Agencies, start your protocols!

 

Connecting state and local government leaders

Agencies have one year, almost to the day, to get their networks running IPv6. But getting it right could be more important than meeting the deadline.

A little less than a year before the June 30, 2008, deadline for putting IPv6 on networks, agency progress is a mixed bag, said Commerce Department Chief Technology Officer John McManus, who is co-chairman of the working group.Realistically, not all are expected to make it on time. He estimated that for about 30 percent of agencies, the transition will simply be a part of their network evolution, as envisioned by the Office of Management and Budget when it handed down the mandate. Another 50 percent to 65 percent will have to work to meet the deadline. The remaining 5 percent to 20 percent will be behind.What accounts for agencies' varying levels of progress? A variety of factors, including the size and complexity of the networks in question, the resources available for planning and training, and competing priorities such as compliance with federal information technology security requirements and mandates to issue a new generation of smart government identification cards.OMB put the federal government at the forefront of the transition when it decided IPv6 is the future of networking. Industry experts say momentum in the transition is shifting from Asia to North America. The move is expected not only to help the government get out from under a creaking Internet infrastructure that has expanded ' in both size and functionality ' far beyond its intended scope, but also to enable a wide range of new applications.The move is inevitable, and the OMB mandate is a good thing, industry experts agree. But missing the deadline would not necessarily be bad. Transitioning a network requires more than simply turning on IPv6 in a switch or a router, and it could be better to be late than to be wrong.'They are coming to the conclusion that the June 2008 deadline, while important, is not as important as having a fully integrated architecture in place with a security and network management plan,' said Dave West, IPv6 lead at Cisco Systems. 'I think that's the right conclusion. More important than rushing toward a date is being prepared.'After all, the date is arbitrary, said David Kriegman, president of the federal arm of Command Information. 'If you miss the date, it's not like a Y2K thing,' he said. 'Everything is still going to work.'The important question is how well things will work after you flip the switch. Most of your applications and services will still be running IPv4, and you don't want to break them. The shift will require more than having IPv6-enabled products.'Products don't necessarily solve customers' mission needs,' West said. 'A well-thought-out architectural plan needs to be in place so as not to affect the day-to-day operations.'Agencies have been addressing this issue in their enterprise architecture framework plans, said Peter Tseronis, networking services director at the Education Department and co-chairman with McManus of the IPv6 working group.'IPv6 is integrated into enterprise architecture,' Tseronis said. Agencies submit quarterly assessments of their frameworks to OMB, and 'every agency should have clearly defined milestones they expect to meet by the third quarter of fiscal 2008.'Agencies are turning to their industry partners for the practical experience they need in preparing core networks for transition. Verizon has been operating dual-stack IPv6 networks since 1997, when the company began moving away from Asynchronous Transfer Mode switching, said Charles Lee, Verizon's chief technology officer of civilian networks.'It gave us a chance to get early experience with supporting our operations in a dual-stack mode,' he said. The Defense Department and other agencies have been using the networks to help plan their own transitions.Cisco has supported IPv6 in its IOS operating system since 2001, and Microsoft this year released Vista, its first operating system in which IPv6 is turned on by default. The move to IPv6 is only just beginning, but Vista already is having an impact on networks. Lumeta scans the Internet regularly for IPv6 addresses in networking equipment and reported that the number of active addresses has increased by 18 percent since the first of the year. Admittedly, the number of IPv6 addresses remains small ' 2,600 as of April 30, just a drop in the Internet ocean. But Lumeta CTO David Arbeitel said the growth reflects the evolution of carrier and service provider networks in the face of expected demand for IPv6 services. Forty million Vista licenses have been sold since the beginning of the year.West said recent studies have found that despite the Internet's phenomenal growth, only 16.7 percent of the world's population has access to the global network.'I think we still have tremendous expansion before us,' he said. And faced with the rapid depletion of IPv4 address space, that growth will have to take place in IPv6.The American Registry for Internet Numbers, one of five regional Internet registries responsible for assigning Internet addresses, gave the Internet community notice in May that demand for address space soon would outstrip the pool of available IPv4 addresses. The address space for Version 4 has not been exhausted, but large blocks of numbers are becoming scarce.'The available IPv4 resource pool has not been reduced to the point that ARIN is compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability from ARIN of contiguous IP number resources,' the registry said. The registry remains technology-agnostic and cannot force any organization to adopt the new protocols, but organizations may not have any choice as they deploy new applications and services.What are the applications that will require large blocks of IPv6 addresses? Nobody knows for sure. Broad categories of functionality, such as enhanced mobility, persistent IP identities and location-based services, are being touted by proponents of IPv6. But for the most part, the applications that will provide the return on the investment of making the transition to IPv6 are still missing.'There is no IPv6 business case,' said Jim Bound, CTO at the North American IPv6 Forum. 