Its a two dimensional problem.

US Labs IPv6 Planning & Deployment StatusPhil DeMarOct. 4, 20121USG OMB IPv6 Mandates for 2012 & 2014Public-facing services to support IPv6 by Sept 30, 2012For US Dept of Energy (DOE), this means email, DNS, & web servicesPublic-facing interpreted as intended for the general publicInternal client systems to support IPv6 by Sept 30, 2014Essentially, this means all desktopsNo IPv6 transition mandate for all USG systemsMandate targeted at public services & clients using public servicesScientific computing systems are not within scopeMandate lacks enforcement elementNIST dashboard measures agency complianceBut nothing happens to the non-compliant2US DOE IPv6 Transition PlanningDOE has transition team coordinating IPv6 milestone compliance across the DepartmentSize of DOE dictates a decentralized approach

DOE National Labs are not part of DOE IPv6 transition planning scope:Labs arent bound to OMB mandatesPer current interpretationBut are encouraged to support IPv6, consistent with mission requirements & resourcesDOE participates in Federal (USG) IPv6 Task ForceA post-9/30/2012 progress report is expectedNot clear if current interpretation of OMB mandate might changeDOE Transition TF recent report (9/30/12) 4

Deployment of IPv6 at LabsLabs are implementing IPv6 independently:Availability of effort is largest issue holding up progressSeveral Labs have stopped/paused IPv6 deployment entirelyMost are moving forward, at least with the OMB 2012 milestones

So far, there have been no reported requirements or requests from experiments or collaborations for IPv65Recent Lab Survey on 2012 IPv6 Milestone Status:8 sites say theyll meet OMB milestones by end of yearOther extreme: 3 are not putting effort into IPv6 nowDNS status slightly deceiving:A number are ESnet-supported secondary servers

6

IPv6 Status Monitoring DashboardsNIST runs official Fed. Deployment IPv6 dashboard:If youre not green, youre redMost, but not all Labs in the .gov domain are listedhttp://fedv6-deployment.antd.nist.gov/cgi-bin/generate-govESnet now has a site IPv6 deployment dashboardGreen or gray, no redESnet-only IPv6 DNS support is light greenhttp://my.es.net/sites/ipv67Likeliest Next IPv6 Steps for LabsStart focusing on internal IPv6 client deployment issuesLab directions driven more by site self-interest than OMB directiveMost sites classified their client IPv6 planning as investigating impactLikeliest ESCC course of action will be to target specific common IPv6 technology areas:Auto-configuration & neighbor discovery Tunneling capabilities & controlsDual stack (IPv4/IPv6) issuesUnique Local Addresses (ULAs)Managing & maintaining control over IPv6 likely to be strongest motivation8US Tier-1 IPv6 Deployment Status(FNAL & BNL)9FNAL IPv6 Deployment StatusCurrently IPv6 deployment: DNS & Email support IPv6; central web will in ~2 weeksUsing Infoblox for IPAMSmall test bed with wide area connectivityFermiCloud cluster attached to IPv6 test bedProvision for rolling development systems into test bedSeparate address space (PA)Internal IPv6 work group to develop structured IPv6 plansIncludes networking, security, system & application supportAddressing & routing plans drafted & vettedNext steps in IPv6 deployment:Use Computing Div. LAN as development environment for IPv6 client system support10

11IPv6 inFNALCoreNetworkCentral Services(web, email)Computer Security subnetsComputingDiv LAN(slaac)IPv6Test BedBackupBorder Router

12FNALBNL IPv6 Deployment StatusExpect to satisfy OMB 2012 milestones by end of year: COTS IPAM solution in process of being implemented to provide DNS IPv6 capabilityExternal interfaces of Ironports hosting mail daemons IPv6-capablePublic web servers migrated behind squid proxies w/IPv6 capable external interfaceWorking group established to address OMB 2014 requirements for IPv6 compatibility of internal clients/appsUnder umbrella of BNL Cyber Security Advisory Council 13Questions?14