A new kind of protocol
IT vendors work together (they'll compete later) to help agencies in transition to IPv6
- By William Jackson
- Oct 21, 2007
Federal agencies, faced with a June deadline for enabling the next generation of Internet Protocols on network backbones, are looking for expertise and advice in making the transition. That demand has helped encourage vendors to embrace IPv6 in their products and service offerings.
Microsoft, Cisco Systems, Command Information and Hexago are among a growing number of companies that are offering transition help or are moving to IPv6 on their own networks to help chart a path for their government customers.
Microsoft, which already has made IPv6 the preferred protocol on its latest operating system release, Windows Vista, has committed itself to making all its enterprise applications IPv6-ready out of the box.
'Many of them are now, and the rest will be on their next major release,' said Sean Siler, Microsoft's IPv6 program manager. In a year, the majority of its enterprise tools will be IPv6-enabled. 'We've decided that IPv6 is the future for us.'
But this does not mean that the transition to IPv6 is going to be easy.
'We have seen the future, and it is not pretty,' said Bruce Sinclair, CEO at Hexago, which provides tools for adding IPv6 to networks. 'Or, at least, it's not orderly.'
The deadline faced by agencies was established by the Office of Management and Budget, which has ordered civilian agencies to have core networks capable of passing IPv6 packets by June. The Defense Department has committed itself to a similar transition in a separate mandate.
The new network protocols promise advantages such as improved and more flexible connectivity, expanded address space and improved security. But current IP networks and almost all the applications running on them are designed to work primarily with the current IPv4 ' and the two versions of networking protocols are not entirely compatible. So agencies are upgrading much of the hardware and software on their networks and must come up with ways to accommodate and manage both IPv4 and IPv6 for the foreseeable future.
With this new market opening before them, many in the information technology industry are becoming IPv6 evangelists, Siler said. Traditional competitors are working together to ease adoption of the new technologies in an effort to create a new market. Competition among the companies will come later, he said.
'Everybody is playing together,' he said. 'We will make sure it all interoperates.'
Microsoft is moving its own networks to IPv6 and making its expertise and labs available to customers. So far, only a few agencies have taken advantage of the offer.
Hexago recently released a guide for agencies on implementing and managing secure IPv6 tunnels. 'There is a lot of theoretical information about tunneling,' Sinclair said. 'We're trying to show the practical implementation. The challenge is doing it in a secure way.'
Tunneling, essentially, is encapsulating an IPv6 packet in an IPv4 packet for transport across an IPv4 network, or vice versa. Unknown and unmanaged tunnels can open security holes in a network, so agencies will need policies on who can use tunneling, where and for what purposes. Tools are needed to manage the tunnels and enforce those policies.
Although many see tunneling as an inexpensive first step toward a more capable dual-stack network that can handle both IPv4 and v6 packets, it may eventually become a more strategic interoperability tool to support IPv4 applications on native IPv6 networks.
'It is a tool that will be around for a long while,' Sinclair said.
Cisco, a major player in the network field with equipment on virtually every government network, has partnered with Command Information, an IPv6 transition integrator and consultant, to offer a new service. Evolv6 will help agencies plan, design, architect and then move operations to IPv6. Cisco will offer its expertise on network security and architecture, and Command Info will contribute its know-how in the multivendor environment above the network layer.
'What our customers have been asking for is a one-stop shop,' said David West, Cisco's director of field operations.
The Evolv6 service is available now, although no customers have signed up yet. Cisco has about 30 people devoted full time to the service and will increase that number when and if demand requires it. Evolv6 is not a government-specific service, but for the time being government is expected to be the primary customer, West said.
Most agencies have made some progress toward the required IPv6 transition, but they are moving at different speeds.
'It's a mixed bag,' West said. Some agencies are well into their planning and have begun making the move. 'Other agencies are struggling to understand how to make the transition a reality.'Steady pace
But even with a deadline approaching, vendors agree that the transition should be done cautiously and with plenty of planning.
'If you jump in too quickly, it's easy to get burned,' Siler said. Training is essential to a successful transition, particularly for those involved in security and network architecture.
'We advocate a slow burn,' said Hexago's Sinclair. 'It's a good approach to do it gradually.'
This could mean that some agencies will not meet the June OMB deadline for enabling core networks, but that could be the lesser of two evils, said West.
'It's much better to plan and do it right than to rush to make the deadline and make mistakes,' he said.