Software rules provide more flexibility, enhanced security.
The U.S. Defense Department’s transition to Internet protocol version 6 (IPv6) will greatly increase the number of addresses that can be assigned to personnel and equipment. IPv6’s automated configuration capabilities and security features also allow administrators to distinguish and prioritize data traffic based on the user’s authorization and the type of packets being sent.
The U.S. Defense Department is migrating to an updated version of the Internet protocol that will efficiently connect warfighters and their equipment to theater and global data networks. Internet protocol version 6, or IPv6, can support an unlimited number of site addresses for wireless communications devices, remote sensors, vehicles and precision-guided munitions while offering enhanced security and administrative features.
A key feature of network-centric warfare is the ability to provide individual soldiers and commanders with relevant timely information. But pushing information to users on the battlefield is difficult because the number of items that can link to the network exceeds the current messaging protocol’s ability to assign addresses. Technologies that allow wireless systems to plug into tactical and theater networks seamlessly without straining resources may permit the military to deploy more network-enabled devices.
The ongoing transition to IPv6 is an important step in realizing the
To meet this goal, it was essential to connect personnel at the edge of the network by providing them with technologies that allow them to pull data as needed, as opposed to pushing information to them. On a larger scale, the official notes that the secretary’s vision also sought to build an agile, robust, interoperable and collaborative Defense Department. “It really involves the transformation of doctrine, organization, training, material, leadership, personnel and facilities. You have to build all of that into this IPv6 transition to achieve the net-centric vision,” the official says.
IPv6 has several advantages over Internet protocol version 4 (IPv4), which is currently in use throughout the
IPv6 also features enhanced security capabilities to ensure that end-to-end communications are authenticated and encrypted, something IPv4 does not provide. The Defense Department has unique security requirements and that additional network protection will most likely be provided for some applications, the official says.
Mobile communications with dynamic ad hoc networks are another area where IPv6 has advantages because this type of networking is not possible under the current protocol. IPv6 will provide individual soldiers, vehicles and equipment with unique addresses that can be accessed regardless of geographic location. Users can be integrated into a combat network quickly. For example, a soldier leaving
The new protocol also allows theater communications networks to be created in significantly less time than with IPv4. The official notes that setting up communications and data networks in
IPv6 also provides an end-to-end functionality with features such as policy-based networking and quality of service with priority and pre-emption. “IPv6 allows us to distinguish the priority of a data packet so that, through policy-based networking, we can assign priority to video, voice and data packets and the network knows what has priority and under what circumstances,” he explains.
|Because IPv6 supports a nearly unlimited number of Internet protocol addresses, it has application to mobile wireless networking. This is especially useful to warfighters operating at the fringes of tactical networks. The protocol allows a variety of equipment, such as radios, vehicles, handheld wireless devices and sensors, to plug into battlefield networks.|
The official defines IPv6-capable equipment as a system or product able to receive, process and forward IPv6 packets and/or interface with other systems and protocols in a manner similar to IPv4. To meet the necessary criteria, software and equipment must conform to the IPv6 standards profile contained in the Defense Department standards registry, maintain interoperability in a heterogeneous environment with IPv4, upgrade as the standard evolves and provide contractor and vendor technical support. “That doesn’t mean if you buy a router today, that IPv6 must be turned on to meet the policy mandate to buy IPv6-capable products. But you need to have the capability once you decide to go to IPv6,” he says.
To smooth this complex transition, the Defense Information Systems Agency has been asked to develop a schedule for major programs and networks to move to IPv6 by 2008 and beyond. Although specific networks and major programs have been studied, timetables have not been established, the official says.
The transition has three phases. The current stage of the effort focuses on supporting IPv4. This will be followed by a second phase where IPv4 and IPv6 will operate together. During the second phase, IPv6 and IPv4 users must have systems that are backward and forward compatible between both protocols. The Defense Department also is examining a number of transition mechanisms such as dual-stack and tunneling operations to provide interoperability. The official believes this transitional stage will last for a number of years.
The last phase of the transition will take place when the majority of the department’s equipment and software is operating IPv6. The official cautions that the time frame for this transition is still being worked out, but he predicts that it will be some years before the majority of the department’s systems will operate IPv6.
Training and doctrine also play a major role in the transition. Organizational changes will be necessary for the transition, the official speculates, but notes that the specifics are still being discussed. However, he believes that training probably will not be a significant issue because it requires mainly a change in the protocol, and many of the network management protocols are derived from IPv4.
Interoperability with coalition allies is another consideration as the government shifts protocols. The official notes that working groups within NATO are addressing the IPv6 transition with emphasis on backward compatibility to IPv4.
Industry Meets Protocol Transition Challenge
Besides affecting the U.S. Defense Department, the transition to Internet protocol version 6 (IPv6) has a profound impact on the firms providing technical services and support to government customers. Because the transition has been underway for several years, some longtime government contractors, such as Juniper Networks,
Juniper has been involved with IPv6 from its early stages and is now providing routing products based on the new protocol, explains Alan Bavosa, the senior product-line manager for Juniper’s Security Products Group. Juniper has developed an operating system called Screen OS that runs on its NetScreen platforms. Screen OS is a proprietary operating system designed for high-performance hardware acceleration. It runs on all of the NetScreen platforms and has IPv6 built into it. “The primary purpose of it is to provide the same capabilities that we have for IPv4 traffic in terms of securing that traffic and to provide that capability to secure IPv6 traffic,” he says.
The security application provides firewall functionality against threats such as denial of service attacks transmitted over IPv6 packets. It offers virtual private network encryption functionality and features all of the basic networking elements necessary to deploy IPv6 in a production network. These components include routing and address allocation. It can work with both protocols.
Bavosa describes the ability to switch between the protocols as a dual-stack approach that allows a device and its software to operate IPv4 and IPv6 simultaneously. “That’s where we’re really important in the transition to IPv6 because we don’t believe in rip-and-replace network upgrades. We think it’s unrealistic for any company of any size to completely transition to IPv6 overnight. It’s not practical, it’s not affordable—it’s not possible,” he maintains.
Juniper’s solution is geared toward making this transition progress as smoothly as possible. Bavosa notes that the product includes transition mechanisms, which he refers to as v4 and v6 tunneling and translation. “When you’re tunneling, you’re essentially taking an IPv6 packet and encapsulating it inside an IPv4 packet and then routing it across the wide area network. To all the network devices that do not speak IPv6, this looks like an IPv4 packet,” he explains.
Bavosa notes that these two tools can complement each other or operate alone, depending on a customer’s network architecture. To translate a packet, its address is changed from an IPv4 address to one in IPv6. Juniper’s IPv6 products have been available for more than two years.
IPv6 also has auto-configuration features that allow networks to be set up more easily. Bavosa cautions that the protocol is not completely automated and that some manual configuration is still necessary, but not to the extent required by IPv4. Additionally, the new protocol easily fits into wireless applications because its large address capability allows any number of devices to form a network.