|
North
American IPv6 Summit 2004 June 14-17, Santa Monica,
CA
$299 Earlybird Ends May 21. Register
Now
Introduction
by
Alex Lightman, Publisher
With 28
days to go before the IPv6 Summit 2004 begins at the
Loews Hotel, Santa Monica, California, we are pleased
to present the second issue of 6Sense, the first US
newsletter dedicated to the rapidly growing and usually
brilliant IPv6 community. This issue includes the
sort of articles that network historians will be reading
for centuries, to get a snapshot of how the protocol
that ended up connecting trillions of people, places,
and things escaped from the laboratories and testbeds
to reach commercial status (something only one its
five siblings, IPv4, was capable enough to do over
the last four decades, and IPv4 changed history).
You can get a glimpse of this R & D to R
W (Real World) transition from the articles by Eric
Frost, Bob Welty, and Larry Smarr
(a man consistently ahead of the curve - Smarr
was running NCSA when it created the Apache
web server, and Mosaic, the first web browser, as
well as originating use of supercomputers for
modeling weather for movies, of the sort in releases of
The Day After Tomorrow and Twister.
He knows a world changing technology when he sees
it). As you will sense from the articles by, Yurie
Rich, and myself, many of us are champing at the
bit for power people to "get it" and wield
their power to transition to IPv6. Also in this issue
are insights from superpowers of technology like Intel
and NTT, and surprising insights
into firewalls from Agilent.
These companies, along with Cisco and Hewlett-Packard,
are the titans of IPv6 deployment.
IPv6 has the fresh ocean air smell of wide open space,
inspiring us to travel widely and forge new destinies.
We hope you are inspired to pursue IPv6 initiatives
and to join us in Santa Monica at the IPv6 Summit.
Visit usipv6.com
for details and write me at alex@usipv6.com
if you have any comments or have an IPv6 article to
submit. Click to Unsubscribe
if you prefer not to get the next 6Sense newsletter.
New
Internet, New Science; Cyberinfrastructure at Cal-(IT)²
Larry
Smarr, Cal-(IT)²
The California
Institute for Telecommunications and Information Technology
[Cal-(IT)²] and its partners at the National Center
for Microscopy and Imaging Research (NCMIR), San Diego
Supercomputer Center (SDSC), and the California Research
and Education Network (CENIC) have been early adopters
of IPv6 in optical networks to support e-Science applications.
Although it is still early in this transition, many
of the networks on which our applications will be
run are already IPv6 capable. In this short note,
I will review some of the progress in both the networks
and a major international-scale biomedical application.
This and other Cal-(IT)² experiments with IPv6
will be reviewed in my talk at the upcoming North
American IPv6 Summit in Santa Monica in June 2004.
Cal-(IT)² (www.calit2.net)
is a partnership between UC San Diego and UC Irvine.
In addition, we have close working relationships with
USC Information Sciences Institute (ISI) and San Diego
State University (SDSU)'s Center for Information Technology
and Infrastructure (CITI). For advanced connectivity,
these research universities rely on CENIC's High Performance
Research and Education Network (CalREN/HPR) to provide
leading-edge services for our large-e-Science application
users. CalREN/HPR has been supporting native IPv6
as a part of its base service since the implementation
of this leading edge 10Gbps Ethernet network. The
recent Internet2 IPv6 Land Speed Record1 awarded to
CalTech2 is an example of the type of performance
that this CENIC network, in combination with other
networks around the world, is able to achieve using
combinations of IPv4 and IPv6.
SDSC [www.sdsc.edu] is a National Science Foundation
(NSF) funded high performance supercomputer center,
providing data-intensive e-Science services to the
national university community and to Cal-(IT)²
experiments. SDSC has been deploying and working with
IPv6 networks since the beginning of 1999. Working
with early IPv6 adoptees such as ESnet, 6REN, the
VBNS, Japan's WIDE project, KDDI Labs, and Osaka University
in Japan, SDSC has been natively routing IPv6 via
ATM, POS, Ethernet and FDDI circuits for over 5 years.
During this time they have transitioned from early
software-based routing systems [running on CISCO 7200
series hardware] to KAME-based v6 routers on PC hardware
to multi 10-gigabit line rate hardware based IPv6
routing on their JUNIPER Networks T640, M40 and T320
platforms. SDSC's internal network switching fabric
is IPv6 capable throughout the entire center. In addition,
SDSC has won the Bandwidth Challenge contest at the
annual national Supercomputing XY conference twice
for its use of high bandwidth IPv6 applications.
As one of the lead institutions in the National Science
Foundation's TeraGrid project, a multi-site distributed
computational cluster, SDSC was instrumental in making
sure that IPv6 was a requirement in the hardware routing
and switching of the TeraGrid backplane which is based
on 4 OC192c (four 10Gigabit/s) cross-country circuits.
Although the current TeraGrid compute system does
not yet utilize IPv6, the entire optical backbone
of TeraGrid supports IPv6 and has had it utilized
to support international telemicroscopy projects,
described next.
UCSD's NCMIR [ncmir.ucsd.edu], directed by Professor
Mark Ellisman, is one of the innovative biomedical
research centers associated with Cal-(IT)². It
is funded by the National Center for Research Resources
(NCRR) of National Institutes of Health (NIH). The
IPv6 application development at NCMIR is focused on
delivering solutions for high-quality, low-latency
video feedback of remote microscopes, particularly
high-speed laser scanning and electron microscopes.
Such human-in-the-loop networked middleware is useful
in supporting remote instrumentation control, training,
collaboration, and data acquisition monitoring for
long experiments on unique instrumentation. NCMIR
has been using high speed IPv6 networks for years
and is now building on this work to take advantage
of the extended capabilities of IPv6 networks.
