SYZYGY Engineering 9 Site Multihoming ISP - A 2001:A010::/32 IPv6 Internet 2001::/16 ISP - C is not allowed to advertise ISP - A’s routes Corporation Only announces the /32 prefix Syzygy Engineering ISP - B 2001:B010::/32 ISP - C 2001:C010::/ :A010:0001:/ :B010:0001:/ :C010:0001:/48
SYZYGY Engineering 10 Policy Proposal : Provider-independent IPv6 Assignments for End Sites Direct assignments from ARIN to end-user organizations – Criteria To qualify for a direct assignment, an organization must: not be an IPv6 LIR; and qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy currently in effect. – Initial assignment size Organizations that meet the direct assignment criteria are eligible to receive a direct assignment. The minimum size of the assignment is /48. Organizations requesting a larger assignment must provide documentation justifying the need for additional subnets. These assignments shall be made from a distinctly identified prefix and shall be made with a reservation for growth of at least a /44. – Subsequent assignment size Additional assignments may be made when the need for additional subnets is justified. When possible, assignments will be made from an adjacent address block.
SYZYGY Engineering 12 Transition and Operations Costs Cost Difference Between IPv4 / IPv6 Operations Title of TalkSource: PC of Japan Transition Cost
SYZYGY Engineering 13 IP Address Status in China Total IPv4 address (unit 1) Total IPv4 address Chinese Population (unit 1 million) 3,746,304 5,409,280 7,555,584 13,269,504 21,534,208 29,002,240 41,456, Data source: CNNIC, Dec.2003 “IPv6 is good for China and China is good for IPv6. China brings the scale needed for IPv6. IPv6 killer application will occur in China firstly" - Latif Ladid--IPv6 Forum President
SYZYGY Engineering 14 IPv6 Transition Plan Unclassified, For Official Use Only https://disronline.disa.mil/a/DISR/docs/secure/DoD-IPv6_Transition_Plan_v1_0_ _update1.pdf Contents Overall Transition Strategy IPv6 Transition Governance Acquisition and Procurement of IPv6 Capabilities Networking and Infrastructure Addressing Information Assurance Pilots, Testing and Demonstrations Applications Standards Training
SYZYGY Engineering 15 IPv6 Transition Plan https://disronline.disa.mil/a/DISR/docs/secure/DoD_IPv6_Transition_Plan_v2_Final.pdf
SYZYGY Engineering 16 Potential Showstoppers to Fully IP-based Tactical Operations Today Further research in the following areas is required in order to enhance the IPv6 protocol suite to support Network Enabled Command: –Embedding/ Encapsulation of legacy systems by means of interoperable gateways –Potential of Anycast Addressing to foster SOA, Service Discovery protocols such as IPSec Discovery need standardization; –Global IP Security Architecture needs to encompass both deployable and highly dynamic domains supporting all kinds of host and network mobility, Scalable Tactical PKI, e.g. CA and distributed Sub-CAs; –Optimization of MANET routing mechanisms, Need to find a compromise between low routing overhead of reactive routing and instant route availability of proactive routing, True multicast routing in the mobile domain; –QoS that considers the heterogeneous (e.g. in terms of bandwidth and latency) and dynamic availability of communication links, –Work on standardized service interoperability profiles; –IPv6 (multicast) enabled applications.
SYZYGY Engineering 17 v4/v6 Co-Existence Strategy? Source: Sinead O’Donovan,Product Unit Manager Windows Networking Microsoft
SYZYGY Engineering 20 New “IPv6 Capable” Definition – A product must meet the IPv6 base requirements (defined in “DoD IPv6 Standard Profiles for IPv6 Capable Products”) and support requirements for one (or more) product categories. –e.g. Workstations, routers, switches, security devices, firewalls, etc... And support the IPv6 version of any IPv6 protocol functional categories required for its function within the DoD Global Information Grid (GIG) Official Site –(May require Certificate or Common Access Card to obtain access –Otherwise try
SYZYGY Engineering 26 Security Security Bandwidth Utilization Security Performance Tunnels Tunnels Tunnels and more Tunnels Performance Security User turns OFF Security to make system usable! Thus, we need more bandwidth to ensure security. PAYLOADHEADER ORIGINAL PACKET HEADER VIRTUAL PRIVATE NETWORK HEADER ENCRYPTION AT THE NETWORK LAYER HEADER ENCRYPTION ON THE RF LINK Source – Will Ivancic
SYZYGY Engineering 27 Realities of ROI and Security Network Security itself does not provide any type of ROI – it is about cost management Example – You buy a Picasso straight from the artist and a safe to store it in. The safe adds no value to the painting – only helps prevent its loss (i.e. a cost to you) An organization that fails to adequately prepare a robust security solution faces potential loss from: –Lost productivity/Lost e-commerce revenue –Regulatory penalties –Tort litigation –Long-term business loss from lost customer confidence Source – Yurie Rich CommandInformation
SYZYGY Engineering 28 IPsec In non-static environments such as mobile and ad hoc networks, your address no longer identifies you! Source – Merike Kaeo