IPv6 Marches Forward

Internet Protocol Version 6, long dormant in the United States except for limited corporate and enterprise use, got a jump start in June when the U.S. Department of Defense (DoD) announced that it would no longer buy network hardware that doesn’t support it.

The DoD’s decision to migrate its entire communications network to IPv6 equipment by 2008 is the strongest indication yet that the protocol is on its way to broad implementation in the United States.

“ Ten years ago, people would say that all the world’s problems will be fixed by IPv6 within two years,” says Dan Freedman, CEO of Jasomi Networks. “The reality is getting a lot closer now.”

DoD Wants Security, QoS

The DoD wants IPv6 for more efficient IP address management, better security and improved quality of service (QoS).

But switching to IPv6 won’t be a smooth process due to several reasons. The new addressing scheme is longer than that in IPv4, so engineers who install IPv6 will have to reformat routers to accommodate the longer address strings. Packet headers will also contain more information than under the present addressing regime. And with the various ways of defining QoS, interoperability issues continue to pop up.

There are other glitches to iron out in the IPv6 world. Cellular networks, for instance, are used to handling data transmissions over IPv4; larger packet headers in IPv6 cause problems for cell sites as they try to read data packets and hand them off. Network address translation (NAT)—used in enterprise networks to expand the number of addresses behind a corporate firewall—is supposed to become obsolete because of the virtually unlimited number of available IPv6 addresses. But NAT apparently isn’t going to become obsolete as advertised, ensuring that VoIP calls will be interrupted on IPv6 networks just as they are on IPv4 networks. (See “VoIP, Mobile Data Face Challenges Under IPv6”).

The DoD’s plans are monumental, to say the least. A substantial portion of the DoD’s $30 billion IT budget will be used to buy only IPv6-compliant technology beginning in October; several large portions of the DoD will be switched over to IPv6 earlier than 2008 so the DoD can see how it unfolds.

The IPv6 transition is centered upon the military’s emerging Global Information Grid, the massive communications network used by the military throughout the world for both administrative and battlefield tasks. (For more on the DoD’s program, see “Military IPv6 Transition To Be ‘Aggressive’ ”).

The DoD points to al Qaeda as a major driving force behind the move to IPv6. John Osterholz, director of architecture and interoperability for the DoD, summed up the reasons for moving to IPv6 when he announced the plan in June at the IPv6 Summit in San Diego. “Al Qaeda maintains a low profile and is highly distributed,” Osterholz told reporters. “Until recently, we had no capability to operate similarly, and we understand it is an important capability. They were Net-centric, we were not. Their command and control capability requires us to have a similar capability.”

The Present Status of IPv6

IPv6-capable servers and routers have been on the market since the mid-’90s and are already installed in many IP networks. Cisco, Nortel and others develop servers and routers that are being used for IPv4 but can be “switched on” to handle the IPv6 protocol. The military services, in fact, have been buying such servers for a while, anticipating the day they’d switch to the next-generation protocol.

IPv6 is now being used in the United States in limited areas. For instance, large enterprises can use IPv6 in the LAN to assign and manage thousands of desktops and applications. “The use of IPv6 today can be quite attractive to companies for two reasons,” says Peter Briscoe, IPv6 world manager for Cramer Systems. “The first is that the new features of the protocol can simplify the initial setup and maintenance of the IP parameters on the desktop machines, due to more automatic discovery of default gateways.

“ The second is that, as each machine will have a valid IP address, you do not need to manage the NAT settings at the Internet firewall to the same level. This will simplify the corporate connection to the Internet and allow more secure client/server application services to be used by the company. This could potentially lead to more outsourcing of corporate applications.”

Cisco and other network equipment developers also use IPv6 tunneling to connect corporate offices in different cities. “We have hundreds of customers with different stages of IPv6 rolling out; we deploy a number of tunneling mechanisms,” says Martin McNealis, senior director for product management for Cisco IOS Software. “If you’re in … the early part of a network and you need to connect to another IPv6 topology, you take the IPv6 traffic, wrap it in a tunnel and run it in regular form over IPv4 to the office at the other end of the network.”

IPv6’s near-infinite number of globally unique IP addresses will enable easier implementation of peer-to-peer computing and “push” applications such as MMS, instant messaging, auctions and innovative multi-user games. The military has dozens of ways it wants to use push technology, from instant messaging to interactive battlefield maps.