In the case of the laser scanning microscope, the
data is acquired from the instrument as a digital
stream, so we do not have to include the analog to
digital transformation. Taking advantage of this,
NCMIR created a client-server architecture for sending
and receiving data in uncompressed digital format
over IPv6 networks at 400mbit/s. This architecture
has been accomplished on Windows systems as a result
of a successful collaboration with Microsoft Research.
In the case of the electron microscope, useful data
consists of slight changes in gradients in a high-noise,
low-contrast environment. Finding regions of interest
is difficult at the terminal of the microscope and
almost impossible using standard low resolution video
streams. To address this challenge, NCMIR has been
working with standards in high-quality streaming video
to deliver video from the microscope in real-time.
The initial experiments used DV (digital video) streaming
over IPv6 using a software application to encode
and decode the analog video streams.
Such networked systems were also demonstrated during
the 2002 and 2003 Supercomputing conferences. During
these demonstrations team members from the NCMIR actively
controlled two different electron microscopes on opposite
sides of the world, in the US and Osaka Japan, with
visual feedback streaming to the booth in both HDTV
and Digital Video. For the SC2003 Bandwidth Challenge,
NCMIR staff also demonstrated a feature of the Telescience
Portal that streamed data from five different countries
to an advanced visualization kiosk in the SDSC booth
traversing networks such as the Teragrid (described
above), utilizing more than a gigabit per second in
IPv6 bandwidth. Four of these countries are members
of the Pacific Rim Applications and Grid Middleware
Assembly (PRAGMA), an SDSC and Cal-(IT)² partner,
as well as a sponsor of IPv6 workshops.
Most recently, NCMIR, collaborating with KDDI R&D
Labs researchers in Palo Alto, CA and Toyko, Japan,
has shown that the latest generation lossless JPEG2000
compression hardware HDTV codec, the DHS-2000D
and MR2000 network adapter, is fast enough to encode
a video signal in Osaka Japan, transfer over a network
to San Diego, California and then decode the signal
in less than a second. This capability was demonstrated
at the January 2004 OptIPuter [www.optiputer.net]
All Hands Meeting, with KDDI using approximately 300mbit/s
for data transfer. This low response-time is critical
for international remote instrumentation control.
Detailed experiments like this with full-scale networked
systems, combining instruments, computing, storage,
visualization, and software, are examples of what
is emerging across all disciplines of e-Science. In
the US this is termed "cyberinfrastructure"
and in the EU it is called "eInfrastructure."
IPv6 should be introduced now in all such experiments
so that the much more capable networks will allow
end users to attack much more complex e-Science frontier
challenges.
Larry Smarr
lsmarr@ucsd.edu
Harry E. Gruber Professor, Department of Computer
Science and Engineering, UCSD
Director, California Institute for Telecommunications
and Information Technology
MORE INFO:
Native IPv6 International Network Diagram:
Picture
(80K)
PowerPoint
(400K)
IPv6
as a Tool in Homeland Security and First Responder
Assistance
Eric
Frost and Bob Welty
Co-Directors, Center for Information Technology and
Infrastructure (CITI)
San Diego State University, San Diego, CA
SDSU is working
to test and deploy several specific uses of IPv6 as
an enabling technology in Homeland Security as part
of our Center for Information Technology and Infrastructure
(CITI). Our basic theme is to combine real-time
sensor information with the needs of first responders
and decision makers to quickly find, evaluate and
interrelate complex data sets in a geospatial format.
For example, Public Safety officers on the SDSU campus
respond to calls for hazardous materials, fires, infrastructure
failures, traditional crime, and public disturbance.
A normal response of such officers is to use radios
and the officer’s knowledge of where “everything”
is and how it can be accessed in simple or complex
emergencies. The traditional link to the officer is
a Motorola radio providing a voice connection to a
dispatcher, who then links to other information or
people resources, also usually by phone or radio.
For most events, this system works, though it puts
major pressure on the officer and their ability to
think clearly in difficult situations and obtain assistance
via voice or physical backup. Particularly when
responding officers (as from off-campus police agencies)
are not familiar with the complex geometries and locations
of buildings and facilities, they are greatly at risk
in walking into unknown environments or by trying
to make complex response decisions on the basis of
little information. This situation is greatly
worsened at night, in smoke-filled environments, during
power outages, or during other emergencies.
On behalf of such first responders, we are evaluating
the power of IPv6 as a means of integrating sensors,
imagery, Location Based Service information, and GPS
for querying databases. In essence we are building
an imaginary link between real spaces of one square
meter and an IPv6-enabled database system to link
bins of information to specific IPv6 “Latitude
and Longitude.” Because IPv6 can provide
IP addresses to trillions of sensors, all of the sensor
data from the university can be put together into
IP systems as a simple way of organizing and retrieving
information. If an IP address equals a specific
sensor (camera, steam pressure, fire alarm, seismic
motion detector, chemical gas detectors, etc.), then
the sensors can be automatically mined for information
to trigger alerts in an IP environment---enabling
the sensors to communicate with each other when needed
and with a server that is aggregating the information
to produce an actionable situation awareness and a
major tool within a decision support system.
By linking this sensor information to their geospatial
location, this real-time information can provide extremely
useful and site-specific information to responders
and students alike. An IPv6 “Latitude and
Longitude” can be provided to the sensor and
to all other information by dividing the campus region
up into a grid of 1 square meter IP address.
Each square meter can be given an IPv6 address, as
originally suggested by Alex Lightman in his 4GEO
system (a component of 4th Generation wireless technologies).
An officer with a GPS device, such as a small Bluetooth
device on their belt, can literally walk through the
database, retrieving appropriate data for each IPv6
bin or combinations of bins as they traverse the grid.
Almost like a person walking across a digitizing table,
the ability to assign an IP address for each square
meter allows data associated with IP addresses, such
as pixels from an air photo or satellite data, can
be quickly retrieved and related to each other.
