View
219
Download
0
Category
Preview:
Citation preview
Bundesministeriumder Verteidigung
Abteilung Modernisierung
IPv6 Adress Policy
for German Bundeswehr
LTC Jörg Wellbrink, Ph.D.
BMVg M II / IT 4
Bundesministeriumder Verteidigung
Abteilung Modernisierung
Current Missions
German Armed Forces
Bundesministeriumder Verteidigung
Abteilung Modernisierung Network Centric Operations
Bundesministeriumder Verteidigung
Abteilung Modernisierung Networking Responsibilities
•-Rollout
•
München
Strausberg
BonnWahn
Dresden
Erding
Diepholz
Husum
Regensburg
Stuttgart
Ulm
Sigmaringen
Karlsruhe
Veitsh.
Fritzlar
Erfurt
Lingen
D‘dorfMünster
Koblenz
Kiel
Mainz
Garlstedt
Neubrandbg.
Leipzig
Bayreuth
Sonthofen
Gerolstein
Germersheim
Gießen
Washington
Hamburg
Berlin
Euskirchen
MunsterAurich
WHVRz
Wiesbaden
WHV4.Einf.
Potsdam
Rheinbach
Rostock
Rostock Seehhafen
Gelsdorf
Skt. Augustin
Mbit
Mbit
Mbit
Hannover
Augustd.
Kastellaun
•-Rollout
•
München
Strausberg
BonnWahn
Dresden
Erding
Diepholz
Husum
Regensburg
Stuttgart
Ulm
Sigmaringen
Karlsruhe
Veitsh.
Fritzlar
Erfurt
Lingen
D‘dorfMünster
Koblenz
Kiel
Mainz
Garlstedt
Neubrandbg.
Leipzig
Bayreuth
Sonthofen
Gerolstein
Germersheim
Gießen
Washington
Hamburg
Berlin
Euskirchen
MunsterAurich
WHVRz
Wiesbaden
WHV4.Einf.
Potsdam
Rheinbach
Rostock
Rostock Seehhafen
Gelsdorf
Skt. Augustin
Mbit
Mbit
Mbit
Hannover
Augustd.
…
…
• - -- -
…
…MobKommSysBw
future IP based
networks
e.g. MANETs,
SDR
Digital
radios
TETRAPOL
IP
cable & radio links
NWM
local area
networks
/access
level
deployable access
networks,
CCIS
•
•
•
•
SATCOMBw
NOC
GatewaysTDM, ISDN
wide area
networks/
core level
• -• -
BWI IT Service
(Contractor)Bundeswehr
Bundesministeriumder Verteidigung
Abteilung Modernisierung
MobKommSysBw
is a complete deployable network solution,
which is the central element and enables network-centric operations of mobile,
tactical networks to be carried out at all command levels, using links with the home
country, allies and partners.
Nowadays, the MobKommSysBw solution is extremely important for Bundeswehr
abroad missions. In a theater of military operation MobKommSysBw provides with
services which are usually delivered by ISPs in civilian and industrial sectors.
