TJ wrote:
A bit before then, Thomas Narten wrote:
There are DoD networks where IPv6 is running today,
and there certainly are networks where it is not.
The quote above seems very precisely phrased,
and as an accidental result seems a bit misleading.
It appears to refer to the Defense Research & Engineering Network
(DREN), which is widely reported to be dual-stack IPv4 and IPv6.
[e.g. see Ron Broersma's slides from the Google IPv6 Implementer's
Workshop]
However, the trade press and other public sources consistently
indicate the DoD considers DREN to be "experimental" or "research",
rather than "operational" (at least for the DoD meaning of the
word 'operational').
One also consistently reads that the actual operational DoD backbone
(i.e. DISA's GIG-BE network) is IPv4 only, in part for security
reasons and in part for lack of any business case to do otherwise,
and that all other DoD "operational" networks are also IPv4 only.
The DoD is forbidden from running native IPv6 operationally, per the STIGs
and MO guidelines. MO1 and 2 get some IPv6 in place, in tunnels across the
GIG ... MO3 will be the first step in native/operational IPv6, not even
signed yet IIRC.
Part of the confusion is a terminology issue. Within the DoD networking
context, "operational" generally refers to customer base and the mission, not
whether the network itself is operational. For the DoD networks that support
the "operational" military forces and functions related to that, IPv6 is not
yet authorized. The Milestone Objectives (MO's) described above apply in that
context. These networks correctly take a conservative approach, because of
what's at stake.
On the other hand, the DoD research and engineering community lives on separate
networks, most of which use DREN as their ISP. This community supports
Research and Development, Test and Evaluation, Modeling and Simulation, High
Performance Computing, and so forth. The network itself is absolutely
operational in the sense that it is a fully functional network providing
critical networking services between all of these resources. It is not a
testbed. It is not just an experimental network. It has SLAs like any other
network. It is a full production network environment, and it has been running
IPv6 for a decade.
So, the statement "DoD is forbidden from running native IPv6 operationally"
gives the wrong sense of the situation. DREN has been running IPv6
operationally as a production service since 2003, when it was selected as the
official DoD IPv6 pilot network. Years before that DREN was operating a
dedicated wide area IPv6 testbed. There are enterprises (customers) on DREN
where everything is 100% dual stack (ever server, every client, etc.). I think
you'll find that parts of DREN and its customer base have been very aggressive
in rolling out IPv6 wherever possible, and sharing lessons learned at every
opportunity, and pressing vendors to eat their own dogfood and to deliver
feature parity, and pushing for national policy to incentivize IPv6-enabling
all public facing services, etc.
I hope that helps to clarify some of the discussion here.
Regards,
--Ron
(Ron Broersma, DREN Chief Engineer)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf