6sense - Generating New Possibilities in the New Internet.
M A Y  2 0 0 4
Volume 1 Number 2

North American IPv6 Summit 2004 June 14-17, Santa Monica, CA
$299 Earlybird Ends May 21. Register Now


Introduction
by Alex Lightman, Publisher

With 28 days to go before the IPv6 Summit 2004 begins at the Loews Hotel, Santa Monica, California, we are pleased to present the second issue of 6Sense, the first US newsletter dedicated to the rapidly growing and usually brilliant IPv6 community. This issue includes the sort of articles that network historians will be reading for centuries, to get a snapshot of how the protocol that ended up connecting trillions of people, places, and things escaped from the laboratories and testbeds to reach commercial status (something only one its five siblings, IPv4, was capable enough to do over the last four decades, and IPv4 changed history).

You can get a glimpse of this R & D to R W (Real World) transition from the articles by Eric Frost, Bob Welty, and Larry Smarr (a man consistently ahead of the curve - Smarr was running NCSA when it created the Apache web server, and Mosaic, the first web browser, as well as originating use of supercomputers for modeling weather for movies, of the sort in releases of The Day After Tomorrow and Twister. He knows a world changing technology when he sees it). As you will sense from the articles by, Yurie Rich, and myself, many of us are champing at the bit for power people to "get it" and wield their power to transition to IPv6. Also in this issue are insights from superpowers of technology like Intel and NTT, and surprising insights into firewalls from Agilent. These companies, along with Cisco and Hewlett-Packard, are the titans of IPv6 deployment.

IPv6 has the fresh ocean air smell of wide open space, inspiring us to travel widely and forge new destinies. We hope you are inspired to pursue IPv6 initiatives and to join us in Santa Monica at the IPv6 Summit. Visit usipv6.com for details and write me at alex@usipv6.com if you have any comments or have an IPv6 article to submit. Click to Unsubscribe if you prefer not to get the next 6Sense newsletter.


New Internet, New Science; Cyberinfrastructure at Cal-(IT)²
Larry Smarr, Cal-(IT)²

The California Institute for Telecommunications and Information Technology [Cal-(IT)²] and its partners at the National Center for Microscopy and Imaging Research (NCMIR), San Diego Supercomputer Center (SDSC), and the California Research and Education Network (CENIC) have been early adopters of IPv6 in optical networks to support e-Science applications. Although it is still early in this transition, many of the networks on which our applications will be run are already IPv6 capable. In this short note, I will review some of the progress in both the networks and a major international-scale biomedical application. This and other Cal-(IT)² experiments with IPv6 will be reviewed in my talk at the upcoming North American IPv6 Summit in Santa Monica in June 2004.

Cal-(IT)² (www.calit2.net) is a partnership between UC San Diego and UC Irvine. In addition, we have close working relationships with USC Information Sciences Institute (ISI) and San Diego State University (SDSU)'s Center for Information Technology and Infrastructure (CITI). For advanced connectivity, these research universities rely on CENIC's High Performance Research and Education Network (CalREN/HPR) to provide leading-edge services for our large-e-Science application users. CalREN/HPR has been supporting native IPv6 as a part of its base service since the implementation of this leading edge 10Gbps Ethernet network. The recent Internet2 IPv6 Land Speed Record1 awarded to CalTech2 is an example of the type of performance that this CENIC network, in combination with other networks around the world, is able to achieve using combinations of IPv4 and IPv6.

SDSC [www.sdsc.edu] is a National Science Foundation (NSF) funded high performance supercomputer center, providing data-intensive e-Science services to the national university community and to Cal-(IT)² experiments. SDSC has been deploying and working with IPv6 networks since the beginning of 1999. Working with early IPv6 adoptees such as ESnet, 6REN, the VBNS, Japan's WIDE project, KDDI Labs, and Osaka University in Japan, SDSC has been natively routing IPv6 via ATM, POS, Ethernet and FDDI circuits for over 5 years. During this time they have transitioned from early software-based routing systems [running on CISCO 7200 series hardware] to KAME-based v6 routers on PC hardware to multi 10-gigabit line rate hardware based IPv6 routing on their JUNIPER Networks T640, M40 and T320 platforms. SDSC's internal network switching fabric is IPv6 capable throughout the entire center. In addition, SDSC has won the Bandwidth Challenge contest at the annual national Supercomputing XY conference twice for its use of high bandwidth IPv6 applications.

As one of the lead institutions in the National Science Foundation's TeraGrid project, a multi-site distributed computational cluster, SDSC was instrumental in making sure that IPv6 was a requirement in the hardware routing and switching of the TeraGrid backplane which is based on 4 OC192c (four 10Gigabit/s) cross-country circuits. Although the current TeraGrid compute system does not yet utilize IPv6, the entire optical backbone of TeraGrid supports IPv6 and has had it utilized to support international telemicroscopy projects, described next.

UCSD's NCMIR [ncmir.ucsd.edu], directed by Professor Mark Ellisman, is one of the innovative biomedical research centers associated with Cal-(IT)². It is funded by the National Center for Research Resources (NCRR) of National Institutes of Health (NIH). The IPv6 application development at NCMIR is focused on delivering solutions for high-quality, low-latency video feedback of remote microscopes, particularly high-speed laser scanning and electron microscopes. Such human-in-the-loop networked middleware is useful in supporting remote instrumentation control, training, collaboration, and data acquisition monitoring for long experiments on unique instrumentation. NCMIR has been using high speed IPv6 networks for years and is now building on this work to take advantage of the extended capabilities of IPv6 networks.

