ietf
[Top] [All Lists]

Re: US DoD and IPv6

2010-10-01 11:19:31
TJ wrote:
A bit before then, Thomas Narten wrote:
There are DoD networks where IPv6 is running today,
and there certainly are networks where it is not.

The quote above seems very precisely phrased,
and as an accidental result seems a bit misleading.

It appears to refer to the Defense Research & Engineering Network
(DREN), which is widely reported to be dual-stack IPv4 and IPv6.
[e.g. see Ron Broersma's slides from the Google IPv6 Implementer's
Workshop]

However, the trade press and other public sources consistently
indicate the DoD considers DREN to be "experimental" or "research",
rather than "operational" (at least for the DoD meaning of the
word 'operational').

One also consistently reads that the actual operational DoD backbone
(i.e. DISA's GIG-BE network) is IPv4 only, in part for security
reasons and in part for lack of any business case to do otherwise,
and that all other DoD "operational" networks are also IPv4 only.


The DoD is forbidden from running native IPv6 operationally, per the STIGs 
and MO guidelines.  MO1 and 2 get some IPv6 in place, in tunnels across the 
GIG ... MO3 will be the first step in native/operational IPv6, not even 
signed yet IIRC.

Part of the confusion is a terminology issue.  Within the DoD networking 
context, "operational" generally refers to customer base and the mission, not 
whether the network itself is operational.  For the DoD networks that support 
the "operational" military forces and functions related to that, IPv6 is not 
yet authorized.  The Milestone Objectives (MO's) described above apply in that 
context.  These networks correctly take a conservative approach, because of 
what's at stake.

On the other hand, the DoD research and engineering community lives on separate 
networks, most of which use DREN as their ISP.  This community supports 
Research and Development, Test and Evaluation, Modeling and Simulation, High 
Performance Computing, and so forth.  The network itself is absolutely 
operational in the sense that it is a fully functional network providing 
critical networking services between all of these resources.  It is not a 
testbed.  It is not just an experimental network.  It has SLAs like any other 
network.  It is a full production network environment, and it has been running 
IPv6 for a decade.

So, the statement "DoD is forbidden from running native IPv6 operationally" 
gives the wrong sense of the situation.  DREN has been running IPv6 
operationally as a production service since 2003, when it was selected as the 
official DoD IPv6 pilot network.  Years before that DREN was operating a 
dedicated wide area IPv6 testbed.  There are enterprises (customers) on DREN 
where everything is 100% dual stack (ever server, every client, etc.).  I think 
you'll find that parts of DREN and its customer base have been very aggressive 
in rolling out IPv6 wherever possible, and sharing lessons learned at every 
opportunity, and pressing vendors to eat their own dogfood and to deliver 
feature parity, and pushing for national policy to incentivize IPv6-enabling 
all public facing services, etc.

I hope that helps to clarify some of the discussion here.

Regards,

--Ron
(Ron Broersma, DREN Chief Engineer)






Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>