DOD develops a road map for getting to IPv6

Military networks will have to prove that they can run securely and reliably under IP Version 6 before receiving approval to use the new protocols.

The deadline for moving to the new version of the Internet Protocol is 2008. Until then, IPv6 will be restricted to early adopter environments and will not be allowed on operational Defense Department networks. The DOD IPv6 Transition Office is developing guidelines to help networks get approval to operate.

Authorization in steps

Networks will receive authorization to run at two levels before progressing to operational capability, said James Schifalacqua of the Transition Office support team from SI International Inc. Information assurance will be a key element in receiving authorization to operate, Schifalacqua said recently at the U.S. IPv6 Summit in Reston, Va.

“It’s not the technology, it’s the process,” he said. Not all risk has to be eliminated, but administrators must be able to document how risks are analyzed and managed.

Much of the process will be standard risk management, Schifalacqua said. Some elements will be specific to the features of the new protocols, such as mobile networking.

“Mobility has a lot of possible vulnerabilities,” he said. “Most of them involve integrating and authentication.”

The first level of authority to operate will be for isolated IPv6 enclaves that will not be sending packets to the outside. The rule of thumb for this level is “do no harm,” Schifalacqua said. These enclaves must have the same basic information assurance features as an IPv4 network, including packet filtering, firewalls and network intrusion detection.

The next level will be for Version 6 enclaves that communicate with other network elements.
These will require more extensive information assurance features, including methods of mitigating risk in dual stacks running both IP versions 4 and 6 and for tunneling packets from one version through another.

The first level of real operational capability, which must be reached by 2008, was described as parity with IPv4. The new version will be running, but with essentially the same capabilities as current IPv4 networks. Additional capabilities unique to IPv6 will be added in the second level.

The Transition Office plans to offer help to networks in achieving authorization. Staff member Marty Beckman said the office is readying a testbed network that DOD agencies will be welcome to connect with. It will have DNS servers with dual stacks for both IPv4 and IPv6 for the domain. It also will enable voice over IPv6.

The service will be free, but agencies will have to pay for their own connections to the node. The initial testbed core will be at Falls Church, Va. Plans call for extending it with cores at Scott Air Force Base in Illinois, Peters Air Force Base in Colorado, and the Marine Corps base in San Diego.

The Transition Office also plans to establish an IPv6 training center for DOD and other government personnel, Beckman said. Cost is expected to be about $250 per person for a week of instruction.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected