architecting next generation internet technologies l.
Skip this Video
Loading SlideShow in 5 Seconds..
Architecting Next-generation Internet Technologies PowerPoint Presentation
Download Presentation
Architecting Next-generation Internet Technologies

Loading in 2 Seconds...

play fullscreen
1 / 19
Download Presentation

Architecting Next-generation Internet Technologies - PowerPoint PPT Presentation

Download Presentation

Architecting Next-generation Internet Technologies

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Architecting Next-generation Internet Technologies Peter J. Tseronis, PMP Chair, Federal IPv6 Working Group Federal IT Summit | October 22, 2008

  2. A brief history and chronology… The Internet is a worldwide network of networks comprised of servers, routers, and backbone networks The basic function of the Internet is to transmit packets of information across interconnected networks via: Addressing Fragmentation of data The two primary protocols enable these packets to traverse the Internet: TCP and IP In February 2003, the President’s National Strategy to Secure Cyberspace commenced the government wide effort to address IPv6 In May 2005, the GAO-05-471 informed Congress on the state of the federal IPv6 landscape and recommended that OMB begin addressing key planning considerations for an IPv6 transition In August 2005, OMB released M-05-22 requiring to begin the transition to IPv6 on core network backbones In September 2008, NIST published A Profile for IPv6 in the U.S. Government – Version 1.0 to assist Federal agencies in formulating plans for the acquisition of IPv6 technologies

  3. Implicationsof not using IPv6… Despite the wide-scale deployment of Network Address Translation (NAT) at Federal agencies and within the United States, the worldwide consumption of the IPv4 address pool continues at an accelerating rate IPv4 address space is projected to run out in or before 2011 Moreover, the current community (IPv4) may not be able to talk to the future Internet community (IPv6) effectively, which could splinter the Internet Agencies may not be prepared for dramatic changes brought about by IPv6 in commercial and international markets

  4. Exponentially More Addresses… IPv4: 4,294,967,296 IPv6: 340,282,366,920,938,463,374,607,432,768,211,456

  5. Phase I was about… Culminating a 35-month initiative to begin migrating the federal government to the next generation Internet Integrating the next generation Internet protocol into core backbone network infrastructure Substantiating an enterprise architecture framework for IPv6 adoption Building momentum for Phase II

  6. IPv6 Market Trends… • IPv4 Address space depletion • Operating system releases with v6 “on” and “preferred” by default • Explosion of connected appliances • Earth population trend: 6B (now) to 9B (2050) • National IT strategies: • M 05-22 • E.U. Recommendations • China Next Generation Internet • E-Japan • Korea IT-839 Source: Arch Rock

  7. IT Predictions for 2008… • Web 2.0 evolution • Infrastructure optimization/modernization • Information Sharing/Collaboration • Distance Learning • IT Security • Wireless and Mobile communications • Virtualization • Green IT • Broad use of telework Sources: Government Insights, January 2008; INPUT Federal IT Market Forecast, 2008

  8. Phase II is about… Deploying secure, end-to-end, shared IPv6-enabled network services Implementing of the USG standards profile Developing of an open, public formal testing program for IPv6 technologies Producing a suite of artifacts via the Federal Enterprise Architecture PMO to guide to guide Federal IPv6 transitions Coordinating IPv6 initiatives with the IT infrastructure Line of Business (ITILOB) Utilizing the IT Infrastructure and Information Sharing Segment Architectures to define a “to-be” IPv6 environment Reinforcing how EA and Enterprise Transition Plans drive IPv6 Exhibit 300 development

  9. IP Security will evolve… • The AS-IS: • IP security relies heavily on perimeter devices (firewalls, routers, NAT) • Network-based security is the “modus operandi” • IP security security constantly “adding on” to meet requirements • The TO-BE: • Move towards an “end-to-end” security model via a policy-based trust domains: • a combination of host, application, and network-based security • Boundary devices will servea s gatekeepers screenifn for pokkciy breaches • Nodes will provide firewall, intrusion detection and virus capabilities • Security services can be applied at varying levels of the TCP/IP model • Reliance on a distributed security architecture/model to remove the burden of screening rules at a perimeter firewall • Leverage integrated security that v6 has to offer * Source:IPv6 Forum and Juniper Networks

  10. Things to think about… • Evaluating transition mechanisms • Architecting IPSec and IKE across your enterprise • Investigating Secure Neighbor Discovery (SEND) • Deploying DHCPv6 and DNSSEC • Designing scalable Addressing and Routing schemas • Replacing NAT functionality with v6 capabilities * Source:IPv6 Forum and Juniper Networks

  11. How to define the “to-be” v6 environment… Use the Enterprise Architecture Assessment Framework (v3.0) Enterprise architecture levels Enterprisecommon/shared assets; aligning resources; all stakeholders Segmentcore mission areas; structure, reuse, and alignment; business owners Solutionapplications/components; users and developers Performance Improvement Lifecycle Communities Strategic/Performance Improvement: “Strategize – Formulate – Execute” Information Technology: “Architect – Invest – Implement” Segment architecture maturity Segments are subset of the overall agency architecture Segment Types: Core Mission, Business Service, or Enterprise Service Serve as a conduit between strategic plans and enterprise investments

  12. IT Portfolio Alignment: Line-of-Sight ITServices Business Capabilities Investment Portfolio Strategies Objectives SolutionDeliveryOrganizations Mission/Goals Business View IT View

  13. High Level IPv6 Transition Strategy…

  14. During the transition…

  15. High Level IPv6 Transition Strategy…

  16. OMB IPv6 Assessment Criteria (draft)… Source: FEAF v3.0

  17. * Prepared in collaboration with ACT/IAC ET SIG

  18. Takeaways… • June 30, 2008 marks the end of Phase I • Utilize the USG profile to develop specific acquisition and deployment plans • Leverage Federal Enterprise Architecture and Capital Planning activities to deliver IPv6-enabled mission results • Design a hierarchical routing and addressing strategy based on your current and future IP-based service portfolio • Use network modeling and simulation tools to develop routing architectures • Craft an enterprise security plan to support an end-to-end, “holistic” service model versus an enclave approach • Securing IPv6 not only depends on the protocol but also on integration planning and implementation • Increase agency awareness, train staff, and recruit talent • The USG is a key catalyst in the globalization of IPv6

  19. Peter J. Tseronis, PMP Chair, Federal IPv6 Working Group FOR MORE INFO: Go To > Information Policy > IPv6