IPv6-enabled location connected with sensor data connected
to a wireless bubble (like Qualcomm 1xEVDO deployed
in San Diego) makes a power query tool. A first
responder can obtain data specific to their exact
location, sorted by location and IP address, and delivered
via servers running applications such as ESRI ArcGIS
and ArcIMS. Server data can be sensors, demographics,
steam pipes, communications infrastructure, chemical
or biological components, potential hazard distances
and concerns, or even marketing and aroma areas for
fast food outlets. Work with campus first responders
duplicates work with community first responders and
Homeland Security experts, thus providing a teaching
laboratory. IPv6 may provide a powerful tool
for automatically converting data to knowledge and
providing rapid geospatial capabilities for humans
to then convert this knowledge to higher-level decisions
and response actions.
IPv6,
Internet Leadership, and The Economic Olympics
by Alex Lightman
While the
eyes of billions of people will be focused on the
Athens (athletics) Olympics, a few tens of thousand
others will be focusing on a different kind of Olympics,
an economic Olympics, to see where the thundering
herd of $25 to $50 trillion in liquid capital will
be parked. Inflation is starting to rear its head
after being scarce in Western economies for two decades,
and interest rates are going to rise. 2004 is when
a number of critical inflections will happen globally,
and a key determinant of where the funds will go will
be determined by how the top few tens of thousands
of financial decision makers judge not only the wealth
of nations but also the competence of governments.
There are 260 countries, so in part they are looking
at which governments seem as though they are going
to be best able to adapt to new circumstances.
Business people look at ROI – Return On Investment
– in comparing and contrasting potential investments,
past, present, and future. Governments don’t
use ROI nearly as much, but typically their militaries
get the lion’s share of resources, and have the
highest demands. Militaries use MEF – Mission
Effectiveness Factors – to compare projects and
to judge whether they succeeded or not. Part of the
problem with America’s experience with Iraq is
that no one has sought to find a Mission Effectiveness
Factor that can judge the impact of the US on a week
to week basis objectively. Perhaps America would get
more credit if the value of the Iraqi dinar relative
to the US dollar were a key MEF. The dinar fell from
3 to the US dollar to thousands to the dollar over
the course of conflicts, but since the US occupation/reconstruction
got underway the dinar has stabilized at around 1400.
Is there an MEF by which one can judge government
competence, and thus have a Distant Early Warning
system for governments that are ahead of the pack,
with the pack, and falling behind? I think that the
future will indicate that federal government mandates
for transition to IPv6 are the single best proxy for
government competence. Economically, the Internet
has been the single most important technology in recent
history, with estimates that during the '90s
the Internet accounted for about 1/3rd to 1/2 of economic
growth. Given that IPv6 will very likely result in
improvements in mobility, security, and ad hoc networking
over IPv4, it’s also very likely that IPv6 will
result in accelerated economic growth, increases in
stock values of key companies, and improve the ability
of governments to deliver services.
At this moment, Japan is the top country in government
competence, judged by IPv6 mandates. Both former Prime
Minister Mori and current Prime Minister Koizumi of
Japan have emphasized the importance of mandating
IPv6 in speeches, as keystone of achieving its objective
to be the #1 IT nation. I’ve seen more PowerPoints
about the Japanese government’s focus on leading
in IT outside of Japan than I have any other governments.
(Google “Japan IPv6” or “TAKAHARA Kozo”
to see the presentations, and let me know if any other
government’s compares.)
Korea is close behind in its IPv6 focus, in part because
it has cooperation agreements with Japan, but primarily
because Korea’s government has exhibited tremendous
vision and competence, including the early adoption
of CDMA while hundreds of other governments, lemming-like,
moved to TDMA (GSM). CDMA is the basis for 3G, and
Korea uses, produces and exports more 3G phones per
capita than any other country. Korea also has the
highest per capita penetration of broadband, Wi-Fi
hotspots, and online games. Japan and Korea
head up the first tier of IPv6-competent governments,
the Class A group.
The Department of Defense has mandated transition
to IPv6 by 2008, and is working hard to assist other
US government agencies with their own IPv6 transition,
primarily Dept. of Commerce, Dept. of Homeland Security,
and the security parts of the Dept. of Transportation.
At this point the US federal government would be well-served
to mandate IPv6 for the entire government: and such
an announcement would galvanize the business community
and the media, allowing the US potentially to catch
up with Japan and Korea. The early bird gets the billions:
Qualcomm’s 70 year old founder CEO Irwin Jacobs
announced that the CDMA pioneer’s profits were
up 46%, as QCOM’s market cap was $53 billion.
Think of that: a technology whose rough draft first
patented (spread spectrum) by the first woman to appear
totally nude in a movie (Hedy Lamar) inspired by piano
playing in 1947 is updated for the same improvements
as IPv6 is – security, mobility, and ad hoc networking
– earlier in San Diego, and BOOM there are hundreds
of companies that now trace their lineage (founders
were employees at related companies) to Irwin Jacobs’
companies. Being a protocol pioneer is richly rewarded
on this world.
As it is, US adoption of IPv6 is roughly matched by
Spain, Sweden, Finland, Belgium, Switzerland, Austria,
Taiwan, and Singapore. Australia is close to this
second tier or Class B group, but suffers from outspoken
IPv6 detractors. The European Union, through its $100
billion R & D arm, the European Commission, has
tried to mandate IPv6, but doesn’t have the power
to compel that national government organs do, but
the EC’s efforts are a key reason that Europe
is still in the technology game at all, given the
fierce competition with the US and East Asia in Internet-related
products and services.In the third tier are India,
Canada, Germany, and the UK – about a year or
so behind the second tier. Malaysia and Singapore
are close followers, with governments that are in
a great position to mandate IPv6 as a support for
their national champions.
