IPv6 Status Stuff Phil DeMar Summer 2011 JointTechs meeting July 14, 2011
Site IPv6 Status (Survey…)
Site IPv6 Survey (7/13/2011) 14 responses, including most of the Open Science labs Site IPv6 WAN connectivity: IPv6 WAN connectivity in place11 Four have some level of production network support No IPv6 peering in place 3 Two indicated no plans to do so Feb 2011 ESCC survey: 6 of 10 sites had ESnet IPv6 peering
Site IPv6 Survey (II) Level of current planning efforts: Identified project, with organized planning effort 6 (4) Recognized project, organized planning not under way4 (3) Informal/adhoc planning effort2 (2) No significant ongoing planning effort1 (1) Other1 Comments: Structured for h/w; applications is a challenge IPv6 included as part of core network upgrade
Site IPv6 Survey (III) Upper management buy-in: Actively engaged7 (4) Aware, but not actively engaged6 (1) Not yet on their radar0 (1) Other1 Resource availability for planning / deployment: Active project with budgeted effort in FY11 & FY127 Identified project; no FY11 budget, but expect FY123 Opportunity cost; out of general support effort4 Question: what about non-networking staff IPv6 effort?
Site IPv6 Survey (IV) Scope of current IPv6 planning: Network infrastructure & staff136 Computer security infrastructure & staff115 System support & staff 63 Web services 7\ DNS 9 2 Mail services 5 / Other 4 Comments: HPC – aware, but not actively engaged Network research group involved IPAM application support
Site IPv6 Survey (V) Projections on OMB deliverables (2012): Previous survey (2/1/2011): no reported IPv6 services Comments: going to cloud (Google)
Site IPv6 Survey (VI) Preparation for 2014 deliverables: Focusing tightly on 2012 deliverables7 Studying impact(s) of 2014 deliverables5 Actively planning for 2014 milestones0 Other2
Site IPv6 Survey (VII) Most significant barriers to 2012 compliance: Communications and awareness of impact to the research and scientists Getting coordinated effort across the spectrum of the IT enterprise. Will consider 2012 as milestone goal, not necessarily required mandate. Decentralized IT organizations. Determining what must be done to make all public facing systems compliant. Replacing/upgrading the core network infrastructure. I don't think we have any barriers. IPv6 to the main facility website will be via an F5 to translate IPv6 addresses on the outside to IPv4 on the inside. Resources People resources. Lack of funding and tools (e.g. IPAM, Security) Resources, training, management directive, a business case.
Site IPv6 Survey (VIII) ESCC role in helping sites to meet 2012 milestones: Continue to provide IPv6 technical forum environment. Help motivate the NLCIO to provide a directives and funding. Help in information campaign, spread awareness, importance, urgency of IPv6 adoption to IT communities. A cookbook for compliance would be VERY helpful. Facilitate best practices, common approach & lessons learned between SC Labs Provide money!
ESCC IPv6 TF Activities
DOE IPv6 Activities Update Working groups setup to deal with aspects of IPv6 support: IPv6 IT Management IPv6 Technology IPv6 Cyber Security IPv6 Outreach Scope of DOE IPv objectives defined: “Public-facing interfaces” defined as intended for the general public IPv6 services limited explicitly to web, , & DNS Labs place in DOE IPv6 plan is ‘fuzzy’ Included in the scope of the overall plan Not included in DOE response to OMB data call on public services Expected to ~meet OMB deadlines & contribute IPv6 knowledge
ESCC IPv6 Task Force Activities IPv6 Planning Process TF Phil DeMar, Paul Martinez, Louella Panaga, Jim Schroeder, Ted Sopher Document not completed, but significant progress 2. IPv6 Technical Implementation Checklist TF Mike Sinatra, Kevin Oberman, contributions by many others… Progress toward a checklist, umhhh, not so good… 3. IPv6 Implications for Security Infrastructure TF Farmed out to Network Security Monitoring (NSM) group… They are supposed to develop a checklist from a cyber security perspective
Preliminary Site IPv6 Planning TF Checklist 14 Objective: Develop structured checklist as a planning template Basic structure: Ordered set of steps to follow in planning Drafted from a 2012 deliverables perspective Guidance and/or recommendations on each step
Site IPv6 planning checklist (II) 15 Establish initial IPv6 impact assessment group Scope spectrum of site effort w/ cost guesstimate Management buy-in process Key technical decisions of a strategic nature Test / development environment Draft target (2012) deployment Lay out roadmap(s) to achieve target deployment Implementation planning guidance Documentation & training
Site IPv6 technical checklist (preliminary) 16 Strategy: Organize IPv6 implementation guidance & recommendations into distinct components: A structure for developing tutorials & checklists Allows a tighter focus on target audience Mike Sinatra (ESnet) working on corresponding tutorials Basic structure within each component: Identify specific issues or areas of concern Differentiate between 2012 & 2014 implications Provide guidance and/or recommendations
Site IPv6 technical checklist (preliminary) 17 Addressing checklist Address block selection & acquisition Subnet allocation model Address configuration model (static & stateful/stateless autoconfig) Use of site/local addresses (ULAs) Site multi-homing considerations Routing checklist: Selection/configuration of routing protocols WAN connectivity / peering issues Neighbor discovery & Stateless Autoconfig (SLACC) IPv6 tunneling considerations NAT issues
Site IPv6 technical modules (II) 18 Host IPv6 Address Management (IPAM) Domain Name Service (DNS) issues Guidance on IPv6 implementation for public services IPv6 performance issues & considerations Test / Development Environment(s) IPv6 network (service?) management & monitoring Host IPv6 considerations