In the case of the laser scanning microscope, the data is acquired from the instrument as a digital stream, so we do not have to include the analog to digital transformation. Taking advantage of this, NCMIR created a client-server architecture for sending and receiving data in uncompressed digital format over IPv6 networks at 400mbit/s. This architecture has been accomplished on Windows systems as a result of a successful collaboration with Microsoft Research.

In the case of the electron microscope, useful data consists of slight changes in gradients in a high-noise, low-contrast environment. Finding regions of interest is difficult at the terminal of the microscope and almost impossible using standard low resolution video streams. To address this challenge, NCMIR has been working with standards in high-quality streaming video to deliver video from the microscope in real-time. The initial experiments used DV (digital video) streaming over IPv6 using a software application to encode and decode the analog video streams.

Such networked systems were also demonstrated during the 2002 and 2003 Supercomputing conferences. During these demonstrations team members from the NCMIR actively controlled two different electron microscopes on opposite sides of the world, in the US and Osaka Japan, with visual feedback streaming to the booth in both HDTV and Digital Video. For the SC2003 Bandwidth Challenge, NCMIR staff also demonstrated a feature of the Telescience Portal that streamed data from five different countries to an advanced visualization kiosk in the SDSC booth traversing networks such as the Teragrid (described above), utilizing more than a gigabit per second in IPv6 bandwidth. Four of these countries are members of the Pacific Rim Applications and Grid Middleware Assembly (PRAGMA), an SDSC and Cal-(IT)² partner, as well as a sponsor of IPv6 workshops.

Most recently, NCMIR, collaborating with KDDI R&D Labs researchers in Palo Alto, CA and Toyko, Japan, has shown that the latest generation lossless JPEG2000 compression hardware HDTV codec, the DHS-2000D and MR2000 network adapter, is fast enough to encode a video signal in Osaka Japan, transfer over a network to San Diego, California and then decode the signal in less than a second. This capability was demonstrated at the January 2004 OptIPuter [www.optiputer.net] All Hands Meeting, with KDDI using approximately 300mbit/s for data transfer. This low response-time is critical for international remote instrumentation control.

Detailed experiments like this with full-scale networked systems, combining instruments, computing, storage, visualization, and software, are examples of what is emerging across all disciplines of e-Science. In the US this is termed "cyberinfrastructure" and in the EU it is called "eInfrastructure." IPv6 should be introduced now in all such experiments so that the much more capable networks will allow end users to attack much more complex e-Science frontier challenges.

Larry Smarr
lsmarr@ucsd.edu
Harry E. Gruber Professor, Department of Computer Science and Engineering, UCSD
Director, California Institute for Telecommunications and Information Technology

MORE INFO:
Native IPv6 International Network Diagram:
Picture (80K)
PowerPoint (400K)


IPv6 as a Tool in Homeland Security and First Responder Assistance
Eric Frost and Bob Welty
Co-Directors, Center for Information Technology and Infrastructure (CITI)
San Diego State University, San Diego, CA

SDSU is working to test and deploy several specific uses of IPv6 as an enabling technology in Homeland Security as part of our Center for Information Technology and Infrastructure (CITI).  Our basic theme is to combine real-time sensor information with the needs of first responders and decision makers to quickly find, evaluate and interrelate complex data sets in a geospatial format.  For example, Public Safety officers on the SDSU campus respond to calls for hazardous materials, fires, infrastructure failures, traditional crime, and public disturbance.  A normal response of such officers is to use radios and the officer’s knowledge of where “everything” is and how it can be accessed in simple or complex emergencies. The traditional link to the officer is a Motorola radio providing a voice connection to a dispatcher, who then links to other information or people resources, also usually by phone or radio.  For most events, this system works, though it puts major pressure on the officer and their ability to think clearly in difficult situations and obtain assistance via voice or physical backup.  Particularly when responding officers (as from off-campus police agencies) are not familiar with the complex geometries and locations of buildings and facilities, they are greatly at risk in walking into unknown environments or by trying to make complex response decisions on the basis of little information.  This situation is greatly worsened at night, in smoke-filled environments, during power outages, or during other emergencies.
 
On behalf of such first responders, we are evaluating the power of IPv6 as a means of integrating sensors, imagery, Location Based Service information, and GPS for querying databases.  In essence we are building an imaginary link between real spaces of one square meter and an IPv6-enabled database system to link bins of information to specific IPv6 “Latitude and Longitude.”  Because IPv6 can provide IP addresses to trillions of sensors, all of the sensor data from the university can be put together into IP systems as a simple way of organizing and retrieving information.  If an IP address equals a specific sensor (camera, steam pressure, fire alarm, seismic motion detector, chemical gas detectors, etc.), then the sensors can be automatically mined for information to trigger alerts in an IP environment---enabling the sensors to communicate with each other when needed and with a server that is aggregating the information to produce an actionable situation awareness and a major tool within a decision support system. 
 
By linking this sensor information to their geospatial location, this real-time information can provide extremely useful and site-specific information to responders and students alike.  An IPv6 “Latitude and Longitude” can be provided to the sensor and to all other information by dividing the campus region up into a grid of 1 square meter IP address.  Each square meter can be given an IPv6 address, as originally suggested by Alex Lightman in his 4GEO system (a component of 4th Generation wireless technologies).  An officer with a GPS device, such as a small Bluetooth device on their belt, can literally walk through the database, retrieving appropriate data for each IPv6 bin or combinations of bins as they traverse the grid.  Almost like a person walking across a digitizing table, the ability to assign an IP address for each square meter allows data associated with IP addresses, such as pixels from an air photo or satellite data, can be quickly retrieved and related to each other.
 