China puts on a good show about IPv6, but has limited
institutional capacity, R & D, and software design
capabilities. National router champ Huawei is a shameless
copier of US technology rather than a pioneer, and
shutting down 8,700 Internet cafes isn’t the
sort of action of a government serious about leading
in the Internet takes. China has three big assets:
1. CNGI (China Next Gen Internet initiative, a $170
million project that is intended to advance IPv6),
2. An alliance with Japan and Korea, which will probably
enable China to save hundreds of millions in R &
D, and 3. the biggest mobile phone market (25% of
the world’s 1.3 billion mobile users), who can
be switched into a 500 million mobile Internet smart
mob by 2006. This is a huge market, and only the top
mobile IPv6 companies will have a shot at this business.
There is surprisingly little effort on the part of
other governments outside of the first three tiers
and China. Sometimes even one visionary leader can
create an Internet oasis. Sheikh Maktoum bin Rashid
Al Maktoum, UAE Prime Minister and Ruler of Dubai,
has a personal interest in IPv6, and even provided
$250K to organize an IPv6 conference there 26-28 February
2001. Dubai has been running IPv6 since 2001.
Governments should mandate IPv6 if they plan to compete
with the leading economies of the world. While proclaiming
that “IPv6 will end the digital divide”
is politically correct and is pleasing to transnational
government agencies, national governments need to
look out for their own interests first. Perhaps there
will be an athlete in Athens who has the potential
to win his or her event who will slow down so that
instead of winning, all the competitors can have a
tie. Perhaps the Olympic Gold medal can be divided
into multiple pieces, and we can give equal media
attention to many co-winners. No one should bet on
this, though, and investors would be equally foolish
to bet on equal visionary leadership in the next generation
Internet from many governments. Three will win the
world, just like in an Olympics, and the rest will
pay them homage. The winners in IPv6 find themselves
invited to lead in other trillion dollar markets –
4G wireless broadband, digital media distribution
including education, consumer electronics, television/radio
content, ecommerce and online security, and medical
monitoring, among others.
In the real world, the winners in technology adoption
get to add jobs instead of outsourcing them. They
improve their productivity, increase their stock wealth,
and reduce inflation. People around the world should
envy Japanese and Koreans for having governments that
focus on Internet leadership. Personally, I want the
US to be the Internet leader. The key step is for
the federal government to resume its historically
successful role as FBC (First Big Customer) for IPv6,
starting with mandating IPv6 for all federal agencies,
and then encourage states and cities to do the same,
using hundreds of billions in transfer payments to
offer incentives. For every White House speech that
mentions outsourcing or job creation or broadband,
two speeches should mention that the US needs to lead
in IPv6 implementation, because the issues are as
related as DNA strands. This federal mandate is essential
to stay in contention for the Gold medal in the Economic
Olympics.
If the US doesn’t want to lead, there are a few
hundred other countries that would be happy to extend
their lead, or to catch up. Mandating IPv6 is the
single best way for the US, and any government, to
signal that it can see beyond the day to day drama
and improve the ultimate infrastructure that enables
everyone to be ever more productive and connected.
Intel
IPv6 Position
The
Next Generation Internet Protocol
Authors:
Dylan Larson, Chris Lord, Kris Fleming, Scott Hahn,
Hani Elgebaly
(Version 1, February 3, 2003)
Information
in this document is provided in connection with Intel
products. No license, express or implied, by estoppel
or otherwise, to any intellectual property rights
is granted by this document. Except as provided in
Intel's Terms and Conditions of Sale for such products,
Intel assumes no liability whatsoever, and Intel disclaims
any express or implied warranty, relating to sale
and/or use of Intel products including liability or
warranties relating to fitness for a particular purpose,
merchantability, or infringement of any patent, copyright
or other intellectual property right. Intel products
are not intended for use in medical, life saving,
or life sustaining applications. Intel may make changes
to specifications and product descriptions at any
time, without notice.
Copyright © Intel Corporation 2003 * Other names
and brands may be claimed as the property of others.
The Next
Generation Internet Protocol
Intel views IPv6 as a key technology enabler for continued
worldwide Internet growth and innovation. Internet
Protocol version 6, or IPv6 is the next-generation
Internet Protocol (IP) that defines the way network
devices and users will communicate in the future.
The IPv6 protocol is being defined in the Internet
Engineering Task Force (IETF) to dramatically improve
Internet scalability while adding additional enhancements
to network security and mobility. IPv6 dramatically
increases the number of IP addresses available to
identify trillions of network devices.
The promise of IPv6’s ample IP address space
is crucial to satisfying the high-growth demands of
emerging markets around the world. IPv6 address space
also promises a return to Internet transparency by
promising a universal addressing scheme that will
allow packets to flow from source to destination essentially
unaltered. Intel is excited about the opportunities
for new applications and new computing uses that IPv6
will enable as it restores true end-to-end transparency
on the Internet. Intel is working to establish IPv6
support across each of the core building block architectures.
As industry convergence of computing and communications
progresses, the need for globally scalable architecture
has become an imperative. Although a majority of the
Internet infrastructure today exists in North America,
key growth areas for computing are increasingly outside
of that region. Unfortunately, much of the global
user growth is at risk given shortages of a worldwide
IP address supply. In addition to the dramatic growth
in emerging geographies, the Internet is also beginning
to converge with wireless communications. The cellular
industry has experienced continued rapid growth for
wireless communications and is moving to high-speed
wireless data with next-generation wireless technology
such as 2.5G and 3G. These next-generation wireless
technologies also bring with them a significant demand
for IP that will fuel growth and address requirements.
IPv6 is key to supporting the rapid global growth
of the Internet infrastructure, services, and users.
