DOE /ESnet-related
IPv6 Activities
Phil DeMar
[email protected]
HEPix IPv6 Workshop (CERN)
Sept. 6, 2011
1
Outline

US Federal Government IPv6 Directions

DOE/ESnet IPv6 Efforts

Current US National Labs Status & Expectations

Technical Issues & Problem Areas

FNAL IPv6 Efforts
2
US Federal Government IPv6 “Mandate”

External/public-facing servers & services to support native
IPv6 by end of FY2012



Internal client systems that access external public Internet
servers must support native IPv6 by end of FY2014


Essentially, this means all of a site’s desktops
Not an IPv6 transition mandate for all USG systems


For US Dept of Energy, this means e-mail, DNS, & web services
“Public-facing” interpreted as intended for the general public
Scientific computing systems are not within scope
“Mandate” lacks enforcement element

But National Institute of Standards & Technology (NIST) will
monitor for compliance
3
Implications of US Government IPv6 Mandate

Encourages a top-down approach to site IPv6 support:




US universities tend to use a bottom-up approach




Develop site-wide plan
Engage all the major elements of the local IT organization
Tends to lengthen out the deployment process
They are not subject to the US Govt’s IPv6 mandate
Can use a “build it and they will come…” philosophy with IPv6
Probably yields faster IPv6 infrastructure deployment
For the US Labs:


2012 mandates should be achievable with modest effort
•
Scope is very limited
2014 mandates will be much more difficult to achieve
•
Campus-wide scope…
4
Fallout from US Government IPv6 Directive:
Task Forces at Many Levels

Federal IPv6 Task Force drafted original mandate specs.


Dept of Energy (DOE) IPv6 Transition Task Force:




Defined scope of DOE’s IPv6 transition
National Labs involved early & heavily
Much of DOE response to the mandate came from Labs
ESnet Site Coordinators Committee task force(s)




Actually, it’s a reasonable roadmap for IPv6 deployment…
ESCC = Interlab coordination group
Focus on IPv6 planning & deployment checklists
Forum(s) for sharing lessons learned
Most Labs have created internal IPv6 work group(s)

Site-level planning…
DOE IPv6 Task Force

Defined DOE IPv6 2012 objectives:




The Labs place in DOE IPv6 plans is ‘fuzzy’




Included in the scope of the overall plan
Not included in DOE response on their IPv6 plans
But expected to ~meet OMB deadlines & contribute IPv6 knowledge
Working groups setup to deal with aspects of IPv6 support:





“Public-facing interfaces” defined as intended for the general public
IPv6 services limited explicitly to web, e-mail, & DNS
Left 2014 planning scope for later
IPv6 IT Management
IPv6 Technology
IPv6 Cyber Security
IPv6 Outreach
Not much activity over past 3-4 months…
ESnet Site Coordinators Committee (ESCC)
IPv6 Activities

Focus is on acting as an IPv6 technical forum for Labs


Collective wisdom on IPv6 deployment guidance
Lessons-learned environment to share knowledge
Three task forces set up:
1. IPv6 Planning Process TF



Who needs to be engaged at sites
High-level roadmap to get there
2. IPv6 Technical Implementation Checklist TF
 Identify basic network-level issues w/ recommendations
3. IPv6 Implications for Security Infrastructure TF
 Identify spectrum of security tool issues & problems
 A separate interLab security group is addressing this…
7
Preliminary Site IPv6 Planning Checklist


Objective: Develop structured checklist as a planning
template
Basic structure:




Ordered set of steps to follow in planning
Drafted from a 2012 deliverables perspective
Guidance and/or recommendations on each step
Status:



Document is largely (90%+) completed
Management buy-in and budgeting effort identified as keys
Strategic decision highlighted as needing to be addressed:
 Provider-Assigned vs Provider-Independent address space
 Support or non-support of Stateless Auto-configuration
8
Site IPv6 planning checklist

Establish initial IPv6 impact assessment group

Scope spectrum of site effort w/ cost guesstimate

Management buy-in process

Key technical decisions of a strategic nature

Test / development environment

Draft target (2012) deployment

Lay out roadmap(s) to achieve target deployment

Implementation planning guidance

Documentation & training
9
Site IPv6 Technical Implementation Checklist

Strategy: Organize IPv6 implementation guidance &
recommendations into distinct “modules”:



A structure for developing tutorials & checklists
Allows a tighter focus on target audience
Status:


Progress on technical implementation checklist – not so good…
 Scope appears too broad for a single coherent document
 Effort also difficult to come by
Addressing & routing module tutorials completed by Mike Sinatra
 Now working on 2012 IPv6 deliverables tutorial…
10
Future IPv6 Technical Implementation Efforts

Reduce scale of technical implementation checklist
document

More effort into developing a technical forum for
knowledge-sharing & lessons learned

Target specific critical technical issues:





Developing an appropriate address allocation model:
 SURFnet document is the reference point
SLACC/Neighbor Discovery
Unique local addresses (ULAs)
 Current guidance: use them only if you have to…
Dual-stack host considerations
others….
11
Status of US Labs IPv6 support:

Connectivity:



Planning:



11 out of 14 Labs have IPv6 WAN connectivity in place
Most limit internal IPv6 support to test/evaluation or other tightly
controlled LAN segments
10 out of 14 have structured planning under way
Some have explicitly budgeted effort in FY12; others roll into
general network support effort
Scope of planning effort:

All sites with structured effort have engaged broad spectrum of
local IT organization
12
Status of US Labs IPv6 services deployment

July 2011 survey on site OMB 2012 deliverables:

Previous survey (2/1/2011): no reported IPv6 services
:Looking Toward 2014:

2014 milestone planning:



~50% of the US Labs are focused exclusively on 2012
deliverables at this point
~50% are looking into the implications of the 2014 deliverables,
but not directly planning for them now
No sites are actively planning toward the 2014 deliverables right
now
14
FNAL IPv6 Deployment Efforts

Currently: small test bed with wide area connectivity:


Internal IPv6 work group developing structured IPv6 plan



Includes load-balancer, firewall, & IPAM system
Also capability to move production systems into test environment
2012 target deployment identified:


Includes networking, security, system & application support
Full IPv6 test & evaluation network by 10/31


www.fnlsix.net
Working on project plan steps to get there
Early IPv6 support will include:


Computing Division staff LAN
FermiCloud
15
16
17
Questions
18