How's your backbone?
IPv6 transition may vex systems administrators as 2008 deadline approaches
- By William Jackson, Jason Miller
- Apr 06, 2006
Walt Grabowski, senior director of telecommunications for SI International Inc., is managing the Defense Department transition to IPv6.
How cryptic is the mandate for federal agencies to transition their network backbones to Version 6 of the Internet Protocol by 2008? Walt Grabowski thinks it may be more cryptic than first thought.
Grabowski, senior director of telecommunications for SI International Inc., is managing the Defense Department's transition to IPv6. He said there is a wide variation in complexity and configuration of agencies' networks; so wide that debate has brewed over what exactly the Office of Management and Budget means by "backbone," as dictated in its mandate.
If agencies can't be sure which backbone they must transition, defining success come 2008 could be hard to do, Grabowski said.
Despite this and other questions, the marching orders are in, and integrators will play a significant role in helping meet OMB's IPv6 milestones.
"OMB has been positively relentless in pushing forward with Version 6," Grabowski said. But, he added, "If you didn't put a date out there, nothing would happen."The story so far
The Internet Protocol is a set of rules defining how networked computers communicate. IP networks have become essential for government and private-sector operations, but weaknesses in the current Version 4 have led to a growing interest in IPv6, which promises improved security, simplified network operations and easier mobile connections.
The first milestone to compliance has come and gone with little fanfare but ample confusion. Agencies had until Feb. 28 to submit to OMB their IPv6 transition plans and status updates, using enterprise architecture as a planning framework. An OMB official said 25 of 26 President's Management Agenda scorecard agencies submitted the required documents on time.
Several small agencies not on the scorecard did not submit their transition plans and progress reports, the official said. But some of that is because some of these agencies don't own their networks, and "receive their network access and support through service providers. OMB is working to provide additional guidance to these agencies," the official said.
Throughout February, the Federal CIO Council's IPv6 working group met with transition leaders to help clarify what OMB expected. Just a day before the deadline, John McManus, NASA chief technology officer and head of the IPv6 working group, said questions still lingered.
"Some agencies were hard pressed about what they had to deliver to OMB," he said.
"It's hard to gauge at the beginning of 2006 whether the three-year process is on track," said Tom Patterson, CEO of Herndon, Va.-based Command Information Inc., which provides IPv6 training and planning. But there is time to get the job done, he said.
It's unlikely that agencies will yet have detailed plans, experts said, but there are paths they could take to migrate networks. With IPv4 support likely to continue for some time, agencies have three goals to shoot for in their IPv6 transition plans:»
A dual stack, to run both IPv4 and IPv6 on the network»
Tunneling, in which packets from one IP version are encapsulated in the other»
Address translation, which makes IPv4 packets readable to IPv6 networks and vice versa.Look before leaping
Agencies are to consider how they will use IPv6. This is an important step, but one that can be difficult in the rush to make the transition. Industry is being asked to help out.
Ciprian Popoviciu, of Cisco Systems Inc.'s network solutions integration test engineering group, calls the transition to IPv6 an inflection point that will determine the structure of IT well into the future.
"You should think of migration in terms of building your network as you would like it to be," said Popoviciu, co-author of "Deploying IPv6 Networks," published in February by Cisco Press.
The Federal Aviation Administration is looking at the IPv6 transition from such a technical perspective. Mark Powell, chief technology officer, said that by the end of the summer, his office would set up routers to connect labs in three cities: Atlantic City, N.J., Oklahoma City and Washington, over an IPv6 network.
"This is a risk reduction activity," Powell said. "We want to look at the size of the routing tables, the latency, what happens when you send IPv6 packets and what happens when you transition to IPv6 from IPv4."
FAA officials don't want to do anything until they fully understand the impact of IPv6 on their WANs and LANs, which are among the first parts of the network scheduled for transition to the new protocol, Powell said. FAA plans to move to IPv6 on its WAN by 2007 and at its data center by 2008.
Failure to plan is one of the significant risks identified in a recent Commerce Department report on the technical and economic impact of IPv6. Adopting IPv6 without "adequate technical and business-case planning could result in unnecessary costs and reduced IT security," the report said.
The National Institute of Standards and Technology and the National Telecommunications and Information Administration concluded in the report that "all things being equal, IPv6-based networks would be superior to IPv4-based networks."
But all things are not equal. The lack of a killer application to drive IPv6 adoption and the administrative overhead of running both IP versions complicate the task of creating a business case for the transition ? and leave many in government doubting its value.
"It still is important to get the idea of the benefits across," said Alan Sekelsky, director of IP engineering for SI International. One of the strongest drivers for adopting IPv6 will be IP convergence, the merger of voice, video and data on a single network for access through a single device.What lies ahead
If the benefits are hazy, some risks are better defined.
"Addressing space allocation and management is going to be a challenge, and doing the transition securely is going to be a challenge," NASA's McManus said.
More over, agencies must buy only IPv6-capable products, and identifying and managing this equipment is a crucial early step in planning a transition.
One federal CIO recently tasked network discovery tool developer Lumeta Corp. of Somerset, N.J., with finding the agency's IPv6 equipment, said Karl Siil, the company's chief architect.
"His concern was, 'What's running Version 6 right now that I'm not aware of?' " Siil said. "This is the first time we've been asked to do this."
All of which points up the need to train network administrators, operators and users to deal with the new protocols. According to NIST and NTIA, the transition's labor costs will dwarf those for hardware and software, and account for 70 percent of total transition costs in large enterprises. Training probably will take up most of the labor costs.
"Training and education is critical," said Patterson of Command Information. "But it is not necessarily a new budget item," because training should be an ongoing activity.
The Defense Department is using Command Info courseware, whose developer plans this year to open a full-time IPv6 training center in Washington.
"We want to go into an agency that doesn't have new education money and offer them what they need," Patterson said. "Security officers always have to get training for any new technology, so we don't think it needs to be a new appropriation from Congress."
The amount of training required will vary greatly from agency to agency, depending on size, network services and how quickly IPv6 is phased in, NASA's McManus said.
But an emerging generation of mobile products makes it risky to delay the switch to the new protocols, he said, citing the rapid adoption of handheld mobile e-mail devices in NASA's Washington headquarters as an example. He said he's already worried about the next hot product.
"The first one that shows up IPv6-only is going to cause me an issue if I'm not ready to handle IPv6 traffic," McManus said. "If the next hot device is IPv6-only, I'm going to be telling my users my network can't support it. I don't want to be the person who has to say that."
Not surprisingly, funding stands to play a role in the IPv6 transition. At the Education Department, officials have been trying to build momentum for their IPv6 transition by making the business case. But money to carry out the project is scant.
"We are building a business case now for how we are going to transition to IPv6, because it will cost us more than $7 million over the next two years," said Peter Tseronis, the Education Department's director of network services. "We have to look at the risks and costs, which are the same things we look at for all investments when we do business cases."
The Education Department did not get any of last year's budget request of $8 million for IPv6 transition. Despite saving $3 million from work on other projects, Tseronis said, "in 2007, we will need cash. We have to build a business case and develop a strategy to say why we need that cash."
William Jackson and Jason Miller are staff writers with Government Computer News.
William Jackson is a Maryland-based freelance writer.