Executive Insight with Douglas Roseboro: FAA’s Experience Incorporating IPv6
Douglas Roseboro, Director of IT Research and Development and Chief Technology Officer for the Federal Aviation Administration, was a featured speaker on Oct. 13 at Digital Government Institute’s 5th annual Government IPv6 Conference. His topic: Agency Transition Case Study: Lessons Learned - Next Steps. Read DGI’s interview with Douglas:
DGI: What’s the FAA’s experience incorporating IPv6 into its operation?
DR: The FAA began incorporating IPv6 using a core out strategy to transition the WAN backbone. Recently, the strategy changed to an edge to core strategy, this was done in response to the OMB deadline of September 2012. The focus has been on ensuring external parties can access FAA external facing websites and applications to obtain desired information.
The FAA experience incorporating IPv6 into its operations started with the WAN backbone transition. We requested an executive sponsor to champion the project, the CTO was selected. We developed a high level strategy and transition plan to be part of a communications plan. The communications plan objective was two-fold 1) justify the need for the FAA to transition to IPv6 2) gain executive sponsorship and buy-in. Initially in 2005, there was no available funding for IPv6 and the OMB mandates for backbone compliance was December 2008. There were a couple of years before any demonstration milestones; this allowed the use of technology refresh and procurement policy to buy equipment. The FAA has a four year IT technology refresh cycle, it actually varies between a 3-5 year technology refresh cycle. This allowed the procurement of IPv6 compliant equipment to replace older equipment using technology refresh. The strategy to consider IPv6 compliance in procurement of any network or communication equipment was approved. The CIO issued an IPv6 Procurement Memorandum. We formed an IPv6 Working Group (IPv6 WG) with lines of business (LOB) s who would be impacted by IPv6, required training, and to identify other IPv6 impacts. There are a number of OMB mandates that impact each other. We try to integrate solutions where possible. This means there are a lot of things to consider; for example, Trusted Internet Connections (TIC) – traffic flows across internet access, and FDCC (Federal Desktop Core Configuration)-Desktop Configuration.
DGI: How long does it take to implement IPv6? Where should agencies be right now?
DR: How long to implement IPv6 is dependent on the transition scope and the size of the infrastructure. However OMB has layered the scope of IPv6 timelines for agencies. Ideally agencies should start planning pilot projects, training network engineers and system administrators, and begin testing the integration of IPv6 and IPv4 coexistence. Testing must be thorough and extensive and hence will need a lot of time and effort to ensure a secured and smooth transition.
The real work goes beyond backbone and network transition. You have to do an inventory of applications, systems and websites. Once you have that inventory, then you develop an Ipv6 Implementation Plan. You need a waterfall schedule for transition of each entity to be IPv6 compliant.
Since August 2005, we’ve had a dedicated IPv6 project with at least one dedicated person. We developed an IPv6 compliant inventory and a milestone Implementation Plan. At this point, you should be reviewing an IPv6 asset inventory, milestone implementation plan, and determine the longest pole in tent; such as, compliance issues with routers, firewalls, network monitoring devices, IDS. You must ensure IPv6 transition of anything to help communicate in a safe and secure manner.
DGI: What kind of help can an agency expect from the government? Should an agency have a vendor already in place? Is it too late to shop around for a vendor? Are vendors already under contract to an agency able to step up and help adopt v6?
DR: OMB has provided Federal agencies with IPv6 Transition Guidance, Strategy and Transition templates, benchmarks and an IPv6 Task Force WG that meets on a monthly basis.
OMB instructed NIST to provide IPv6 standards and guidance and also determines under that guidance what products are IPv6 capable. NIST has established an USGv6 Test Program and partnered with third party labs such as University of New Hampshire to validate vendors’ products’ IPv6 capabilities against NIST’s specifications.
Also, OMB directs GSA to help ISP providers to offer IPv6 connectivity services and support through the Networx contract and MTIPS contracts. OMB is in the process of updating the IPv6 roadmap document to guide the agency’s planning and deployment of the IPv6 capabilities.
OMB Federal IPv6 Task Force reviews any issues agencies encounter to help with resolution. NIST USGv6 has a testing program to develop a list of IPv6 certified components.
DGI: Should an agency have a vendor already in place?
DR: Most agencies have vendors under contract that support network operations. They should be part of the team to develop strategy, address allocation plans, requirements gathering and validation.
DGI: Can you give us five tips for an agency to follow to meet the Oct. 1, 2012 deadline for implementing v6?
DR: Agencies should have started the transition. They should have a strategy plan for all of their components. They should have an address allocation plan and plans for a test lab.
- Have a strategy and transition plan. Look at your agency and how you communicate using IT and the internet. You need a strategy at a very high level. Sell it to the executives at your agency. You need an executive champion who will help you sell the plan.
- Do an IPv6 asset inventory – all of the components that you have that are compatible or non-compatible so you can look at vendor roadmaps. For each product, what does the future look like? You need to know when those products become IPv6 compatible. Ideally set up an asset inventory tracking system, if possible. The status of the inventory is changing dynamically. The ability to track which asset still needs upgrade and which ones are completed at real time is a valuable tool to stay on top of the deployment.
- Develop an IPv6 Implementation Plan, the milestone plan where you determine the type of training, how you are transitioning your backbone, systems, and websites. The plan should identify a few pilots for early implementation. Select easy to implement pilots to provide the experience and opportunity to establish support for mass implementation. Establish a Tiger Team to jump start the deployment and then a Center of Excellence to provide ongoing technical assistance, trouble shooting and problem resolutions especially for security and performance related issues. Update EA to establish IPv6 standards for the agency and incorporate these standards as part of the core requirements for new networked IT purchases. This will help in avoiding purchasing of obsolete networking equipment.
- Develop an IPv6 address allocation plan. There are a lot of different ways to do routing of addresses, make a determination as to what type of routing you are going to do and how to prevent hacking.
- Develop an internal test plan for each of the products. You need to be able to test those products in a laboratory environment before transitioning to an operational environment.