To drive the adoption of IPv6, Intel is pursuing expanded
research and collaboration opportunities in geographies
where IP addresses are highly constrained. The return
of end-to-end transparency on the Internet will create
many new uses and opportunities for Intel building
blocks. The current reliance on Network Address Translator
(NAT) technology, to extend the limited IP address
supply, has created a fracturing of the end-to-end
model upon which the Internet was founded. This break
in end-to-end transparency is hindering the development
of many new interesting applications on the Internet.
New uses for the PC such as peer-to-peer applications
and rich multimedia communications have yet to come
into mainstream use largely because of the costly
workarounds and limitations imposed by NATs. These
applications will bring new computing uses and an
improved user experience. Intel is actively developing
high-performance IPv6 solutions and is driving emerging
standards in the IETF to realize the IPv6 Internet.
Intel is driving IPv6 in mobile communications, in
the home and in the enterprise.
IPv6 Technology for Wireless Mobility
Intel has a vision of always on, always connected,
anywhere communication. Intel believes that Mobile
IPv6 is a key technology in enabling this vision.
Intel is focused on providing communication technologies
for our mobile client platforms (notebooks, handhelds,
phones, etc.) that will allow the user of our mobile
clients to be continuously connected and constantly
reachable. These communication technologies will provide
authenticated and secure voice and data network access
that is always available anywhere and continues to
operate as the user moves from place to place and
from one network to another.
To enable this vision, our mobile clients must have
the ability to use multiple communication networking
technologies and seamlessly roam between these technologies,
which include both wired and wireless networks such
as LANs, WLANs, WPANs, and WWANs. Our vision supports
and encourages the deployment of 802.11 wireless hotspots
and 2.5/3G cellular networks. This creates a large
number of mobile clients that are now connected to
the Internet, and with IPv6 abundant addressing, all
of the mobile clients can have their own IP address.
Mobile IPv6 allows for end-to-end network connectivity
to be maintained as the mobile client roams within
and between these different networking technologies.
Enterprise mobility, access from wireless hotspots
and 2.5/3G mobility are the focus of Intel’s
research and standardization efforts for MobileIPv6
in order to help ensure that all mobile clients are
secure and easy to use.
IPv6 in the Home
In the last decade the technology industry has produced
tremendous advancements in computer platforms, Consumer
Electronics (CE) and communication networks creating
a myriad of novel and inexpensive consumer devices
and services. The interplay of these innovations is
often mutually beneficial. For example, the Personal
Computer (PC) platform propelled the rapid adoption
of the Internet, and the ensuing demand for bandwidth
has led to proliferation of broadband access and home
networking solutions. In the CE industry, new generations
of intelligent network connected devices are emerging.
These technological advancements are paving the way
for significant enhancements to the user’s inter-connected
experience by enabling high-speed Internet services
and rich multimedia content delivery and applications
into the home.
The home network of tomorrow will provide greater
speed and security, and wireless technology will make
it nearly effortless to add new devices in the home.
The connected PC, CE and mobile devices will continue
to get plugged into the Internet to access rich and
timely content. Conversely, as the home becomes ‘always
connected’, rich content from PC and CE devices
on the home network will in turn become sources of
rich content. This will create new network resource
requirements, such as the ability to address these
home content source devices from outside the home,
transparently to applications, securely, and easily
by name. End users will demand that these components
fully and transparently interoperate - particularly
regarding security, privacy and ease-of-use. Device
manufacturers and equipment suppliers can make home
networking easier by taking advantage of IPv6 address
auto-configuration. Residential Gateways (RG) play
a significant role in making a smooth transition to
IPv6. Residential Gateways should provide support
for IPv6 addressing, 6-to-4 tunneling and firewall
configuration. Early deployment of IPv6-enabled devices
and RGs will accelerate the realization of the goal
of end-to-end transparent internetworking.
IPv6 in the Enterprise
As corporations continue to expand their presence
around the world and add new services such as wireless
LAN and voice over IP, they will need an ever-increasing
number of IP addresses. As IPv4 addresses become scarcer,
enterprises will increasingly turn to IPv6 as a solution.
During this transition in the enterprise, both IPv6
and IPv4 will coexist for some time. As a result,
the enterprise will need the tools and equipment to
maintain their IPv4 networks and services while adding
IPv6 capabilities. Intel is working to develop solutions
that will allow the enterprise to add IPv6 to their
networks without affecting performance or functionality
of their currently installed IPv4 networks.
Summary
IPv6 will bring dramatic scalability and improvements
to the Internet enabling the mobility, rich content
in the home and global reach for the enterprise. As
IPv6 gains momentum, Intel will continue to drive
the standards and technology for IPv6 across its product
lines. With IPv6, Intel and fellow travelers bring
new value to the end-user experience while ensuring
a broad equitable growth of the Internet around the
world.
Drivers
for IPv6 Acceptance
by
Cody Christman of Verio, an NTT Communications Company
There is
a lot of talk in the industry about IPv4 address depletion
and the inevitable fact that some day we will all
be required to migrate to IPv6. Although viewed by
many as fact, this talk also raises some concerns
that the v4 address crisis is overstated and often
used as a scare tactic. It is Verio’s belief
that other benefits of IPv6 will actually drive acceptance
before migration becomes a necessity due to address
space depletion. For example, IPv6's promise for point-to-point
networking, security, Quality of Service (QoS) and
mobile IP will enable the applications expected to
drive consumer demand. IPv6 will allow consumers to
do more with the Internet - whether or not they even
know they are using it.
The US has done an excellent job of leading the world
in many areas of technology, but IPv6 development
is one area where the U.S. has been lagging. The vision
of IPv6 as a protocol that offers more than additional
address space is going strong in Asia and Europe.
The list of Asia-Pacific vendors building products
today that support IPv6 is impressive, and new chips
like Fujitsu's MB91401 open the door for almost anyone
to securely network-enable almost any device. There
are increasingly more compelling reasons for more
US companies to embrace and promote this technology.
