190 likes | 374 Views
2. A brief history and chronology. The Internet is a worldwide network of networks comprised of servers, routers, and backbone networksThe basic function of the Internet is to transmit packets of information across interconnected networks via:AddressingFragmentation of dataThe two primary proto
E N D
1. 1 Architecting Next-generation Internet Technologies IPv6 was initially developed in the early 1990s because of the anticipated need for more addresses based on forecasted Internet growth:
cell phone deployment
PDA introduction,
smart appliances, and
billions of new users in developing countries, e.g. China, India, and so on.
The Internet was designed in part to provide a communications network that would work even if some of the sites were destroyed by nuclear attack. If the most direct route was not available, routers would direct traffic around the network via alternate routes.
The Internet matured in the 70's as a result of the TCP/IP architecture first proposed by Bob Kahn at BBN and further developed by Kahn and Vint Cerf at Stanford and others throughout the 70's. It was adopted by the Defense Department in 1980 replacing the earlier Network Control Protocol (NCP) and universally adopted by 1983.
The development in 1993 of the graphical browser Mosaic by Marc Andreessen and his team at the National Center for Supercomputing Applications (NCSA) gave the protocol its big boost. Later, Andreessen moved to become the brains behind Netscape Corp., which produced the most successful graphical type of browser and server until Microsoft declared war and developed its Microsoft Internet Explorer.
IPv6 was initially developed in the early 1990s because of the anticipated need for more addresses based on forecasted Internet growth:
cell phone deployment
PDA introduction,
smart appliances, and
billions of new users in developing countries, e.g. China, India, and so on.
The Internet was designed in part to provide a communications network that would work even if some of the sites were destroyed by nuclear attack. If the most direct route was not available, routers would direct traffic around the network via alternate routes.
The Internet matured in the 70's as a result of the TCP/IP architecture first proposed by Bob Kahn at BBN and further developed by Kahn and Vint Cerf at Stanford and others throughout the 70's. It was adopted by the Defense Department in 1980 replacing the earlier Network Control Protocol (NCP) and universally adopted by 1983.
The development in 1993 of the graphical browser Mosaic by Marc Andreessen and his team at the National Center for Supercomputing Applications (NCSA) gave the protocol its big boost. Later, Andreessen moved to become the brains behind Netscape Corp., which produced the most successful graphical type of browser and server until Microsoft declared war and developed its Microsoft Internet Explorer.
2. 2 A brief history and chronology
The Internet is a worldwide network of networks comprised of servers, routers, and backbone networks
The basic function of the Internet is to transmit packets of information across interconnected networks via:
Addressing
Fragmentation of data
The two primary protocols enable these packets to traverse the Internet: TCP and IP
In February 2003, the Presidents National Strategy to Secure Cyberspace commenced the government wide effort to address IPv6
In May 2005, the GAO-05-471 informed Congress on the state of the federal IPv6 landscape and recommended that OMB begin addressing key planning considerations for an IPv6 transition
In August 2005, OMB released M-05-22 requiring to begin the transition to IPv6 on core network backbones
In September 2008, NIST published A Profile for IPv6 in the U.S. Government Version 1.0 to assist Federal agencies in formulating plans for the acquisition of IPv6 technologies
Geographic-based Numbering and Routing Approaches:
U.S. Postal Service uses a form of routing via the zip code system
Phone calls are routed based on hierarchical addressed phone numbers
TCP: decomposes data into packets and ensures that they are reassembled properly at the destination
IP: guides or routes the packets through the Internet
National Strategy to Secure Cyberspace:
Secure the mechanisms of the Internet by improving protocols and routing
Our economy and national security became fully dependent upon information technology and the information infrastructure
All sectors share the Internet
all are at risk if its mechanisms (e.g. protocols and routers) are not secure
The WWW is a planetary information grid of systems. Internationally shared standards enable interoperability among the worlds computer systemsGeographic-based Numbering and Routing Approaches:
U.S. Postal Service uses a form of routing via the zip code system
Phone calls are routed based on hierarchical addressed phone numbers
TCP: decomposes data into packets and ensures that they are reassembled properly at the destination
IP: guides or routes the packets through the Internet
National Strategy to Secure Cyberspace:
Secure the mechanisms of the Internet by improving protocols and routing
Our economy and national security became fully dependent upon information technology and the information infrastructure
All sectors share the Internet
all are at risk if its mechanisms (e.g. protocols and routers) are not secure
The WWW is a planetary information grid of systems. Internationally shared standards enable interoperability among the worlds computer systems
3. 3 Implications of not using IPv6
Despite the wide-scale deployment of Network Address Translation (NAT) at Federal agencies and within the United States, the worldwide consumption of the IPv4 address pool continues at an accelerating rate
IPv4 address space is projected to run out in or before 2011
Moreover, the current community (IPv4) may not be able to talk to the future Internet community (IPv6) effectively, which could splinter the Internet
Agencies may not be prepared for dramatic changes brought about by IPv6 in commercial and international markets ICANN - Internet Corporation for Assigned Names and Numbers:
oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. government by other organizations, notably the Internet Assigned Numbers Authority IANA.
IANA - Internet Assigned Numbers Authority
oversees global IP address allocation, DNS root zone management, media types, and other Internet protocol assignments. It is operated by ICANN.
RIR- Regional Internet Registry
overseeing the allocation and registration of Internet number resources within a particular region of the world
American Registry for Internet Numbers (ARIN for North America and parts of the Caribbean
RIPE Network Coordination Centre (RIPE NCC) [2] for Europe, the Middle East and Central Asia
Asia-Pacific Network Information Centre (APNIC) for Asia and the Pacific region
Latin American and Caribbean Internet Address Registry (LACNIC) for Latin America and parts of the Caribbean region
African Network Information Centre (AfriNIC) for Africa
IANA delegates Internet resources to the RIRs, and in turn, the RIRs follow their regional policies for further sub-delegation of resources to their customers, which include Internet service providers and end-user organizations
Globally unique IP addresses:
ultimately connect to one another without conflict
.Private IPv4 addresses are not globally unique or routable
Improved Connectivity:
bring back end-to-end controlled communications across a transparent network infrastructure
Rapid Automatic Address Configuration (ad-hoc):
unique link-local IPv6 address (suitable for communicating with other hosts on the subnet) without relying on the presence of a router or DHCP server to centrally assign addresses on that network
BENEFITS:
Expanded addressing capabilities
Server-less autoconfiguration (plug-and-play) and reconfiguration
More efficient and robust mobility mechanisms
End-to-end security, with built-in, strong IP-layer encryption and authentication
Streamlined header format and flow identification
Enhanced support for multicast and QoS
Extensibility: improved support for options/extensions
IPv6 has more capabilities built into its foundation than IPv4
consumers look for plug-and-play simplicity, collaboration, and mobility
IPv6 is a natural convergence protocol for tomorrows IP-centric world!
EXAMPLE: asset management via networks versus manually walking aroundICANN - Internet Corporation for Assigned Names and Numbers:
oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. government by other organizations, notably the Internet Assigned Numbers Authority IANA.
IANA - Internet Assigned Numbers Authority
oversees global IP address allocation, DNS root zone management, media types, and other Internet protocol assignments. It is operated by ICANN.
RIR- Regional Internet Registry
overseeing the allocation and registration of Internet number resources within a particular region of the world
American Registry for Internet Numbers (ARIN for North America and parts of the Caribbean
RIPE Network Coordination Centre (RIPE NCC) [2] for Europe, the Middle East and Central Asia
Asia-Pacific Network Information Centre (APNIC) for Asia and the Pacific region
Latin American and Caribbean Internet Address Registry (LACNIC) for Latin America and parts of the Caribbean region
African Network Information Centre (AfriNIC) for Africa
IANA delegates Internet resources to the RIRs, and in turn, the RIRs follow their regional policies for further sub-delegation of resources to their customers, which include Internet service providers and end-user organizations
Globally unique IP addresses:
ultimately connect to one another without conflict
.Private IPv4 addresses are not globally unique or routable
Improved Connectivity:
bring back end-to-end controlled communications across a transparent network infrastructure
Rapid Automatic Address Configuration (ad-hoc):
unique link-local IPv6 address (suitable for communicating with other hosts on the subnet) without relying on the presence of a router or DHCP server to centrally assign addresses on that network
BENEFITS:
Expanded addressing capabilities
Server-less autoconfiguration (plug-and-play) and reconfiguration
More efficient and robust mobility mechanisms
End-to-end security, with built-in, strong IP-layer encryption and authentication
Streamlined header format and flow identification
Enhanced support for multicast and QoS
Extensibility: improved support for options/extensions
IPv6 has more capabilities built into its foundation than IPv4
consumers look for plug-and-play simplicity, collaboration, and mobility
IPv6 is a natural convergence protocol for tomorrows IP-centric world!
EXAMPLE: asset management via networks versus manually walking around
4. 4 Exponentially More Addresses
IPv4:
4,294,967,296
IPv6:
340,282,366,920,938,463,374,607,432,768,211,456
Data is transmitted based on IP numbers
Federal agencies should become early adopters of new, more secure systems and protocols where appropriate
DNS was developed to simplify the management of IP addresses via domains and a structured hierarchical addressing schema
National Strategy to Secure Cyberspace:
Improve the Security and Resilience of Key Internet Protocols
IP, DNS, and BGP
Promote Improved Internet Routing
DoS attacks that overwhelm a routers processing capability
preventing control data from reaching the router
Encourage increased use of address verification and out-of-band mgmt
to counter DoS attacks
Carriers and service providers are encouraged to independently and collectively continue to analyze their networks to strengthen reliability and intentional redundancy
As telephones and mobile devices incorporate more sophisticated operating systems and connectivity they may require security features to prevent their exploitation for distributed attacks on mobile networks and even the InternetData is transmitted based on IP numbers
Federal agencies should become early adopters of new, more secure systems and protocols where appropriate
DNS was developed to simplify the management of IP addresses via domains and a structured hierarchical addressing schema
National Strategy to Secure Cyberspace:
Improve the Security and Resilience of Key Internet Protocols
IP, DNS, and BGP
Promote Improved Internet Routing
DoS attacks that overwhelm a routers processing capability
preventing control data from reaching the router
Encourage increased use of address verification and out-of-band mgmt
to counter DoS attacks
Carriers and service providers are encouraged to independently and collectively continue to analyze their networks to strengthen reliability and intentional redundancy
As telephones and mobile devices incorporate more sophisticated operating systems and connectivity they may require security features to prevent their exploitation for distributed attacks on mobile networks and even the Internet
5. 5 Phase I was about
Culminating a 35-month initiative to begin migrating the federal government to the next generation Internet
Integrating the next generation Internet protocol into core backbone network infrastructure
Substantiating an enterprise architecture framework for IPv6 adoption
Building momentum for Phase II
EAAF is a framework for measuring agency efforts to use information and IT to improve agency performance in four (4) ways:
Closing mission performance gaps identified via agency performance improvement and strategic planning activities
Saving money and avoiding cost through
Collaboration and reuse
Process reengineering and productivity enhancements
Elimination of redundancy
Strengthening the quality of investments within agency portfolios as reflected in critical attributes in including: security interoperability, reliability availability end-user performance, flexibility, serviceability, and reduced time and cost to deliver new services and solutions
Improving the quality, validity, and timeliness of program performance output and outcome, program planning and management, and cost accounting data and information
Of the 13 categories evaluated in the OMB EAAF (2007), IPv6 was one of the two highest average scores among all agencies (INPUT federal Industry Analysis, 2008)
Presidents FY09 Budget:
~70B in annual spending
~20B in Development, Modernization, and Enhancement (DME) funding
EAAF is a framework for measuring agency efforts to use information and IT to improve agency performance in four (4) ways:
Closing mission performance gaps identified via agency performance improvement and strategic planning activities
Saving money and avoiding cost through
Collaboration and reuse
Process reengineering and productivity enhancements
Elimination of redundancy
Strengthening the quality of investments within agency portfolios as reflected in critical attributes in including: security interoperability, reliability availability end-user performance, flexibility, serviceability, and reduced time and cost to deliver new services and solutions
Improving the quality, validity, and timeliness of program performance output and outcome, program planning and management, and cost accounting data and information
Of the 13 categories evaluated in the OMB EAAF (2007), IPv6 was one of the two highest average scores among all agencies (INPUT federal Industry Analysis, 2008)
Presidents FY09 Budget:
~70B in annual spending
~20B in Development, Modernization, and Enhancement (DME) funding
6. 6 IPv6 Market Trends
IPv4 Address space depletion
Operating system releases with v6 on and preferred by default
Explosion of connected appliances
Earth population trend: 6B (now) to 9B (2050)
National IT strategies:
M 05-22
E.U. Recommendations
China Next Generation Internet
E-Japan
Korea IT-839
transition to a converged, fully multimedia-enabled, real-time packet-based communication infrastructure for both enterprise networks and for carriers network environments in support of commercial-grade real-time voice, commercial-grade video, and commercial-grade Video-On-Demand (VOD) services.
these converged networks will allow for voice, video, data and images to be delivered anywhere in the world, at any time, and with any kind of users communication deice and network access service.
