1 / 26

IPv6 Transition Planning: Recommendations to Facilitate Transition & Minimize Risk (Draft)

IPv6 Transition Planning: Recommendations to Facilitate Transition & Minimize Risk (Draft). Enterprise Architecture Shared Interest Group Dr. Walt Grabowski, SI-International, Inc. Dr. Jay Bashir, SI-International, Inc. Mr. Tom Kopko, Global Crossing, Ltd. October 20, 2005.

sonnya
Télécharger la présentation

IPv6 Transition Planning: Recommendations to Facilitate Transition & Minimize Risk (Draft)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 Transition Planning:Recommendations to Facilitate Transition & Minimize Risk(Draft) Enterprise Architecture Shared Interest Group Dr. Walt Grabowski, SI-International, Inc. Dr. Jay Bashir, SI-International, Inc. Mr. Tom Kopko, Global Crossing, Ltd. October 20, 2005 This briefing summarizes a white paper with the same title and authors. The paper is in review; it has not been released by ACT/IAC.

  2. Purpose • Provide initial input to CIO Council Architecture & Infrastructure Committee - developing IPv6 transition guidance for agencies • Identify & summarize (some) key planning elements for transition from IPv4 to IPv6 • Paper delivery driven by OMB request of CIO Council AIC • First of planned series from IAC SIGs

  3. Framework • OMB M-5-22 sets schedule for planning, reporting & first steps in Federal Government transition from IPv4 to IPv6 • IPv6 transition represents an encompassing technology issue, similar in scope to Y2K, but not a remediation or time bound • Action is required to prevent bad things from happening as the result of unplanned transitions – transition could turn into remediation. • IPv6 transition is a transition – not simply a technology insertion • Expect IPv6 to be treated, at least initially, as an infrastructure change vs. a new-service enabler • Take advantage of DoD experience • The Government will be the leader in US enterprise transition

  4. Establish agency IPv6 Transition Office Establish agency transition strategy Recognize scope of impact Take a phased approach Utilize the Enterprise Architecture Estimate and deal with the costs Formalize management of transition risk Develop Info Sec policy & requirements targeted to implementation strategy and events Rigorously maintain network & application configuration data Manage the acquisition of IPv6 capability now Integrate agency testing Develop and maintain an IPv6 communications plan Establish IPv6 addressing requirements & allocation plan Start training now Update transition plans as part of EA submission cycle Establish a Federal information sharing/knowledge management system Produce a Government-wide IPv6 address request and a addressing plan Consider a Federal Government IPv6 Transition Office Summary Recommendations

  5. Establish agency IPv6 Transition Office • Identify core team of key stakeholders to form IPv6 Transition Office (ITO) • Include enterprise architects, program managers, operations, finance, human resources & security • ITO develops & manages agency transition • ITO provides planning, coordination, engineering, security, implementation guidance, & assistance • Agency lead manages

  6. Establish agency transition strategy • Establish & promulgate the agency’s transition strategy • Strategy as overall framework for more detailed planning • E.g., DoD’s M01, M02, M03 strategy • Identify major milestones - align planning & guidance products with them • Align transition plans for specific systems to overall strategy – ensures that necessary planning, guidance and testing is in place • OMB’s 2008 directive is a first strategic step

  7. Recognize scope of impact Reference Model • Reference Model with distinct layers - logical construct! • Numerous IP-aware applications • Hard-coded IPv4 addresses in applications (especially legacy mainframe) & network monitoring - will be difficult to identify • Firewalls, Intrusion Detection Systems, Encryption Systems impacted • NAT can be removed – key is individual platform security • Address & DNS management are critical • Applications will require upgrade (e.g., Microsoft Windows, Explorer) TCP UDP IP Ethernet ATM SONET UTP

  8. Take a phased approach • Identify individual systems & components for transition based on current sequencing plans • Identify necessary conversion mechanisms (dual-stack, translation, tunneling) • Plan transition recognizing relationships between components - IPv6 is not backwards compatible! • Overall • Focus first on incorporating IPv6 with little or no change in the services the infrastructure provides – like-for-like • Then incorporate IPv6 enhanced features

  9. Utilize the Enterprise Architecture • EA’s intended to facilitate: • Better planning • Improved Communications • Management of Complex Environments • Consistent insertion of strategic technologies into the enterprise • Support the CPIC process • Achieve economies of scale • Expedite integration of legacy, migration & new systems • IPv6 transition is large scale EA application (FEA Performance Management, Presentation to the Performance Management Group (PMG), Mr. Dick Burk, April 13, 2005)

  10. Estimate & deal with the costs • OMB has directed that agencies should • Rely on technology-refresh & existing system-insertion plans • Assume no new transition funds will be available • There will be costs - planning, managing, testing, non-planned hardware & software upgrades, dual-stack operations, training, etc. • With no new funds, revisions to timelines & plans will be required • Costs should emerge with impact analyses and transition planning • No rules-of-thumb appear available

