IPv6 and IPv4
Mobile Networking Demonstration
Demonstrations will occur on the half hour throughout the day. There will be two mobile units, a large mobile networking experimental van and a conversion or minivan. The large van will have the IPv6 network onboard and will have connectivity to the world via a T-Mobile network and the Globalstar satellite constellation. This van can safely transport 4 participants/observers a driver, and a guide. The conversion van will should be able to handle at least 4 participants/observers as well as a driver and a guide.
A booth will be set up in the ICNS exhibition area to explain the IPv4 and IPv6 networks prior to going on the road and to show off some of the technology pieces (encryptors, antennas, and routers). Communication via the Internet to the mobile units will also be available from this booth.
Monday, April 26 – Transport mobile units from
Tuesday, April 27 – live demonstrations on the half hour (sign up suggested)
Wednesday, April 28
– All day off-site demonstrations in
Thusday, April 29 – live demonstrations on the half hour (sign up suggested)
Friday, April 30 –
Transport mobile units from
IPv4 Network (Figure 1)
In the IPv4 mobile networking demonstration, Cisco IPv4 Mobile Networking IOS code is utilized. The mobile router is attached to two different wide area networks using current cellular technology. Both Sprint and Verizon networks are utilized in order to show handoffs between diverse networks as well as used of sharing network infrastructure while still maintaining a secure mobile network. WiFi may also be utilized if available – however, NAT transversal requirements may preclude use of WiFi for this demonstration due to the limitation of the current code build we will be using. NAT/PAT transversal problems have been solved recently, but may not be available in the 3250 image in time for this demonstration.
The “secured mobile LAN” appears to the world to reside “inside” the protected NASA Glenn Research Center (GRC) network and is forced to follow ALL the security policies of the GRC internal network (For example, PINGs will not work to machines on the Internet.) User operating from the secured mobile network will pass through the GRC proxy when corresponding to nodes on the Internet. In addition, nodes on the secured mobile LAN can initiate communication to nodes inside the GRC internal network. All data coming from the secured mobile LAN will be encapsulated in an IPSec tunnel destined for the Cisco PIX firewall unit located on the GRC External Services Network.
The mobile router address space resides on the GRC External Services Network, the ESN. The ESN resides inside the GRC firewall and rules have been established between the mobile network team and the GRC security team to ensure that only data on this subnetwork is treated as with the following rules:
Because of these firewall rules, any machines on the “unsecured mobile LAN” can only communicate with the remote controlled camera or hosts residing on the Home Agent ESN subnetwork.
In figure 1, the heavy black lines indicated IPv4 unsecured open network connections. These connections correspond to unsecured network, also known as the “BLACK” network – the portion of the network that transports the “cipher text” or encrypted information. The heavy red lines indicate the secured closed network. These connections correspond to the secured network, also known and the “RED” network – the portion of the network that contains “clear text” or unencrypted data.
Figure 1 – IPv4
IPv6 Network (Figure 2)
In the IPv6 mobile networking demonstration, Cisco IPv6
Mobile Networking IOS code is utilized.
This code was developed by the Cisco development team in
Since the current backbones systems are IPv4, all IPv6 network clouds are connected via 6-to-4 tunnels. Thus, Eurocontrol , Computer Networks and Software Incorporated and NASA’s IPv6 networks are all connected via 6-to-4 tunnels. Note, this does not effect of distract from the IPv6 mobility demonstration.
In the IPv6 demonstration, all IPv4 and IPv6 networks are, for the most part, open networks. Some firewalls and minimal security is in place, but securing of this network is not an emphasis of this current IPv6 mobile network demonstration. The HAIPE-capable encryptors are in place to simply demonstrate the capability to secure these networks. Note, the BLACK and RED networks are tied together. This is obviously not permissible in an operational deployment.
Figure 2 illustrates the mobile IPv6 network configuration and associated connections to the IPv4 backbone. In figure 2, the heavy black lines indicated IPv4 open network connections. The two heavy red lines indicated “clear text” data prior to encryption. The blocks marked “Z” are the HAIPE-capable encryptors. The heavy green lines and everything colored green is in the IPv6 network. Note, the IPv4 mobile LAN is mobile simply because it is attaché to the IPv6 mobile router. Thus, mobility occurs via IPv6 mobility. The mobile IPv4 LAN was implemented to allow users to connect to applications that they are use to utilizing (Web browsing, email, instant messaging, etc…). Current applications for IPv6 are rather limited relative to IPv4 applications as are the number of hosts one can communicate with.
Figure 2 – IPv6
In the IPv4 mobile network and via the IPv4 mobile LAN, any application can be run. However, link bandwidths are limited, particularly when considering that this is an entire network in motion. Thus, applications such as streaming video can bog down the network. We have place no QoS controls on the network for this demonstration. However QoS techniques could be implemented for operational deployments.
In the IPv6 mobile network, applications are currently rather limited. One of the easiest applications to demonstrate is Web Browsing. If you can connect to a Web browser, you can pretty much do anything.
For additional information on mobile networking and virtual mission operations see:
A 2.4 Mbyte Microsoft PowerPoint presentation that animates the data flows for the IPv4 and IPv6 networks is available at the following URL:
Last Updated: March 19, 2004