Building a Sturdy Platform for Government's Internet Presence

December 2011
Topics: Network Protocols, Network Management
A MITRE team is helping the U.S. government migrate its websites from an overcapacity framework to the larger, more reliable Internet Protocol version 6.

Since the mid-1970s, when the Institute of Electrical and Electronic Engineers and the Defense Advanced Research Projects Agency designed rules for sharing data using networked computers, they knew that the protocol the industry ultimately used, Internet Protocol version 4 (IPv4), could accommodate approximately 4.3 billion unique addresses.

They also anticipated a time when computer users would deplete the supply. That time came in February 2011, when the Internet Assigned Numbers Authority distributed the final batch of IPv4 addresses to Internet service providers (ISPs) and their customers.

For the last three years, MITRE has worked with our government sponsors to migrate their information technology infrastructures and applications from IPv4 to its successor, Internet Protocol version 6 (IPv6). The new Internet Protocol is more flexible, manages data transmission with greater efficiency, and can accommodate what is essentially an infinite number of new users.

MITRE's Paul Colman is one of several engineers who have supported the migration of our government sponsors' Internet sites to IPv6. Colman, an enterprise architect, notes that most computers and some networking devices on the market can already operate on IPv6, but ISPs and clients have been slow to migrate to this new framework.

Soon, however, government agencies won't be able to choose when to change. Besides reaching the limits of IPv4, the government now mandates that its agencies move to IPv6 over the next three fiscal years. The U.S. Office of Management and Budget (OMB) has ordered that all government external-facing Web content be IPv6 compatible by FY 2012 and all internal-facing sites follow by FY 2014.

The Department of Defense and the U.S. Courts, with support from MITRE, were among the first to make significant progress toward completing their transitions. This year, the Department of Homeland Security (DHS) engaged the Homeland Security Systems Engineering and Development Institute (HSSEDI™) to lead that agency's migration as well. HSSEDI is the federally funded research and development center MITRE operates for DHS.

Reaching Back for Lessons Learned

For the DHS transition, MITRE planned the overall strategy, including the phases and the events of each phase, Colman says. MITRE provided a complete blueprint from planning through execution and testing, aided by lessons learned from previous migrations.

"What the HSSEDI team did was reach back to the people in MITRE who had done the technical planning for transitions that were well established," he says. "We used what we learned from those experiences to propose a strategy for DHS. One of the strengths of MITRE is that we can go to parts of the company that have dealt with other sponsors and draw from their experience."

Bruce Fakhari and John Riner, who managed the DoD's migration planning, helped SEDI's team with the DHS project. The team planned the overall strategy for DHS's transition and testing, and served as its representative to the OMB IPv6 task force in early 2011.

Project Lead Clarke Thomason and Information Systems Engineer Al Seamon and Network Systems Engineer Sham Chakravorty spent months drafting a statement of work, functional requirements document, design document, and program plan that define the approach to the DHS migration. They worked closely with the department's senior management to ensure that it outlined a reasonable, affordable, and practical approach.

A Worldwide Test of IPv6

A growing concern in IT circles is the glacial pace at which ISPs and other applications managers are making the switch to IPv6. While IPv4 will continue to function indefinitely, its growth, performance, and reliability will deteriorate under the weight of so many users.

With that in mind, the Internet Society (ISOC) sponsored "World IPv6 Day" to foster a sense of urgency among ISPs and provide an opportunity for any organization to test its infrastructure on IPv6, identifying unpredictable flaws in systems so they can be remedied. On June 8, 2011, MITRE and DHS were among nearly 500 organizations that tested their infrastructures on IPv6 for 24 hours. On that day, MITRE assisted in readying two DHS websites, and, for early migration testing. Colman says the agency selected those sites because of their usefulness to DHS' public visitors.

On World IPv6 Day, Fakhari and Riner used a MITRE collaborative lab to perform independent testing and analysis for DHS. They conducted parallel tests to compare with the results from World IPv6 Day, reported consistent and predictable behavior, and delivered a positive report to DHS. The test websites were readily available and functioned exactly as expected.

A Playbook for the Big Migration

As the DHS site migrations continue, Customs and Border Protection IT staff will act as the integrator, using the requirements document and the statement of work that the MITRE team developed.

Colman says MITRE continues to assist DHS with systems engineering oversight of all IPv6-related activities. The work is important, he says, because DHS has a very short history of experience with this technology.

"It's young and growing," Colman says, "and there's a lot of tension in its growth, especially in the way that the agency's components do business with one another. Because their IT staffs often work separately, no IT 'best-practices guide' exists for the whole department. What MITRE did is write them a playbook for migrating the rest of the department to IPv6."

—by Molly Manchenton


Publication Search