A bridge to the future
- By Doug Beizer
- Feb 09, 2007
When mandates for the Defense Department to migrate to a new Internet protocol go into effect in 2008, there won't be a momentous flipping of a switch to activate IP Version 6 running on every network and device.
To make such an overnight changeover from the current IPv4 would be too expensive and complex. For years, some systems will support IPv4 communications while others will run under the new protocol.
"IPv6 is one of those technologies that cuts across everything, not only internally at the Army's Space and Terrestrial Communications Directorate, but across the entire Army," said Larry Levine, deputy of the directorate's special projects office.
"We've been planning and looking at IPv6 for years," he said. "I've personally been looking at it since 1999."
Levine's office does research and development, as well as systems integration, on technology designed for the Army. The office has done studies and collected data on IPv6 to learn about the technologies and options related to the new protocol.
One item of particular interest to the group has been information on bridging communications between IPv4 networks and devices and IPv6 networks and devices. Dual stacking, running parallel IPv4 and IPv6 networks, will be common for years while the transition takes place.
"When you're running a dual stack, in some respects, that's almost like running two networks. It's a bigger job than either IPv4 or IPv6," Levine said.
One of the biggest challenges is running IPv6 devices at the edge of an IPv4 network, or Version 4 devices over IPv6.
Tunnels can be manually configured to accomplish the task, but Levine's office has found some tools to simplify the operation. Montreal-based Hexago Inc.'s Gateway6 is one of the products the office tested.
"Basically, the Gateway6 is an appliance that enables you to very easily communicate IPv4 traffic over an IPv6 network or vice versa," said Barry Shuman, Hexago's director of federal sales.
"It readily enables government customers to put up islands of IPv6?either users or applications?and still be able to access them across a predominately IPv4 network that's in place," he added.
European coalition partners who are involved in operations in Iraq and Afghanistan campaigns, for example, might be using IPv6 applications.
The Gateway6 would let U.S. forces use their IPv4 networks for communication with the European IPv6 network and applications.
It also would let IPv6 coalition partners access the authorized applications residing on a U.S. Army IPv4 network, Shuman said.
The Gateway resides at the edge of a network or at the interface between IPv4 and IPv6 networks.
A bridge can complement a dual-stack network environment, letting an organization migrate some users to IPv6 while leaving others on the IPv4 network.
"We don't compete with dual stack," Shuman said. "With the size of government networks, you're not going to be able to dual stack all your routers overnight. There will always be islands that aren't covered."
The Army has studied close to 20 transition mechanisms to evaluate which would work best during the transition, Levine said.
All the mechanisms work, but factors such as the task and the environment in which they must accomplish it will help Army officials narrow the list.
Some appliances and methods work well at application layer gateways, others are good for dual stacking.
Also, "it would be very difficult for the Army to field 17 different transition mechanisms," Levine said. "It would be hard logistically and technically."
The transition undoubtedly will pose challenges for IT managers, but the benefits of moving as quickly as possible to IPv6 are not to be ignored, Levine said.
The Army may be lukewarm about the availability of nearly unlimited IP addresses, he said, but it finds IPv6's ability to speed network initialization of critical value.
"The Army is trying to move toward [becoming] a more mobile Army, and IPv6 mobility is a lot more streamlined than IPv4," he said.
"Now when the commander gets the word that we have to deploy, it takes a long time to manually stuff addresses into the network," Levine said.
That manual process can take up to six weeks. With IPv6, the same task might take days or even hours.
With such potential improvements, agencies will have an incentive to make the move, no matter how difficult it might be, predicted Hexago CEO Bruce Sinclair.
Look at the transition as a three-phase process, he recommends. Get to dual stack, operate under dual stack and finally phase out dual stack.
"The first phase, which is really difficult, is getting to dual stack, because it is very expensive to actually swap out that last mile of the network," Sinclair said. "The core is relatively simple to do because there are a few routers, and pretty much any router that's been purchased in, say, the last five or six years has a dual-stack capability."
The tough part is switching every node in a network to IPv6. That's where bridging technology can help.
"The first place that we play a role is bridging those parts of the network that are not completely dual stack to make it run in IPv4 and IPv6," Sinclair said. "We fill in the potholes, we jump over the parts of the network that are not yet dual stack."
Staff writer Doug Beizer can be reached at firstname.lastname@example.org.