Whereas IPv4 has 4.2 billion 32-bit addresses, IPv6 has 1,038 possible 128-bit addresses. “They’re both finite,” says Atul Kurlekar, product manager at Tmanage, “but with the proliferation of PDAs, laptops, wireless phones, PCs and all the other things that want to be mobile, the number of devices could use up the available IPv4 pool.” With IPv6, there are enough addresses out there that everyone can have a permanent IP address, so that “from birth to death, no matter what network, no matter what ISP, that mobile data will come to you,” Kurlekar says. “You can assign addresses to devices of any kind to push to you, including pagers, telephones, and refrigerators.”

But those 128-bit addresses will contain much larger numbers, and the packet headers will have more variables—such as new kinds of devices and more levels of QoS labeling—than in IPv4. “The address schemes change,” says Jasomi’s Freedman. “In Version 4, the numbers between the dots can’t be larger than 255, and in Version 6, they can be as large as 65,535. The packet header has to get longer to hold all the extra digits; therefore, routing tables have to get bigger—all the tables inside the network equipment have to be bigger.” For instance, IPv4 addresses look like this: 172.16.122.204; under IPv6, they might look like this: 1204.123.48657.50031.

As for mobile IP, the size of IPv6 headers is troublesome. “With mobile networks, you’re going to need a big address range,” Cramer’s Briscoe says. “If you have a large address header that you’re sending off the handset, the header has to be compressed. That’s still being developed. A lot of companies are looking at ways to reduce the header. At this point, once you get all the information in, you’re now sending more header information than data.”

The good news is that once the military or any network owner completes the changes to the routing tables and other addressing parameters, IPv6 routing is more efficient than the old protocol. “Routing for IPv6, because the industry has the benefit of learning from IPv4, actually will reduce the number of routes in the routing table,” McNealis says. “The Internet has 150,000 routes at the core of the Internet, and IPv6 actually reduces that number down. On the backbone, a big carrier has several layers of addresses that IPv6 will reduce, because it has a better hierarchy. Fewer addresses are needed to route it.”

QoS, Security and Military Intelligence

Not only are the IP addresses longer, packet headers will expand to include new kinds of information, especially QoS data. And that is one of the key attributes that pushed the military to seek IPv6: good quality transmission of everything from VoIP calls to video streaming. John Stenbit, the CIO for the Pentagon, put it this way when he briefed reporters about the IPv6 upgrade in June: “I don’t want to belabor it, but today, if you send a packet on the Internet, nobody’s guaranteeing you that it’s going to get to the other end.” The QoS sophistication not only gives the Pentagon better transmission service, but also lets the military assign different paths for messages based on the need to know, amount of bandwidth needed or depth of encryption. An email going out to field offices discussing paid leave, for instance, would be assigned a lower QoS path than a VoIP call between a commander and one of his key officers during a battle.

The military will also have to navigate all kinds of topologies and platforms using QoS labels. “There are some fields which are there in IPv6 that aren’t in IPv4 which allow packets to have QoS,” Freedman says. “It’s nirvana, from a military perspective, to have complete multimedia communications with all your field units, reconnaissance equipment, and managing targeting information and have them all tied back into central command. They want a satellite link into anything from an ordinary radio on a soldier’s backpack to vehicle-mounted systems to microwave uplinks to unmanned aerial vehicles, back through satellites everywhere along that spectrum. That’s why this is so important. The terrorists have a network-centric view of the world, and so do we.”

The information that designates the QoS paths also populates the header. The more levels of QoS, the more variations occur in the header, especially when paired with encryption data and authentication codes.

It’s harder than it sounds. QoS on today’s Internet is far from standardized. Equipment makers and network platforms employ different flavors of QoS, so when data leaves one IP network and hits the next gateway, the QoS definitions suddenly change. The move to IPv6 will be a good opportunity to formulate standardized QoS levels.

Cisco, which is part of the military’s push to IPv6 and listed as a partner on the migration, is working on security measures such as encrypted routing. “For classified information, you can send it over different parts of the network and go through higher encryption or isolate it on a different topology of the network,” McNealis says.

Stenbit said the real issue is that end-to-end security is done differently in a network-centered world than it is in telephone or broadcast communications. “If the person at the far end doesn’t have the crypto that works, they won’t get the data. If they do, they will. In [IPv4], you don’t know who you’re sending to, and you don’t know from whom you’re receiving. So the packet itself has to include the crypto—the security sufficient to do the end-to-end encryption—because it’s not as linear and dramatic as a circuit-based system.”

