[lacnog] Fwd: Re: US DoD and IPv6
Arturo Servin
aservin en lacnic.net
Sab Oct 2 14:02:24 BRT 2010
Interesante caso. Creo que el DoD no será el único. Puedo imaginar muchas redes de bancos que se quedarán en IPv4 por algún tiempo, de esa forma creo que veremos muchos equipos NAT o translación IP4<-->IPv6 para la intercomunicación de ambos mundos.
Sin embargo no hay que generalizar, no todo mundo tiene las mismas ventajas y necesidades que el DoD o los bancos (redes que no están creciendo, tienen stock de IPv4 y generalmente aisladas del Internet o con acceso restringido), principalmente SP y proveedores de contenido tienen otras necesidades. Ellos si está creciendo y la migración a IPv6 debe ser tomada como prioritaria. Para otros grandes end-users (ej. universidades, corporaciones) si el crecimiento no es "issue" si lo será la interconexión con el mundo IPv6 (los futuros usuarios domésticos y móviles). Y a pesar que algún tipo de NAT puede ofrecer una solución no será la óptima (sin embargo para el DoD y similares estás desventajas incluso pueden ser vistas como ventajas).
Saludos,
-asn
On 2 Oct 2010, at 09:22, Fernando Gont wrote:
> Estimados,
>
> Recientemente habiamos tenido una conversacion sobre el DoD e IPv6. Les
> reenvio un mail posteado a ietf en ietf.org, sobre este tema. -- Pueden
> consultar el archivo de la lista de la ietf@ para ver el thread completo.
>
> Saludos,
> Fernando
>
>
>
>
> -------- Original Message --------
> Subject: Re: US DoD and IPv6
> Date: Fri, 1 Oct 2010 09:19:00 -0700
> From: Ron Broersma <ron en spawar.navy.mil>
> To: trejrco en gmail.com
> CC: ietf en ietf.org
>
>
>
> TJ wrote:
>>
>> A bit before then, Thomas Narten wrote:
>>> There are DoD networks where IPv6 is running today,
>>> and there certainly are networks where it is not.
>>
>> The quote above seems very precisely phrased,
>> and as an accidental result seems a bit misleading.
>>
>> It appears to refer to the Defense Research & Engineering Network
>> (DREN), which is widely reported to be dual-stack IPv4 and IPv6.
>> [e.g. see Ron Broersma's slides from the Google IPv6 Implementer's
>> Workshop]
>>
>> However, the trade press and other public sources consistently
>> indicate the DoD considers DREN to be "experimental" or "research",
>> rather than "operational" (at least for the DoD meaning of the
>> word 'operational').
>>
>> One also consistently reads that the actual operational DoD backbone
>> (i.e. DISA's GIG-BE network) is IPv4 only, in part for security
>> reasons and in part for lack of any business case to do otherwise,
>> and that all other DoD "operational" networks are also IPv4 only.
>>
>>
>> The DoD is forbidden from running native IPv6 operationally, per the
>> STIGs and MO guidelines. MO1 and 2 get some IPv6 in place, in tunnels
>> across the GIG ... MO3 will be the first step in native/operational
>> IPv6, not even signed yet IIRC.
>
> Part of the confusion is a terminology issue. Within the DoD networking
> context, "operational" generally refers to customer base and the
> mission, not whether the network itself is operational. For the DoD
> networks that support the "operational" military forces and functions
> related to that, IPv6 is not yet authorized. The Milestone Objectives
> (MO's) described above apply in that context. These networks correctly
> take a conservative approach, because of what's at stake.
>
> On the other hand, the DoD research and engineering community lives on
> separate networks, most of which use DREN as their ISP. This community
> supports Research and Development, Test and Evaluation, Modeling and
> Simulation, High Performance Computing, and so forth. The network
> itself is absolutely operational in the sense that it is a fully
> functional network providing critical networking services between all of
> these resources. It is not a testbed. It is not just an experimental
> network. It has SLAs like any other network. It is a full production
> network environment, and it has been running IPv6 for a decade.
>
> So, the statement "DoD is forbidden from running native IPv6
> operationally" gives the wrong sense of the situation. DREN has been
> running IPv6 operationally as a production service since 2003, when it
> was selected as the official DoD IPv6 pilot network. Years before that
> DREN was operating a dedicated wide area IPv6 testbed. There are
> enterprises (customers) on DREN where everything is 100% dual stack
> (ever server, every client, etc.). I think you'll find that parts of
> DREN and its customer base have been very aggressive in rolling out IPv6
> wherever possible, and sharing lessons learned at every opportunity, and
> pressing vendors to eat their own dogfood and to deliver feature parity,
> and pushing for national policy to incentivize IPv6-enabling all public
> facing services, etc.
>
> I hope that helps to clarify some of the discussion here.
>
> Regards,
>
> --Ron
> (Ron Broersma, DREN Chief Engineer)
>
>
>
>
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
Más información sobre la lista de distribución LACNOG