IPv6-enabled location connected with sensor data connected to a wireless bubble (like Qualcomm 1xEVDO deployed in San Diego) makes a power query tool.  A first responder can obtain data specific to their exact location, sorted by location and IP address, and delivered via servers running applications such as ESRI ArcGIS and ArcIMS.  Server data can be sensors, demographics, steam pipes, communications infrastructure, chemical or biological components, potential hazard distances and concerns, or even marketing and aroma areas for fast food outlets.  Work with campus first responders duplicates work with community first responders and Homeland Security experts, thus providing a teaching laboratory.  IPv6 may provide a powerful tool for automatically converting data to knowledge and providing rapid geospatial capabilities for humans to then convert this knowledge to higher-level decisions and response actions.


IPv6, Internet Leadership, and The Economic Olympics
by Alex Lightman

While the eyes of billions of people will be focused on the Athens (athletics) Olympics, a few tens of thousand others will be focusing on a different kind of Olympics, an economic Olympics, to see where the thundering herd of $25 to $50 trillion in liquid capital will be parked. Inflation is starting to rear its head after being scarce in Western economies for two decades, and interest rates are going to rise. 2004 is when a number of critical inflections will happen globally, and a key determinant of where the funds will go will be determined by how the top few tens of thousands of financial decision makers judge not only the wealth of nations but also the competence of governments. There are 260 countries, so in part they are looking at which governments seem as though they are going to be best able to adapt to new circumstances.

Business people look at ROI – Return On Investment – in comparing and contrasting potential investments, past, present, and future. Governments don’t use ROI nearly as much, but typically their militaries get the lion’s share of resources, and have the highest demands. Militaries use MEF – Mission Effectiveness Factors – to compare projects and to judge whether they succeeded or not. Part of the problem with America’s experience with Iraq is that no one has sought to find a Mission Effectiveness Factor that can judge the impact of the US on a week to week basis objectively. Perhaps America would get more credit if the value of the Iraqi dinar relative to the US dollar were a key MEF. The dinar fell from 3 to the US dollar to thousands to the dollar over the course of conflicts, but since the US occupation/reconstruction got underway the dinar has stabilized at around 1400.

Is there an MEF by which one can judge government competence, and thus have a Distant Early Warning system for governments that are ahead of the pack, with the pack, and falling behind? I think that the future will indicate that federal government mandates for transition to IPv6 are the single best proxy for government competence. Economically, the Internet has been the single most important technology in recent history, with estimates that during the '90s the Internet accounted for about 1/3rd to 1/2 of economic growth. Given that IPv6 will very likely result in improvements in mobility, security, and ad hoc networking over IPv4, it’s also very likely that IPv6 will result in accelerated economic growth, increases in stock values of key companies, and improve the ability of governments to deliver services.

At this moment, Japan is the top country in government competence, judged by IPv6 mandates. Both former Prime Minister Mori and current Prime Minister Koizumi of Japan have emphasized the importance of mandating IPv6 in speeches, as keystone of achieving its objective to be the #1 IT nation. I’ve seen more PowerPoints about the Japanese government’s focus on leading in IT outside of Japan than I have any other governments. (Google “Japan IPv6” or “TAKAHARA Kozo” to see the presentations, and let me know if any other government’s compares.)

Korea is close behind in its IPv6 focus, in part because it has cooperation agreements with Japan, but primarily because Korea’s government has exhibited tremendous vision and competence, including the early adoption of CDMA while hundreds of other governments, lemming-like, moved to TDMA (GSM). CDMA is the basis for 3G, and Korea uses, produces and exports more 3G phones per capita than any other country. Korea also has the highest per capita penetration of broadband, Wi-Fi hotspots, and online games.  Japan and Korea head up the first tier of IPv6-competent governments, the Class A group.

The Department of Defense has mandated transition to IPv6 by 2008, and is working hard to assist other US government agencies with their own IPv6 transition, primarily Dept. of Commerce, Dept. of Homeland Security, and the security parts of the Dept. of Transportation. At this point the US federal government would be well-served to mandate IPv6 for the entire government: and such an announcement would galvanize the business community and the media, allowing the US potentially to catch up with Japan and Korea. The early bird gets the billions: Qualcomm’s 70 year old founder CEO Irwin Jacobs announced that the CDMA pioneer’s profits were up 46%, as QCOM’s market cap was $53 billion. Think of that: a technology whose rough draft first patented (spread spectrum) by the first woman to appear totally nude in a movie (Hedy Lamar) inspired by piano playing in 1947 is updated for the same improvements as IPv6 is – security, mobility, and ad hoc networking – earlier in San Diego, and BOOM there are hundreds of companies that now trace their lineage (founders were employees at related companies) to Irwin Jacobs’ companies. Being a protocol pioneer is richly rewarded on this world.

As it is, US adoption of IPv6 is roughly matched by Spain, Sweden, Finland, Belgium, Switzerland, Austria, Taiwan, and Singapore. Australia is close to this second tier or Class B group, but suffers from outspoken IPv6 detractors. The European Union, through its $100 billion R & D arm, the European Commission, has tried to mandate IPv6, but doesn’t have the power to compel that national government organs do, but the EC’s efforts are a key reason that Europe is still in the technology game at all, given the fierce competition with the US and East Asia in Internet-related products and services.In the third tier are India, Canada, Germany, and the UK – about a year or so behind the second tier. Malaysia and Singapore are close followers, with governments that are in a great position to mandate IPv6 as a support for their national champions.

China puts on a good show about IPv6, but has limited institutional capacity, R & D, and software design capabilities. National router champ Huawei is a shameless copier of US technology rather than a pioneer, and shutting down 8,700 Internet cafes isn’t the sort of action of a government serious about leading in the Internet takes. China has three big assets: 1. CNGI (China Next Gen Internet initiative, a $170 million project that is intended to advance IPv6), 2. An alliance with Japan and Korea, which will probably enable China to save hundreds of millions in R & D, and 3. the biggest mobile phone market (25% of the world’s 1.3 billion mobile users), who can be switched into a 500 million mobile Internet smart mob by 2006. This is a huge market, and only the top mobile IPv6 companies will have a shot at this business.
 