With IPv6, the device that’s sending the message has a permanent IP address, so there’s no confusion about which PC, handset or PDA sent the message.

The security in IPv4 is created by separate security protocols on top of the network, such as IPSec and others; these myriad security standards don’t communicate very well. “For the Army in Europe it was difficult to set up an encrypted network when we had Sun servers, Microsoft servers—none of the IPSecs matched up,” says Greg Trexler, product manager for Ace-Comm. “IPv6 now has a standard built in.”

But IPv6 security will also have its share of interoperability issues, says Freedman of Jasomi Networks. “Version 6 is supposed to have better security, but if I implement that and I can’t talk to anyone else, because everyone else uses IPv4 security, it doesn’t do any good.” He says the new protocol is going to have problems getting adopted, “because IPv4 has such an inertia that it’s difficult for people to get off one and onto the other.”

Managing IPv6 Addresses

“ The carriers are going to want to be familiar with the [IPv6] addressing schemes, because they are going to be involved in allocating them to the end users,” McNealis at Cisco says. “If you’re Verizon and you’re rolling out IPv6, you’ll pull some IP addresses from the international register and hand them out to customers.” Carriers will have to understand how the pool is organized, and determine how many to set aside for enterprise customers, how many to set aside for small business customers and individual customers.

Address distribution is “going to depend on how the network is being divided,” Cramer Systems’ Briscoe says. “There are geographical boundaries; you have to be quite careful at how your internal structure is built up, how your internal departments communicate. You have to look at your present address plan, create a new address plan and determine how to stage migration from one to the other.”

It’s not helpful that even the Internet authority responsible for doling out the IPv6 addresses is still in flux with its plan. “Some of these high-level address plans have not been totally sorted out,” Briscoe says. The granularity of the IPv6 addressing scheme isn’t sufficiently precise down to the individual user, to take into account a home where family members subscribe to multiple ISPs.

Billing, OSS Systems Could Feel the Strain

Experts agree that IPv6 isn’t going to require rewriting or reengineering billing and OSS systems. If a billing vendor’s IP rating and billing software operates on IPv4, it will operate on IPv6. However, the customer’s IP address will be longer, and may take up more space in various fields—but most fields are built to handle the increase of a few digits. Mapping between IPv4 addresses and IPv6 addresses may not be necessary; the trick, of course, is ensuring that the new addresses are assigned correctly to the old ones. McNealis suggests that IPv4 addresses could be somehow folded into the IPv6 addresses for mapping, but that it’s simpler just to start over with the IPv6 addresses.

Some OSSs are going to feel the strain when transitioning to IPv6. For instance, most ISPs or carriers will have to run IPv4 and IPv6 on their servers and routers simultaneously as they transition. The result: slower processing and more bandwidth used. This translates into lost revenue.

As for OSS capabilities, McNealis says larger ILECs should be able to absorb a slightly different format or customer information base. Smaller ISPs with marginal storage and CPU capabilities may feel the effects, however. “What you have to be careful about is additional strain on the CPU,” Briscoe says. “It may be necessary to increase the memory on that device. It might seem like a minimum upgrade, but you are going to be working those routers much harder. In some cases you’ll have more maintenance and firmware upgrades.”

One area certain to need recoding is the mediation system. With more devices getting their own IP address, the kinds of events and services to be captured and assigned to customers will expand exponentially. Mediation systems will have to read the longer IP address of the customer’s device accurately for more kinds of billable events. “Mediation has to be greatly scaled, so you can capture mediation events from different devices,” says Keith Wolters, senior director for Convergys’ product and industry marketing group. You might capture transactions from a Palm Pilot to other wireless devices. … All could become ratable transactions.”

IP is also used when operations personnel access the customer’s information, McNealis says. “Those back-office systems are going to have to integrate and accommodate IPv6 at the customer level,” he says. “To access the customer’s network to investigate a trouble ticket, for instance, that occurs in an IP session into the customer environment.” In the meantime, they can manage OSS and billing over the IPv4 system, but as more and more applications and users cut over to IPv6, they’re going to have to have an IPv6 understanding of the network.”

It’s obvious that upgrading to the next version of Internet Protocol isn’t going to happen tomorrow. But one thing’s certain: The DoD is going to be relying on the telecom industry to supply it with the expertise, equipment and software.