Mobility Support
Presence-related functions
Unified Messaging
Virtual Contact Centers
Triple-Play Applications
2 problems:
lack of de facto intrinsic QoS in many of the IPnetworks deployed around the globe (both at the carrier and enterprise levels)
end-to-end integrity of the signaling and bearer path for VoIP, specifically VoIP packets being carried across firewalls (protocol itself and NAT issues)
National IT Strategies:
Korea IT839: strategy, which covers eight services, three types of infrastructure and nine products for Wireless Broadband, RFID, digital multimedia broadcasting, The u-Korea (ubiquitous communications) project plans will allow people to communicate and access information anywhere and anytime.
E-Japan: create a "knowledge-emergent society," where everyone can actively utilize information technology (IT) and fully enjoy its benefits. We will strive to establish an environment where the private sector, based on market forces, can exert its full potential and make Japan the world's most advanced IT nation within five years by: 1) building an ultra high-speed Internet network and providing constant Internet access at the earliest date possible, 2) establishing rules on electronic commerce, 3) realizing an electronic government and 4) nurturing high-quality human resources for the new era.
China's Next Generation Internet (CNGI): project is a 5-year plan initiated by the Chinese government with the purpose of gaining a significant position in cyberspace through the early adoption of IPv6. The U.S. has almost one third of the theoretical maximum IPv4 addresses while China has more high-speed Internet users than IP addresses and the largest Internet user base of any country. China is showcasing CNGI and the IPv6 network infrastructure at the 2008 Olympics. Everything from security cameras, taxis, to the Olympic events cameras are networked by IPv6; the events are streamed live over the Internet while networked cars are able to monitor traffic conditions readily.
E.U. Recommendations: The European Commission encourages the widespread adoption of its sixth version, the Internet Protocol version 6 (IPv6) on the basis of a specific action plan that should be fully implemented by 2010.
transition to a converged, fully multimedia-enabled, real-time packet-based communication infrastructure for both enterprise networks and for carriers network environments in support of commercial-grade real-time voice, commercial-grade video, and commercial-grade Video-On-Demand (VOD) services.
these converged networks will allow for voice, video, data and images to be delivered anywhere in the world, at any time, and with any kind of users communication deice and network access service.
Mobility Support
Presence-related functions
Unified Messaging
Virtual Contact Centers
Triple-Play Applications
2 problems:
lack of de facto intrinsic QoS in many of the IPnetworks deployed around the globe (both at the carrier and enterprise levels)
end-to-end integrity of the signaling and bearer path for VoIP, specifically VoIP packets being carried across firewalls (protocol itself and NAT issues)
National IT Strategies:
Korea IT839: strategy, which covers eight services, three types of infrastructure and nine products for Wireless Broadband, RFID, digital multimedia broadcasting, The u-Korea (ubiquitous communications) project plans will allow people to communicate and access information anywhere and anytime.
E-Japan: create a "knowledge-emergent society," where everyone can actively utilize information technology (IT) and fully enjoy its benefits. We will strive to establish an environment where the private sector, based on market forces, can exert its full potential and make Japan the world's most advanced IT nation within five years by: 1) building an ultra high-speed Internet network and providing constant Internet access at the earliest date possible, 2) establishing rules on electronic commerce, 3) realizing an electronic government and 4) nurturing high-quality human resources for the new era.
China's Next Generation Internet (CNGI): project is a 5-year plan initiated by the Chinese government with the purpose of gaining a significant position in cyberspace through the early adoption of IPv6. The U.S. has almost one third of the theoretical maximum IPv4 addresses while China has more high-speed Internet users than IP addresses and the largest Internet user base of any country. China is showcasing CNGI and the IPv6 network infrastructure at the 2008 Olympics. Everything from security cameras, taxis, to the Olympic events cameras are networked by IPv6; the events are streamed live over the Internet while networked cars are able to monitor traffic conditions readily.
E.U. Recommendations: The European Commission encourages the widespread adoption of its sixth version, the Internet Protocol version 6 (IPv6) on the basis of a specific action plan that should be fully implemented by 2010.
7. 7 IT Predictions for 2008
Web 2.0 evolution
Infrastructure optimization/modernization
Information Sharing/Collaboration
Distance Learning
IT Security
Wireless and Mobile communications
Virtualization
Green IT
Broad use of telework
Web 2.0:
Tools collaborative web technologies (for information sharing)
Wikis, Blogs, Communities of Interest, Social Networking
Environment (for information sharing)
SoA, SaaS
Infrastructure optimization/modernization:
Move from steady-state to DME
Information Sharing/Collaboration (aka Government 2.0)
Leveraging the web as the platform for activity
Harnessing collective intelligence
Leveraging highly available data
Using radical new application models (especially development)
Distance Learning
Geographical dispersion, travel costs
Cybersecurity
According to INPUT, The Presidents proposed FY 2009 budgets show that $103 out of every $1,000 requested for IT spending next year roughly $7.3 billion in total will be spent on improving IT security. That represents 9.8% more than what was spent in FY 2008, and 73% more than the $4.2 billion budget for cyber security in FY 2004
Issued under a classified joint directive on January 8, 2008, the National Security Agency (NSA) is being tasked with monitoring the internet traffic of all government agencies. The White House is taking this proactive approach after a number of agencies have failed to defend against an increasing progression of attacks on government networks.
Wireless and Mobile communications:
Defense, Emergency Response, and Law Enforcement
Virtualization:
leverage new server technology that allows multiple operating systems to use the same hardware rather than needing independent servers. In essence, a single server can be split into several virtual servers to maximize use of the processing power. Significant savings can be achieved through reduced hardware and data center space requirements as well as faster provisioning of services. Several issues such as security and unexpected peak load issues make adopting virtualization more difficulty, but the speed and relative ease of the payback has led agencies to rush toward virtualization investments.
