Unknowns remain in move to IPv6

For the Air Force, the killer application for IPv6 might literally be a killer app.

"We're trying to shorten the kill chain," USAF transition lead Eric Lubeck said Tuesday at the IPv6 Tech Forum hosted by AFSCEA. "Anything we can use to put bombs accurately on target is our goal with IPv6."

Lubeck was part of a panel of government and industry experts discussing uses for the new IPv6-enabled networks and the challenges users will face.

The Defense Department, along with civilian agencies, has set a goal of transitioning its networks to the next generation of Internet Protocols by July 2008. But a successful transition to IPv6 will merely establish parity with existing networks. The return on the investment will depend on how applications take advantage of the new functionality. Unfortunately, there still are many unanswered questions about what will happen when networks begin using IPv6.

"A lot of security experts are comfortable on how to defend the network of today," Lubeck said. "We really don't know what the mobile network of the future is going to look like, so we don't know how to secure them."

What issues will network administrators face when they begin running dual-stack networks to handle both IPv4 and v6 traffic?

"We don't know," said Dave West, director of field operations for Cisco Systems.

Testing boxes and applications does not necessarily tell you what will happen to the network when it switches to a dual-stack mode to handle IPv6 traffic. Cisco is just beginning to look beyond the individual boxes and applications, West said.

"We have started to look at this architecturally, rather than just product by product," he said. "And what you find when you look at it architecturally is [that] there are a lot of holes in what we know."

But vendors remain committed to the move to IPv6.

"We are betting our business strategy on IPv6 and IPSec," said Sean Siler, Microsoft Corp.'s program manager for IPv6 deployment. "You are going to see a lot of IPv6 and IPSec solutions coming out of Microsoft in the very near future."

The federal government is a major driver in the industry's move to IPv6, because it has been requiring functionality for the new protocols in its networking equipment. That's why Siler's office is in Washington rather than Redmond. "This is where a lot of the IPv6 action is happening," he said.

But Microsoft committed itself to IPv6 five years ago as part of its trustworthy computing program. The new Vista operating system has a dual IPv4/v6 stack by default, as well Longhorn Server later this year. Support for IPv6 is a basic functionality for all of its applications, Siler said. "If it doesn't support IPv6, then it's not shipping."

There are exceptions. One major pain point at Microsoft is that Exchange 2007 was shipped without IPv6. That will be added in Service Pack 1, Siler said.

The business rationale for moving to IPv6 will be improved productivity or functionality. The opportunity to strip proprietary protocols out of legacy systems and build everything on IPv6 should save money on licensing and simplified application development. But the steep learning curve in managing networks with the new protocols could delay these benefits.

"It will be very difficult to take advantage of these capabilities in the current security framework," said Cisco's West.

Microsoft has been eating its own dog food, running only v6 traffic on portions of its corporate network, and so far there have been no disasters, Siler said.

"We haven't found any applications that bomb out on a dual-stack machine," he said. "Management has been the biggest challenge in dual-stacking."

Accommodating both IPv4 and v6 on the same network does not come free, performance-wise, Lubeck said.

"We know there is going to be a performance trade-off," he said. How much of a hit to performance a system will be able to tolerate depends on operational constraints. In a combat situation where time is of the essence, delays might not be acceptable. "There is a definite trade-off you will have to be aware of," he said.

William Jackson is a staff writer for Washington Technology's affiliate publication, Government Computer News.