The Challenges of Transition –The Move from ATM and IPv4 to IPv6
By Mike Guzelian and Charles Limoges
General Dynamics C4 Systems

Formidable challenges face the transition from ATM and IPv4 to IPv6. Chief among them is maintaining and ultimately improving quality of service for network environments with increased complexity, higher operating speeds and assured end-to-end security regardless of network, application or location.

Quality of service was built into ATM networks by allowing users to prioritize more important traffic over less important traffic. Compared to ATM, prioritization in IPv4 is not well supported, but IPv6 should level the playing field. IPv6 has been designed with enhanced quality of service mechanisms that will allow advanced quality of service schemes to be deployed. As IPv6 improves IP network performance and versatility, it will also add complexity to the network, so every piece of in-line equipment will need to keep pace to ensure a smooth transition. This includes the element of network security that must keep quality of service robust. This is especially true when it comes to the complex requirements for Type 1 encryption.

When it comes to network speed, ATM has historically had the advantage, as 10-gigabit communications are not uncommon. One of the factors that make ATM so fast is its 48 byte, fixed length data unit called a cell. The consistent cell length makes switching between communication paths quick and simple. On the other hand, IP packets vary in size and can range from very small voice data payloads, to very large file transfers. ATM is efficient for small amounts of data as it was designed to support voice. IP provides greater overall flexibility and less overhead for large amounts of data.

Securing the Information
When transitioning from ATM to the IP environment, information can still be protected, but because of the way packets are handled at high operational speeds, things become more difficult. For instance, when you're on an ATM network, you only have five bytes of header information. These five bytes contain origin information and tell the cell what path to take to the end destination. There are a very limited number of things that can be scrambled in the header without disrupting the cell’s path to its destination. You can encrypt the payload, the data or information portion of the cell, but little or no change can be made to the header.

It’s a completely different story for IP. From a security point of view, it's risky to allow information about the origin and path of the data to pass unencrypted. To make it secure, the entire packet, with all its header information is encrypted and a new header is added. This adds overhead to every IP packet, but the origin and data path are completely protected. As IPv6 is deployed there will be an additional challenge because addresses will be longer, increasing the size of the data again. Since we already know that information in IPv6 packets will be larger, the industry needs to be certain that all of the information, including quality of service, is copied correctly.

With more information to be examined in the IPv6 environment, internal encryption processing speed will become even more important to support line-rate traffic. In fact, information processing will have to be exceptionally efficient to minimize the time lag in processing large time-sensitive files like voice and video. It must also be robust enough to handle applications ranging from an office environment, to a comms-on-the-move HMMWV, to the warfighter operating anywhere on the planet.

General Dynamics Approach to Security
General Dynamics has developed and continues to develop products that will accommodate the transition from ATM to IP to IPv6. Today, we have more than 70,000 network encryption products deployed worldwide, providing the fastest NSA certified Type 1 ATM and IP encryptors in the market. For instance, the FASTLANE® ATM encryptor operates at up to 10 gigabits per second (20 gigabits per second aggregate), and the TACLANE™-GigE IP encryptor operates at 1 gigabit per second (2 gigabits per second aggregate). Extremely efficient, these encryptors operate within 0.2% of their theoretical limit for any given packet size. In other words, if you can only get so much data through the pipe, we operate within 0.2% of that limit.

As the Internet becomes the preferred communication medium for almost everything, users expect instant communications regardless of what they are doing or the size an email attachment. As network speed and complexity increase, we have introduced solutions for multi-level security to fit changing network requirements. Another factor to consider is how networks will expanded and change overtime. With the deployment of the Global Information Grid-Bandwidth Expansion (GIG-BE) and other similar systems, networks will encompass the planet and reach into space making remote management, upgrades and programming essential in and from the field. An example of how we are getting ready for the future today is our current effort to develop software upgrades to Version 3 of the High Assurance Internet Protocol Encryptor Interoperability Specification (HAIPE IS). Our goal is to deliver “what’s next” in information security to our customers — from the core of the system to the edge of the network.

A Final Comment
Collaboration between government agencies, the DoD and industry will make transformational efforts, including the transition to IPv6, crypto modernization and Version 3 of the HAIPE IS, more efficient and effective. An example of successful collaboration comes from important work that has been accomplished so far from the HAIPE IS working group. Applying the output from those meetings and work sessions, General Dynamics’ is already prototyping and demonstrating Type 1 encryption technology for IPv6. By working together, it’s possible to future-proof information security in support of the government’s overall investment in command, control, communications, computing products, networks and global systems.
.