'It does not exist. IPv6 is plumbing.'That is not to say applications will not be forthcoming. The Defense Department has big plans for pushing information and resources to individual warfighters in the field as part of its vision of net-centric warfare. Logistics, with the ability to address and track myriad individual pieces of materiel, is high on DOD's list of IPv6 priorities. But killer apps will vary from user to user.'My personal opinion is that the killer app is voice,' said Lee, not surprisingly for someone with roots in the telephone industry. With increased mobility and persistent location-aware addressing, IPv6 could enable authentication, nonrepudiation and access control in voice communications, he said. 'That IP address is you. New applications become enabled because I now know the source.'Despite the uncertainty of what applications will be available, agencies are being asked to include them in their transition plans. How they will be using their IPv6 networks will determine how they should be built and managed. Some functions and applications will never be transitioned. If they already are working well, there may be no reason to change them, and they will die a slow IPv4 death in the coming years and decades.Lee said most agencies are doing a good job of planning how to use IPv6 applications to generate a return on their transition investments.'I think it's a pretty mature approach,' he said.But Kriegman of Command Information, which provides IPv6 training and consulting services, disagrees.'For the most part, agencies are trying to do the minimum to be compliant' with the OMB directive, he said. 'They are not thinking about security, and they are not thinking about how to get ready for the future applications.' There are a few standouts, such as the Education Department, where officials really get it, he said, 'but they are few and far between.'So when push comes to shove, the IPv6 transition is likely to get pushed down on some agency priority lists. They are not ignoring the mandate, Lee said. 'Pretty much everybody is doing something.' But in some agencies, competing mandates such as the Federal Information Security Management Act are taking precedence over IPv6.The intelligence community is one area in which the transition might be taking a back seat to other priorities, said John Howard, deputy associate director of national intelligence for enterprise services.'The intelligence community will transition to IPv6,' Howard said at a recent conference. The community is under the OMB and DOD mandates to enable backbones by 2008 and has a five-year plan to implement the new protocols throughout the infrastructure. But 'the intel community's commitment to that transition is at risk,' because of competing funding priorities, he said. 'The prevailing attitude is that there are more important things than IPv6.'The intelligence community is focused on applications that will enable better analysis rather than IT infrastructure, Howard said.'We are overwhelmed with information,' he said. 'We're trying to make connections with it.' Theoretically, IPv6 applications could help improve information sharing and analysis among intelligence agencies. But 'it's not there yet.'In the meantime, Howard has more immediate concerns, such as the need to flatten and consolidate the community's networks. A 100-day discovery project aims to find exactly what equipment, resources and users are on the community's myriad networks and to enable access to resources as needed across the networks without compromising security.'The vision is [that] it is going to be done down to the individual file level,' Howard said. 'We're not even close to that.'IPv6 may have to wait at some agencies, but meanwhile, resources are being readied to help with the transition. The National Institute of Standards and Technology is putting the final touches on a profile of IPv6 standards and features that will be required in all networking products acquired by agencies, said NIST computer scientist Sheila Frankel, a member of the CIO Council's IPv6 working group. But that profile would not go into effect for 18 months, and NIST has not decided whether it will have any teeth or whether there will be a formal testing program to guarantee conformity and interoperability.'At some point, IPv6 products will become commodities,' Frankel said, and testing and feature profiles will not be needed.The working group also is developing a protocol for IPv6 deployment testing to give agencies a standard set of criteria to test their backbones for compliance with the OMB mandate, 'so we're not all doing stovepipe deployments,' Tseronis said.That effort is being spearheaded by McManus. Input for the standards is being gathered from agencies, industry and academia. Their comments will result in guidelines that agencies can use in mapping their architectural framework and transition strategies.'I think we're giving ourselves plenty of time to get this solidified,' Tseronis said. This will be the initial phase of a deployment testing strategy, and agencies can expect a number of other IPv6 deployment guidelines in the coming months, he said. 'This summer will be interesting.'

By this time next year, all federal agencies must have their networks running Version 6 of the Internet Protocol. Some will meet the deadline, some won't.

The CIO Council's IPv6 working group has established three criteria for successfully meeting the mandate to enable the next generation of IP on agency network backbones. They must be able to:

  • Transport IPv6 traffic from an external network to the core and deliver it to a subnet.
  • Push IPv6 traffic from an internal subnet to an external network.
  • Route traffic around the core from one subnet to another.




Catch up or Catch-22?







'You can find agencies now that already have met the deadline.' ' John McManus, Commerce Department
















Early support














Killer apps



























Getting ready










X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.