Over the last decade, many governments and organizations disregarded warnings that the Internet’s 4.3 billion IP addresses were running out. Tunneling, network address translation and classless routing staved off the effects of address depletion, but security grew ever shakier.

The Defense Department, however, saw early on that moving from the 1981-era IP Version 4 to the more secure and capacious Version 6 would be necessary to build out the Global Information Grid and Future Combat Systems. FCS relies on new types of IP devices for on-the-move collaboration.

As DOD sees it, IPv6 will enable:

• Vast IP address space: 3.4 times 10 to the thirty-eighth power, or trillions of addresses per ­war-fighter
• Ubiquitous, scalable networking
• Globally routed addresses
• 128-bit headers with 64 bits for a network identification and 64 bits for a host ID
• Quality-of-service assurance across networks
• Easier multicasting to ad hoc groupings of personnel
• End-to-end security instead of dependence on protection at either end.

By 2003, DOD had committed to the new protocol departmentwide, mandating that all new defense systems be IPv6-capable. Two years later, the Office of Management and Budget set a June 2008 deadline for putting IPv6 on all government network backbones.

“We’ve made considerable progress getting our arms around the specific implementation schedules,” says Kris Strance, senior analyst for architecture and interoperability in the DOD CIO’s office. “For the last six to eight months, we’ve been transitioning the core networks.”

The Defense Information Systems Agency expects the military services’ major networks and programs and the Non-Classified IP Router Network to be compliant by the OMB deadline.

The Secret IP Router Network for command and control will take somewhat longer, depending on “the availability of a high-assurance IP encryptor,” Strance says. “HAIPE devices aren’t yet being produced [in quantity], but we expect a sufficient number in 2009 and 2010 for IPv6 on the SIPRnet.”

As the GIG takes shape, growing from the inside out, “we’ll have V6 as a service offering, similar to what an Internet service provider does,” Strance says. “Folks who connect via the GIG will have V6 on the NIPRnet in 2008 and on the SIPRnet around 2010.”

Following the June release of the next version of Defense’s IPv6 transition plan, DOD components will begin reporting how much of the changeover they expect to finish by fiscal 2008, says Tom McCrickard, chief of the V6 transition office at the Defense Information Systems Agency.

“V6 is critical to achieving the net-centric operations objective, but it’s challenging from several perspectives,” McCrickard says. For one, the transition “must not noticeably impact everyday operations, and it must be well synchronized across all DOD components.” Because of that complexity and scope, “it will likely span many calendar years.”

After DOD agencies have said how much of the transition they can finish by the 2008 timeframe, they must provide an implementation schedule for programs and networks beyond that.

McCrickard says he believes V6 will advance Defense’s goal of “fully networking every soldier, sailor, Marine and airman, as well as every manned and unmanned military vehicle.”

Other V6 advantages DISA anticipates:

• Tracking and managing logistics more cost-effectively
• Improving tactical mobility and ad hoc networking with secure, end-to-end authentication
• Getting known quality of service levels for priority and real-time traffic
• Improving network management and operations.

Although the initial transition planning has focused on the core networking infrastructure, “we recognize the need to develop application plans in parallel,” McCrickard says. To that end, his office will coordinate the implementation schedules for major programs with the military services’ individual transition offices, he says.

“Folks who connect via the GIG will have V6 on the NIPRnet in 2008 and on the SIPRnet around 2010.” —DOD’s Kris Strance

From Peter …
Unlike the year 2000 systems changeover, IPv6 has no transition budget, Strance notes. The main similarity to Y2K is that “IPv6 touches all of IT. It’s a very large effort but without the dollars associated with Y2K, and there’s no date-certain as with Y2K. What we’re employing is a technology refreshment strategy. The original policy date in 2003 used 2008

Rick Steele
Pv6 will advance DOD’s goal of “fully networking every soldier, sailor, Marine and airman, as well as every manned and unmanned military vehicle,” DISA’s Tom McCrickard says.

as the transition time, based on a five-year technology refreshment schedule, and it’s all [coming] out of tech refresh dollars.”

Strance acknowledges that, in addition to new hardware, there is a cost for the DOD V6 transition office and for planning and training, “but it’s relatively minor.” The military services themselves also have set up offices to coordinate the transition; “otherwise there’s no specific money,” he says.

Tom Patterson, chief executive officer of Command Information Inc. of Herndon, Va., is one of the vendors helping DOD get ready for the new protocol. “It’s a fundamental change low down in the network that you can’t learn from a book,” he says. “The first step from IPv4 to V6 is to take a big inventory, and that’s easier said than done.” The relatively recent inventories made for Y2K, however, “are very helpful. Practically all government agencies, including DOD, have submitted transition plans” to OMB and understand where they are heading, he says.

“After taking the snapshot of the current status, you have to make a gap analysis,” Patterson says. As for the gaps, “a lot of what we have today will still work with V6: the networking software, routers acquired in the last three years and so on. What things won’t? You have to inventory and map them.”

Infrastructure hardware such as a router has a longer lifecycle than, say, a notebook PC—perhaps five to 10 years on average. “It’s still the early days for IPv6 hardware,” he says.

Besides fulfilling the 2003 mandate for IPv6, DOD expects a good return on its investment. “The Commerce Department has estimated the overall ROI at 10:1,” Patterson says. Returns, according to the National Telecommunications and Information Administration, will accrue from factors such as easier communications, greater mobility and improved competitiveness.

At DOD, Patterson says, “the cost savings won’t come so much from the exotic aspects of warfare—unmanned aerial vehicles and so on—as from the bureaucratic side. DOD has a high need for information security and spends lots of money on secure components.”

Those components now are moving around more—for example, the notebook PCs heavily used by forces in Afghanistan and Iraq—and it’s “extraordinarily difficult to maintain security on the move,” Patterson says. “In the B ring of the Pentagon, a notebook user has complex, costly, super-high encryption. When that notebook travels to a building in Crystal City, it needs the same security without having to be wired to a specific spot. There’s a lot of cost savings from the security of IPv6. Mobile users won’t have to do anything more to maintain security,” such as constantly scanning and updating virus signatures.

Current Linux, Unix and Mac OS operating systems already support IPv6, as do Cisco Systems Inc.’s IOS and Juniper Networks Inc.’s JunOS for backbone routers. “There’s nothing more for DOD to buy for Unix and Linux,” Patterson says, “just some operating changes. Windows XP can do IPv6, but it’s complicated and no one uses it.” The forthcoming Microsoft Vista and Longhorn OSes will default to IPv6, he adds, and the change “will be a big logistical job, as DOD is the largest IT buyer. But DOD and Microsoft have done this kind of thing several times before.”

Returns on Horizon
DOD’s Strance concurs. “There’s no timeline for replacing Windows OSes with Vista” throughout the department, he says, although with IPv6 enabled out of the box, the new OSes “will have the intelligence to look at an IP address and use IPv4” if necessary.

After its long run-up to IPv6, DOD is “ready to do its mission better,” Command Information’s Patterson says. What he calls the “Evolv6” process leads from readiness assessment through gap analysis, to re-architecting some operations, and finally implementing IPv6 for specific missions.

“The larger, 20-year systems lifecycles already build in V6. Applications will be the first thing to change,” he predicts, “because current applications have to be extended to take advantage of IPv6. The returns will come very shortly, as soon as this year.”

What about IPv6 and telecom carriers? To find out, go to www.defensesystems.com and enter 118 in the Quickfind search box.

purchase reprint

link to this page