Looking back 20 years, security precautions were overlooked
in the development of IPv4, and have continued to
be a challenge for application developers since then:
IPsec was an afterthought, and Network Address Translation
(NAT) – which has been widely deployed to solve
the address depletion problem and for perceived security
benefits – makes true end-to-end, secure applications
extremely difficult to deploy. The integration of
secure point-to-point networking is one area that
today holds great promise for the IPv6 “killer
app”, and is expected to help drive wide spread
consumer adoption. IPv6 solves the IPsec and NAT dilemmas.
IPsec is designed into the v6 protocol, making support
mandated. Additionally, NAT does not present this
problem. Every IPv6 node will have a globally routeable
unicast address. IPv6 opens up a new networking paradigm
currently not on the radar screen in the v4 world.
At the June 2004 North American IPv6 Summit in Santa
Monica, Verio and NTT Communications will demonstrate
a new technology that is in development called m2m-x
- or machine-to-machine, anything, anyplace, anytime.
This technology enables easy and secure point-to-point
communication between appliances and/or computers
using IPv6. For example, a traveling executive could
securely view images from and control an IPv6-enabled
security camera located at home, or commerce partners
could conduct a secure video conference meeting over
the Internet.
The m2m-x technology is based on extended Session
Initiation Protocol (SIP) and IPsec. Authentication,
connection management, configuration required for
data encryption, and access control to each device
is controlled by a central m2m-x management server.
After the necessary connection management by the m2m-x
server, data communication between the two devices
is conducted peer-to-peer using IPsec encryption with
no intervention by the server. A number of vendors
including Panasonic, Pioneer, Ricoh, Sanyo, Sony,
Toshiba and Yamaha have already begun research and
development efforts with this technology. Verio believes
m2m-x is a promising technology and those attending
the June Summit who see m2m-x demonstrations will
be impressed by the business applications and solutions
this can enable.
The US Government has done much to advance IPv6 in
North America. The Department of Defense and the Department
of Commerce have both proven to be visionary in their
interest in IPv6 as more than a new protocol to solve
the address problem. It is now time for the North
American private sector to step forward in developing
the applications and appliances that will ultimately
drive the wide spread deployment of IPv6 networks.
Demand for IPv6 products, not necessarily v6 itself,
will drive adoption.
NTT Communications has been strongly committed to
IPv6 since 1996 when NTT Labs started one of the world's
largest IPv6 research networks. In 2002 NTT Com was
awarded the World Communications Awards distinction
for Best Technology Foresight for its IPv6 technology,
and Communications Solutions named NTT/VERIO IPv6
Gateway Services its 2003 Product of the Year. Together,
NTT Com and Verio were the first to offer commercial
IPv6 services in Asia, North America, Europe and Australia.
These services include native, dual-stack and tunneling
access over the NTT/VERIO IPv6 Dual-Stack Global Backbone.
Additionally, NTT Com and Verio have shown commitment
to the IPv6 Summits through corporate sponsorship,
as well as acting as the sole provider of IPv6 access
at the summits. Attendees at the upcoming event in
Santa Monica will also benefit from this free v6 connectivity.
More information about NTT/VERIO solutions and IPv6
can be found at: http://www.verio.com/access/ipv6.cfm
and NTT/VERIO
Global IPv6 Backbone.
Is
Your Firewall IPv6-Ready?
by
John Nakulski, Agilent Technologies
IPv6 Firewall
Test Challenges
Network equipment manufacturers, private network operators
and ISPs are finding new challenges in developing
and deploying IPv6-capable network security devices.
We are often asked, "why is there a need to re-test
IPv6-capable firewalls for IPv6? Don't firewalls primarily
operate at layers 4-7?" Here are some of the
issues that are forcing test engineers to develop
new test scenarios and re-evaluate the performance
of their firewalls:
- IPv6
addresses are longer than IPv4 addresses
Firewalls need to filter and match on a much longer
address field, often requiring hardware and software
redesign. Access control lists and other firewall
rule sets must work with IPv6 addresses, forcing
changes to the command line interface and graphical
user interface. Performance will be slower for IPv6
packets - how much slower?
- IPv6
variable-length headers
IPv6 headers include optional encryption and authentication
header sections. New firewall hardware and software
components are more complex because they must parse
and filter a variable-length header that contains
additional fields that may affect routing / filtering
decisions. In some instances, an integrated network
security device may also need to perform encryption
/ decryption or calculation of message authentication
codes to be able to filter on application-layer
headers and content. Additional processing requirements
such as these will impact firewall performance.
- IPv6
and IPv4 concurrent processing
IPv6-capable firewalls need to keep state tables
for both IPv4 and IPv6 TCP connections and UDP sessions.
Application-aware firewalls must track both IPv4
and IPv6 transactions. Added complexity arises from
translation and tunneling (for example, IPv4 over
IPv6 or IPv6 over IPv4). It could be useful to test
the extent to which a firewall has been re-optimized
for IPv6, to verify that there are no unexpected
interactions between IPv6 and IPv4 traffic, and
to measure performance degradation during simultaneous
IPv6 and IPv4 operation.
- IPv6
DoS attacks
You can be sure that any security weaknesses introduced
by IPv6 will be quickly exploited. Resiliency to
well-known Denial of Service attacks must be retested
for IPv6 - for example, ICMPv6 flood attacks. Just
as hackers were able to use packet fragmentation
to "hide" DoS attack packets to penetrate
low-performing IPv4 firewalls, they will use IPv6/v4
and IPv4/v6 tunneling to try to hide application-layer
attacks within complex handcrafted packets.
- Test
plan design and application intelligence
Existing test scripts will no longer work. It may
be impractical or impossible to re-use existing
layer 4-7 test equipment if there is no underlying
support for IPv6, or if IPv6 support is not fully
integrated. At the same time, firewalls are gaining
more and more "application intelligence",
making development of test scripts tedious and cumbersome.
