IPv6: The future is now

The clock is ticking on Uncle Sam's next-generation Internet implementation.The Office of Management and Budget has mandated that by June 30, 2008, the Internet backbone for every federal agency must be able to run Internet Protocol Version 6. By now, agencies are required to have created an IPv6 transition team, completed an inventory of all backbone-dependent hardware and software, and submitted an analysis of how the transition to IPv6 will affect their organizations.No matter where they are in this timeline, the next step will be to procure the products and services for implementation."We've seen a few fresh contracts in a few arcane areas," said Walt Grabowski, senior director of telecommunications for SI International Inc., a Reston, Va., contractor overseeing the Defense Department's transition to IPv6. "In general, the support that agencies get right now comes from the contractor base they already have in place."That could change, experts say, partly because agencies are being asked to make changes more quickly than they're accustomed to doing. Additionally, IPv6 has the potential to affect how government operates in ways no one can yet predict, said Peter Tseronis, director of network services for the Education Department."It's like the Internet was back in 1993," Tseronis said. "Back then, you'd never have imagined you'd be using it to do your banking. IPv6's mobility, end-to-end security and ad hoc networking capabilities sound wonderful, but the truth is, we don't really know yet what it will ultimately enable us to do."DOD is leading the pack in IPv6 adoption. But some agencies are struggling to meet OMB's unfunded mandate. Transitioning to IPv6 involves more than merely refreshing network infrastructure, and IPv6 could affect every technology request for proposals that an agency writes for the next 10 years.Major networking vendors such as Cisco Systems Inc. and Juniper Networks Inc. for several years have been shipping IPv6-compatible gear. Microsoft Corp.'s upcoming Vista operating system is designed with it in mind. But other hardware and software might not be ready. And even if a vendor's routers and switches run IPv6, its hardware firewalls and security appliances might not."A number of companies advertise their products as v6-capable, but when you try to buy them, you find out that v6 support is still in the pipeline," said Tom Patterson, CEO of Command Information Inc., an IPv6 services company in Herndon, Va.If the hardware you're buying today isn't IPv6-compatible, you'd better have an agreement with the vendor to include the upgrade in the purchase price, Tseronis said.Agencies will need to operate dual IPv4 and IPv6 networks until all their hardware and applications are IPv6-compliant. Even then, they'll need to communicate with devices on the Net that still use IPv4.Many agencies likely will run a dual stack, with both protocols running simultaneously on the same equipment, SI International's Grabowski said. But don't assume that all IPv6 gear can run two stacks out of the box."If I were acquiring network equipment, I'd ask the vendors to demonstrate that their systems can operate in a dual-stack environment," Grabowski said. "I'd ask what's required to run in a dual stack. Do I need to increase router memory because of the dual stack? Will they work with my existing devices? Show me that upgrading my device is not going to lead me to a dead end in a v6 world."Another key issue is interoperability among IPv6 devices, he said. There's no guarantee an IPv6-compliant router from Company A will work seamlessly with a switch from Company B.Few vendors have qualified for the IPv6 Consortium and University of New Hampshire's Interoperability Lab's IPv6 Ready logo, which signifies that equipment meets IPv6 requirements and interoperates with at least two other hosts or routers."There's not a 100-percent guarantee all of the boxes on our list will interoperate, but I'd be surprised if they didn't," said Benjamin Schultz, managing engineer of UNH's Interoperability Lab.Compliance and compatibility testing will remain key to any transition plan, and agencies probably will need help in testing products and ensuring interoperability.Whether they choose their networking vendors, system integrators, outside consultants or some combination of the three to help depends largely on the vendor agreements already in place, said Tim LeMaster, director of systems engineering for Juniper Federal Systems."Some agencies may find their maintenance support contracts with Integrator X or Service Provider Y already provide v6 transition services," LeMaster said. "If they don't, they may want to look toward an outside consultant."Systems integrators also may offer ad hoc software development, providing the "glue code" that lets everything work seamlessly, Command Information's Patterson said. Command Information recently completed a universal translator for DOD that lets any Internet-enabled remote device, from a mobile phone to a sensor embedded in the walls of a warehouse, to tunnel across the IPv4 network and communicate with DOD's IPv6 backbone.A June 2006 survey by Cisco Systems and Market Connections Inc. found that half of 200 government IT managers surveyed said they wouldn't be moving to IPv6 if OMB weren't forcing the issue. They either don't see the benefits of IPv6 or don't believe the benefits are worth the costs."I think a big problem is that program managers are in compliance mode," one expert said. "There's probably a standard clause in every RFP that says the vendor's products must be IPv6-compliant. Instead of making it merely a compliance issue, they should go to the technologists in their organizations and ask, 'How do we expand the RFP?' "A search of market research firm Input Inc.'s contract database turns up only about 25 vehicles, either in the proposal or execution phases, that spell out IPv6 requirements. Only one contract, a Veterans Affairs Department RFP that's due out next year, deals specifically with the IPv6 migration.Agency managers and contractors need to get up to speed on IPv6 so they can plan for applications that take advantage of the benefits that the next-generation Internet will bring. To be effective in their jobs, other personnel need to know what the new network will look like.The key is finding instructors who have experience working with IPv6 networks, Patterson said. That means looking overseas, where IPv6 development generally is much further along."This is not something you can just read out of a book and go teach," Patterson said. "The good news is that other parts of the world have been doing v6 a lot longer than we have. We've hired a number of people who worked on IPv6 projects in Korea, China, Japan and France."A mistake many groups make is trying to create an RFP based on generic requirements, or things they've read about but don't really need, said Juniper's LeMaster."The most important part of creating an RFP is to understand your network and write requirements that support it," he said.Agencies will be looking for vendors that take a lifecycle approach to the IPv6 transition and will support them over the long haul, said Prem Jadhwani, senior product manager for GTSI Corp., a Chantilly, Va., systems aggregator.Because moving to IPv6 involves a long-term investment, cash-strapped agencies might ask vendors to help with financing, Jadhwani said.Making backbones IPv6-compliant and bringing networks into the 21st century "isn't going to end on June 30, 2008, and it's a mistake to think it will," said Education's Tseronis. "We've got at least 10 more years of development to go on IPv6. We've got to get the energy behind it."Dan Tynan is author of Computer Privacy Annoyances (O'Reilly Media, 2005).