Network Transition
MILITARY IMPLEMENTS SHIFT FROM ASYNCHRONOUS
TRANSFER MODE NETWORKING TECHNOLOGY TO
A NEW VERSION OF THE INTERNET PROTOCOL.
While the Department of Defense pushes to implement a transition from Internet Protocol version 4 (IPv4) to IPv6, another major shift in networking technology—from Asynchronous Transfer Mode (ATM) to IP.
Under a governmentwide mandate issued by the Office of Management and Budget last summer, all federal agencies are supposed to implement IPv6 on their network backbones by June 2008. Despite considerable progress by the Department of Defense, which had earlier established its own IPv6 mandate, some experts say the military is unlikely to fully meet the deadline. But while that may leave DoD chief information officers with some explaining to do to OMB, analysts also say the military will likely transition to IPv6 in a more rational, secure and cost-effective way than if they were scrambling against a hard 2008 deadline.
The transition in question involves two aspects: upgrading IPv4 to IPv6 for those systems that already run on IP, and switching over other networks from ATM to IP. The implications of the ATM-to-IP switchover have frequently been overlooked in discussions of the IPv6 transition, analysts suggest.
ATM was designed as a bridge between synchronous channel networking, such as the circuit-switching technologies of traditional telephony, and the packet-based networking characteristic of IP and frame-relay communications. ATM maps both the bit streams of circuit-switched networks and the packet streams of packet-switched networks onto a stream of small fixed-size cells, themselves essentially packets.
The ATM versus IP switchover involves a number of tradeoffs. IP was developed for maximum flexibility and speed. IP packets can vary in size and more easily support a variety of applications such as video streams and the seamless convergence of voice, data and video communications. The technology arguably best supports the end-to-end integration envisioned for DoD’s Global Information Grid (GIG).
On the other hand, IP was not built to maximize security and reliability; these characteristics are added on additional technological layers which slow down the movement of packets. This presents problems for government—particularly military—networking applications, which some argue were not fully considered when the government plunged headlong into IPv6.
ATM, for its part, boasts the high level of security and quality of service typical of circuit-switched networks. But, because ATM works with small, fixed-size cells, it lacks the flexibility of IP communications. “In the rush to simplify building applications for IP, people lost sight of the security and quality of service that were always givens in networks of old,” said Ralph Havens, president of Marconi Federal. “You could actually trace circuits in their entirety from one end to another, and you could guarantee a lot of security by preventing physical access to facilities.
“ATM preserved this level of security with virtual circuits that are managed end-to-end. But IP packets flow here and there, and you don’t know how they get to where they’re supposed to be. There is efficiency and convenience with IP, but there is no way to audit or constrain the packets. This presents a security risk,”Havens said.
Ericsson acquired Marconi in early 2006.
The government’s IPv6 mandate appears to be informed by two related factors: IPv6 represents the technological wave of the future, and, because of the growing ubiquity of IP, it is cheaper to operate and maintain than ATM.
“Many networks in Europe and Asia are already running IPv6,” said Mike Warfield, senior researcher at Internet Security Systems. “The United States is still in the Internet stone age as far as IPv6 goes. That is why OMB wants to push the U.S. government towards IPv6, out of fear that we are losing our technological edge, and to stay up to date with the Europeans and Asians.”
“IP is more prevalent than ATM worldwide, so in long run it will cost the Defense Department less,” said Mike Guzelian, director for network security products at the information assurance division of General Dynamics C4 Systems. “In the long run, that makes IPv6 the right answer, even though everything they want out of IPv6 they could have today with ATM.”
NO TIMETABLES
Industry participants and observers sense ambiguity in DoD policy on the subject. “We understand that IP is coming, but we don’t see a single focused policy,” said Havens. “The Defense Department’s focus and direction appears to be a transformation to IP, but we don’t see a single integrated policy with all of the whens, wheres, and hows.” “There are no timetables in place, and we’re not really transitioning. We will still maintain our ATM networks for quite some time,” said Bruce T. Bennett, an electronics engineer with the Terrestrial Networks Engineering Division of the Defense Information Systems Agency (DISA).
That should be good news for DoD suppliers of networking equipment and services, many of whom believe that a 2008 deadline for transition to IPv6 is not feasible. “It’s not doable because the certified encryptors for IPv6 that we are working on will be released around the same time frame,” said Guzelian. “It’s going to take a year or two for the Defense Department to go through its testing. Then they’ll have to update all the switching and routing equipment. There’s not enough manpower to do that overnight. You just can’t flip a switch.”
