January 2005 Newsletter
p1.jpg
Introduction
 

2005 is a crucial year for IPv6, especially in the United States. Either the power people in US government and industry speak out and budget for IPv6, supporting the wealth of IPv6 talent that has positioned IPv6 for commercial take off, or Asia and Europe will take a lead that over the US that may stretch out and become permanent.
Just a few days ago, IPv6 made a major splash at the largest trade show in the US, the Consumer Electronics Show in Las Vegas. The second annual IPv6 event at CES featured a panel moderated by ICANN CTO John Crain, with panelists including Ted Tanner, Architectural Strategist, Strategic Relations and Policy Group, Microsoft Corporation, Alex Ramia of Panasonic, in charge of the IPv6 efforts at Panasonic (aka Matsushita), and John Kneuer, Deputy Assistant Secretary of the US Commerce Department for Communications and Information. We were pleased to have almost over 100 people attend, and even happier to hear that we had one of the largest panel sessions out of the many dozens at the entire CES, even with the stiff competition from FCC chairman Michael Powell speaking at the same time.
Panasonic was my hero at the CES, for introducing IPv6 enabled webcams. It was great, for the first time, to be able to bring VIPs to the huge Panasonic booth and show them IPv6 in use. Panasonic put us on stage to help demonstrate a four-way video conference between a mobile phone, a car dashboard display, a PC and a laptop (which will use IPv6 upon release). IPv6-enabled printers and fax machines are coming soon. Go, Panasonic! Please consider buying these IPv6 enabled products and writing Panasonic to tell them how much you appreciate their foresight. If you are really motivated, contact the CEOs of companies you buy products from and ask them what their plans are for following the leader, Panasonic, in implementing IPv6. (Panasonic did not ask me for these kudos. They brought IPv6 to the consumer, and that's about the greatest service any company can do for the New Internet at this crucial time.)
The other highlights of CES for me were being quoted in the future trends section of the official CES publication; talking to smart folks from Microsoft, including a cool XBox developer (please do follow up and put IPv6 in the XBox developers kit, Microsoft!); discussing IPv6 with a US Senator; and, thanking the US CTO of Panasonic for his IPv6 support when we met at dinner, along with executives from the FCC and the CEA (which organizes CES).
In this issue are several articles that give the whys and hows of IPv6 deployment, including contributions from Rod Murchison of Juniper (a Grand Sponsor of the US IPv6 Summit 2004 a few weeks ago); Sue Hares, founder of NextHop; Qing Li of Blue Coat (a returning contributor); and Kent Gladstone. This January edition concludes with my ten goals and wishes for IPv6 this year.
Please make plans to join us at the Coalition Summit for IPv6 this May 23-26, 2005. We strongly encourage international participation.
Please send us your submissions for 6Sense so that they can expand the knowledge of the IPv6 community. This is a wonderful way to outreach to the community, so start building your track record for IPv6 contributions now.

The Global Information Grid, IPv6 and Web Services
 

The Force Transformation's success depends on the success of the Global Information Grid (GIG). The GIG appears unwieldy at first glance, but after defining all of the various components, it seems much more manageable. Each component has its own unique set of challenges and opportunities associated with it. All parts are intertwined; some may stand alone, and others may have dependencies. The bottom line is that they all support the data.
The GIG is the basis for Network Centric Operations. Network Centric Operations "refers to the combination of emerging tactics, techniques, and technologies that a networked force employs to create a decisive ...advantage."i This concept requires us to visit all layers of communications to ensure success. Currently, the DoD is visiting several of these layers, as seen in Figure 1, in order to optimally share information among the network's constituents.
The adage "it is all about the data" holds more truth today than ever before. Force Transformation means Net Centric Operations get the data to the edge users precisely when they need it. Net Centric Operations have created a new metaphor of data usage by posting it before it is fully processed, allowing for near real-time use, with each user become both a consumer and producer. This concept is becoming known as the Net Centric Operating Environment.

