The riddle of IPv6

It's hard to imagine a federal IT mandate that touches every agency where they communicate, execute and operate, and not see dollar signs.But as systems integrators and their partners eye the chance to convert government networks to the newest Internet protocol, they're finding it hard to get a handle on the opportunity."We started down that road and ran into the same wall that has plagued the IT industry for years," said Tom Kreidler, vice president and general manager of the federal systems unit at networking vendor Juniper Networks Inc., Sunnyvale, Calif.If government doesn't know what needs to get done ? or worse, can't understand why ? then it's hard to build momentum, even if it's a computing initiative that many people liken to the year 2000 crisis, in scope, if not immediacy.Momentum or not, insiders insist that the governmentwide move to IP version 6 is a significant undertaking that will touch every corner of IT and change the way agencies operate, from enabling network-centric warfare to better protecting critical information.But in the short term, Kreidler and others said the transition will be more about people than technology. Beyond the seemingly basic chore of upgrading networks, winners will be the agencies ? and their contractors ? that think big and conceive of applications and platforms that exploit new capabilities."As far as gauging the immediate market," Kreidler said, "we gave up on that as an impossible task."Last summer, the Office of Management and Budget set a June 2008 deadline for federal agencies to convert their network backbones to IPv6.The Internet protocols are the rules that define how computers and other devices talk to each other. In recent years, it's become clear that IP version 4 won't be able to handle the scale and security requirements of an increasingly networked world.Among the most cited reasons to adopt IPv6: It provides more than enough IP addresses for all the computers, radio frequency identification tags, sensors, unmanned aerial vehicles, and other devices that are just now beginning to communicate via IP networks."This is comparable to a Y2K kind of effort," said Vic Berger, lead technologist and field solutions manager for CDW Government Inc., Vernon Hills, Ill. "But remember, Y2K was such a non-factor. Your network isn't going to go dead in June 2008."OMB also set milestones that agencies must hit before 2008, including developing transition plans, equipment inventories and impact analyses.Perhaps to nobody's surprise, agencies appear to be making slow progress.In June, Market Connections Inc. of Fairfax, Va., published results of an IPv6 survey commissioned by Cisco Systems Inc. The research firm spoke with 200 government decision-makers and found that only 31 percent of respondents said their agency had finished inventorying its network equipment, a process OMB wanted completed by November.OMB set June 30 as the deadline for an impact analysis. Only 20 percent of the people Market Connection surveyed said that step was done."Only 2 percent said they'd completed their planning," said Aaron Heffron, Market Connections vice president. "And we've still got a ways to go before many start their implementations."According to Gerald Charles, executive director of Cisco's Internet Business Solutions Group: "The business case for early and rapid implementation has yet to be successfully made."Why the apparent lack of progress? One problem is that OMB mandated IPv6 but didn't offer extra money to pay for it."OMB didn't really provide much of a stick, and it definitely didn't provide a carrot," CDW-G's Berger said. "There's no funding, and there's no teeth to the mandate, so as an agency, how forcefully am I going to address it?"Unlike Homeland Security Presidential Directive?12, which requires federal agencies to issue interoperable smart cards for accessing buildings and networks, IPv6 has not acquired an air of gravitas because, analysts said, the project is seen largely as an IT-only issue.Aside from the fact that it's mandated, it's hard for business leaders at agencies to conceptualize the mission benefits of IPv6. Therefore, IT shops are left to make sense of what hardware they must upgrade while keeping their networks running as normal. Doing both simultaneously raises challenges."By going to our customers and requesting that data, we run into configuration management issues," Juniper's Kreidler said. "Simply put, they don't know what they have out there."As a result of the uncertainties, CDW-G's Berger and others said agencies have been building IPv6 support into their standard networking refresh cycles rather than issuing separate IPv6 requests for proposals. When they install new equipment, they try to ensure it's IPv6-capable, thus meeting OMB's requirements during the normal course of business.This explains, in part, why there's been no abundance of IPv6-specific government contracts. Network services contracts and in-house IT administrators are handling much of the early work.The most prevalent example is the work going at the Defense Department. The agency set its own deadline for converting to IPv6 well before OMB got involved, and it tagged the Defense Information Systems Agency to take the lead. Because SI International Inc. of Reston, Va., was already working on DISA's Global Information Grid-Bandwidth Expansion program, it became the contractor for IPv6 conversion at the Defense Department.Walt Grabowski, SI International's senior director of network solutions, said he's spoken with most IPv6 transition heads throughout government and found their focus varies widely. Some agencies, such as the Defense, Education and Transportation departments, as well as NASA, are leading in IPv6 planning and implementation. Still, integrators shouldn't expect to see new opportunities just yet."We've seen a few fresh contracts in a few arcane areas," Grabowski said. "The Air Force Communications Agency actually had a procurement about a year ago, and [Veterans Affairs] is planning something soon for transition support. So it's been spotty ? but, in general, the support that agencies get right now comes from the contractor base they already have in place."The problem, as CDW-G's Berger sees it, is that refresh cycles are not coinciding precisely with the June 2008 deadline, and agencies have started to realize they'll need extra help after all, even their network contractors can't find enough hours in the day to maintain agency infrastructures while also analyzing, testing and upgrading them."The money is coming