Ahmed Abdelhalim, director of serviceprovider products at Foundry Networks, agrees. “It must be phased in slowly by deploying new equipment and interconnecting it with the existing infrastructure,” he said. “You can start rolling out the IP infrastructure by gradually adding new users by default and expanding the new infrastructure at the expense of the old.”
For Glen Hunt, senior analyst at Current Analysis, there is no point in rushing to implement IPv6 because the applications are not quite ready for prime time. “To decree a transition to IP is one thing,” he said, “but to actually see technology that supports applications that the military needs is another. Cisco, Juniper, Alcatel and others are all playing strongly in the IP router space and are doing a number of IPv6 trials. But it’s not like IPv6 will be ready tomorrow. It’s going to be a mixed bag for some time to come.”
In the meantime, industry is working at several different levels to smooth the evolution. “Until recently, there was no way to encrypt 10 gigabit IP streams,” said Hunt. “Appliances are now coming on the market that take 10 gigabit IP traffic, convert it to ATM, send it across the network and reconvert it on the other end back to IP. These developments that have taken in place in the last 12 months or so set the stage for the continued transition to IP.” More reliable and intelligent IP routers and switches will also facilitate the transition, Hunt said.
“IPv6 beta version software is emerging from labs and being put out onto networks so that users can kick the tires,” said Guzelian. “Encryption interfaces for PCs and multilevel work stations make it possible for a single machine to carry secret and unclassified traffic. A single user could maintain a secret connection with the Pentagon and with coalition partners at the same time while keeping everything separate.”
“We are building on-ramps and gateways to ATM networks to help with the evolution that will eventually shut down one network and switch to the new one,” noted Marconi’s Havens. These new Marconi products include IP routers with ATM interfaces and enhanced IP encryption devices.
“It’s really up to us in industry to provide the justification to accelerate a move to IPv6,” said Ed Bursk, vice president of Alcatel Government Solutions. “At Alcatel, we’re committed to IPv6 for growth, performance and enhanced application benefits. We look forward to working with the decision makers in DoD and across the government to understand why and how to implement IPv6 to improve their net-centric and converged applications, taking advantage of IP TV and IP video, IP telephony and service-oriented IP data networking.”
TRANSITION SAVINGS
If, as appears to be the case, the military is moving to IP for reasons of cost and efficiency, “it’s probably advisable to move to IP as quickly as possible, bearing in mind two issues,” said Tom Nolle, president of CIMI, a technology consulting and analysis company.
The costs of transitioning to IP, Nolle cautioned, “involve riding down the old gear as well as bringing in the new. “Transition also involves altering the behavior of the network,” he added. “That may delay the transition until it is determined whether this impact is measurable and significant.”
In the long term, running IP networks will provide DoD with significant costs savings, Nolle contended. “Bringing up and running an IP network versus an ATM network of the same capacity involves a cost differential of 30 percent to 40 percent in favor of IP,” he said. “Assuming network administrators and operational personnel have equal levels of skill, operational costs run about 15 percent to 25 percent in favor of IP.”
Security issues will play little role in much of the traffic carried on military networks, Nolle noted, estimating that 60 percent to 70 percent of the traffic is similar to the traffic carried on private sector networks.
“A lot of it is administration and bureaucracy,” he said. “I think that DISA’s strategy to transition to IP is probably going to hold sway for most military processes. There are some specialized networks involving military and intelligence applications where the transition has not yet occurred, and, in the case of some intelligence applications, where the transition might be resisted.”
Nolle said he expects a fairly thorough transition of warfighter support applications to a secure IP environment, but that there will likely be significant pushback from users and administrators of intelligence networks. Some in the intelligence community refuse to accept the level of security offered by IP, Nolle said.
“IP was initially designed by DARPA [Defense Advanced Research Projects Agency] as a closed community,” he said. “When IP was opened to commercial uses, it destroyed the notion of physical security at network end points. The Internet Protocol has not fully evolved to deal with this issue.”
Intelligence types are also concerned about the possibility of advertising false routes to the network with IP and the fact that IP packet routing is chaotic. They may also perceive IP encryption as inadequate for intelligence purposes.
“In the main, I can’t think of any area where transition to IP would not be the right answer from a cost perspective,” said Nolle. “The only exception would where there is very expensive equipment in place that does talk IP and that would be extremely expensive to adapt to an IP network.
“But if you look at the long term, all equipment eventually becomes obsolete, and, as that process progresses, the obsolete equipment will be replaced by equipment that is compatible with the IP environment. At the rate the military moves, in five years, the great majority of non-IP equipment will be gone and in 10 years, it will likely all be gone,” Nolle said. ♦.