There is surprisingly little effort on the part of other governments outside of the first three tiers and China. Sometimes even one visionary leader can create an Internet oasis. Sheikh Maktoum bin Rashid Al Maktoum, UAE Prime Minister and Ruler of Dubai, has a personal interest in IPv6, and even provided $250K to organize an IPv6 conference there 26-28 February 2001. Dubai has been running IPv6 since 2001.

Governments should mandate IPv6 if they plan to compete with the leading economies of the world. While proclaiming that “IPv6 will end the digital divide” is politically correct and is pleasing to transnational government agencies, national governments need to look out for their own interests first. Perhaps there will be an athlete in Athens who has the potential to win his or her event who will slow down so that instead of winning, all the competitors can have a tie. Perhaps the Olympic Gold medal can be divided into multiple pieces, and we can give equal media attention to many co-winners. No one should bet on this, though, and investors would be equally foolish to bet on equal visionary leadership in the next generation Internet from many governments. Three will win the world, just like in an Olympics, and the rest will pay them homage. The winners in IPv6 find themselves invited to lead in other trillion dollar markets – 4G wireless broadband, digital media distribution including education, consumer electronics, television/radio content, ecommerce and online security, and medical monitoring, among others.

In the real world, the winners in technology adoption get to add jobs instead of outsourcing them. They improve their productivity, increase their stock wealth, and reduce inflation. People around the world should envy Japanese and Koreans for having governments that focus on Internet leadership. Personally, I want the US to be the Internet leader. The key step is for the federal government to resume its historically successful role as FBC (First Big Customer) for IPv6, starting with mandating IPv6 for all federal agencies, and then encourage states and cities to do the same, using hundreds of billions in transfer payments to offer incentives. For every White House speech that mentions outsourcing or job creation or broadband, two speeches should mention that the US needs to lead in IPv6 implementation, because the issues are as related as DNA strands. This federal mandate is essential to stay in contention for the Gold medal in the Economic Olympics.

If the US doesn’t want to lead, there are a few hundred other countries that would be happy to extend their lead, or to catch up. Mandating IPv6 is the single best way for the US, and any government, to signal that it can see beyond the day to day drama and improve the ultimate infrastructure that enables everyone to be ever more productive and connected.


Intel IPv6 Position
The Next Generation Internet Protocol

Authors: Dylan Larson, Chris Lord, Kris Fleming, Scott Hahn, Hani Elgebaly
(Version 1, February 3, 2003)

Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice.
Copyright © Intel Corporation 2003 * Other names and brands may be claimed as the property of others.

The Next Generation Internet Protocol
Intel views IPv6 as a key technology enabler for continued worldwide Internet growth and innovation. Internet Protocol version 6, or IPv6 is the next-generation Internet Protocol (IP) that defines the way network devices and users will communicate in the future. The IPv6 protocol is being defined in the Internet Engineering Task Force (IETF) to dramatically improve Internet scalability while adding additional enhancements to network security and mobility. IPv6 dramatically increases the number of IP addresses available to identify trillions of network devices.

The promise of IPv6’s ample IP address space is crucial to satisfying the high-growth demands of emerging markets around the world. IPv6 address space also promises a return to Internet transparency by promising a universal addressing scheme that will allow packets to flow from source to destination essentially unaltered. Intel is excited about the opportunities for new applications and new computing uses that IPv6 will enable as it restores true end-to-end transparency on the Internet. Intel is working to establish IPv6 support across each of the core building block architectures.

As industry convergence of computing and communications progresses, the need for globally scalable architecture has become an imperative. Although a majority of the Internet infrastructure today exists in North America, key growth areas for computing are increasingly outside of that region. Unfortunately, much of the global user growth is at risk given shortages of a worldwide IP address supply. In addition to the dramatic growth in emerging geographies, the Internet is also beginning to converge with wireless communications. The cellular industry has experienced continued rapid growth for wireless communications and is moving to high-speed wireless data with next-generation wireless technology such as 2.5G and 3G. These next-generation wireless technologies also bring with them a significant demand for IP that will fuel growth and address requirements. IPv6 is key to supporting the rapid global growth of the Internet infrastructure, services, and users.

To drive the adoption of IPv6, Intel is pursuing expanded research and collaboration opportunities in geographies where IP addresses are highly constrained. The return of end-to-end transparency on the Internet will create many new uses and opportunities for Intel building blocks. The current reliance on Network Address Translator (NAT) technology, to extend the limited IP address supply, has created a fracturing of the end-to-end model upon which the Internet was founded. This break in end-to-end transparency is hindering the development of many new interesting applications on the Internet. New uses for the PC such as peer-to-peer applications and rich multimedia communications have yet to come into mainstream use largely because of the costly workarounds and limitations imposed by NATs. These applications will bring new computing uses and an improved user experience. Intel is actively developing high-performance IPv6 solutions and is driving emerging standards in the IETF to realize the IPv6 Internet. Intel is driving IPv6 in mobile communications, in the home and in the enterprise.

IPv6 Technology for Wireless Mobility
Intel has a vision of always on, always connected, anywhere communication. Intel believes that Mobile IPv6 is a key technology in enabling this vision. Intel is focused on providing communication technologies for our mobile client platforms (notebooks, handhelds, phones, etc.) that will allow the user of our mobile clients to be continuously connected and constantly reachable. These communication technologies will provide authenticated and secure voice and data network access that is always available anywhere and continues to operate as the user moves from place to place and from one network to another.