Test engineers will use this as an opportunity to
redesign their test plans and rethink their test
environments.
Firewall
Performance
The IPv6 firewall test scenarios used during the Moonv6
phase 2 test event were generally aimed at testing
and demonstrating firewall functionality and operation.
Firewall performance measurement is generally more
complex than functional testing. Verifying the scalability
and ultimate performance limits of the latest application-aware
firewalls can be challenging!
- Performance
metrics include:
- Concurrent
Session Capacity
- TCP Connection
Latency and Rate
- Application
Transfer Rate
- Application
Throughput
It is difficult
for network equipment vendors to quote along these
performance dimensions because there are so many factors
that impact realized performance - factors such as
the number of filter rules used; whether or not SPI,
NAT, port forwarding, virtual firewalling or application-layer
filtering have been enabled; and the performance degradation
caused by high-bandwidth DoS attacks. For this reason,
it is vital for private network operators, carriers
and ISPs to independently test firewall performance
using a blend of real (stateful) application traffic
according to their own expected firewall configuration
and anticipated mix of users and services.
Moonv6 Phase 2 - The first IPv6 firewall test experience
Agilent Technologies helped equipment vendors to demonstrate
that their network security devices are IPv6-ready
during the Moonv6 Phase 2 test event in March this
year. Having the only layer 4-7 test equipment available
to test IPv6-capable firewalls, Agilent was in a unique
position to help test engineers debug and verify the
stability and performance of their early IPv6 firewall
implementations. You can read the full story at http://www.agilent.com/about/newsroom/presrel/2004/22mar2004d.html.
To help document the first-ever public IPv6 firewall
test experience, Agilent's Peter Atanasovski - who
worked long hours at the event to help conduct the
testing of firewalls, routers and even a web camera
- has written a report entitled "Agilent Tests
L2-7 at MoonV6". Vendors and ISPs who were not
able to attend the event will find the report useful
to learn about some of the more interesting interoperability
and functionality test cases, as well as additional
test scenarios that were conducted behind the scenes
to help vendors verify device performance. Agilent's
report can be downloaded from http://advanced.comms.agilent.com/networktester/moonv6.htm.
Agilent Technologies N4180A NetworkTester and RouterTester
900
To find out how the Agilent N4180A NetworkTester and
Agilent RouterTester 900 can help speed your IPv6
development or deployment, please visit http://www.agilent.com/comms/networktester
and http://advanced.comms.agilent.com/routertester/member/technology/ipv6/.
The
IPv6 Realization
By
Yurie Rich
For those
companies in the IPv6 business, the last twelve months
have been an incredible roller coaster ride of opportunity
and panic. In June of 2003, just shortly after the
DoD IPv6 adoption announcement , the v6 market was
abuzz with excitement and anticipation. While hopes
of widespread integration in the Asian and European
theaters had become a forgone conclusion, interest
in IPv6 in the States was lackluster at best. Consequently,
the air of electricity at the 2003 San Diego conference
was definitely scarce if you attended the IPv6 track
at INET2002 in DC the year prior.
So in July of 2003, as I painfully watched the grass
grow, I had to ask myself what happened. The enormity
of the announcement should be driving business to
our doors (and the door of every IPv6 vendor out there)
at a break neck pace. Yet, the phone wasn’t ringing,
the e-mail wasn’t pouring in, and people weren’t
flocking to our website demanding services from Native6.
As August rolled by, I questioned the sanity of the
marketplace, and my decision to keep investing resources
on a technology that seemed destined never to arrive.
However, in the back of mind lurked a notion that
had persisted throughout my tenure as an IPv6 advocate.
Didn’t they get it? Didn’t the marketplace
understand the technology and the opportunities it
represented? Didn’t they recognize the impact
of the announcement and how quickly 2008 would be
upon us? In the last sleepy days of August, I feared
the answer might be a resounding “NO” -
but thankfully I was in error.
As we slipped past Labor Day weekend, the marketplace
awoke and went absolutely berserk with regards to
IPv6. The phones started ringing, our e-mail boxes
were overflowing, and I received a bill from Google
for one month that was greater than the bill for the
entire preceding year. IPv6 had finally arrived in
the United States. The marketplace had finally “gotten”
it.
Over the course of the last 9 months I’ve learned
a great many things about IPv6 and the marketplace’s
perceptions about what integration really means. My
daily interaction with IPv6 began over 4 years ago,
so certainly I already new a great deal about the
technology. But we’d never had so many people
trying to use it or break it before! As a professional
services company focused on IPv6 training and integration,
we were continually facing the same list of questions
from organizations that’d hardly given IPv6 a
thought before September of 2003:
- Isn’t
upgrading to IPv6 going to be really expensive?
- Can we
take a phased approach in our transition to IPv6?
- How do
we get started with IPv6?
- What if
we have remote users and users who travel and we
want them to have IPv6 access as well?
- How can
we claim IPv6 compliance on our programs?
- How do
we offer a differentiated service with IPv6?
- How am
I going to deliver the same type of services to
my users in an IPv6 environment?
- How do
we deploy IPv6 into our networks?
Unfortunately,
the answer to many of these questions will vary depending
upon who you are and what you are doing with IP today.
I’d like to say that integration of IPv6 will
not be very expensive, and for many that will be true.
If you attended the US IPv6 Summit in Arlington, VA
this past December, you’ll recall that the speaker
from Verio indicated that their foray into IPv6 integration
was very reasonable from an economic perspective.
At Native6, we have assisted a number of companies
develop test beds and begin their transition, discovering
in the planning process that the cost of adoption
will be much lower than initially anticipated.
