Kundra sets new IPv6 deadlines

The Obama administration released guidelines and milestones today for the transition of government networks to the next generation of Internet Protocols.

Federal CIO Vivek Kundra issued a memo giving agencies deadlines for implementing IPv6 in public-facing systems and internal networks. Kundra said successful implementation of the protocols will require “relentless follow-up” and that transition managers will be held accountable for their agencies' progress.

The guidance was announced at a workshop hosted by the National Telecommunications and Information Administration in Washington at which the administration kicked off an effort to spur adoption of IPv6 within the private sector as well as government.

IPv6 is the next generation of the Internet Protocols, the set of rules that defines how devices communicate over packet-switched networks such as the Internet. The new version of the protocols is being adopted in anticipation of the depletion of IPv4 address space, which is expected to occur in the next two years or less. But the transition has been slow, and the actual use of IPv6 remains almost nonexistent. A lack of customer demand and technical expertise is hindering the deployment of the new protocols in production networks.

Related coverage:

Why bother moving to IPv6?

IPv6 adoption remains slow, survey shows

Survey: Agencies not ready for IPv6 deadline

Agencies ready 5-year infrastructure plans

The Office of Management and Budget has been trying to get agencies to prepare for IPv6 for half a decade. In 2005, OMB issued a directive telling agencies to move their Internet backbones to IPv6 by June 2008.

Ram Mohan, executive vice president of Afilias, the Internet registry for the .info top-level domain and a provider of back-end Internet services, said at the workshop that of the more than 7 million registered .info domain names, only 58 have acquired both IPv6 and IPv4 addresses. Of the 8.6 million domains registered under .org, only 17,000 have addresses in both protocols.

The adoption of IPv6 is being slowed by the need to support both versions of the protocols on networks for the foreseeable future, which complicates the transition and subsequent network management. But the killer app for IPv6 has already appeared, said speakers at the workshop. It is the sustainability of the Internet as future growth is forced to use the new protocols.

“Staying with the current Internet is not an option,” said Leslie Daigle, chief Internet technology officer at the Internet Society. Enterprises must adopt IPv6 or be stifled by technologies, such as Network Address Translation, that have been used to work around the limitations of the current protocols.

The Obama administration has identified an advanced IT infrastructure as critical to the nation’s security and economic prosperity and has targeted programs such as a smart electric grid and health IT for funding under the American Recovery and Reinvestment Act. Federal CTO Aneesh Chopra said today that adoption of IPv6 is necessary to support the administration’s goals.

“The federal government is committed to the operational deployment and use of Internet Protocol version 6,” states the transition memo, which was released through OMB. The memo directs agencies to:

• Upgrade the servers and services the public uses, such as Web, e-mail and Domain Name System servers, to use native IPv6 by the end of fiscal 2012.
  
• Upgrade internal client applications that communicate with public Internet servers and supporting enterprise networks to use native IPv6 by the end of fiscal 2014.
• Designate an IPv6 transition manager by Oct. 30 as the person responsible for leading the agency’s transition activities.
  
• Ensure that agency procurements of networked IT comply with Federal Acquisition Regulation requirements for using the USGv6 profile and testing program for the completeness and quality of IPv6 capabilities.

The Federal IPv6 Task Force will meet with agencies to explain government policy and share best practices.

“This wasn’t done in a vacuum,” said Pete Tseronis, chairman of the task force and the Energy Department’s acting associate CIO. “The agencies have to embrace this” and move beyond making compliance a checklist chore.

OMB required agencies to ready their network backbones for handling IPv6 traffic in 2008, a deadline that was met but has been followed by very little activity in adopting the protocols. The new requirements will require strategic planning and the use of agencies’ technology refresh cycles to ensure that deadlines are met without requiring additional funding.

Some agencies have already taken the lead in deploying IPv6. The Defense Research and Engineering Network has moved its wide-area network to IPv6 with no additional staff or funding, said Chief Engineer Ron Broersma. That was done over a five-year period, and getting an early start on the transition is critical, he said. Rushing the project will make it more complex and expensive.

One of the greatest challenges DREN faced was the lack of commercial network management tools that adequately supported IPv6, Broersma said. Many products that claimed to be IPv6-compliant lacked critical functionality and implemented the support in different ways. That was a concern echoed by industry and government representatives at the workshop.

Mohan said that when Afilias was implementing IPv6 on its networks, it found a “remarkable difference” in the way equipment processed IPv6 packets. The packets were processed in software rather than hardware, resulting in slower performance and requiring the use of banks of appliances rather than single tools to provide the performance needed.

The National Institute of Standards and Technology encountered the same problem when it was developing a technology profile for IPv6 compliance, said Doug Montgomery, manager of NIST's Internet and Scalable Systems Metrology Group.

One of the gaping holes was the lack of network security devices, he said. The USGv6 testing program is expected to help correct that by establishing a baseline of support that is required from vendors selling to the government.

Montgomery said the USGv6 profile is a minimum level of required capabilities that should not be onerous to vendors. “We really are trying to set a low bar,” he added.