To enable this vision, our mobile clients must have the ability to use multiple communication networking technologies and seamlessly roam between these technologies, which include both wired and wireless networks such as LANs, WLANs, WPANs, and WWANs. Our vision supports and encourages the deployment of 802.11 wireless hotspots and 2.5/3G cellular networks. This creates a large number of mobile clients that are now connected to the Internet, and with IPv6 abundant addressing, all of the mobile clients can have their own IP address. Mobile IPv6 allows for end-to-end network connectivity to be maintained as the mobile client roams within and between these different networking technologies. Enterprise mobility, access from wireless hotspots and 2.5/3G mobility are the focus of Intel’s research and standardization efforts for MobileIPv6 in order to help ensure that all mobile clients are secure and easy to use.

IPv6 in the Home
In the last decade the technology industry has produced tremendous advancements in computer platforms, Consumer Electronics (CE) and communication networks creating a myriad of novel and inexpensive consumer devices and services. The interplay of these innovations is often mutually beneficial. For example, the Personal Computer (PC) platform propelled the rapid adoption of the Internet, and the ensuing demand for bandwidth has led to proliferation of broadband access and home networking solutions. In the CE industry, new generations of intelligent network connected devices are emerging. These technological advancements are paving the way for significant enhancements to the user’s inter-connected experience by enabling high-speed Internet services and rich multimedia content delivery and applications into the home.

The home network of tomorrow will provide greater speed and security, and wireless technology will make it nearly effortless to add new devices in the home. The connected PC, CE and mobile devices will continue to get plugged into the Internet to access rich and timely content. Conversely, as the home becomes ‘always connected’, rich content from PC and CE devices on the home network will in turn become sources of rich content. This will create new network resource requirements, such as the ability to address these home content source devices from outside the home, transparently to applications, securely, and easily by name. End users will demand that these components fully and transparently interoperate - particularly regarding security, privacy and ease-of-use. Device manufacturers and equipment suppliers can make home networking easier by taking advantage of IPv6 address auto-configuration. Residential Gateways (RG) play a significant role in making a smooth transition to IPv6. Residential Gateways should provide support for IPv6 addressing, 6-to-4 tunneling and firewall configuration. Early deployment of IPv6-enabled devices and RGs will accelerate the realization of the goal of end-to-end transparent internetworking.

IPv6 in the Enterprise
As corporations continue to expand their presence around the world and add new services such as wireless LAN and voice over IP, they will need an ever-increasing number of IP addresses. As IPv4 addresses become scarcer, enterprises will increasingly turn to IPv6 as a solution. During this transition in the enterprise, both IPv6 and IPv4 will coexist for some time. As a result, the enterprise will need the tools and equipment to maintain their IPv4 networks and services while adding IPv6 capabilities. Intel is working to develop solutions that will allow the enterprise to add IPv6 to their networks without affecting performance or functionality of their currently installed IPv4 networks.

Summary
IPv6 will bring dramatic scalability and improvements to the Internet enabling the mobility, rich content in the home and global reach for the enterprise. As IPv6 gains momentum, Intel will continue to drive the standards and technology for IPv6 across its product lines. With IPv6, Intel and fellow travelers bring new value to the end-user experience while ensuring a broad equitable growth of the Internet around the world.


Drivers for IPv6 Acceptance
by Cody Christman of Verio, an NTT Communications Company

There is a lot of talk in the industry about IPv4 address depletion and the inevitable fact that some day we will all be required to migrate to IPv6. Although viewed by many as fact, this talk also raises some concerns that the v4 address crisis is overstated and often used as a scare tactic. It is Verio’s belief that other benefits of IPv6 will actually drive acceptance before migration becomes a necessity due to address space depletion. For example, IPv6's promise for point-to-point networking, security, Quality of Service (QoS) and mobile IP will enable the applications expected to drive consumer demand. IPv6 will allow consumers to do more with the Internet - whether or not they even know they are using it.

The US has done an excellent job of leading the world in many areas of technology, but IPv6 development is one area where the U.S. has been lagging. The vision of IPv6 as a protocol that offers more than additional address space is going strong in Asia and Europe. The list of Asia-Pacific vendors building products today that support IPv6 is impressive, and new chips like Fujitsu's MB91401 open the door for almost anyone to securely network-enable almost any device. There are increasingly more compelling reasons for more US companies to embrace and promote this technology.

Looking back 20 years, security precautions were overlooked in the development of IPv4, and have continued to be a challenge for application developers since then: IPsec was an afterthought, and Network Address Translation (NAT) – which has been widely deployed to solve the address depletion problem and for perceived security benefits – makes true end-to-end, secure applications extremely difficult to deploy. The integration of secure point-to-point networking is one area that today holds great promise for the IPv6 “killer app”, and is expected to help drive wide spread consumer adoption. IPv6 solves the IPsec and NAT dilemmas. IPsec is designed into the v6 protocol, making support mandated. Additionally, NAT does not present this problem. Every IPv6 node will have a globally routeable unicast address. IPv6 opens up a new networking paradigm currently not on the radar screen in the v4 world.

At the June 2004 North American IPv6 Summit in Santa Monica, Verio and NTT Communications will demonstrate a new technology that is in development called m2m-x - or machine-to-machine, anything, anyplace, anytime. This technology enables easy and secure point-to-point communication between appliances and/or computers using IPv6. For example, a traveling executive could securely view images from and control an IPv6-enabled security camera located at home, or commerce partners could conduct a secure video conference meeting over the Internet.

The m2m-x technology is based on extended Session Initiation Protocol (SIP) and IPsec. Authentication, connection management, configuration required for data encryption, and access control to each device is controlled by a central m2m-x management server. After the necessary connection management by the m2m-x server, data communication between the two devices is conducted peer-to-peer using IPsec encryption with no intervention by the server. A number of vendors including Panasonic, Pioneer, Ricoh, Sanyo, Sony, Toshiba and Yamaha have already begun research and development efforts with this technology. Verio believes m2m-x is a promising technology and those attending the June Summit who see m2m-x demonstrations will be impressed by the business applications and solutions this can enable.

