Shawn McCarthy | Internaut: IPv6: It's a configuration management issue

Shawn P. McCarthy

For most federal agencies, IPv6 is emerging as more of a configuration management and IT services issue than a pure deadline issue.

Even though some agencies are admittedly behind schedule in outlining their migration plans for the updated Internet Protocol, it's likely that most will be able to hustle and close the gap by the June 2008 deadline. That's when they have to finish migrating their Internet backbones to IPv6.

But beyond the backbones, IPv4 will still exist at most agencies, and application access on many servers may require either IPv6 or IPv4. Will all traffic being routed to a variety of network devices know what protocol to use, and when? To complicate the issue, when both protocols operate on a network, IPv6 can be exploited to deliver certain types of malware if firewalls or intrusion detection systems are not properly configured to recognize IPv6 traffic.

Thus, configuration management will quickly move to the front and center of the IPv6 discussion.

Configuration management is the process of defining, applying and tracking a set of policies to control which software applications and codes are authorized for an organization's use, and how the applications, servers and network should be accessed.

Enforcement of configuration rules can protect a network and facilitate responses to security threats such as malicious code. This includes systems, networks, storage and several levels of software, including operating systems, applications, databases, and services and components accessed via the Web.

As agencies update their networks with new IPv6-compatible equipment, they are looking at a wide range of tasks. Administrators, or consultants, must survey the network to establish what needs to be done, manage the transition, and establish the standards for configuring all devices and access rules.

Associated work includes testing all software for compatibility with IPv6. The network packets might not always move through networks, or arrive in the format that applications are used to. Again, each discovery could lead to configuration changes, or to code fixes.

Yet, as agencies plan for their looming configuration issues, it will be difficult for them to fully separate pure IPv6 work from other ongoing technology spending.

I've noticed occasional contracts for pure IPv6 transition support, but such RFPs are rare. It's more common for IPv6 configuration work to be embedded in larger network upgrade or management contracts. Agency personnel might also need training to help them understand how configuration must be handled, and how it will affect their network.

Because of this, configuration management needs to be addressed at the onset as an important part of an agency's IPv6 transition, and it needs to be considered when each new IPv6-enabled device is added to a network. Agencies should consider automating such management via a centralized network application that gives them a view into not only current configuration settings, but how future settings will need to be adjusted as IPv6 penetrates deeper into their networks.

Former GCN writer Shawn P. McCarthy is senior analyst and program manager for IDC Government Insights of McLean, Va. E-mail him at smccarthy@idc.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above