  11. Formalize management of transition risk • OMB identified 18 possible risk elements • Key risk areas include: • Schedule & dependencies • Inventory accuracy (configuration management) • Security, especially with introduction of new systems • Dual-mode IPv4/IPv6 operations that could stress system capacity • Trouble shooting in a dual-mode environment • Compatibility between different vendor implementations of IPv6 • Trained personnel availability • Cost • Set up a formalized risk identification, management & mitigation process • Function of ITO

  12. Develop Info Sec policy/requirements targeted to implementation strategy and events • Develop IPv6 Information Security (IS) Plan • Facilitate insertion of IPv6 while maintaining security posture • Single guidance reference that provides process & necessary approvals for deploying IPv6 • Identifies IS roles & responsibilities, defines IS policy, coordination requirements, incorporates or references agency IS directives and guidance • Identifies IS procedures and methods used for testing, analysis and documentation • Plan could be issued in volumes consistent with transition strategy (DoD example) • Plan volumes must be developed, approved & promulgated prior to implementations • Agency CISO responsible in collaboration with transition office

  13. Rigorously maintain network & application configuration data • Transition will be a long-term evolution involving much of an agency’s IT infrastructure • Accurate inventory now will support planning and cost analyses • Configuration Management to successful transition events

  14. Manage the acquisition of IPv6 capability now • Minimize downstream transition $’s - ensure that products & systems being acquired now are capable of operating in IPv6 environment. • Products will also likely be required to operate in IPv4 environments • Products - IP hardware, software, storage solutions, printers, etc. • Define “IPv6 capable” – NIST? • “IPv6 capable” vs. “interoperable” - Compatibility will likely be challenge in near term.

  15. Integrate agency testing • Comprehensive testing required to ensure functionality & interoperability • Testing of • Hardware Products • Carrier Services • Dual-stack operations • Applications • Security • Advanced features • Testing proceeds from components, test beds, pilots & field trials • Measures of Performance must be defined (e.g., latency, QoS, FCAPS) • Utilize agency combined resources to minimize expense & time and maximize gained experience • Establish agency testing coordination under ITO

  16. Develop & maintain an IPv6 communications plan • Impact of IPv6 to the agency will be significant • Infrastructure will be impacted • New services will be enabled • Agencies should communicate overall plan to stakeholders • key dates, expected impacts, critical events, etc. • Agencies should maintain communications as plan evolves • Highlight successes • Function of ITO

  17. Establish IPv6 addressing requirements and addressing plan • IPv6 addressing requirements will be very different from IPv4 • More addresses due to removal of NAT • More addresses associated with new IP-aware devices (e.g., sensors supporting RFID) • IPv6 addresses represent green-field opportunity • Simplify routing via aggregation • Enhance QoS, etc. • Agencies should begin now to • Estimate address space needs • Request appropriate IPv6 address space • Develop IPv6 addressing plan • Request process (from ARIN) is rigorous requiring justifications, rationale, etc. • Addressing plan is important to achieve performance benefits of the technology

  18. Start training now • Orderly transition requires workforce appropriately trained in the new protocol & its implementation within the agency. • Training will be required for • Architects • Program Managers • Operations & Maintenance • Acquisition • Security • ITO monitor & coordinate

  19. Update Transition Plans as part of EA submission cycle • Transition planning & management will continue over some number of years (a decade?) • Focus of transition planning will likely shift from network transport up-stack to applications • Legacy (IPv4-based) applications will likely remain in place well after the underlying network is operating at IPv6 • Overall sequencing plans & target architectures will evolve due to forces that have nothing to do with IP • Transition plan will require updates & revisions for the life of transition

  20. Establish a Federal info sharing/knowledge management system • Government (AIC?) should establish a shared knowledge management system • Access via a government IPv6 transition web portal • Provide • Project summaries • Status information • Best practices • MOPs • Test results • Security guidance • Policy information • Risk mitigation strategies • Hardware & software analyses • Provide access to information already developed by DoD transition effort • Especially valuable to agencies with limited IT resources

  21. Produce a Government-wide IPv6 address request and addressing plan • Development of IPv6 address request is rigorous process • Could produce significantly sub-optimal results if done at agency level • Resource-limited agencies may have difficulty • Government-wide scheme would be an element of FEA • Responsibility – GSA?

  22. Consider a Federal Government IPv6 Transition Office • A Government-wide IPv6 transition office would provide infrastructure to support execution of Government transition policy • Transition office would: • Develop & manage the IPv6 knowledge management system • Maintain the IPv6 portal • Establish government-wide transition guidance including IS • Provide testing resources • Monitor progress • Highlight/document success stories & best practices • Produce & submit the IPv6 address request & addressing plan • Budget TBD • Reporting Structure TBD

  23. Background

  24. Summary Schedule per OMB-05-22

  25. Where does Internet Protocol (IP) fit? Reference Model • Layer 3 Protocol – Network Layer • Responsible for … • Addressing - identification • Routing - directing datagrams from one network to another • Internetworking • Characteristics … • “Connectionless” • Interoperability of Converged Services (voice, video, data) • Global Many-to-Many Connectivity • Multicast Capabilities TCP UDP IPv4 Ethernet ATM SONET UTP

  26. IPv6 Features & Benefits

More Related