Re: US DoD and IPv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

TJ wrote:
A bit before then, Thomas Narten wrote:
> There are DoD networks where IPv6 is running today,
> and there certainly are networks where it is not.

The quote above seems very precisely phrased,
and as an accidental result seems a bit misleading.

It appears to refer to the Defense Research & Engineering Network
(DREN), which is widely reported to be dual-stack IPv4 and IPv6.
[e.g. see Ron Broersma's slides from the Google IPv6 Implementer's
Workshop]

However, the trade press and other public sources consistently
indicate the DoD considers DREN to be "experimental" or "research",
rather than "operational" (at least for the DoD meaning of the
word 'operational').

One also consistently reads that the actual operational DoD backbone
(i.e. DISA's GIG-BE network) is IPv4 only, in part for security
reasons and in part for lack of any business case to do otherwise,
and that all other DoD "operational" networks are also IPv4 only.


The DoD is forbidden from running native IPv6 operationally, per the STIGs and MO guidelines.  MO1 and 2 get some IPv6 in place, in tunnels across the GIG ... MO3 will be the first step in native/operational IPv6, not even signed yet IIRC.

Part of the confusion is a terminology issue.  Within the DoD networking context, "operational" generally refers to customer base and the mission, not whether the network itself is operational.  For the DoD networks that support the "operational" military forces and functions related to that, IPv6 is not yet authorized.  The Milestone Objectives (MO's) described above apply in that context.  These networks correctly take a conservative approach, because of what's at stake.

On the other hand, the DoD research and engineering community lives on separate networks, most of which use DREN as their ISP.  This community supports Research and Development, Test and Evaluation, Modeling and Simulation, High Performance Computing, and so forth.  The network itself is absolutely operational in the sense that it is a fully functional network providing critical networking services between all of these resources.  It is not a testbed.  It is not just an experimental network.  It has SLAs like any other network.  It is a full production network environment, and it has been running IPv6 for a decade.

So, the statement "DoD is forbidden from running native IPv6 operationally" gives the wrong sense of the situation.  DREN has been running IPv6 operationally as a production service since 2003, when it was selected as the official DoD IPv6 pilot network.  Years before that DREN was operating a dedicated wide area IPv6 testbed.  There are enterprises (customers) on DREN where everything is 100% dual stack (ever server, every client, etc.).  I think you'll find that parts of DREN and its customer base have been very aggressive in rolling out IPv6 wherever possible, and sharing lessons learned at every opportunity, and pressing vendors to eat their own dogfood and to deliver feature parity, and pushing for national policy to incentivize IPv6-enabling all public facing services, etc.

I hope that helps to clarify some of the discussion here.

Regards,

--Ron
(Ron Broersma, DREN Chief Engineer)






<<attachment: smime.p7s>>

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]