VA, FAA and Commerce are among the agencies that will be leading the way June 8 in a worldwide test of the next-generation Internet Protocols. If all goes right, you won't notice. But what happens if it doesn't?
On June 8, a handful of government agencies will join some of the largest organizations on the Internet in a global stress test of the world’s Internet infrastructure by switching to IPv6 as their primary means of connection for 24 hours.
World IPv6 Day, a collaborative effort among the Internet Society (ISOC) and the online community, comes just as the last of the available IPv4 address blocks are beginning to disappear and as agencies are facing a mandate to enable the next generation of Internet Protocols — IPv6 — on their networks.
Peter Tseronis, chair of the Federal CIO Council's IPv6 Task Force, said the event could not have come at a better time. “World IPv6 Day really fell into our laps,” Tseronis said. “It gives agencies an opportunity to break some glass.”
The day is being billed as a 24-hour flight test, so many participants will be turning off IPv6 on June 9 as they evaluate the results. But the goal eventually is permanent deployment of the new protocols. “There is no reason for doing this other than planning on doing it permanently,” said ISOC Technical Program Manager Phil Roberts.
The Veterans Affairs Department is planning to turn on IPv6 for its public website at www.va.gov well before June 8, and is among a number of participants planning to make the shift to IPv6 permanent.
“Our intention is to leave it on,” said Steve Pirzchalski, director of VA’s network design, planning and engineering service. “Unless something that pops up that is a showstopper, we intend to keep that portion of it up.”
“Something popping up” is the whole point of World IPv6 Day. Version 6 of the Internet Protocols have been around for more than a decade and most current versions of networking tools and equipment support them to a certain extent, at least on the drawing board. How the pieces will work together in the real world still is unknown.
“People have been doing IPv6 for a long time and they are capable of doing it well,” said ISOC’s Roberts. But they have not been doing it on production networks under full-scale loads. On June 8, “all of the Internet systems will be exercised.”
“It’s not just the network or [Domain Name System] records, it’s every aspect of network infrastructure and business process,” said VeriSign CSO Danny McPherson. “It’s not trivial; there are complexities that will arise.”
“There is so much stuff in the network,” said Craig Labovitz, chief scientist at Arbor Networks, which specializes in protections against denial-of-service attacks. “You just need one of the pieces not to work correctly before you lose connectivity.”
The participants are not expecting major disruptions on June 8, however. “If IPv6 Day is a success, users won’t notice a thing,” Labovitz said.
But success seldom is absolute, and there are bound to be some problems. That is why World IPv6 Day is being conducted.
How it works
Some online presences, such as Google, already have special IPv6-enabled sites, but the main sites are accessible only via an IPv4 connection. On June 8, participants will “turn on” IPv6 on their main websites by publishing a record, called a AAAA or Quad-A record, in the Internet’s Domain Name System that will map the domain name to an IPv6 address.
When a browser initiates a request for www.google.com, for example, DNS will respond with the Quad-A record for the IPv6 address. If the computer and browser are capable of using IPv6 the connection will be established using those protocols. If not, the connection will default to IPv4.
So far, so good. But the problems are likely to arise in the myriad links between the server and browser that must also support IPv6 traffic.
Operating systems and browsers on most updated PCs support IPv6 out of the box. (You can test your browser’s IPv6 capability at test-ipv6.com.) The 5 percent or so of computers that are not equipped to handle the new protocols should not have any problem, because the connection will default to IPv4. Users with some degree of IPv6 capability, but who are not able to establish an end-to-end IPv6 connection could find the sites unavailable or have the session time out before a connection is established.
ISOC estimates the number of users who might experience these problems at .05 percent, or one in 2,000. “I think that that number has been improving,” Roberts said.
Just how many users are having problems will not be immediately apparent on June 8, because site administrators will not know how many people are not connecting to the site when IPv6 is turned on. Only when final traffic numbers are analyzed and when the sites have heard from service providers whose help desks will have to field the complaint calls about lost connectivity will the full impact will be apparent.
“ISPs are preparing for that kind of thing,” Roberts said.
Largest test to date
World IPv6 Day is the largest test of this kind to date. With the exhaustion of IPv4 address space becoming imminent, future growth in Internet use is likely to be in the IPv6 space and there is a need to enable the new protocols on existing resources to ensure that they remain available. To date, however, the amount of IPv6 traffic has been “vanishingly small,” said Labovitz.
The volume of IPv6 traffic has been so small that measurements are difficult and the numbers not very reliable, but by most measures they are well under 1 percent of traffic. Trends do show an increase in native IPv6 traffic, which an Arbor Networks study suggests is an indication that IPv6 infrastructure is slowly becoming available.
The implementation of IPv6 has been stymied by a classic chicken-and-egg dilemma. Carriers and service providers have not been providing it to end users because sites have made so little content accessible by IPv6. The content providers have not made their sites available via IPv6 because there are no end users using the protocols.
“We have a long way to go,” Labovitz said.
But some are taking it upon themselves to break the cycle. “There are organizations like VeriSign who have a responsibility to be early adopters and pave the way, easing the pain of others,” McPherson said.
Pirzchalski put Veterans Affairs in the category of early adopters. “VA has an obligation to lead to the IPv6 transition,” he said. “That’s the fundamental reason” the department is participating.
As the largest civilian federal agency and the country’s largest health care provider, Internet connectivity is essential to the department’s operations, and increasingly that is going to mean IPv6. “It’s really about business continuity when you get down to it,” he said. “We need to be able to reach all of our customers, no matter where they are or what they are using.”
Pirzchalski said he could envision 10 percent of VA Web traffic being IPv6 before very long. The department has done a lot of testing, but how well the VA infrastructure and the rest of the Internet will be able to handle those loads still is not certain.
“I don’t think we’ll know until we get that volume of traffic,” he said. That will be one of the benefits of World IPv6 Day. “When we have that load, we’ll be able to see some issues that you can’t really see until you stress things.”
Issues that remain to be resolved are not so much whether equipment can handle the new protocols. For the most part, it can. It is a matter of how well it can handle them. Developers, vendors and administrators have decades of experience using IPv4 and know how to make it work well. That experience is lacking with IPv6.
VeriSign has been building IPv6 into its systems for years, McPherson said. “We’ve pieced enough stuff together to try to have real parity with IPv4.” But the company has had to spend considerably more on IPv6 equipment to ensure that it has that functional parity. But that is beginning to change as demand has increased and equipment becomes more widely installed and tested, he said.
There is no dispute that enterprises will have to enable IPv6 to accommodate much of the future growth of the Internet, which will have to be in the new protocols. But in addition to the larger address space, IPv6 also offers functionality that could enable new applications. With the focus so far being on simply getting IPv6 implemented, nobody knows for sure how that functionality ultimately will be used.
“We have done some pilots,” with applications that can use multiple addresses, Pirzchalski said. One of these has been a sleep disorder study in which multiple sensors are used to transmit data from the remote subject.
Pirzchalski is reluctant to predict what the killer app for IPv6 will be, although he suspects it will come in mobile devices.
So far, the small amount of IPv6 traffic on the Internet is being used primarily in peer-to-peer applications, according to the Arbor study. Sixty-one percent of IPv6 traffic was in this category, with video applications such as Netflix, YouTube, Bittorrent, Flash, and HTTP video accounting for most of that.
Whatever the killer app turns out to be, it is important to begin seriously planning the transition to IPv6 now, Labovitz said.“We are on the cusp of this,” he said. “We’re concerned about maintaining the value of the Internet. We need to plan the transition in advance. If we wait until the issue is forced, it’s too late.”