Green IT:
cast as green for the beneficial effects on the environment, these strategies are primarily targeted at saving another kind of green money through reduced electricity consumption. Some critics indicate that it is a clever tactic to sell new hardware, but many agencies are finding that using more modern and power-efficient PCs and blade servers can cut their electricity consumption by 20%.
IPv6 Forum Working Group focused on Reducing Global Energy Use by 25% Percent (building design, development, and conro)
Broad use of telework:
Web 2.0:
Tools collaborative web technologies (for information sharing)
Wikis, Blogs, Communities of Interest, Social Networking
Environment (for information sharing)
SoA, SaaS
Infrastructure optimization/modernization:
Move from steady-state to DME
Information Sharing/Collaboration (aka Government 2.0)
Leveraging the web as the platform for activity
Harnessing collective intelligence
Leveraging highly available data
Using radical new application models (especially development)
Distance Learning
Geographical dispersion, travel costs
Cybersecurity
According to INPUT, The Presidents proposed FY 2009 budgets show that $103 out of every $1,000 requested for IT spending next year roughly $7.3 billion in total will be spent on improving IT security. That represents 9.8% more than what was spent in FY 2008, and 73% more than the $4.2 billion budget for cyber security in FY 2004
Issued under a classified joint directive on January 8, 2008, the National Security Agency (NSA) is being tasked with monitoring the internet traffic of all government agencies. The White House is taking this proactive approach after a number of agencies have failed to defend against an increasing progression of attacks on government networks.
Wireless and Mobile communications:
Defense, Emergency Response, and Law Enforcement
Virtualization:
leverage new server technology that allows multiple operating systems to use the same hardware rather than needing independent servers. In essence, a single server can be split into several virtual servers to maximize use of the processing power. Significant savings can be achieved through reduced hardware and data center space requirements as well as faster provisioning of services. Several issues such as security and unexpected peak load issues make adopting virtualization more difficulty, but the speed and relative ease of the payback has led agencies to rush toward virtualization investments.
Green IT:
cast as green for the beneficial effects on the environment, these strategies are primarily targeted at saving another kind of green money through reduced electricity consumption. Some critics indicate that it is a clever tactic to sell new hardware, but many agencies are finding that using more modern and power-efficient PCs and blade servers can cut their electricity consumption by 20%.
IPv6 Forum Working Group focused on Reducing Global Energy Use by 25% Percent (building design, development, and conro)
Broad use of telework:
8. 8 Phase II is about
Deploying secure, end-to-end, shared IPv6-enabled network services
Implementing of the USG standards profile
Developing of an open, public formal testing program for IPv6 technologies
Producing a suite of artifacts via the Federal Enterprise Architecture PMO to guide to guide Federal IPv6 transitions
Coordinating IPv6 initiatives with the IT infrastructure Line of Business (ITILOB)
Utilizing the IT Infrastructure and Information Sharing Segment Architectures to define a to-be IPv6 environment
Reinforcing how EA and Enterprise Transition Plans drive IPv6 Exhibit 300 development
Profile Purpose and Scope:
A strategic planning guide for future acquisitions
Statement of strategic IPv6 technical direction for a large IT user group (USG) and as a potential vehicle for communication to a broad product industry
A complete specification of viable IPv6-capabilities requires reference to hundreds of individual protocol, architecture, and algorithm specifications. (mainly IETF RFCs)
12 Functional Categories of IPv6 Capabilities Compliance
Federal IPv6 Transition Guidance:
The next phase of Federal IPv6 transition is the deployment of secure, end-to-end, shared IPv6-enabled network services supporting core Agency mission applications.
Two resources:
Federal IPv6 Transition Guidance: An update to the February 2006 CIO Council Transition Guide, which:
Defines the Governments future IPv6 Vision, what IPv6-enabled network services are, and their business value
Provides a detailed roadmap and milestones for achieving that vision
Explains IPv6 impact on other Federal Initiatives, such as TIC, HSPD-12, and FDCC
Outlines how to leverage Enterprise Architecture as a planning tool
Describes how OMB will use the Federal Enterprise Architecture Assessment Framework and Quarterly EA Milestone Reporting to measure Agency progress.
IPv6 Portions of the IT Infrastructure Segment Architecture Template:
The IT Infrastructure Segment Architecture Template will provide Agencies with a standardized format for documenting and assessing their IT Infrastructure Target Vision including business requirements/functions, supporting applications and network enhancements, enabling technologies, and expected performance metrics.
The IPv6 Working Group is coordinating with the Federal IT Infrastructure PMO to integrate IPv6-related sections into the ITI Segment Architecture Template. This will allow agencies to develop comprehensive, integrated plans for the deployment of IPv6-enabled network services
The Federal IPv6 Transition Guidance will provide detailed instructions on how to complete the IPv6-related sections of the IT Infrastructure Segment Architecture.
The Federal IPv6 Transition Guidance and will be published for Agency comment by October 31, 2008. The Federal ITI LoB PMO will also publish the final IT Infrastructure Segment Architecture on this day.
These resources will enable agencies to:
Develop concrete plans for Deployment of IPv6-enabled network services using the IT Infrastructure Segment Architecture Template and their Enterprise Transition Strategy Plans. These documents should be submitted to OMB in February 2009 as part of the regular FEA PMO EA Assessment Cycle
Incorporate IPv6 milestones (as defined in their Enterprise Transition Strategy Plans) into their EA Quarterly Milestone Reports due June 2009
Develop and submit Exhibit 300 business cases for investments supporting the deployment of IPv6-enabled network services (as defined in their IT Infrastructure Segment Architectures) by September 2009
Deploy these investments and update their IT Infrastructure Segment Architectures, Transition Strategy Plans, and Milestone Reports accordingly during FY2010 and beyond
Changing the Security Paradigm
End nodes will assume a greater degree of security services as opposed to relying on boundary devices (greater firewall , virus, and intrusion detection capabilities)
Boundary devices will NOT go away
theyll play a critical role as gatekeepers screening for policy breaches and be the front line to shut down unauthorized streams of communication
Agencies should do everything they can to get people to stop memorizing addresses, and creating easy to guess targets for attack
Limiting routing scope is one layer in a security toolbox; Unique Local Addresses (ULAs) are not globally routable and will be used for internal communication
Profile Purpose and Scope:
A strategic planning guide for future acquisitions
Statement of strategic IPv6 technical direction for a large IT user group (USG) and as a potential vehicle for communication to a broad product industry
A complete specification of viable IPv6-capabilities requires reference to hundreds of individual protocol, architecture, and algorithm specifications. (mainly IETF RFCs)
12 Functional Categories of IPv6 Capabilities Compliance
Federal IPv6 Transition Guidance:
The next phase of Federal IPv6 transition is the deployment of secure, end-to-end, shared IPv6-enabled network services supporting core Agency mission applications.
