Government moves to IPv6 one step at a time

Government moves to IPv6 one step at a time

By William Jackson

GCN Staff


CHARLESTON, S.C.'When the Space and Naval Warfare Systems Command gets an Internet Protocol Version 6 intranet up and running this year, it will have very little company.

The SPAWAR Systems Center in Charleston is the first'and so far the only'military organization to be allocated any IPv6 addresses, said Michael P. Brig, the command's Next Generation Internet program manager. Other Defense Department entities are studying the impact of IPv6 on their systems, but so far none is ready to use the new successor to IPv4.


SPAWAR's Michael P. Brig says the Navy will have an IPv6 intranet online in nine months.


'IPv6 is not ready for immediate use, and we are not going to mandate it yet,' said Elizabeth Gilleo, deputy director of the Army's Architecture Management Division, at a conference here last month. 'At this point, nobody is writing programs for it.'

No demand

The Defense Information Systems Agency is in charge of doling out IP addresses, both Version 4 and Version 6. But as yet DISA has no IPv6 address blocks.

'No one right now is demanding that service,' said Maj. Randall W. Bland of DISA's Network Protocol Services division.

Native IPv6 network service, however, will be available on the Navy-Marine Corps Intranet through WorldCom Inc., which will provide parts of the NMCI backbone on its very-high-performance Backbone Network Service Plus (vBNS+) network. WorldCom has been allocated IPv6 address space but has not received any NMCI requests, said Charles M. Lee, executive manager of WorldCom Government Markets.

Leading hardware and software vendors and network providers have either released or announced plans for products that support IPv6. Although conference participants agreed that Version 6 is inevitable, it is not yet ready for production deployment, Lee said.

He said he sees the number of IPv6-ready routers as limited, their performance as 'not the best,' the software as 'in transition' and bug elimination 'at the speed of a galloping glacier. Anyone who thinks he is going to use Version 6 as a production environment on Day 1 is fooling himself. But it is important to get experience with it.'

The Internet Engineering Task Force began working on the new version in 1993, and the core specifications now are IETF draft standards, said Steve Deering, a fellow at Cisco Systems Inc. of San Jose, Calif. Draft status does not mean IPv6 is unstable, Deering said. IETF rarely grants full standard status until a draft standard has been widely implemented for several years.

The boom in wireless computing is forcing IPv6 into prominence because of the proliferation of networked cell phones and personal digital assistants and other portable devices.

'If the commercial world moves to IPv6, I don't see any way we are not going to have to move,' Brig said.

IPv6 has better security, management and service quality than IPv4. But the most commonly cited reason for a protocol shift is the rapid depletion of 32-bit IPv4 addresses. In use for more than 20 years, IPv4 has a theoretical 4.3 billion unique addresses. But they are allocated in blocks, and large numbers of potential addresses in subnets go unused. Brig estimated that 95 percent of IPv4 addresses are idle, yet 'you're starting to see address exhaustion in pockets, such as shipboard applications.'

Although some existing networks can grow through addresses already allocated to them, new applications and organizations have a tough time getting any addresses at all.

The 128-bit address space of IPv6 will make an exponential jump in the number of unique addresses. Europe and Asia are far ahead of the United States in deploying the new protocol.

'Europe and Asia are going wireless, and they can't do it with IPv4,' said James Bound, a Compaq Computer Corp. engineer who co-chairs the IPv6 Forum's technical directorate.

The American Registry for Internet Numbers allocates IPv6 address blocks in North and South America and sub-Saharan Africa. ARIN has allocated 10 sub-top-level address blocks in what it calls the bootstrap phase of operations.

Registries for Europe and Asia have allocated 41 address blocks.

ARIN requires address recipients to deploy a production network within 12 months of getting the addresses.

SPAWAR received its address block about three months ago, so it has about nine months to get its network up, Brig said. That network, called Commander in Chief for the 21st Century, or CINC21, will use the Defense Information Systems Network's Leading Edge Services network as its backbone. Hardware is being tested.


A timeline of Internet development

' 1971: The Defense Advanced Research Projects Agency's Arpanet begins to use the Network Control Protocol.

' 1973: Work starts on the Internet Protocol to replace NCP.

' 1978: The Defense Department adopts IPv4 as the standard for end-to-end packet switching.

' 1983: Transition to IPv4 is completed.

' 1990: Internet control moves from DOD to the Commerce Department, and Arpanet is decommissioned.

' 1992: Commercial traffic begins on the Internet.

' 1993: As traffic growth makes IPv4 weaknesses apparent, the Internet Engineering Task Force issues a request for comments for a new IP version.

' 1995: IPv6 prototypes appear.

' 1998: The government privatizes Internet control through the Internet Corp. for Assigned Names and Numbers.

' Today: More than 95 million IPv4 addresses have been assigned, and exponential Internet growth continues from new devices.



How it's done

Brig described how SPAWAR plans to use the 13-bit backbone address space available for each packet. The first two bits define the security level, the next three define one of eight geographical target areas, seven bits identify up to 128 theater sites, and one bit is reserved for expanding the other identifiers.

As the network moves out of the bootstrap phase, more address space will become available. In a 25-bit backbone address, SPAWAR probably will use three bits for the security level.

The number of possible theater sites could expand to 8,192, and four additional bits would be reserved for expansion or reorganization.

CINC21, like the commercial vBNS+, will run both versions of the Internet Protocol. Vendors of products with IP stacks are building hybrid stacks that support both versions, and the dual system is expected to endure for a long time.

Like mainframes and Cobol, IPv4 will not die. Rewriting all existing programs to accommodate 128-bit address space would be a bigger job than fixing the year 2000 date problem.

'It is not a matter of transition, but of coexistence,' the Army's Gilleo said. 'There is no way we are going to be able to change over all at once. We have a lot of things in the field that are never going to change, so we have to make sure that whatever we use is backward-compatible.'

If the switch seems daunting now, it will probably have to happen again'eventually.

There are many ways to express the astronomical number of addresses available under the 128-bit scheme'an address for every atom in the universe, or thousands of addresses per square meter of the Earth. Brig said that although IPv6 address allotment probably will be no more efficient than the 5 percent efficiency achieved with IPv4, 'the number is so much bigger that it is effectively unlimited.'

But 'I don't think there is any natural boundary for these things,' said Robert Kahn, president of the Corporation for National Research Incentives and systems designer for the Arpanet, the Defense Advanced Research Projects Agency's original packet-switching WAN.

Constant flux

New devices, processes and digital objects will vie for their own addresses, and 'it wouldn't surprise me if at some point somebody decided it would be a good idea if we had 256-bit addresses,' Kahn said. 'Never assume that what we're currently doing is the final thing.'

inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above