Friday May 11, 2012

Solaris and IPv6

I work with my federal government and US DoD customers, and I'm frequently asked whether Oracle product X is IPv6:

  • Enabled
  • Compliant
  • Certified
  • DoD Certified

This is because the Federal Acquisition Regulations require that the government purchase IPv6 compliant products. 

Unless the agency Chief Information Officer waives the requirement, when acquiring information technology using Internet Protocol, the requirements documents must include reference to the appropriate technical capabilities defined in the USGv6 Profile (NIST Special Publication 500-267) and the corresponding declarations of conformance defined in the USGv6 Test Program.  

 Let's examine each of these adjectives one by one.

  • Enabled is clearly the lowest bar to hurdle.  A vendor could implement one or two RFCs in the IPv6 spectrum and claim that they are "enabled."
  • Compliant is a little more of a problem.  Compliant with what?  There are  many different RFCs related to supporting IPv6.  Are you compliant if you support DHCPv6 but not IKEv2?  Are you compliant if your device is a web server but doesn't support DHCPv6 because it's not applicable?  It appears from the statement above that the FARs require that the CIO of an organization determine WHICH capabilities from the USGv6 profile are required by a particular product. The USGv6 profile ONLY list requirements for hosts, routers and network protection devices.
  • Certified.  By whom? Against what list of RFCs?  How recently and on what versions?  If a version changes from 5.1 to 5.2, is it still certified?
  • DoD Certified.  This would be handy if the DoD, in fact, had an IPv6 certification program.  It did at one time through the Joint Interopability Test Command (JITC), but apparently they determined that attempting to test every OS and device that the DoD might buy was a Sisyphean task. To quote their web page, "DoD no longer requires a stand-alone IPv6 certification." Several years ago Sun paid them a large amount of money, loaned two server and a person in order to receive our certification for Solaris 10. 

At the DISA mission partner conference this week, I attended a presentation by the DoD IPv6 Transition Office.  The slides are available online.  I asked the speaker if there is an "accepted" way of advertising IPv6 compliance and received no answer.  He has promised to get back to me, however. 

Oracle is a very large company with an extensive production encompassing storage, servers, thin clients, databases, middleware and application.  I have found no single resource documenting the IPv6 status of every product.  I can tell you, however, that Solaris 10 and Solaris 11 have successfully completed the USGv6 testing by the UNH Interoperability IPv6 test facility and the results are posted at their site.

As for Oracle Linux, it is fully compatible with Red Hat Linux 5 and 6 which has already been tested by UNH as well. 

Note:  I intended to provide additional references on USGv6 profiles and "Suppliers Declaration of Conformance" but the NIST web page seems to be in disrepair and the pages are not available. 

About

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today