The US Government has done much to advance IPv6 in North America. The Department of Defense and the Department of Commerce have both proven to be visionary in their interest in IPv6 as more than a new protocol to solve the address problem. It is now time for the North American private sector to step forward in developing the applications and appliances that will ultimately drive the wide spread deployment of IPv6 networks. Demand for IPv6 products, not necessarily v6 itself, will drive adoption.

NTT Communications has been strongly committed to IPv6 since 1996 when NTT Labs started one of the world's largest IPv6 research networks. In 2002 NTT Com was awarded the World Communications Awards distinction for Best Technology Foresight for its IPv6 technology, and Communications Solutions named NTT/VERIO IPv6 Gateway Services its 2003 Product of the Year. Together, NTT Com and Verio were the first to offer commercial IPv6 services in Asia, North America, Europe and Australia. These services include native, dual-stack and tunneling access over the NTT/VERIO IPv6 Dual-Stack Global Backbone. Additionally, NTT Com and Verio have shown commitment to the IPv6 Summits through corporate sponsorship, as well as acting as the sole provider of IPv6 access at the summits. Attendees at the upcoming event in Santa Monica will also benefit from this free v6 connectivity. More information about NTT/VERIO solutions and IPv6 can be found at: http://www.verio.com/access/ipv6.cfm and NTT/VERIO Global IPv6 Backbone.


Is Your Firewall IPv6-Ready?
by John Nakulski, Agilent Technologies

IPv6 Firewall Test Challenges
Network equipment manufacturers, private network operators and ISPs are finding new challenges in developing and deploying IPv6-capable network security devices. We are often asked, "why is there a need to re-test IPv6-capable firewalls for IPv6? Don't firewalls primarily operate at layers 4-7?" Here are some of the issues that are forcing test engineers to develop new test scenarios and re-evaluate the performance of their firewalls:

  • IPv6 addresses are longer than IPv4 addresses
    Firewalls need to filter and match on a much longer address field, often requiring hardware and software redesign. Access control lists and other firewall rule sets must work with IPv6 addresses, forcing changes to the command line interface and graphical user interface. Performance will be slower for IPv6 packets - how much slower?
  • IPv6 variable-length headers
    IPv6 headers include optional encryption and authentication header sections. New firewall hardware and software components are more complex because they must parse and filter a variable-length header that contains additional fields that may affect routing / filtering decisions. In some instances, an integrated network security device may also need to perform encryption / decryption or calculation of message authentication codes to be able to filter on application-layer headers and content. Additional processing requirements such as these will impact firewall performance.
  • IPv6 and IPv4 concurrent processing
    IPv6-capable firewalls need to keep state tables for both IPv4 and IPv6 TCP connections and UDP sessions. Application-aware firewalls must track both IPv4 and IPv6 transactions. Added complexity arises from translation and tunneling (for example, IPv4 over IPv6 or IPv6 over IPv4). It could be useful to test the extent to which a firewall has been re-optimized for IPv6, to verify that there are no unexpected interactions between IPv6 and IPv4 traffic, and to measure performance degradation during simultaneous IPv6 and IPv4 operation.
  • IPv6 DoS attacks
    You can be sure that any security weaknesses introduced by IPv6 will be quickly exploited. Resiliency to well-known Denial of Service attacks must be retested for IPv6 - for example, ICMPv6 flood attacks. Just as hackers were able to use packet fragmentation to "hide" DoS attack packets to penetrate low-performing IPv4 firewalls, they will use IPv6/v4 and IPv4/v6 tunneling to try to hide application-layer attacks within complex handcrafted packets.
  • Test plan design and application intelligence
    Existing test scripts will no longer work. It may be impractical or impossible to re-use existing layer 4-7 test equipment if there is no underlying support for IPv6, or if IPv6 support is not fully integrated. At the same time, firewalls are gaining more and more "application intelligence", making development of test scripts tedious and cumbersome. Test engineers will use this as an opportunity to redesign their test plans and rethink their test environments.

Firewall Performance
The IPv6 firewall test scenarios used during the Moonv6 phase 2 test event were generally aimed at testing and demonstrating firewall functionality and operation. Firewall performance measurement is generally more complex than functional testing. Verifying the scalability and ultimate performance limits of the latest application-aware firewalls can be challenging!

  • Performance metrics include:
  • Concurrent Session Capacity
  • TCP Connection Latency and Rate
  • Application Transfer Rate
  • Application Throughput

It is difficult for network equipment vendors to quote along these performance dimensions because there are so many factors that impact realized performance - factors such as the number of filter rules used; whether or not SPI, NAT, port forwarding, virtual firewalling or application-layer filtering have been enabled; and the performance degradation caused by high-bandwidth DoS attacks. For this reason, it is vital for private network operators, carriers and ISPs to independently test firewall performance using a blend of real (stateful) application traffic according to their own expected firewall configuration and anticipated mix of users and services.

Moonv6 Phase 2 - The first IPv6 firewall test experience
Agilent Technologies helped equipment vendors to demonstrate that their network security devices are IPv6-ready during the Moonv6 Phase 2 test event in March this year. Having the only layer 4-7 test equipment available to test IPv6-capable firewalls, Agilent was in a unique position to help test engineers debug and verify the stability and performance of their early IPv6 firewall implementations. You can read the full story at http://www.agilent.com/about/newsroom/presrel/2004/22mar2004d.html.

