[lacnog] Fwd: Re: US DoD and IPv6

[Fernando Gont]

Estimados,

Recientemente habiamos tenido una conversacion sobre el DoD e IPv6. Les
reenvio un mail posteado a ietf en ietf.org, sobre este tema. -- Pueden
consultar el archivo de la lista de la ietf@ para ver el thread completo.

Saludos,
Fernando




-------- Original Message --------
Subject: 	Re: US DoD and IPv6
Date: 	Fri, 1 Oct 2010 09:19:00 -0700
From: 	Ron Broersma <ron en spawar.navy.mil>
To: 	trejrco en gmail.com
CC: 	ietf en ietf.org



TJ wrote:
>
>     A bit before then, Thomas Narten wrote:
>     > There are DoD networks where IPv6 is running today,
>     > and there certainly are networks where it is not.
>
>     The quote above seems very precisely phrased,
>     and as an accidental result seems a bit misleading.
>
>     It appears to refer to the Defense Research & Engineering Network
>     (DREN), which is widely reported to be dual-stack IPv4 and IPv6.
>     [e.g. see Ron Broersma's slides from the Google IPv6 Implementer's
>     Workshop]
>
>     However, the trade press and other public sources consistently
>     indicate the DoD considers DREN to be "experimental" or "research",
>     rather than "operational" (at least for the DoD meaning of the
>     word 'operational').
>
>     One also consistently reads that the actual operational DoD backbone
>     (i.e. DISA's GIG-BE network) is IPv4 only, in part for security
>     reasons and in part for lack of any business case to do otherwise,
>     and that all other DoD "operational" networks are also IPv4 only.
>
>
> The DoD is forbidden from running native IPv6 operationally, per the
> STIGs and MO guidelines.  MO1 and 2 get some IPv6 in place, in tunnels
> across the GIG ... MO3 will be the first step in native/operational
> IPv6, not even signed yet IIRC.

Part of the confusion is a terminology issue.  Within the DoD networking
context, "operational" generally refers to customer base and the
mission, not whether the network itself is operational.  For the DoD
networks that support the "operational" military forces and functions
related to that, IPv6 is not yet authorized.  The Milestone Objectives
(MO's) described above apply in that context.  These networks correctly
take a conservative approach, because of what's at stake.

On the other hand, the DoD research and engineering community lives on
separate networks, most of which use DREN as their ISP.  This community
supports Research and Development, Test and Evaluation, Modeling and
Simulation, High Performance Computing, and so forth.  The network
itself is absolutely operational in the sense that it is a fully
functional network providing critical networking services between all of
these resources.  It is not a testbed.  It is not just an experimental
network.  It has SLAs like any other network.  It is a full production
network environment, and it has been running IPv6 for a decade.

So, the statement "DoD is forbidden from running native IPv6
operationally" gives the wrong sense of the situation.  DREN has been
running IPv6 operationally as a production service since 2003, when it
was selected as the official DoD IPv6 pilot network.  Years before that
DREN was operating a dedicated wide area IPv6 testbed.  There are
enterprises (customers) on DREN where everything is 100% dual stack
(ever server, every client, etc.).  I think you'll find that parts of
DREN and its customer base have been very aggressive in rolling out IPv6
wherever possible, and sharing lessons learned at every opportunity, and
pressing vendors to eat their own dogfood and to deliver feature parity,
and pushing for national policy to incentivize IPv6-enabling all public
facing services, etc.

I hope that helps to clarify some of the discussion here.

Regards,

--Ron
(Ron Broersma, DREN Chief Engineer)