Two resources:
Federal IPv6 Transition Guidance: An update to the February 2006 CIO Council Transition Guide, which:
Defines the Governments future IPv6 Vision, what IPv6-enabled network services are, and their business value
Provides a detailed roadmap and milestones for achieving that vision
Explains IPv6 impact on other Federal Initiatives, such as TIC, HSPD-12, and FDCC
Outlines how to leverage Enterprise Architecture as a planning tool
Describes how OMB will use the Federal Enterprise Architecture Assessment Framework and Quarterly EA Milestone Reporting to measure Agency progress.
IPv6 Portions of the IT Infrastructure Segment Architecture Template:
The IT Infrastructure Segment Architecture Template will provide Agencies with a standardized format for documenting and assessing their IT Infrastructure Target Vision including business requirements/functions, supporting applications and network enhancements, enabling technologies, and expected performance metrics.
The IPv6 Working Group is coordinating with the Federal IT Infrastructure PMO to integrate IPv6-related sections into the ITI Segment Architecture Template. This will allow agencies to develop comprehensive, integrated plans for the deployment of IPv6-enabled network services
The Federal IPv6 Transition Guidance will provide detailed instructions on how to complete the IPv6-related sections of the IT Infrastructure Segment Architecture.
The Federal IPv6 Transition Guidance and will be published for Agency comment by October 31, 2008. The Federal ITI LoB PMO will also publish the final IT Infrastructure Segment Architecture on this day.
These resources will enable agencies to:
Develop concrete plans for Deployment of IPv6-enabled network services using the IT Infrastructure Segment Architecture Template and their Enterprise Transition Strategy Plans. These documents should be submitted to OMB in February 2009 as part of the regular FEA PMO EA Assessment Cycle
Incorporate IPv6 milestones (as defined in their Enterprise Transition Strategy Plans) into their EA Quarterly Milestone Reports due June 2009
Develop and submit Exhibit 300 business cases for investments supporting the deployment of IPv6-enabled network services (as defined in their IT Infrastructure Segment Architectures) by September 2009
Deploy these investments and update their IT Infrastructure Segment Architectures, Transition Strategy Plans, and Milestone Reports accordingly during FY2010 and beyond
Changing the Security Paradigm
End nodes will assume a greater degree of security services as opposed to relying on boundary devices (greater firewall , virus, and intrusion detection capabilities)
Boundary devices will NOT go away
theyll play a critical role as gatekeepers screening for policy breaches and be the front line to shut down unauthorized streams of communication
Agencies should do everything they can to get people to stop memorizing addresses, and creating easy to guess targets for attack
Limiting routing scope is one layer in a security toolbox; Unique Local Addresses (ULAs) are not globally routable and will be used for internal communication
9. 9 IP Security will evolve
The AS-IS:
IP security relies heavily on perimeter devices (firewalls, routers, NAT)
Network-based security is the modus operandi
IP security security constantly adding on to meet requirements
The TO-BE:
Move towards an end-to-end security model via a policy-based trust domains:
a combination of host, application, and network-based security
Boundary devices will servea s gatekeepers screenifn for pokkciy breaches
Nodes will provide firewall, intrusion detection and virus capabilities
Security services can be applied at varying levels of the TCP/IP model
Reliance on a distributed security architecture/model to remove the burden of screening rules at a perimeter firewall
Leverage integrated security that v6 has to offer
Initial Intent of the Internet: End-to-End Security
OVERARCHING GOAL (for a sound Security Policy): Preservation of Confidentiality, Integrity, Accountability, and Availability
Understanding the threats to your enterprise and your vulnerabilities is essential to determining your risk profile, but you must also factor in the value of what you are protecting.
GREATEST THREAT: lack of knowledge and planning
education is key
Adopt a phased approach (leveraging EA and its Architect-Invest-Implement philosophy
AS-IS
IP security today is primarily boundary focused
Control incoming and outgoing communication channels within the enterprise (firewalls, IP-based security perimeter devices)
Use VPNs when geographic dispersion is realized
Assumption is that internal users are good, Internet hosts are treated as hostile
TO-BE (Rearchitect enterprise security solutions
Security Services: Accountability, Authentication, Confidentiality, Integrity, Non-Repudiation, Availability
Moving back to an end-to-end security model
reduce the stovepipe or bootstrapped solutions in use today
Radically change the way information security is viewed and implemented within the enterprise (NAT, firewalls, creating insulation between internal assets and the rest of the world
Transition to v6 provides the best time for agencies to begin re-architecting their enterprise security solution to support end-to-end and other enhanced capabilities; the vision and plans must be developed to achieve maximum value during the initial planning stages of the transition
IPSec is considered a mandatory part of Ipv6 (ubiquitous security layer)
Node and Topology hiding (due to increased address space) mitigating scanning opportunities
Develop an Ipv6 Security Plan
Training, Policy Guidance, Vendors, Boundary security (packet filtering router configurations for v6), Traffic monitoring (sniffers)
Mobility
Mobile Ipv6 may accelerate the proliferation of handheld mobile devices and mobile networks
The key benefit of Mobile IPv6 is that even though the mobile node changes locations and addresses, the existing connections through which the mobile node is communicating are maintained. To accomplish this, connections to mobile nodes are made with a specific address that is always assigned to the mobile node, and through which the mobile node is always reachable. Mobile IPv6 provides Transport layer connection survivability when a node moves from one link to another by performing address maintenance for mobile nodes at the Internet layer. (avoids triangulation routing
like in Mobile Ipv4)
Stateless address autoconfiguration allows IPv6 hosts to configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. When first connected to a network, a host sends a link local multicast router solicitation request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters.[5]
If IPv6 stateless address autoconfiguration (SLAAC) proves unsuitable, a host can use stateful configuration (DHCPv6) or be configured manually. In particular, stateless autoconfiguration is not used by routers, these must be configured manually or by other means.
References
IETF RFC 3775 Mobility Support in IPv6
IETF RFC 3776 Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents
Initial Intent of the Internet: End-to-End Security
OVERARCHING GOAL (for a sound Security Policy): Preservation of Confidentiality, Integrity, Accountability, and Availability
Understanding the threats to your enterprise and your vulnerabilities is essential to determining your risk profile, but you must also factor in the value of what you are protecting.