To help document the first-ever public IPv6 firewall test experience, Agilent's Peter Atanasovski - who worked long hours at the event to help conduct the testing of firewalls, routers and even a web camera - has written a report entitled "Agilent Tests L2-7 at MoonV6". Vendors and ISPs who were not able to attend the event will find the report useful to learn about some of the more interesting interoperability and functionality test cases, as well as additional test scenarios that were conducted behind the scenes to help vendors verify device performance. Agilent's report can be downloaded from http://advanced.comms.agilent.com/networktester/moonv6.htm.

Agilent Technologies N4180A NetworkTester and RouterTester 900
To find out how the Agilent N4180A NetworkTester and Agilent RouterTester 900 can help speed your IPv6 development or deployment, please visit http://www.agilent.com/comms/networktester and http://advanced.comms.agilent.com/routertester/member/technology/ipv6/.


The IPv6 Realization
By Yurie Rich

For those companies in the IPv6 business, the last twelve months have been an incredible roller coaster ride of opportunity and panic. In June of 2003, just shortly after the DoD IPv6 adoption announcement , the v6 market was abuzz with excitement and anticipation. While hopes of widespread integration in the Asian and European theaters had become a forgone conclusion, interest in IPv6 in the States was lackluster at best. Consequently, the air of electricity at the 2003 San Diego conference was definitely scarce if you attended the IPv6 track at INET2002 in DC the year prior.

So in July of 2003, as I painfully watched the grass grow, I had to ask myself what happened. The enormity of the announcement should be driving business to our doors (and the door of every IPv6 vendor out there) at a break neck pace. Yet, the phone wasn’t ringing, the e-mail wasn’t pouring in, and people weren’t flocking to our website demanding services from Native6. As August rolled by, I questioned the sanity of the marketplace, and my decision to keep investing resources on a technology that seemed destined never to arrive.

However, in the back of mind lurked a notion that had persisted throughout my tenure as an IPv6 advocate. Didn’t they get it? Didn’t the marketplace understand the technology and the opportunities it represented? Didn’t they recognize the impact of the announcement and how quickly 2008 would be upon us? In the last sleepy days of August, I feared the answer might be a resounding “NO” - but thankfully I was in error.

As we slipped past Labor Day weekend, the marketplace awoke and went absolutely berserk with regards to IPv6. The phones started ringing, our e-mail boxes were overflowing, and I received a bill from Google for one month that was greater than the bill for the entire preceding year. IPv6 had finally arrived in the United States. The marketplace had finally “gotten” it.

Over the course of the last 9 months I’ve learned a great many things about IPv6 and the marketplace’s perceptions about what integration really means. My daily interaction with IPv6 began over 4 years ago, so certainly I already new a great deal about the technology. But we’d never had so many people trying to use it or break it before! As a professional services company focused on IPv6 training and integration, we were continually facing the same list of questions from organizations that’d hardly given IPv6 a thought before September of 2003:

  1. Isn’t upgrading to IPv6 going to be really expensive?
  2. Can we take a phased approach in our transition to IPv6?
  3. How do we get started with IPv6?
  4. What if we have remote users and users who travel and we want them to have IPv6 access as well?
  5. How can we claim IPv6 compliance on our programs?
  6. How do we offer a differentiated service with IPv6?
  7. How am I going to deliver the same type of services to my users in an IPv6 environment?
  8. How do we deploy IPv6 into our networks?

Unfortunately, the answer to many of these questions will vary depending upon who you are and what you are doing with IP today. I’d like to say that integration of IPv6 will not be very expensive, and for many that will be true. If you attended the US IPv6 Summit in Arlington, VA this past December, you’ll recall that the speaker from Verio indicated that their foray into IPv6 integration was very reasonable from an economic perspective. At Native6, we have assisted a number of companies develop test beds and begin their transition, discovering in the planning process that the cost of adoption will be much lower than initially anticipated.

Ultimately, we find that most of these questions, and the FUD (Fear, Uncertainty, and Doubt) associated with IPv6 adoption stems from a lack of knowledge about the protocol. IPv6 has been “around” for almost a decade now, yet the level of real knowledge that persists among the IT community is relatively small. Everyone seems to know the address space is much bigger, and that IPv6 has “plug and play” (more appropriately known as autoconfiguration). They also believe that IPv6 has better Quality of Service and is more secure – both erroneous notions borne out of bubble marketing efforts.

It seems that the answer to the question, “How do we get started with IPv6?” becomes even more obvious after hearing the “better Qos/Security” statement once again - “Work with people who know the technology”! Sure it seems simple enough, but unfortunately professional services, particularly training and consulting, tend to be the first things cut in difficult economic times and one of the last things to come back. This approach ultimately impacts research and development efforts, and could be detrimental to the bottom line in a competitive environment where innovation and efficiency are vital for survival.

Now that the marketplace is finally seeing the value of the IPv6, and there is significant market pressure for integration and adoption, budgetary resources are now being allocated to IPv6 concerns. As entities scramble to start the process of integrating v6 functionality into their products or roll out IPv6 services in their network, the best place to start the process is with Native6, Inc.

Native6 offers a full suite of professional services designed to help organizations fast track their integration process. Our IPv6 Training program utilizes a mobile training lab, which allows us to deliver, customized, instructor led, hands-on training to just about any location in the world (we’ve just completed an AsiaPac training circuit, completing courses in Taiwan, Korea and Australia). In addition to training, Native6 provides a number of integration services, including integration planning, SME services, and implementation assistance. To learn more, make sure to visit our booth at the conference in Santa Monica.

Receiving the training and assistance necessary to truly understand IPv6 is by no means the end of your path to integration, but it is certainly a great place to start. You’ll discover in the educational process that you have a variety of options with regards to v6 adoption. In the next newsletter watch for an article from our deployment partner, Hexago, to explain the next steps for a successful transition to the next generation Internet protocol.