Got IPv6 Proxy?
 

A proxy does your organization good, especially the ones with IPv6 capabilities. A proxy by definition is an intermediary that is situated between a requestor and a responder of a transaction. There exist various types of proxies. In Web access a proxy is well-known for its caching capabilities to reduce information access latency and bandwidth consumption. A proxy that is located in front of a group of origin servers, which is known as a reverse proxy or surrogate offers load balancing capability and hides the identities of those servers. In addition to the caching functionality, proxies provide many other types of services including user authentication, connection acceleration, redirect, request and response filtering, access logging, translation and transcoding, virus scanning and spyware removal. For example, a proxy can accelerate SSL connections by offloading computation intensive cryptographic operations to the built-in crypto hardware; a proxy can translate web page content from one language into another before presenting the information to the user; a proxy can perform compression and decompression over slow or cost sensitive links. Proxies are also known to act as provisioned service access points to traverse firewalls. An intelligent information security proxy is a complex network appliance that is comprised of both hardware and software, which facilitates the construction of intelligent and fine-grained policy rules, and is the ultimate enforcer of those policies. The transition of an intelligent proxy from the IPv4 domain to the IPv6 world is not a straightforward syntactical conversion; rather, the transition requires thorough analysis of the necessary information security policies and the underlying protocols in the context of IPv6 semantically.

Naming, Addressing, and IPv6
 

The IETF has always been somewhat unorthodox in their use of the term “address.” In IPv4, one 32-bit field (dubbed an address) is used for both routing and identification. In IPv6, the address has been significantly updated (to 128 bits) but the confusing use of the term “address” has been maintained. This article will attempt to clarify the issue.
Terminology
In standard usage, a name or identification points to a particular person (or piece of equipment). If the person moves to a new location, their name stays the same.
An address tells one how to find a particular location. If I first live in Virginia and then move to California, I keep my name but change my address so mail or visitors can find me. The function of an address is to enable a package (or packet) to be routed to that location. The address must be assigned in accordance with the way the network works or certain "expenses" are increased. This will be discussed below.

Goals and Wishes for IPv6 in 2005: The Groundwork Must Be in Place this Year
 

If you don’t know where you are going you will probably end up somewhere else.
The Internet will turn 32 years old (as IPv4) this year, and 99% of its growth has occurred in the last 12 years. Given that economists estimate that 1/3 to 1/2 of the growth in Gross Domestic Product during the 90s was directly or indirectly a result of the Internet (presumably including corporate networking using TCP/IP), America and many other countries could have added trillions of dollars in wealth if we could have had the Internet boom happen after ten years instead of twenty years. I challenge readers to come up with one other shift that was within our capacity (since PCs and Macs and dial-up were all readily available from 1984 onwards) that could have added more wealth than moving up the Internet boom by a decade.
I learned recently from Dr. Larry Roberts, director of ARPAnet, that the US federal government spent a mere $15 million on the project that became the Internet, with the total federal investment estimated at only about $50 million. I find it typical of a government that is blind to the distinction between investing vs. consumption that there is actually no reliable number for what was spent on the Internet. Had such a distinction existed, it is very likely that the Internet would be the greatest Return On Investment of any project in history, and that is including the Louisiana Purchase or Alaska, given that the Internet’s return was so soon, and the land acquistions were made over two centuries ago and one century ago, respectively.
Between fiscal year 1990 and 2000 the US federal government increased its revenue from about $1 trillion to $2 trillion, and if the economists are right and the Internet accounted for 1/3 to 1/2 of the GDP increase, which the federal government would get between 20 and 30% in taxes, then the $50 million investment in IPv4 infrastructure would be worth between $300 and $500 billion every year! This is a million-fold return – again, every year.

Is Your Firewall Ready for Voice Over IPv6?
 

