Migrating to IPv6

The Internet is quickly running out of space. To be exact, it’s running out of the IP addresses that define where systems and devices are on the network, which guide how the data packets get from one place to another.

The more than 4 billion addresses that the current IPv4 allows — a seemingly unimaginable number when TCP/IP was deployed in the early 1980s — now look hopelessly outmatched in a world that already counts one-sixth of the population as users and envisions phones, refrigerators and even the clothes on our backs as potential nodes on the network.

Workarounds — such as Network Address Translation, which allows a single server to act as the address for all the nodes on a local network— have helped extend the life of IPv4, but they introduce other complications. The real answer is to increase the number of addresses.

Who has to make the move to IPv6, and when?
Enter IPv6. This next-generation version of IP uses a 128-bit address space, just four times more than IPv4, but that boosts the number of available unique addresses to 3.4 x 1038. That’s enough so that each person on Earth can have 50 octillion (5 x 1028).

In addition, IPv6 offers more significant benefits than its predecessor in terms of network management, security and performance.

The question for government users is how to make the move from IPv4 to IPv6.

The Office of Management and Budget simplified those issues when it issued a directive in 2005 that required all government agencies to move their backbone networks to IPv6 by June 2008 — meaning they should operate either IPv4/IPv6 dual-stack network cores or operate them only in IPv6 mode — and that agency networks must be able to interface with them.

Agencies have to meet certain milestones before June 2008. By Feb. 28, most agencies had to give OMB details of their transition plans. By June 30, they have to complete an inventory of the IP-based applications and devices on their networks and an analysis of how they expect the move to IPv6 will affect them.

As they near the 2008 deadline, agencies will include progress reports as part of their regular, annual enterprise architecture submissions to OMB.

What will the transition cost?
That could be one of the hardest things to measure, and some advise not even trying. “I think that’s a trap, because no one really knows,” said Frank Cuccias, program manager for Lockheed Martin’s IPv6 Transition Support Office. “You need to look several years ahead, account for the people who have to be trained, how much you’ll spend on lab and testing resources and so on.”

Lockheed Martin has been involved in IPv6 transition for five years yet still struggles with cost estimates. “None of the cost models people have come out with have panned out,” Cuccias said. Generally, costs can be categorized as those needed for hardware and software, and those for staff and services. Some agencies could face higher costs if they’ve tried to subsist on old hardware that will have to be switched, but most will find a lot of their newer hardware is already IPv6-capable, said Tom Kriedler, vice president and general manager of Juniper Federal Systems.

“The cost ratio for most agencies will probably work out to 80 percent for staff and services and 20 percent for hardware,” he said.

Just don’t expect any extra money to fall into your budget to help with the transition. OMB said most agencies will have to fund the IPv6 transition from their existing IT budgets.

Who needs to be involved?
Agencies that assume they can hand this off to the IT department can quickly find themselves in trouble, because the migration has much wider implications.

“We look at IPv6 transition as something that affects all the mission, fiscal, operational and security sides of the organization,” said Leslie Allen, a senior associate at Booz Allen Hamilton. “IT falls into the operations category, so if agencies look at it as just an IT problem, then they will overlook some essential things.”

A central method of winning support is to show people what IPv6 means to them and how it changes the way they conduct their daily business, said Peter Tseronis, director of network services at the Education Department.

One of the angles he took was to show people what the larger IPv6 address space would mean for such things as teleconferencing and online collaboration.

“We did reach out to people outside of the IT shop to pull our [transition] team together,” he said.

What planning is needed?
By requiring agencies to inventory their current IP-aware hardware and applications, OMB has already pushed them well along the planning path.

“Even though it seems hard for many agencies to find the cultural pivot to do it, having an adequate and complete inventory is a must,” said Jim Payne, president of federal telecom at Bechtel National. “They also need to know what their carriers and service providers have, because their existing contractors and vendors will also need to be IPv6-compliant by 2008.” That’s an important point, Cuccias said. Agencies can’t think of themselves as an island when it comes to IPv6 transition, he said. They have to think of themselves as a part of an island chain. Agencies and organizations that rely on one another “must go ahead with IPv6 transition in lock step,” Cuccias said.

About 80 percent of the success of an IPv6 transition is in the planning, he said. Get that right and the rest of the migration will be fairly low-risk and low-cost.

Will IPv6 implementation require new equipment or can existing gear be upgraded?
Unless hardware is old and nearing the end of its useful life, in which case it will be replaced according to regular refresh schedules anyway, the good news is most systems can be upgraded relatively painlessly, said Tony Hain, Cisco Systems’ senior technical leader for IPv6 technologies.

“For such things as the higher-end routers, some items may need to be replaced, and for switches it might mean the supervisor card will have to be replaced,” he said. “But, for the majority of systems, all of that can be done as part of the regular upgrade schedule.”

Can existing staff handle the transition?
Using existing staff is not only possible, it is preferable, said Bruce Fleming, chief technology officer of Verizon Federal Network Systems.

“You have to put pilots in place to test all of these [upgrades] before you put them into production, and you use the same suite of test tools as you would for IPv4, so it’s better to task engineers who know IPv4 to also learn about IPv6,” he said.

Tim LeMaster, director of systems engineering at Juniper Federal Systems, agreed that engineers currently on staff in agencies should be able to handle the transition with additional training, though he also said that training might have to differ depending on the engineer’s role.

“If people are actually implementing the changes and configuration, they will also need hands-on training,” he said. “It’s unlikely they’ll pick up the nuances of what’s needed for that from classroom training only.”

Remembering securityEven though numerous security features are built into IPv6, it would be a mistake to assume that networks and applications that are IPv6-capable are inherently more secure than their IPv4 versions.

The Government Accountability Office warned in a report issued last year that if devices such as firewalls and intrusion-detection systems were not properly configured to accommodate IPv6 features, then IPv6 traffic may not be detected or controlled, leaving systems vulnerable to attack.

The U.S. Computer Emergency Response Team specifically warned that the automatic configuration feature included in IPv6 would allow security devices to configure themselves with an IPv6 address without authorization.

“We always recommend doing models and simulations to test various [IPv6 security] systems and then build prototypes to test those models in the real world,” said Frank Cuccias, program manager for Lockheed Martin’s IPv6 Transition Support Office. “Never take them directly to a production system.”

Setting such prototypes to an optimal level and then breaking them will yield insights that will improve how IPv6 security is applied in the production environment, he said.

Agency information technology shops are usually in a comfort zone when they are dealing with network issues because that’s their business, said Leslie Allen, a senior associate at Booz Allen Hamilton. But it’s a different matter when they start dealing with intrusion detection and security applications.

“They need to realize that, when it comes to IPv6, security is a whole side to itself,” he said.

— Brian Robinson

Paying your own wayA lack of extra funds will force most agencies to make difficult choices when transitioning to IPv6. When Pete Tseronis, director of network services at the Education Department, presented an IPv6 transition business case to his bosses, he offered them a choice of three approaches: miserly, middle of the road or aggressive.

The aggressive approach included features such as money to hire extra workers or consultants or train employees who would focus specifically on the transition.

“We don’t need that, but in the long-term you have to ask where the support is coming from for the migration,” Tseronis said.

At the other end of the spectrum, the miserly option outlined the absolute minimum needed to upgrade the backbone network and routers to IPv6. But, he said, whether you upgrade one or 50 switches, you still need on-site resources for testing the upgrades.

Tseronis said he will likely end up with enough resources to start migrating to IPv6. The only certainty is that by June 2008 the department’s backbone network will be IPv6-capable.

— Brian Robinson

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.