GREATEST THREAT: lack of knowledge and planning
education is key
Adopt a phased approach (leveraging EA and its Architect-Invest-Implement philosophy
AS-IS
IP security today is primarily boundary focused
Control incoming and outgoing communication channels within the enterprise (firewalls, IP-based security perimeter devices)
Use VPNs when geographic dispersion is realized
Assumption is that internal users are good, Internet hosts are treated as hostile
TO-BE (Rearchitect enterprise security solutions
Security Services: Accountability, Authentication, Confidentiality, Integrity, Non-Repudiation, Availability
Moving back to an end-to-end security model
reduce the stovepipe or bootstrapped solutions in use today
Radically change the way information security is viewed and implemented within the enterprise (NAT, firewalls, creating insulation between internal assets and the rest of the world
Transition to v6 provides the best time for agencies to begin re-architecting their enterprise security solution to support end-to-end and other enhanced capabilities; the vision and plans must be developed to achieve maximum value during the initial planning stages of the transition
IPSec is considered a mandatory part of Ipv6 (ubiquitous security layer)
Node and Topology hiding (due to increased address space) mitigating scanning opportunities
Develop an Ipv6 Security Plan
Training, Policy Guidance, Vendors, Boundary security (packet filtering router configurations for v6), Traffic monitoring (sniffers)
Mobility
Mobile Ipv6 may accelerate the proliferation of handheld mobile devices and mobile networks
The key benefit of Mobile IPv6 is that even though the mobile node changes locations and addresses, the existing connections through which the mobile node is communicating are maintained. To accomplish this, connections to mobile nodes are made with a specific address that is always assigned to the mobile node, and through which the mobile node is always reachable. Mobile IPv6 provides Transport layer connection survivability when a node moves from one link to another by performing address maintenance for mobile nodes at the Internet layer. (avoids triangulation routing
like in Mobile Ipv4)
Stateless address autoconfiguration allows IPv6 hosts to configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. When first connected to a network, a host sends a link local multicast router solicitation request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters.[5]
If IPv6 stateless address autoconfiguration (SLAAC) proves unsuitable, a host can use stateful configuration (DHCPv6) or be configured manually. In particular, stateless autoconfiguration is not used by routers, these must be configured manually or by other means.
References
IETF RFC 3775 Mobility Support in IPv6
IETF RFC 3776 Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents
10. 10 Things to think about
Evaluating transition mechanisms
Architecting IPSec and IKE across your enterprise
Investigating Secure Neighbor Discovery (SEND)
Deploying DHCPv6 and DNSSEC
Designing scalable Addressing and Routing schemas
Replacing NAT functionality with v6 capabilities
NAT implementations provide:
Simple Gateway Between Internet and Private Network
Simple Security Due to Stateful Filter Implementation
User/Application Tracking
Privacy and Topology Hiding
Independent Control of Addressing in a Private Network
Global Address Pool Conservation
Ipv6 Tools that can replace NAT functionality:
Privacy Addresses (RFC 4941)
Unique Local Addresses (RFC 4193)
DHCPv6 Prefix delegation
Untraceable IPv6 Addresses
NAT implementations provide:
Simple Gateway Between Internet and Private Network
Simple Security Due to Stateful Filter Implementation
User/Application Tracking
Privacy and Topology Hiding
Independent Control of Addressing in a Private Network
Global Address Pool Conservation
Ipv6 Tools that can replace NAT functionality:
Privacy Addresses (RFC 4941)
Unique Local Addresses (RFC 4193)
DHCPv6 Prefix delegation
Untraceable IPv6 Addresses
11. 11 How to define the to-be v6 environment
Use the Enterprise Architecture Assessment Framework (v3.0)
Enterprise architecture levels
Enterprise common/shared assets; aligning resources; all stakeholders
Segment core mission areas; structure, reuse, and alignment; business owners
Solution applications/components; users and developers
Performance Improvement Lifecycle Communities
Strategic/Performance Improvement: Strategize Formulate Execute
Information Technology: Architect Invest Implement
Segment architecture maturity
Segments are subset of the overall agency architecture
Segment Types: Core Mission, Business Service, or Enterprise Service
Serve as a conduit between strategic plans and enterprise investments EAAF is about Business-led versus Technology- or Budget-driven
Leverage the enterprise architecture management practice to maximize the contribution of an agencys:
IT resources
IT investments
System development activities
PYRAMID:
Top: Focus on delivering specific capabilities to support the business process;
Middle: Focus on delivering common capabilities that can be leveraged across multiple business units;
Bottom: Required to support enterprise wide IT operations
Segment Architecture:
Core: Unique service areas defining the mission or purpose of the agency. Core mission areas are defined by the agency business model (e.g., tactical defense, air transportation, energy supply, pollution prevention and control, and emergency response).
Business Service: Common or shared business services supporting the core mission areas. Business services are defined by the agency business model and include the foundational mechanisms and back office services used to achieve the purpose of the agency (e.g., inspections and auditing, program monitoring, human resource management, and financial management).
Enterprise: Common or shared IT services supporting core mission areas and business services. Enterprise services are defined by the agency service model and include the applications and service components used to achieve the purpose of the agency (e.g., knowledge management, records management, mapping/GIS, business intelligence, and reporting).
Enterprise Services are the underlying IT support for an Agencys business (or back-office) services.
Per the definitions in the table to the right, the IT Infrastructure Segment is considered to be an Enterprise Service.
IPv6-enabled Network Services will be captured in the IT Infrastructure Segment and will support (and be shared among) Agency Core Mission Applications.
EAAF is about Business-led versus Technology- or Budget-driven
Leverage the enterprise architecture management practice to maximize the contribution of an agencys:
IT resources
IT investments
System development activities
PYRAMID:
Top: Focus on delivering specific capabilities to support the business process;
Middle: Focus on delivering common capabilities that can be leveraged across multiple business units;
Bottom: Required to support enterprise wide IT operations
Segment Architecture:
Core: Unique service areas defining the mission or purpose of the agency. Core mission areas are defined by the agency business model (e.g., tactical defense, air transportation, energy supply, pollution prevention and control, and emergency response).
Business Service: Common or shared business services supporting the core mission areas. Business services are defined by the agency business model and include the foundational mechanisms and back office services used to achieve the purpose of the agency (e.g., inspections and auditing, program monitoring, human resource management, and financial management).