IPv6 Network Security Challenges
Developing and deploying IPv6-capable network security devices and services is one of the key challenges faced by network equipment manufacturers, network operators and ISPs worldwide.
Industry debate on IPv6 security is heating up: millions have been awarded for next-generation security research. Independent academic and commercial forums, industry standards bodies, large corporations and military organizations are all engaged in a full debate over emerging network security architectures, new firewall models and end-to-end encryption methods. Along with interoperability and reliability, security is regarded as the key prerequisite for long-term IPv6 adoption. The requirement to support hybrid (dual-stack) IPv4 and IPv6 environments introduces a whole new level of complexity, no longer making the Internet “simple.” Hundreds of millions of hosts and services worldwide run IPv4 and will continue to do so for a long time. And last but not least, it is no longer just data application traffic carried over the Internet: Voice over IP (VoIP) is here today, driven by a clear consumer demand for converged network services.
Facing this emerging complexity, what should a security appliance vendor, a service provider or a large corporation do today? The emerging IP networking world is faced with combinations of IPv4, IPv6, IPv4 and v6, data and voice, network attacks (DoS), and legacy issues such as network address translation (NAT) for IPv4, all in the one equation.

The Why and How of IPv6
 

Do you remember the operator-assisted phone systems now only alive in old black and white movies? An operator sitting behind a large board of plugs would literally connect you to your call. Imagine how cumbersome a system like that would be today, where the majority of people not only have access to a phone but also carry a cell phone. A system like this has definite limitations for the demands of today’s users (and probably did then), which is why it is no longer in use.
Eventually the current Internet technology, Internet Protocol version 4 (IPv4), will be as restricting to people, businesses and the implementation of new technologies as the old phone system would be in today’s work environment. As many of you know, IPv4 has limitations that will hinder developments in Voice over IP (VoIP), mobile applications and devices, and network centric war fighter communications for the military. Specifically, the limitations are the need for Network Address Translation (NAT) and the limitation on the number of available IP addresses. By transitioning a network to IPv6, these issues can be more easily addressed.
In this article we will take a look at what specifically is driving the transition to IPv6 and what you need to know about IPv6 to ensure a successful transition.

IPv6 - The Path to Secure Converged Networks
 

IPv6 has numerous improvements over IPv4. Future converged networks can also benefit from IPv6 technology - how can IPv6 pave the way for future secure converged networks? IPv6 is designed to allow converged networks. IPv6 also enables greater security to the medium and provide enhanced infrastructure for emerging peer-to-peer applications. It will enable the Internet to continue to grow, accommodating new addresses for users and destinations on the Internet that would otherwise be unavailable with IPv4.
Originally, IPv6 was created because the IPv4 address space was not large enough to support a global network with billions of uniquely addressed devices. While IPv6 has been around for over several years, it has seen limited deployment. This is because the address exhaustion problem has been ameliorated by the design and deployment of ad hoc solutions, e.g., network address translators (NATs). It should be noted that these solutions are often complex, hard to extend when new services are developed and can't support basic Internet functions such as end-to-end IP security (commonly called IPSec).
The explosion of Internet-capable wireless devices, such as cell phones, PDAs, etc. has brought IPv6 to the forefront. Notably, the 3GPP standard (R5) for next generation wireless devices mandates IPv6 support in the Internet Multimedia Subsystem (IM Subsystem) and the UMTS Terrestrial Remote Access Network (UTRAN). IPv6 was selected because it will allow every device to have its own unique IP address. In addition, IPv6 has auto-configuration, integrated security, flow labels for QoS support, mobility, simplified packet handling and improved multicast support.

Indicators for Development with IPv6: Where is IPv6 Going?
 

Major deployments of IPv6 and IPv6-based killer applications and predicted mobile phone or wireless technology breakthroughs are looming on the horizon. Deployments of IPv6 in Europe and particularly in Asia have grown. Many of these deployments are extensions of the early academic work on IPv6. IPv6 adoption has many expectations -- but what are the realities? What are the forces that are impeding adoption, and what are the indicators that signal its growth? Find out more – read this white paper written by Sue Hares, CTO and Co-founder of NextHop Technologies.