6Sense: Generating New Possibilities in the New Internet.
Produced by: IPv6 Summit, Inc.

Real Time Validation and Support for IPv6 Implementations
using the Spirent Federal ClearSight Analyzer
by Tim O'Neill
Director of Business and Technology Development
ClearSight Networks, Inc.

Introduction
IPv4 is being augmented by IPv6. The lack of current IPv4 addresses and the IPv6 promise of easier administration, tighter security and an enhanced addressing scheme are forces that cannot be ignored. The federal government's goal is to complete the transition to IPv6 for all inter and intra networking across the Department of Defense (DoD) and all government agencies by FY 2008 . DoD is already testing IPv6 implementations, and now there is a directive from Office of Management and Budget that all 22 federal agencies must be IPv6 "capable" by 2008.

If you're responsible for a US government network, a primary concern is the impact on your overall network performance as a variety of IPv6 applications are introduced onto your network. Consequently, a systematic and repeatable test methodology is required for measuring the network performance with current and new applications. This article explains the steps of that methodology and how Spirent Federal's ClearSight Network Analyzer can be used to validate the results and substantiate your migration.

You have already made the big decision between building a new network specifically for IPv6 or migrating IPv6 into your current IPv4 network. Now you are ready for the five basic process steps of a new technology implementation:

  • Understand
  • Decide
  • Test
  • Deploy
  • Manage

Step 1: Understand
The first step in any new implementation will be to understand what is currently on your network. Current benchmarks of the IPv4 protocol traffic must be obtained so they may be compared with the new IPv6 traffic. Any applications that will be converted should also be baselined (i.e. response times). If this information is not currently available, ClearSight Analyzer, a native mode IPv6 solution, offers an IP test tool that will assist you in the visualization, measurement and troubleshooting of your applications and TCP/IP protocols.

Recommended measurements for the network in general:

  • Application distribution. See Figure 1.
  • Average throughput of each application that will be ported to an IPv6 compatible application. See Figure 2. The ClearSight Analyzer supports VoIP, video, database, security and Internet applications in real time.
  • TCP retransmission rates. See Figure 3.
  • Ratio of connection-oriented (TCP) traffic to connectionless traffic (UDP). See Figure 4.
  • Amount of multicast traffic for both IPv4 and IPv6. See Figure 4.
  • Amount of ICMP traffic comparative stats for IPv4 and IPv6. See Figure 4.
  • Typical IP and application connection times for both IPv4 and IPv6. See Figure 4.
  • PIM/SM multicast MLD, join prune effects (hysteresis) for both IPv4 and IPv6. See Figure 6

Figure 1 – Real Time Monitor > Network > Charts Tab

 

Figure 2 – Real Time Monitor > Application > Summary Tab (Sample view)

 

Figure 3 – Real Time Alerts > Issues and Problems Tab

 

Figure 4 - Monitor > Real Time Network > Overview Tab – IPv4 and IPv6 comparative statistics

Step 2: Decide
The next step in the migration process is to decide which applications will be translated to IPv6. While current choices are limited, more are being added every day. Research will have to be performed to find out which of the applications currently on your network have IPv6 counterparts. For those that do not, requests to vendors for implementation timelines should be made.

Once a decision has been made, you will need to be able to compare transaction speeds pre and post translation. This information will be invaluable for validation of the cost of the migration.

Recommended benchmark measurements for each application that will be migrated to IPv6:

  • Transaction throughput. See Figure 5.
  • TCP connection time. See Figure 5.
  • 1st Byte download times. See Figure 5.

Figure 5 – Real Time Network > Connections > Statistics Tab with IPv6

Step 3: Test
Now you are ready to test. Comprehensive testing is required for application performance, router/access device capacity and interoperability. Issues to be addressed during evaluation, benchmarking and installation include:

  • Interoperability between vendors
  • Conformance to IETF RFCs
  • Real-world performance – comparing IPv4 flows to IPv6 flows

It is recommended that all testing be performed in an offline lab. This will minimize the impact on the users during testing, making it easier to focus on finding the best migration method. Considerations for the migration method will be the timeframe for introducing each updated application, order of rollouts for departments/divisions and training requirements for stakeholders.

"The migration methods the IETF recommends are dual stacks and tunneling. The dual stacks method refers to IP nodes that support IPv4 and IPv6 protocols. The tunneling approach advocates running IPv6 packets over existing IPv4 infrastructures. Vendors say dual stacks and tunneling should minimize any migration snags for users."

Testing will also allow you to set management and user expectations. The nature of IPv6 connection times require a longer time than their IPv4 counterparts, however once the pipe is opened, download speeds are typically much faster. Expectations of the new network must be managed, or the project runs the risk of being terminated before it is even deployed. Using real statistics based on your real network environment will give invaluable feedback regarding your test. The most critical consideration during testing will be the steep learning curve for IPv6 protocols and their effects/issues on your model network. Plan for enough time for testing, benchmarking and training.

Recommendations during testing:

  • Start small and view results.
  • Test scalability.
  • Multicast – PIM/SM, OSPFv3, etc., understand join and prune effects. See Figure 6.

Figure 6 - Real Time Network > Network > PIM/SM MLD-Join Prune effect

Step 4: Deploy
Now you are ready to deploy new IPv6 enabled applications and protocols onto your network. It is critical that the same statistics that you monitored while testing, are even more carefully monitored during deployment. When unexpected errors occur, determining if the problem lies with the server, application or user is the first step in correcting the error. See Figure 7. The ability to view this information in realtime is critical, as waiting to capture and then view may mean waiting too long in many cases. In Figure 7, you can see that an error occurred, but not one that should concern us. Unless, of course, it happens continuously – a possible dictionary hack attempt.

Figure 7 –Real Time Monitor > Application > Detail > Conversation Flow

Step 5: Manage and Grow
The final, yet often forgotten, step in the process is management. Constant monitoring of any new implementation is required. Networks grow and change based on many factors: users add new equipment without asking, patches do not always perform as promised, firmware and software upgrades affect production in unexpected ways, etc. What events are robbing your network of time and bandwidth? See Figure 7. Why does the response for this neighborhood solicitation take more than 41 seconds?

Figure 8 – Monitor > Network > Host > Conversation Tab

Conclusions
IPv6 is a must for our future. The entire infrastructure, not just your network, must evolve to make it happen! This is not a "plug and play" technology. There will be a large and challenging learning curve not only for the IT staff, but management and users as well. Expectations must be managed or the project could have serious difficulties. Management is essential to assure that your deployment is meeting expectations as well as to note changes in the behavior of your network. You must keep the network running and maintain scalability for growth.

Visualization is a must for your monitoring and troubleshooting tool. Realtime monitor and analysis is essential. The new networks are too dynamic for the old capture and decode model. Find the events that are stealing your network's time and bandwidth. Work with companies that have partnered to bring you the best overall test, deployment and management support.

You can do with IPv6 what you could do with IPv4…only better!

Spirent Federal is the sales channel for ClearSight products into the government. For further information on Spirent Federal, please contact Jim Jordan at jim.jordan@spirentfederal.com.