Enterprise: Common or shared IT services supporting core mission areas and business services. Enterprise services are defined by the agency service model and include the applications and service components used to achieve the purpose of the agency (e.g., knowledge management, records management, mapping/GIS, business intelligence, and reporting).
Enterprise Services are the underlying IT support for an Agencys business (or back-office) services.
Per the definitions in the table to the right, the IT Infrastructure Segment is considered to be an Enterprise Service.
IPv6-enabled Network Services will be captured in the IT Infrastructure Segment and will support (and be shared among) Agency Core Mission Applications.
12. 12 IT Portfolio Alignment: Line-of-Sight SOA:
Positioning IT resources to serve agency business
Improved business agility via the sharing/ruse of infrastructure, services, information, and solutions
Flexible architecture centered on business/technology capabilities
standards-based infrastructure
Must be built into an organizations EA, IT Governance, and IT Policy Framework
Rise of the Internet (standardized use of web technologies/protocols and emergence of distributed computing platform
led to the Rise of SOA
Rationale for SOA:
Improve government responsiveness
Simplify delivery of enhanced government services (enable broader/more consistent access to information)
Contribute to more efficient government collaboration
Promote inform sharing (effective, efficient, and repeatable approaches)
Increase transparency/resilience (shared standards-based infrastructureSOA:
Positioning IT resources to serve agency business
Improved business agility via the sharing/ruse of infrastructure, services, information, and solutions
Flexible architecture centered on business/technology capabilities
standards-based infrastructure
Must be built into an organizations EA, IT Governance, and IT Policy Framework
Rise of the Internet (standardized use of web technologies/protocols and emergence of distributed computing platform
led to the Rise of SOA
Rationale for SOA:
Improve government responsiveness
Simplify delivery of enhanced government services (enable broader/more consistent access to information)
Contribute to more efficient government collaboration
Promote inform sharing (effective, efficient, and repeatable approaches)
Increase transparency/resilience (shared standards-based infrastructure
13. 13 High Level IPv6 Transition Strategy
Flexible IPv6 Transition Mechanisms: Security products located at customer premises (and in the service provider clouds) must offer 4 to 6 and 6 to 4 tunneling, as well as 4 to 6 and 6 to 4 translation
Plan for greater functionality in the future
Security Today:
enclave Level
centrally-administered
Security Between:
Enclave or node focused?
How long will there be overlap
Unique security issues can/will arise due to mixed environment
Careful planning and testing required
Security Tomorrow:
Node level
Integrate with policy-based networking
Flexible IPv6 Transition Mechanisms: Security products located at customer premises (and in the service provider clouds) must offer 4 to 6 and 6 to 4 tunneling, as well as 4 to 6 and 6 to 4 translation
Plan for greater functionality in the future
Security Today:
enclave Level
centrally-administered
Security Between:
Enclave or node focused?
How long will there be overlap
Unique security issues can/will arise due to mixed environment
Careful planning and testing required
Security Tomorrow:
Node level
Integrate with policy-based networking
14. 14 During the transition
Well dual-stack does create another sign post, but there are relatively few signs on the new one. The problem is that the new signs are effectively in another language, so while it is a shorter list the existing system can't interpret what they say.
The part I think you missed was that once IANA and the RIRs run out of space, people will sell/lease unused addresses on eBay (one block already sold there last month). Since these are undoubtedly small segments of existing aggregates, the process effectively breaks off parts of an existing sign to create a new one. The only thing that will stop this fragmentation is when the demand drops off because the price is too high. The ARIN policy discussion has some misguided perception that they will somehow control the market, but realistically people will buy and sell whatever they want, and if ARIN tries to restrain them, they will simply ignore the silliness and do what they planned from the beginning. The best that any of the RIRs can hope for is to have policies where the bar is low enough that people figure it is not worth their time to work around it.
I won't disagree with you John about scale. While every equipment vendor would be happy to keep selling ever larger routers, replacing them at an unconstrained rate to keep up with growth is not a sustainable business model for anyone.
John describes the short term that starts right after the IPv4 Free-pool is exhausted. Once the redistribution of addresses stabilizes based on market pricing, we face the bigger problem of indirection. To continue the analogy, eventually those sign posts can't be evaluated fast enough because there are just too many options, even assuming that we can build a large enough memory. At that point we end up adding a sign at the top of the post that effectively says, 'if you can't find the destination here, try the sign post over there'. Essentially a default route for the default-free-zone. While that may not sound too bad, the added delay to route through some far away root of knowledge, combined with the inevitable delay of searching a truly massive global
My personal favorite: There's not much difference between an intersection of roads and an intersection of circuits. Roads come together in places called "intersections" and circuits come together at places called routers.
At every intersection, there's a big, big signpost full of signs with arrows pointing to various cities and which road out of the intersection is the best path. These sign posts exist in the routing tables of major backbones today, and do have one sign/routing-entry for each and every destination.
(They're really, really tall signposts...) There is already a challenge getting packets though the router at faster and faster speeds, since each and every packet (like each car) must check the signpost and find its destination to know which path to take.
The good news is that a small number of signs suffices for most destinations... for example, there might be two dozen signs for a single ISP, each being a block of addresses that they received over time. A major corporation or educational organization might have a dozen or so routers for the same reason. All of these routes are actual aggregates which cover thousands of addresses.
In a world where ISP's can't get additional blocks from the RIR system, but still try to add customers to their networks, they need to find/beg/borrow addresses from elsewhere, and then route those addresses. Here's the scary part: those routes end up in every router of every major network in the Internet... i.e. effectively, these are new signs that get put on top of every signpost globally. If we need to do this often down to the street level in the world (i.e.
"ElmStreetMCCleanVirginaUS" is now being used for a new subdivision over Seattle, and now needs to be on every sign post globally), then the system collapses fairly quickly.
In routing table terms, we're seeing serious growth in the current routing table <http://tinyurl.com/299ep8> even with the current levels of hierarchy and aggregation. Again, the number one form of growth is ISP's picking up and routing a single new address block every 6 months from their RIR.
In a world where ISP's instead have to cobble together many small leftover pieces to connect the same number of new customers, then the number of new routers per month will
increase geometrically. While Tony may argue with me
about the absolute limit in routing capacity, suffice to say that even if the equipment could be built to handle 4x routes, there is very few, if any, ISP's that could afford to replace every default-free router in the backbone with one.