Ultimately, we find that most of these questions,
and the FUD (Fear, Uncertainty, and Doubt) associated
with IPv6 adoption stems from a lack of knowledge
about the protocol. IPv6 has been “around”
for almost a decade now, yet the level of real knowledge
that persists among the IT community is relatively
small. Everyone seems to know the address space is
much bigger, and that IPv6 has “plug and play”
(more appropriately known as autoconfiguration). They
also believe that IPv6 has better Quality of Service
and is more secure – both erroneous notions borne
out of bubble marketing efforts.
It seems that the answer to the question, “How
do we get started with IPv6?” becomes even more
obvious after hearing the “better Qos/Security”
statement once again - “Work with people who
know the technology”! Sure it seems simple enough,
but unfortunately professional services, particularly
training and consulting, tend to be the first things
cut in difficult economic times and one of the last
things to come back. This approach ultimately impacts
research and development efforts, and could be detrimental
to the bottom line in a competitive environment where
innovation and efficiency are vital for survival.
Now that the marketplace is finally seeing the value
of the IPv6, and there is significant market pressure
for integration and adoption, budgetary resources
are now being allocated to IPv6 concerns. As entities
scramble to start the process of integrating v6 functionality
into their products or roll out IPv6 services in their
network, the best place to start the process is with
Native6, Inc.
Native6 offers a full suite of professional services
designed to help organizations fast track their integration
process. Our IPv6 Training program utilizes a mobile
training lab, which allows us to deliver, customized,
instructor led, hands-on training to just about any
location in the world (we’ve just completed an
AsiaPac training circuit, completing courses in Taiwan,
Korea and Australia). In addition to training, Native6
provides a number of integration services, including
integration planning, SME services, and implementation
assistance. To learn more, make sure to visit our
booth at the conference
in Santa Monica.
Receiving the training and assistance necessary to
truly understand IPv6 is by no means the end of your
path to integration, but it is certainly a great place
to start. You’ll discover in the educational
process that you have a variety of options with regards
to v6 adoption. In the next newsletter watch for an
article from our deployment partner, Hexago, to explain
the next steps for a successful transition to the
next generation Internet protocol.
For more information, visit our website at www.native6.com,
or feel free to contact us at info@native6.com.
Short-Range
Wireless 2004 Event
Short-Range
Wireless 2004 ~ June 6-7 ~ Marriott Denver Tech Center
in Denver, Colorado Co-located with Antenna Systems
2004, Short-Range Wireless 2004 is focused
on the most recent advancements in short-range wireless
technology for industrial, commercial and residential
applications. This event serves technical and management
professionals with end-user organizations involved
in short-range wireless applications; device and electronics
manufacturers; system developers and operators; integrators
and service providers.
The sessions and discussions will aim to provide a
comprehensive, objective view of product, service,
regulatory and market developments in all applicable
wireless device networking platforms, technologies
and standards including Zigbee, 802.11, RFID, Bluetooth,
M2M, wireless automation, UWB, IR, DECT and In-Building
wireless.
For more information on the Short-Range Wireless event
visit www.srw-magazine.com
or contact Jeremy Martin at jeremym@infowebcom.com.
WCA
2004 Event
Plan now
to attend WCA 2004 (www.wcai.com),
June 1-4, Washington, DC as a VIP guest. WCA 2004
is the world's premier event for wireless broadband
systems, services and content. Supported by the IPv6
Forum and 20 partnering associations. Technical talks
will include discussion of IPv6 in wireless networks.
The conference features 200 speakers, keynote by Michael
Powell, 65 exhibitors and 2,000 delegates from nations.
Special WiMAX Theater will showcase WiMAX solutions
(hosted by Intel and WiMAX Forum). Download a VIP
pass.
Sign
Up Now for a Complimentary Subscription to Network
World
Network World
is the leading source of network knowledge, helping
Network IT Executives, like yourself, design, deploy
and manage the network infrastructure and applications
driving business. Subscribe today and find out how
companies are implementing IP for voice in the contact
center (IP-enabled or pure IP), and how they are overcoming
the concerns such as security, quality, scalability,
reliability... We’ll address how the technology
is being deployed, and the impact it has.
Sign
up today and receive 51 weekly issues – AT
NO COST
Sign
Up Now for Network World’s Free Weekly Webcast
Newsletter
Our weekly
Webcast Newsletter brings you information on webcasts
available on NW Fusion - your 24/7 source for the
latest solutions and strategies, complete with links,
resources, and the personal answers you need. Covering
vital topics like security, applications, wireless,
and more, our webcasts are highly focused, single-topic
briefings from experts in technology. All for FREE!
Stay
up-to-date on our current webcasts by subscribing
now.
InfoWorld
Media Group
For 25 years,
InfoWorld Media Group has provided cutting-edge coverage
and evaluation of IT products and services for technology
experts in senior management. Through integrated channels
including print, online, and events, InfoWorld reaches
the most influential senior-level information technologists.
Powered by a continued investment in an independent
Test Center, InfoWorld analysts and editors provide
both hands-on analysis and evaluation, as well as
expert commentary on issues surrounding emerging technologies
and products.
Sunset
Learning Institute Gears Up for IPv6 Summit
Sunset Learning’s
Network Engineer/Instructor Team has a 13 year history
of embracing, deploying and teaching cutting
edge technologies to its clientele. Our team has been
following the development of IPv6 through the early
RFCs to its current implementations on Cisco router
and Linux platforms. We are currently bringing a number
of organizations up to speed on this technology through
our Cisco course deliveries, including our very
popular IP Version 6 Fundamentals and Building Scalable
Cisco Internetworks courses. Stop by to meet SLI staff
at our booth at the IPv6 Summit!
All rights
reserved. Views expressed here are solely those of
the authors and/or their employers and do not necessarily
reflect the perspective of IPv6 Summit, Inc.
If you would like to submit an article for consideration,
please contact Alex Lightman alex@usipv6.com
for submission details.
Unsubscribe:
Click
here to opt-out
of future 6sense Newsletters.
|
