Kundra sets new IPv6 deadlines

Administration tries to hurry Internet transition

The Obama administration released guidelines and milestones today for the transition of government networks to the next generation of Internet Protocols.

Federal CIO Vivek Kundra issued a memo giving agencies deadlines for implementing IPv6 in public-facing systems and internal networks. Kundra said successful implementation of the protocols will require “relentless follow-up” and that transition managers will be held accountable for their agencies' progress.

The guidance was announced at a workshop hosted by the National Telecommunications and Information Administration in Washington at which the administration kicked off an effort to spur adoption of IPv6 within the private sector as well as government.

IPv6 is the next generation of the Internet Protocols, the set of rules that defines how devices communicate over packet-switched networks such as the Internet. The new version of the protocols is being adopted in anticipation of the depletion of IPv4 address space, which is expected to occur in the next two years or less. But the transition has been slow, and the actual use of IPv6 remains almost nonexistent. A lack of customer demand and technical expertise is hindering the deployment of the new protocols in production networks.


Related coverage:

Why bother moving to IPv6?

IPv6 adoption remains slow, survey shows

Survey: Agencies not ready for IPv6 deadline

Agencies ready 5-year infrastructure plans


The Office of Management and Budget has been trying to get agencies to prepare for IPv6 for half a decade. In 2005, OMB issued a directive telling agencies to move their Internet backbones to IPv6 by June 2008.

Ram Mohan, executive vice president of Afilias, the Internet registry for the .info top-level domain and a provider of back-end Internet services, said at the workshop that of the more than 7 million registered .info domain names, only 58 have acquired both IPv6 and IPv4 addresses. Of the 8.6 million domains registered under .org, only 17,000 have addresses in both protocols.

The adoption of IPv6 is being slowed by the need to support both versions of the protocols on networks for the foreseeable future, which complicates the transition and subsequent network management. But the killer app for IPv6 has already appeared, said speakers at the workshop. It is the sustainability of the Internet as future growth is forced to use the new protocols.

“Staying with the current Internet is not an option,” said Leslie Daigle, chief Internet technology officer at the Internet Society. Enterprises must adopt IPv6 or be stifled by technologies, such as Network Address Translation, that have been used to work around the limitations of the current protocols.

The Obama administration has identified an advanced IT infrastructure as critical to the nation’s security and economic prosperity and has targeted programs such as a smart electric grid and health IT for funding under the American Recovery and Reinvestment Act. Federal CTO Aneesh Chopra said today that adoption of IPv6 is necessary to support the administration’s goals.

“The federal government is committed to the operational deployment and use of Internet Protocol version 6,” states the transition memo, which was released through OMB. The memo directs agencies to:

  • Upgrade the servers and services the public uses, such as Web, e-mail and Domain Name System servers, to use native IPv6 by the end of fiscal 2012.
  • Upgrade internal client applications that communicate with public Internet servers and supporting enterprise networks to use native IPv6 by the end of fiscal 2014.
  • Designate an IPv6 transition manager by Oct. 30 as the person responsible for leading the agency’s transition activities.
  • Ensure that agency procurements of networked IT comply with Federal Acquisition Regulation requirements for using the USGv6 profile and testing program for the completeness and quality of IPv6 capabilities.

The Federal IPv6 Task Force will meet with agencies to explain government policy and share best practices.

“This wasn’t done in a vacuum,” said Pete Tseronis, chairman of the task force and the Energy Department’s acting associate CIO. “The agencies have to embrace this” and move beyond making compliance a checklist chore.

OMB required agencies to ready their network backbones for handling IPv6 traffic in 2008, a deadline that was met but has been followed by very little activity in adopting the protocols. The new requirements will require strategic planning and the use of agencies’ technology refresh cycles to ensure that deadlines are met without requiring additional funding.

Some agencies have already taken the lead in deploying IPv6. The Defense Research and Engineering Network has moved its wide-area network to IPv6 with no additional staff or funding, said Chief Engineer Ron Broersma. That was done over a five-year period, and getting an early start on the transition is critical, he said. Rushing the project will make it more complex and expensive.

One of the greatest challenges DREN faced was the lack of commercial network management tools that adequately supported IPv6, Broersma said. Many products that claimed to be IPv6-compliant lacked critical functionality and implemented the support in different ways. That was a concern echoed by industry and government representatives at the workshop.

Mohan said that when Afilias was implementing IPv6 on its networks, it found a “remarkable difference” in the way equipment processed IPv6 packets. The packets were processed in software rather than hardware, resulting in slower performance and requiring the use of banks of appliances rather than single tools to provide the performance needed.

The National Institute of Standards and Technology encountered the same problem when it was developing a technology profile for IPv6 compliance, said Doug Montgomery, manager of NIST's Internet and Scalable Systems Metrology Group.

One of the gaping holes was the lack of network security devices, he said. The USGv6 testing program is expected to help correct that by establishing a baseline of support that is required from vendors selling to the government.

Montgomery said the USGv6 profile is a minimum level of required capabilities that should not be onerous to vendors. “We really are trying to set a low bar,” he added.

Featured

Reader comments

Mon, Oct 18, 2010 Network Protocol Expert Texas

I have been watching the development of IPv6 (fomerly IPng) since 1989, and I can tell you, IPv6 is no where near as elegant as it could/should have been. Yeah, yeah...I know, hindsight is 20/20, but everything you see happening with IPv6 today...the delays in deployment, the rat's-nest-of-a-mess complexity, rotten mobility, rotten multicast, security that makes you feel not-so-secure...there were a group of us back then who saw *all* of this coming, but the "just patch it up" folks in IETF had there way, and so we have a mess. The average Internet user (President Obama), unfortunately, does not really understand nasty on the inside IPv6 is. They figure, "More address space?...128-bits? Save us from IPv4 depletion? Mobility? Security? Multicast? Sounds great!! What's the hold up?" Go take a look at the "specification" for IPv6, and you'll see. The creators of IPv6 should be ashamed. Thank God they are not nuclear weapons designers. We'd all be dead.

Fri, Oct 1, 2010 a DRENizen in the ether

"fast forward to 2010, IPv6 is at best a proto-type; hardly, production-ready" Tell that to Google, who is already IPV6 from end to end (try it!). Defense Research and Engineering Network is IPV6 also, while still supporting the legacy IPv4 protocols.

Wed, Sep 29, 2010 Jeffrey A. Williams Frisco Texas

As one of the early protocol developers of the IPv6 standards at the IETF I know that there are problems inhearent to IPv6 which were several years ago pointed out by others on that WG. Implimentation and tunneling techniques for IPv4-to-IPv6 will need to be carefully done as built in security holes in IPv6 not found in IPv4 can make the use of 'Autoinstal' a very bad idea and is 'Autoinstal' is not used, making implimentation across multipul interconnected networks very labor intensive and error prone.

Wed, Sep 29, 2010 EdT

in 2008 IPv6 was a thought... fast forward to 2010, IPv6 is at best a proto-type; hardly, production-ready, and as mentioned not highly used nor installed, even in DoD. So, the Kundra mandate is a dream...

Tue, Sep 28, 2010

Just to be clear, the numbers presented about .org, etc where measures of the number of "glue records" that have an IPv6 address. A more direct way of saying that would be the number of .org subdomain DNS servers that can be queried over IPv6. That is not necessarily the same as the number of servers/hosts within those domains that are IPv6 enabled.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above