U.S. military strong-arming IT industry on IPv6
Dec 20, 2010 12:40 pm | Network World
by Carolyn Duffy Marsan
The U.S. military is ratcheting up the pressure on its network suppliers to deploy IPv6 on their own networks and Web sites so they can gain operational experience and fix bugs in the products they are selling that support the next-generation Internet protocol.
For years, the Defense Department in public forums and private conversations has been pushing network hardware and software companies to use their own IPv6 products, a practice known as “eating your own dog food” in tech industry parlance.
Now, with depletion of IP addresses using the current standard known as IPv4 expected to occur next year, the Pentagon is taking a tougher stance with network suppliers that are marketing — but not using — IPv6.
Defense Department officials are threatening these suppliers with the loss of military business if they don’t use their own wares to start deploying IPv6 on their corporate networks and public-facing Web services immediately.
At the forefront of this push is the Defense Research and Engineering Network (DREN), which links the military’s high-performance computing centers nationwide and carries voice, video and data. DREN has supported IPv6 since 2003, and IPv6 represents about 10% of its traffic.
“We are pressing our vendors in any way we can,” says Ron Broersma, DREN Chief Engineer and a Network Security Manager for the Navy’s Space and Naval Warfare Systems Command. “We are competing one off against another. If they want to sell to us, we’re asking them: Are you using IPv6 features in your own products on your corporate networks? Is your public Web site IPv6 enabled? We’ve been doing this to all of the vendors.”
The Defense Department’s opinion of IPv6 is significant given that is one of the world’s largest buyers of network gear. The U.S. military spends more than $2 billion per year on network hardware, software and related services, according to FedSources, a McLean, Va. market research firm.
Pressure from the U.S. military is one of the reasons network vendors such as Brocade and Cisco are beginning to support IPv6 on their Web sites. The military considers this an important step in demonstrating commitment to the new standard.
“As we were getting closer to IPv4 depletion, we realized that a good chunk of the world is going to be on IPv6, and they are going to need to get to the public Internet,” Broersma says. “It dawned on us that IPv6-enabling the public-facing Web services was the most critical first step, and it was the low-hanging fruit. It’s easier than doing your corporate network.”
Brocade began supporting IPv6 on its main Web site — www.brocade.com – in August. Company officials say it took only six weeks to deploy the new standard because it used its own ADX load balancers to do the translation services between IPv4 and IPv6 network traffic.
“The DOD pressured us into doing this,” said Kelly Brown, a Brocade network engineer who championed the IPv6 effort. “Ron Broersma reached out to us … Saying he was ‘nudging’ us to IPv6 is too easy a term. Once Ron gave us the encouragement, we thought about it and decided to go for it to see exactly what the problems are with IPv6.”
Similarly, Cisco began serving up IPv6 content on a special Web site – www.ipv6.cisco.com – in August. Cisco says it is working toward supporting IPv6 on its main Web site, which is www.cisco.com.
Meanwhile, other network vendors such as Juniper appear in no hurry to support IPv6 on their Web sites. Juniper says it will wait until September 2012 to add IPv6 to its main Web site rather than setting up a separate, dedicated Web site with IPv6 content as Cisco has done.
Broersma says companies who wait until fall 2012 to support IPv6 are making a mistake. “You have to start turning something on with IPv6 as soon as possible. How else are you going to get operational experience?” he asks. “You need a crack team today to implement IPv6 on your public-facing Web services, your DNS server and your mail server.”
IPv6 is a required upgrade for network operators such as the Defense Department because the Internet is running out of IP addresses using IPv4 and a growing number of Internet users will have IPv6 addresses.
IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices — 2 to the 128th powers.
As of October 2010, less than 5% of the world’s IPv4 address space remained unallocated. Industry experts predict that the Internet Assigned Numbers Authority (IANA) will dole out the last of the IPv4 address blocks to the regional registries in January. The regional registries will, in turn, delegate the remaining IPv4 addresses to individual network operators over the course of 2011.
The looming depletion of IPv4 addresses is what prompted the Obama Administration to issue a mandate in September that requires all federal agencies to upgrade their public-facing Web services to native IPv6 by fall 2012 and their internal networks by fall 2014.
The U.S. military had previously committed to deploying IPv6 by 2012, but it has faced difficulties meeting this deadline because commercial products supporting IPv6 have lagged.
“We were finding products from all the vendors that when we put them into our own Navy or Defense Department networks, things would break in such fundamental ways as if they never went through quality control,” Broersma said. “We would ask the vendors: Have you not even tested your own products for IPv6? … We found out they weren’t using IPv6 in their own corporate networks. Why should we be the ones to identify fundamental problems in these products? It would be nice if they were delivered as working products, and we were able to rely on them instead of us having to chase down bugs.”
Broersma said that in the past year he has stepped up the pressure on network vendors to provide the same features in IPv6 that are offered in IPv4.
“I have had in the last year multiple times when I chose a vendor or a set of products and the winner was based on their support for IPv6,” Broersma said. “Now the slower adopters in the market are finally getting the picture.”
Brocade’s IT department found that meeting the military’s demands regarding IPv6-enabling its Web site wasn’t that difficult.
Brocade put a pair of its ADX load balancers in front of its Web site to allow incoming IPv6 users to access its IPv4-based content. This pair of load balancers – which would cost around $26,000 — allowed Brocade to IPv6-enable its Web site, DNS services and mail server.
“If a native v6 client would connect to us, they would hit our front-end v6 virtual server and that would get load balanced across our native v6 servers. We dual-stack some of our Web servers to make that happen,” Brown said. “We ran into a couple instances where we couldn’t do native v6 on DNS … so we used a simple-source [network address translation.]”
Brown said Brocade has seen no impact on its Web site performance as a result of supporting IPv6 traffic. “We have seen zero increase in overhead, and no measurable increase in latency,” he added.
Brown concedes that Brocade’s Web site isn’t that complex. Most of the content is static pages with product information. Currently, the Web site attracts a few hundred IPv6-based users per week.
Broersma called Brocade “a shining example” of the commitment to IPv6 that he wants to see from other DREN suppliers.
“If you’ve IPv6 enabled your corporate Web services using your own products, then you’re putting your reputation on the line…That says a lot,” Broersma says. “For me, it’s a fantastic filter for whatever tech companies are in the lead….I’m able to weed out and not waste a lot of time on companies that aren’t taking future technology seriously. I probably don’t want those companies on my network.”