Consequently, this military solution is for the first time relying entirely on IP-based
civil communications standards, e.g:
� IPv4, IPv6 (dual stack approachdual stack approach)
� ISIS, BGP
� MPLS ( 6VPE6VPE, VPLS)
� VoIP (SIP, SRTP, CUBE)
Mobile Communication System Bundeswehr
Bundesministeriumder Verteidigung
Abteilung Modernisierung
6VPE6VPE
MobKommSysBwin a theater of military operations in a theater of military operations
System Unit System Unit
Network Management Unit
Master
Network Management Unit
Slave
Transmission Networkse.g. satellite-, radio-based,
cables links
Access
Networks
VANx VANy
Home Backbone
of the Bundeswehr
NOC
MobKommSysBw - Overview
Bundesministeriumder Verteidigung
Abteilung Modernisierung Address Concepts 1(3)
� Basic Requirements for Deployment� at least 8 strategic missions (theaters of military operations)
� long-term coexistence (dual stack)
� centralized and concurrent management from the NOC in the Homeland
� no NAT on Edge/Peers
� Special Access Networks� numbers of Access Networks is not specified (>>10)
� Scalability and Transparency
� varying amount of addressable end-devices(up to 4000 in one Access Network)
� varying amount of addressable sensor- and special-segments(small independent networks)
� autarchy as fallback
� each Access Network could demand an own (MPLS-)VPN
Bundesministeriumder Verteidigung
Abteilung Modernisierung Dr. A. Tarhanjan (contractor)Network Solution Architect – MobKommSysBwCCIE/CCDP/CCIP/CCNP/FNCNP/JNCIS-E/JNCIS-M
Interne Links
GigabitEthernet
E1 / nx E1 / E3
FastEthernet
mpls-vpn
multi-vrf
System-Unit
A B
C D
LER
LER
E1 / S2m / S0 FastEthernet
Interne Links
GigabitEthernet
E1 / nx E1 / E3
FastEthernet
mpls-vpn
multi-vrf
System-Unit
A B
C D
LER
LER
E1 / S2m / S0 FastEthernet
Bundesministeriumder Verteidigung
Abteilung Modernisierung Address Concepts 2(3)
� Landmark decisions
� Reserved BGP 2-Byte-AS #
� 64500 + MiMiMiMi*100 (Mi = 1..8)
� 6xN01-6xN59 Access Networks German Army
� 6xN60-6xN89 Access Networks & Peering partners
� 6xN90-6xN99 reserved
� IPv4 from RFC1918
� 10.x/12 for KommSysBwEins
� 10.128+MiMiMiMi.0.0/16 for each mission � MobKommSysBw
� 10.128+MiMiMiMi.x.x/20 for internal / core structures
� 10.128+MiMiMiMi.y.y/20 or /22 for each Access Network
Bundesministeriumder Verteidigung
Abteilung Modernisierung
IPv4 to IPv6 ≡≡≡≡ 1:1
„Transition & Translation“
ipv6 general-prefix GenPref xxxx:xxxx::/32
ipv6 general-prefix Mission xxxx:xxxx::/40
! P2P Dual-Link /64 /128
ipv6 address Mission::”ipv4-net”::xxxx
! P2P IPv6 only
ipv6 address Mission::“ipv6net”::x/126
! Loopbacks
ipv6 address Mission::”ipv4”::”identity”/128
! Populated segments (e.g. VLANs)
ipv6 address Mission::”ipv4-net”::/64 eui-64 SLAAC + DHCP
! static addresses for SERVERS only (analog ipv4)
Bundesministeriumder Verteidigung
Abteilung Modernisierung
General (hierarchical) IPv6-structure
KommSysBwEins
/32
/36
/40
/48
/56
/64
SUBNETSSUBNETS
Per UNITPer UNIT
addressable
units
(e.g. SiaS)
addressable
units
(e.g. Access Networks)
65536subnets
256subnets
KommSysBwEins
MobKommSysBw
Access Networks
autarky
(w/o MobKommSysBw)
ad-hoc networks
/etc/
Bundesministeriumder Verteidigung
Abteilung Modernisierung
Address Concepts 3(3)
VANBw example
� IPv6 Global Unique Prefix /32 for KommSysBwEins
� /36 for MobKommSysBw
� /40 for each mission
� /48 for each Access Network e.g. VANBw
HEX 8 EL 4 0 0 0 0 0 . . . 0BITS 1000 xxxx 0100 0000 0000 0000 0000 0000 . . . 0000
KommSysBw Eins
Global Unique Prefix Mission VANBw#1VANBw#116bits
for subnets
/32 /64
min.
24bits (16M)
for hosts
HEX 8 EL B 0 0 0 0 0 . . . 0BITS 1000 xxxx 1011 0000 0000 0000 0000 0000 . . . 0000
HEX 8 EL C 0 0 0 0 0 . . . 0BITS 1000 xxxx 1100 0000 0000 0000 0000 0000 . . . 0000
HEX 8 EL C 4 0 0 0 0 . . . 0BITS 1000 xxxx 1100 0100 0000 0000 0000 0000 . . . 0000
KommSysBw Eins
KommSysBw Eins
KommSysBw Eins
-- -- --
-- -- --
VANBw#8VANBw#8
VANBw#9VANBw#9
VANBw#10VANBw#10
/48
Bundesministeriumder Verteidigung
Abteilung Modernisierung Question and Answer
Recommended