Well dual-stack does create another sign post, but there are relatively few signs on the new one. The problem is that the new signs are effectively in another language, so while it is a shorter list the existing system can't interpret what they say.
The part I think you missed was that once IANA and the RIRs run out of space, people will sell/lease unused addresses on eBay (one block already sold there last month). Since these are undoubtedly small segments of existing aggregates, the process effectively breaks off parts of an existing sign to create a new one. The only thing that will stop this fragmentation is when the demand drops off because the price is too high. The ARIN policy discussion has some misguided perception that they will somehow control the market, but realistically people will buy and sell whatever they want, and if ARIN tries to restrain them, they will simply ignore the silliness and do what they planned from the beginning. The best that any of the RIRs can hope for is to have policies where the bar is low enough that people figure it is not worth their time to work around it.
I won't disagree with you John about scale. While every equipment vendor would be happy to keep selling ever larger routers, replacing them at an unconstrained rate to keep up with growth is not a sustainable business model for anyone.
John describes the short term that starts right after the IPv4 Free-pool is exhausted. Once the redistribution of addresses stabilizes based on market pricing, we face the bigger problem of indirection. To continue the analogy, eventually those sign posts can't be evaluated fast enough because there are just too many options, even assuming that we can build a large enough memory. At that point we end up adding a sign at the top of the post that effectively says, 'if you can't find the destination here, try the sign post over there'. Essentially a default route for the default-free-zone. While that may not sound too bad, the added delay to route through some far away root of knowledge, combined with the inevitable delay of searching a truly massive global
My personal favorite: There's not much difference between an intersection of roads and an intersection of circuits. Roads come together in places called "intersections" and circuits come together at places called routers.
At every intersection, there's a big, big signpost full of signs with arrows pointing to various cities and which road out of the intersection is the best path. These sign posts exist in the routing tables of major backbones today, and do have one sign/routing-entry for each and every destination.
(They're really, really tall signposts...) There is already a challenge getting packets though the router at faster and faster speeds, since each and every packet (like each car) must check the signpost and find its destination to know which path to take.
The good news is that a small number of signs suffices for most destinations... for example, there might be two dozen signs for a single ISP, each being a block of addresses that they received over time. A major corporation or educational organization might have a dozen or so routers for the same reason. All of these routes are actual aggregates which cover thousands of addresses.
In a world where ISP's can't get additional blocks from the RIR system, but still try to add customers to their networks, they need to find/beg/borrow addresses from elsewhere, and then route those addresses. Here's the scary part: those routes end up in every router of every major network in the Internet... i.e. effectively, these are new signs that get put on top of every signpost globally. If we need to do this often down to the street level in the world (i.e.
"ElmStreetMCCleanVirginaUS" is now being used for a new subdivision over Seattle, and now needs to be on every sign post globally), then the system collapses fairly quickly.
In routing table terms, we're seeing serious growth in the current routing table <http://tinyurl.com/299ep8> even with the current levels of hierarchy and aggregation. Again, the number one form of growth is ISP's picking up and routing a single new address block every 6 months from their RIR.
In a world where ISP's instead have to cobble together many small leftover pieces to connect the same number of new customers, then the number of new routers per month will
increase geometrically. While Tony may argue with me
about the absolute limit in routing capacity, suffice to say that even if the equipment could be built to handle 4x routes, there is very few, if any, ISP's that could afford to replace every default-free router in the backbone with one.
15. 15 High Level IPv6 Transition Strategy
16. 16 OMB IPv6 Assessment Criteria (draft)
The assessment focuses on three capability areas of EA:
Completion of an enterprise architecture;
Use of EA to drive improved decision-making; and
Results achieved to improve the agencys program effectiveness.
3 Capability Areas addressing specific Key Performance Indicators (KPIs):
Completion:
This category measures the completion maturity of an agencys EA artifacts in terms of performance, business, data, services, and technology. The agencys baseline and target architectures are well-defined, showing traceability through all architectural layers. Using its enterprise transition plan, the agency is able to achieve its desired target state.
Use:
The agency has established the necessary management practices, processes, and policies needed for developing, maintaining and overseeing EA, and demonstrating the importance of EA awareness and the value of employing EA practices within the agency. The agency uses its EA to inform strategic planning, information resources management, IT management, and capital planning and investment control processes.
Results:
The agency is measuring the effectiveness and value of its EA activities by assigning performance measurements to its EA and related processes, and reporting on actual results from the enterprise to demonstrate EA success.
The assessment focuses on three capability areas of EA:
Completion of an enterprise architecture;
Use of EA to drive improved decision-making; and
Results achieved to improve the agencys program effectiveness.
3 Capability Areas addressing specific Key Performance Indicators (KPIs):
Completion:
This category measures the completion maturity of an agencys EA artifacts in terms of performance, business, data, services, and technology. The agencys baseline and target architectures are well-defined, showing traceability through all architectural layers. Using its enterprise transition plan, the agency is able to achieve its desired target state.
Use:
The agency has established the necessary management practices, processes, and policies needed for developing, maintaining and overseeing EA, and demonstrating the importance of EA awareness and the value of employing EA practices within the agency. The agency uses its EA to inform strategic planning, information resources management, IT management, and capital planning and investment control processes.
Results:
The agency is measuring the effectiveness and value of its EA activities by assigning performance measurements to its EA and related processes, and reporting on actual results from the enterprise to demonstrate EA success.
17. 17
18. 18 Takeaways
Wide Area Network Design Laboratory (WANDL) and OPNET
IPv6 Migration Planning:
OPNETs IPv6 Planning and Operations Module:
IPv6 readiness assessment
IPv6 migration planner
WANDL tools:
Network Planning and Analysis
Integrated Planning an Analysis
IP/MPLSView
IP Address Management (IPAM) Tool:
Numbering and tracking IP addresses
IPv6 Network Assessor Tool:
Scans Cisco routers and switches
Wide Area Network Design Laboratory (WANDL) and OPNET
IPv6 Migration Planning:
OPNETs IPv6 Planning and Operations Module:
IPv6 readiness assessment
IPv6 migration planner
WANDL tools:
Network Planning and Analysis
Integrated Planning an Analysis
IP/MPLSView
IP Address Management (IPAM) Tool:
Numbering and tracking IP addresses
IPv6 Network Assessor Tool:
Scans Cisco routers and switches
19. 19
Peter J. Tseronis, PMP
Chair, Federal IPv6 Working Group
FOR MORE INFO: Go To www.EGOV.gov > Information Policy > IPv6