amp Deployment Status Phil DeMar Oct 4 2012 1 USG OMB IPv6 Mandates for 2012 amp 2014 Publicfacing services to support IPv6 by Sept 30 2012 For US Dept of Energy DOE this means email DNS amp web services ID: 331938
Download Presentation The PPT/PDF document "US Labs IPv6 Planning" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
US Labs IPv6 Planning & Deployment Status
Phil DeMarOct. 4, 2012
1Slide2
USG OMB IPv6 “Mandates” for 2012 & 2014
Public-facing services to support IPv6 by Sept 30, 2012For US Dept of Energy (DOE), this means email, DNS, & web services“Public-facing” interpreted as “intended for the general public”
Internal client systems to support IPv6 by Sept 30, 2014
Essentially, this means all desktops
No IPv6 transition mandate for all USG systemsMandate targeted at public services & clients using public servicesScientific computing systems are not within scope“Mandate” lacks enforcement elementNIST dashboard measures agency complianceBut nothing happens to the non-compliant
2Slide3
US DOE IPv6 Transition PlanningDOE has transition team coordinating IPv6 milestone compliance across the Department
Size of DOE dictates a decentralized approachDOE National Labs are not part of DOE IPv6 transition planning scope:
Labs
aren’t
bound to OMB mandatesPer current interpretation…But are encouraged to support IPv6, consistent with mission requirements & resourcesDOE participates in Federal (USG) IPv6 Task ForceA post-9/30/2012 progress report is expectedNot clear if current interpretation of OMB mandate might changeSlide4
DOE Transition TF – recent report (9/30/12)
4Slide5
Deployment of IPv6 at LabsLabs are implementing IPv6 independently:
Availability of effort is largest issue holding up progressSeveral Labs have stopped/paused IPv6 deployment entirelyMost are moving forward, at least with the OMB 2012 milestonesSo far, there have been no
reported requirements or
requests
from experiments or collaborations for IPv65Slide6
Recent Lab Survey on 2012 IPv6 Milestone Status:8 sites say they’ll meet OMB milestones by end of year
Other extreme: 3 are not putting effort into IPv6 nowDNS status slightly deceiving:A number are ESnet-supported secondary servers
6Slide7
IPv6 Status Monitoring DashboardsNIST runs “official” Fed. Deployment IPv6 dashboard:
If you’re not green, you’re red…Most, but not all Labs in the .gov domain are listedhttp://fedv6-deployment.antd.nist.gov/cgi-bin/generate-gov
ESnet now has a site IPv6 deployment dashboard
Green or gray, no red
ESnet-only IPv6 DNS support is “light” greenhttp://my.es.net/sites/ipv67Slide8
Likeliest Next IPv6 Steps for LabsStart focusing on internal IPv6 client deployment issues
Lab directions driven more by site self-interest than OMB directiveMost sites classified their client IPv6 planning as “investigating impact”Likeliest ESCC course of action will be to target specific common IPv6 technology areas:
Auto-configuration & neighbor discovery
Tunneling capabilities & controls
Dual stack (IPv4/IPv6) issuesUnique Local Addresses (ULAs)Managing & maintaining control over IPv6 likely to be strongest motivation8Slide9
US Tier-1 IPv6 Deployment Status(FNAL & BNL)
9Slide10
FNAL IPv6 Deployment StatusCurrently IPv6 deployment:
DNS & Email support IPv6; central web will in ~2 weeksUsing Infoblox for IPAM
Small test bed with wide area connectivity
FermiCloud
cluster attached to IPv6 test bedProvision for rolling development systems into test bedSeparate address space (PA)Internal IPv6 work group to develop structured IPv6 plansIncludes networking, security, system & application supportAddressing & routing plans drafted & vettedNext steps in IPv6 deployment:
Use Computing Div. LAN as development environment for IPv6 client system support
10Slide11
11
IPv6 in
FNAL
Core
NetworkCentral Services(web, email)
Computer Security subnets
Computing
Div LAN
(
slaac
)
IPv6
Test Bed
Backup
Border RouterSlide12
12
FNALSlide13
BNL IPv6 Deployment Status
Expect to satisfy OMB 2012 milestones by end of year: COTS IPAM solution in process of being implemented to provide DNS IPv6 capability
External
interfaces of
Ironports hosting mail daemons IPv6-capablePublic web servers migrated behind squid proxies w/IPv6 capable external interfaceWorking group established to address OMB 2014 requirements for IPv6 compatibility of internal clients/appsUnder umbrella of BNL
Cyber Security Advisory Council
13Slide14
Questions
?
14