Migrating to IPv6
With deadlines looming, agencies need to get serious about upgrading their data networks to the next-generation IP
The Internet is quickly running out of space. To be exact, it’s running out of the IP addresses that define where systems and devices are on the network, which guide how the data packets get from one place to another.
The more than 4 billion addresses that the current IPv4 allows — a seemingly unimaginable number when TCP/IP was deployed in the early 1980s — now look hopelessly outmatched in a world that already counts one-sixth of the population as users and envisions phones, refrigerators and even the clothes on our backs as potential nodes on the network.
Workarounds — such as Network Address Translation, which allows a single server to act as the address for all the nodes on a local network— have helped extend the life of IPv4, but they introduce other complications. The real answer is to increase the number of addresses.
Who has to make the move to IPv6, and when?
Enter IPv6. This next-generation version of IP uses a 128-bit address space, just four times more than IPv4, but that boosts the number of available unique addresses to 3.4 x 1038. That’s enough so that each person on Earth can have 50 octillion (5 x 1028).
In addition, IPv6 offers more significant benefits than its predecessor in terms of network management, security and performance.
The question for government users is how to make the move from IPv4 to IPv6.
The Office of Management and Budget simplified those issues when it issued a directive in 2005 that required all government agencies to move their backbone networks to IPv6 by June 2008 — meaning they should operate either IPv4/IPv6 dual-stack network cores or operate them only in IPv6 mode — and that agency networks must be able to interface with them.
Agencies have to meet certain milestones before June 2008. By Feb. 28, most agencies had to give OMB details of their transition plans. By June 30, they have to complete an inventory of the IP-based applications and devices on their networks and an analysis of how they expect the move to IPv6 will affect them.
As they near the 2008 deadline, agencies will include progress reports as part of their regular, annual enterprise architecture submissions to OMB.
What will the transition cost?
That could be one of the hardest things to measure, and some advise not even trying.
“I think that’s a trap, because no one really knows,” said Frank Cuccias, program manager for Lockheed Martin’s IPv6 Transition Support Office. “You need to look several years ahead, account for the people who have to be trained, how much you’ll spend on lab and testing resources and so on.”
Lockheed Martin has been involved in IPv6 transition for five years yet still struggles with cost estimates. “None of the cost models people have come out with have panned out,” Cuccias said.
Generally, costs can be categorized as those needed for hardware and software, and those for staff and services. Some agencies could face higher costs if they’ve tried to subsist on old hardware that will have to be switched, but most will find a lot of their newer hardware is already IPv6-capable, said Tom Kriedler, vice president and general manager of Juniper Federal Systems.
“The cost ratio for most agencies will probably work out to 80 percent for staff and services and 20 percent for hardware,” he said.
Just don’t expect any extra money to fall into your budget to help with the transition. OMB said most agencies will have to fund the IPv6 transition from their existing IT budgets.
Who needs to be involved?
Agencies that assume they can hand this off to the IT department can quickly find themselves in trouble, because the migration has much wider implications.
“We look at IPv6 transition as something that affects all the mission, fiscal, operational and security sides of the organization,” said Leslie Allen, a senior associate at Booz Allen Hamilton. “IT falls into the operations category, so if agencies look at it as just an IT problem, then they will overlook some essential things.”
A central method of winning support is to show people what IPv6 means to them and how it changes the way they conduct their daily business, said Peter Tseronis, director of network services at the Education Department.
One of the angles he took was to show people what the larger IPv6 address space would mean for such things as teleconferencing and online collaboration.
“We did reach out to people outside of the IT shop to pull our [transition] team together,” he said.
What planning is needed?
By requiring agencies to inventory their current IP-aware hardware and applications, OMB has already pushed them well along the planning path.
“Even though it seems hard for many agencies to find the cultural pivot to do it, having an adequate and complete inventory is a must,” said Jim Payne, president of federal telecom at Bechtel National. “They also need to know what their carriers and service providers have, because their existing contractors and vendors will also need to be IPv6-compliant by 2008.”
That’s an important point, Cuccias said. Agencies can’t think of themselves as an island when it comes to IPv6 transition, he said. They have to think of themselves as a part of an island chain.
Agencies and organizations that rely on one another “must go ahead with IPv6 transition in lock step,” Cuccias said.
About 80 percent of the success of an IPv6 transition is in the planning, he said. Get that right and the rest of the migration will be fairly low-risk and low-cost.
Will IPv6 implementation require new equipment or can existing gear be upgraded?
Unless hardware is old and nearing the end of its useful life, in which case it will be replaced according to regular refresh schedules anyway, the good news is most systems can be upgraded relatively painlessly, said Tony Hain, Cisco Systems’ senior technical leader for IPv6 technologies.
“For such things as the higher-end routers, some items may need to be replaced, and for switches it might mean the supervisor card will have to be replaced,” he said. “But, for the majority of systems, all of that can be done as part of the regular upgrade schedule.”
Can existing staff handle the transition?
Using existing staff is not only possible, it is preferable, said Bruce Fleming, chief technology officer of Verizon Federal Network Systems.
“You have to put pilots in place to test all of these [upgrades] before you put them into production, and you use the same suite of test tools as you would for IPv4, so it’s better to task engineers who know IPv4 to also learn about IPv6,” he said.
Tim LeMaster, director of systems engineering at Juniper Federal Systems, agreed that engineers currently on staff in agencies should be able to handle the transition with additional training, though he also said that training might have to differ depending on the engineer’s role.
“If people are actually implementing the changes and configuration, they will also need hands-on training,” he said. “It’s unlikely they’ll pick up the nuances of what’s needed for that from classroom training only.”