As IPv6 mandate looms, some agencies still don't 'get it'
Task force leader says the time for talk is past
- By William Jackson
- Dec 17, 2010
The Federal CIO Council next month will brief the White House on the readiness of agencies to begin their transition to the next generation of Internet Protocols, identifying those that are prepared for the move and those who have been found wanting -- and too many still don't get it, said Peter Tseronis, chairman of the council's IPv6 task force.
The time for talk and debate is past, he said. “This is old news. It’s time for execution and deployment.”
The assessments will be based on meetings that began last month between transition teams and the Federal CIO Council’s IPv6 Task Force. Some agencies have done a good job of laying the groundwork for meeting the 2012 and 2014 deadlines for enabling the protocols on public-facing and internal network elements, said task for chairman Peter Tseronis.
At other agencies, “I really don’t think they get it yet,” he said.
Kundra sets new IPv6 deadlines
CIO Council shepherds agencies through IPv6 transitions
Speaking Thursday at a meeting of the Association for Federal Information Resource Management, Tseronis hammered home the urgency of the transition.
“They have a clear mandate to meet by 2012,” he said. “We have to do something technical now,” and it will require the efforts not only of agency IT staffs, but of contractors as well. “The onus is on the agencies, the carriers and the service providers to make it happen,” he said.
The consequences of not making it happen would be the eventual isolation of agency networks from large portions of an Internet in which future growth will be in IPv6 as the pool of IPv4 addresses is exhausted.
Address translation and protocol tunneling services are interim fixes for making current IPv4 resources available to users of the new protocols, said John Curran, president and CEO of ARIN, the regional Internet registry that doles out IP addresses for North America. But these fixes ultimately will not scale and what works this year might not work in five years, he said.
“You’re in a race, but we don’t know when service providers are going to give up on IPv4-only boxes,” he said.
The Internet Protocols are a set of rules and specifications for computer communication over packet-switched networks. The current version, IPv4, on which the Internet as we know it has been built, contains a 32-bit address space for identifying users and devices. As long ago as 1993 it was forecast that the 4.3 billion-address pool would be depleted between 2010 and 2017. With the available pool down to less than 3 percent, exhaustion is expected to begin early next year. New address allotments then will be made using IPv6, which has a much larger address space.
“It’s a major upgrade,” Curran said of the new protocols. But IPv6 is not backwards-compatible. “IPv4 wouldn’t allow it. For a while we are going to be running them in parallel.”
That is what the Office of Management and Budget ordered in September, requiring agencies to enable the new protocols on public-facing servers and services by the end of fiscal 2012. They will have two more years to upgrade internal client applications to operationally use native IPv6. As part of the process, the IPv6 Task Force began meeting with agencies in November and will complete its initial round of meetings during the week of January 17.
Agencies completed the task of enabling network backbones to handle the new protocols in 2008, and Tseronis said no one should have been surprised by the new mandates.
“I was waiting a year-and-a-half for this to be reignited,” he said.
The transition is an unfunded mandate, but federal acquisition policy for some time has held that all networking equipment should be IPv6-capable, which should make networks ready for the protocols through the normal cycle of replacing equipment. Standards for being "IPv6-capable" and for interoperability have been a work in progress, however, so that the operational capacity of some network elements remains in question.
Other areas of concern within agencies are the training of network operators and security, because many staple security products do not work well — if at all — with IPv6 traffic. Tseronis also warned contractors that, for agency networks to operationally use native IPv6, service providers and network carriers must also be ready for the traffic.
“You need to meet the requirements before the agencies can meet them,” he said. Service providers are saying that they will be ready in time, but, “I don’t necessarily believe that is the case,” he said.
The IPv6 Task Force will act as a resource for sharing best practices and agency expertise, and agencies also are encouraged to consult with technical resources such as ARIN and other organizations that have experience in deploying and using IPv6.
William Jackson is freelance writer and the author of the CyberEye blog.