All-in: VA sets date to shut down IPv4
Agencies must enable the use of IPv6, the next generation of Internet Protocols, on internal and external networks by the end of fiscal 2014, but the Veterans Affairs Department plans to take the process a step further by turning off IPv4 on Oct. 1, 2014.
“That’s a real line in the sand,” said Steve Pirzchalski, VA’s IPv6 program manager.
Running the two protocols side-by-side would introduce unneeded complexity into the network, Pirzchalski said Oct. 13 at a conference on IPv6 hosted by the Digital Government Institute. “Leaving Version 4 on forever is going to introduce a security problem.”
What did we learn from World IPv6 Day?
How's the stock of IPv4 addresses holding up?
Actual use of IPv6, which so far has been minuscule, could spike over the next three years as the last of the IPv4 address pools dry up and a new generation of mobile devices uses the new protocols by default, said Alain Fiocco, head of IPv6 at Cisco’s Network Operation Systems Technology Group.
The federal government is leading the way in adoption of IPv6 in this country by requiring that networking equipment acquired by agencies be capable of using the new protocols and that agencies enable that use.
Pirzchalski said VA is well on its way to meeting deadlines set last year by the Office of Management and Budget for enabling the new protocols on public-facing servers and services by the end of fiscal 2012, and on all internal networks and applications two years later. VA now is focusing on its Internet service providers, Domain Name Services, mail and Web services.
“Mail is going to be a challenge,” Pirzchalski said. But “I feel very good about where we’re at.”
The department’s four Internet gateways now can handle IPv6 traffic on one carrier, Qwest, and the VA expects its second carrier, AT&T, to enable the new protocols by the end of the year. VA turned IPv6 on for its main website, www.va.gov, in anticipation of World IPv6 Day on June 8 and has left it on since then. Pirzchalski said the rest of the department’s more than 250 domains will be switched by the end of the year.
A memo from VA’s Office of the Chief Information Officer has directed that IPv4 no longer will be used for communications, either internally or externally, as of fiscal 2015 without a waiver from the CIO’s office.
IPv6 promises some advantages in security and functionality, particularly for mobile devices, but the driver that makes the transition imperative is the exhaustion of IPv4 addresses. As the Internet grows and more users come online using the new IPv6 addresses, online resources will have to be able to accommodate the new protocols or risk fragmenting the Internet, Fiocco said.
“Without IPv6 there won’t be an Internet as we know it today,” Fiocco said. “The users are on IPv6, so the content has to be on IPv6.”
So far, use of IPv6 has been what observers call “vanishingly small,” making up less than 1 percent of traffic in all studies. Pirzchalski said that “1 percent is the tipping point.” When IPv6 traffic reaches that point in a network, the new protocols will cease to be an exception and will be handled operationally by the enterprise. “That means there is a switchover and it is real.”
When that tipping point will be reached is not clear, but Fiocco predicted it could come within a few years.
“We still have less than 1 percent of the traffic,” he said, but networks are being enabled for the new protocols. He said that 16 percent of Asia Pacific networks on the Internet routing table are IPv6 enabled, as are 8 percent in the United States.
The Asia Pacific regional registry that hands out Internet addresses ran out of IPv4 in April, and Europe could run out by the end of the year. ARIN, the North American regional registry, probably will run out in 2013, if not earlier.
At the same time, use of Internet-enabled mobile devices such as smart phones is growing, and more of them are using IPv6. The 4G LTE cellular system already uses IPv6 by default. Fiocco said there will be 3 billion IPv6 smart phones by 2014, and “by 2015 the majority of smart phones will be IPv6.”
By that time, enterprises that are not equipped to handle IPv6 traffic could find that protocol tunneling and translating devices are becoming chokepoints in their networks.