along now," Berger said.Experts said as June 2008 gets closer, more agencies will issue IPv6-specific contracts, though even those deals won't be blockbusters.When they find money in their budgets, many agencies need help where the Market Connections data indicate: at the beginning, getting a handle on what they need to transition and how it will affect their networks.Although networking companies such as Cisco and Juniper, as well as their resellers, can go through records to help determine what equipment an agency owns and what it needs to upgrade, it's hard to identify every device, Juniper's Kreidler said.But inventorying equipment for upgrade shouldn't be seen as preparation for a giant networking sale. According to CDW-G's Berger, much of agencies' hardware can run IPv6 through software or firmware updates."Frankly, 20 percent of the market is products; 80 percent is people and services," Kreidler said. By his estimate, if only a quarter of the government's networking equipment had to be replaced, it would be a lot.In addition to help completing their inventories, agencies need detailed plans for migrating their networks to IPv6. Experts said there won't be a magic cutover point when agencies are suddenly running IPv6. They'll want to take a more phased approach. And even beyond June 2008, most networks will continue to run both IPv4 and IPv6, a situation that will require unique support."I don't see agencies having the expertise to do this themselves," said Dave Nelson, a consultant with Input Inc. of Reston, Va., and former deputy CIO at NASA. Even the Defense Department has found "it's a little harder than they thought."And it appears agencies are willing to accept that they need help with this unfunded, evolutionary network upgrade. In its research, Market Connections found that 42 percent of feds surveyed said they planned to collaborate with industry on IPv6 implementation.It's likely that much of this business will go to incumbents, Nelson said, but in some situations, consulting companies could earn work acting as go-betweens for agencies and their IT contractors, "especially if IPv6 turns out to be a bigger hurdle for some organizations than they expected," he said.How would an integrator or service provider know that? "You need to reach out a bit," SI's Grabowski said. "Planning, support, incorporating IPv6 into enterprise architectures ? this is getting more down and dirty."Integrators themselves have to be up to speed on IPv6 and its implications for agency applications. This is where networking companies such as Cisco and Juniper can come into play, with training and education.Tom Gillman, director of federal channels at Juniper, said his company has provided ongoing support to integrators, but that's beginning to wane as IPv6 projects kick into gear."Integrators are so much further [in their IPv6 expertise] than they were six months ago," Gillman said.Where virtually everyone said integrators will play a critical role between now and June 2008 is in testing software for compatibility with new IPv6-enabled networks. Labs must be established that reflect the ways agencies may meet the OMB mandate for IPv6, whether via an IPv6-only network or a hybrid IPv4-IPv6 networkThe Federal Aviation Administration is among the leaders here. FAA is building as many as three interconnected test beds to see how IPv6 packets operate."You want to get the full complement of your software load and test the applications," Input's Nelson said."It's end-to-end testing, from the keystroke to the printer," he said.In many situations, integrators are the only people who can do this kind of application testing, because they either wrote the custom software or did the coding to ensure multiple programs worked together.The Federal CIO Council (www.cio.gov) publishes IPv6 implementation guidance, including information on testing and incorporating IPv6 into enterprise architectures. But if today's software will keep contractors busy ensuring IPv6 compatibility, tomorrow's programs will be the biggest measure of IPv6 success.Ray Williams, manager of networks and enterprise architectures at Northrop Grumman Corp., was at a recent conference in Los Angeles and listened to a NASA official describe how the agency wants to IP-enable all its communication."I was floored," Williams said. "This was a monumental change. He used the example of a guy walking on the moon in a space suit, talking back to the base station using voice over IP. And all the instrumentation, like his heartbeat monitoring, would be sent back over the same IP link."With so many devices riding on the IP network and so much more data moving over it, the network will have to much more robust than it is today."Look at the upgrades they're doing at [the National Oceanic and Atmospheric Administration]," Williams said. "They're looking 20 years out. Right now, they're using four-kilometer resolution for their satellite imagery, and they're going to go to one kilometer. That's really more than four times the amount of data they want to push around. An agency like NOAA will be among the first to go to IPv6 because of what they're being asked to do."Like the Defense Department's move to network-centric operations, in which every soldier, sensor and weapons system is a node on the network, tomorrow's applications will drive today's IPv6 adoption."For each agency, there will be some incident or application that's the tipping point," Williams said. "And for some it will be a case of, 'Three of our mission partners just went to IPv6, therefore we've got to go.'""So far, the underlying business case for IPv6 has not be well defined," SI's Grabowski said. "The real opportunities will occur to those agencies and integrators who see the future applications."The experts agree the June 2008 deadline for IPv6 implementation is reasonable. They disagree as to whether agencies will be finished in time. By some estimates, it could take certain agencies four or five years to get to the state OMB requires. But if they're serious about meeting the deadline, the heavy lifting starts now, and integrators will get involved."For just about everything we do now, IPv6 comes up," Williams said. "Figure it takes about six months to plan the transition and a year to finish it." Working backward, that means heavy engagement starts now.According to Input's Nelson, "It will be a solid, growing business. It just won't be a big business overnight."Brad Grimes is chief technology editor of Government Computer News. He can be reached at bgrimes@postnewsweektech.com.