For more information, visit our website at www.native6.com, or feel free to contact us at info@native6.com.


Short-Range Wireless 2004 Event

Short-Range Wireless 2004 ~ June 6-7 ~ Marriott Denver Tech Center in Denver, Colorado Co-located with Antenna Systems 2004, Short-Range Wireless 2004 is focused on the most recent advancements in short-range wireless technology for industrial, commercial and residential applications. This event serves technical and management professionals with end-user organizations involved in short-range wireless applications; device and electronics manufacturers; system developers and operators; integrators and service providers.

The sessions and discussions will aim to provide a comprehensive, objective view of product, service, regulatory and market developments in all applicable wireless device networking platforms, technologies and standards including Zigbee, 802.11, RFID, Bluetooth, M2M, wireless automation, UWB, IR, DECT and In-Building wireless.

For more information on the Short-Range Wireless event visit www.srw-magazine.com or contact Jeremy Martin at jeremym@infowebcom.com.


WCA 2004 Event

Plan now to attend WCA 2004 (www.wcai.com), June 1-4, Washington, DC as a VIP guest. WCA 2004 is the world's premier event for wireless broadband systems, services and content. Supported by the IPv6 Forum and 20 partnering associations. Technical talks will include discussion of IPv6 in wireless networks. The conference features 200 speakers, keynote by Michael Powell, 65 exhibitors and 2,000 delegates from nations. Special WiMAX Theater will showcase WiMAX solutions (hosted by Intel and WiMAX Forum). Download a VIP pass.


Sign Up Now for a Complimentary Subscription to Network World

Network World is the leading source of network knowledge, helping Network IT Executives, like yourself, design, deploy and manage the network infrastructure and applications driving business. Subscribe today and find out how companies are implementing IP for voice in the contact center (IP-enabled or pure IP), and how they are overcoming the concerns such as security, quality, scalability, reliability... We’ll address how the technology is being deployed, and the impact it has.

Sign up today and receive 51 weekly issues – AT NO COST


Sign Up Now for Network World’s Free Weekly Webcast Newsletter

Our weekly Webcast Newsletter brings you information on webcasts available on NW Fusion - your 24/7 source for the latest solutions and strategies, complete with links, resources, and the personal answers you need. Covering vital topics like security, applications, wireless, and more, our webcasts are highly focused, single-topic briefings from experts in technology. All for FREE! Stay up-to-date on our current webcasts by subscribing now.


InfoWorld Media Group

For 25 years, InfoWorld Media Group has provided cutting-edge coverage and evaluation of IT products and services for technology experts in senior management. Through integrated channels including print, online, and events, InfoWorld reaches the most influential senior-level information technologists. Powered by a continued investment in an independent Test Center, InfoWorld analysts and editors provide both hands-on analysis and evaluation, as well as expert commentary on issues surrounding emerging technologies and products.


Sunset Learning Institute Gears Up for IPv6 Summit

Sunset Learning’s Network Engineer/Instructor Team has a 13 year history of embracing, deploying and teaching cutting edge technologies to its clientele. Our team has been following the development of IPv6 through the early RFCs to its current implementations on Cisco router and Linux platforms. We are currently bringing a number of organizations up to speed on this technology through our Cisco course deliveries, including our very popular IP Version 6 Fundamentals and Building Scalable Cisco Internetworks courses. Stop by to meet SLI staff at our booth at the IPv6 Summit!


All rights reserved. Views expressed here are solely those of the authors and/or their employers and do not necessarily reflect the perspective of IPv6 Summit, Inc.

If you would like to submit an article for consideration, please contact Alex Lightman alex@usipv6.com for submission details.

Unsubscribe:
Click here to opt-out of future 6sense Newsletters.

CONTENTS

Introduction

New Internet, New Science; Cyberinfrastructure at Cal-(IT)²
Larry Smarr
Cal-(IT)²

IPv6 as a Tool in Homeland Security and First Responder Assistance
Eric Frost & Bob Welty
Co-Directors, Center for Information Technology and Infrastructure (CITI)
San Diego State University, San Diego, CA

IPv6, Internet Leadership, and The Economic Olympics
Alex Lightman

Intel IPv6 Position
Dylan Larson, Chris Lord, Kris Fleming, Scott Hahn, Hani Elgebaly

Drivers for IPv6 Acceptance
Cody Christman
Verio

Is Your Firewall IPv6-Ready?
John Nakulski
Agilent Technologies

The IPv6 Realization
Yurie Rich
NAv6TF

Short-Range Wireless 2004 Event

WCA 2004 Event

Complimentary Subscription to Network World

Network World’s Free Weekly Webcast Newsletter

InfoWorld Media Group

Sunset Learning Institute Gears Up for IPv6 Summit

UPCOMING EVENTS:

IPv6 In Transition: IPv6 Test & Analysis Seminar

Grapevine (Dallas), TX
18 May 2004

Boxborough (Boston), MA
20 May 2004

Albuquerque, NM
8 June 2004

La Jolla, CA
10 June 2004

Colorado Springs, CO
22 June 2004


June 1-4, Washington, DC
VIP Pass (PDF)

PRODUCED BY:

IPv6 Summit, Inc.

CORPORATE
SPONSORS:

NONPROFIT
SPONSORS:

MEDIA
SPONSORS:

ENDORSED BY:

Internet Society

Interactive Television Alliance

Information Society Technologies

Eurov6

IPv6 Task Force European Commission

IPv6 Task Force Steering Committee

Internet Systems Consortium

3GPP

3GPP2

UCLA

CAINS

© 2004 6sense. All Rights Reserved. 6sense Newsletter published by IPv6 Summit, Inc.