface Config
Device OS
Device Status
Interface Status
Identity Management
Security Policy
BGP & DNS SEC
12
IP Address
Lifecycle
Management
Operating Support Systems
Cyber Security
Network Management
Device Inventory
Device & Interface Config
Device OS
Device Status
Interface Status
Identity Management
Security Policy
BGP & DNS SEC
DNS
DHCP
Firewall Config
Firewall Rules
Net Flow
System Events & Logs
Security Events & Logs
13
14 14
20 Critical Controls – Consensus Audit
Guidelines
Inventory for Authorized & Unauthorized
Devices & Software (1&2)
Secure Configurations for Hardware & Software
on Laptops, Workstations & Servers (3)
Secure Configurations for Network Devices such
as Firewalls, Routers & Switches (4)
Boundary Defense (5)
Maintenance, Monitoring, and Analysis of
Security Audit Logs (6)
15 15
20 Critical Controls – Consensus Audit
Guidelines …
Continuous Vulnerability Assessment &
Remediation (10)
Account Monitoring & Control (11)
Malware Defenses (12)
Limitation & Control of Network Ports, Protocols
& Services (13)
Wireless Device Control (14)
Secure Network Engineering (16)
Penetration Tests and Red Team Exercises (17)
16 16
Cyber Security Eco-System
•*IPal Technology is covered under U.S. Patents 7,127,505, 7,330,907, 7,523,189, 7,558,881, 7,739,406 and other US and International Patents Pending.
USG Stats as of Sept. 2012 The official repository of USG domains, data.gov has
~1,500 domain and sub-domains.
~800 domains made some progress in operational
deployment. Those domains span dozens of distinct
enterprises, CIO shops, vendor/contractors and
deployment environments.
~30% of public web .gov sites monitored are IPv6 enabled.
Scores of commercial products have been conformance
and interoperability tested through the USGv6 Program.
http://www-x.antd.nist.gov/usgv6/products.html
If you look at the historical graphs, you will see significant
progress over the last 6 months. http://usgv6-
deployment.antd.nist.gov/cgi-bin/generate-gov 17
Resources
Planning Guide/Roadmap Toward IPv6
Adoption within the U.S. Government https://cio.gov/wp-
content/uploads/downloads/2012/09/2012_IPv6_Roa
dmap_FINAL_20120712.pdf
Digital Government Initiative http://www.whitehouse.gov/sites/default/files/omb/ego
v/digital-government/digital-government.html
18
Industry Contributors Chris Chroniger – Chair Acentia
Dale Geesey Auspex Technologies
Kenny Burroughs Internet Associates
Barry Chapman Acentia
Jeremy Duncan Salient Federal
TJ Evans Nephos6
Joe Klein QinetiQ, North America
Tim Owen SMS
Chip Popoviciu Nephos6
Yanick Pouffary HP
Yurie Rich Nephos6
Kristofer Smith Auspex Technologies
Frank Troy Troy Networks
Ralph Wallace White Oak Consulting
19
Contact Information
John L. Lee, CTO
+1-678-488-6085
Internet Associates, LLC
+1-855-GET-IPV6
+1-770-495-0953
20