1 / 14

US Labs IPv6 Planning & Deployment Status

US Labs IPv6 Planning & Deployment Status. Phil DeMar Oct. 4, 2012. USG OMB IPv6 “Mandates” for 2012 & 2014. Public-facing services to support IPv6 by Sept 30, 2012 For US Dept of Energy (DOE), this means email, DNS, & web services

lita
Download Presentation

US Labs IPv6 Planning & Deployment Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. US Labs IPv6 Planning & Deployment Status Phil DeMar Oct. 4, 2012

  2. USG OMB IPv6 “Mandates” for 2012 & 2014 • Public-facing services to support IPv6 by Sept 30, 2012 • For US Dept of Energy (DOE), this means email, DNS, & web services • “Public-facing” interpreted as “intended for the general public” • Internal client systems to support IPv6 by Sept 30, 2014 • Essentially, this means all desktops • No IPv6 transition mandate for all USG systems • Mandate targeted at public services & clients using public services • Scientific computing systems are not within scope • “Mandate” lacks enforcement element • NIST dashboard measures agency compliance • But nothing happens to the non-compliant

  3. US DOE IPv6 Transition Planning • DOE has transition team coordinating IPv6 milestone compliance across the Department • Size of DOE dictates a decentralized approach • DOE National Labs are not part of DOE IPv6 transition planning scope: • Labs aren’t bound to OMB mandates • Per current interpretation… • But are encouraged to support IPv6, consistent with mission requirements & resources • DOE participates in Federal (USG) IPv6 Task Force • A post-9/30/2012 progress report is expected • Not clear if current interpretation of OMB mandate might change

  4. DOE Transition TF – recent report (9/30/12)

  5. Deployment of IPv6 at Labs • Labs are implementing IPv6 independently: • Availability of effort is largest issue holding up progress • Several Labs have stopped/paused IPv6 deployment entirely • Most are moving forward, at least with the OMB 2012 milestones • So far, there have been no reported requirements or requests from experiments or collaborations for IPv6

  6. Recent Lab Survey on 2012 IPv6 Milestone Status: • 8 sites say they’ll meet OMB milestones by end of year • Other extreme: 3 are not putting effort into IPv6 now • DNS status slightly deceiving: • A number are ESnet-supported secondary servers

  7. IPv6 Status Monitoring Dashboards • NIST runs “official” Fed. Deployment IPv6 dashboard: • If you’re not green, you’re red… • Most, but not all Labs in the .gov domain are listed http://fedv6-deployment.antd.nist.gov/cgi-bin/generate-gov • ESnet now has a site IPv6 deployment dashboard • Green or gray, no red • ESnet-only IPv6 DNS support is “light” green http://my.es.net/sites/ipv6

  8. Likeliest Next IPv6 Steps for Labs • Start focusing on internal IPv6 client deployment issues • Lab directions driven more by site self-interest than OMB directive • Most sites classified their client IPv6 planning as “investigating impact” • Likeliest ESCC course of action will be to target specific common IPv6 technology areas: • Auto-configuration & neighbor discovery • Tunneling capabilities & controls • Dual stack (IPv4/IPv6) issues • Unique Local Addresses (ULAs) • Managing & maintaining control over IPv6 likely to be strongest motivation

  9. US Tier-1 IPv6 Deployment Status(FNAL & BNL)

  10. FNAL IPv6 Deployment Status • Currently IPv6 deployment: • DNS & Email support IPv6; central web will in ~2 weeks • Using Infoblox for IPAM • Small test bed with wide area connectivity • FermiCloud cluster attached to IPv6 test bed • Provision for rolling development systems into test bed • Separate address space (PA) • Internal IPv6 work group to develop structured IPv6 plans • Includes networking, security, system & application support • Addressing & routing plans drafted & vetted • Next steps in IPv6 deployment: • Use Computing Div. LAN as development environment for IPv6 client system support

  11. IPv6 in FNAL Core Network Backup Border Router IPv6 Test Bed Computing Div LAN (slaac) Computer Security subnets Central Services (web, email)

  12. FNAL

  13. BNL IPv6 Deployment Status • Expect to satisfy OMB 2012 milestones by end of year: • COTS IPAM solution in process of being implemented to provide DNS IPv6 capability • External interfaces of Ironports hosting mail daemons IPv6-capable • Public web servers migrated behind squid proxies w/IPv6 capable external interface • Working group established to address OMB 2014 requirements for IPv6 compatibility of internal clients/apps • Under umbrella of BNL Cyber Security Advisory Council

  14. ? Questions

More Related